October 24, 2018 / 8:58 PM / a month ago

International transactions and sanctions compliance duties highlighted by JPMorgan lapses

NEW YORK (Thomson Reuters Regulatory Intelligence) - The U.S. Treasury Department’s $5.3 million settlement last week with JPMorgan Chase and Co. over suspected sanctions violations highlights the government’s continued focus on sanctions and the adequacy of screening procedures. It also underscores the importance of corporate self-reporting and remediation in limiting penalties, and offers compliance lessons on avoiding control lapses that can lead to penalties and bad publicity.

A view of the exterior of the JP Morgan Chase & Co. corporate headquarters in New York City May 20, 2015. REUTERS/Mike Segar/Files

APPARENT VIOLATIONS OF MULTIPLE SANCTIONS PROGRAMS

The settlement between JPMorgan and Treasury's Office of Foreign Assets Control{here} involved suspected violations by the bank's J.P. Morgan Chase Bank, NA unit of economic sanctions related to Cuba, Iran, and designated proliferators of weapons of mass destruction.

OFAC said the transactions were net-settlement payments, some of which were attributable to airlines on OFAC’s list of Specially Designated Nationals and Blocked Persons (SDN List), blocked under OFAC sanctions, or located in countries subject to the sanctions programs administered by OFAC.

OFAC said JPMorgan voluntarily self-disclosed the apparent violations and said they constituted a “non-egregious case.”

It said the bank had operated a settlement mechanism that resolved billings among airlines and other participants in the airline industry on behalf of its client, a U.S. entity and with approximately 100 members, and a non-U.S. entity and its over 350 members.

It said that from 2008 to 2012 the bank processed 87 transactions through the U.S. financial system that may have contained interests attributable to a sanctions-targeted party.

OFAC said that before January 2012 the bank lacked a process to independently evaluate the participants of the non-U.S. person entity for OFAC sanctions risk, despite receiving red flag notifications regarding OFAC-sanctioned members on at least three occasions. As a result the bank for a number of years processed net settlement payments that appear to have violated OFAC sanctions programs.

Separately, OFAC cited the parent company for the same subsidiary’s violation of sanctions regulations regarding Syria and suspected foreign narcotics kingpins. OFAC said that from approximately 2007 to October 2013, JPMC processed 85 transactions totaling $46,127 and maintained eight accounts on behalf of six customers who were at the same time identified on the SDN List. It issued a “Finding of Violation,” which did not carry a penalty.

AGGRAVATING FACTORS

OFAC cited as aggravating factors in the net-settlement case:

—JPMorgan appears to have acted with reckless disregard for its sanctions compliance obligations when it failed to screen participants in the net settlement mechanism with JPMorgan’s clients for purposes of OFAC compliance, despite having the necessary information to do so;

—The bank missed red flags and other warning signs on several occasions, including twice in 2011 when its client notified the bank about OFAC sanctioned entities participating in the settlement mechanism;

—The bank was aware that it processed net settlement transactions on behalf of the two member organizations on a weekly basis, and, given the bank’s involvement in reconciling the organizations’ billings against each other, JPMorgan staff members had actual knowledge of the individual members, including OFAC-sanctioned entities, involved in each transaction; and

—JPMorgan activity helped several entities subject to OFAC sanctions and harmed the integrity of a number of OFAC sanctions programs.

As a big, internationally sophisticated bank, JPMorgan should have known better, OFAC indicated.

OFAC also considered as mitigating factors:

—No JPMorgan managers or supervisors appear to have been aware of the conduct or transactions that led to the apparent violations;

—The harm to OFAC sanctions programs was significantly less than the total value of the transactions, because the transactions represented net settlements between numerous parties, of which the sanctioned entities were only a few;

—The bank cooperated with OFAC’s investigation, including by agreeing to suspend the statute of limitations; and

—JPMorgan has taken steps as part of a risk-based sanctions compliance program to prevent future similar violations.

As examples of the remedial efforts, OFAC said that, between February 2012 and the time JPMorgan ended its relationship with its U.S. entity client, the bank screened all net settlement participants to prevent sanctioned entities from utilizing the process; it increased its compliance staff; it implemented new sanctions-screening software; and it incorporated these apparent violations as a case study for training purposes.

In the net-settlement case, the enforcement “highlights the risks associated with a U.S. person failing to take adequate steps to ensure that transactions that it processes are compliant with U.S. economic sanctions laws — particularly in instances in which a U.S. person has actual knowledge or reason to know, prior to the transaction being effected, of an SDN’s past, present, or future interest in such a transaction,” OFAC said.

FINDING OF VIOLATION

In citing JPMorgan for violating the narcotics kingpin and Syrian sanctions regulations, OFAC said that from 2007 to 2013, JPMorgan had used a vendor screening system that failed to identify six customers as potential matches to the SDN List.

The system’s screening logic capabilities failed to identify customer names with hyphens, initials, or additional middle or last names as potential matches to similar or identical names on the SDN List.

Despite strong similarities between the account holder’s names, addresses, and dates of birth in JPMorgan account documentation and on the SDN List, JPMorgan maintained accounts for or processed transactions on behalf of these six customers.

The bank identified weaknesses in the screening tool’s capabilities as early as September 2010 and implemented a series of enhancements from 2010 to 2012.

In 2013, JPMorgan transitioned to a new screening system. In November 2013, JPMorgan re-screened 188 million clients’ records through the new system, identified the questionable transactions and accounts, and reported the violations to OFAC.

“This enforcement action highlights the importance of financial institutions remediating known compliance program deficiencies in an expedient manner, and when that is not possible, the importance of implementing compensating controls to mitigate risk until a comprehensive solution can be deployed,” OFAC said.

RECENT SANCTIONS SETTLEMENTS

In other recent sanctions cases:

— U.S. federal and state authorities informed Standard Chartered Bank that they are preparing to bring criminal charges against two of the bank’s former employees over alleged sanction breaches involving Iran-linked companies, the Financial Times reported on Monday.

The report said prosecutors were also seeking to fine Standard Chartered about $1.5 billion in a probe based on allegations the bank continued to breach such Iran sanctions by processing U.S. dollar transactions — even after it paid a $667 fine in a 2012 settlement for such violations.

Standard Chartered PLC chief executive Bill Winters told senior staff on Tuesday that the bank is working on an “acceptable resolution” with these authorities. He said most of the transactions in question date to before 2012.

As part of it 2012 deferred prosecution agreement (DPA) with the U.S. Treasury, the bank said it had stopped working with Iranian and Iranian-connected companies, the FT said. StanChart closed its Tehran office in May 2012, the newspaper said.

The bank was subject to an independent monitor appointed to oversee its effort to improve its sanctions compliance program under its DPA; that agreement has already been extended twice, as the monitor has found supposed remedial efforts inadequate.

— U.S. authorities last year alleged in civil and criminal charges that Chinese handset maker ZTE illegally shipped telecommunications equipment to Iran and North Korea. ZTE was also charged with obstruction for making false statements to the US. Commerce Department and destroying export records.

ZTE paid $1.19 billion in penalties to settle the 2017 case and promised to fire four senior employees and discipline 35 others by reducing their bonuses or reprimanding them.

In April, the Commerce Department said ZTE had not disciplined the 35 employees. Instead it “paid full bonuses to employees that had engaged in illegal conduct, and failed to issue letters of reprimand.”

The United States then revoked the business’ export privileges so ZTE was unable to get the parts manufactured in the United States that it needed to make its handsets. That caused the business to end its operations.

In exchange for reinstating U.S. exports, ZTE paid a $1 billion fine, reconstituted its board and accepted a U.S.-appointed compliance department. ZTE also paid an additional $400 million that it would receive back if it honors its promises.

— In June, OFAC announced a $145,893 settlement agreement with telecommunications firm Ericsson to settle its potential civil liability for an apparent violation of OFAC’s Sudanese sanctions regulations.

The violation involved employees of Ericsson units conspiring together and with employees of a third company to export and reexport a satellite hub from the United States to Sudan and to export and reexport satellite-related services from the United States to Sudan.

OFAC determined that the businesses voluntarily self-disclosed the apparent violation. But it also termed the violation egregious , because the employees conspired specifically to evade a U.S. embargo on Sudan, they ignored repeated warnings from the Ericsson’s compliance department, and at least one employee was a manager.

— HSBC Holdings Plc in 2012 paid a $1.9 billion settlement for helping Mexican drug cartels launder money and for breaching international sanctions by doing business with Iran.

HSBC agreed to cooperate with the U.S. Justice Department in return for not losing access to some of its most lucrative institutional banking activities in the United States.

The bank was also put under the supervision of an external monitor, Michael Cherkasky, who said in a report early in his monitorship that there had been resistance from senior managers at the investment bank.

HSBC purchased new technology and significantly increased its compliance team worldwide. The deferred prosecution agreement it signed with the Justice Department ended in December 2017, signaling the department’s satisfaction with the bank’s compliance enhancements.

STRONG SANCTIONS COMPLIANCE PROGRAMS DESIRED

The use of sanctions by the United States government has been significant in recent years.

Law firm Gibson Dunn noted in a sanctions update for 2017{here} that former U.S. President Barack Obama's administration had sharply increased its additions to sanctions lists by his last year in office, and President Donald Trump had added nearly 1,000 people, companies and entities during 2017 alone.

The Sectoral Sanctions Identifications List (SSI List) also adds complexity to the sanctions compliance landscape. In July 2014, OFAC created the SSI List under an executive order authorizing sanctions against specific sectors of the Russian economy. The list has endured as a sanctions program that targets discrete areas of another country’s economy, such as its energy, mining, and defense sectors, while allowing transactions in other sectors.

The sheer number of sanctions, their variety, and their constant evolution makes sanctions compliance time-consuming, costly and difficult.

Companies are spending considerably to help the United States achieve national security and foreign policy goals through sanctions. Senior management and directors must make sure the company has an adequate sanctions-compliance program as well as oversight and testing to meet legal and regulatory mandates. The efforts also help avoid bad publicity that can be costly even if penalties from authorities are low.

Executives and board members must also ensure there are adequate resources for the creation of an effective program and they must play a part in monitoring the organization’s risk profile through an appropriate board committee.

Based on the findings of a 2017 survey by AlixPartners, however, it seems many boards are falling short in achieving this goal.

Out of 361 financial institutions that participated in the global anti-money laundering and sanctions compliance survey, 20 percent of the institutions indicated that they “do not provide AML (anti-money laundering) and sanctions compliance training for their boards of directors or are unaware whether their boards are being briefed on AML and sanctions matters.”

Sanctions screening technology can help compliance professionals by parsing data and creating alerts that streamline the searching functions. The data will pertain to customers, vendors, partners and agents, so the technology must be able to handle growing data feeds and changing search parameters, without getting tripped up by similarities in names of people, places or entities.

An alert should stop the transaction and alert the end user. But this is where human judgment plays the ultimate role, by identifying false positives or even detecting where a deeper examination is warranted to purse other financial crimes.

Controls built around the sanctions technology, such as the settings of the screening software, should be consistent with the risk approach of the business and periodically updated. Building a process to handle each type of alert and match takes time.

The sanctions compliance program also must have a regular top-to-bottom review, at least annually, with results of the testing sent to upper management and the board.

An annual risk assessment must precede this program review, however so the business determines its sanctions risks first and then builds around them.

One challenge for compliance teams is embedding sanctions information into a business’s systems and workflows. Besides technology, trained staff, defined roles, escalation processes and technical scalability are needed to make the sanctions controls truly helpful.

Furthermore, identifying the persons and entities that reside on the U.S. sanctions list is tough enough, but global businesses must also know which parties reside on the sanctions lists of other governments, as they will have to answer to them for transgressions.

(Julie DiMauro is a regulatory intelligence expert for Thomson Reuters Regulatory Intelligence, based in New York. Follow Julie on Twitter @Julie_DiMauro. Email Julie at julie.dimauro@thomsonreuters.com.)

This article was produced by Thomson Reuters Regulatory Intelligence and initially posted on Oct 12. Regulatory Intelligence provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Regulatory Intelligence compliance news on Twitter: @thomsonreuters

0 : 0
  • narrow-browser-and-phone
  • medium-browser-and-portrait-tablet
  • landscape-tablet
  • medium-wide-browser
  • wide-browser-and-larger
  • medium-browser-and-landscape-tablet
  • medium-wide-browser-and-larger
  • above-phone
  • portrait-tablet-and-above
  • above-portrait-tablet
  • landscape-tablet-and-above
  • landscape-tablet-and-medium-wide-browser
  • portrait-tablet-and-below
  • landscape-tablet-and-below