Category Archives: Sudan Sanctions

12.01.15
by

Oh, Barracuda! OFAC Enforcement Action results in $38,930 settlement

Barracuda Networks allegedly violated the Iranian, Sudanese and Syrian sanctions programs by selling and providing updates to web filtering products that could be used to block and censor Internet content and Internet security software from August 2009 to May 2012 to blocked persons, including people on the SDN List under the Syrian sanctions program. The base penalty for these voluntarily self-disclosed, non-egregious violations is $123, 586.

Here is OFAC's accounting of the General Factors considered in coming up with the settlement amount:

(1) Barracuda acted with reckless disregard for sanctions requirements
by

(a) permitting distributors and resellers to sell its products and updates to SDNs and to
customers in sanctioned countries when it knew or had reason to know that the products were
located in sanctioned countries or with SDNs, in potential violation of U.S. sanctions
requirements, and

(b) distributing its products and technology to more than 17,000 resellers and
distributors worldwide without implementing any written sanctions compliance policies or
procedures, and failing to provide training to its employees regarding export controls and
sanctions;

(2) Barracuda knew or had reason to know that it was exporting goods, technology,
and services to Iran and Sudan because IP addresses associated with those countries were used to
contact the company; further, Barracuda knew or had reason to know that it was exporting technology to Syrian SDNs because the SDNs were listed on sales invoices;

(3) the exportation
of the Web filtering software and hardware to Iran, Sudan, and SDNs in Syria could potentially
have caused significant harm to U.S. sanctions program objectives because the technology could
have been used to block or censor Internet activity;2

(4) Barracuda did not screen IP addresses
used to contact Barracuda’s servers because it had no OFAC compliance program in place at the
time of the transactions;

(5) Barracuda has no prior OFAC sanctions history, including no
penalty notice or Finding of Violation in the five years preceding the earliest date of the
transactions giving rise to the apparent violations, making it eligible for up to 25 percent “first
offense” mitigation;

(6) Barracuda took significant remedial steps including developing a method
to disable products in sanctioned countries, prioritizing U.S. sanctions and export controls
compliance by establishing an Office of Trade Compliance and hiring a general counsel with
subject matter expertise in these areas, issuing company-wide a statement from the CEO about
sanctions-related policy, implementing a trade compliance manual, and enhancing its sales
software to include red flags for orders that may require a license; and

(7) Barracuda
substantially cooperated with OFAC’s investigation, including by agreeing to toll the statute of
limitations for approximately 521 days.

That statute of limitations tolling is for a bit shy of 1 1/2 years. This is also the first time Mr. Watchlist has seen OFAC refer to the “first offense” discount (it's in the Enforcement Guidelines).

Link:

OFAC Enforcement Information

 

11.05.15
by

OFAC Enforcement Action against Credit Agricole

This was part of a much larger settlement (approximately $787 million) – OFAC's piece was about $329.5 million. There were a total of 4297 total violations – primarily of the Sudanese sanctions program, but also of the Cuban, Iranian and Burmese programs. The violations were not voluntarily self-reported and were considered egregious. That means that the base penalty was the statutory maximum of approximately $1.464 billion. That means the total fine (including the non-OFAC pieces) were over 50% of the maximum, and even OFAC's part was almost 25%.

Here's the nub of what was going on:

For a number of years, up to and including 2008, CA-CIB and certain of its predecessor banks,
and CA-CIB’s subsidiary located in Switzerland … and its predecessors processed thousands of transactions to or through U.S. financial institutions that involved countries and/or persons (individuals and entities) subject to the
sanctions regulations administered by OFAC. Personnel (including managers) from various
business units within these CA-CIB entities were aware of U.S. economic sanctions programs
and understood that U.S. financial institutions were required to block or reject transactions
involving an OFAC-sanctioned country or person. Despite this knowledge, the above-referenced
banks used cover payments and/or implemented special payment practices in a manner that
omitted references to U.S.-sanctioned parties in U.S. Dollar (USD) Society for Worldwide
Interbank Financial Telecommunication (SWIFT) payment messages sent to the United States, thereby preventing U.S. financial institutions from appropriately reviewing and analyzing the
transactions for compliance with OFAC regulations.

and here's the OFAC math:

The following were found to be
aggravating factors:

  • CA-CIB — in particular through CLS and CAIS (which subsequently
    merged to form CAS) — had indications that its conduct might constitute a violation of U.S. law
    before the earliest date of the apparent violations;
  • several CA-CIB managers, in particular at the
    Swiss locations and in some instances Paris Head Office, were aware of the conduct that led to
    the apparent violations;
  • CA-CIB’s conduct resulted in significant harm to several of the
    sanctions programs administered by OFAC and their associated policy objectives;
  • CA-CIB is a
    large and sophisticated institution with a global presence; and
  • CA-CIB did not have appropriate
    controls in place to prevent these apparent violations from occurring and otherwise had an
    inadequate compliance program.

Mitigation was extended because

  • CA-CIB has not received a
    penalty notice or Finding of Violation from OFAC in the five years preceding the earliest date of
    the transaction giving rise to the apparent violations;
  • the bank took appropriate remedial action in
    response to these apparent violations; and
  • CA-CIB provided substantial cooperation throughout
    the course of OFAC’s investigation, including by producing detailed and well-organized
    information, and by executing a statute of limitations agreement and multiple extensions to the
    agreement.

OFAC also considered that the majority of the apparent violations occurred between
2003 and 2005 and prior to the publication of the ABN Amro settlement.

Links:

OFAC Notice

OFAC Enforcement Information

OFAC Settlement

 

08.11.15
by

What? No Fine?

So, OFAC issued a Finding of Violation to Schlumberger Oilfield Holdings Ltd – but no civil monetary penatly. What gives?

Was the behavior really benign? Not if you look at the aggravating factors:

  • SOHL, as well asSchlumberger, Ltd’s D&M business segment willfully violated and attempted to violate U.S.economic sanctions related to Iran and Sudan, including through acts of concealment;
  • theviolations involved a long-term pattern of conduct;
  • Schlumberger’s senior management knewor had reason to know of the conduct giving rise to the alleged violations;
  • Schlumberger’sconduct caused significant harm to U.S. sanctions program objectives by providing specializedgoods and services to the petroleum production industries in Iran and Sudan;
  • Schlumberger isa large and sophisticated global company that knew or should have known of its obligations tocomply with the ITSR and SSR; and
  • Schlumberger failed to effectively enforce itscompliance program despite operating in a high-risk industry.

The secret lies in the mitigating factors:

  • Schlumberger took remedial actionincluding voluntarily ceasing to provide oilfield services in Iran and Sudan;
  • Schlumberger hasno prior OFAC sanctions history, including receipt of a penalty notice or Finding of Violation inthe five years preceding the date of the earliest transaction giving rise to the violations;
  • Schlumberger cooperated with OFAC’s investigation by entering into several statute oflimitations tolling agreements; and
  • SOHL entered into a plea agreement with the U.S.Department of Justice, agreeing to pay a criminal fine in the amount of $155,138,904, as well asa forfeiture money judgment in the amount of $77,569,452.

In case you missed that, OFAC makes sure you understand:

Based upon this analysis of the General Factors and the totality of the facts and circumstances—and particularly in light of the parallel criminal case and the substantial criminal fine and forfeitureimposed on SOHL for these same sanctions violations arising out of the company’s conduct—OFAC determined that an FOV was the appropriate administrative response.

If you are interested in what Schlumberger actually did, it's laid out in the FInding of Violation and OFAC's Enfrocement Action notice.

Link:

OFAC Enforcement Action

Schlumberger Finding of Violation

 

 

08.10.15
by

OFAC Enforcement Action: Navigators Insurance Company fined $271,815

The firm settled 48 apparent violations of sanctions on North Korea, Iran, Sudan and Cuba. The violations were voluntarily self-disclosed and were considered non-egregious.

Between 2008 and 2011, the firm issued insurance policies, and paid claims, for North Korean vessels, and covered shipping transactions involving Cuba, Iran and Sudan – all while not having an OFAC compliance program.

The total base penalty for all 48 violations was $755,042 – you can see all the detail in OFAC’s notice. Here’s how you get to $271K:

The following were considered aggravating factors:

  • Navigators
    managers and supervisors knew or had reason to know that the majority of the insurance policies
    and claims payments at issue involved OFAC-sanctioned countries;
  • Navigators is a
    commercially sophisticated financial institution; and
  • Navigators did not have a formal OFAC
    compliance program in place at the time the apparent violations occurred.

The following were
considered mitigating factors:

  • Navigators has not received a penalty notice or Finding of
    Violation from OFAC in the five years preceding the earliest date of the apparent violations;
  • Navigators took appropriate remedial action in response to the apparent violations, including the
    formation and implementation of a comprehensive OFAC compliance program; and
  • Navigators
    cooperated with OFAC’s investigation by providing all information in a responsive, well-
    organized fashion, and by signing a tolling agreement and two extensions to that agreement

Link:

OFAC Enforcement Action

 

04.09.15
by

March 25, 2015: 486 violations net PayPal a $7,658,300 fine

On March 25th, OFAC levied a Civil Monetary Penalty against PayPal for violations of the Iran, Cuba, Sudan, terrorism and Weapons of Mass Destructioin sanctions programs. These violations started in 2009 and occured as recently as September 2013, some of which included explicit references to sanctioned countries (e.g. “Tehran” or “Sudan”).

Here's the detail of one set of violations singled out by OFAC:

Separately, between October 20, 2009 and April 1, 2013, PayPal processed 136 transactions
totaling $7,091.77 to or from a PayPal account registered to Kursad Zafer Cire, an individual
designated by the U.S. State Department on January 12, 2009 pursuant to Executive Order 13382
of June 28, 2005, “Blocking Property of Weapons of Mass Destruction Proliferators and Their
Supporters,” in apparent violation of the WMDPSR. PayPal stated to OFAC that it failed to
identify its customer as a potential Specially Designated National (SDN) at the time of his
designation because the MSB’s automated interdiction filter was not “working properly.”
Starting approximately six months later, PayPal’s automated interdiction filter appropriately
flagged Cire’s account five times (on July 30, 2009, September 3, 2009, October 21, 2009,
October 24, 2009, and November 16, 2009) for potential matches to the SDN, and on each
occasion, separate PayPal Risk Operations Agents dismissed the alerts without requesting
additional information to clear the potential SDN name matches. PayPal stated that this conduct
did not comply with the MSB’s internal policies and procedures for handling SDN name
matches. On February 14, 2013, PayPal’s interdiction filter again flagged Cire’s account for a
sixth time due to a potential match to the SDN, and a PayPal Risk Operations Agent followed the
MSB’s procedures for handling an SDN name match by creating a “case” for the match,
restricting Cire’s account, and requesting additional information from the customer. Upon
receiving the requested information, which included a copy of Cire’s passport showing a date of
birth and place of birth that were identical to those of the SDN, PayPal’s Risk Operations Agent
dismissed the match due to an apparent misunderstanding of why the interdiction filter had
flagged Cire’s account for review. On April 3, 2013, PayPal’s interdiction filter flagged Cire’s
account for a seventh time, and the MSB appropriately blocked the account and reported it to
OFAC.

The total base penalty for all these violations was $17,018,443. Here are OFAC's list of aggravating factors:

1) PayPal’s
management demonstrated reckless disregard for U.S. economic sanctions requirements in
deciding to operate a payment system without implementing appropriate controls to prevent the
system from processing transactions in apparent violation of OFAC regulations;

2) PayPal
management and supervisors knew of the conduct giving rise to the apparent violations;

3)
PayPal’s conduct resulted in harm to U.S. sanctions program objectives, and the MSB provided
economic benefit to Cire and undermined the integrity of the WMDPSR by operating an account
and processing transactions on behalf of an SDN for approximately three-and-a-half years; and

4) PayPal’s OFAC compliance program was inadequate to prevent the apparent violations.

and mitigating factors:

1) PayPal hired new management within its Compliance Division, identified OFAC-related issues with regard to the MSB’s payment system in 2011, and undertook various measures to strengthen PayPal’s OFAC screening processes and measures, including steps to implement more effective controls;

2) PayPal has not received a penalty notice or Finding of Violation in the five years preceding the earliest date of the transactions giving rise to the apparent violations; and

3) PayPal substantially cooperated with OFAC’s investigation, including by submitting the relevant documents and information in a clear and organized fashion, answering numerous follow-up inquiries for information over the course of OFAC’s investigation, and by entering into a statute of limitations tolling agreement and an extension to the agreement.

Links:

OFAC Notice

OFAC Web Notice

OFAC Settlement Agreement

 

03.30.15
by

March 25, 2015: US Department of Justice Press Release: Schlumberger pleads guilty to Iran & Sudan sanctions violations

No Enforcement Action notices yet, but the guilty plea and fine ($232.7 million) have appeared multiple times in the press. And here is Justice's press release – it will be interesting to see OFAC's calculus and greater detail, when published:

Department of Justice
Office of Public Affairs
FOR IMMEDIATE RELEASE
Wednesday, March 25, 2015
Schlumberger Oilfield Holdings Ltd. Agrees to Plead Guilty and Pay Over $232.7 Million for Violating US Sanctions by Facilitating Trade with Iran and Sudan

Parent Company, Schlumberger Ltd., Also Agrees to Continue Cooperation With U.S. Authorities and To Hire an Independent Consultant to Review Its Sanctions Policies, Procedures and Internal Sanctions Audits

Assistant Attorney General for National Security John P. Carlin, U.S. Attorney Ronald C. Machen Jr. of the District of Columbia and Under Secretary Eric L. Hirschhorn of the U.S. Commerce Department’s Bureau of Industry and Security announced today that Schlumberger Oilfield Holdings Ltd. (SOHL), a wholly-owned subsidiary of Schlumberger Ltd., has agreed to enter a guilty plea and to pay a $232,708,356 penalty to the United States for conspiring to violate the International Emergency Economic Powers Act (IEEPA) by willfully facilitating illegal transactions and engaging in trade with Iran and Sudan.

The plea agreement, which is contingent upon the court’s approval, also requires SOHL to submit to a three-year period of corporate probation and agree to continue to cooperate with the government and not commit any additional felony violations of U.S. federal law. In addition to SOHL’s commitments, under the plea agreement, SOHL’s parent company, Schlumberger Ltd., has also agreed to the following additional terms during the three-year term of probation, inter alia: (1) maintaining its cessation of all operations in Iran and Sudan, (2) reporting on the parent company’s compliance with sanctions, (3) responding to requests to disclose information and materials related to the parent company’s compliance with U.S. sanctions laws when requested by U.S. authorities, and (4) hiring an independent consultant to review the parent company’s internal sanctions policies and procedures and the parent company’s internal audits focused on sanctions compliance. The guilty plea concludes a joint investigation commenced in 2009 and led by the Justice Department’s National Security Division, the U.S. Attorney’s Office for the District of Columbia and the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) Dallas Field Office.

“Over a period of years, Schlumberger Oilfield Holdings Ltd. conducted business with Iran and Sudan from the United States and took steps to disguise those business dealings, thereby willfully violating the U.S. economic sanctions against those regimes,” said Assistant Attorney General Carlin. “The International Emergency Economic Powers Act is an essential tool that the United States uses to address foreign threats to national security through the regulation of commerce. Knowingly circumventing sanctions undermines their efficacy and has the potential to harm both U.S. national security and foreign policy objectives. The guilty plea and significant financial penalty in this case underscore that skirting sanctions for financial gain is a risk corporations ought not take.”

“This is a landmark case that puts global corporations on notice that they must respect our trade laws when on American soil,” said U.S. Attorney Machen. “Even if you don’t directly ship goods from the United States to sanctioned countries, you violate our laws when you facilitate trade with those countries from a U.S.-based office building. For years, in a variety of ways, this foreign company facilitated trade with Iran and Sudan from Sugar Land, Texas. Today’s announcement should send a clear message to all global companies with a U.S. presence: whether your employees are from the U.S. or abroad, when they are in the United States, they will abide by our laws or you will be held accountable.”

“Today's criminal guilty plea demonstrates the Commerce Department’s commitment to aggressively prosecute multinational corporations for violations involving embargoed destinations,” said Under Secretary Hirschhorn. “We will continue to pursue violators wherever they are located and whatever their size. I commend the Office of Export Enforcement and the Department of Justice for their outstanding efforts to investigate and prosecute this case.”

A criminal information was filed today in federal court in the District of Columbia charging SOHL with one count of knowingly and willfully conspiring to violate IEEPA. SOHL waived the requirement of being charged by way of federal Indictment, agreed to the filing of the information, and has accepted responsibility for its criminal conduct and that of its employees by entering into a plea agreement with the government. The plea agreement, which is contingent upon the court’s approval, requires that SOHL pay the U.S. government $232,708,356 and enter into a three-year period of corporate probation. SOHL’s monetary penalty includes a $77,569,452 criminal forfeiture and an additional $155,138,904 criminal fine. The criminal fine represents the largest criminal fine in connection with an IEEPA prosecution.

In addition to SOHL’s agreement to continue its cooperation with U.S. authorities throughout the three-year period of probation and not to engage in any felony violation of U.S. federal law, SOHL’s parent company, Schlumberger Ltd., also has agreed to continue its cooperation with U.S. authorities during the three-year period of probation, and hire an independent consultant who will review the parent company’s internal sanctions policies, procedures and company-generated sanctions audit reports.

Summary of the Criminal Conduct

According to court documents, starting on or about early 2004 and continuing through June 2010, Drilling & Measurements (D&M), a United States-based Schlumberger business segment, provided oilfield services to Schlumberger customers in Iran and Sudan through non-U.S. subsidiaries of SOHL. Although SOHL, as a subsidiary of Schlumberger Ltd., had policies and procedures designed to ensure that D&M did not violate U.S. sanctions, SOHL failed to train its employees adequately to ensure that all U.S. persons, including non-U.S. citizens who resided in the United States while employed at D&M, complied with Schlumberger Ltd.’s sanctions policies and compliance procedures. As a result of D&M’s lack of adherence to U.S. sanctions combined with SOHL’s failure to train properly U.S. persons and to enforce fully its policies and procedures, D&M, through the acts of employees residing in the United States, violated U.S. sanctions against Iran and Sudan by: (1) approving and disguising the company’s capital expenditure requests from Iran and Sudan for the manufacture of new oilfield drilling tools and for the spending of money for certain company purchases; (2) making and implementing business decisions specifically concerning Iran and Sudan; and (3) providing certain technical services and expertise in order to troubleshoot mechanical failures and to sustain expensive drilling tools and related equipment in Iran and Sudan.

The Illegal Schemes

Illegal U.S. Person Approval of Capital Expenditures. According to court documents, one of the important functions of D&M management personnel was the supervision of D&M’s capital expenditure (CAPEX) process. The CAPEX process was a forecasting mechanism enabling oilfield locations to predict what tools and equipment they would need to meet anticipated demand for oilfield services. Oilfield personnel worldwide made requests through an automated system for the manufacture of new tools and for permission to spend money for certain purchases in order to support oilfield operations. Once approved by the D&M Global Asset Manager in the United States, a request for new equipment was transmitted to one of three manufacturing centers for the production of new tools and other assets. The spending of funds for large-scale purchases was authorized once the request was approved by the D&M Global Asset Manager. Under the CAPEX process in place during the relevant time period, approval by the D&M Global Asset Manager, a U.S. person, was required for every CAPEX request, including requests submitted by or for the benefit of D&M oilfields in Iran and Sudan.

Consequently, D&M’s CAPEX process violated sanctions with Iran and Sudan in a number of ways. Although CAPEX approvals were ordinarily sought through an automated computer system, D&M personnel outside the United States frequently sent emails to the D&M Global Asset Manager in the United States justifying particular requests, many of which related to requests submitted by or on behalf of Iran and Sudan. Furthermore, in these email communications, D&M personnel outside the United States referred to Iran as “Northern Gulf” and Sudan as “Southern Egypt” or “South Egypt” in email communications with D&M personnel in the United States.

In addition, D&M personnel outside the United States implemented a process designed to disguise the identities of the embargoed locations in the automated computer system in order to obtain approval from the D&M Global Asset Manager in the United States. Orders entered into the automated computer system were identified by a series of numbers and letters. Typically, the alpha-numeric identifier included a two or three-letter code indicating the country that placed the order. Instead of entering the country code for Iran or Sudan, D&M personnel entered non-embargoed country codes for embargoed location orders. Specifically, the code “BGM,” which identified a bonded-goods warehouse in Jebel Ali, United Arab Emirates, was used in place of the Iran and Sudan country codes in order to disguise the true locations. These efforts were deliberately taken and demonstrate the company’s involvement in contriving ways intended to evade restrictions imposed by U.S. sanctions.

D&M Headquarters Involvement in Iran and Sudan. According to court documents, separate and apart from the illegal CAPEX approval process that violated U.S. sanctions, D&M headquarters personnel made and implemented business decisions involving D&M operations in Iran and Sudan—again, all in violation of U.S. sanctions’ restrictions on the facilitation of trade with Iran and Sudan. D&M’s illegal involvement in the day-to-day operations in Iran and Sudan, through U.S. persons working at D&M headquarters, occurred with D&M’s knowledge and understanding of the applicability of U.S. sanctions laws to the company.

Technical Services. According to court documents, when technical problems arose in oilfield locations related to the operation of drilling tools, D&M personnel would enter relevant information about the technical issue into an automated computer system. D&M’s automated computer system would generally route the query to a technical expert who could assist the oilfield location in addressing the technical issue. If the technical issue was sufficiently complex, the query would ordinarily be routed to the technical experts located at the product center that manufactured the tool. At times, queries entered by, or on behalf of, D&M personnel in Iran and Sudan were addressed by D&M personnel located in the United States. The technical services provided to Iranian and Sudanese operations, by U.S. persons, violated the prohibitions of trade with Iran and Sudan required by U.S. sanctions.

SOHL and Schlumberger’s Remediation Efforts

In 2009, in consultation with the U.S. Department of State, Schlumberger agreed to no longer pursue new oilfield contracts in Iran. In 2011, Schlumberger voluntarily decided to cease providing oilfield services in Iran and the Republic of the Sudan (North Sudan). As of June 30, 2013, Schlumberger ceased providing oilfield services in Iran, and presently, Schlumberger has ceased providing oilfield services in North Sudan as well.

In announcing the plea, Assistant Attorney General Carlin and U.S. Attorney Machen commended the work of Special Agent Troy Shaffer from BIS’s Dallas Field Office. They also acknowledged the work of those who handled the case from the National Security Division and the U.S. Attorney’s Office, including former Trial Attorney Ryan Fayhee and former Assistant U.S. Attorneys John Borchert and Ann H. Petalas.

The case is being prosecuted by Trial Attorney Casey Arrowood of the National Security Division, Assistant U.S. Attorney Maia L. Miller of the National Security Section and Assistant U.S. Attorney Zia Faruqui of the Asset Forfeiture and Money Laundering Section.

 

Link:

Department of Justice Press Release

Plea Ageement

Statement of Offense

Indictment

 

03.16.15
by

The New Math: Multi-agency enforcement actions against Commerzbank AG

Everyone gets a piece of the pie here – the NY Department of Financial Services gets $610 million, OFAC’s official fine is in excess of $250 million (but is deemed paid on the basis of the lesser amount paid to the Department of Justice). All told, it’s another mega-fine of $1.45 billion dollars for conduct breaching the Iran, Weapons of Mass Destruction, Sudan, Burma and Cuba sanctions programs from 2002 until 2010.

Here is how OFAC saw matters in knocking down the penalty from a base of over $574 million:

The following were found to be aggravating factors:

  • At a minimum,Commerzbank acted with reckless disregard for U.S. sanctions requirements in processingtransactions in apparent violation of OFAC sanctions regulations;
  • management at Commerzbankknew or had reason to know of the conduct leading to certain of the apparent violations;
  • theconduct described above conferred significant economic benefit to persons subject to U.S.sanctions and undermined the integrity of multiple U.S. sanctions programs;
  • Commerzbank is alarge, commercially sophisticated financial institution; and
  • Commerzbank did not maintainadequate policies or procedures to ensure compliance with the sanctions programs administeredby OFAC.

Mitigation was extended because

  • Commerzbank has not received a penalty notice orFinding of Violation from OFAC in the five years preceding the date of the earliest transactiongiving rise to the apparent violations;
  • Commerzbank cooperated with OFAC’s investigation ofthe apparent violations by engaging in an extensive internal investigation, by responding forrequests for information, and by executing a statute of limitations tolling agreement withmultiple extensions; and
  • Commerzbank took remedial action in response to the apparentviolations described above.

The NY DFS was also able to extract, in return for settling the charges, the termination of multiple employees and the installation of an independent monitor at Commerzbank.

Links:

OFAC Notice

OFAC Enforcement Action

Treasury Department Settlement

Treasury Department Press Release

NY DFS Press Release