After self-reporting apparent violations of the bank's sanctions against proliferation of weapons of mass destruction to the Office of Foreign Assets Control (OFAC) of the Treasury Department, Oklahoma-based MidFirst Bank decided not to pay a civil fine.
On Thursday, MidFirst received a finding of violation (FOV) from OFAC, which clarifies the situation by identifying the alleged errors without imposing a penalty. The timing of the apparent violations and their relative lack of harm, along with the bank's cooperation, were among the mitigating factors considered by the regulator.
An inquiry for comment from MidFirst received no response.
According to the regulator's enforcement release, MidFirst processed 34 payments on behalf of two people who were added to OFAC's List of Specially Designated Nationals and Blocked Persons (SDN List). Following the individuals' designations under the Weapons of Mass Destruction Proliferators Sanctions Regulations on September 21, 2020, all of the transactions took place within a two-week period.
According to OFAC, MidFirst was at fault for the violations because it miscalculated how frequently its sanctions screening vendor screened its entire customer base.
“Although the vendor conducted daily screenings of new customers and of existing customers with certain account changes (e.g., changes to a customer’s name or address), the vendor only screened MidFirst’s entire existing customer base once a month,” according to OFAC. "MidFirst misunderstood the scope of the contract with its vendor, mistakenly believing that the daily screenings would screen its entire customer base against additions and changes to the SDN List."
According to the enforcement release, MidFirst discovered the two people's designation on October 5, 2020 from the vendor's monthly report and its own monthly screening. It then blocked their accounts and informed OFAC of what had happened.
Five transactions totaling $604,000 were found to have taken place within six hours of the designated people, according to an investigation into the transactions. $40000 of that total came from transfers within the books. According to OFAC, the remaining 29 transactions on behalf of the blocked individuals totaled less than $10,000.
In response to the incident, MidFirst changed its policies in November 2020 to require a manual rescreening of its customer base whenever the SDN List is updated, and it requested that its vendor increase the frequency at which it screens all customers starting in December 2020.
The FOV "reaffirms that financial institutions should take a risk-based approach to sanctions compliance, including when implementing sanctions screening tools," according to OFAC. It also "emonstrates the importance of ensuring the scope and capabilities of outsourced sanctions compliance services are consistent with the financial institution’s assessment of its exposure to sanctions risks."
By fLEXI tEAM