An FAQ on OFAC Basics
The mere mention of the Office of Foreign Assets Control (OFAC) can strike fear into the hearts of some credit union compliance professionals. Violations of OFAC sanctions are a strict liability offense – meaning that a violation occurs even if it was unintentional or if the credit union operated in good faith. In addition, there is no way to “cure” an OFAC violation. Given the relatively high stakes involved, it is not surprising that a credit union may want to mitigate its OFAC compliance risk as much as possible.
With that in mind, here are some frequently asked questions relating to OFAC compliance:
Is an OFAC check required? Are any other actions required?
The NAFCU Compliance Team often receives questions asking if a credit union is required to run an OFAC check in certain circumstances. The OFAC regulations and applicable federal laws do not actually require a credit union to run an OFAC check at any point. However, they do require a credit union to avoid engaging in transactions with sanctioned individuals or entities. OFAC requires credit unions to :
- “Block accounts and other property of specified countries, entities and individuals
- Prohibit or reject unlicensed trade and financial transactions with specified countries, entities and individuals;” and
- Report blocked assets and keep records of blocked transactions.
This OFAC FAQ explains what those terms mean – blocking an account requires the credit union to place the funds into an interest-bearing account “from which only OFAC-authorized debits may be made.” The interest rate must be commercially reasonable. As for “rejecting” a transaction, the Treasury Department explains that some transactions do not involve a “blockable” interest from a person or entity on the SDN list or a foreign government but may implicate OFAC sanctions – and therefore the transaction should be rejected and not processed.
Running an OFAC check, while not required by the OFAC regulations, is one tool for credit unions to use when determining if a transaction needs to be rejected or accounts need to be blocked. Credit unions will need to make a risk-based decision as to when to run OFAC checks to mitigate the risk of engaging in prohibited transactions. Additionally, how to conduct the check – such as manually checking OFAC’s Specially Designated Nationals (SDN) list or simply hiring a vendor to run OFAC checks – will be a business decision for the credit union to make.
While OFAC checks are not required by OFAC regulations, the National Credit Union Administration (NCUA) has supervisory authority to examine federally insured credit unions for OFAC compliance. Thus, the NCUA guidance on this topic will also be an important resource for credit unions when crafting a risk-based OFAC compliance program. As explained below, NCUA tends to suggest OFAC checks should be conducted in most situations.
Which account types or individuals should be subject to an OFAC check?
The FFIEC BSA/AML Examination Manual states that the extent to which other parties should be included in OFAC checks or reviews will be a risk-based decision: “[T]he extent to which the bank includes account parties other than accountholders (e.g., beneficiaries, guarantors, principals, beneficial owners, nominee shareholders, directors, signatories, and powers of attorney) in the initial OFAC review during the account opening process, and during subsequent database reviews of existing accounts, will depend on the bank’s risk profile and available technology.”
However, this 2006 OFAC Compliance Review Report, while not imposing any official regulatory requirements, summarizes the NCUA’s guidance on this topic and states: “credit unions must check the names of all parties to a transaction (i.e. beneficiaries, collateral owners, cosigners/guarantors, receiving/sending parties) against the SDN list” (emphasis added).
The guidance also states that all types of member transactions should be reviewed for compliance, including: “share accounts, loans and loan payments, credit cards, letters of credit, lines of credit, safety deposit boxes, wire and ACH transfers, currency exchanges, depositing and cashing checks, money orders or traveler’s checks, and trust accounts.”
As mentioned above, these are agency supervisory expectations rather than formal regulatory requirements, but a credit union may want to take this guidance into account when crafting its risk-based OFAC compliance program.
What if the credit union can’t run an OFAC check before opening the account?
The NCUA’s AIRES Questionnaire (used by NCUA Examiners) addresses this topic. It asks examiners to consider: “Does the credit union compare new accounts with the OFAC prohibited listing when opening new accounts and/or performing a new transaction?”
While that may seem like the NCUA requires a credit union to run the OFAC check before the account is opened, the questionnaire includes a note from NCUA that says:
“The credit union should compare new accounts with the list of Specially Designated Nationals and Blocked Persons (SDN list) published by OFAC. While a credit union should not open an account for a person named on the SDN list, OFAC understands it may not be operationally possible to check the SDN list before opening accounts. Therefore, OFAC has agreed that a credit union may open an account and accept an initial deposit before checking the SDN list, as long as the SDN list is checked before any transactions are allowed on the account. Please note that a credit union cannot provide cash back on the initial deposit, if the SDN list has not been checked. See the FFIEC BSA/AML Manual for further discussion.”
(emphasis added).
Thus, it seems that NCUA examiners may look at whether the credit union ran an OFAC check before opening the account, and if not, whether the credit union allowed any transactions on the account before running the OFAC check. Additionally, the NCUA guidance notes that if a credit union does become aware that the account is owned by someone on the SDN list, then the credit union is required to block the property, such as blocking an initial deposit that had been accepted at account opening.
About the Author
Nick St. John, NCCO, NCBSO, Director of Regulatory Compliance, NAFCU
Nick St. John, was named Director of Regulatory Compliance in August 2022. In this role, Nick helps credit unions with a variety of compliance issues.