- OFAC and AML expertise delivered through independent audits, program design, alert backlog management, automated monitoring, KYC remediation, policies and procedures development, AML/financial crime conference program design, and AML training
- Client value enhanced by legal background, 18 years international business experience and fluency in English, Spanish, and Dutch
- Audit and consulting clients include: Aruba Bank, Banco Agricola, Fiserv, Global Cash Access, Keefe, and SafetyPay
- Training clients include: Bank of America, Capital One, Charles Schwab, Moneygram, Scotiabank, and UBS
- All 7 Best Practices
- Pre-Call Discovery Process
- One-on-One Call with Expert
- Session Summary Report
- Post-Session Engagement
- An organization is unclear about how to design an OFAC program.
The critical part of an OFAC program is development of a comprehensive compliance regime. Key elements of the program:
- Conducting a risk assessment
- Maintaining policies, procedures and internal controls
- Establishing a qualified OFAC Compliance Officer
- Implementing an adequate OFAC training program for all relevant employees
- Subjecting the program to regular independent testing
- An organization needs help understanding what it means to implement a "risk-based approach" in its OFAC program.
An effective OFAC program must be risk-sensitive. The organization must evaluate its customers, geography, products and services, and company as a whole on where there could be a potential OFAC issues. Resources and controls should be allocated to where the risks are the highest.
- An organization lacks insight into who is on the OFAC list.
OFAC publishes a list of Specially Designated Nationals and Blocked Persons (SDNs) that includes over 6,000 names of companies and individuals who are located throughout the world. The list includes foreign narcotics traffickers, foreign terrorists, and proliferators of weapons of mass destruction. United States citizens and companies are prohibited from engaging in trade and financial transactions with SDNs wherever they are located, and all SDN assets must be blocked (or frozen).
- An organization is uncertain about regulatory expectations with respect to OFAC controls.
On November 9, 2009, OFAC issued a final rule entitled “Economic Sanctions Enforcement Guidelines” to provide guidance to persons subject to its regulations. The document explains the procedures that OFAC follows in determining the enforcement response to apparent violations.
Some enforcement responses may result in the issuance of a civil penalty that, depending on the sanctions program affected, may be as much as $250,000 per violation or twice the amount of a transaction, whichever is greater. The Guidelines outline the various factors that OFAC takes into account when making enforcement determinations, not the least of which is the adequacy of a compliance program in place within an institution to ensure compliance with OFAC regulations
A regulatory examiner will seek to test all aspects of a OFAC program to determine if any deficiencies are isolated or systemic. More guidance can be found in the FFIEC BSA/AML Examination Manual (see Resources).
- An organization needs assistance with OFAC training.
Training should be made critical to a compliance program by the board of directors and senior management. All OFAC training programs and materials should outline employee accountability for ensuring OFAC compliance and provide a comprehensiveness of training that considers specific risks related to individual business lines. It should also cover policies, procedures, processes, and new rules and regulations.
Penalties for noncompliance with internal policies and regulatory requirements should be discussed. Training should be required of personnel from all applicable areas of the firm, it should be periodic yet frequent, and their attendance should be documented.