In this series, we examine compliance violations and the resulting fines paid by companies. We will also explore the details of the violations to help other organizations steer away from these pitfalls.
In this fourth post, we will examine the reasons behind Wells Fargo’s $30 million OFAC settlement.
What is OFAC?
The Office of Foreign Assets Control (OFAC) is a financial enforcement agency administered by the U.S. Treasury Department. This agency is responsible for enforcing economic sanctions against certain individuals, countries, and groups, primarily those involved in terrorism, narcotics, and other illegal activities. Depending on the U.S. foreign policy and national security goals, these sanctions are selective or complete.
From a compliance standpoint, companies must screen their transactions and ensure they are not facilitating any transactions that violate OFAC’s sanctions programs. Non-compliance with these regulations can result in severe penalties, including substantial fines.
Let’s now see how Wells Fargo ended up on the wrong side of this OFAC compliance.
Background of the Case
The woes for Wells Fargo began when it took over Wachovia Bank during the 2008 Financial Crisis. Between 2009 and 2014, the bank had 124 instances where it violated the OFAC requirements. The total amount of violations was a whopping $532 million.
Wachovia had developed a platform called XM Bills to handle transactions involving trade financing activities. When Wells Fargo acquired Wachovia, it inherited the XM Bills platform. There were two versions of this platform. In one version, the bank managed transactions on behalf of customers, and in the second version, the software was given to customers to manage their transactions independently. This customization of the platform allowed a European bank to host all its trade financing activities. Some of these transactions included OFAC sanctions involving Iran, Sudan, and Syria. To conduct these transactions, the European Bank used Wells Fargo facilities in Hong Kong and its data center in Virginia.
Although Wells Fargo voluntarily disclosed this conduct to OFAC in 2015, the violations had already occurred, leading to significant repercussions.
Undoubtedly, this is a complicated case and it is not often that you can come across legacy problems that eventually lead to more violations. Nevertheless, there are many valuable lessons in this settlement.
Learnings from the Settlement
Wells Fargo has a dubious record of violations and non-compliance, and this settlement adds to its lengthy list. Here are the key learnings from this non-compliance case.
Thorough Due Diligence
Wells Fargo’s acquisition of Wachovia included inheriting its platforms and processes. This case highlights the critical need for thorough due diligence during mergers and acquisitions. If you are acquiring a company, scrutinize the compliance frameworks and tools to ensure they align with regulatory requirements. A robust due diligence process can help identify potential compliance risks before they escalate into significant violations.
Regular Compliance Audits
Regular and comprehensive compliance audits are essential to detect and address potential violations early. Wells Fargo’s violations occurred over a period of seven years, indicating a gap in ongoing compliance monitoring. To avoid such gaps, implement regular audits to identify violations as they occur and rectify issues before they result in regulatory action.
Effective Training Programs
Compliance with OFAC regulations requires that employees are well-informed about the sanctions programs and their implications. Provide effective training programs to ensure that staff members understand the importance of compliance and are aware of the specific regulations that apply to their roles. Continuous education and training can help maintain a culture of compliance within the organization.
Enhanced Transaction Screening
Wells Fargo’s case shows the importance of robust transaction screening mechanisms. Have advanced systems in place to screen transactions against OFAC’s sanctions lists. Note that these systems should be capable of identifying and flagging prohibited transactions, ensuring that they are blocked before they can be processed.
Prompt and Transparent Reporting
When a violation is identified, report it promptly and transparently to the relevant authorities. Wells Fargo voluntarily disclosed its conduct to OFAC in 2015, which likely mitigated some penalties. Prompt reporting demonstrates a commitment to compliance and can help in negotiating settlements and reducing fines.
Strengthening Third-Party Oversight
In this case, a European bank used Wells Fargo’s facilities to conduct prohibited transactions. This highlights the need for strong oversight of third-party relationships. Make sure that your partners and clients are also compliant with OFAC regulations. Also, strengthen third-party due diligence and monitoring to prevent unauthorized activities and safeguard against violations.
Customization Risks
The customization of Wachovia’s XM Bills platform to meet the needs of a European bank ultimately facilitated the violations. This serves as a warning about the risks associated with customizing software, especially when they involve monitoring compliance-related transactions. Also, carefully evaluate the customizations to ensure they do not create loopholes or weaken compliance controls.
Final Thoughts
Wells Fargo’s $30 million settlement with OFAC is once again the consequence of non-compliance with U.S. sanctions regulations. This case brings out the importance of implementing rigorous compliance frameworks, thorough due diligence, regular audits, effective training, robust transaction screening, prompt reporting, strong third-party oversight, and cautious customization of compliance tools.
For organizations, the key takeaway is the need to proactively manage and continuously improve their compliance programs. With these learnings from Wells Fargo, you can better navigate the complexities of OFAC regulations and avoid the pitfalls that led to such significant penalties.