Starting an OFAC Compliance Program
Starting an OFAC Compliance Program
25. Does OFAC itself require that banks set up a certain type of compliance program?
No. There is no single compliance program suitable for every financial institution. OFAC is not itself a bank regulator; its basic requirement is that financial institutions not violate the laws that it administers. Financial institutions should check with their regulators regarding the suitability of specific programs to their unique situations.
27. What do I need to do to comply? Do I have to buy expensive software?
This is primarily a question for your regulator. What constitutes an adequate compliance program depends in large part on who your customers are and what kinds of business you do. Certain areas of bank operations, such as international wire transfers and trade finance, are at a higher risk than others. There are numerous interdiction software packages that are commercially available. They vary considerably in cost and capabilities. If your bank feels it needs to invest in software in its attempt to comply with OFAC regulations, OFAC recommends that you talk to your counterparts in other banks about the systems they have in place and contact vendors for an assessment of your needs. It should be noted that *.TXT and *.PDF versions of all of OFAC's sanctions lists can be manually scanned; OFAC also offers a free, online search engine at the following URL: https://sdnsearch.ofac.treas.gov.
28. How often do I need to scan my customer database against OFAC's sanctions lists?
The frequency of running an OFAC scan must be guided by your organization's internal policies and procedures. Keep in mind, however, that if your organization fails to identify and block a target account (of a terrorist, for example), there could be serious consequences such as a transfer of funds or other valuable property to an Specially Designated National, an enforcement action against your organization, and negative publicity.
29. How do I setup a compliance program for my bank?
There is no prepackaged compliance program that fits the needs of every bank. Banks, obviously, range in size from small to some of the largest institutions in the world. A good starting point is to go to the OFAC website and look under "Regulations by Industry." Then read the brochure for the Financial Community. This brochure provides insight as to how your particular bank could set up a compliance program. There are also a number of articles written for banking industry publications available on OFAC's website. Banks should also review OFAC's Frequently Asked Questions, its SDN and other sanctions list pages and finally, OFAC's dedicated sanctions program pages. It may be helpful to contact your counterparts in other banks to see what they are doing and talk to your regulator.
30. How do I know if my compliance program is adequate?
31. What are the features and benefits that banks should be looking for when selecting an OFAC compliance software package?
There are a wide variety of software packages available to the financial community. The size and needs of each institution help to determine what to look for in a package. Some packages are used to interdict sanctioned countries and names on the Specially Designated Nationals or other sanctions lists in wire transfers. Others are used to check the names of new customers or to routinely filter the names of all account holders. One suggestion for finding the right software for your bank is to research what your peer banks are using and determine if the software package is working for them. Your bank also could talk to a variety of software vendors who can easily be located by doing an Internet search.