Deutsche Bank Settlement with OFAC Highlights Risk of Insufficient Due Diligence and Screening

by John F. Curran, Jacob Gardener, and Christopher Dioguardi

On September 9, Deutsche Bank Trust Company Americas (“Deutsche Bank”) agreed to pay the U.S. Department of Treasury’s Office of Foreign Assets Control (“OFAC”) $583,100 to settle potential civil liability for apparent violations of the Ukraine-Related Sanctions Regulations.  The settlement, which resolved two types of apparent violations involving two different entities on OFAC’s List of Specially Designated Nationals and Blocked Persons (“SDNs”), underscores the importance for banks to effectively screen transactions and diligently investigate red flags in order to avoid processing payments involving SDNs.  It also highlights the value of taking prompt remedial action and fully cooperating with OFAC once an apparent violation is discovered.        

Deutsche Bank’s Apparent Violation Involving the Processing of a Transaction with Reason to Know of an SDN’s Potential Interest  

In August 2015, Deutsche Bank processed a $28.8 million transfer of funds through the U.S. related to a series of fuel oil purchases in which an SDN named IPP Oil Products (Cyprus) Limited (“IPP”) had an interest.  Under OFAC regulations, transactions involving property or interests in property of SDNs such as IPP are prohibited. 

On the day of the transaction, a lawyer for one of the parties to the fuel oil purchases contacted Deutsche Bank, indicated that the payment had to be processed that day in order to meet a strict deadline, and assured the bank that although IPP had some past involvement in the purchases, IPP had transferred title to the fuel oil before being placed on the SDN List.  Deutsche Bank personnel apparently accepted counsel’s assurances without independent corroboration and processed the payment almost immediately without following up on information suggesting that IPP may have had a continuing interest in the transaction (OFAC’s enforcement release does say what that information was).

The statutory maximum civil monetary penalty applicable to this apparent violation was $57.7 million.  However, under OFAC’s Economic Sanctions Enforcement Guidelines, the penalty assessed is primarily driven by two considerations: whether the apparent violation is voluntarily self-disclosed and whether it is non-egregious.  Both lower the base penalty amount below the statutory maximum.  Egregiousness is based on an analysis of ten “general factors,” the most salient of which are the willfulness and recklessness of the conduct at issue, the apparent violator’s awareness of that conduct, the harm to the sanctions program objectives, and the individual circumstances and characteristics of the apparent violator. 

Here, Deutsche Bank did not voluntarily self-disclose the apparent violation.  Fortunately for it, however, OFAC deemed the conduct at issue non-egregious.  Because of that, and the fact that the value of transaction exceeded $170,000, the base penalty for the apparent violation under the Guidelines was $250,000. 

After weighing a number of aggravating and mitigating factors, OFAC agreed to settle the apparent violation for $157,500.  On the aggravating side of the scale, OFAC noted that Deutsche Bank is a large and commercially sophisticated financial institution and that its senior compliance staff and legal personnel were involved in the transaction and failed to exercise a minimal degree of caution or care.  However, OFAC pointed to several factors in Deutsche Bank’s favor.  Most notably, OFAC noted that Deutsche Bank processes a large volume of payments; had not received a penalty notice or Finding of Violation from OFAC in the five years preceding the IPP transaction; maintained an OFAC compliance program at the time of the transaction; took remedial action in response to the apparent violation by committing to review with its U.S. sanctions compliance unit the circumstances of the apparent violation and, as necessary, conduct additional training and implement changes to the bank’s internal procedures; and cooperated with OFAC’s investigation, including by submitting detailed and well-organized information to the agency.

Deutsche Bank’s Apparent Violations Involving Repeated Screening Failures

Nearly five months after the IPP transaction, Deutsche Bank processed another 61 transactions involving a different Ukraine-related SDN.  Specifically, from December 22-30, 2015, Deutsche Bank facilitated the transfer of over a quarter-million dollars to accounts with Open Joint Stock Company Krasnodar Regional Investment Bank (“Krayinvestbank”), a financial institution on the SDN List.

Deutsche Bank failed to stop the 61 payments because: (1) contrary to its internal procedures, it did not upload Krayinvestbank’s Society for Worldwide Interbank Financial Telecommunication Business Identifier Code (“BIC”) to its sanctions screening tool; and (2) Deutsche Bank’s screening tool was calibrated so that only an exact match to an SDN would trigger further manual review (meaning even de minimis changes or typographical errors would evade detection).  Despite each payment containing Krayinvestbank’s BIC and an almost identical match to Krayinvestbank’s name and address, all of which were included on the SDN List, Deutsche Bank processed the majority of the payments on a straight-through basis without manual intervention.

As with the apparent violation involving IPP, the apparent violations involving Krayinvestbank were neither self-disclosed nor deemed egregious.  Accordingly, OFAC calculated a Guidelines base penalty amount of $640,000 (again, far below the applicable statutory maximum penalty, which was $18 million).  OFAC agreed to settle these apparent violations for $425,600.  In explaining this figure, OFAC noted that, to Deutsche Bank’s credit, the bank did not appear to have acted willfully or recklessly and no supervisory or managerial bank staff appeared to have been aware of the conduct at issue.  OFAC also commended Deutsche Bank for quickly implementing changes to its procedures for adding BICs to its interdiction filter and for cooperating with OFAC’s investigation by providing well-organized and user-friendly information in a prompt manner.  However, OFAC faulted Deutsche Bank for the fact that, in 2013, the bank had settled a nearly identical apparent violation for failing to include the BIC of an SDN in its interdiction filter.

Takeaways

Deutsche Bank’s settlement with OFAC offers at least four important lessons.  First, OFAC expects financial institutions to take steps to independently corroborate representations made to them in order to ensure that SDNs do not have a present, future, or contingent interest in transactions they are asked to process, regardless of time sensitivity.  That is especially true for large, multi-million-dollar payments, which pose a heightened threat to the U.S. sanctions regime.  Second, it is not enough for financial institutions to have robust internal compliance procedures (such as Deutsche Bank’s inclusion of BICs in its sanctions screening tool) – they must also diligently follow those procedures.  Third, screening tools calibrated to detect only exact matches to SDNs are bound to miss unlawful transactions.  Although such rigid calibration may limit manual review of false positives, the efficiency savings do not justify the significant compliance risk of not identifying a sanctioned entity.  And fourth, OFAC is willing to show leniency towards those who cooperate with its investigations and take prompt remedial action to address compliance failures.   

John F. Curran is a partner, and Jacob Gardener and Christopher Dioguardi are associates, at Walden Macht & Haran LLP.

Disclaimer

The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of New York University School of Law.  PCCE makes no representations as to the accuracy, completeness and validity of any statements made on this site and will not be liable for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with the author.