If you were to look up “sanctions expert” in the dictionary, you would see Tim White’s picture. For decades, the anti-money laundering (AML) community has seen, heard or worked with White who is now AML RightSource’s vice president of business development and sanctions. White has spent decades on sanctions and AML issues covering technology, policies and of course the challenges of implementation. He has spoken before United Nations (U.N.) committees, many international programs, a whole host of conferences and seminars, and trained regulators, law enforcement and other parts of the AML community. Most importantly, he has never hesitated to assist anyone with a question or concern about sanctions. White and John Byrne spoke recently about the current state of this essential area of financial crime prevention.
John Byrne: Sanctions were not considered a part of AML for many years but that has changed. Why?
Tim White: That is correct. During the early years of my involvement in sanctions, there were only five questions in the 1996 Bank Secrecy Act Examination Manual. At the time, only the large U.S. banks actually addressed sanctions. Post 9/11 there was a sea of change. The Office of Foreign Assets Control (OFAC) and Federal Financial Institutions Examination Council (FFIEC) bank agencies executed a memorandum of understanding in 2005. This allowed for a risk-based approach to OFAC compliance and its inclusion in the new anti-money laundering/ Bank Secrecy Act (AML/BSA) examination manual. Now all financial institutions (FIs) and many corporations are onboard, even the car dealerships.
JB: Sanctions are certainly the national security tool of choice. Is that accurate?
TW: Absolutely. Sanctions are being used more readily by both Congress and the executive branch. A couple of examples would be Congress passing the Comprehensive Iran Sanctions, Accountability, and Divestment Act (CISADA) during the Obama administration, which effectively isolated the Central Bank of Iran and banks owned by the Iranian state from the international banking community (no access to the SWIFT banking system). It also introduced the very powerful concept of secondary sanctions (sanctions imposed on entities that conduct business with sanctioned entities—in this case, Iran) for circumvention of sanctions. Similarly, President Trump issued executive orders in late 2017 ratcheting up sanctions against North Korea to higher levels than when they were sanctioned under the Trading With The Enemy Act (TWEA). This was in conjunction with the U.N. sanctions against North Korea several weeks prior. Most recently, Congress passed the Countering America’s Adversaries Through Sanctions Act (CAATSA) to push the Trump administration to be tougher on Russia.
JB:What is the biggest difference on the use of sanctions between Trump, Obama and previous administrations?
TW: All of the administrations since I have been involved in sanctions (1993) have utilized sanctions. Each subsequent administration has utilized financial sanctions more than the previous one. In my opinion, the biggest difference in the utilization of sanctions between the Obama administration and the Trump administration is most of Obama’s executive orders related to sanctions had multilateral support. This was particularly true with the European Union (EU) in the Iranian Joint Comprehensive Plan of Action (JCPOA) nuclear agreement and the sectoral sanctions against Russia. The Trump administration has also administered multilateral sanction programs, specifically against North Korea as previously noted and most recently against Venezuela. However, in stark contrast, the Trump administration has unilaterally implemented some of the most stringent sanctions against Iran as well as rolled back elements of the general license programs that Obama had implemented under the Cuban Assets Control Regulations. The Cuban sanctions have all been unilateral actions as the U.S. is the only country with sanctions against Cuba. Arguably the greatest contrast between Obama and Trump’s utilization of sanctions is the Trump administration’s high profile threat of secondary sanctions on the rest of the globe should they choose to deal with Iran. The recent “snapback” of Iranian sanctions are not only unilateral but have also created an adversarial relationship with all of our other trading partners.
JB: How would you describe the coverage of sanctions, to whom does it apply?
TW: Any U.S. citizen in the U.S. or outside the country, any individual in the U.S. and in many cases U.S. subsidiaries in foreign locations (sanctions coverage for U.S.-owned/controlled foreign entities and subsidiaries are often addressed via general licenses, e.g., Trump’s revocation of General License H related to Iran). But there are some gray areas. To date, I would estimate that 90% of compliance responses have been by FIs, but we are seeing a greater push into other business sectors: transportation, aviation and shipping to name a few. In addition, I believe it is noteworthy to point out that the Department of Commerce can initiate enforcement actions for violations of the Export Administration Regulations. There appears to be a convergence of the Department of the Treasury and the Department of Commerce. The high-level way to look at this convergence is that OFAC covers the financial aspects of the transaction and the Department of Commerce covers the goods and services aspect of the transaction (Export Administration Regulations). Covered FIs must have a program for OFAC sanctions compliance but not for the Department of Commerce regulations. That may change, particularly with the focus on dual-use goods and weapons of mass destruction.
JB: What about enforcement actions? What can the financial sector learn from recent OFAC enforcement actions?
TW: The recent OFAC compliance framework also mentions the need to learn from enforcement actions.1 Arguably, the biggest lesson to be learned—and reiterated over and over in the new framework guidance—is “tone at the top.” Senior management must be supportive of the sanctions compliance program by providing adequate resources and so on.
I want to disabuse people from the fear that OFAC will hammer violators with heavy fines—something that previous OFAC staff tried to frighten the financial community with whenever they spoke. OFAC enforcements are designed to affect remediation. For the small FIs that are mostly low risk, OFAC will likely send a cautionary letter as opposed to heavy fines for minor mistakes. A solid understanding of the general factors that OFAC considers when issuing an enforcement action alleviates the majority of the fear factor, provided you are conscientious about being in compliance.
JB: In the various enforcement actions, the most surprising ones were where wire information was stripped. As a sanctions expert, what are your views on these dramatic violations?
TW: All of the enforcement actions for stripping were warranted, even those for multibillions of dollars. The case was made that there was systemic, willful, egregious and reckless behavior over a lengthy period of time for each enforcement action. Fundamentally, stripping is the intentional removal or obfuscation of information in a payment instruction in order to allow it to go through, despite sanction prohibitions. The first major “stripping” enforcement case was in 2006 on ABN AMRO Bank, but there were other FIs involved (European institutions). ING actually had a codebook on how to avoid detection. On a related issue, this is a good time to explain to folks confused about what seems like the extraterritorial reach of OFAC. Basically, 85-95% of worldwide international transactions are done in U.S. dollars. Those transactions need to clear and settle through accounts in the U.S. Therefore, our authority is simply to kick FIs out of the U.S. by revoking their banking charter. I think that distinction needs to be made.
JB: Were there any repercussions for those in charge that allowed this to happen?
TW: Against the banks, yes. But there were no prosecutions against individuals, even though it was egregious behavior. BNP pled guilty to a felony and was banned from doing business in the U.S. for one year.
Arguably, the biggest lesson to be learned— and reiterated over and over in the new framework guidance—is “tone at the top”
JB: Let us look at the following specific sanctions programs: Venezuela, Iran, North Korea and Russia. Give us your thoughts on each.
TW: The Venezuelan sanctions are similar to the Libyan II sanctions and against the Nicolas Maduro regime, not the people of Venezuela. Kleptocracy and human rights are the focus.
For Iran, when Trump got out of the JCPOA, he reinstated all previous Iranian sanctions. No waivers on purchases of Iran oil were allowed to remain except for Iraq. We then threatened our European partners with secondary sanctions; if you do business with Iran, you are likely to be sanctioned from doing business with the U.S., but this has not happened yet. What is also noteworthy is that the EU has passed blocking statutes that threaten lawsuits against European companies if they follow the U.S. sanctions programs.
North Korea is probably the strongest sanctions program but very few entities have been “Specially Designated” as of yet. The structure is there and a number of non-North-Korean entities have been slapped with secondary sanctions.
The majority of Russia sanctions programs are “sectoral sanctions.” These sanctions are a surgical approach and are intended to prevent new debt and equity funding to the energy, financial and defense sectors of the Russian economy. This has had a dramatic effect on Russian oligarchs. This surgical approach was required because broad sanctions against the large Russian economy would have had a significant adverse impact on the global economy.
JB: How about some practical advice on OFAC-related examinations. What is the biggest challenge regarding regulatory exams?
TW: Make sure your OFAC program and senior management’s support of it aligns with the new program guidance issued by OFAC: A Framework for OFAC Compliance Commitments (May 2, 2019). Secondly, understand your OFAC technology and what lists you need! Before your BSA or OFAC exam, send a request to your OFAC software vendors and ask for all of the information about the interdiction system you are using. Outline what it is doing, be specific and do not just say OFAC filtering (i.e., screens against Specially Designated Nationals, the Consolidated Sanctions List and country programs). Understand specifically what lists are being used (get it in writing from the vendors) as well as answers to the following questions: What type of logic does it use; what type of settings does it have; what settings are you using and why? You need to be able to explain this to the examiners.
Sanctions can be complex, so we need our examiners to be highly trained on the intricacies of the various sanctions programs including their general licensing provisions
Clearly, the biggest challenge is staying current on the numerous sanctions programs and their many changes—specifically Venezuela, Iran and Russia. Be cognizant of all the recent guidance from OFAC, the Financial Crimes Enforcement Network and Wolfsberg. Equally important is being able to communicate effectively that you have an accurate OFAC risk assessment and a program that is reasonably designed to mitigate and manage the sanctions risk you have
JB: Who examines banks for their OFAC programs and is there any impact on financial access because of OFAC compliance? What do your peers say about examinations?
TW: Examination is done by the FFIEC examiners within the BSA/AML environment (a component of safety and soundness examinations). Sanctions can be complex, so we need our examiners to be highly trained on the intricacies of the various sanctions programs including their general licensing provisions. This will enable them to execute a more accurate risk-based examination process. Sadly, all too often the examiners use the same exam criteria for large high-risk institutions and small low-risk institutions and that makes no sense. In doing so, they are causing institutions to waste resources that could be applied to the detection of other financial crimes to which they are more likely to be exposed. Regulatory examination for sanctions certainly comes with unintended consequences, one of those being a negative impact on financial access for nongovernmental organizations (NGOs), nonprofit organizations (NPOs) and foreign charitable organizations. Most notably, many FIs are extremely hesitant to execute transactions for NGOs related to humanitarian efforts in conflict zones, even though these types of transactions are authorized for several sanction programs via general licenses. These types of transactions raise an FI’s BSA/AML risk profile for both sanctions and terrorist financing and rightly so, thus the reluctance. The issue of financial access and de-risking, as you know because you are involved, is being worked on by the Association Certified Anti-Money Laundering Specialists (ACAMS) and the World Bank (Banking Nonprofit Organizations—The Way Forward).2 It is also critical to note that many sanctions professionals are extremely frustrated and wasting resources because the examinations agencies have not established logical risk-based interdiction testing standards. This is another side effect of inadequate training.
JB: We have produced a paper3 specifically to address the need for FIs to bank NPOs and the regulators need to learn from that and from what you say regarding the general licenses.
TW: : I know general licenses can be both tricky and complex, but we all need to educate ourselves in order to utilize all of our sanctions options.
JB: Where do you see the sanctions regime five to 10 years from now?
TW: For one, an exponential increase in the technology being utilized by sanctions interdiction systems that will enable multiple levels of filtering through the utilization of artificial intelligence. In addition, this technology will be applied to the majority of all corporate business transactions, not just those within FIs.
One more thing I want to mention, there is a huge demand for compliance professionals with sanctions expertise and ACAMS is addressing this need by creating the industry’s most comprehensive sanctions training and certification program: the Certified Global Sanctions Specialist (CGSS) Certification. It is an exam-based certification focused on sanctions compliance that will be available to take in January 2020.
Interviewed by: John J. Byrne, CAMS, vice chairman, AML RightSource, Centreville, VA, USA, jbyrne@amlrightsource.com
- “A Framework for OFAC Compliance Commitments” Office of Foreign Assets Control, https://www.treasury.gov/resource-center/sanctions/Documents/framework_ofac_cc.pdf
- “Banking Nonprofit Organizations—The Way Forward,” ACAMS and Charity & Security Network, June 2019, https://www.charityandsecurity.org/system/files/ACAMS Financial Access Paper - Updated.pdf
- Ibid.