OFAC’s 50 Percent Rule Checklist: Seven Common Violations Exposed04.08.2019
In 2008, the OFAC 50 Percent Rule was introduced to prevent money laundering through entities owned by Specially Designated Nationals (SDNs). The rule sets guidance surrounding SDNs that “have an interest in all property and interests in property of an entity in which it owns, directly or indirectly, a 50% or greater interest.”
The rule—along with revisions made in 2014—appears straightforward at first glance. Complying with the rule, however, is quite complicated—namely because OFAC doesn’t publish a list of majority SDN-owned entities. That leaves the brunt of the legwork to financial institutions’ compliance teams.
The ambiguity surrounding compliance with OFAC’s 50 Percent Rule has caused trouble for many financial institutions in recent years, and credit unions must take stock of these regulatory mishaps. Here are seven common ways credit unions can unknowingly violate OFAC’s 50 Percent Rule:
1. Fifty percent ownership by one or more SDNs.
In 2016, Barclays Bank was fined $2.4 million by OFAC for violating the 50 Percent Rule. According to the OFAC enforcement action against Barclays, the activity took place between 2008 and 2013 and involved 159 transactions with an entity that was “owned 50 percent or more, directly or indirectly, by a person identified” on the OFAC SDN list.
Despite multiple attempts by the bank to improve its OFAC compliance program, Barclays’ screening system “had several limitations” and its “Know Your Customer (KYC) procedures were ambiguous and difficult to follow with respect to the requirement to identify related parties and/or beneficial owners of corporate customers.” This case illustrates the difficulty financial institutions face in following this rule—even if they’ve taken steps to improve their screening program.
2. SDN-controlled entities.
ExxonMobile was recently tripped up by the rule, to the tune of $2 million. According to OFAC’s enforcement action against the energy giant, ExxonMobile entered into eight business agreements—with an entity that was not on the SDN List—that were signed by a Russian oligarch who was on the SDN List. In regard to its 50 Percent Rule, OFAC specifically states that, “U.S. persons should be careful when conducting business with non-blocked entities in which blocked individuals are involved.” Further, they may not “enter into contracts that are signed by a blocked individual.”
3. Significant but non-majority ownership by an SDN.
According to the 50 Percent Rule, credit unions can do business with an entity having a 49 percent ownership by one or more SDNs … right? Technically, yes, but such practices are not advised. OFAC “urges caution” whenever an SDN has significant ownership of an entity under 50 percent, although it does not provide a specific number. OFAC notes that, “such non-blocked entities may become the subject of future designations or enforcement actions by OFAC.”
4. Russian-based entities.
Due to recent cyber and geopolitical cyber activity, doing business associated with or located in Russia increases OFAC risk. In April 2018, OFAC designated sanctions on seven Russian oligarchs, 12 Russian companies owned or controlled by those oligarchs, 17 senior Russian government officials and a state-owned entity and its subsidiary.
However, not all Russians entities and persons designated for sanctions have been placed on the SDN list, which further complicates OFAC compliance.
5. Vendor violations.
Vendors present yet another opportunity for credit unions to trip over OFAC’s 50 Percent Rule. Third-party vendor activities fall under the same regulatory scrutiny, increasing the risk of non-compliance. OFAC’s Cyber-Related Sanctions Program specifically mentions the 50 Percent Rule, and the FFIEC’s recent Joint Statement on the same warns that, “continued use of products and services from a sanctioned entity may cause the financial institution to violate OFAC sanctions.”
6. Majority-owned by a sanctioned government.
Credit unions also should be on the lookout for entities that are majority-owned by a country or government that is subject to a sanctions program.
A French bank recently fell victim to this violation. In November 2018, Société Genéralé was fined $54 million for activity between 2007 and 2012 that included conducting business with a majority-owned company of the government of Sudan.
7. Past violations.
While it’s good to take a proactive stance on preventing violations of the OFAC 50 Percent Rule, it’s equally important to address previous violations, because institutions still can be penalized for past actions.
If your credit union is aware of a violation that occurred in the past, it’s important to self-disclose that violation to OFAC. Failure to do so will certainly increase the amount of an imposed fine.
Incorporate OFAC’s 50 Percent Rule into Your Compliance Program
It’s best for credit unions of every size to ensure they are always in line with this tricky regulation. Here are some ways your credit union can effectively handle that burden:
- Conduct routine risk assessments of your OFAC exposure
- Review member onboarding and ongoing due diligence policies and procedures to ensure that entity ownership is initially identified and continually monitored for changes
- Review third- and fourth-party vendor management policies and procedures, specifically to include an assessment of their OFAC exposure and compliance programs
- In addition to screening entity names against the SDN List, screen entity officers, directors and contract signatories of both members and vendors
- Upgrade your watch list screening process to cross-reference a database, such as the Dow Jones SOR list, that identifies entities owned by sanctioned persons or jurisdictions
Amber Goodrich is compliance strategist for CSI Regulatory Compliance. She is also a certified anti-money laundering specialist (CAMS) and a certified regulatory compliance manager (CRCM).