Intelligent Search Technology, Ltd. specializes in search and matching software. Name Search our flagship product provides intelligence to both online and batch search and matching applications. Name Search not only enables systems to find and match information based on personal and corporate names but also comes with powerful address searching and e-mail searching services. Correct Address is address verification, validation and correction software harnesses the intelligence of the Name Search. Name search also powers ISTwatch. ISTwatch is terrorist checking software to enabling compliance with US patriots act. Merlin Merge supplied with the name search is used for duplicate record identification and merge purge operations. The Fastest, Easiest and Most Accurate Name and Address Searching and Matching Software  
HOME  |  ABOUT US  |  PRODUCTS  |  NEWS  |  CUSTOMERS  |  CONTACT US  |  MY ACCOUNT
PRODUCTS
 
NameSearch
» Overview
» Corporate Name Search
» Key Building
» Scoring
» Predict
» NameSearch Applications
» Oracle SDK
» SQL Server 2000 SDK
» ASP.NET
» White Paper
CorrectAddress
» Overview
» Batch
» Real-Time
» SQL Server 2000 SDK
» Web Services
MerlinMerge
» New MerlinMerge Speed Pro
» Merge/Purge & Deduping
ISTWatch
» Overview
» Terrorist Identification
» Batch
» Real Time
» Oracle SDK
» SQL Server 2000 SDK
» DB2 SDK
» Questions and Answers
» Z/OS
» Web Services
ISTmedWatch
Web Services
» Overview
» Address Correction
» OFAC Searching
» Merge/Purge & Deduping
» ISTmedWatch



  
 

ISTwatch OFAC Questions And Answers

Who must comply with OFAC regulations?
How much are the fines for violating OFAC regulations?
Is there a mechanism for a company to report its past undetected violations of OFAC regulations for completed transactions? Is any type of "amnesty" available for inadvertant failure to comply prior to the company becoming aware of the OFAC regulations?
What is an OFAC SDN list?
How often is the SDN list updated?
What do I do if I have a match to the SDN list?
How to report a match via OFAC “hotline”?
What is the Control list? What is the difference between the Control list and OFAC's SDN list?
How often do I need to scan my customer database for SDNs?
How do I setup a compliance program for my organization?
What do I do if a person tries to open an account and the person's name is on OFAC's SDN list? Do I open the account and then block the funds?
CONTROL LIST TIMELINE
Policies and Procedures
OFAC Frequently Asked Questions Links

Who must comply with OFAC regulations?

All U.S. persons must comply with OFAC regulations, including all U.S. citizens and permanent resident aliens regardless of where they are located, all persons and entities within the United States, all U.S. incorporated entities and their foreign branches. In the cases of certain programs, such as those regarding Cuba and North Korea, all foreign subsidiaries owned or controlled by U.S. companies also must comply. Certain programs also require foreign persons in possession of U.S. origin goods to comply.

How much are the fines for violating OFAC regulations?

The fines for violations can be substantial. Depending on the program, criminal penalties can include fines ranging from $50,000 to $10,000,000 and imprisonment ranging from 10 to 30 years for willful violations. Depending on the program, civil penalties range from $11,000 to $1,000,000 for each violation.

Is there a mechanism for a company to report its past undetected violations of OFAC regulations for completed transactions? Is any type of "amnesty" available for inadvertant failure to comply prior to the company becoming aware of the OFAC regulations?

Yes, a company can and is encouraged to voluntarily disclose a past violation. Self-disclosure is considered a mitigating factor by OFAC in Civil Penalty proceedings. A self-disclosure should be in the form of a detailed letter, with any supporting documentation, to R. Richard Newcomb, Director, Office of Foreign Assets Control, U.S. Department of the Treasury, 1500 Pennsylvania Ave., N.W., Washington, DC 20220. OFAC does not have an "amnesty" program. The ramifications of non-compliance, inadvertent or otherwise, can jeopardize critical foreign policy and national security goals. OFAC does, however, review the totality of the circumstances surrounding any violation, including the quality of a company's OFAC compliance program.

What is an OFAC SDN list?

As part of its enforcement efforts, OFAC publishes a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them.

How often is the SDN list updated?

The SDN list is frequently updated. There is no predetermined timetable, but rather names are added or removed as necessary and appropriate. Please see the link titled "Automating OFAC Compliance" in the LINKS section of this document for suggestions on how to keep constantly up-to-date.

What do I do if I have a match to the SDN list?

If you have checked a name manually or by using software and find a match, you should do a little more research. Is it an exact name match, or very close? Is your customer located in the same general area as the SDN? If not, it may be a "false hit." If there are many similarities, contact OFAC's "hotline" at 1-800-540-6322 for verification (a more detailed process is described in the next section). Unless a transaction involves an exact match, it is recommended that you contact OFAC Compliance before actually blocking assets.

How to report a match via OFAC “hotline”?
Before you call the OFAC compliance “hotline”, make sure you go through the following “due diligence” steps.

1. Is the “hit” or “match” against OFAC’s SDN list or targeted countries, or is it “hitting” for some other reason (e.g., Denied Persons List, Canadian OSFI List, Bank of England List), or can you not tell what the “hit” is?

• If it’s hitting against OFAC’s SDN list or targeted countries, continue to 2 below.
• If it’s hitting for some other reason, you should contact the “keeper” of whichever other list the match is hitting against. For questions about:
• The Denied Persons List, please contact the Bureau of Industry and Security at the U.S. Department of Commerce at 202-482-4811.
• OSFI List, please contact Office of Superintendant of Financial Institutions via extcomm@osfi-bsif.gc.ca
• UK List, please send inquires to The Financial Sanctions Unit at +44 20 7601 4768/5811/4783/4607 Fax: +44 20 7601 4309 or via email sanctions.unit@bankofengland.co.uk

2. Now that you’ve established that the hit is against OFAC’s SDN list or targeted countries, you must evaluate the quality of the hit. Compare the name of your accountholder with the name on the SDN list. Is the name of your accountholder an individual while the name on the SDN list is a vessel, organization or company (or vice-versa)?

• If yes, you do not have a valid match.*
• If no, please continue to 3 below.

3. How much of the SDN’s name is matching against the name of your accountholder? Is just one of two or more names matching (i.e., just the last name)?

• If yes, you do not have a valid match.*
• If no, please continue to 4 below.

4. Compare the complete SDN entry with all of the information you have on the matching name of your accountholder. An SDN entry often will have, for example, a full name, address, nationality, passport, tax ID or cedula number, place of birth, date of birth, former names and aliases. Are you missing a lot of this information for the name of your accountholder?

• If yes, go back and get more information and then compare your complete information against the SDN entry.
• If no, please continue to 5 below.

5. Are there a number of similarities or exact matches?

• If yes, please call the hotline at 1-800-540-6322.
• If no, you do not have a valid match.*

* If you have reason to know or believe that processing this transfer or operating this account would violate any of the Regulations, you must call the hotline and explain this knowledge or belief.


What is the Control list? What is the difference between the Control list and OFAC's SDN list?

The Control List was developed by the law enforcement community in response to the events of September 11. It was separate from the OFAC's SDN list and was not disseminated by OFAC. On November 26th, 2002, the regulators announced the discontinuation of the Control List and unveiled a new process for handling information requests from the government (see CONTROL LIST TIMELINE section of the document), based on section 314(a) of the USA PATRIOT Act.

How often do I need to scan my customer database for SDNs?

The frequency of running an OFAC scan must be guided by your internal company policy and procedures. Keep in mind, however, that if your organization fails to identify and block a target account (of a terrorist, for example), there could be "real world" consequences such as a transfer of funds or other valuable property to an SDN, an enforcement action against your bank, and negative publicity.

How do I setup a compliance program for my organization?

There is no prepackaged compliance program that fits the needs of every company. A good starting point is to look through the “OFAC Regulations by Industry" documents. Then read the brochure for the Financial Community. This brochure provides insight as to how your particular bank could set up a compliance program.

What do I do if a person tries to open an account and the person's name is on OFAC's SDN list? Do I open the account and then block the funds?

A U.S. bank cannot open an account for a person named on the SDN list. This is a prohibited service. However, you should pay careful attention to be sure the person trying to open the account is the same person as the one named on OFAC's list. In many cases you may get a "false positive," where the name is similar to a target's name, but the rest of the information provided by the applicant does not match the descriptor information on OFAC's SDN list.

CONTROL LIST TIMELINE:
SUMMARY: Control List was a confidential document containing names related to the FBI terrorist investigations. The list was recently discontinued – instead, process described in section 314(a) will be used for sharing information between financial institutions.

October 2001: In response to the September 11, 2001, attacks, the FBI created a confidential document called the Control List. The List was compiled by various federal law enforcement agencies conducting investigations into terrorist activities and consisted of names and identifying data of individuals and entities that these agencies believed may be related to their investigation. In October of 2001, the FBI provided the Control List to all financial institution regulators. The regulators, in turn, forwarded the List to financial institutions under their supervision once the financial institution had "registered" with its respective regulator. Financial institutions were given until October 12, 2001, to provide their regulator with the name of a senior level person as the contact for the Control List, that person's title, telephone number, and e-mail address. Upon receipt of this registration information, the regulators e-mailed a copy of the Control List to the institution.

October 26, 2001: The USA PATRIOT Act is signed into law and is intended to thwart terrorist activity in the United States. Title III of the Act amends a number of sections under the Bank Secrecy Act and sets out new compliance requirements for financial institutions.

September 18, 2002: Final regulations are released implementing Section 314(a) of the USA PATRIOT Act. The final rule became effective on September 26, 2002 and is now part of the Bank Secrecy Regulations. The section 314(a) regulations establish a mechanism for law enforcement authorities to communicate names of suspected terrorists and money launderers to financial institutions. Upon receipt of name information from the federal government, financial institutions are expected to conduct a search of their account records and report any matches.

November 26, 2002: The Treasury Department releases a Joint Agency Notice, according to which the FBI has discontinued the use of the Control List and will instead rely on the section 314(a) process to communicate their information requests.

SECTION 314(a) INFORMATION PROCESS
All communications regarding information requests from the federal government will be funneled through FinCEN and the section 314(a) process. In order for FinCEN to "know" who to send information requests to, it is imperative that all financial institutions be included in the contact list used by FinCEN. In developing their contact list, FinCEN used contact information collected for disseminating the old Control List. If your organization has not received any requests from FinCEN since November 4, 2002, you should contact your primary regulator and ask to be added to FinCEN's contact list.

In requesting information, FinCEN will use a standard cover letter called Form C and an information request attachment called Form B. The request attachment or Form B will contain the identifying information FinCEN has regarding a suspect. Presumably, this identifying information will be the person's name and/or various aliases, but it could also be an address, date of birth, etc. Using the identifying information you are given, you must search your records for:

1. Any current account maintained by or on behalf of the named suspect;
2. Any prior account maintained by or on behalf of a named suspect during the preceding twelve months;
3. And any transaction (other than a transaction conducted through an account) conducted by or on behalf of a named suspect, or any transmittal of funds conducted in which a named suspect was either the transmitter or the recipient, during the preceding six months that is required under law or regulation to be recorded by you or is recorded and maintained electronically.
If you find a match in conducting your search of accounts and transactions, you must provide FinCEN with the following information:
1. The name of the individual, entity or organization;
2. The number of each account, or in the case of a transaction, the date and type of the transaction; and
3. Any specific identifier provider by the suspect when the account was opened or the transaction conducted, such as a date or birth or an address.
Only the above information should be submitted back to FinCEN. Do not send any records of an account or transaction when responding to a section 314(a) request. If the government needs additional information, they will need to follow the procedures under the Right to Financial Privacy Act and obtain a subpoena or court order. Positive responses should be sent within seven business days to FinCEN by electronic mail at sys314a@fincen.treas.gov. If you do not have e-mail, you may submit your response by facsimile transmission at 703-905-3660. In your response, you must identify your organization as the sender and the person you have designated to receive similar information requests in the future. Also, e-mail responses must contain FinCEN's Tracking Number in the subject line. The tracking number is located in the upper right-hand corner of Form B and will begin with "Fin 314a". Finally, it is important to remember that FinCEN is not interested in negative responses or responses that state no matches were found. The government can only handle so much paperwork and must limit feedback to positive responses.
The information you receive via section 314(a) should only be used for purposes of responding to FinCEN. You should not disclose to others that FinCEN has requested information from you except to the extent to comply with the request.

Policies and Procedures:

In order to ensure that information requests are handled promptly and timely, it is important to create detailed compliance policies and procedures. As part of this process, be sure to designate specific staff who will handle section 314(a) requests. Given the confidentiality expectations, it is important that the number of employees "touching" section 314(a) requests be limited.
Tools:

For institutions large and small, the amount of account data generated can be insurmountable. Manual searches for matches with government lists can be a timely and costly process. Now is the time to consider software products to assist you in complying with section 314(a) requests. Whether it is to comply with the USA PATRIOT Act or help prevent fraud and identity theft, realistically, using software is the only practical way to stay ahead of the game.
Training:

As with any new law and process, training at all levels is essential. Once you have designated an employee to handle section 314(a) requests, that person will need detailed training on how to process the requests. This person will also need to understand your system for searching accounts and transactions for matches to information requests.

Your Board and management will also need to be brought up to speed on the section 314(a) requirements and the need for adequate tools to comply with the new law. The board should formally approve your policies and procedures in this area.
Finally, all employees should receive some awareness training on section 314(a). The specific compliance details may not be necessary, but you definitely want to send the message that this process is highly confidential. All employees should be told who in your organization to contact regarding government requests for information.
LINKS:

OFAC Frequently Asked Questions Links:

http://www.ustreas.gov/offices/enforcement/ofac/faq/index.html

Information on USA PATRIOT Act section 314(a) provisions on FinCEN website:
http://www.fincen.gov/fi_infoappa.html

Joined Agency Notice by FinCEN and the primary federal regulators:
Moratorium on sec. 314(a) Info Requests & Discontinuation of the Control List
http://www.fincen.gov/314amoratorium.pdf

Section 314(a) final rule:
http://www.treas.gov/press/releases/docs/314finalrule.pdf

Compliance Headquarters - regulatory compliance information:
http://www.complianceheadquarters.com/

Automating OFAC Compliance:
http://www.ustreas.gov/offices/enforcement/ofac/automation/index.html

Useful OFAC documents:
http://www.ustreas.gov/offices/enforcement/ofac/articles/index.html

Compiled by Intelligent Search Technology © 2004

IST Watch General Information


  
    Home |  About  |  Privacy  |  Legal  |  Partners  |  Contact

To find out more, call (800) 287-0412
Copyright © 1993-2004 Intelligent Search Technology Ltd.
IBM Business Partner emblem is a registered trademark of IBM Corporation.
Microsoft is a registered trademark of Microsoft Corporation.