Washington, D.C. (June 30, 2023) – On June 20, 2023, the Department of the Treasury's Office of Foreign Assets Control (OFAC) announced an enforcement action against Swedbank Latvia AS, headquartered in Riga, Latvia (Swedbank Latvia or the Bank). The enforcement action, in which Swedbank Latvia agreed to pay $3,430,900 to settle its liability for 386 apparent violations of OFAC sanctions on Crimea, illustrates OFAC's continued focus on violations of the Crimea, Cuba, Sudan, Iran, and Syria sanctions programs.
Case Background and Violations
After Russia's 2014 invasion of Crimea, Swedbank Latvia had onboarded a shipping industry client in Crimea that owned three special purpose companies, each with an account at Swedbank Latvia. Between February 5, 2015 and October 14, 2016, the client initiated 386 transactions totaling $3,312,120 that were processed through U.S. correspondent banks. One correspondent bank rejected the payments and when Swedbank Latvia requested additional information from the client, the client falsely assured the bank that none of the transactions involved Crimea. As a result, Swedbank Latvia then routed the payments to a different U.S. correspondent bank that processed the transactions.
OFAC claims that Swedbank Latvia should have known that the client's assurances were false. When the Bank brought the client through its "Know Your Customer" protocols, the Bank had information that the client and its subsidiaries had a physical presence in Crimea. Even though the Bank had this information, it did not integrate this data into its sanctions screening processes.
Swedbank Latvia's failure to integrate this data resulted in apparent violations of Section 6(a) of Executive Order 13685 of December 19, 2014, "Blocking Property of Certain Persons Prohibiting Certain Transactions with Respect to the Crimea region of Ukraine" (E.O. 13685). That provision prohibits any "transaction that evades or avoids, has the purpose of evading or avoiding, causes a violation of, or attempts to violate any of the prohibitions set forth in this order."
More specifically, OFAC found that Swedbank Latvia allowed its client to initiate payments – from Crimea through the e-banking platform – that were ultimately processed by a U.S. correspondent bank. This conduct resulted in the export of financial services to Crimea in violation of E.O. 13685(1)(a)(iii).
Heed OFAC's Framework for Compliance Commitments and its Red Flags
OFAC has published a Framework for OFAC Compliance Commitments to strongly encourage "organizations subject to U.S. jurisdiction, as well as foreign entities that conduct business in or with the United States, U.S. persons, or using U.S.-origin goods or services, to employ a risk-based approach to sanctions compliance by developing, implementing, and routinely updating a sanctions compliance program (SCP)."
The Framework provides that even if no organization is subject to U.S. jurisdiction, —"if a U.S. financial institution is involved in any payments associated with such transactions it could result in a prohibited activity (e.g., the exportation or re-exportation of services from the United States to a comprehensively sanctioned country." In Swedbank Latvia's case, the use of a U.S. bank in the transactions allowed for the transaction to come under U.S. jurisdiction.
In addition to having strong risk mitigation procedures in place, financial institutions must be mindful of red flags when engaging in business dealings that could involve transactions with sanctioned countries, individuals, products, or services. On June 28, 2022, the U.S. Department of Treasury's Financial Crimes Enforcement Network (FinCEN) and the U.S. Department of Commerce's Bureau of Industry and Security (BIS) urged increased vigilance for potential Russian and Belarusian export control evasion attempts. Among the red flags cited about which financial institutions should be aware are: (1) transactions involving companies that are physically co-located with or have shared ownership with an entity on the BIS Entity List or the Department of the Treasury's Specially Designated Nationals and Blocked Persons List; and (2) transactions associated with atypical shipping routes for a product and destination.
Additional red flags were enumerated in a recent FinCEN BIS Alert, issued on May 19, 2023, as a Supplement to the previous alert. Among these are when (1) a customer lacks or refuses to provide details to banks, shippers, or third parties, including about end users, intended end-use, or company ownership, and (2) the customer or its address is similar to one of the parties on a proscribed parties list. For more information on this issue, see Lewis Brisbois' previous Client Alert here.
These compliance guidelines and red flag suggestions strongly remind financial institutions with customers in maritime or export/import industries that they should rely on their internal risk assessments to employ appropriate risk-mitigation measures consistent with underlying FinCEN and OFAC obligations, including customer due diligence and beneficial ownership requirements.
Implications and Compliance
The Swedbank Latvia enforcement action reflects a continued effort to ensure that financial institutions are complying with U.S. sanctions programs. Not only are U.S. financial institutions subject to OFAC sanctions, but any foreign bank that uses a U.S. bank in any prohibited transaction also will fall within OFAC's jurisdiction. Non-compliance could result in significant financial penalties. In addition to existing know-your-customer and customer due diligence programs, banks must develop and keep current an effective sanctions compliance program.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
