Life in the fast lane took on new meaning when the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued a Finding of Violation (FOV) against MidFirst Bank (MidFirst) in 2022. The bank was held to account for violations of the Weapons of Mass Destruction Proliferators Sanctions Regulations (WMDPSR). MidFirst Bank was just not fast enough in its sanction screening; OFAC didn’t fine the bank this time, but will your bank be fast enough to prevent a hefty fine?
What is the WMDPSR (and how does it impact banks)?
The Weapons of Mass Destruction Proliferators Sanctions Regulations (WMDPSR) came into force back in 2009. WMDPSR represents OFAC’s guidance on certain non-listed Specially Designated Nationals (SDNs). MidFirst was not the first FI to be held to account under WMDPSR: in 2011, J.P. Morgan was fined over $88 million for violations, including non-compliance with WMDPSR. The issued fine included a violation by JPMC for processing a trade loan of around $2.9 million to the bank issuer of a letter of credit to a WMDPSR blocked vessel associated with the Islamic Republic of Iran Shipping Lines (“IRISL”).
So, significant fines issued because of sanction violations, including WMDPSR, are nothing new; however, what makes the case of MidFirst so interesting is that OFAC used the bank as a warning and learning exercise for other banks.
How slow sanction updates harmed MidFirst
The OFAC violation notice against MidFirst explains the problem:
“The agreement between MidFirst and its vendor provided for periodic screening of MidFirst’s customers against the SDN List. Although the vendor conducted daily screenings of new customers and of existing customers with certain account changes…the vendor only screened MidFirst’s entire existing customer base once a month.”
This slow sanction list update with the associated lag in response rate was the underlying problem placing MidFirst in non-compliance. In addition to the sluggish rate of sanction updates, MidFirst was also slow to address blocked accounts. The bank processed five transactions worth $604,000 on behalf of accounts held by blocked persons. Blocked accounts were only resolved every 14 days, the OFAC notice noting that:
“MidFirst reported to OFAC that its sanctions screening vendor notified MidFirst that the blocked persons had been added to the SDN list on October 5, 2020, 14 days after their addition. MidFirst then promptly blocked accounts belonging to the blocked persons.”
There were mitigating circumstances, and this helped to ameliorate the response of the regulator. For example, violations occurred within two weeks post-designation and 98% of the value associated with the violations happened only hours after designation. However, this slow response rate to updated screening by the bank's screening vendor is the core issue behind the OFAC violation notice. In other words, MidFirst Bank and its vendor failed to maintain verifiable accounts and process sanctioned individuals' transactions promptly. However, the ruling by OFAC differs from previous violation enforcement. MidFirst escaped a fine because OFAC wished to use the bank as an example to other banks to process sanctions fast -- as in real-time fast. The bank was found at fault for its lack of timeliness, and its vendor was at fault for slow updates, which slowed its response time to potential fraud. MidFirst, having updated sanction lists once a month was just not enough to maintain compliance.
Is this a call for continuous sanctions monitoring?
In a word, yes: this ruling means that OFAC is essentially enforcing continuous sanction monitoring by requiring that sanction lists are updated as they occur. The OFAC violation notice concludes that:
“...financial institutions should take a risk-based approach when developing their sanctions compliance program, including with respect to screening accounts and transactions for potential violations of OFAC regulations…Consistent with that risk-based approach to sanctions compliance, this FOV demonstrates that understanding the scope and capabilities of outsourced sanctions compliance services is critical to ensuring that those services are aligned with the financial institution’s expectations for managing its self-assessed sanctions risk.”
How can Eastnets help with fast sanction updates?
How sanction list information is communicated, the increasing volume of data and the frequency of updates make sanction compliance complex. Sanction list updates may be challenging, but new approaches are offering solutions. Eastnets ChainFeed is based on blockchain technology to automate real-time sanction list updates. Feeding accurate and timely information to screening engines is critical to maintaining compliance with regulations such as WMDPSR. As we have seen with MidFirst Bank, delays expose FIs and banks to regulatory non-compliance. However, these delays also can negatively impact operational, reputational, financial, and political risks.
- ChainFeed is a sanction check platform that executes immediate updates in real time.
- ChainFeed is based on blockchain technology for a smoother, easier update journey.
- ChainFeed guarantees that watchlists are always up-to-date and error-free while reducing the administrative burden of manual updates.
The decision by OFAC to send a warning shot across the bows of finance is interesting. OFAC has clarified that it expects banks and other organizations under the regulations to update sanction lists continuously. As such, stakeholders across the sanction list ecosystem must act to establish mechanisms that provide instant updates that are secure, reliable, and accurate.