I wrote briefly about “fuzzy logic” in a prior post (please see: https://thesanctionsgeek.com/3-key-steps-in-ofac-compliance-screen-screen-and-screen/). What I did not mention is that a couple of America’s biggest companies have recently gotten caught for failures to pick up aliases that their respective software programs should have caught.
The Office of Foreign Assets Control (OFAC) itself has recently upgraded the “fuzzy logic” in its own search tool in January 2021. Please see: https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20210125.
Those two companies that got in trouble recently for inadequate “fuzzy logic” capabilities are Apple and Amazon. This blog will review both cases to illustrate the importance of proper “fuzzy logic” capabilities in a chosen software service provider.
I. Apple’s Failure with Fuzzy Logic
In November 2019, Apple, Inc. agreed to pay $466,912 to settle its OFAC case for apparent violations of the Foreign Narcotics Kingpin Sanctions Regulations. (Please see: https://home.treasury.gov/system/files/126/20191125_apple.pdf).
Apple dealt in the property or interests in property of SIS, d.o.o. (“SIS”), a Slovenian software company previously identified on OFAC’s List of Specially Designated Nationals and Blocked Persons (the “SDN List”) as a significant foreign narcotics trafficker (“SDNTK”). The SDN List provided the following identifying information for SIS: SIS D.O.O., 19 Spruha, Trzin 1236, Slovenia; Registration ID 5919070 (Slovenia); Tax ID No. SI91729181 (Slovenia) [SDNTK].
Apple screened the newly designated SDNTKs against its app developer account holder names using its sanctions screening tool. However, Apple failed to identify that SIS, an App Store developer, was added to the SDN List and was therefore blocked. Apple later attributed this failure to its sanctions screening tool’s failure to match the upper case name “SIS DOO” in Apple’s system with the lower case name “SIS d.o.o.” as written on the SDN List. The term “d.o.o.” is a standard corporate suffix in Slovenia identifying a limited liability company.
OFAC determined the following to be mitigating factors regarding Apple’s correction of its “fuzzy logic” deficiency in its screening software, namely, Apple:
• Reconfigured the primary sanctions screening tool to fully capture spelling and capitalization variations and to account for country-specific business suffixes, and implemented an annual review of the tool’s logic and configuration;
• Expanded sanctions screening to include not only app developers, but also their designated payment beneficiaries and associated banks; and
• Updated the instructions for employees to review potential SDN List matches flagged by the primary sanctions screening tool.
II. Amazon Fuzzy Logic Failure
Amazon.com, Inc.agreed to pay $134,523 in July 2020 to settle its potential civil liability for apparent violations of multiple OFAC sanctions programs (please see: https://home.treasury.gov/system/files/126/20200708_amazon.pdf).
As a result of deficiencies related to Amazon’s sanctions screening processes, Amazon provided goods and services to persons sanctioned by OFAC; to persons located in the sanctioned region or countries of Crimea, Iran, and Syria; and to individuals located in or employed by the foreign missions of countries sanctioned by OFAC.
The settlement amount reflects OFAC’s determination that Amazon’s apparent violations were non-egregious and voluntarily self-disclosed, and further reflects the significant remedial measures implemented by Amazon upon discovery of the apparent violations.
Overall, OFAC found the apparent violations consisted primarily of transactions involving low-value retail goods and services for which the total transaction value of the apparent violations was approximately $269,000. OFAC further determined the apparent violations occurred primarily because Amazon’s automated sanctions screening processes failed to fully analyze all transaction and customer data relevant to compliance with OFAC’s sanctions regulations.
What served as chief mitigating factors was that Amazon undertook significant remedial measures to address its sanctions screening deficiencies. Such measures included:
• Employing internal and third-party sources to conduct a thorough review of Amazon’s sanctions compliance program and its automated screening systems in order to address the screening failures that gave rise to the apparent violations. In particular, Amazon is incorporating additional automated preventative screening controls designed to scale and operate effectively for its overall retail business;
• Developing internally custom screening lists to minimize the risk of processing transactions that raise sanctions compliance concerns; and
• Enhancing its sanctioned jurisdiction Internet Protocol (IP) blocking controls and implementing automated processes to update continually its mapping of IP ranges associated with sanctioned jurisdictions.
III. “Fuzzy Logic” Becomes Clear Logic
After reviewing both the Apple and Amazon cases, it becomes readily clear why proper “fuzzy logic” capabilities in picking up alternate spellings and aliases is so important. While such “fuzzy logic” can result in an overwhelming number of “false positive” matches, the logic can be tweaked to match the risk profile of a given company, depending on types of business partners and geographies covered.
Because a given company’s risk profile can evolve over time, it is most helpful to undertake the commitment Apple made in implementing an annual review of the screening tool’s logic and configuration (likely best done as part of an annual risk assessment).
Following last week’s post on the importance of screening (https://thesanctionsgeek.com/3-key-steps-in-ofac-compliance-screen-screen-and-screen/), it is mission critical to know OFAC has more than one way to blacklist a bad actor.
I. Specially Designated Nationals and Blocked Persons Blacklist (SDNs)
The most notorious blacklist is the SDN list. OFAC designates SDNs primarily under the statutory authority of the Trading With the Enemy Act, the International Emergency Economic Powers Act, the Anti-Terrorism and Effective Death Penalty Act and the Foreign Narcotics Kingpin Designation Act.
The SDNs comprise a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Their assets are blocked and U.S. persons are generally prohibited from dealing with them. (Please see: https://home.treasury.gov/policy-issues/financial-sanctions/specially-designated-nationals-and-blocked-persons-list-sdn-human-readable-lists).
II. Other Non-Blocking OFAC Blacklists
OFAC also generates these other sanctions blacklists (where blocking is not required but other prohibitions and investment restrictions apply). (Please see: https://home.treasury.gov/policy-issues/financial-sanctions/consolidated-sanctions-list-data-files):
- Sectoral Sanctions Identifications List – a list to identify persons operating in sectors of the Russian economy identified by the Secretary of the Treasury pursuant to Executive Order 13662. Directives found within the list describe prohibitions on dealings with the persons identified.
- Foreign Sanctions Evaders List – a list of foreign individuals and entities determined to have violated, attempted to violate, conspired to violate, or caused a violation of U.S. sanctions on Syria or Iran pursuant to Executive Order 13608. It also lists foreign persons who have facilitated deceptive transactions for or on behalf of persons subject to U.S. sanctions.
- Non-SDN Palestinian Legislative Council List – section (b) of General License 4, issued pursuant to the Global Terrorism Sanctions Regulations (31 C.F.R. Part 594), the Terrorism Sanctions Regulations (31 C.F.R. Part 595), and the Foreign Terrorist Organizations Sanctions Regulations (31 C.F.R. Part 597), authorizes U.S. financial institutions to reject transactions with members of the Palestinian Legislative Council (PLC) who were elected to the PLC on the party slate of Hamas, or any other Foreign Terrorist Organization (FTO), Specially Designated Terrorist (SDT), or Specially Designated Global Terrorist (SDGT).
- Non-SDN Iranian Sanctions List – under Section 6 of the Iran Sanctions Act or under the Comprehensive Iran Sanctions, Accountability, and Divestment Act of 2010, as amended, the President, the Secretary of State, or the Secretary of the Treasury imposes non-blocking sanctions on a person.
- List of Foreign Financial Institutions Subject to Correspondent Account or Payable-Through Account Sanctions (CAPTA List) – as of March 14, 2019, the List of Foreign Financial Institutions Subject to Correspondent Account or Payable-Through Account Sanctions (the “CAPTA List”) includes one foreign financial institution subject to correspondent or payable-through account sanctions. Prior to March 14, 2019, this entity was on OFAC’s Part 561 List.
- Non-SDN Menu-Based Sanctions List (NS-MBS List) – this list is designed as a reference tool that identifies persons subject to certain non-blocking menu-based sanctions that have been imposed under statutory or other authorities, including certain sanctions described in Section 235 of the Countering America’s Adversaries Through Sanctions Act (CAATSA), as implemented by Executive Order 13849, and the Ukraine Freedom Support Act of 2014, as amended by CAATSA. The NS-MBS List also will specify the type of sanction or sanctions imposed on the listed person and the legal authority under which the person is sanctioned.
III. Distinguish Treasury’s OFAC from Commerce Blacklists
It is important to distinguish these Treasury OFAC lists from Commerce’s Bureau of Industry and Security (BIS) Denied Persons and Entity Lists. (https://home.treasury.gov/policy-issues/financial-sanctions/faqs/56).
The Denied Persons List consists of individuals and companies that have been denied export and reexport privileges by BIS. The Entity List consists of foreign end users who pose an unacceptable risk of diverting U.S. exports and the technology they contain to alternate destinations for the development of weapons of mass destruction.
Accordingly, U.S. exports to those entities may require a license. Authority for the Denied Persons List and the Entity List can be found in Title 15, Part 764, Supplement No. 2 and Title 15, Part 744, Supplement No.4 of the U.S. Code of Federal Regulations, respectively.
One of the tricky aspects of being an attorney licensed in a U.S. state and specialized in OFAC sanctions law is this: the potential to go too far in inadvertently facilitating a bad actor through the provision of legal services. This is because a U.S. person is prohibited from exporting services to, as well as from importing services from, a blocked person or specially designated national (SDN).
A. The OFAC Prohibition
As OFAC itself states the prohibition (at: https://home.treasury.gov/system/files/126/compliance_services_guidance.pdf):
“U.S. persons, wherever located, may not otherwise approve, finance, facilitate, or guarantee any transaction by a foreign person [. . . ] where the transaction by that foreign person would be prohibited by 31 C.F.R.
chapter V if performed by a U.S. person or within the United States.”
B. OFAC FAQs on What is Permissible
OFAC FAQs provide examples of what would be permissible at: https://home.treasury.gov/policy-issues/financial-sanctions/faqs/topic/1526.
FAQ 497 gives an example where a U.S. person may opine on the legality of a transaction under U.S. sanctions laws (though not to an SDN). This can include providing a legal opinion, certification, or other clearance as to the legality of such transaction, where it would be prohibited for a U.S. person to engage in the transaction. This suggests that being provided a set of facts or hypothetical facts would present a permissible opportunity to counsel the client on the legality of the circumstances.
FAQ 498 elaborates that U.S. persons may conduct research to determine the legality of transactions under U.S. sanctions laws. Using the internet, including searches of commercial databases, as well as published reference materials are all permissible. In addition, U.S. persons may solicit information regarding a transaction from non-blocked (non-SDN) persons. This can include, for example, the currency involved; any involvement of U.S. persons, directly or indirectly; and the identity of the counterparty.
C. OFAC FAQ on What is Not Permissible
However, FAQ 497 (second part), by contrast, warns that U.S. persons could not vote on a transaction (e.g., as a board member), or execute transaction documents (other than as to the legality of the transaction), where the transaction would be prohibited if performed by a U.S. person or within the United States. This would seem to suggest, in providing legal services, that offering alternative hypothetical scenarios that would be permissible for a foreign person, but not so for a U.S. person, would be going too far.
D. Is It OFAC Sanction Avoidance vs Evasion at the Crux of the Matter?
In short, an attorney licensed in a U.S. state (or who is otherwise a U.S. person/compliance advisor) must be careful not to cross the line. The line is akin to tax evasion versus tax avoidance (the former is illegal while the latter is legal). Put another way, the above examples authorize an attorney licensed in a U.S. state to provide counsel to non-blocked (non-SDN) persons on legitimately minimizing sanctions exposure; what is prohibited is aiding and abetting a foreign person in undertaking action that would otherwise be prohibited of a U.S. person or, put another way, in facilitating outright evasion of OFAC sanctions.
Please leave your thoughts below on whether this discussion is helpful.
President Trump issued an Executive Order (“EO”) on September 12th to impose certain sanctions in the event of foreign interference in an U.S. election (particularly timely given the upcoming mid-term elections). Please see: https://www.treasury.gov/resource-center/sanctions/Programs/Documents/election_eo.pdf.
National Security and Foreign Policy Emergency:
The EO states the threat has become a concern of national security and foreign policy. It points to the relatively recent proliferation of digital devices and internet-based communications as having created significant vulnerabilities and having magnified the scope and intensity of the threat of foreign interference.
Two Post Election 45 Day Review Periods:
The EO sets up a two 45 day post election review periods. The first 45 day review period is for the Director of National Intelligence to deliver an assessment and appropriate supporting information to the President, the Secretary of State, the Secretary of the Treasury, the Secretary of Defense, the Attorney General, and the Secretary of Homeland Security. Then the EO provides that, within 45 days of receiving the assessment and information, the Attorney General and the Secretary of Homeland Security shall deliver to the President, the Secretary of State, the Secretary of the Treasury, and the
Secretary of Defense a report evaluating:
(i) the extent to which any foreign interference materially affected the security or integrity of the election infrastructure, the tabulation of votes, or the timely transmission of election results; and
(ii) if any foreign interference involved activities targeting the infrastructure of, or pertaining to, a political organization, campaign, or candidate, the extent to which such activities materially affected the security or integrity of that infrastructure, including by unauthorized access to, disclosure or threatened disclosure of, or alteration or falsification of, information or data.
The key remedy to counteract such interference will be the designation of persons as specially designated nationals as follows:
All property and interests in property that are in the United States of the following persons are blocked and may not be transferred, paid, exported, withdrawn, or otherwise dealt in: any foreign person determined by the Secretary of the Treasury, in consultation with the Secretary of State, the Attorney General, and the Secretary of Homeland Security:
(i) to have directly or indirectly engaged in, sponsored, concealed, or otherwise been complicit in foreign interference in a United States election;
(ii) to have materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, any activity described above or any person whose property and interests in property are blocked pursuant to this order; or
(iii) to be owned or controlled by, or to have acted or purported to act for or on behalf of, directly or indirectly, any person whose property or interests in property are blocked pursuant to this order.
Additional Possible Sanctions:
The EO provides for additional sanctions on a case-by-case basis as follows:
Additional proposed sanctions may be imposed with respect to the largest business entities licensed or domiciled in a country whose government authorized, directed, sponsored, or supported election interference, including at least one entity from each of the following sectors: financial services, defense, energy, technology, and transportation (or, if inapplicable to that country’s largest business entities, sectors of comparable strategic significance to that foreign government). Any recommended sanctions may include one or more of the following with respect to each targeted foreign person:
(i) blocking and prohibiting all transactions in a person’s property and interests in property subject to United States jurisdiction;
(ii) export license restrictions under any statute or regulation that requires the prior review and approval of the United States Government as a condition for the export or re-export of goods or services;
(iii) prohibitions on United States financial institutions making loans or providing credit to a person;
(iv) restrictions on transactions in foreign exchange in which a person has any interest;
(v) prohibitions on transfers of credit or payments between financial institutions, or by, through, or to any financial institution, for the benefit of a person;
(vi) prohibitions on United States persons investing in or purchasing equity or debt of a person;
(vii) exclusion of a person’s alien corporate officers from the United States;
(viii) imposition on a person’s alien principal executive officers of any of the sanctions described in this section; or
(ix) any other measures authorized by law.
The Trump Administration issued Executive Order 13846 on August 6, 2018 right at the start of the first wind-down period for U.S. persons to begin ceasing business with Iran. The key parts of the Order impose blocking sanctions relating to support for the Government of Iran’s purchase or acquisition of U.S. bank notes or precious metals; certain Iranian persons; and Iran’s energy, shipping, and shipbuilding sectors and port operators.
These new sanctions come in two wind-down phases; one starting August 7, 2018; the other starting November 5, 2018. The Order provides specifically for the Secretary of the Treasury to require U.S. persons to block (including to refuse to transfer, pay, export, withdraw, or otherwise deal in) all property and interests in property that are in, come within or that come within the possession or control of any U.S. person of such designated person. Please note these are designations referred to as secondary sanctions. The U.S. Government can impose these latter sanctions even against parties located outside Iran in instances where the following occurs.
“(i) on or after August 7, 2018, the person has
materially assisted, sponsored, or provided financial,
material, or technological support for, or goods or
services in support of, the purchase or acquisition of
U.S. bank notes or precious metals by the Government
(ii) on or after November 5, 2018, the person has
materially assisted, sponsored, or provided financial,
material, or technological support for, or goods or
services in support of, the National Iranian Oil
Company (NIOC), Naftiran Intertrade Company (NICO),
or the Central Bank of Iran;
(iii) on or after November 5, 2018, the person has
materially assisted, sponsored, or provided financial,
material, or technological support for, or goods or
services to or in support of:
(A) any Iranian person included on the list of
Specially Designated Nationals and Blocked
Persons maintained by the Office of Foreign
Assets Control (SDN List) . . . ; or
(B) any other person included on the SDN List
whose property and interests in property are
blocked pursuant to subsection (a) of this
section or Executive Order 13599 . . . ; or
(iv) pursuant to authority delegated by the
President and in accordance with the terms of such
delegation, sanctions shall be imposed on such person
pursuant to section 1244(c)(1)(A) of IFCA* because the
(A) is part of the energy, shipping, or
shipbuilding sectors of Iran;
(B) operates a port in Iran; or
(C) knowingly provides significant financial,
material, technological, or other support to, or
goods or services in support of any activity or
transaction on behalf of a person determined
under section 1244(c)(2)(A) of IFCA to be a
part of the energy, shipping, or shipbuilding
sectors of Iran; a person determined under
section 1244(c)(2)(B) of IFCA to operate a port
in Iran; or an Iranian person included on the
SDN List (other than a person described in
section 1244(c)(3) of IFCA).”
*ICFA=Iran Freedom and Counter-Proliferation Act of 2012