|
Evolution of OFAC Guidance Since 1996
Answer by Michelle Thiel, CAMS, Director of Data & Compliance - ChoicePoint®
Question: How have OFAC compliance expectations and efforts evolved over the last decade or so?
Answer: The Office of Foreign Assets Control (OFAC) assists in the development and maintenance of standards used to evaluate compliance programs and activities at banking institutions. In particular, OFAC stresses that banks should use a risk-based approach to managing their OFAC-related risk. Guidance will probably continue to evolve with changing regulations, improvements in technologies, and current events impacting the financial industry.
Federal banking regulators and OFAC collaborated to provide greater consistency in the application of Bank Secrecy Act (BSA) and OFAC regulations to banking organizations, including commercial banks, savings associations, and credit unions. The result was the first interagency BSA examination manual released by the Federal Financial Institutions Examination Council (FFIEC) in 2005. OFAC assisted in the development of certain relevant sections, providing clarification of their expectations and the standards to be used by bank examiners when evaluating OFAC compliance programs. Prior to the release of the interagency exam manual, each regulatory agency released individual handbooks such as the Federal Reserve's Bank Secrecy Act Examination Manual from 1996.1
The interagency manual (FFIEC BSA/AML Examination Manual) gives OFAC compliance much greater attention and coverage than it was given in individual regulatory agency handbooks. In particular, it stresses that banks should use a risk-based approach to managing OFAC-related risk2. In fact, OFAC provides a risk matrix to illustrate varying levels of risk based on products or services, customer, geography, or other factors unique to an institution3. In general, discussions of OFAC procedures are given a clearer risk based flavor with respect to what may be required, and how a bank may evidence its risk based approach during a regulatory examination.
The FFIEC BSA Exam manual is revised annually, and OFAC, FinCEN, the U.S. Department of the Treasury and federal banking agencies collaborate to provide consistent application of laws and regulations during compliance examinations. Over the revision history, I note that OFAC does not prescribe compliance requirements since they would vary from one institution to another, based on risk. However, at least in some portions of the manual, I observe a degree of granularity in communicated expectations. For example, there is some detail about when new accounts should be checked against OFAC lists, and what names should be included in such a scan:
New accounts should be compared with OFAC lists prior to being opened or shortly thereafter. However, the extent to which the bank includes account parties other than accountholders (e.g., beneficiaries, guarantors, principals, beneficial owners, nominee shareholders, directors, signatories, and powers of attorney) in the initial OFAC review during the account opening process, and during subsequent database reviews of existing accounts, will depend on the bank's risk profile and available technology.4"
Thus, expectations about scanning frequency can be expected to evolve with improvements in reasonably affordable technology.
Guidance is also presented about screening existing accounts at the bank. The manual states that "banks should have policies, procedures, and processes in place to check existing customers when there are additions or changes to the OFAC list5." In an article in ABA Bank Compliance, Tim R. White suggests, "the best practice for OFAC concerning existing accounts is to screen against every OFAC update within a 24-hour time frame6."
OFAC violations remain serious, and in 2006, OFAC published new enforcement procedures for banking institutions "because of their unique role in the implementation of OFAC sanctions programs and the nature of the transactions in which such institutions engage. The new enforcement procedures take into account that each banking institution's situation is different and that its compliance program should be tailored to its unique circumstances."7 Thus, the importance of using a risk-based approach is underscored.
Each month, OFAC reports civil penalties and enforcement information on their Web site. Enforcement actions, including penalties assessed or settlements reached, can be reviewed via the following OFAC Web site.
I have noticed a concept arising in conference discussions and written forums about converging risks such as compliance, fraud, anti-money laundering, and terrorist financing. Banking professionals and industry analysts alike are discussing the benefits of conducting an overarching risk assessment that helps identify where program efforts in one area can be leveraged for use in other areas, and where it might be advisable to combine resources. Your risk-based OFAC compliance activities may be suited for integration with other regulatory/risk management program efforts, depending on your unique resources and structure.
OFAC compliance remains as relevant today as ever. Guidance will continue to evolve over time, but a central concept is that maintaining a risk-based approach will arm financial institutions with the ability to adapt and respond to changing levels of risk. Expect greater scrutiny as a result of written guidance to examiners in the form of exam manuals, but also expect greater consistency in expectations. Financial institutions are wise to ensure their OFAC compliance program and due diligence steps are commensurate with the risk attributed to their institution, as identified in their risk assessment.
1Board of Governors of the Federal Reserve System, Bank Secrecy Act Examination Manual, January 1996, (January 11, 2008).
2Federal Financial Institutions Examination Council, Bank Secrecy Act/Anti-Money Laundering Examination Manual, Aug 2007, p. 137, (January 11, 2008).
3FFIEC 2007 Exam Manual, Appendix M.
4FFIEC 2007 Exam Manual, page 140.
5FFIEC 2007 Exam Manual, page 142.
6White, Timothy R., How to Implement Risk-Based OFAC Monitoring Practices, ABA Bank Compliance Magazine, Sept/Oct 2007, p. 14.
7U.S. Department of the Treasury, Office of Foreign Assets Control, "Economic Sanctions Enforcement Procedures for Banking Institutions", Federal Register, Vol. 72, No. 8, Jan. 12, 2006, (7 Dec 2007).
Request your two FREE white papers on OFAC or USA PATRIOT Act compliance. Click on the following link to learn more about a leading OFAC compliance solution toolset.
Bridger Insight™ XG is a sophisticated, easy to use identity risk management and USA PATRIOT Act and OFAC compliance product suite. Designed for cost-effective, efficient customer screening and reporting, this product is trusted by the majority of the top 25 U.S. banks and over 4,000 clients. Bridger Insight XG facilitates streamlined identity verification, identity fraud and theft mitigation, due diligence investigations and extensive watch list screening.
About ChoicePoint
ChoicePoint (NYSE: CPS) provides businesses, government agencies and non-profit organizations with technology, software, information and marketing services to help manage economic and physical risks as well as identify business opportunities. Our authentication and anti-fraud tools improve efficiency and instill confidence in the decision-making process for our customers and consumers. Consumers have free access to the reports we create at www.ChoiceTrust.com. Learn what we do to protect consumer privacy by visiting www.PrivacyatChoicePoint.com and, for more information on our company, go to www.ChoicePoint.com.
First published on BankersOnline.com 1/21/08
Privacy Policy Disclaimer Recommend This Site ! Contact Us
BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.
|
|
|
Print Friendly!
Email This Article!
Discuss NOW!