OFAC Compliance for Insurers

What is OFAC?

“OFAC” stands for the Office of Foreign Assets Control, an office of the Department of Treasury established in 1950.  OFAC enforces federal economic sanctions against terrorists, terrorist organizations, criminals, and organized crime.  OFAC prohibits any person or business from providing services to, or engaging in a transaction involving, a person or organization subject to federal economic sanctions.  OFAC also administers various economic sanctions regulations that prohibit transactions involving certain countries hostile to the U.S.  OFAC’s rules and regulations apply to all industries in the U.S., not just to the insurance industry.

How Does OFAC Operate?

OFAC maintains a database containing the names and aliases of thousands of persons and organizations that, for one or more reasons, are subject to economic sanctions by the U.S. government.  If the identity of a party to an insurance policy or transaction (i.e. an existing policyholder, a person applying for a new policy, a person making a claim under a policy, etc.) matches the identity of a person or organization listed by OFAC, the policy or the transaction must be “blocked”.  In addition, any funds collected by the insurer in connection with the transaction must be held pending further instructions from OFAC.  Finally, no further transactions may be conducted with respect to that particular policy or person without OFAC’s consent.

What are the Consequences of Non-Compliance?

Penalties for noncompliance with OFAC requirements can be severe.  Criminal penalties for willful violations can include fines ranging up to $20 million and imprisonment of up to 30 years.  Civil penalties can range from $65,000 to $1,075,000 for each violation.

Violations of OFAC regulations can also generate negative publicity for the company.  Even cases in which a violation is inadvertent may attract unwanted attention.  Such occurrences can have a corrosive effect on the violating company’s reputation and good name.

Establishing an OFAC Compliance Program

Determine Your Risk ProfileIn general, the scope and breadth of your company’s OFAC compliance program should be proportionate to the probability that your company will conduct a transaction with a person or organization subject to OFAC control, the frequency with which OFAC is currently updating its sanctions lists, and other risk factors.  Companies that engage in business activities making them high-risk for OFAC violations, such as covering risks in or near countries hostile to the United States, should have a rigorous and comprehensive OFAC compliance program.

Designate a Compliance Manager – Your company’s OFAC compliance program should be managed by a Designated Compliance Officer (DCO).  The person chosen should have ample authority to recommend and implement the policy and procedural changes necessary to effectively carry out program requirements.

Implement Identity-Checking Procedures, Training, and Auditing – Once your company’s risk profile has been established, the DCO should work with all functional areas to develop specific identity-checking procedures.  These procedures should be tailored to fit the company’s risk profile, product offerings, and business methods.  Since OFAC sanction lists contain the names of thousands of individuals and organizations, your company should plan to use one or more list-checking solutions, also sometimes known as “interdiction” programs, as part of its OFAC compliance program.  List-checking or interdiction solutions enable your company to efficiently and effectively perform name-recognition searches of customer data files, and other data files, in order to identify potential matches to names on OFAC lists.  As part of this, the company should carefully develop and implement procedures for handling any apparent matches to OFAC lists.  These procedures must comply with OFAC requirements.  Further, all persons involved in implementing your company’s OFAC compliance program should receive appropriate instruction and training in using interdict programs and in handling and reporting apparent matches according to developed procedures and OFAC requirements.  As a final measure, the program should be audited at least annually to ensure that your company remains in compliance.

Further Information and Assistance

The Lawson Firm, LLC can help your company manage OFAC compliance, including assistance with establishing or updating compliance program parameters and procedures, finding and evaluating interdiction solutions, assistance with individual OFAC case management, compliance auditing, and training.

Please contact Scott Lawson slawson@lawsonfirm.net to learn more.

Other Resources:

OFAC FAQs – Compliance for the Insurance Industry

Legal Information:

Attorney Advertising and Other Important Legal Information and Disclaimers

© 2020. The Lawson Firm, LLC.