OFAC Compliance for Insurers

What is OFAC?

“OFAC” stands for the Office of Foreign Assets Control, an office of the Department of Treasury established in 1950.  OFAC enforces federal economic sanctions against terrorists, terrorist organizations, criminals, and organized crime.  OFAC prohibits any person or business from providing services to, or engaging in a transaction involving, a person or organization subject to federal economic sanctions.  OFAC also administers various economic sanctions regulations that prohibit transactions involving certain countries hostile to the U.S.  OFAC’s rules and regulations apply to all industries in the U.S., not just to the insurance industry.

How Does OFAC Operate?

OFAC maintains a database containing the names and aliases of thousands of persons and organizations that, for one or more reasons, are subject to economic sanctions by the U.S. government.  If the identity of a party to an insurance policy or transaction (i.e. an existing policyholder, a person applying for a new policy, a person making a claim under a policy, etc.) matches the identity of a person or organization listed by OFAC, the policy or the transaction must be “blocked”.  In addition, any funds collected by the insurer in connection with the transaction must be held pending further instructions from OFAC.  Finally, no further transactions may be conducted with respect to that particular policy or person without OFAC’s consent.

What are the Consequences of Non-Compliance?

Penalties for noncompliance with OFAC requirements can be severe.  Criminal penalties for willful violations can include fines ranging up to $20 million and imprisonment of up to 30 years.  Civil penalties can range from $65,000 to $1,075,000 for each violation.

Violations of OFAC regulations can also generate negative publicity for the company.  Even cases in which a violation is inadvertent may attract unwanted attention.  Such occurrences can have a corrosive effect on the violating company’s reputation and good name.

Establishing an OFAC Compliance Program

Determine Your Risk ProfileIn general, the scope and breadth of your company’s OFAC compliance program should be proportionate to the probability that your company will conduct a transaction with a person or organization subject to OFAC control, the frequency with which OFAC is currently updating its sanctions lists, and other risk factors.  Companies that engage in business activities making them high-risk for OFAC violations, such as covering risks in or near countries hostile to the United States, should have a rigorous and comprehensive OFAC compliance program.

Designate a Compliance Manager – Your company’s OFAC compliance program should be managed by a Designated Compliance Officer (DCO).  The person chosen should have ample authority to recommend and implement the policy and procedural changes necessary to effectively carry out program requirements.

Implement Identity-Checking Procedures, Training, and Auditing – Once your company’s risk profile has been established, the DCO should work with all functional areas to develop specific identity-checking procedures.  These procedures should be tailored to fit the company’s risk profile, product offerings, and business methods.  Since OFAC sanction lists contain the names of thousands of individuals and organizations, your company should plan to use one or more list-checking solutions, also sometimes known as “interdiction” programs, as part of its OFAC compliance program.  List-checking or interdiction solutions enable your company to efficiently and effectively perform name-recognition searches of customer data files, and other data files, in order to identify potential matches to names on OFAC lists.  As part of this, the company should carefully develop and implement procedures for handling any apparent matches to OFAC lists.  These procedures must comply with OFAC requirements.  Further, all persons involved in implementing your company’s OFAC compliance program should receive appropriate instruction and training in using interdict programs and in handling and reporting apparent matches according to developed procedures and OFAC requirements.  As a final measure, the program should be audited at least annually to ensure that your company remains in compliance.

Further Information and Assistance

The Lawson Firm, LLC can help your company manage OFAC compliance, including assistance with establishing or updating compliance program parameters and procedures, finding and evaluating interdiction solutions, assistance with individual OFAC case management, compliance auditing, and training.

Please contact Scott Lawson slawson@lawsonfirm.net to learn more.

Other Resources:

OFAC FAQs – Compliance for the Insurance Industry

Legal Information:

Attorney Advertising and Other Important Legal Information and Disclaimers

© 2020. The Lawson Firm, LLC.

Claims Compliance Challenges for Multi-State Companies

If your company is a property and casualty insurer that operates in multiple states, a key challenge for your claims organization is keeping in step with state variations in the laws and regulations affecting claims handling.  A 2019 study found that claims compliance errors were both the number one and number two most common reasons for regulatory enforcement actions taken against U.S. property and casualty insurers.  Further, according to the same study, five out of the top ten reasons for insurance department actions against companies involved errors in claims handling. 

The laws, regulations, and court precedents that apply to claims handling can vary widely from state to state in a number of key areas.  A “one-size fits all” set of guidelines may have worked well when your company operated in just one, or a handful of states, but that same approach can quickly lead to problems as the company expands into new states.  Simply put, the more states in which your company operates, the more state law variations your company will encounter and need to work into its processes.  And the failure to conform to state law variations is, as they say, not an option.  In addition to the risk of regulatory fines and penalties for not adhering to state claims handling laws, your company risks court challenges leading to adverse claim development, and, in some cases, bad faith liability.  Further, the consistent and systematic failure to adhere to a state’s particular claims handling laws and regulations could also, depending on the issue, expose the company to consumer class action litigation in that state. 

So, what are some areas to look out for?  Here is a list of some of the areas where claims handling laws and regulations vary from state to state:

  • Time frames for acknowledging, investigating, and paying or denying claims;
  • Reservations of rights (ROR) requirements (both timing and ROR letter content requirements);
  • Notice and disclosure requirements for denying a claim;
  • Notice and disclosure requirements when paying a claim;
  • Notice requirements when paying a claim to an attorney or other representative;
  • Requirements for paying auto medical payment or PIP claims under an assignment of benefits;
  • Uninsured/underinsured motorist claims;
  • Sales and use tax payment requirements for automobile total losses;
  • Replacement cost claims (homeowners’);
  • Ensuing mold claims (homeowners’); and
  • General claims file documentation and record retention requirements.

Next Steps…

As a first step, it is important to determine if you claims handling procedures are up-to-date with current state requirements. Even if a review was conducted when your company entered a state, laws change frequently, and procedures can quickly become out dated. Periodic risk assessments and audits are also critical to ensure that procedures designed to ensure compliance are routinely followed. Lastly, targeted compliance training can highlight and enhance understanding of key state law variations and compliance issues.

If you are unsure about where your company stands with respect to compliance with multi-state requirements on key claims issues, The Lawson Firm, LLC offers a number of services that can help.  These include:

  • Updating your company’s claims compliance research, matrices, and procedures;
  • Conducting targeted risk assessments for key claims issues;
  • Creating customized audit plans to enable the company to conduct its own claims compliance audits;
  • Customized compliance training to help ensure adherence to compliance procedures; and
  • Representation for, and assistance with, market conduct exams.

Please contact Scott Lawson slawson@lawsonfirm.net to learn more.

Attorney Advertising – Legal Disclaimer

© 2020.  The Lawson Firm, LLC.