We have our first enforcement action of 2021 to review: an $8.5 million fine that the Office of Foreign Assets Control slapped against a French bank for sanctions violations related to Syria, with a detailed list of compliance reforms the bank implemented to avoid harsher penalties.
OFAC announced the enforcement action on Monday against Union de Banques Arabes et Françaises, a bank with about €1.88 billion in assets that provides trade finance between European and Middle East businesses. OFAC accused the bank of processing 127 transactions in the early 2010s for Syrian businesses on U.S. sanctions lists, worth a total of roughly $2.08 billion.
Under U.S. sanctions law, the theoretical maximum monetary penalty for those violations is more than $4.1 billion — but UBAF disclosed the violations voluntarily, and OFAC didn’t consider the violations an egregious case. So under OFAC enforcement rules, that knocked down potential penalties to only $15.87 million.
Still, how’d we get from a potential $15.87 million to an actual $8.5 million? Enter the compliance actions that UBAF took once it realized it had a Syria sanctions mess on its hands.
First, UBAF had several aggravating factors. Foremost, when the United States expanded its sanctions against Syria in 2011 (for the government’s use of chemical weapons in the civil war there), the bank didn’t perform a sufficient assessment of its compliance risks given that change in circumstance. As OFAC phrased things in its settlement notice:
UBAF demonstrated a reckless disregard for its U.S. sanctions compliance obligations when it continued to provide USD services to sanctioned Syrian parties after the August 2011 expansion of U.S. sanctions on Syria without properly identifying and managing the relevant sanctions compliance risks that providing those services posed to the bank.
Worse, UBAF management also had actual knowledge of the transactions in question, and those transactions conferred “significant economic benefit” to the sanctioned parties in Syria.
Then Came the Compliance Program
Those aggravating factors were offset by several mitigating factors UBAF also took following discovery of the transactions.
First, most of the violations happened in late 2011, immediately after the Obama Administration expanded its Syria sanctions. That’s not to excuse the violations, but it’s important context: most of the violations happened only immediately after the new sanctions went into effect, when UBAF (and many other banks) was still trying to figure out which end was up.
UBAF also had a compliance program in effect at the time of the problematic transactions, and it seems like that program worked reasonably well; UBAF had no other sanctions issues with OFAC in the preceding five years. The bank also voluntarily disclosed the transactions to OFAC when it discovered them, and cooperated fully with OFAC during the subsequent investigation — including agreeing to extend the investigation multiple times over the years.
UBAF then implemented several reforms to its sanctions compliance program. Among them:
- UBAF adopted the sanctions compliance program of its largest shareholder, Crédit Agricole CIB. That included adopting all of Crédit Agricole’s compliance policies and embracing all of Crédit Agricole’s sanctions technology: screening tools, an anti-stripping module (stripping is one method of hiding a customer’s details from a transaction), negative news searches, advanced risk databases — the whole shebang.
- Expanded e-learning for all UBAF employees several times a year, also based on training materials used by Crédit Agricole.
- A review of UBAF’s own business lines, which resulted in ending certain services that were deemed high compliance risks. UBAF also cut ties with high-risk banks and stopped doing any business at all with Sudan and Syria.
- And UBAF set up a compliance committee, composed of senior managers who meet regularly to monitor follow-up on actions promised by various bank departments.
So all in all, UBAF seems to be a bank that had a reasonably effective compliance program in the 2000s, and then fell into one specific compliance failure as sanctions rules changed in 2011, and then made significant investments in stronger compliance after that.
Recall that in 2019 OFAC unveiled new guidance for effective sanctions programs, including a new cooperation policy modeled after the Justice Department. We clearly see some principles of that new guidance at work here in the UBAF case.
The result was OFAC deciding the misconduct wasn’t egregious, which kicked the potential penalties into a much lower range; and then a 46 percent discount on even those smaller penalties thanks to the robust compliance reforms executives put into place.
Not a bad start for the compliance news of 2021.