OFAC Fines Foreign Bank for Violating 50 Percent Rule

February 9, 2016 Advisory

The U.S. Department of Treasury's Office of Foreign Assets Control ("OFAC") continued Monday, February 8, 2016, to direct the weight of its enforcement power at foreign banks, this time entering into a $2,485,890 settlement with United Kingdom banking giant Barclays Bank Plc ("Barclays") for apparent violations of the Zimbabwe Sanctions Regulations, 31 C.F.R. part 541 ("ZSR"). Specifically, OFAC cited Barclays for allegedly processing through U.S. financial institutions 159 U.S. dollar transactions totaling $3,375,617 on behalf of Barclays Bank of Zimbabwe Limited ("BBZ") customers that were 50 percent or more owned by Industrial Development Corporation of Zimbabwe ("IDCZ"), an entity that OFAC designated in 2008 as a Specially Designated National ("SDN").

The enforcement action against Barclays turns on OFAC's so-called 50 Percent Rule, under which the property and interests in property of an entity that is directly or indirectly owned 50 percent or more by one or more SDNs is also deemed to be be blocked, even though the entity may not itself appear on OFAC's SDN list. In other words, companies must comply both with the SDN list and with an invisible or shadow list made up of entities fully or partially owned by SDNs. OFAC's guidance on this topic is available here and related FAQs are here.

Enforcement actions premised on the 50 Percent Rule are rare and OFAC's notice regarding the Barclays settlement implicitly acknowledged the difficulties of complying with its shadow list, citing as a mitigating factor that the prohibited entities were not publicly identified on the SDN list at the time of the transactions. Nonetheless, OFAC firmly reasserted the expectation, previously stated in its FAQs, that financial institutions will collect the ownership structure information necessary to comply with the 50 Percent Rule, in cases where the institution has a direct customer relationship with the entity. For certain transactions, such as a wire transfer, OFAC has said it would not expect a bank to research non-account parties that do not appear on the SDN list and would not pursue an enforcement action against the bank for processing a blocked transaction provided that the bank is operating solely as an intermediary, has no direct relationship with the non-account party, and does not know or have reason to know the entity's ownership or other information demonstrating blocked status. However, OFAC has left its options open for other situations where a bank is acting solely as an intermediary and fails to block transactions involving a sanctions target, saying it "will consider the totality of the circumstances surrounding the bank's processing of the transaction … to determine what, if any, enforcement action to take."

OFAC also fired a warning shot regarding the perils of missed opportunities to improve a compliance program and failed corrective actions, citing as aggravating factors that Barclays failed to implement adequate controls to prevent the apparent violations despite numerous warning signs and that multiple business lines and personnel had actual knowledge or reason to know of the conduct that led to the apparent violations. To support these findings, OFAC recounted a series of misadventures beginning in 2005, when Barclays implemented an electronic system that inadvertently prevented BBZ from accurately capturing ownership information because it could not store information about related parties, such as an ultimate beneficial owner, even when that information appeared in BBZ's paper file. According to OFAC, Barclays attempted to fix this problem in 2007 and 2009, but the remedial measures either did not permit BBZ to identify all beneficial owners or were so cumbersome that they were not properly used. In 2011, Barclays recognized the weaknesses in BBZ's practices and, as part of a remediation effort, updated BBZ's paper files with information showing IDCZ's ownership of one customer, but then failed to include the updated information in the electronic customer system used for sanctions screening. In 2012, after other financial institutions blocked certain transfers, Barclays conducted an internal investigation which confirmed IDCZ-ownership of a BBZ customer; however, that information did not make it into the system used for sanctions screening in a timely or accurate manner, leading to three additional transactions that were ultimately blocked by other U.S. financial institutions.

As every internal investigator knows, development and implementation of corrective actions is often a tremendous challenge, with many interested parties and multiple moving pieces; OFAC's account of Barclays' series of unfortunate events is a salutary reminder of the imperative to: (1) act promptly and effectively to address known weaknesses in your OFAC compliance system; (2) develop remedial measures thoughtfully, with business input to ensure that they are feasible and effective; and (3) track remedial measures to completion and audit to ensure that they are being sustained.

Notably, despite finding awareness of the conduct, noting that Barclays is a large and commercially sophisticated entity, and determining that the transfer of $3,375,617 caused harm to the sanctions program and its associated policy objectives, OFAC deemed the apparent violations non-egregious. OFAC gave mitigation credit for Barclays' substantial cooperation, making particular note of the "detailed and organized information" it provided during OFAC's investigation and the fact that it executed both a statute of limitations tolling agreement and an extension to that agreement. As noted above, OFAC also took account of the fact that the prohibited entities were not included on the SDN list at the time of the transactions. In the end, despite determining that Barclays did not voluntarily self-disclose the violations, OFAC imposed a penalty equal to just under 50% of the $5,029,000 base penalty amount.