Compliance Blog

Hello compliance friends – I hope everyone had an excellent Thanksgiving!

A few weeks ago, the NAFCU Compliance Blog discussed some frequently asked questions regarding the basics of complying with sanctions and regulations overseen by the Treasury Department’s Office of Foreign Assets Control (OFAC). As we discussed in that post, OFAC requires credit unions to block funds and property or reject transactions of certain specified countries, entities, and individuals. The previous blog post explains the difference between blocking funds and rejecting transactions:

“This OFAC FAQ explains what those terms mean – blocking an account requires the credit union to place the funds into an interest-bearing account “from which only OFAC-authorized debits may be made.” The interest rate must be commercially reasonable. As for “rejecting” a transaction, the Treasury Department explains that some transactions do not involve a “blockable” interest from a person or entity on the SDN list or a foreign government but may implicate OFAC sanctions – and therefore the transaction should be rejected and not processed.”

Conducting an OFAC check – that is checking the name of the entity or individual against OFAC’s Specially Designated Nationals (SDN) list – is the most common method credit unions use to determine if transactions should be rejected or funds should be blocked. However, sometimes merely checking the SDN list will not be enough to determine if sanctions are implicated. Let’s examine some situations where OFAC compliance may extend beyond the SDN list:

First, there are OFAC lists other than the SDN list. For example, the Sectoral Sanctions Identifications (SSI) list is not part of the SDN list (though there may be some overlap between the two lists). That list includes the names of certain persons operating in sectors of the Russian economy, and with whom certain transactions are prohibited, including issuing new debt for those persons. In addition to the SSI list, there are other non-SDN lists maintained by OFAC. There is also a Consolidated Sanctions List, which the OFAC website describes as a “consolidated set of data files” which offers “all of [OFAC’s] non-SDN sanctions lists.”

Secondly, there are some countries that are “comprehensively” sanctioned – meaning that doing business with nearly all entities or individuals in that country would be prohibited. However, it would be impossible for OFAC to add the names of all entities or individuals from those countries to the SDN list or other lists. Credit unions in their OFAC programs – or through the vendors which handle OFAC compliance – need to be vigilant to avoid such transactions, as simply checking the SDN list would not necessarily tell a credit union if a transaction with a particular entity or individual would be prohibited by comprehensive sanctions. For example, sanctions against Iran prohibit exporting goods or services – including financial services – to Iran, so providing financial services to a person in Iran would be prohibited, even if that person’s name does not appear on the SDN list. Similarly, sanctions against North Korea prohibit U.S. persons (including credit unions) from engaging in transactions with entities in North Korea, or exporting goods or services to North Korea. Additionally, comprehensive sanctions may also prohibit transactions with a resident of a comprehensively-sanctioned country, even if that person is not physically present in the sanctioned country.

The scope of sanctions can be quite complicated, as there may also be exceptions and caveats to the general prohibitions in the sanctions. Here are some things to consider:

First, sanctions programs can vary, and the prohibitions which apply may change from one sanctions program to the next. In addition to the information in the sanctions themselves and OFAC’s FAQs on each sanctions program, the definitions used could also be important. For example, the definition of “North Korean person” in sanctions against North Korea excludes individuals who have been lawfully admitted to the U.S. Thus, if a person is from North Korea, but they have been lawfully admitted to the U.S., then providing services (such as providing a share account, loans, etc.) to that person would not implicate North Korean sanctions, absent additional facts.

Secondly, OFAC can issue general or specific licenses which will make certain transactions permissible when they would have otherwise been prohibited. General licenses are issued by OFAC and do not require an application – for example, an FAQ on North Korea sanctions notes that there is a “general license” that will allow certain personal remittance transfers to or from North Korean individuals. Aside from general licenses, U.S. persons (including credit unions) can apply to OFAC for specific licenses, seeking to get permission from OFAC for specific transactions.

NCUA Proposes Extended Exam Cycle Changes:

NAFCU would like to highlight for our members one particular item included in the NCUA’s proposed 2022-2023 budget. NCUA requested the hiring of 29 additional full-time examiners, to accompany an increase in the number of supervised credit unions which will receive an annual examination. Currently, certain well-managed and low-risk credit unions can qualify for an extended exam cycle, which means their exams happen less frequently than once per year. Under the NCUA proposal, the criteria for annual examinations would be expanded to cover more credit unions, meaning fewer credit unions would receive the extended exam cycle. The proposal says the annual examination criteria should be expanded to cover: “(1) credit unions with assets between $500 million and $1 billion that have otherwise previously qualified for an extended examination cycle based on the current Exam Flexibility Initiative criteria, and (2) credit unions with assets more than $250 million and evaluated as facing a higher risk of business or economic challenges.” Credit unions meeting those descriptions may want to plan for more frequent exams.