As a business in the U.S., you are responsible for knowing who your customers are and whether they are on the OFAC list. Banking & Finance, and businesses that are involved in importing and/or exporting component parts and products are amongst the most vulnerable. OFAC is the Office of Foreign Assets Control, and it maintains a list of individuals and businesses that are sanctioned by the United States government. Sanctions can include anything from economic restrictions to a full travel ban. You could face heavy fines If you do business with a business or an individual that is on one of the OFAC. It is very important to screen those you do business with against the list regularly to avoid any run-ins with the law.
Targe can provide an easy-to-use cloud-based vetting service that can be configured to fit a variety of needs based on each business’s risk mitigation strategy.
You don’t want to get caught doing business with a sanctioned entity because first and foremost, you don’t want to aid the enemy, but secondarily you don’t want to pay the hefty fines that might be levied against you. This is absolutely an economical decision, just like purchasing insurance or implementing cyber security protocols. Implementing effective OFAC screening protects your business for a fraction of what the fines and liabilities will be without effective risk mitigation.
How big are the fines you may ask? A quick check of the fines levied in 2022. The smallest fine was over $45,000 and this was to a very small company with annual revenue of less than $150,000 per year! Furthermore, this company was taking reasonable efforts to check its customers against prevailing lists but made some mistakes. A fine resulted.
This may be one of the best-kept secrets of the US government! But if you ignore this requirement the fines can be astronomical some fines totaling over $500 million. If you do comply you may still get fined, but an honest effort, or completing the due diligence gets you a big reduction in fines.
Who must comply with OFAC regulations? According to the US Treasury, “all U.S. persons must comply with OFAC regulations, including all U.S. citizens and permanent resident aliens regardless of where they are located, all persons and entities within the United States, all U.S. incorporated entities and their foreign branches.” Even foreign businesses using US banks are subject to play by the same rules. And when they do not play by the rules, they are subject to the same fines.
Although any business is subject to OFAC regulations, a look at companies being fined shows that the major focus is on Banking & Finance companies and any business that buys and sells materials or products within an international market.
Banking and Finance companies must establish and maintain a due diligence program that includes policies, procedures, and controls that are reasonably designed to detect and report any known or suspected money laundering or suspicious activity conducted through or involving any private banking account for a non-U.S. person that is established, maintained, administered, or managed in the United States by the bank. In addition to both retail and private banking customers, there is a responsibility to vet any business relationships banks have with vendors and visitors that may increase the banks’ exposure to risk.
MAX and the Watchlist Investigator can facilitate a due diligence program by ensuring that, at a minimum, the bank has taken reasonable steps to do each of the following:
- Ascertain the identity of all Vendors and Individuals conducting business with the bank.
- Ascertain whether the Vendor or Individual is a senior foreign political figure or associated with a foreign political.
- Retain documentation indefinitely regarding a vendor or Individuals visits and vetting history.
Generate reports regarding potential sanctioned parties.
According to the US Treasury, there isn’t a One Size Fits All method for assessing risk. Different businesses will interact with sanctioned entities in different ways.
Consider the following entities that can be sanctioned:
- Digital Currency
- Geographic Areas
MAX provides a single system of record to track data related to all these categories and potential sanctions associated with people’s businesses or assets. The forms and process flow integral to the MAX system are configurable based on a businesses specific risk mitigation plan.
Enterprise Sanction Investigator is a proprietary search engine that aggregates data from multiple sanction lists and then utilizes specialized algorithms and matching criteria that provide the necessary information to facilitate an organization’s Sanctions Compliance Program or “SCP”
To mitigate the possibility of very large fines, you must create a documented Sanctions Compliance Program. Having such a plan in place and following the plan goes a long way in preventing being fined in the first place. If you still have an infraction despite trying to prevent it, demonstrating automated tools such as MAX that enforce the complex policies of an SCP for each and every person to the US Treasury investigators will go a long way to either get the fine waived altogether or at least to get the fine reduced.
While each risk-based SCP will vary depending on a variety of factors—including the company’s size and sophistication, products and services, customers and counterparties, and geographic locations—each program should be predicated on and incorporate at least five essential components of compliance:
- Senior Management Commitment
- Risk Assessment
- Internal Controls
- Testing Processes
- How you Periodically Train your Staff
Utilizing MAX as a visitor and vendor management makes OFAC compliance easy. Enabling anyone within an organization to record all parties they do business with Watchlist Investigator instantly vets those individuals and companies through OFAC and other data sources such as sanction lists from the UK, EU, UN, and Criminal histories. Compliance and security officers will be notified when any potentially sanctioned parties are identified.
“An effective SCP should include internal controls, including policies and procedures, in order to identify, interdict, escalate, report (as appropriate), and keep records pertaining to activity that may be prohibited by the regulations and laws administered by OFAC… and internal and/or external audits and assessments of the program should be conducted on a periodic basis.”
The Watchlist Investigator is a TARGE developed software system that provides a superior authentication and validation process by downloading and merging several published watchlists into a common format.
The Watchlist Investigator eliminates the time-consuming process of vetting each visitor through a series of background checks. Through an automated process, the Watchlist Aggregator allows for rapid vetting of every single visitor as soon as a name is submitted for approval.
Completing a criminal history background check used to a tedious and time-consuming task.
Organizations often have trouble keeping track of which visitors’ badge and pass holders need a credential and criminal recheck. Now with MAX it is no longer an inconvenience to security personnel.
MAX can be configured to recheck every person whenever an organizations security guideline dictates. Need to check contractors and visitors at every entry? Every month? Or even every night? MAX can automatically re-run a background check periodically and email alerts to security managers anytime a new record is found.
Do not wait for visitors to self-report issues with their background validation. MAX is the solution for your organization to be proactive in verifying all guests are properly and currently vetted. Please contact TARGE to find out how MAX can keep your organization secure with credential rechecks.
It is essential to have a good understanding of a customers’ risks so that appropriate action can be taken. The bank should be able to identify any type or level of risk from their customer base, vendors and partners and Then determine what they need from them accordingly- whether this means improving screening procedures completely across the board for all clients with high-risk profiles, placing additional restrictions on certain types/cases (e., those who’ve been convicted previously), utilizing other measures such as monitoring deposits closer than others–it’s really about figuring out how best protect yourself while also protecting these vulnerable groups!
The subject of sanctions and penalties levied by violating sanctions is a highly complex topic. Protecting against being on the wrong side of an investigation involves a dedicated effort by senior management, lawyers, and accountants. Sanctions have been talked about a lot in the news these days but very little gets said about sanctions violations and what happens to businesses that commit violations. No matter your course of action, it is imperative that you are aware of your customer base and how well you determine if any of your customers are subject to any of the prevailing sanctions.
Vetting can also come in another form of checking a vehicle history by capturing the license plate number and state of issue using a License Plate Recognition camera (LPR). This is sometimes paired with an under-vehicle scanner when security requires a more thorough inspection. While vehicle information can be manually entered into MAX at the time of arrival, the option to automatically read a plate adds an extra level security for both manned and unmanned gates. This eliminates user error and makes the task of data collection easier on guard staff.
When the vehicle information is collected the vehicle can be vetted against both internal and external data sources to determine if there is a potential risk associated with that vehicle. The vehicle may have been associated with a crime and therefore would match a record on the vehicle of interest file. Possibly this vehicle was associated with an incident on site and security needs to be alerted of the driver’s return. There are many reasons a vehicle’s information may be needed to solicit an alert in MAX.
LPR cameras may be placed at various locations around a facility not just at gates. In some cases, repeatedly passing a specific place may be cause for alarm. Perhaps placing LPR cameras at the start of entrance roads will give security enough time to respond to an alert before the vehicle arrives at the visitor center. Please contact us and a representative will be happy to discuss how utilizing LPR technology will benefit your installation.