OFAC Issues Guidance Regarding Scope of OFAC Compliance Programs
November 7, 2008
The Treasury Department’s Office of Foreign Assets Control (“OFAC”) released a notice on November 6, 2008 (the “OFAC Notice”) to provide guidance to securities and futures firms regarding their obligations under OFAC regulations when “evaluating new clients and investments or transactions by such clients.” Although it is not entirely clear from the OFAC Notice, it appears that the new OFAC requirements discussed below are largely in addition to existing anti-money laundering requirements promulgated by industry self-regulatory organizations.
OFAC regulations apply to all U.S. persons and prohibit all dealings, including the facilitation, brokering, financing or guaranteeing of any transactions, with persons included on the Specially Designated Nationals and Blocked Persons list (“SDN List”). The OFAC Notice sets forth certain recommended practices that OFAC believes should be included in a strong OFAC compliance program.1
The OFAC Notice discusses procedures that are very similar to those required by Treasury Department Customer Identification Program (“CIP”) rules. However, because OFAC regulations apply to all U.S. persons, firms that have not yet been required to implement a CIP (e.g., investment advisers, commodity pool operators and commodity trading advisers, etc.) will be particularly affected by the new OFAC guidance.
OFAC Compliance Program Requirements
The OFAC Notice highlights OFAC’s expectation that firms screen all potential new client identification and transaction information through the SDN List and other applicable OFAC sanctions programs prior to engaging in the contemplated business. The results of these reviews should be adequately documented. OFAC also notes that periodic checks of related “non-accountholders,” such as beneficiaries or guarantors, may be necessary.
According to OFAC, strong OFAC compliance programs should also use risk-based measures (tailored to the particular firm’s business model) for verifying the identity of each new customer who opens an account. These measures should focus on the particular risks posed by each customer and transaction. The OFAC Notice sets out examples of questions that should be considered when conducting this risk analysis.
The OFAC Notice distinguishes the requirements for a strong OFAC compliance program from traditional CIP procedures in the area of omnibus intermediary accounts. Under existing guidance, BD and FCM CIP procedures are not required to “look through” to the underlying beneficial owners of such accounts, provided that certain conditions are met. In contrast, the OFAC Notice makes clear that, to comply with OFAC regulations, it may be necessary to assess the nature of a foreign intermediary’s “customer base,” and in some cases it would be prudent to actually obtain beneficial ownership information for certain accounts.
Further, the OFAC Notice draws a contrast between the strict liability OFAC regime and the existing CIP guidance in the context of introducing/clearing relationships. Under existing CIP guidance, there are circumstances where a clearing firm would not be expected to comply with CIP responsibilities, provided that it has properly allocated these responsibilities to a responsible introducing firm. The strict liability nature of OFAC rules, in contrast, does not permit businesses to reallocate liability to any third party. Therefore, if an OFAC violation occurs, a clearing firm ultimately could be held responsible.
Specific Risk Factors Identified
OFAC also published an update to a document entitled “Risk Factors for OFAC Compliance in the Securities Industry.” This document includes additional guidance regarding certain specific risk factors that are relevant to firms in the securities industry (both regulated and unregulated). The risk factors highlight the need for financial institutions that deal with foreign counterparties and customers to conduct appropriate risk-based due diligence to ensure compliance with OFAC regulations. To assist firms with their development of risk-based OFAC procedures, the document provides a specific list of risk factors, grouped under a variety of different fact patterns, including omnibus account relationships, third-party introduced business, international transactions and hedge fund accounts, among others.
The enumerated risk factors should be incorporated into comprehensive OFAC procedures that are designed to detect, monitor and address potential OFAC regulation violations. If any of the risk factors are detected, a firm’s OFAC procedures should call for a heightened level of scrutiny.
* * * *
The OFAC guidance does not announce new rulemaking but rather provides the industry guidance as to OFAC’s views of a strong OFAC compliance program. Persons who violate OFAC regulations are held to a strict liability standard. However, OFAC noted that the presence of a robust OFAC compliance program would be a factor that OFAC would consider when determining the appropriate enforcement response to an apparent OFAC violation.