Communications Litigation Today was a Warren News publication.

OFAC Reaches $3.4M Settlement With Latvian Bank for Alleged Sanctions Violations

A Latvia-based bank reached a $3.4 million settlement with the Office of Foreign Assets Control to resolve allegations it violated U.S. sanctions relating to Crimea, OFAC said June 20. Swedbank Latvia AS, a subsidiary of Sweden-based Swedbank AB, allowed a customer to use its e-banking platform from an internet protocol address in Crimea to send payments to persons in Crimea through U.S. correspondent banks, OFAC said, which resulted in 386 violations of U.S. sanctions.

OFAC said the alleged violations began before Russia’s 2014 invasion of the Crimea region of Ukraine, when Swedbank Latvia onboarded a shipping industry client in Crimea. Between February 2015 and October 2016, the client initiated 386 transactions totaling more than $3.3 million through accounts belonging to its “special purpose companies” that were processed through U.S. correspondent banks, the agency said.

Around March 2016, the client tried to use the e-banking platform to send the payments from an IP address in Crimea, but the U.S. correspondent bank rejected the payments and alerted Swedbank Latvia. Swedbank Latvia tried to “obtain additional information” from this U.S. bank but didn’t receive a response, OFAC said, and the client “falsely assured Swedbank Latvia that none of the transactions involved Crimea.” A “relationship manager” at Swedbank Latvia then rerouted the rejected payments to a different U.S. correspondent bank, which processed the transactions, OFAC said.

The agency said Swedbank Latvia didn’t voluntarily disclose the violations but fined it $3,430,900, down from the maximum penalty of more than $112 million, due to several mitigating factors, including its decision to eventually end the client relationship and implement “geofencing” that stops customers from sending payments through online banking platforms from IP addresses in sanctioned jurisdictions. OFAC also said the bank introduced an “automated system control within their transaction screening solution to identify potential resubmissions of payments after rejection,” established “enhanced due diligence and screening procedures for high-risk customers,” and put in place “enhanced diligence and transparency protocols for responses to correspondent banks.” The bank also expanded its compliance staff and improved its know-your-customer, anti-money laundering and financial sanctions controls.

OFAC also pointed to several aggravating factors, including the fact that the bank “solely” relied on its client’s assurances “when it possessed contrary information, including KYC and IP Data.” Swedbank Latvia had “reason to know” that the client’s assurances were “incorrect,” OAC said, particularly because it had addresses, telephone numbers and other information “clearly indicating” a “physical presence in Crimea.”

Although Swedbank Latvia collected and stored customer IP data, it didn’t integrate this data into its sanctions’ screening processes, OFAC said, leading to the compliance failures. “If screened, the IP data would have indicated that the Client was present in Crimea at the time of the Apparent Violations”

OFAC said the case highlights the importance of “implementing and maintaining effective, risk-based sanctions compliance controls, especially for sophisticated financial institutions” operating close to “high-risk” regions. It also shows the importance of “undertaking reasonable efforts to investigate red flags,” OFAC said. “Ignoring or failing to heed such warnings can cause apparent violations to multiply quickly. Rather than dismissing such concerns and relying on unsubstantiated assurances, financial institutions and other persons made aware of such issues should diligently work to identify risks that may exist.”

Swedbank didn’t immediately respond to a request for comment.