Communications Litigation Today was a Warren News publication.

OFAC Fines Deutsche Bank After Poor Due Diligence, Screening Tool Led to Sanctions Violations

Deutsche Bank Trust Company Americas was fined nearly $600,000 for violating the Office of Foreign Assets Control’s Ukraine-related sanctions, OFAC said in a Sept. 9 notice. OFAC said the New York bank processed payments for a sanctioned oil company in Cyprus and an investment bank on OFAC’s Specially Designated Nationals List. The violations were caused by poor due diligence and an incorrectly calibrated screening tool, OFAC said.

OFAC fined the bank $157,500 for the first violation, in which Deutsche processed a $28 million funds transfer in 2015 involving U.S.-sanctioned IPP Oil Products. IPP, based in Cyprus, was added to OFAC’s SDN list one week earlier, and OFAC said Deutsche “had reason to know of IPP’s potential interest in the transaction underlying the payment.” OFAC said Deutsche received emails that suggested IPP wasn’t involved in the transfer, but Deutsche “did not conduct further due diligence to attempt to independently corroborate the statements.”

Deutsche was fined $425,600 for the second violation, which involved processing 61 transactions totaling more than $270,000 for Open Joint Stock Company Krasnodar Regional Investment Bank (Krayinvestbank), an SDN. In December 2015, Deutsche processed the transactions despite the fact that each payment contained Krayinvestbank’s Society for Worldwide Interbank Financial Telecommunication (SWIFT) Business Identifier Code (BIC) and “an almost identical match” to the bank’s name and address. Deutsche completed the payments because it didn’t include the bank’s SWIFT BIC as an identifier. OFAC also said the bank’s screening filter “was calibrated in such a way that only a payment with an exact SDN List match would trigger manual review.”

Deutsche didn’t voluntarily disclose the violations. OFAC said aggravating factors included the bank’s failure “to exercise a minimal degree of caution or care,” the fact that it had actual knowledge of some of the violations and the violations could have led to “significant harm” to OFAC sanctions programs. OFAC also said Deutsche failed to “comply with existing internal policies and procedures” by not including the SWIFT BIC of an SDN in its screening software and should have had better due diligence procedures because it is a “large and sophisticated financial institution.” OFAC also said Deutsche committed an “almost identical” sanctions violation in 2013 when it failed to include the SWIFT BIC of a sanctioned bank in its filter.

Mitigating factors included the fact that Deutsche processes a “large volume” of transactions annually, had an OFAC compliance program in place at the time of the violations and implemented remedial compliance measures. OFAC also said the bank cooperated with OFAC’s investigation.

As part of a settlement with OFAC, Deutsche agreed to “robust compliance procedures,” including a greater compliance commitment from its management team, more frequent risk assessments, improved internal controls and better employee training. OFAC said the case highlights the importance of banks knowing whether an SDN has an interest in a transaction before processing the payment. Companies should also “take due caution in accepting the oral or written representations of non-accountholder parties to a transaction” about the potential involvement of SDNs.