In the last two years, OFAC has brought four enforcement actions that focus on an organization’s “screening errors.” These include: American Express; (2) Cobham Metalics; (3) Apple; and (4) Amazon. In today’s posting, I will review American Express and Cobham Metalics.
On April 30, 2020, OFAC issued a Finding of Violation (with no penalty) against American Express Travel Services for violations of the Weapons of Mass Destruction Proliferators Sanctions Regulations (“WMD Sanctions Program”).
Between March 26, 2015 and May 19, 2015, American Express issued prepaid card to, and processed 41 transactions totaling $35,246.82 for Gerhard Wisser, a Specially Designated National (“SDN”).
According to OFAC, these errors were the result of “human error and screening system defects.”
Amex evaded any monetary penalty because it remediated and voluntarily disclosed the violations.
In January 2009, Wisser was added to the SDN list. Six years later, on March 26, 2015, Wisser applied for an American Express Global Travel Card at a non-U.S. bank. When the non-U.S. bank entered Wisser’s information into its internal screening system the system identified Wisser as a potential SDN match and automatically generated multiple “declined” messages rejecting the application. The non-U.S. bank made several additional approval attempts which lead the risk engine to time out which then triggered the approval of the application.
After the approval message was generated, the system separately routed the application into a manual review queue. The Amex compliance analyst incorrectly determined that the individual applying for the Global Travel Card was not the SDN and placed him on the company’s “Accept List.” Wisser conducted 2 initial deposit (i.e. load) transactions and then 39 withdrawal transactions.
In weighing its aggravating and mitigating circumstances, OFAC cited as Amex’s automatic approval of applications when a system timeout occurred as a “critical” compliance program shortcoming. OFAC noted that the case highlighted the importance of making sure that automated sanctions compliance controls cannot be overridden without appropriate review.
In December 2018, OFAC settled with Cobham Holdings (and its former subsidiary Aeroflex/Metelics, Inc. (“Metelics”, a software company)) for $87,507 for violations of OFAC’s Ukraine-Russia sanctions program. Metelics violated the Ukraine-Russia sanctions program on three occasions between July 31, 2014 and January 15, 2015, by selling telecommunications and computer software through distributors in Canada to a prohibited (“SDN”).
Prior to December 14, 2015, Metelics was a subsidiary of Cobham, a global provider of technology and services in aviation, electronics, communications and defense. While negotiating for the sale of Metelics, the prospective purchaser identified a July 31, 2014 shipment to a distributor in Canada for end-use by Almaz Antey (“AAT”) in Russia. Cobham investigated the shipment and discovered that in December 2014 and January 2015, Metelics made two additional shipments through a Russian distributor for end-use by AAT.
Interestingly, AAT was not specifically listed on OFAC’s SDN list, but was 51 percent owned by Joint-Stock Company Concern Almaz-Antey (“JSC Almaz-Antey”), which was added by OFAC to the SDN list on July 16, 2014, two weeks before the first July 31, 2014 shipment. Accordingly, AAT was blocked at the time Metelics engaged in the two transactions and three specific shipments to AAT through the Canadian and Russian distributors.
On June 18, 2014, Metelics agreed to ship an order of switches and switch limiters through the Canadian distributor to AAT for $1.1 million. The next day, Metelics performed a sanctions and denied party screening for the order that returned red flags for Russia generally but not AAT specifically since JSC Almaz-Antey had not yet been added to the SDN List.
Metelics did not have sufficient stock to fill the order and therefore split the order into two separate shipments. The first shipment occurred on June 27, 2014. Metelics performed another screening with similar results to the first screening. Metelics forwarded the end use certificates to its Director of Trade Compliance, who approved the transaction, and Metelics shipped the first part of the order on June 27, 2014.
On July 16, 2014, OFAC designated JSC Almaz-Antey and added it to the SDN List.
Metelics prepared the second shipment on July 31, 2014 and again performed a screening. Despite searching using the terms “Almaz” and “Antey,” Metelics’ search produced no warnings or red flags for AAT. Again, the Director of Trade Compliance approved the transaction, and Metelics shipped the second part of the order on July 31, 2014.
In October 2014, Metelics received an order for 10 samples of two different silicon diode switch limiters from a Russian distributor for end-use by AAT. On October 27, 2014, Metelics performed another screening and did not return any matches or red flags. After being approved by the Director Trade Compliance, Metelics subsequently shipped the samples on December 19, 2015 and January 15, 2016, respectively.
Cobham later determined that its screening software failed to generate an alert because the entry of the information omitted the term “Telecom,” and Metelics’ software required an “all word match,” even though Metelics had set the search criteria to “fuzzy” to detect partial matches. As a result, the software failed to flag “Almaz Antey” when Cobham searched for “Almaz Antey Telecom.”
As an important lesson learned, OFAC reiterated that companies should take steps to ensure that its screening software is sufficiently robust and that appropriate personnel are trained on its functionality.