A Financial Institution’s OFAC risk profile is determined based on its products, services, customers and geographic locations. A Financial Institution’s OFAC compliance program is required to:
- Identify higher-risk areas
- Provide internal controls for screening and reporting
- Establish independent testing for OFAC compliance
- Designate a bank employee or employees responsible for OFAC compliance
- Create training programs for appropriate personnel in all relevant areas of the bank
What constitutes high levels of OFAC risk?
- International funds transfers
- Nonresident alien accounts
- Foreign customer accounts
- Cross-border automated clearing house (ACH) transactions
- Commercial letters of credit and other trade finance products
- Transactional electronic banking
- Foreign correspondent bank accounts
- Payable through accounts
- Concentration accounts
- International private banking
- Overseas branches or subsidiaries
Financial Institutions ought to establish and maintain an effective written OFAC compliance program consistent and compatible with their OFAC risk profile.
How does an Examiner Assess OFAC risks facing a Financial Institution?
The BSA/AML MANUAL (Appendix M – Quantity of Risk Matrix – OFAC Procedures) outlays a Matrix that Examiners use when assessing a Financial Institution’s risk of encountering an OFAC issue. The Matrix assists an outside Examiner with determining the effectiveness and adequacy of a Financial Institution’s OFAC risk management. Appendix M provides a regulator with an OFAC risk matrix that will seek to answer if a Financial Institution has:
A stable, well-known customer base in a localized environment or a large, fluctuating client base in an international environment?
Few higher-risk customers (nonresident aliens, foreign individuals and foreign commercial customers) or a large number of higher-risk customers?
No overseas branches and no correspondent accounts with foreign banks or overseas branches or multiple correspondent accounts with foreign banks?
No electronic banking (e-banking) services offered, or products available are purely informational or non-transactional or the bank offers a wide array of e-banking products and services such as account transfers, electronic bill payment, or on-line account opening?
A limited number of funds transfers for customers and noncustomers, limited third-party transactions, and no international funds transfers or a high number of customer and noncustomer funds transfers, including international funds transfers?
No other types of international transactions, such as trade finance, cross-border ACH, and management of sovereign debt or a high number of other types of international transactions?
No history of OFAC actions or evidence of apparent violation or circumstances that might lead to a violation or multiple recent actions by OFAC, where the bank has not addressed the issues, leading to an increased risk of the bank undertaking similar violations in the future?
Don’t be a Victim of your Own Making
OFAC states that there is No single compliance program suitable for every Financial Institution and there is no “pre-packaged” solution. An OFAC Compliance Program is tailored made and designed according to the uniqueness of a specific Financial Institution.
Consult your qualified BSA/AML provider in order to ensure that your Financial Institution complies with the Matrix set forth in the Appendix M of the AML/BSA OFAC Procedures.