"'Know Your Customer': OFAC Raises Due Diligence Expectations of Non-US Banks"

by Skadden, Arps, Slate, Meagher & Flom LLP

Since 2005, a series of very large non-U.S. banks — including ABN AMRO, Credit Suisse and ING — have paid significant penalties to U.S. authorities for processing funds transfers through the United States related to business with Iranian, Cuban and other clients that are subject to U.S. economic sanctions. Some of these payments were directly on behalf of sanctioned entities (such as an Iranian or Cuban bank), while others were more generally related to business with sanctioned countries (such as trade finance transactions involving European exports to Burma). All of these funds transfers violated regulations of the Office of Foreign Assets Control (OFAC).

In September and October 2013, OFAC tried something new: It announced the imposition of civil penalties not against non-U.S. banks, but rather directly against their non-U.S. customers for originating payments related to business with Iran. While penalizing customers is a notable departure from the U.S. government’s established model, the practice likely serves as a new warning to non-U.S. banks that they will be required to improve due diligence programs significantly to avoid harsher penalties in 2014 and beyond.

The Customer Penalties

OFAC first penalized an obscure Turkish trading company $750,000 for making payments through the United States for the benefit of persons in Iran, and then it penalized a company in the United Arab Emirates $1.5 million for doing substantially the same. The Emirati company, Alma Investments LLC, appears to have been the subject of a previous “scam alert” by the Dubai Financial Services Authority. Neither the Turkish nor the Emirati company appears to have participated in OFAC’s enforcement proceedings, and OFAC seems unlikely to collect the money penalties. It is possible that the banks were penalized separately; OFAC did not name the financial institutions involved.

These penalties are consistent with OFAC’s recent focus on third parties that transact on behalf of Iranian companies, which apparently have turned to trading companies and exchange houses because the recent escalation of U.S. sanctions effectively has shut them out of the international financial system. In January 2013, OFAC issued a rare advisory to U.S. financial institutions to be on the lookout for third-country (i.e., non-U.S., non-Iranian) exchange houses and trading companies that act as money transmitters for Iranian businesses. OFAC also is responsible for implementing Executive Order 13608, which, since 2012, has authorized economic sanctions against “foreign sanctions evaders.” OFAC has explained that it may use the order to sanction third-country entities that conduct deceptive financial transactions on behalf of Iranian companies, “where the foreign person had no physical, financial, or other presence in the United States and did not submit to U.S. administrative proceedings … . Such a listing under Executive Order 13608 also provides Treasury with the capability to put the world on notice as to such foreign persons’ activity and the risk of similar future activity.” The Turkish and Emirati trading companies would appear to have met the criteria for sanctions under Executive Order 13608, but OFAC instead elected to penalize them under its traditional administrative proceedings, even though they did not appear to submit to those proceedings. This illustrates how the same transaction involving Iran now can trigger multiple, overlapping laws from which OFAC or other U.S. authorities may choose.

OFAC’s Real Audience

Superficially, this new approach seems fairer than penalizing the banks, which despite robust know-your-customer programs cannot reasonably be expected always to know their customers’ reasons for making particular payments. It is unlikely that fake, disposable front companies for Iranians would be undeterred by these types of penalties, which they may never have to pay.

However, the real audience for these trading-company penalties seems once again to be non-U.S. banks, which OFAC explicitly encouraged to exercise greater due diligence for these types of customers. In this sense, the purpose of these newer penalties against trading companies seems to reinforce OFAC’s prior warnings to non-U.S. banks and possibly to lay a foundation for future penalties against such banks that, in the eyes of U.S. authorities, should have done a better job ferreting out these types of customers.

It is not clear how exactly OFAC or other U.S. authorities expect a bank to detect sanctions evasion by trading companies or exchange houses, but two developments earlier last year indicate that resubmitted payments may be the clearest sign of a problem:

  • In its January 2013 advisory, OFAC explained that the third-country exchange houses and trading companies commonly omitted references to Iranian names or addresses. So what is a bank to look for, if the Iranian funds transfers purposely do not mention Iran? OFAC identified three red flags, of which two were essentially resubmitted payments, i.e., payments initiated by a customer that the bank rejects for compliance reasons, and which the customer then alters and resubmits in an effort to avoid detection. (The third red flag was unusual patterns in the volume or frequency of payments.)
  • In February 2013, OFAC concluded a civil penalty settlement with the Bank of Guam because a bank employee resubmitted a single payment that another bank rejected due to a reference to Iran. The Bank of Guam settlement likely reflects a regulatory expectation that once a payment is rejected for OFAC-related reasons by one bank, any bank that processes it is on notice of a serious problem that requires attention. A trading company or exchange house that attempts to send a funds transfer referencing Iran through the United States probably should not be given a second chance.


Despite the November 2013 nuclear deal between Iran and six other nations that calls for temporary relief from economic sanctions, OFAC is unlikely to ease its scrutiny and will continue to levy civil penalties aggressively when it identifies transactions in violation of U.S. law. Even though OFAC has begun a practice of penalizing non-U.S. companies for their banking transactions, that does not reduce the exposure of the banks themselves. Risk-averse non-U.S. financial institutions will need to consider re-evaluating and, where possible, strengthening their due diligence programs or potentially face negative publicity, significant fines or both.

* This article appeared in the firm's sixth annual edition of Insights on January 16, 2014

Download PDF

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Skadden, Arps, Slate, Meagher & Flom LLP | Attorney Advertising

Written by:

Skadden, Arps, Slate, Meagher & Flom LLP

Skadden, Arps, Slate, Meagher & Flom LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.