On October 5, 2018, the Treasury Department’s Office of Foreign Assets Control (“OFAC”) announced that it had entered into an approximately $5.3 million civil monetary settlement with JPMorgan Chase Bank, N.A. (“JPMC”) for apparent violations of the Cuban Assets Control Regulations, 31 C.F.R. Part 515, the Iranian Transactions and Sanctions Regulations, 31 C.F.R. Part 560, and the Weapons of Mass Destruction Proliferators Sanctions Regulations, 31 C.F.R. Part 544.  At the same time, OFAC announced that it had issued a Finding of Violation (“FOV”) to JPMC regarding violations of the Foreign Narcotics Kingpin Sanctions Regulations, 31 C.F.R. Part 598 and the Syrian Sanctions Regulations, 31 C.F.R. part 542.  The JPMC settlement and FOV represent just the third public enforcement action announced by OFAC in 2018, and were announced in the wake of increased media attention to the relative dearth of public OFAC enforcement activity recently.

We provide below a summary of the information released by OFAC regarding the settlement and FOV, and identify some key takeaways from this case for financial institutions and others subject to OFAC’s regulations.

Details of the Settlement

According to OFAC, JPMC operated a net settlement mechanism that resolved billings by and among various airlines and other participants in the airline industry on behalf of its client, a U.S. entity and its approximately 100 members, and a non-U.S. entity and its over 350 members.  Between 2008 and 2012, OFAC notes that JPMC processed 87 transactions through the U.S. financial system that may have contained interests attributable to a sanctions-targeted party.  Each of the transactions represented a net settlement payment between JPMC’s client and the non-U.S. person entity whose members included among its numerous airline industry participants eight airlines that were at various times on OFAC’s List of Specially Designated Nationals and Blocked Persons (the “SDN List”), blocked pursuant to OFAC sanctions, or located in countries subject to the sanctions programs administered by OFAC.  The net settlement payments had a total value of $1,022,408,149, of which OFAC concluded that approximately $1,500,000 (0.14%) appears to have been attributable to interests of sanctions-targeted parties.  OFAC noted that the total base penalty amount for the apparent violations was $7,797,290.

In determining the appropriate settlement amount in this case, which was voluntarily disclosed to OFAC and determined to be a “non-egregious” matter under OFAC’s Economic Sanctions Enforcement Guidelines, 31 C.F.R. Part 501, Appendix A, OFAC considered the following aggravating and mitigating factors:

Aggravating Factors

  • OFAC stated that JPMC appears to have acted with reckless disregard for its sanctions compliance obligations when, in its capacity as a clearing bank in a net settlement mechanism, the bank failed to screen participating member entities of the non-U.S. person entity that participated in the net settlement mechanism with JPMC’s clients for purposes of OFAC compliance, despite being in possession of the necessary information to enable screening;
  • OFAC noted that JPMC missed red flags and other warning signs on several occasions, including two separate occasions in 2011 when the bank received express notification from its client regarding OFAC-sanctioned entities participating in the settlement mechanism;
  • OFAC considered that JPMC was aware that it processed net settlement transactions on behalf of the two member organizations on a weekly basis, and, given the bank’s involvement in reconciling the organizations’ billings against each other, JPMC staff members had actual knowledge of the individual members, including OFAC-sanctioned entities, involved in each transaction; and
  • OFAC noted that JPMC’s activity conveyed economic benefit to several entities subject to OFAC sanctions and harmed the integrity of a number of OFAC sanctions programs, and that JPMC is a large and commercially sophisticated financial institution.

Mitigating Factors

  • OFAC concluded that no JPMC managers or supervisors appear to have been aware of the conduct or transactions that led to the apparent violations;
  • OFAC determined that the total harm caused to OFAC sanctions programs was significantly less than the total value of the transactions because the transactions represented net settlements between numerous parties, of which the sanctioned entities were only a few;
  • JPMC cooperated with OFAC’s investigation of the apparent violations, including by entering into a retroactive tolling agreement (and multiple extensions thereof) to toll the statute of limitations; and
  • OFAC noted that JPMC had taken a number of remedial steps as part of a risk-based sanctions compliance program to prevent similar apparent violations in the future, including making improvements to its sanctions screening capabilities, increasing compliance staff, and enhancing training.

Details of the FOV

According to the FOV, between 2011 and 2014, JPMC processed 85 transactions totaling approximately $45,000 and maintained eight accounts on behalf of six customers who were contemporaneously identified on the SDN List.  From approximately 2007 to October 2013, JPMC used a vendor screening system that failed to identify these six customers as potential matches to the SDN List.  The system’s screening logic capabilities failed to identify customer names with hyphens, initials, or additional middle or last names as potential matches to similar or identical names on the SDN List.  As a result, OFAC noted that, despite strong similarities between the accountholder’s names, addresses, and dates of birth in JPMC account documentation and on the SDN List, JPMC maintained accounts for, and/or processed transactions on behalf of, these six customers.

OFAC noted that JPMC identified weaknesses in the screening tool’s capabilities as early as September 2010, but faulted JPMC as a large, sophisticated financial institution for taking over three years to fully address this deficiency, and for an apparent failure to have implemented in the interim adequate compensating controls to address the risk these screening deficiencies posed to the bank’s operation of existing accounts or opening of new accounts.  OFAC did, however, afford mitigating credit to JPMC because no JPMC personnel, including managers or supervisors, appear to have had actual knowledge of the conduct that led to the violations; additional mitigation was provided based on JPMC’s prior enforcement history and cooperation with OFAC’s investigation.

Key Takeaways

The settlement and FOV provide additional insight into OFAC’s expectations of financial institutions and other persons required to comply with U.S. sanctions, though in this case primarily reinforce themes found in existing guidance and enforcement practice rather than breaking new ground.  The key points we take away from OFAC’s actions are as follows:

  • Transactions involving an indirect interest of a sanctions target come within the scope of sanctions prohibitions, and are fair game for enforcement. When providing settlement services, U.S. financial institutions therefore need to be mindful not only of their direct clients, but also of their clients’ and clients’ counterparties’ underlying participants.
  • OFAC will hold enforcement targets accountable for failure to act on red flags or other information available to them that indicate a possible sanctions violation, and appears to be more likely than not to view such a failure as evidence of “reckless disregard” for sanctions requirements.
  • Where a financial institution identifies a weakness in its compliance program, it is incumbent on the institution to act expeditiously to correct the weakness or implement compensating controls. Even where such weaknesses result from deficiencies in vendor-supplied screening solutions, the financial institution has ultimate responsibility to ensure its own sanctions compliance.

View as a PDF