OFAC Compliance: Lessons Learned from FinCEN’s ‘Culture of Compliance’ Guidance
Aug. 15, 2014
The mission of the Financial Crimes Enforcement Network (FinCEN) is to “safeguard the financial system from illicit use and combat money laundering and promote national security through the collection, analysis, and dissemination of financial intelligence and strategic use of financial authorities.” This mission is primarily carried out by FinCEN’s administrative stewardship of a series of anti-money laundering and countering the financing of terrorism laws collectively known as the Bank Secrecy Act (BSA).
One key component of the BSA is the generation and filing of mandatory reports by U.S. financial institutions to FinCEN. U.S. financial institutions include depository institutions, money services businesses, securities brokers and dealers, casinos, and others. Mandatory reports include Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs). Since these reports are created by the private sector and concern the activities of customers, effective corporate compliance is critical to FinCEN’s mission. To reiterate the importance of compliance, FinCEN issued an Advisory to U.S. Financial Institutions on Promoting a Culture of Compliance on August 11, 2014.
In its guidance, FinCEN indicates that a financial institution can strengthen its BSA compliance culture by ensuring that (1) its leadership actively supports and understands compliance efforts; (2) efforts to manage and mitigate BSA deficiencies and risks are not compromised by revenue interests; (3) relevant information from various departments within the organization is shared with compliance staff; (4) the institution devotes adequate resources to its compliance function; (5) the compliance programs is effective by, among other things, ensuring it is tested by an independent and competent party; and (6) its leadership and staff understand the purpose of its BSA efforts and how its reporting is used.
Although most, if not all, of FinCEN’s suggestions to promote a culture of BSA compliance at financial institutions would equally apply to promoting a culture of OFAC compliance in any number of businesses, number six touches upon something a little different. Every now and then I get a client or potential client who asks me something to the effect of, “Why should I even comply with OFAC regulations? It’s not like I am going to get caught.”
There is a litany of reasons why someone should comply with OFAC regulations (e.g., it’s the law, it promotes U.S. national security and foreign policy objectives, etc.), not the least of which is that you may get caught. But how does one get caught? If the fact that Edward Snowden has revealed that the U.S. Government operates a massive surveillance apparatus that targets U.S. persons and foreigners alike was not enough to convince you, how BSA-mandated reports are used should.
The reporting and the transparency that financial institutions provide under FinCEN’s regulations result in some of the most important information available to law enforcement and others safeguarding the nation. It is used to confront serious threats, including terrorist organizations, rogue nations, weapons of mass destruction proliferators, drug traffickers, and, transnational criminal organizations. These are the very same threats OFAC-administered sanctions are employed to neutralize, so it is very likely OFAC uses such filings to build cases and initiate investigations against potential sanctions violators. In fact, FinCEN’s guidance reveals that “[n]early 11,000 federal, state, and local law enforcement and regulatory [agencies] . . . conduct roughly 30,000 searches per day” on FinCEN’s database of reports. Given the significant overlap of OFAC’s and FinCEN’s respective missions (and the fact that they are both components of the Treasury’s Terrorism and Financial Intelligence (TFI)), it is safe to assume OFAC is a regular user of FinCEN reports.
Surprisingly, some people still believe they can escape detection so long as they structure individual transactions to never rise above $10,000. Not only is structuring a separate (and very easily proven) federal offense, it might only avoid the filing of a CTR by increasing the odds that a financial institution will file a Suspicious Activity Report (SAR). Financial institutions are prohibited by law from informing their customer that a SAR has been filed, so a person structuring their transactions will never know if they have been detected until it is too late.
Additionally, the information contained in BSA-mandated reports, when analyzed, reveal significant relationships, trends, and patterns that might have otherwise gone unnoticed. FinCEN indicates that its reports are used alongside forfeiture and sanctions to target and dismantle the financial networks of illicit actors, further revealing the close link between OFAC and FinCEN.
So although the FinCEN issued guidance specifically focuses on BSA compliance, its lessons can easily be applied to OFAC compliance. FinCEN’s guidance also reveals that when it comes to economic sanctions, compliance is the best defense.
Disclaimer: Blog posts should not be relied upon as legal advice and are only provided for informational purposes. Information contained in blog posts may also become outdated with the passage of time as laws change and U.S. foreign policy and national security objectives evolve.