US Sanctions Enforcement by OFAC and the DOJ

Introduction

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) administers and enforces most economic and trade sanctions. Specifically, OFAC is responsible for civil enforcement of US sanctions laws, and its regulations are enforced on a strict liability basis, meaning that OFAC does not need to prove fault or intent to enter an enforcement action and issue a civil penalty. In addition to OFAC, the US Department of Justice (DOJ) and the US Attorney may pursue criminal investigations and enforcement actions for wilful violations of US sanctions laws. Federal criminal prosecutions of sanctions violations are generally conducted on referral by OFAC, although the DOJ may choose to pursue some cases on its own initiative.[2] Other regulators, such as the Financial Crimes Enforcement Network (FinCEN) and the New York State Department of Financial Services, may impose additional penalties for failure to maintain specific controls to help ensure compliance with OFAC-administered regulations.

Companies should also account for any complementary export control restrictions implemented by the Department of Commerce and enforced by the Bureau of Industry and Security (BIS), or the Department of State and the Directorate of Defense Trade Controls (DDTC) in the case of defence articles and defence services, which may be imposed with respect to exports involving sanctioned countries and regions or sanctioned persons. As evidenced by the significant export restrictions placed on Russia and Belarus following Russia’s invasion of Ukraine,[3] the publication of significant new OFAC sanctions programmes or updates to existing programmes are often followed by a corresponding restriction on exports to the affected countries, regions or persons. Notably, OFAC, BIS and the DDTC may have different licence requirements to engage in certain activities. A failure to understand each respective set of licensing requirements and acquire all the necessary licences to engage in an otherwise prohibited activity could leave a company facing an enforcement action and potential penalties from one or more regulators.

Both federal and state regulators may pursue enforcement actions for the same conduct simultaneously, which could lead to multiple investigations by multiple entities. In 2019, OFAC Director Andrea Gacki made it clear that OFAC would no longer give credit for all types of fines paid to other agencies in global, multi-agency settlements.[4] This change in how OFAC calculates fines could lead to increased penalties in global settlement agreements where OFAC would have taken into account the amount of fines and penalties being levied by other agencies when determining the final penalty amount. Currently, for a non-egregious violation, ignoring any adjustment of the penalty based on aggravating or mitigating factors, the base penalty amount would be approximately the value of the transaction, determined specifically by a schedule provided in OFAC’s enforcement guidelines, capped at US$330,947 per transaction.[5] If a company voluntarily discloses an apparent violation to OFAC, the base amount of the proposed civil penalty is one-half of the transaction value capped at a maximum base amount of US$165,474 per violation.[6]

During 2020, the number of enforcement actions closed and published by OFAC decreased significantly when compared to 2019, from 26 in 2019 to 16 in 2020. One potential cause of this decrease may be the disruption caused by the covid-19 pandemic throughout 2020 and early 2021, but it likely also represents a continuation of the typical year-to-year fluctuation in the amount of cases closed by OFAC. Indeed, the number of enforcement actions in 2021 increased to 20, with only a slight decrease in the total penalty amount from US$23 million in 2020 to US$20.8 million in 2021. OFAC has continued to pursue novel and more aggressive enforcement theories, including showing a willingness to pierce the corporate veil and pursue enforcement cases for even indirect contact with US financial institutions and expanding its jurisdiction in the wake of technological advancement. OFAC published its first enforcement action related to digital currency transactions on 30 December 2020, followed closely by a second enforcement action related to digital currency transactions in February 2021, indicating that the agency is ready to aggressively pursue enforcement actions against apparent violation involving transactions using digital currency transactions nearly two years after the publication of FAQs 559–563.[7] Moreover, OFAC published its Sanctions Compliance Guidance for the Virtual Currency Industry in October 2021 as a resource to help members of the virtual currency industry understand and comply with their sanctions obligations.[8]

Notably, there has been little judicial review or oversight of OFAC’s enforcement theories. Almost all cases that are not resolved by no-action or cautionary letters are settled, and very few are challenged in court. However, there are exceptions to this general trend, including Exxon Mobil Corporation’s challenge of a US$2 million civil penalty imposed by OFAC, which resulted in the penalty being vacated by a District Court in the Northern District of Texas on the grounds that OFAC failed to provide fair notice regarding the agency’s interpretation of the relevant sanctions regulations.[9] Additionally, in enforcement actions concluded after the May 2019 release of OFAC’s ‘A Framework for Compliance Commitments’ (the Framework),[10] OFAC has assessed parties’ compliance with the Framework as an aggravating or mitigating circumstance, tracking the parties’ violation against the Framework. The new trends in enforcement, highlighted by recent OFAC cases, show that a strong compliance programme in line with the Framework is a key factor for parties seeking to avoid OFAC enforcement actions moving forward.

Criminal enforcement

The DOJ enforces criminal sanctions violations. Criminal liability may be imposed against a person who wilfully commits, attempts to commit or conspires to commit, or aids or abets in the commission of, an unlawful act pursuant to the International Emergency Economic Powers Act (IEEPA), the Act pursuant to which most sanctions regulations are issued. Criminal liability pursuant to the IEEPA may include a fine of not more than US$1 million or, if a natural person, a prison term of not more than 20 years, or both.[11]

Recent DOJ actions in the wake of the sanctions placed on Russia have pushed the Department to the forefront of sanctions enforcement along with OFAC. These include the creation of Task Force KleptoCapture on 2 March 2022, an inter-agency law enforcement task force led by the Justice Department and aimed at enforcing the sanctions, export restrictions and economic countermeasures placed on Russia.[12] Since its creation, the task force has been involved in the seizure of assets and funds from Russian kleptocrats, including the seizure of a US$90 million yacht belonging to Viktor Vekselberg, a sanctioned Russian oligarch.[13]

The DOJ has also continued to prosecute individuals that have violated US sanctions, including with recent announcements regarding cases against one US citizen and two European citizens for conspiring to assist North Korea in evading sanctions and the first criminal indictment for violations of US sanctions against Russia for its 2014 incursion into Ukraine. On 25 April 2022, the Southern District of New York unsealed an indictment against two European citizens who were charged with conspiring to violate US sanctions on North Korea by working with a US citizen to illegally provide cryptocurrency and blockchain technology services to North Korea. On 12 April 2022, the DOJ announced that the US citizen was sentenced to 62 months in prison after pleading guilty to conspiracy to violate the IEEPA by providing technical advice and instructions to North Korea on using blockchain and cryptocurrency technology to launder money and evade US sanctions and for pursuing plans to facilitate North Korea’s dealings in cryptocurrency.[14]

In the actions targeting a Russian oligarch and his US associate, the DOJ charged a US citizen with violations of US sanctions for his dealings with Russian national Konstantin Malofeyev, who is also designated on OFAC’s List of Specially Designated Nationals and Blocked Persons. Malofeyev was also charged with conspiracy to violate US sanctions and violations of US sanctions for hiring a US citizen to work with him and conspiring to transfer US dollars from a US bank for the benefit of Malofeyev, a blocked person.[15] The DOJ highlighted in its press release that OFAC designated Malofeyev in 2014 pursuant to Executive Order 13660 when OFAC determined that Malofeyev was one of the main sources of financing for Russians promoting separatism in Crimea, and materially assisted, sponsored and provided financial, material or technological support for, or goods and services to or in support of, the so-called ‘Donetsk People’s Republic’.[16] The DOJ noted that this was the first ever criminal indictment for violations of the sanctions on Russia for its 2014 activity in Crimea.[17]

Investigation

Commencement

The US government can learn of a potential sanctions violation in a number of ways, but the primary means of discovery are through voluntary self-disclosures (VSDs), reports of blocked and rejected transactions, referrals from other government agencies and even publicly available information, such as media reports.

If a company conducts an internal investigation or otherwise learns of a potential violation itself, it may submit a VSD to OFAC. A VSD has many benefits, described further below, including a significant reduction in the base penalty calculation for any potential enforcement action. Depending on the particular circumstances of a violation, the submission of a VSD and subsequent cooperation with OFAC should be carefully considered.

Learning of apparent violations through blocked or rejected transaction reports and other means[18]

A VSD is not the only means by which the government learns of potential violations. The government frequently learns of violations through reports generated by US persons, primarily banks, that have blocked or rejected a transaction based on a suspected sanctions violation. US persons are required under the sanctions regulations to submit blocking and reject reports to OFAC within 10 business days of the action to block or reject a transaction. Beginning in June 2019, new regulations require that all US persons report rejected transactions to OFAC within 10 days.[19] Previously, all parties already had an obligation to report transactions involving blocked property to OFAC, but only US financial institutions had the obligation to report rejected transactions. OFAC may also learn of sanctions violations through anti-money laundering reports, primarily suspicious activity reports (SARs), which are also typically submitted by banks and other financial institutions.

OFAC may also learn of potential violations through other government agencies, including foreign governments. Criminal investigations conducted by the DOJ and other federal and state law enforcement can lead to the discovery of sanctions violations.

Notification

Once OFAC learns of a potential violation and decides to launch an investigation, it may make an initial request for information with an administrative subpoena or, depending on the nature of the violation, direct a more informal set of questions to the involved parties, including non-US persons.

Notably, a 2019 DC Circuit Court decision – which required three Chinese banks, two of which have US branches, to comply with the government’s grand jury subpoenas and document production orders in connection with the violation of the US sanctions on North Korea – expanded the ability of US federal prosecutors to subpoena the financial records of foreign financial institutions during an investigation.[20] The Court held that in instances where a foreign bank has a US branch, it consents to federal court jurisdiction on matters overseen by the Federal Reserve including money laundering and sanctions violations.[21] The Court also held that the Attorney General’s power under the Bank Secrecy Act (BSA) to compel a foreign bank to produce documents is not limited to transactions that pass directly through a foreign bank’s US foreign account, but also any foreign records with a connection to the bank’s US correspondent account.[22]

The DOJ’s authority to issue subpoenas to foreign financial institutions was expanded under the Anti-Money Laundering Act of 2020 (AMLA). In addition to having the authority to issue subpoenas to foreign financial institutions that maintain a correspondent account in the United States for records related to the correspondent account, the AMLA expanded the DOJ’s subpoena power to cover ‘any account at the foreign bank, including records maintained outside of the United States’ if those records are the subject of a broad list of enforcement actions, including criminal prosecutions or violations of the BSA.[23]

Competent authorities

The authorities responsible for enforcing US sanctions are primarily OFAC (responsible for civil enforcement) and the DOJ (responsible for criminal enforcement). Furthermore, financial regulators, including the New York State Department of Financial Services and the Federal Reserve Board, may impose fines and other penalties for compliance failures associated with insufficient sanctions compliance programmes.

Substantive offences

Each sanctions programme administered by OFAC is different depending on the aims of the government. OFAC sanctions programmes generally prohibit US persons from engaging in transactions, directly or indirectly, involving designated individuals or entities (persons). Other sanctions programmes, such as those against Cuba and Iran, are comprehensive in nature, generally prohibiting exports of goods or services by US persons or from the United States to those territories. Regardless, there are common elements for a finding of an apparent violation, generally a breach of regulations for an embargo or transaction involving specially designated nationals and blocked persons or entities subject to sectoral sanctions. OFAC regulations are civil in nature, meaning they generally do not require mens rea, intent or knowledge for an apparent violation to be found and a penalty to be assessed. However, if the apparent violation included a wilful attempt at evading, avoiding, attempting or conspiring to evade or avoid, or facilitating a prohibited transaction, it could expose the party to criminal liability and prosecution by the DOJ.

OFAC’s enforcement authority and procedures are further defined by its general enforcement guidelines at 31 CFR 501 Appendix A. These enforcement guidelines establish the factors for calculating the base penalty amounts, based on a number of specific factors including whether the violation is egregious or non-egregious and whether the violations were voluntarily disclosed to OFAC.

Recent trends in enforcement actions

The following trends have been prevalent in recent civil enforcement actions issued by OFAC.

Piercing the corporate veil[24]

In an enforcement action against the General Electric Company (GE), OFAC signalled its willingness to pierce the veil in enforcement cases by entering enforcement proceedings against GE regarding apparent violations by three of its non-US subsidiaries. The three non-US subsidiaries of GE had accepted 289 payments from The Cobalt Refinery Company, a party owned in part by the Cuban government and on OFAC’s list of specially designated nationals and blocked persons. Foreign persons that are owned or controlled by a US person are required to comply with the restrictions imposed by the Cuban Assets Control Regulations.

In an enforcement action against Berkshire Hathaway Inc, OFAC again pierced the veil by entering an enforcement proceeding against Berkshire for apparent violations of the Iranian Transactions and Sanction Regulations (ITSR) by its indirectly wholly owned Turkish subsidiary. Of note, these actions were conducted under the direction of certain senior managers in Turkey despite Berkshire and other Berkshire subsidiaries’ repeated communications and policies being sent to the Turkish subsidiary regarding US sanctions against Iran and the application of the ITSR to its operations in Turkey. The ITSR explicitly state that a penalty shall be imposed against the US parent for a foreign subsidiary’s prohibited dealings with Iran.

Indirect contact with US financial institutions[25]

In an enforcement action against British Arab Commercial Bank (BACB), OFAC considered even tenuous and indirect contact with US financial institutions as grounds for an enforcement action. OFAC found that BACB had violated Sudanese sanctions, and despite the fact that the transactions at issue were not processed to or through the US financial system, the bank did operate a nostro account in a country that imports Sudanese-origin oil to facilitate payments involving Sudan. The bank funded the nostro account with large, periodic US dollar wire transfers from banks in Europe, which in turn transacted with US financial institutions in a manner that violated OFAC sanctions.

Expanded jurisdiction[26]

In an enforcement action against Société Internationale de Télécommunications Aéronautiques SCRL (SITA), OFAC showed its willingness to penalise non-US companies for transactions that would not have been covered by OFAC’s jurisdiction if they had not used US servers. OFAC’s basis for jurisdiction over SITA, a global information technology services provider headquartered in Switzerland and serving commercial air transportation, was that the technology provided to sanctioned parties was hosted on and incorporated functions that routed messages through US servers and contained US origin software.

Enforcement tracked to OFAC’s Framework for Compliance Commitments[27]

In an enforcement action against Eagle Shipping International, OFAC stated:

As noted in OFAC’s Framework for Compliance Commitments, this case demonstrates the importance for companies operating in high-risk industries (e.g., international shipping and trading) to implement risk-based compliance measures, especially when engaging in transactions involving exposure to jurisdictions or persons implicated by US sanctions.

Scrutiny of the cryptocurrency industry[28]

In an enforcement action against BitPay, Inc, OFAC signalled that companies involved in providing digital currency services would be subject to the same compliance requirements as financial institutions. BitPay offers a payment processing solution for its direct merchant customers to accept digital currency. Specifically, BitPay would receive digital currency payments on behalf of its merchant customers and converts the digital currency to fiat currency before relaying that currency to the merchant. While BitPay screened its direct customers, it failed to screen location data it obtained about its merchant buyers. As a result, BitPay processed 2,102 transactions on behalf of individuals located in sanctioned jurisdictions.

Conducting transactions indirectly that would otherwise be considered a violation[29]

In an enforcement action against Generali Global Assistance, Inc (GGA), OFAC highlighted the importance of ensuring that sanctions compliance policies and procedures address both direct and indirect sanctions compliance risks. GGA served as a travel services provider on behalf of two Canadian insurers that offered policies for Canadian subscribers who travelled to Cuba, providing medical expense claim processing and payment services to one of the Canadian insurers. For payments intended for Cuban service providers, GGA would intentionally refer the requests to a Canadian affiliate and then reimburse that affiliate for the amounts paid. In the enforcement action, OFAC specifically noted the sanctions risks of implementing a procedure to process, indirectly, transactions whose direct processing would be prohibited by US sanctions laws.

Mitigating and aggravating factors

OFAC regulations outline the general factors that it will consider when determining the appropriate enforcement response to an apparent violation of its regulations.

Factors that OFAC will consider to be aggravating or mitigating include:

  • wilful or reckless violation of law, including factors such as concealment, a pattern of conduct and management involvement;[30]
  • awareness of the conduct at issue;[31]
  • harm to sanctions programme objectives, including factors such as economic benefit to the sanctioned country and whether the conduct was likely to have been eligible for an OFAC licence;[32]
  • individual characteristics of the party in question, such as commercial sophistication and whether the party has received a penalty notice or a finding of violation from OFAC in the five years preceding the date of the transaction giving rise to the violation;[33]
  • the existence, nature and adequacy of a compliance programme in place at the time of the violation;[34]
  • the remedial response that the party took upon learning of the violation;[35] and
  • cooperation with OFAC, through a VSD or subsequent cooperation during the investigation (or both).[36]

A key factor, as evidenced by recent OFAC decisions, is the existence and maintenance of an adequate compliance programme in line with OFAC’s Framework for Compliance Commitments. Since 2020, each of the decisions published by OFAC has included a paragraph referencing the Framework.[37]

As with OFAC, the DOJ generally views voluntary disclosure, full cooperation and timely and effective remedial measures as mitigating factors. The guidelines from the DOJ’s updated VSD policy,[38] discussed in further detail below, break down full cooperation as:

  • timely disclosure of all facts;
  • proactive cooperation;
  • preservation, collection and disclosure of relevant documents (Guidelines list examples);
  • deconfliction of witness interviews;
  • retention of business records and prohibition of the improper destruction or deletion of those records; and
  • any additional steps that demonstrate recognition of the seriousness of misconduct, acceptance of responsibility and implementation of measures to reduce risk of a repetition of the misconduct.

The updated policy also lays out what the DOJ considers as aggravating factors during an investigation for criminal sanctions violations, which include:[39]

  • exports of items controlled for nuclear non-proliferation or missile technology reasons to a proliferator country;
  • exports of items known to be used in the construction of weapons of mass destruction;
  • exports to a foreign terrorist organisation or specially designated global terrorist;
  • exports of military items to a hostile foreign power;
  • repeated violations, including similar administrative or criminal violations in the past; and
  • knowing involvement of upper management in the criminal conduct.

The DOJ released an update to its ‘Evaluation of Corporate Compliance Programs’[40] guidance document, on 1 June 2020. The ‘Principles of Federal Prosecution of Business Organizations’ include several factors that prosecutors should consider when conducting an investigation of a corporation, including the adequacy and effectiveness of a corporation’s compliance programme at the time of an offence. Maintaining an effective compliance programme may be considered an additional mitigating factor.

When determining whether a corporation has an effective compliance programme, the DOJ considers three main questions:

  • Is the corporation’s compliance programme well designed?
  • Is the compliance programme being applied earnestly and in good faith?
  • Does the corporation’s compliance programme work in practice?

Best practice for corporations in an investigation

If an investigation has commenced, it is generally in parties’ best interests to endeavour to proactively collaborate with the agency conducting the investigation. OFAC enforcement actions have shown that it considers cooperation to be a mitigating factor in an enforcement case and the DOJ has stated that for a party to receive the benefits of a VSD, it must fully cooperate with the DOJ. Generally, full cooperation includes but is not limited to internal investigations to discover the root cause of an apparent violation, responding to regulators’ requests for additional information in a timely and complete manner, preserving all sensitive or relevant documents, collaborating with regulators to develop and implement effective remedial measures, and, in the case of a DOJ investigation, deconflicting and making available any potential witnesses. Under no circumstances should parties attempt to hide or destroy evidence of an apparent violation once an investigation has commenced. Any indication of actions opposing an investigation is likely to lead to investigators taking a more hostile approach and may also constitute an offence of obstructing proceedings before departments, agencies and committees pursuant to 18 USC 1505 or conspiracy to obstruct justice under 18 USC 371. Parties should also consider notifying relevant non-US regulators,[41] shareholders, counterparties, insurers and other interested parties.

Self-reporting

Reporting to OFAC

As mentioned above, OFAC views the self-disclosure of apparent violations favourably. The self-disclosure of a violation can significantly reduce a potential civil penalty amount. To be considered voluntary, a disclosure must be self-initiated and made to OFAC before either OFAC or any government agency or official discovers the apparent violation. Notification of an apparent violation to another government agency, which is considered a VSD by that agency, may be considered a VSD to OFAC on a case-by-case basis. When making a VSD to OFAC, the VSD must include or be followed by a report containing sufficient details to provide a complete understanding of the circumstances of the apparent violation. In some instances, it may be beneficial to the party to make a preliminary disclosure to OFAC before knowing all the facts so as to make a timely disclosure yet ensure that the disclosure is voluntary. Parties should also ensure that their VSD and follow-up report contain all the details known at the time they are submitted. Parties submitting VSDs should also be prepared to respond to any follow-up enquiries by OFAC.[42]

However, not all notifications to OFAC of an apparent violation will be considered a VSD. Specifically, a notification will not be considered a VSD if a third party notifies OFAC of the apparent violation or substantially similar apparent violation because it blocked or rejected a transaction, or if the disclosure:

  • includes false or misleading information or is materially incomplete;
  • is not self-initiated;
  • is made without the authorisation of senior management; or
  • is in response to an administrative subpoena or other enquiry form.[43]

Filing a licence application with OFAC is also not considered a VSD.[44]

Reports to OFAC in certain instances are required by OFAC regulations. Specifically, US persons are required to submit reports of rejected and blocked transactions to OFAC within 10 business days of the action.[45] These reports are typically made by financial institutions and must include details of the rejected or blocked transactions, such as the parties, accounts involved and date and amount of payment. Additionally, annual reports on blocked property must be filed with OFAC by 30 September of each year.[46] It is important to note that these reports will not be considered a VSD to OFAC and the disclosure of violations that OFAC has already been made aware of by a reject or blocking report submitted by another party will not receive the benefits of a VSD.

Reporting to the DOJ

On 13 December 2019, the DOJ released an updated VSD policy.[47] Under the new policy, all business organisations, including financial institutions, are eligible for the full range of benefits of the DOJ’s self-disclosure programme. Although there is no requirement to self-report to the DOJ, owing to the timeliness requirements discussed below, a VSD must be made early in the investigation process if it is to receive credit from the DOJ.

Mirroring other DOJ self-disclosure policies, companies are now eligible for credit when they (1) voluntarily self-disclose export control or sanctions violations to the National Security Division’s Counterintelligence and Export Control Section (CES), (2) fully cooperate with the investigation, and (3) remediate any violations appropriately and in a timely manner. The threshold for eligibility is self-disclosure of potential violations to CES; self-disclosing to any other regulatory agency does not qualify a party as a self-discloser under the new DOJ policy.

For the purposes of the DOJ’s VSD policy, for a party’s disclosure to be considered voluntary it must be made prior to an imminent threat of disclosure or government investigation, and within a reasonably prompt time after discovery of the offence, and the party must disclose all relevant facts known to it at the time of the disclosure. The DOJ recognises that parties may not know all relevant facts at the time of disclosure, especially if the parties submit a VSD based on a preliminary investigation. The policy states that if that is the case, a party should make clear that it is making its disclosure based on a preliminary investigation or assessment of information while still providing all available information.

To receive credit for full cooperation, parties are required to disclose all relevant facts in a timely manner; to cooperate proactively with the DOJ; to preserve, collect and disclose all relevant documents and information; to deconflict witness interviews when required; and to make officers and employees of the party available for interviews by the DOJ when so requested. The policy notes that eligibility for cooperation credit does not depend on the waiver of the attorney–client privilege or the work-product protection, although experience suggests that the DOJ typically initiates a discussion on privilege at some point during corporate investigations.

Finally, parties are required to demonstrate a thorough analysis of the causes of underlying conduct and, where appropriate, engage in remediation; implement an effective compliance programme; discipline employees identified by the party as responsible for the oversight; retain business records and prohibit the improper destruction of those records; and take any additional steps that demonstrate recognition of the seriousness of a party’s misconduct.

Considerations before self-reporting

In general, costs associated with making a VSD to either OFAC or the DOJ include legal expenses, government scrutiny, reputational harm and, potentially, large monetary penalties. Tied to the additional scrutiny and investigation by government agencies, apparent violations of US sanctions laws other than those disclosed in the VSD may be discovered during the course of an investigation. When parties are deciding whether or not to submit a VSD, they must weigh these negative factors against the likelihood that a government agency independently discovers or is notified by a third party of the apparent violation and the nature and value of the apparent violation.

A VSD submitted to either OFAC or the DOJ will only be accepted if it is made before there was a significant likelihood that the government would be notified of the apparent violation or otherwise discover it on its own. Additionally, by not making a VSD, parties are forfeiting a valuable opportunity to frame the issue and present any mitigating factors before a government investigation commences.

Prior to proceeding with a VSD, parties should also consider the date a potential violation occurred. The statute of limitations for sanctions violations is generally five years from the date of the apparent violation. However, as part of the settlement process parties may enter into tolling agreements with OFAC, which is considered a mitigating factor, to extend the statute of limitations if it is at risk of expiring during the course of the investigation and settlement process. Parties should also be aware that while the statute of limitation for sanctions violations is generally five years, a criminal investigation conducted by the DOJ may uncover violations of other statutes with significantly longer statutes of limitations.[48] Depending on the situation, a party may be safe in limiting its investigations and the submission of VSDs to conduct within the past five years; however, parties should be aware that there are instances where the statute of limitations is greater than five years.

Considerations before submitting a VSD to OFAC

The submission of a VSD to OFAC can have several benefits, including as a mitigating factor when calculating a penalty or, in some cases, allowing a party to avoid an enforcement action. OFAC may decline to take action if it determines that the conduct does not constitute a violation, or it may decide that the conduct does not warrant a civil monetary penalty and issue a cautionary letter instead.[49] However, the main benefit of a VSD is that, if accepted, the VSD will reduce the base amount of the penalty by approximately 50 per cent in both egregious and non-egregious cases.[50] VSDs are not the only mitigating factors that OFAC takes into account when determining the amount of a penalty. Parties should immediately take any reasonable remedial measures after discovering the apparent violation and discuss those measures in their submission. Additionally, parties should maintain a compliance programme in line with OFAC’s Framework for Compliance Commitments and, to the extent possible, map the apparent violation against their compliance programme and how the party has remedied, or intends to remedy, any deficiencies in its programme.

Further, when submitting a VSD to OFAC, a party must consider the chance that OFAC may launch a broader investigation and uncover additional, undisclosed violations under one of its many sanctions programmes or violations that cause OFAC to notify other government agencies, including a potential referral to the DOJ for criminal enforcement. While notifications made to other government agencies may be considered a VSD for OFAC enforcement purposes, a VSD to OFAC will not qualify as a VSD made to the DOJ. Therefore, parties should carefully consider if there was an element of wilfulness in the apparent violations or other activity that would be considered criminal in nature and would cause OFAC to refer the case to the DOJ. If a party believes that the case may be referred to the DOJ, it should consider submitting a VSD to the DOJ either prior to, or simultaneously with, submitting its VSD to OFAC to benefit from the DOJ’s VSD policy.

Considerations before submitting a VSD to the DOJ

If the party satisfies the three requirements of the DOJ’s VSD policy – voluntarily self-disclosing a violation; fully cooperating with the investigation; and remediating any violations appropriately and in a timely manner – there is a presumption that the party will receive a non-prosecution agreement (NPA) and will pay no fine, absent aggravating factors. However, even if a party receives an NPA, at a minimum the party will not be permitted to retain any of the unlawfully obtained gain and will be required to pay all disgorgement, forfeiture or restitution resulting from the misconduct.

Additionally, even if aggravating circumstances exist, the DOJ will still recommend a fine of at least 50 per cent less for a qualifying party than otherwise would have been levied, and will not require the imposition of a monitor if the party has implemented an effective compliance programme at the time of resolution. In addition to maintaining compliance programmes in line with OFAC’s Framework, parties should ensure their programmes meet the criteria laid out in the DOJ’s updated ‘Evaluation of Corporate Compliance Programs’ guidance document.

While the new VSD policy certainly has issues that businesses must consider before self-reporting, for businesses and the newly included financial institutions, the revised policy is also a potential lifeline to protect them from large financial penalties and potential criminal prosecution as seen in recent DOJ cases regarding UniCredit,[51] Société Générale[52] and Halkbank.[53] Despite this, there are still issues with the policy that may deter business organisations from submitting VSDs to the DOJ.

One factor to take into consideration under the new policy is that it makes clear that a VSD to a regulatory agency will not be enough to qualify for the benefits of the DOJ policy. This is in contrast with OFAC’s position that notification of an apparent violation to another government agency that is considered a VSD by that agency may be considered a VSD by OFAC based on a case-by-case assessment. This, coupled with the requirement that a VSD be made before any imminent threat of disclosure or government investigation, means that parties must decide early in their investigation of a potential violation of sanctions or export laws if they need to file with both regulatory agencies and the DOJ. Investigations can take unexpected turns, however, transforming an ostensible civil issue into a potential criminal matter if evidence of wilfulness is discovered. However, by filing with the DOJ, a party could expose itself to a potential criminal investigation and heavy, continuing disclosure obligations.

Moreover, the policy applies only to the DOJ and does not bind other regulators, including state banking regulators such as the New York State Department of Financial Services or the Federal Reserve. Those other enforcement authorities have their own programmatic mandates, which may be inconsistent with the outcomes available under the new policy. Put differently, self-reporting to the DOJ may earn you the carrot from the DOJ, but you may still face the stick from other regulators.

The key to effectively utilising this policy rests in the foundation of a party’s compliance policies and procedures. Even if the policies and procedures fail to prevent a violation from occurring, they can assist a party in quickly determining the nature and degree of the violation. This should help parties recognise earlier in their investigation of a potential violation whether they need to issue a VSD to the DOJ.

Other notification requirements

During the past few years, the US Securities and Exchange Commission (SEC) has taken a more active role in reviewing economic sanctions compliance. The SEC appears to have taken an interest because of the risks associated with a violation of US sanctions laws. The SEC has increasingly used comment letters[54] to request additional information from parties regarding the financial and reputational risks from costly regulatory action that may be associated with their disclosures to OFAC and their business activities in sanctioned countries.[55] Despite this, the SEC has not traditionally acted as an enforcement agency in the mould of OFAC or the DOJ, only seeking disclosure and reporting of sanctions-related risks.[56] While parties should consider notifying the SEC of apparent violations, this should be done while keeping in mind the requirements for VSD submissions to OFAC and the DOJ. In addition to the SEC, parties should be aware that OFAC maintains memoranda of understanding with several state and federal banking regulatory agencies outlining how they will share information.[57] Banking regulators, such as the Federal Reserve, may impose penalties on the financial institutions they oversee in connection with apparent violations of US sanctions laws. Accordingly, financial institutions should consider notifying their banking regulators of apparent violations if they plan to submit a VSD to OFAC. However, this should be done while conscious of the requirements for VSD submissions to OFAC and the DOJ.

Parties should also assess whether the apparent violation of US sanctions laws also violates the sanctions laws of other jurisdictions. For example, if a party operates in both the United States and the United Kingdom and commits an apparent violation that would be in breach of sanctions law in both countries, the party should consider making a disclosure to both OFAC and the UK’s Office of Financial Sanctions Implementation. Foreign regulatory agencies may share information regarding apparent violations directly or learn of an apparent violation if it is published by a foreign regulator. Therefore, a party should ensure that it considers whether its actions violate non-US sanctions laws and whether the party would be subject to the jurisdiction of non-US regulators.

Additionally, parties should be aware of how public perception and negative press relating to the discovery of an apparent violation can materially affect a party’s reputation. A VSD and a detailed plan to implement remediation measures targeting the root cause of the apparent violations may mitigate some of the associated reputational damage. However, regardless of how the apparent violation was reported or discovered, public scrutiny still represents a risk factor for future business partners and investors. As a result, reputational damage could lead to lost opportunities and burdensome due diligence requirements imposed by potential business partners.

Anti-money laundering

Suspicious activity reports

Anti-money laundering investigations can overlap with investigations of apparent sanctions violations. Additionally, disclosures to one regulatory authority can notify other authorities of potential violations leading to overlapping investigations for different violations caused by the same action. A financial institution that intentionally attempts to deceive US regulatory authorities or cover up an apparent violation of US sanctions laws, for example, is likely to simultaneously engage in violations of anti-money laundering laws.[58]

Under the BSA, financial institutions[59] are required to report ‘any suspicious transaction relevant to a possible violation of law or regulation’. FinCEN has issued regulations implementing the BSA requiring certain financial institutions, including banks, securities broker-dealers, introducing brokers, casinos, futures commission merchants and money services businesses, to report any suspicious activity above a certain dollar threshold in a SAR. Each industry has its own form and, generally, the report must be submitted within 30 days of the detection of the suspicious activity.

OFAC requires financial institutions to submit reports regarding any transactions that were rejected or blocked as a result of the involvement of a person on OFAC’s list of specially designated nationals and blocked persons. These transactions would be considered suspicious activity under the BSA due to the possibility that they violate US sanctions regulations, and financial institutions would be required to submit a SAR to FinCEN. FinCEN’s requirements will be satisfied by filing a rejection or blocking report to OFAC, which will then pass the information to FinCEN.[60] However, FinCEN notes that any information related to the activity that was not disclosed or included in the blocking report should be included in a separate SAR filed with FinCEN.[61]

As discussed above, a notice of an apparent violation through a third-party rejection or blocking report will negate any benefit that a party may have received from submitting a VSD. Additionally, because the information filed in a rejection or blocking report will be passed to FinCEN and made available to law enforcement, it could trigger additional investigations relating to money laundering or other civil and criminal offences. Parties should be aware of how regulators share information and how a third-party report may trigger multiple investigations from several government agencies, negating any benefit the party would receive from self-reporting the apparent violation.

In understanding and examining the risks associated with third-party reports, parties should also be aware of the AMLA, ultimately passed on 1 January 2021. The AMLA expands the BSA to include measures to strengthen FinCEN and inter-agency coordination and enforcement, among other provisions such as enhanced regulatory coverage of non-traditional exchanges of value and new beneficial ownership reporting requirements. The AMLA requires the creation of a three-year pilot programme allowing financial institutions to share SARs information with the institution’s foreign branches, subsidiaries and affiliates for the purpose of combating illicit finance risks.[62] Additionally, the AMLA also requested the establishment of an exchange designed to facilitate information sharing between financial institutions, law enforcement agencies, national security agencies and FinCEN.[63]

As these programmes continue to develop, the enhanced information-sharing mechanisms and procedures could lead to faster detection by or notification of a potential violation to OFAC, negating any benefits that would be received by self-reporting as the report would no longer be considered voluntary by OFAC. The implementation and effect of these information-sharing programmes should be monitored by parties, and their potential impact on the time it takes for OFAC to independently discover or be notified of an apparent violation considered when deciding if and when to file a VSD.

Resolution of investigations

OFAC has a variety of enforcement options available to it upon learning of a potential violation of US sanctions. If OFAC determines that there is insufficient evidence that a violation has occurred or concludes that the conduct does not warrant an administrative response, then no action will be taken.[64] In cases where OFAC is aware that the subject of the investigation knows of OFAC’s investigation, it will generally issue a no-action letter. If OFAC determines that there is insufficient evidence of a violation but that the activity in question could lead to a violation or that there is a lack of due diligence in assuring compliance with US sanctions laws, it may issue a cautionary letter.[65] A cautionary letter will generally lay out OFAC’s concerns about the underlying conduct or concerns regarding the compliance policies, practices and procedures that led to the apparent violation. If OFAC determines that a violation has occurred but that a civil monetary penalty is not appropriate, it may issue a finding of violation.[66] Although there is no monetary penalty involved, OFAC announces findings of violations in press releases and publishes a notice containing the description of the violations and its analysis, which can cause reputational damage to a party.

Cautionary letter[67]

OFAC may also impose a civil monetary penalty upon determining that a violation has occurred.[68] These penalties will be determined in line with OFAC guidelines and subject to the mitigating and aggravating factors described above. Parties may also decide to enter into a settlement with OFAC to reduce their maximum exposure to penalties.[69] Settlement discussions may be initiated by OFAC or the party that committed the apparent violation. Settlements can be made before or after the issuance of a pre-penalty notice and may also include multiple apparent violations, even if they are covered under separate pre-penalty notices. Notably, OFAC settlements may be a part of a comprehensive settlement with other federal, state or local agencies.

Global settlement[70]

Finally, OFAC may refer a case to appropriate law enforcement if it determines that the activity warrants a criminal investigation or prosecution (or both).[71]

Similar to the multiple options available to, and utilised by, OFAC, the DOJ has a variety of enforcement options available to it when closing a case. First, it may choose to resolve a case using a deferred prosecution agreement (DPA) or an NPA. Under a DPA, the DOJ will bring charges against the party committing the violation but agrees not to proceed with those charges so long as the party follows a negotiated set of requirements or conditions. Under an NPA, the DOJ will not file charges against the party and will generally require the party to comply with certain conditions or pay a fine. Additionally, DPAs and NPAs may impose a corporate monitor on the party to the agreement. The party bears the costs of the corporate monitor, and the scope of the monitor’s oversight responsibilities are negotiated by the party and the DOJ. The DOJ may also seek the forfeiture of assets relating to the apparent violation as part of the penalties assessed against the party.

If the DOJ initiates an investigation either through a referral by another government agency or independent discovery of an apparent violation, the offending party may be charged under numerous criminal statutes, depending on the nature of the violation. For example, a single party may be charged for a wilful violation of the IEEPA while simultaneously being charged for fraud, criminal money laundering and other offences committed in coordination with the apparent violation.[72] These could lead to significant monetary penalties and potential imprisonment for individuals involved in the apparent violation.

Looking ahead to the future of enforcement

Russia’s ongoing invasion of Ukraine is likely to turn the spotlight on sanctions enforcement. The recent criminal indictments related to violations of the 2014 sanctions on Russia are the start of a likely trend towards an enforcement focus on violations of Russia-related sanctions and efforts to evade such sanctions.

Recent OFAC and DOJ actions also suggest that enforcement bodies will focus enforcement of violations by persons outside of the traditional banking sector, historically the target of OFAC’s largest penalties, towards new high-risk sectors such as financial technology businesses and those involved in cryptocurrency trading.

As companies look to strengthen their compliance programmes in an effort to mitigate the risk of violations and subsequent enforcement, OFAC’s Framework will continue to be a valuable guide to what it will look for in a risk-based compliance programme and the key factors it will assess as aggravating and mitigating factors in the event of an enforcement action.


Footnotes

[1] David Mortlock and Britt Mosman are partners and Nikki Cronin and Ahmad El-Gamal are associates at Willkie Farr & Gallagher LLP.

[2] 31 CFR Part 501 Appendix A (II)(F).

[3] See US Department of Commerce press release: ‘Commerce Implements Sweeping Restrictions on Exports to Russia in Response to Further Invasion of Ukraine’, 24 February 2022, available at www.commerce.gov/news/press-releases/2022/02/commerce-implements-sweeping-restrictions-exports-russia-response; US Department of Commerce press release: ‘Commerce Department Expands Restrictions on Exports to Russia and Belarus in Response to Ongoing Aggression in Ukraine’, 9 April 2022, available at www.commerce.gov/news/press-releases/2022/04/commerce-department-expands-restrictions-exports-russia-and-belarus.

[4] Dylan Tokar, ‘Treasury Department Changes Approach to Fines in Sanctions Cases’, Wall Street Journal (14 June 2019), available at www.wsj.com/articles/treasury-department-changes-approach-to-fines-in-sanctions-cases-11560552590.

[5] 31 CFR Part 501, Appendix A(V)(B)(2)(a)(iv).

[6] id.

[7] Published in March 2018, FAQs 559–563 detail the compliance responsibilities of entities involved in the digital currency industry or using digital currency as a means of conducting transactions as well as providing key definitions and information on how OFAC will use existing authorities to bring enforcement actions with respect to apparent violations involving the use or transfer of digital currency. See OFAC FAQs ‘Questions on Virtual Currency,’ available at https://home.treasury.gov/policy-issues/financial-sanctions/faqs/topic/1626.

[8] US Department of the Treasury, ‘Sanctions Compliance Guidance for the Virtual Currency Industry’, at https://home.treasury.gov/system/files/126/virtual_currency_guidance_brochure.pdf.

[9] See Exxon Mobil Corporation v. Steven Mnuchin, Civil Action No. 3:17-CV-1930-B (N.D. Tex. 2019).

[10] US Department of the Treasury, ‘A Framework for OFAC Compliance Commitments’, at https://home.treasury.gov/system/files/126/framework_ofac_cc.pdf.

[11] 50 USC 1705(c).

[12] See US Department of Justice, ‘Attorney General Merrick B. Garland Announces Launch of Task Force KleptoCapture’, 2 March 2022, at www.justice.gov/opa/pr/attorney-general-merrick-b-garland-announces-launch-task-force-kleptocapture.

[13] See US Department of Justice, ‘$90 Million Yacht of Sanctioned Russian Oligarch Viktor Vekselberg Seized by Spain at Request of United States’, 4 April 2022, at www.justice.gov/opa/pr/90-million-yacht-sanctioned-russian-oligarch-viktor-vekselberg-seized-spain-request-united.

[14] See US Department of Justice, ‘U.S. Citizen Who Conspired to Assist North Korea in Evading Sanctions Sentenced to Over Five Years and Fined $100,000’, 12 April 2022, at www.justice.gov/opa/pr/us-citizen-who-conspired-assist-north-korea-evading-sanctions-sentenced-over-five-years-and; and US Department of Justice, ‘Two European Citizens Charged for Conspiring with a U.S. Citizen to Assist North Korea in Evading U.S. Sanctions,’ 25 April 2022, at www.justice.gov/opa/pr/two-european-citizens-charged-conspiring-us-citizen-assist-north-korea-evading-us-sanctions#:~:text=Both%20Cao%20De%20Benos%20and,Kevin%20Castel.

[15] See US Department of Justice, ‘TV Producer for Russian Oligarch Charged with Violating Crimea-Related Sanctions‘, 3 March 2022, at www.justice.gov/opa/pr/tv-producer-russian-oligarch-charged-violating-crimea-related-sanctions; and US Department of Justice, ‘Russian Oligarch Charged with Violating U.S. Sanctions’, 6 April 2022, at www.justice.gov/opa/pr/russian-oligarch-charged-violating-us-sanctions.

[16] id.

[17] id.

[18] See OFAC ‘Enforcement Information for June 13, 2019’, at https://home.treasury.gov/system/files/126/20190612_hotelbeds_0_1.pdf.

[19] See 31 CFR Part 501.

[20] See In re: Sealed Case, No. 19-5068 (D.C. Cir. 6 August 2019).

[21] id. at 10.

[22] id. at 9.

[23] 31 USC § 5318(k) as amended by the Anti-Money Laundering Act 2020.

[24] See OFAC ‘Enforcement Information for October 1, 2019’, at https://home.treasury.gov/system/files/126/20191001_ge.pdf; and OFAC ‘Enforcement Release: October 20, 2020’, at https://home.treasury.gov/system/files/126/20201020_berkshire.pdf.

[25] See OFAC ‘Enforcement Information for September 17, 2019’, at https://home.treasury.gov/system/files/126/20190917_bacb.pdf.

[26] See OFAC ‘Enforcement Information for February 26, 2020’, at https://home.treasury.gov/system/files/126/20200226_sita.pdf.

[27] See OFAC ‘Enforcement Information for January 27, 2020’, at https://home.treasury.gov/system/files/126/20200127_eagle.pdf.

[28] See OFAC ‘Enforcement Release: February 18, 2021’, at https://home.treasury.gov/system/files/126/20210218_bp.pdf.

[29] See OFAC ‘Enforcement Release: October 1, 2020’, at https://home.treasury.gov/system/files/126/gga_web_posting_10012020.pdf.

[30] OFAC’s enforcement action against UniCredit Bank AG highlighted the bank’s wilful intent to circumvent US sanctions, citing formal UniCredit Bank documents containing policies and procedures that instructed bank personnel to ensure payment structures were formatted in a way that hid the participation of OFAC-sanctioned parties. See OFAC ‘Enforcement Information for April 15, 2019’, at https://home.treasury.gov/system/files/126/20190415_uni_webpost.pdf.

[31] OFAC found that Standard Chartered Bank had actual knowledge or reason to know of its apparent violations of several sanctions regulations, including the Cuban Assets Control Regulations and the Iranian Transactions and Sanctions Regulations, which OFAC deemed an aggravating factor. See OFAC ‘Enforcement Information for April 9, 2019’, at https://home.treasury.gov/system/files/126/20190408_scb_webpost.pdf.

[32] OFAC found that Jiangsu Guiqiang Tools Co Ltd (GQ), a subsidiary of Stanley Black & Decker, Inc, which agreed to pay the penalty for both itself and GQ, harmed the objectives of the Iranian Transactions and Sanctions Regulations by conferring an economic benefit to Iran in a systematic scheme involving the export and attempted export of several shipments of power tools and spare parts to a third country with knowledge that the goods were intended specifically for supply, transshipment or re-exportation to Iran. See OFAC ‘Enforcement Information for March 27, 2019’, at https://home.treasury.gov/system/files/126/20190327_decker.pdf.

[33] In OFAC’s enforcement action against Cubasphere Inc for violations of the Cuban Assets Control Regulations, it considered the fact that Cubasphere was a small company with few employees as a mitigating factor. By contrast, in OFAC’s enforcement action against Apollo Aviation Group, LLC (Apollo) for violations of the Sudanese Sanctions Regulations, it highlighted Apollo’s size and sophistication as an aggravating factor. See OFAC ‘Enforcement Information for June 13, 2019’, at https://home.treasury.gov/system/files/126/20190612_cubasphere.pdf; and OFAC ‘Enforcement Information for November 7, 2019’, at https://home.treasury.gov/system/files/126/20191107_apollo.pdf.

[34] In OFAC’s enforcement action against Haverly Systems, Inc for violations of the Ukraine Related Sanctions Regulations, it considered the fact that Haverly did not have a formal OFAC sanctions compliance programme at the time the apparent violations occurred an aggravating factor. See ‘OFAC Enforcement Information for April 25, 2019’, at https://home.treasury.gov/system/files/126/20190425_haverly.pdf.

[35] In OFAC’s enforcement action against Union de Banques Arabes et Françaises (UBAF), it considered the remedial actions taken by UBAF a mitigating factor. Those remedial measures included the adoption of a new Financial Security Charter, providing training for UBAF employees, reviewing its business lines and terminating certain services that were deemed high risk, and establishing a Compliance Committee to monitor company-wide compliance. See ‘OFAC Enforcement Release: January 4, 2021’, at https://home.treasury.gov/system/files/126/01042021_UBAF.pdf.

[36] In OFAC’s enforcement action against TD Bank, N.A, (TDBNA), it found that TDBNA’s cooperation with OFAC by providing well-organised and user-friendly information in a prompt manner was a mitigating factor. See ‘OFAC Enforcement Release: December 23, 2021’, at https://home.treasury.gov/system/files/126/20211223_TDBNA.pdf.

[37] See, for example, ‘OFAC Enforcement Release: December 30, 2020’, BitGo, Inc., at https://home.treasury.gov/system/files/126/20201230_bitgo.pdf (‘On May 2, 2019, OFAC published A Framework for OFAC Compliance Commitments in order to provide organizations subject to US jurisdiction, as well as foreign entities that conduct business in or with the United States or US persons, or that use US-origin goods or services, with OFAC’s perspective on the essential components of a sanctions compliance program. The Framework also outlines how OFAC may incorporate these components into its evaluation of apparent violations and resolution of investigations resulting in settlements. The Framework includes an appendix that offers a brief analysis of some of the root causes of apparent violations of US economic and trade sanctions programs OFAC has identified during its investigative process.’).

[38] US Department of Justice (DOJ), National Security Division, ‘Export Control and Sanctions Enforcement Policy for Business Organizations’ (13 December 2019), at www.justice.gov/nsd/ces_vsd_policy_2019/download.

[39] id.

[40] DOJ, Criminal Division, ‘Evaluation of Corporate Compliance Programs’ (updated June 2020), at www.justice.gov/criminal-fraud/page/file/937501/download.

[41] See Chapter 5 regarding The Bank of Tokyo-Mitsubishi UFJ Limited being fined for not informing the UK prudential regulator of its sanctions enforcement exposure in the US.

[42] 31 CFR 501 Appendix A (I)(I).

[43] id.

[44] id.

[45] 31 CFR 501.603 and 501.604.

[46] id.

[47] DOJ, National Security Division, ‘Export Control and Sanctions Enforcement Policy for Business Organizations’ (13 December 2019), at www.justice.gov/nsd/ces_vsd_policy_2019/download.

[48] One example is the bank fraud statute, which carries a 10-year statute of limitations. See 18 USC 1344. Additionally, the presence of a conspiracy to violate sanctions laws may extend the statute of limitations as it does not begin until the final overt act committed for its benefit.

[49] 31 CFR 501 Appendix A (II)(C).

[50] 31 CFR 501 Appendix A (V)(B)(a).

[54] SEC ‘comment letters’ refer to either letters submitted in response to requests for public comment, or, in this instance, to correspondence between SEC staff and SEC filers. The SEC may use comment letters to request that a party provide additional supplemental information, revise disclosure in a document on file with the SEC, provide additional disclosure in a document on file with the SEC, or provide additional or different disclosure in a future filing with the SEC. There may be several rounds of letters as the SEC’s staff and the filer work to resolve a particular issue.

[55] Menghi Sun and Mark Maurer, ‘SEC Questions More Companies About Sanctions Disclosures’, Wall Street Journal (28 August 2019) (citing Audit Analytics), at www.wsj.com/articles/sec-questions-more-companies-about-sanctions-disclosures-11567018243.

[56] However, in a recent Foreign Corrupt Practices Act case against Quad/Graphics, the SEC found that, in addition to violating anti-bribery and book-keeping offences, Quad/Graphics participated in a scheme to circumvent US sanctions and export control laws. See Securities and Exchange Commission press release of 26 September 2019, at www.sec.gov/news/press-release/2019-193. The DOJ had declined to prosecute Quad/Graphics despite finding evidence of bribery and did not reference the sanctions evasion scheme. See DOJ Response Letter, Re: Quad/Graphics Inc, at www.justice.gov/criminal-fraud/file/1205341/download.

[57] The US Department of the Treasury maintains a list of memoranda of understanding between OFAC and state and federal banking regulators at https://home.treasury.gov/policy-issues/financial-sanctions/civil-penalties-and-enforcement-information/2019-enforcement-information/memoranda-of-understanding-between-ofac-and-bank-regulators.

[58] An example of simultaneous sanctions and anti-money laundering enforcement can be found in the ongoing case of Halkbank. The Turkish state-owned bank allegedly participated in a multibillion-dollar scheme to evade US sanctions on Iran, including facilitating fraudulent transactions designed to appear to be purchases of food and medicine. The DOJ referenced the knowing involvement of senior officers at the bank and discussions on how best to structure transactions to evade scrutiny by US regulators. As is often the case with schemes to avoid sanctions, Halkbank violated anti-money laundering laws by using fraudulent pretences and representations to defraud financial institutions. See United States v. Halkbank, Superseding Indictment S6 15 Cr. 867 (RMB), at www.justice.gov/opa/press-release/file/1210396/download.

[59] The Bank Secrecy Act defines ‘financial institutions’ at 31 USC 5312. This list at 31 USC 5312(a)(2) includes, but is not limited to, insured banks, commercial banks or trust companies, private bankers, brokers and dealers in securities or commodities, investment bankers or companies, insurance companies, certain casinos and any businesses or agencies that engage in any activity that the Secretary of the Treasury determines, by regulation, to be an activity that is similar to, related to or a substitute for any activity in which any business described in 31 USC 5312(a)(2) is authorised to engage.

[60] See FinCEN Interpretive Guidance ‘Interpretation of Suspicious Activity Reporting Requirements to Permit the Unitary Filing of Suspicious Activity and Blocking Reports’, December 2004, available at www.fincen.gov/sites/default/files/guidance/20041214a.pdf.

[61] id.

[62] 31 USC § 5318(g)(8) as amended by the Anti-Money Laundering Act, 2020.

[63] 31 USC § 310(d) as amended by the Anti-Money Laundering Act, 2020.

[64] 31 CFR 501 Appendix A (II)(A).

[65] 31 CFR 501 Appendix A (II)(B).

[66] See US Department of the Treasury, ‘Enforcement Release: April 30, 2020: OFAC Issues a Finding of Violation to American Express Travel Related Services Company for Violations of the Weapons of Mass Destruction Proliferators Sanctions Regulations’, at https://home.treasury.gov/system/files/126/20200430_amex.pdf.

[67] See ‘OFAC Enforcement Information for February 14, 2019’, at https://home.treasury.gov/system/files/126/20190214_applichem.pdf.

[68] 31 CFR 501 Appendix A (II)(E).

[69] 31 CFR 501 Appendix A (V)(C).

[70] See, e.g., US Department of the Treasury press release, ‘U.S. Treasury Department Announces Settlement with UniCredit Group Banks’ (15 April 2019), at https://home.treasury.gov/news/press-releases/sm658.

[71] 31 CFR 501 Appendix A (II)(F).

[72] See DOJ press release of 15 October 2019, at www.justice.gov/opa/pr/turkish-bank-charged-manhattan-federal-court-its-participation-multibillion-dollar-iranian (‘[Halkbank] was charged today in a six-count indictment with fraud, money laundering, and sanctions offenses related to the bank’s participation in a multibillion-dollar scheme to evade U.S. sanctions on Iran.’).

Unlock unlimited access to all Global Investigations Review content