aci's aml & ofac compliance for the insurance industry (day 1)
DESCRIPTION
TRANSCRIPT
Going Beyond OFAC Screening: What Insurance and Reinsurance Companies Must Do To Avoid Sanctions and Ensure Compliance
American Conference InstituteAML and OFAC Compliancefor the Insurance Industry
January 24-25, 2012
Speakers’ InformationFrank Bria
General Reinsurance Corporation
David Butman
Locke Lord LLP
Martin Feuer
Zurich Financial Services
Kathy Silberthau StromCahill Gordon & Reindel LLP
This presentation is solely for educational and informational purposes. It is not intended to constitute legal advice and should not be relied upon as a substitute for legal advice.
January 10, 2012 2
Agenda
• Economic Sanctions Programs• U.S. Persons ‒ Kathy Strom• Facilitation ‒ Kathy Strom• Iran Sanctions ‒ David Butman
• Compliance Programs• Primary Insurance ‒ Martin Feuer • Reinsurance ‒ Frank Bria
• Enforcement Actions ‒ David Butman
• Questions?
January 10, 2012 3
Economic Sanctions Programs
Key Statutory Bases: International Emergency Economic Powers Act (IEEPA) and Trading with the Enemy Act (TWEA) (Cuban program)
Country Programs – Burma, Cuba, Iran, Sudan, Syria, etc. Targeted Programs – SDNs-based, terrorism, non-proliferation,
drug trafficking, etc. “U.S. persons” — defined for most programs as any U.S.
citizen, permanent resident alien, entity organized under U.S. law or any jurisdiction within the U.S. (including foreign branches) or any person in the U.S. — are subject to OFAC economic sanctions programs, and may not engage in “prohibited facilitation”
Non-U.S. persons face risk as well — U.S.-origin goods, causing violations by U.S. persons, branches within the U.S., servers or other functions performed in the U.S., etc.
January 10, 2012 4
OFAC: Facilitation Risks
“Facilitation” by a U.S. person of conduct engaged in by a foreign person where that conduct is proscribed by U.S. sanctions programs is prohibited.
Definitions of facilitation vary among programs, but concepts are similar.
For insurance and reinsurance industry subject to OFAC jurisdiction, facilitation includes providing insurance or reinsurance for conduct, which if done by a U.S. person, would violate an OFAC sanctions program.
January 10, 2012 5
Country Program Definitions
Burma: 31 CFR § 537.205 (basic concept) U.S. persons are prohibited from “approving, financing, facilitating or guaranteeing a transaction by a person who is a foreign person where the transaction would be prohibited if performed by a U.S. person or within the United States.”
Iran: 31 C.F.R. § § 560.206 and 560.417 Same basic concept and adds the following to the definition of “prohibited facilitation”: where a U.S. person alters its operating policies or procedures or
those of a foreign affiliate to permit a foreign affiliate to accept or perform a specific contract or transaction involving Iran without the approval of a U.S. person where such transaction (cont)
January 10, 2012 6
Country Program Definitions
previously required approval by a U.S. person and such transaction would be prohibited if performed directly by a U.S.
person; or where U.S. person refers to a foreign person bids or
orders involving Iran to which a U.S. person could not directly respond as a result of prohibitions; or
where U.S. person changes the operating policies and procedures of an affiliate with the specific purpose of facilitating transactions prohibited if performed by a U.S. person.
January 10, 2012 7
Country Program Definitions
Sudan: 31 CFR § 538.407Includes basic concept as well as prohibitions on changes in procedures or referrals. States that U.S. parent must ensure that its foreign subsidiaries act independently of any U.S. person with respect to all transactions and activities relating to exportation of goods, technologies or services going to or from Sudan, including but not limited to: business and legal planning, decision making, designing,
ordering or transporting goods and financing, insurance and other risks.
January 10, 2012 8
Country Program Definitions
Syria: E.O. 13582, dated August 17, 2011
Prohibits in Section 2(b) and 2(e);
- The exportation, sale or supply, directly or indirectly
from the U.S. or by a U.S. person of “any services to Syria”; and
- any “approval, financing, facilitation or guarantee by a U.S. person of a transaction by a foreign
person where the transaction by that foreign person would be prohibited . . . if performed by a United States person.”
January 10, 2012 9
Best Practices to Reduce Facilitation Risk
Consider each of these definitions of “facilitation” to be part of OFAC’s interpretation of facilitation, and potentially applicable to all OFAC sanctions programs.
Review all proposed business and insurance risks with these concepts in mind.
Alert and train all risk personnel and business managers regarding facilitation risks.
Identify all “U.S. persons” so as to prevent facilitation by such persons.
January 10, 2012 10
Best Practices to Reduce Facilitation Risks (con’t)
Scrutinize and screen all parties involved in risks to be insured (and owners thereof).
Obtain and understand the details (business, place, parties, etc.) of transactions for which insurance or reinsurance is considered.
Include sanctions clauses in all policies and agreements.
Review and discuss all business in light of changing sanctions programs.
January 10, 2012 11
IRAN Sanctions
Iranian Transaction Regulations Comprehensive Iran Sanctions, Accountability, and Divestment
Act of 2010 (CISADA)(2010) Foreign Persons Liable
Knowingly supporting Iran’s development of petroleum resources ($1M/yr or $5M aggregate) Knowingly facilitating Iran’s domestic production of refined petroleum products ($250K/yr or
$5M aggregate) Knowingly exporting refined petroleum products to Iran ($1M/yr or $5M aggregate) Knowingly exporting goods, technology or services to Iran that would contribute materially to
Iran’s acquisition of weapons of mass destruction
Parent Vicariously Liable Corporate parent liable if it “knew” of subsidiary’s prohibited activity
Divestment from Companies Investing in Iran State and local governments authorized to divest/prohibit investments in persons
investing/extending credit of $20M+ in Iran’s energy sector
January 10, 2012 12
IRAN Sanctions cont.
Executive Order 13590 (November 2011) Authorizes sanctions on persons that sell, lease or provide goods,
services, technology or support to Iran that could directly and significantly facilitate the maintenance or expansion of domestic production of petrochemical products ($250,000 FMV or $1M/yr.)
HR 1540 (2011) Foreign Persons Sanctions Foreign financial institutions that knowingly conduct or facilitate significant transactions with
The Central Bank of Iran are barred from opening correspondent or payable through accounts in U.S.
Requires President To Impose Mandatory Sanctions Absent Exception or Waiver
Statutory provision for waiver of sanctions by President in “national security interest” Presidential signing statement says “non-binding” to the extent it interferes with President’s
constitutional authority to conduct foreign affairs.
January 10, 2012 13
Some sanctions challenges faced by international insurers
What to Screen and When?
– OFAC, UN, OSFI, DPL, E.U.?– Sanctions have become more “list-based”; how do you
manage the various lists?– Insured, additional insured, beneficiaries, third parties (how
far do you go?)– Do you screen pre-quote, at quote and or upon payment of a
claim?– Sanctions need to be considered during the entire Product and
Insurance Life Cycle
– Should you screen periodically or at sanctions lists updates?– OFAC requires regular screening at the update of its sanctions list
Should you use enterprise-wide interdiction software? – Does your interdiction software integrate with your in-house
systems and database?
January 10, 2012 14
Some sanctions challenges faced by international insurers, cont’d Extraterritorial nature of sanctions regimes such as OFAC Do you audit third party providers to ensure they conduct regular
sanctions checks? Should you approve screening mechanisms utilized by third parties
screening on your behalf to ensure compliance with your policy? Consider OFAC anti-blocking legislation of countries such as Canada,
Mexico and the E.U. nations– Canadian based companies can do business in Cuba; this can be a
challenge for U.S. based parent companies– Your company could be subject to conflicting requirements; advise
staff to contact regional Compliance or legal functions for guidance Do you “ring-fence” international customer data and transactions that
involve an OFAC embargoed country such as Cuba?– Where is your international customer data stored?– Ensure there are no “Cuban-related” customer data warehoused
on your computer servers in the U.S. – What about expatriates?
January 10, 2012 15
Evaluation of Sanctions policies
Responsibility for your Sanctions Compliance Program Policy should acknowledge individual
responsible for the day-to-day compliance of the program
“Top-down” approach to OFAC and sanctions Operational procedures and sanctions screening
requirements are owned by the business Compliance professionals within the business with
reporting line to the regional compliance officer Business Unit Compliance -> Regional Compliance -
> Global Compliance
January 10, 2012 16
Evaluation of Sanctions policies, cont’d Identification of High Risk Areas
– Does your policy address the identification of higher-risk customers/areas as part of your CDD procedures?
– Does your policy address the assessment of customers, product lines, geography and nature of transactions?
Reporting Requirements– Provide clear guidelines to local staff for handling items blocked or
rejected under the various sanctions programs– Escalation process must be clearly defined and address reporting to
senior management and OFAC, or other sanctions regulator
Does your policy address the scope of your sanctions program?– What about the sanctions laws of other countries?
Does your policy provide guidance for all U.S. persons, wherever they are located in the world? 1
Does the policy address part-time and temporary workers, third parties who do business on your company’s behalf, such as consultants, advisers, service providers, suppliers, intermediaries, agents or brokers globally? Include sanctions screening requirements in contract agreements with third parties
1 Sanctions generally apply within the jurisdiction they are established in, but some sanctions have extraterritorial reach, and/or become relevant depending on where business is conducted.
January 10, 2012 17
Recommendations Establish common enterprise-wide screening policies and work-flow
procedures. Require Third Party Administrators (TPAs) to follow same policies and procedures;
Adopt and implement an enterprise-wide technology that is adaptable to the business;– Zurich is presently implementing a common global platform
Provide adequate training for all appropriate employees– Mandatory for new employees within North America– Targeted training provided to compliance personnel and client facing
employees such as underwriters – Training should be risk-based and targeted to your organization
Compliance as a second line of defense– Advise all employees globally to contact their local/regional compliance
or legal function should they have questions regarding sanctions
January 10, 2012 18
Summary The adverse effect of reputational risk associated with OFAC
compliance issues is great Be mindful of the weakest link: third parties Test for sanctions compliance on a regular basis Maintain an open dialogue with OFAC and local sanctions regulators at
all times; don’t assume anything; ask for guidance We all make mistakes, but a robust, OFAC and sanctions compliance
program will mitigate the severity of any penalty Manage the examination process with an open and collaborative
methodology Train all U.S. persons within the company; don’t forget to train those
living/working overseas Periodically assess products and services for sanctions regulatory
requirements Incorporate “red flags” within company policies and procedures; and Ensure senior management has approved your policy
January 10, 2012 19
Designing an Effective OFAC Compliance Program
ASSESS
● Obtain senior management’s input and support
● Conduct legal and risk assessments
January 10, 2012 20
Designing an Effective OFAC Compliance Program
BUILD
● Implement policies and guidelines
● Implement screening software (ensure that all underwriting submissions, claims payments and wire transfers are screened against the Specially Designated Nationals List ("SDN List"))
● Create awareness at all levels of the company
● Train employees
● Establish procedures to encourage employees and third party vendors to report potential OFAC violations
● Encourage trade sanctions exclusions for global insurance and reinsurance policies
January 10, 2012 21
Designing an Effective OFAC Compliance Program
CERTIFY
● Appoint and train representatives from each business and service unit to:
-oversee the OFAC screening
-ensure that the unit complies with screening guidelines
-routinely meet with Legal to review OFAC compliance efforts
and report any changes within the unit that may impact screening
● Obtain confirmation from vendors and business partners that they have an OFAC compliance program that includes some form of screening
January 10, 2012 22
Designing an Effective OFAC Compliance Program
REVIEW
● Regularly reassess the company’s legal and business risks
● Routinely rescreen clients, insureds, claimants, and beneficiaries to confirm that they have not been added to the SDN List
● Conduct audits of the compliance program
January 10, 2012 23
LINES OF BUSINESS
● Political Risk Coverage, more than any other class of business, tends to involve sanctioned countries
● Mobile risks, such as ocean marine and aviation, present the potential for prohibited claims payments
● International Group Life Policies
● Premiums and Claims that are reported on a bulk report may lack critical information and may be difficult to screen against the OFAC list
Potential Trade Sanctions Exposures for Insurers and Reinsurers
January 10, 2012 24
Potential Trade Sanctions Exposures for Insurers and Reinsurers
REGIONAL EXPOSURES
● Middle East - large number of SDNs and trade with Iran, Syria and other sanctioned countries and entities
● Portions of Central and South America - large number of SDNs and trade with Cuba
January 10, 2012 25
Challenges for U.S. Insurers and Reinsurers in the E.U.
Compliance challenges due to Legal Differences between the U.S. and E.U.
● E.U. Blocking Laws
● E.U. privacy laws – German Federal Data Protection Act and Section 203 of the German Criminal Code
January 10, 2012 26
Practical Tips to Enhance Compliance Programs
U.S. insurers and reinsurers should conduct the following:
(1) screen their existing policyholders, claimants, and beneficiaries against
the SDN list;
(2) conduct due diligence on political risk, mobile risks and international
group life policies;
(3) establish a process to review premiums and claims reported on bulk reports;
(4) monitor Iranian efforts to evade sanctions; and
(5) include a trade sanctions exclusion on global policies.
January 10, 2012 27
OFAC LIABILITY/PENALTIES Civil Penalties (TWEA and IEEPA)
Unintentional violations/Strict Liability $250,000 ($1.075M Kingpin) or 2xs the value of transaction (greater of) Forfeit pecuniary gains
Criminal Penalties (TWEA and IEEPA) “Willful violations” of regulations
Individuals $250,000 Maximum ($5,000,000 Kingpin); or Imprisonment up to 20 years (IEEPA) or 10 years (TWEA) (30 years Kingpin Act); or Both
Corporations $1,000,000 Maximum ($10,000,000 Kingpin); or Twice the amount of the transaction; or Both
Reputational Injury Stock Price Penalty
January 10, 2012 28
OFAC LIABILITY/PENALTIES Cont.
Value of the Insurance Transaction
Underwriting = Total Premium Charged
Claims = Amount of Claim Payment
Stacking Penalties
January 10, 2012 29
OFAC LIABILITY/PENALTIES Cont.
OFAC ENFORCEMENT RESPONSES
No Action – OFAC determines evidence insufficient to establish a violation or action is otherwise not required.
Request Additional Information - May issue subpoena for more information before determining appropriate action.
Cautionary Letter – Same as “No Action”, but warns that conduct could result in
future violations or compliance program may be insufficient.
Finding of Violation – OFAC determines a violation occurred, but identification of violation and remedial steps are appropriate response rather than civil monetary penalty.
January 10, 2012 30
OFAC LIABILITY/PENALTIES Cont.
Civil Penalty – OFAC determines that a violation occurred which warrants imposition of a civil monetary penalty.
Criminal Referral - In appropriate circumstances, OFAC may refer the matter to appropriate law enforcement agencies for criminal investigation and/or prosecution.
Other Administration Action – In addition to or in lieu of the foregoing OFAC may:
Deny, suspend, modify or revoke license where needed. Issue cease and desist orders
January 10, 2012 31
CIVIL PENALTIES PROCESS Pre-Penalty Notice
Describe the alleged violation Number of alleged violations Value of each alleged violations Identify law/regulation allegedly violated Base category upon which proposed penalty amount calculated Aggravating/Mitigating factors relevant to proposed penalty Maximum potential penalty under law/regulation Proposed Penalty
Response Written Response within 30 days (post mark of pre-penalty notice) Agree/Disagree as to violation/Disagree as to penalty amount No Response = Imposition of Civil Penalty
Penalty Notice Final Agency Action
OFAC LIABILITY/PENALTIES Cont.
January 10, 2012 32
OFAC LIABILITY/PENALTIES Cont.
Egregious Case
No Yes
(1)One-Half
Transaction Value ($125K Cap per
violation violation/$32,00 for
TWEA)
(3)One-Half Statutory Maximum
(2)Applicable
Schedule Amount
($250k Cap per violation/$65K for
TWEA)
(4)Statutory Maximum
BASE PENALTY
CALCULATION
Yes
Voluntary Self-Disclosure
No
January 10, 2012 33
Applicable Scheduled Amount
Transaction Value Scheduled Amount
< $1,0000 $1,000
$1,000 - $9,999.99 $10,000
$10,000 - $24,999.99 $25,000
$25,000 - $49,999.99 $50,000
$50,000 - $99,999.99 $100,000
$100,000 - $169,999.99 $170,000
>$170,000 $250,000
OFAC LIABILITY/PENALTIES Cont.
January 10, 2012 34
OFAC LIABILITY/PENALTIES Cont.
Mitigating Factors: Compliance Program in Place First Offense (25% Reduction) Voluntary Disclosure/Self-Reporting (50% Reduction) Substantial Cooperation (20% - 40% Reduction) Entering Into Settlement (10% Reduction – unwritten)
Aggravating Factors: Willfulness (double the penalty) Lack of compliance program Familiarity with Sanctions programs Second or subsequent offense No remedial action after discovery
January 10, 2012 35
OFAC PENALTIES
Barclays, Aug. 2010 Iranian and Sudanese Regulations $298 Million Penalty Stripped Iranian and Sudanese references from U.S. dollar transactions to U.S.
correspondence banks Lloyds TSB, Jan 2009
Iranian and Sudanese Regulations From 1997-2007, stripped Iranian and Libyan references from U.S. dollar transactions to U.S.
correspondent banks ABN Amro, December 2005
Iranian and Libyan Regulations $80 Million Penalty Stripped Iranian and Libyan references from U.S. dollar transactions to U.S. correspondent
banks UBS, May 2004
Cuba, Iran, Libya and Former Yugoslavia Regulations $100 Million Penalty ($25,000 per day of violation) Distribution of U.S. Bank Notes in violation of OFAC Regulations and concealment
Guidant Corporation, March 2007 Iraqi and Iranian Regulations $277,017 Exporting goods for ultimate resale to Iraq and Iran from 2000 to 2004
January 10, 2012 36
INSURANCE INDUSTRY PENALTIES
Penalties Published on OFAC Website: www.ustreasury.gov
U.S. P&C (Re)Insurer, March 2001 Cuban Asset Control Regulations (CACRs) $2.4 Million Penalty British companies selling reinsurance to Cuban companies
U.S. Reinsurer, June 2011 Iranian Transaction Regulations $59,130 Penalty Two reinsurance claim payments totaling $309,740.65 to a protection and indemnity association or P&I Club
U.S. Broker, April 2011 Iranian Sanctions Regulations Placement of 6 Commercial Multi-Peril policies insuring submersible oil rig ($453,364 total premium) $122,406 Penalty
U.S. Broker, January 2011 Iranian Transaction Regulations $36,000 Penalty Placement of two retro contracts ($62,883 total premium) between European reinsurer and European retros.
U.S. Personal Lines Insurer, June 2010 Foreign Narcotics Kingpin Regulations $11,000 penalty Unauthorized auto policy issued to SDN
January 10, 2012 37
Broker Example 1Step 1: Determine Number of Transactions
(6 Contracts)
Determine “Value” of Transaction (Total Premium for 6 contracts = $453,364)
Step 2: (a) Egregious v. Non-Egregious (Non-Egregious)
Voluntarily Disclosed v. Disclosed By Other Means
(Not Voluntarily Disclosed)
(b) Determine “Base Penalty” Amount
($75,560 avg prem per policy x 50% reduction x 6 placements)
BASE PENALTY = $226,680
Step 3: Adjust Penalty (Mitigating and Aggravating Factors)
(a)25% first offense
(b)10% settlement
ASSESSED PENALTY = $122,408
January 10, 2012 38
Broker Example 2
Step 1: Determine Number of Transactions (2 Contracts)
Determine “Value” of Transaction (Total Premium $62,883)
Step 2: (a) Egregious v. Non-Egregious (Non-Egregious)
Voluntarily Disclosed v. Disclosed By Other Means
(Not Voluntarily Disclosed)
(b) Determine “Base Penalty” Amount
($100K for transaction values between $50K-$100K)
BASE PENALTY = $100,000
Step 3: Adjust Penalty (Mitigating and Aggravating Factors)
(a)20%-40% substantial additional information/cooperation
(b)25% first offense
(c)10% settlement
ASSESSED PENALTY = $36,000
January 10, 2012 39
FOREIGN PERSON CONSIDERATION
Foreign Corporations – “What Me Worry?”
U.S. citizen employees, managers, officers or directors Non-U.S. citizen employees while in the U.S. U.S. co-insurers U.S. reinsurers U.S. offices U.S. capital/investments Insuring/Reinsuring transactions involving export/re-
export of U.S. origin goods Cuba (and Iran – CISADA) CAUSING OFAC VIOLATIONS
January 10, 2012 40
Contact Information
Martin FeuerZurich Financial ServicesChief Compliance Officer [email protected]
Frank BriaGeneral Reinsurance CorporationVice President and Assistant General [email protected]
David ButmanSenior CounselLocke Lord [email protected]
Kathy Silberthau StromCounselCahill Gordon & Reindel [email protected]
January 10, 2012 41