Why sanctions matter
This September includes the tenth anniversary of 9/11, and it is clear that sanctions have shot up the scale of risks prioritised by financial institutions, including trust and corporate service provider businesses the world over. One reason for this is that the threats faced by the international community have become more pronounced – international terrorism and nuclear proliferation have gained more international consensus than apartheid did in the 1980s, for example – but the main driver has been the increased willingness of the US authorities and courts to exercise jurisdiction extraterritorially.
Most countries domesticate UN or EU sanctions and no more. The US is exceptional. In addition to domesticating UN sanctions it imposes its own extensive sanctions policed by a department of the US Treasury – the Office of Foreign Asset Control (OFAC). The US government has long regarded sanctions as key tools in support of foreign policy aims. That is important because the US regards anybody who does business with a person under US sanctions as effectively trading with the enemy. A number of UK banks have discovered this recently, to their cost.
Two common misconceptions about OFAC sanctions can lead to flaws in the compliance controls of financial services businesses:
- OFAC sanctions only apply to US persons. They are not relevant to foreign trust company businesses, which need to be aware only of the sanctions that are in force in the jurisdictions where they operate.
- OFAC sanctions apply only to USD transactions.
While, technically, OFAC sanctions apply only to US persons, in the sense that only US persons can commit the offence of breaching them, they can and do effect on-US persons in a number of important ways. For example:
- OFAC applies to all transactions in the US, including all USD payments, whoever makes them, whether or not they have a presence in the US. This means that all USD transactions involving a party under OFAC sanctions are liable to be blocked or frozen by US correspondent banks. All such blocked and frozen transactions are reported to the US authorities, which track the identity of the foreign financial institutions that do business with parties under OFAC sanctions.
- OFAC applies to all US persons, including US-person employees of non-US businesses operating outside the US. The effect is that if a US-person employee processes a transaction in any currency in contravention of OFAC, they will commit a criminal offence.
- OFAC applies to all non-US persons operating in the US. Where the US presence is through a subsidiary, US jurisdiction is unlikely to permeate to the parent, but where the US presence is in the form of a branch or agency, the US-based activities of the entire corporate body may become subject to US jurisdiction.
- It is an offence for any person (US or not) to conspire to cause a US person to contravene OFAC by, for example, stripping payee details from payment messages to prevent a US person identifying and blocking a payment involving a party under OFAC sanctions.
The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (Patriot Act), enacted in October 2001, imposed an obligation on US banks operating correspondent accounts to force their foreign bank customers to comply with US regulations. Downward pressure was, in turn, applied to bank customers, including trust companies. But some foreign banks are said to have implemented ‘special procedures’ on behalf of sanction-affected customers to disguise their identity, undermining the objectives of the Patriot Act and OFAC sanctions. ABN Amro, Credit Suisse, Barclays and RBS have collectively been fined almost USD1 billion by the US authorities in the past three years for such conduct. Nothing that the banks did was illegal where the ‘stripping’ activity took place. It was illegal only under US law, which was applied extraterritorially.
In the ABN Amro case, the US authorities were able to exercise their jurisdiction by claiming that the Dutch bank was a US person by virtue of its US branch. The fear in Washington was that the same stick could not be wielded against foreign banks operating US correspondent accounts with no branch or subsidiary on American soil.
The response has been to apply pressure to foreign banks to force them to comply with US sanctions, at the risk of losing the privilege of doing business in dollars through the New York financial markets. This has resulted in a comprehensive ‘export’ of US compliance obligations. An international bank without a US correspondent account is effectively shut out of the global financial markets. One consequence has been that banks have begun to apply pressure to their trust company business clients to implement more robust sanctions-compliance controls.
The US regards anybody who does business with a person under US sanctions as trading with the enemy
Further ammunition is provided under s319 of the Patriot Act, which permits US authorities to hold foreign banks responsible for the financial misdeeds of their customers and gives them the power to forfeit funds from a foreign bank’s US correspondent accounts for infractions of US law. This is a particularly effective deterrent for two reasons: first, as the action is brought against a bank’s property, not against the bank itself, no wrongdoing needs be proven against the bank for the provision to bite; and second, the civil and not the more onerous criminal standard of proof applies.
Of even greater concern are the anti- terrorism laws enacted in 1992 and 1996, which permit victims of terrorism to bring civil actions against financial institutions that are alleged to have provided material support or resources, including financial services, to a foreign terrorist organisation in breach of the US Anti-Terrorism Act. The US civil plaintiff bar that waged the tobacco class-litigation wars of the 1980s and 1990s now has foreign banks in its sights on behalf of the victims of terrorism. Contingency fee arrangements in the US permit lawyers to recruit potential plaintiffs who pay no legal fees unless they win and bear no risk of costs if they lose. These lawyers are presumably well aware of the reputational cost to banks of defending claims brought by the victims of terrorism.
NatWest is currently defending a series of claims by US citizens and the heirs of foreign citizens injured or killed in ten terrorist attacks in Israel in 2002 and 2003. It is claimed that, by having maintained accounts and processed transfers in the UK for Interpal (a Palestinian charity registered with the UK Charities Commission), NatWest provided material support to terrorist organisations such as Hamas.
At the time the accounts were maintained by NatWest in the UK, Interpal was designated as a terrorist organisation only by the authorities in Israel. It was only later in 2003 that Interpal was placed under sanctions by OFAC. At all material times, NatWest acted lawfully in the UK, where the accounts were operated. Nevertheless, the bank now finds itself defending, at considerable expense, a claim that, whether or not it succeeds, will do nothing to enhance its reputation. If the claims succeed, the US Anti-Terrorism Act’s treble-damages provisions are likely to guarantee that the sums in damages will be substantial.
Robust compliance regime
It is difficult to conceive of more powerful deterrents for non-US banks and other financial services businesses to act contrary to US foreign policy objectives wherever they conduct their business, whether or not they maintain a presence in the US. Consequently, it has become imperative that non-US financial services businesses understand the expanded reach of US law in designing their own compliance regimes. With no prospect of a change in policy on extraterritoriality by President Obama, the costs of compliance to the non-US banking sector look set to continue to soar.
What are the lessons? Critically, all financial services businesses must recognise that the nature of criminal, regulatory and civil liability risk has gone global. Too many institutions encourage a jurisdiction-specific silo mentality to risk management and express surprise when a risk appears from outside their limited field of vision. The devastating effect of the US housing collapse on UK banks is a symptom of this mentality. Clouds are gathering for financial services businesses internationally: many are ill-equipped to withstand a hurricane that has, at its epicentre, an OFAC sanctions breach or a treble-damages class action brought by victims of an act of terrorism claimed to have been ‘facilitated’ by the institution’s inadequate sanctions-compliance controls. We now live in a ‘but for’ era: all financial services businesses must recognise that they will be held liable for acts that might not have occurred ‘but for’ the weaknesses in their financial-crime-prevention controls. Robust international sanctions-compliance procedures are not an optional extra; they are an imperative.
The content displayed here is subject to our disclaimer. Read more