Office of Foreign Assets Control (OFAC)
|
|
BOARD OF GOVERNORS |
|
|
|
OFFICE OF INSPECTOR GENERAL | |
|
September 28, 2007 |
Mr. Roger T. Cole
Director, Banking Supervision and Regulation
Board of Governors of the Federal Reserve System
Washington, DC 20551
Dear Mr. Cole:
The Office of Inspector General (OIG) of the Board of the Governors of the Federal Reserve System (Board) has completed an inspection of examination practices associated with the Office of Foreign Assets Control (OFAC) component of Bank Secrecy Act (BSA) examinations conducted at financial institutions regulated by the Federal Reserve. OFAC, an entity within the U.S. Department of the Treasury, administers and enforces economic and trade sanctions against targeted foreign countries, terrorists, international narcotics traffickers, and those engaged in activities related to the proliferation of weapons of mass destruction. As part of its enforcement efforts, OFAC distributes a list of individuals and entities that are controlled by, or are acting for or on behalf of, targeted countries. The list also includes individuals and entities such as terrorists and narcotics traffickers designated under programs that are not country-specific. These individuals and entities are called Specially Designated Nationals and Blocked Persons (SDN). OFAC regulations require financial institutions to block or reject accounts and transactions that involve any persons, entities, or countries that are included on the SDN list. Civil penalties can be imposed by OFAC when a financial institution processes a transaction that should have been blocked or rejected.
Although not required by specific regulation, financial institutions are expected to maintain a written, risk-focused program of compliance with OFAC requirements, as a matter of sound banking practice. While federal bank regulatory agencies do not have a primary role in identifying OFAC violations, they are responsible for evaluating the sufficiency of policies, procedures, and processes that a bank follows to comply with OFAC laws and regulations. Federal Reserve examiners perform OFAC reviews as part of the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) assessments that they conduct during safety and soundness examinations. The Federal Financial Institutions Examination Council's Bank Secrecy Act/Anti-Money Laundering Examination Manual (Manual) establishes the principles and procedures governing OFAC reviews. According to the Manual, examiners are responsible for assessing a financial institution’s risk-based OFAC program to evaluate whether it is appropriate for the institution’s OFAC risk, considering the institution’s products, services, customers, transactions, and geographic locations.
The objective of this inspection was to assess Federal Reserve examiners’ compliance with the OFAC examination guidance set forth in the Manual. To accomplish this objective, we reviewed the Manual, OFAC-related laws and regulations, OFAC’s website, and banking industry publications. We also obtained and analyzed the publicly-available list of civil penalties and enforcement actions issued by OFAC. We met with management and staff from other federal bank regulatory Inspector General offices who were performing similar work, and reviewed their reports related to OFAC compliance. In addition, we interviewed OFAC officials, and Board and Reserve Bank management and staff responsible for overseeing and performing OFAC examinations.
Our inspection procedures focused on assessing examiners’ compliance with the OFAC examination guidance included in the Manual. Specifically, we reviewed examination workpapers for evidence that examiners applied procedures that the Manual refers to as “Core Examination Procedures” in conducting their risk-focused OFAC reviews. A high-level summary of the core examination procedures which formed the basis of our review is included as an attachment to this report. We did not independently verify the accuracy or effectiveness of the examined institutions’ OFAC programs.
We conducted our fieldwork at the Board and three Federal Reserve Banks—Atlanta, New York, and San Francisco. We selected a judgmental, representative sample of OFAC examinations based on criteria that included geography, asset size, and degree of international exposure. Out of a universe of 420 examinations performed from September 1, 2005, through June 1, 2006, we selected 49 examinations to be reviewed, using the Manual version issued on June 23, 20051. The sample included state member banks, bank holding companies, Edge Act corporations, foreign banking organizations, and institutions with BSA/AML or OFAC programs that were rated as inadequate in the Federal Reserve’s National Examination Database.2 These institutions had asset sizes ranging from $7 million to $500 billion. Our fieldwork was conducted in accordance with the Quality Standards for Inspections issued by the President's Council on Integrity and Efficiency and the Executive Council on Integrity and Efficiency.
In general, we found that Federal Reserve examiners were performing the Core Examination Procedures in accordance with the guidance contained in the Manual, and in a manner that was commensurate with the financial institution’s BSA/AML and OFAC risk profiles. Examination workpapers contained documentation indicating that examiners reviewed OFAC-related policies and procedures, risk assessments, the results of transaction testing, and prior deficiencies identified by OFAC, bank internal and external auditors, or regulators. Accordingly, nothing came to our attention to indicate material examiner noncompliance with the guidance contained in the Manual. Therefore, we are concluding our work without making any recommendations. However, it is important to note that our conclusions are limited solely to the examinations selected for our sample.
We presented our inspection results to members of your senior staff on September 27, 2007. Major contributors to this report were Mr. John F. Ayers III, Senior Auditor and Project Leader, Mr. David K. Horn, Auditor; Mr. Alvaro R. Soto, Auditor; Ms. Jennifer A. Rosholt, Auditor; and Mr. Anthony J. Castaldo, Jr., Assistant Inspector General for Inspections and Evaluations. We are providing copies of this report to Board and Reserve Bank officials. The report will be added to our public web site and will be summarized in our next semiannual report to Congress. Please contact me if you would like to discuss this report or any related issues.
Sincerely,
/signed/
Elizabeth A. Coleman
Inspector General
| cc: | Governor Randall S. Kroszner |
| Governor Frederic S. Mishkin | |
| Mr. William Rutledge | |
| Mr. William Estes | |
| Mr. Steven Hoffman |
ATTACHMENT
High-Level Summary of FFIEC’s
OFAC-Related Core Examination Procedures
From the Bank Secrecy Act/Anti-Money Laundering
Examination Manual
| 1. Written OFAC Procedures | Did examiners determine whether the board of directors and senior management of the bank have developed policies, procedures, and processes based on their risk assessment to ensure compliance with OFAC laws and regulations? |
| 2. Risk Assessment | Did examiners consider: A. The extent and method for conducting OFAC searches of each relevant department/business line? B. Conducting OFAC searches of account parties other than accountholders? C. How responsibility for OFAC is assigned? D. Timeliness of obtaining and updating OFAC lists or filtering criteria? E. The appropriateness of the filtering criteria used by the bank to reasonably identify OFAC matches? F. The process used to investigate potential matches? G. The process used to block and reject transactions? H. The process used to inform management of blocked or rejected transactions? I. The adequacy and timeliness of reports to OFAC? J. The process to manage blocked accounts? K. Record retention requirements for OFAC-related documents? |
| 3. Independent Testing | Did examiners determine the adequacy of independent testing and follow-up procedures? |
| 4. Training Program | Did examiners review the adequacy of the bank’s OFAC training program based on the bank’s OFAC risk assessment? |
| 5. Banks’ Response to OFAC Deficiencies | Did examiners determine whether the bank has adequately addressed weaknesses or deficiencies identified by OFAC, auditors, or regulators? |
| 6.Transaction Testing | Did examiners consider: A. The filtering process used to search the OFAC database? B. The filtering criteria used to search the OFAC database, the timing of the search, and documentation maintained evidencing the searches for appropriate transactions that may not be related to an account? C. For banks using an automated system, the timing of when updates are made to the system? D. For banks not using an automated system, evaluating the process used to check the existing customer base against the OFAC list and its frequency? E. The bank’s resolution and blocking/rejecting processes for a sample of OFAC matches? F. Completeness and timeliness for a sample of reports to OFAC? G. That the banks maintain adequate records of amounts blocked and ownership of blocked funds for banks required to maintain blocked accounts; and that banks pay a commercially reasonable rate of interest on all blocked accounts, and accurately report required information annually to OFAC? Examiners should also test the controls in place to verify that the account is blocked. H. The handling and the resolution of false hits? |
| 7. Unreported OFAC Transactions | Did examiners identify any potential matches that were not reported to OFAC, advise bank management to immediately notify OFAC of unreported transactions, and immediately notify examination supervisory personnel. |
Footnote
1. A subsequent revision released in July 2006 added OFAC-related guidance that was limited to examiner reviews of automated clearing-house transactions. Return to text
2. The National Examination Database is specifically designed to support bank supervision. Among other things, it includes data gathered during examinations and inspections, such as financial information, ratings, and regulatory compliance actions. A specific field in the database indicates whether a financial institution’s OFAC program is adequate or inadequate.Return to text
