Go to the profile of Bold
Bold
Scalable payouts for on-demand service providers.

How On-Demand Service Operators Can Screen for OFAC Compliance

All Money Service Businesses (MSBs) need to implement an effective OFAC screening program. Here’s what you need to know on what OFAC is and how you can ensure compliance.

What’s the OFAC?

The Office of Foreign Assets Control (OFAC) is “an office of the U.S. Treasury that administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals.”

Basically, the list is provided to ensure transferred funds are not destined for terrorists, international narcotics traffickers, targeted foreign countries, or people involved with weapons of mass destruction. Seems reasonable. But if you’re an MSB, how can you be sure your transactions are compliant with the OFAC regulations? Read on.

The importance of OFAC compliance

If you’re an MSB, you have a responsibility to maintain an effective OFAC screening program. MSBs like yours are an important alternative to traditional banking institutions. That said, they carry the risk of being misused by terrorists and narcotics traffickers to transfer money for less than reputable purposes. If your business fails to adopt procedures for screening transactions, criminals may be able to move money through your business, threatening U.S. national security.

A few things to consider:

1.) No transfer is too small

You can be penalized for processing a transaction of any amount if a Specially Designated National or Blocked Person (SDN) is a party to the transaction. By interdicting and reporting all transactions involving sanctions targets, regardless of the amount, you may well prevent activity that threatens to undermine U.S. national security and foreign policy objectives. Plus, you’ll avoid getting fined for noncompliance… it’s a win-win.

2.) Get the facts before it’s too late

Collect all information on the remitter and the beneficiary before the remitter leaves the conversation. This “know your customer” principle means asking for documentation that proves the identity of your customer so you can compare it to the OFAC’s SDN list. If you don’t validate the identity and contact information of the remitter before he or she leaves the office, you may be unable to obtain that information later, making it impossible to determine whether or not there is a true match to the list (bad for obvious reasons, mostly because it would delay notification of law enforcement when a criminal is involved, and also because the transaction could get blocked or rejected).

3.) Act fast

If you find that an SDN is originating or receiving a funds transfer through your MSB, take action! It is absolutely critical that you notify your financial institution immediately so that they can report it to OFAC. Banks are required to report all blocked activity within 10 days of the occurrence. Obviously the exact location of a known terrorist or narcotics trafficker is valuable information for law enforcement, and time is of the essence. It’s your responsibility to ensure the information doesn’t become outdated and that your banking partners can meet their compliance requirements!

How to set up an OFAC screening program

Ok, so you can see how an OFAC screening program is a very necessary part of doing business. How do you go about putting a screening program in place? Unfortunately, there is no prepackaged compliance program that is a one-size-fits-all for your industry. However, there are some general best practices that you can follow to keep your MSB in the clear.

Risk assessment: What’s your OFAC risk profile?

The OFAC will take your services, customers, entities, transactions, and geographic locations into consideration when determining your risk profile. Before setting up a program, you need to determine why you might be at risk, and what that risk level is. Suggestions for determining your risk include:

  1. How well do you know your customers?
  2. What percentage of of your customers could be considered high-risk
  3. Does your company work with foreign customers?
  4. Does your company operate using electronic banking access or international transactions?
  5. Prior OFAC Actions?

Consider that, when checking customers, you must take into account all parties in a business transaction. In the case of financial institutions, for example, that may include co-signers, beneficiaries and collateral owners and cosigners.

Once you have started screening your customers, it’s only a matter of time before you come across a potential match. Now what?

Internal controls

Your OFAC compliance program should include internal controls for identifying suspect accounts and transactions and reporting them to OFAC. Internal controls should include:

  1. Identify and review suspect transactions
  2. Clearly define your criteria for comparing names provided on the OFAC list
  3. Establish a process for how you will determine whether an initial OFAC hit is a valid match or a false hit
  4. Your compliance program should include policies, procedures, and processes for timely updating of the lists

Verify that the Originator is not a blocked party, and making a good faith effort to determine that the Originator is not transmitting blocked funds.

The Receiving Depository Financial Institution (RDFI) similarly is responsible for verifying that the Receiver is not a blocked party. In this way, the ODFI and the RDFI are relying on each other for compliance with OFAC policies.

Reporting

An OFAC compliance program should also include policies, procedures, and processes for handling items that are valid blocked or rejected items under the various sanctions programs. In the case of interdictions related to narcotics trafficking or terrorism, banks should notify OFAC as soon as possible by phone or e-hotline about potential hits with a follow-up in writing within ten days. Most other items should be reported through usual channels within ten days of the occurrence. The policies, procedures, and processes should also address the management of blocked accounts.

There you have it

Establish and maintain an effective, written OFAC compliance program commensurate with your OFAC risk profile (based on products, services, customers, and geographic locations). The program should identify high-risk areas, provide for appropriate internal controls for screening and reporting, establish independent testing for compliance, and designate an employee or team that is responsible for OFAC compliance.

Additional sources to consider:

http://www.treasury.gov/resource-center/sanctions/Documents/ofac_sec_frb_080106.pdf
http://www.treasury.gov/resource-center/sanctions/Pages/regulations.aspx
http://www.treasury.gov/resource-center/sanctions/Documents/msb_reg.pdf
http://www.treasury.gov/resource-center/sanctions/Documents/matrix.pdf

Legal Disclaimer: Please note that this is not intended to be — and may not be construed as — legal advice, should not be acted on as such, may not be current and can change without notice. Please consult with a knowledgeable professional in designing and implementing an OFAC screening policy.

Originally published at blog.gobold.com by Roman Rosario.

OfacComplianceRisk
  • Go to the profile of Bold

    Bold

    Scalable payouts for on-demand service providers.

  • Go Bold.

    Go Bold.

    Thoughts on mass, global payouts. From our team to yours.