OFAC Compliance for Insurers

What is OFAC?

“OFAC” stands for the Office of Foreign Assets Control.  It is an office of the Department of Treasury established in 1950.  OFAC enforces federal economic sanctions against terrorists, terrorist organizations, criminals, and organized crime.  OFAC prohibits any person or business from providing services to, or engaging in a transaction involving, a person or organization subject to federal economic sanctions.  OFAC also administers various economic sanctions regulations that prohibit transactions involving certain countries hostile to the U.S.  OFAC’s rules and regulations apply to all industries in the U.S., not just to the insurance industry.

OFAC maintains a database containing the names and aliases of thousands of persons and organizations that, for one or more reasons, are subject to economic sanctions by the U.S. government.  If the identity of a party to an insurance transaction (i.e. an application for new business, an endorsement to an existing policy, a claim, etc.) matches the identity of a person or organization listed by OFAC, the transaction must be stopped.  In addition, any funds collected by the insurer in connection with the transaction must be held pending further instructions from OFAC.  Finally, no further transactions may be conducted with respect to that particular policy.

What are the Consequences of Non-Compliance?

Penalties for noncompliance with OFAC requirements can be severe.  Criminal penalties for willful violations can include fines ranging up to $20 million and imprisonment of up to 30 years. Civil penalties can range from $65,000 to $1,075,000 for each violation.

Violations of OFAC regulations can also generate negative publicity for the company.  Even cases in which a violation is inadvertent may attract significant public attention.  Such occurrences can have a corrosive effect on the violating company’s good name.

What to Do…

Determine Your Risk ProfileIn general, the scope and breadth of your company’s OFAC compliance program should be proportionate to the probability that your company will conduct a transaction with a person or organization subject to OFAC control, the frequency with which OFAC is currently updating its lists, and other risk factors.  Companies that engage in business activities making them high-risk for OFAC violations, such as covering risks in or near countries hostile to the United States, should have a comprehensive OFAC compliance program.

Designate a Compliance Manager – Your company’s OFAC compliance program should be managed by a Designated Compliance Officer (DCO).  The person chosen should have ample authority to recommend and implement the policy and procedural changes necessary to effectively carry out program requirements.

Implement Identity-Checking Procedures, Training, and Auditing – Once your company’s risk profile has been established, the DCO should work with all functional areas to develop specific identity-checking procedures.  These procedures should be tailored to fit your company’s product offerings and business methods.  Since OFAC lists contain the names of thousands of individuals and organizations, your company should plan to use one or more list-checking solutions (also sometimes known as “interdict” programs) as part of its OFAC compliance program.  List-checking (or interdict) programs enable your company to efficiently and effectively perform name-recognition searches of customer data files, and other data files, in order to identify potential matches to names on OFAC lists.  As part of this, the company should carefully develop and implement procedures for handling any apparent matches to OFAC lists.  These procedures must comply with OFAC requirements.  Further, all persons involved in implementing your company’s OFAC compliance program should receive appropriate instruction and training in using interdict programs and in handling and reporting apparent matches according to developed procedures and OFAC requirements.  As a final measure, the program should be audited at least annually to ensure that your company remains in compliance.

For More Information and Assistance…

The Lawson Firm, LLC provides comprehensive legal and compliance risk management services to insurers of all sizes, including assistance with establishing and implementing OFAC compliance procedures, OFAC licensing, and related matters.   Please feel free to contact me should you require assistance in this area.

– Scott Lawson slawson@lawsonfirm.net.♦

Attorney Advertising. The Lawson Firm, LLC (“TLF”) is a law firm providing legal counsel and value-added legal services to its business clients. Further information about TLF may be found at www.lawsonfirm.net. This article is intended to provide general information only and is not intended to provide solutions to specific issues. Readers are cautioned not to attempt to solve specific issues solely on the basis of the information contained in the article. TLF does not claim expertise in the laws of jurisdictions other than those in which our attorneys are licensed. Certification in any of the practice areas mentioned in this article is not available in Ohio.

© 2016. The Lawson Firm, LLC.