Communications Litigation Today was a Warren News publication.

American Express' Faulty Screening System Led to Sanctions Violations, OFAC Says

American Express violated U.S. sanctions when it processed about $35,000 worth of transactions for a designated person in 2015, the Treasury’s Office of Foreign Assets Control said April 30. OFAC issued a “finding of violation” for American Express Travel Related Services Company but did not impose a fine.

American Express processed 41 transactions for Gerhard Wisser, a Specially Designated National, due to mistakes made by a company employee and a faulty sanctions screening system, OFAC said. Although American Express rejected Wisser’s application “multiple” times when he applied for an American Express card at a foreign bank, the foreign bank made several “additional attempts” to submit his application, “which eventually led the risk engine to time out” and “triggered the application to be automatically approved,” OFAC said.

After the application was mistakenly approved, it underwent a manual review by an American Express compliance analyst, who “incorrectly determined” that Wisser was not an SDN, the agency said. The company placed Wisser on its “Accept List,” which allowed him to withdraw thousands of dollars using the card at ATMs in Germany and the United Arab Emirates. The transactions violated OFAC’s Mass Destruction Proliferators Sanctions Regulations.

American Express voluntarily disclosed the violations to OFAC and “remediated, making it less likely similar violations will recur,” OFAC said. Other mitigating factors included the fact that the company did not conduct “willful or reckless behavior” and that American Express did not know it issued a card to an SDN or that its system could be “overridden.” The company also cooperated with OFAC’s investigation and had not received a penalty notice from OFAC in the previous five years.

Aggravating factors included the fact that the transactions led to “sanctions harm” because it “conferred economic benefit” to an SDN, and the fact that American Express is a “large, commercially sophisticated” company. OFAC also said the company’s automatic approval of applications in situations where its risk engine times out is a “critical shortcoming of its compliance program.” The agency said companies should ensure their automated screening systems “cannot be overridden without appropriate review.”