Freeze! How Sanctions Really Work

Freeze! How Sanctions Really Work

Lauren Oppenheimer,
Senior Policy Adviser of the Capital Markets Initiative,
Third Way

Featured Speakers:
Brian Ferrell,
AML/Regulatory Compliance,
Ernst & Young

Brian Grant,
AML/Regulatory Compliance,
Ernst & Young

Jonathan Burke,
AML/Regulatory Compliance,
Ernst & Young

Mieke Eoyang,
Director, National Security Program,
Third Way

G-11 Dirksen Senate Office Building, Washington, D.C.
Time: 10:30 a.m. EDT
Date: Friday, September 19, 2014

Transcript by
Federal News Service
Washington, D.C.

LAUREN OPPENHEIMER: Hi. Good morning and welcome. Thank you all for coming. I am Lauren Oppenheimer, and I run the Capital Markets Initiative at Third Way.

For those of you who’ve been here before, you might have heard my boss, Jim Kessler, say that just like people don’t move to Los Angeles to work in the government or go to New York City for surfing, people generally don’t come to Washington because they have an abiding love for financial markets. Yet when it comes to capital markets, there’s a huge and critical role for Washington. And unlike issues like health care, education and even taxes, the complexity and opacity of this – of these issues, I believe, tops all others.

So Third Way decided to launch the Capital Markets Initiative, or CMI, almost two years ago. CMI is designed to promote balanced, nonpartisan and, above all, informative and accessible written products and outside speakers to the Hill. Our only bias is that we believe in a healthy, well-functioning system of capital markets that benefit the economy and average Americans. The rest is up for debate.

So a couple of things before I introduce the panel. There is going to be a period of Q-and-A following the talk, but feel free to ask questions as we go along. On your seats, you’ll find today’s PowerPoint, some information about implementing sanctions and Third Way’s – a new paper by Third Way on Iran. And if you like today’s session, we have a couple more coming up. Friday, April 19th, Wharton professor Jim Angel is coming to talk about high-frequency trading, and on February – sorry, Friday, May 10th, Peter Matheson from the British embassy is coming to talk about the British response to the financial crisis. Lastly, thanks for coming. This is a great turnout. I know you guys are really busy right now.

So we’re excited to hear about – hear from our special guests today from Ernst & Young, and they are going to be presenting on sanctions for our Capital Markets 101 series. Our panel today will explain the fundamentals of economic sanctions, how they work, which bodies impose them, and Iran will serve as our case study. Brian Ferrell, Brian Grant and Jonathan Burke are part of Ernst & Young’s anti-money laundering/regulatory compliance practice, and they advise global financial institutions on the risk of money laundering and sanctions.

Prior to joining Ernst & Young, Brian Ferrell was chief counsel at FinCEN, Treasury’s Financial Crimes Enforcement Network. Brian Grant was at OFAC, Treasury’s Office of Foreign Assets Control, which we will learn more about today as well. And Jonathan Burke was also at Treasury, in the Office of Terrorism and Financial Intelligence. Today’s moderator is my colleague Mieke Eoyang, Third Way’s director for our National Security Program. And you might also recognize her from her Hill days with the Intelligence Committee and also Senator Ted Kennedy.

One last thing I want to highlight before we get started: Our presenters will not be making a case for or against any particular sanctions policy, nor will they be speculating about the future of sanction policies. With all that, we’re looking forward to our presentation.

And Jonathan, take it away.

JONATHAN BURKE: Thanks very much, Lauren. It’s – thanks very much, Lauren. Thanks for having us. It’s great to be here.

And you know, and Brian Grant, I should note, spent a lot of time at Treasury in a number of different capacities, in the intelligence, OFAC and the policy realm, so he has particular expertise.

And we'll keep this as informal as possible. So as Lauren said, there’ll be questions at the end, but if you have some in the – in the interim, please feel free to chime in. I know a lot of you might have been here as part of the discussions on Iran sanctions legislation, so if you have insights or comments, feel free to offer those as well. We welcome to hear that.

Let me just start by kind of framing our thinking about what sanctions are and how they work with these quotes. These are all quotes from senior U.S. officials about sanctions, but each one of these quotes has different implications for what sanctions are and how they work. You know, whenever you think about sanctions as a policy tool, you have to think about what are you targeting and what is the objective you’re trying to achieve.

So looking at terrorism, there was the quote about starving terrorists of funding. Well, the funding sources for terrorism in one case are a lot of financiers who have legitimate business interests which they use the formal financial system, and you could apply sanctions on those entities for supporting terrorism, which would then deny them access to the formal financial system. So it actually would – could freeze their funds and also serve as a deterrent for those who want to make sure they preserve their access to the financial system for legitimate business purposes.

If you look at piracy, it’s a much different profile about who you’re targeting, where the funds come from, and if you want to apply sanctions, you have to think about how are you going to do that. If you think about the case how it works, you know, pirates get their money from a bag dropped from the sky with a bunch of cash as a ransom payment, which they then take into their hometown, distribute amongst a bunch of unknowns, who then go off into the world, and that money and cash changes hands multiple times before it actually enters the formal financial system. So if you’re thinking about applying sanctions, it really is a different problem set how you’re going to do that, how you’re going to, you know, identify those people and how are you going to use sanctions as a way to target that problem.

And then the quote on Iran really talks about using sanctions as a way to pressure the Iranian government through isolation from the formal financial system, the idea being that it has an economic impact, which we’ll talk about later, and that would increase that pressure as one form of the policy to change the behavior.

So real quickly, this is the agenda we’ll go through, just talk quickly about what financial sanctions are, the different types of sanctions programs, the authorities that are used in the Iran context. We’ll talk – Brian will talk to us about – Brian Grant will talk to us about how the banks actually implement these regulations and how that works inside the bank and inside the financial sector. Then we’ll look at the evolution of Iran’s sanctions, kind of all in one place, how they’ve shifted in some key – I’ll highlight some key things that have had an impact on the financial system and how banking transactions work, and then we’ll just talk quickly about the impact on the Iranian economy and how that’s derived from a loss of access to financial services.

Here’s the required disclaimer that was added in by our lawyers, which is another topic we can delve into later. (Chuckles.)

So really, the point here is that financial sanctions are a tool for governments to pursue foreign policy objectives and to counter national security threats, and they do that by enacting a prohibition against access to financial services from certain parties in a number of different ways.

There’s a difference between anti-money laundering and sanctions that I just want to highlight. And the easiest way I learned what it was is that money laundering refers to basically taking dirty money and trying to make it clean, so money that’s derived from – that are proceeds derived from illegal activity, whether it’s drug dealing or something else. There’s a whole range of prescribed what are called predicate offenses that say if you take the money derived from this and you try to put it in the financial system and make it look legitimate, that’s money laundering. And there’s a little bit of an overlap, but there’s – it’s quite different.

Sanctions, commercially, are taking clean money and making it dirty. So you’re taking money that is not derived from criminal proceeds necessarily but is used to fund things that are prohibited or transactions by prohibited parties that have been enacted by governments through sanctions.

There’s also differences in regulatory requirements, which we can talk about more if you’re interested, but basically, there – I mean, there is a requirement for banks to have an anti-money laundering compliance program. And the output is different. If you’re looking for money laundering, the compliance program for money laundering seeks to identify suspicious transactions, report those to FinCEN, which can then be used for prosecutions on the basis of money laundering as a criminal offense. Sanctions are different in that it’s administered by Treasury’s Office of Foreign Assets Control, OFAC. There’s not a requirement for an OFAC-specific compliance program, although OFAC considerations are taken into account when bank examiners go in and look at your AML compliance program. They also look at factors dealing with sanctions.

And the output is also very different because what you’re – because sanctions – you need to not let a transaction go through that would be sanctionable. So you’re not – you’re not passing a transaction and reporting it as suspicious; you’re trying to stop it or reject it or whatever is required by the sanctions. So it’s kind of – it’s much more of a real-time focus, and it’s very focused on prohibited parties and prohibited activities.

So just to talk about, quickly, the types of sanctions, there is 22 different programs administered by OFAC, and these range from broad country programs – so you might have an embargo that says you can’t do any business at all, no trade with a country – we have that in Iran, Cuba, Sudan was a program – then there’s targeted measures – targeted financial measures. These were often referred to as “smart sanctions,” targeting specific conduct. And so that’s where you have the SDN list, whether it’s WMD proliferation activities, terrorism, narcotrafficking, that sort of thing. It’s using an authority that says these actors are engaged in this type of conduct, and as such, they’ll be added to this list of prohibited entities. And that also freezes their assets so they can’t get access to them, if they have assets in the jurisdiction of the United States.

And then there’s this concept of secondary, or what some people call extraterritoriality, or extraterritorial sanctions. This is only in the U.S., as far as I’m aware. I don’t know if anybody knows any other programs that do this. And this says basically if you’re doing business with Iran – certain business with Iran that’s described – then you could lose your access to the United States, even if that business is not in U.S. dollars, does not involve a U.S. person, does not touch the U.S. at all. They’re completely separate. The idea being that there’s a risk associated – if you have access to the U.S. financial system and you also are separately doing business with bad guys, then there’s contagion of risk; that that could leak over in the U.S. financial system, is one theory behind it.

So they’re all different programs that derive from different authorities, which we’ll talk about, and they have very different impacts. And again, feel free, if you have questions or comments, shout them out.

So we can go to different authorities. One is legislation, which I’m sure you’re all very familiar with. And the key thing about legislation is it provides a basis for further actions to implement sanctions. So you have the International Emergency Economic Powers Act, IEEPA, authorities, which from IEEPA authorities are derived things like executive orders to implement certain types of sanctions. So that was a congressional act that provided the basis, and what happens is, under that authority, the president can declare a national emergency and issue an executive order that imposes certain sanctions; it’s done in the Iran context, you know, the WMD authorities, North Korea, terrorism. I think Libya was done under IEEPA, wasn’t it? So that provides that basis.

And then you have the more recent Iran-related legislation – CISADA, the NDAA, TRA, and then the IFCPA. By the way, the Iran Threat Reduction and Syria Human Rights Act, TRA, the issue – this is kind of an interesting aside – was what to call that as an acronym, because it was called ITRSHRA for a long time. That didn’t seem to resonate very well, and they finally took a formal decision to make it the TRA. That’s why we use that. Important issues in the government. (Laughter.)

And the other thing these do is often they amend previous legislation. So you have, like, CISADA and NDAA, and then you have the TRA, which amends portions of CISADA, amends portions of NDAA, and it actually makes for a very complicated regulatory framework and it’s very hard to keep track of. This did that, then you have this new thing that does something else, and trying to pull all that together is very difficult, and very difficult for banks and others to sort through.

These are some of the executive orders that have been issued since 2009 related to Iran. You can see there’s quite a number of them and they do a range of things. But again, these are derived from that IEEPA authority. So they would declare a national emergency and issue an executive order targeting some specific. And these are all separate and specific and distinct, so each one of these has a particular function. It’s not just an executive order that says we’re going to target everything in Iran. It’s got to be tied to something specific, and this is the law, these are the regulations that get put out to implement this stuff and say this is what you can and can’t do. And I’ll go into these in more detail.

And these are the examples of the secondary sanctions I describe, where CISADA said – CISADA started this off, saying you can’t – if you’re doing business over here, you can’t do it over here. And that concept, which I think we turned into a verb of CISADAing, got added into these other authorities, like the NDAA and the TRA and then the executive orders as well. They all said we’re going to apply sanctions on foreign entities – foreign financial institutions if you’re doing this business related to whatever. First it was designated banks, then it was oil, then it was, you know, U.S. dollar business, that sort of thing. So I know that’s a very popular concept nowadays.

And this is how it worked. So CISADA said, if you’re conducting significant transactions with certain categories of Iranian entities, you get – your access to the United States gets cut off. Those categories were banks designated under the WMD and terrorism authorities, IRGC entities, entities that are designated under U.N.-Iran related sanctions, and any transactions related to terrorism or WMD. So it has to fall under those categories and you have to – they have to be significant transactions and they have to have knowingly conducted them.

And what it means to get cut off of access to the United States – so a foreign financial institution has access to the United States through a correspondent account. This is basically a bank’s bank account at another bank. So if you’re a bank in another country and you have a client who wants to conduct a trade in dollars or with a U.S. person, they might go to their bank in that country, who then has a correspondent account in the U.S., and it would either get routed through the U.S. out to somewhere else to turn it into dollars, or it would come to the U.S., where it can then get routed to another U.S. bank for a U.S. party. So it’s how banks access U.S. dollars and the U.S. financial system. And that’s the thing; it is a correspondent account that you would lose access to by either being – you’re either cut off or you couldn’t open it, so your failure to – you can’t maintain.

They could also impose strict limitations on that. But the two examples that I can highlight later, they said you’re not allowed to access it at all. And those are the only two examples where this concept has been put into practice.

The Foreign Sanctions Evaders Executive Order takes a similar concept and says if you’re doing something completely outside that evades – seeks to evade sanctions or is deceptive, even if it doesn’t involve the U.S., you lose your access. And then this was expanded – in NDAA, TRA, Executive Order 1362 and the most recent IFCPA – to say central bank of Iran, the government of Iran ¬– so all government of Iran entities, if you’re doing business with them, except nondesignated Iranian banks, if they’re doing transactions related to the purchase of Iranian crude or petrochemicals absent the exception that was granted to a number of countries, or related to – doing transactions related to acquisition of gold or U.S. dollars by Iran – any of those, you could lose your access to the United States for conducting that business if you’re a foreign financial institution.

And then, quickly, these are the international authorities. There was a number of U.N. Security Council resolutions. I think the point here is that U.N. resolutions can be the most effective in terms of it’s implemented – it’s an obligation to be implemented across the world, but the standards can be much lower because you can’t get everybody to agree on the same sanctions. And so there is a number of – you have the U.N. framework and then you have unilateral measures. The U.S. has obviously been leading that effort. The EU is right there with us, I think, by now, doing a number of things unilaterally that really create a robust international framework of sanctions that have some key differences but are quite well aligned.

And I’m going to turn it over to Brian Grant to talk about kind of how this looks inside of a bank and what the banks have to do.

BRIAN GRANT: I think I’m going to try to stand up, if everybody can hear me , because – could you advance just one slide to our sanctions control – (off mic). Can everybody – everybody can hear me? I just need to be –

MS. : Can we get a mic for him?

MR. GRANT: I’ll try to talk very loud until then.

But Jonathan has painted a picture, I think, of regulatory complexity. He’s painted a picture of a dramatically changed environment over the last several years with respect to economic sanctions. We’ve got an increase in the number of sanctions programs, an increase in the type of sanctions programs, sanctions programs that have increasing extraterritorial impact, and a picture of a world where it’s no longer just the United States that’s using sanctions, but a variety of different global actors.

(Pause.) Testing. (Referring to microphone.) All right. Excellent.

So there’s this – there’s a very complex sanctions landscape. But banks are businesses, right? Banks aren’t think tanks. They’re not the government. Banks need to translate this complex regulatory environment, these complex external risks, this world where a variety of different actors are engaging in increasingly sophisticated circumvention techniques to avoid sanctions – they need to translate this into operational controls. And that’s what I want to talk about here.

When I first left government about a year and a half ago, I thought that the main thing that I would be talking to banks about would be things like the most cutting-edge, circumvention typologies that Iran is using to avoid U.S. and international sanctions, or the most sort of esoteric new regulations under CISADA or the National Defense Authorization Act, or the foreign Sanctions Evader EO or the GRAHVITY executive order. But really what financial institutions want to talk about is how to implement this control framework, how to – you know, where the rubber meets the road. And when you think about financial institutions, global financial institutions – and coming from the government, I thought that I understood organizational complexity, large organizations – banks are far more expansive in their geographic footprint, in their operations, in the different jurisdictions where they’re present than even a place like the Treasury Department, which I thought was a large organization, but by the standards of these large banks, it really isn’t. And so when you’re thinking about these controls, you have to think about the bank and the way the bank is organized and the products and services that it offers.

So when you look at a bank, you’ve got the businesses, right, the actual owners of the products, services and, by extension, the risks, so you’ve got usually – you know, broadly, you can sort of define – break a bank up into a wholesale side and a retail side, and you’ve got folks with critical sanctions compliance responsibilities in the businesses.

Then you’ve got support functions at the group or corporate level. So with the support functions, you’ve got compliance, OK, and that’s what everybody spends a lot of time talking about are the compliance offices in these financial institutions, but really, when you look at what goes on in a bank, there’s a very large universe of things that are not under the direct control of a compliance office. And that’s been a key revelation to me over the last couple of years is just the extent to which there are other components in a bank that you have to consider.

So you’ve got compliance. You’ve got the legal function. There may be a risk function. You’ve got an operational component. And critically – and I’m going to keep coming back to this – you’ve got a technology component. Sanctions implementation in a financial institution is probably a majority a technology issue, or at least half is a technology issue, a data issue, a data integrity issue.

So you’ve got the businesses. You’ve got the different functions. You’ve got geographic units, right? Depending upon the size of the bank, it’s not uncommon for a major global financial institution to be in anywhere from 50 to a hundred different countries. And so there are support functions and business functions at all these different levels. You’ve got a very complex organization.

So here is – this is the framework that we use to do independent program reviews, independent sanctions program reviews for financial institutions. And I think it’s a pretty good overview. And I’m not going to have the time to really dive into each component; I’m just going to highlight a couple of them, and then in the question-and-answer period, maybe we can, you know, dive into some more particular.

But it all comes down to governance, obviously. Any organization is really about governance. Policies and procedures gets a lot of focus, right, how do you develop the – when you look at all these different sanctions programs that are out there, how do you translate it into policies that are meaningful for a bank – and that provide guidance to these different business units globally on how to actually do sanctions compliance. I feel like when you look at banks, pretty much most of them have a ex-OFAC person who’s in charge of the compliance program. I feel like banks are in a pretty good position with respect to compliance policies. Obviously, they’re always ever agreeing and improving their policies. But really, where the challenge is, and I’ll get to this, is more on the operational side.

Risk assessments. This is an area where we’ve been very active as a firm. You’ve probably heard that the foundation of an anti-money laundering and a sanctions program, particularly anti-money laundering, it’s a risk-based approach, right? It’s putting the – putting the majority of your resources to those areas that generate the most – that cause the most risk. And crafting a global risk assessment that accurately incorporate economic sanctions – historically, a lot of risk assessments were very AML-focused. And most of the regulatory pressure sort of historically I think has been an AML contact, although certainly, over the last several years with the very large sanctions fines, it’s – the pendulum is swinging, and sanctions is really getting its due, but historically, the regulators have had a lot more sort of scope and – scope in the AML context. So tailoring the risk assessment, the identification of the risk areas, the identification of the appropriate control and assessing the extent to which those controls mitigate risk is key.

So let’s take the Iran situation. Over the last couple of years you’ve seen a number of actions that target what Iran is doing to avoid sanctions. So shipping, you’ve seen Iran trying to get its oil to market, so they’ve been increasingly involved in chartering vessels and moving their own crude to areas in Asia, Southeast Asia. They’ve been using money service businesses in general trading companies in the UAE, Turkey and other jurisdictions. OFAC issued an advisory and a sanctions program targeting sanctions evaders, right?

So taking those – so now we know shipping, money service businesses, general trading companies – these are things that we need to make sure – if we’re a financial institutions, we need to make sure that when we’re doing our customer risk rating, when we onboard a customer and we bucket them according to high, medium and low risk, that we capture these factors, that we know that from a sanctions perspective, a ship charterer is somebody that we’re going to want to take a closer look at and maybe subject to some enhanced monitoring, whereas in the AML context – I mean, I don’t think shipping really matters from an AML context; I really haven’t, you know, come across that being significant.

But screening is really the – just sort of the heart of a sanctions program, making sure that your customers and your transactions – that you’ve not onboarding a customer who’s subject to sanctions that you’ve not processing a transaction that involves a sanctioned party.

So how do you do that? Well, I mean, in a nutshell, it’s running your customers and running your transactions through a filter – and there’s a lot of different vendors out there providing these filters – and making sure that you’re not transacting with these individuals. But that’s a – that’s much easier said than done. There’s very, very significant challenges here, challenges related to:

Selecting lists, list selection, what lists do you use – there’s a variety of different lists in the United States; there’s a variety of different global lists – selecting those lists, downloading them, putting them – putting them into your system while – all while maintaining data integrity.

Reconciling data, make sure that the list that you pull is actually the correct list and that the data doesn’t get corrupted along the way, which happens.

Disseminating those lists across the globe to make sure that all your screening locations are using the same lists – and again, when that list is disseminated, it’s not corrupted, OK.

You’ve got a variety of different products and product processors and customer data platform that you need to screen, making sure that when the data goes from that product processor into the screening engine, that data is not corrupted along the way, making sure that the screening logic used – so the way it works is these filters, they don’t just search – they don’t do kind of exact name matches; that used to be the way things worked a decade or so ago, but you’ve got a lot of different permutations of names. You have to have smart software that can identify different variants of sanctions-related names. So you have to come up with the correct. You have to tune that logic to make sure that you’re catching all the different potential variations of a name. And I remember we did an exercise at the Treasury Department: Moammar Gadhafi, you could spell his name 38 different ways, with a Q, with a G, with a K, with an H, not an H, two Fs, one F, all that. Can you capture that? Can you capture – are your filters sufficient to capture purposeful adulteration of names where wildcard characters are used to sort of mask a reference to a sanctioned party? Can you capture that? And that all of your different screening locations globally using the same logic. These are key challenges.

And you’ve got different types of screening. You’ve got customer screening when you bring them on, but you’ve got screening – every single time a sanctions list changes you have to screen your customers. Every single time you have information that changes in your customer, if your customer comes in and changes their address, that needs to be captured, and that needs to be screened. You’ve got payment screening. You’ve got trade finance, so – which is very document-heavy, so you have – that involves a manual review of documents, and how do you make sure, with a global enterprise, when you have all these different people that are reviewing the alerts that spit out from these different systems, that they’re dispositioning the alerts in the same, that they’re documenting the alerts in the same way, documenting decisions to close in the same way. Regulators are looking at that. They want to make sure that their decisions to close are defensible and that you’ve got a record of it and that you can produce it and that you’re – you have the right investigative methodologies when you go and – how do you do Google searches to make sure the person that you’re dealing with is not the guy on the list, and how – do you do screen shots of that? How do you do that? How do you do that in a way that doesn’t grind your business to a halt? So that’s a subject that we could talk about forever.

And I’ll just skip ahead to a couple of other things. Training is obviously critical. We’re seeing financial institutions move towards more tailored training, case studies rather than just sort of general Web-based training. We’re seeing things tailored to business lines. You’ve going to trade – you’re going to have to train your trade finance people in a different way that you train your customer onboarding folks.

MIEKE EOYANG: Brian, maybe just in the interest of time, we can go through this quickly –

MR. GRANT: OK. Sorry. Yeah.

MS. EOYANG: – just because I want to make sure we get to a good discussion.

MR. GRANT: Yeah. Yeah.

So, I mean, that’s pretty much – those are the key things. I mean, assurance, making sure the screening is being done in a way – in a way that is dictated by policy: You need to write management information. You need – reporting across the enterprise on alert volumes to see if alert volumes suddenly dip in a particularly jurisdiction. You need to test, not just with independent audit, but you need to bring in and constantly test your screening filters to make sure that they’re catching things so that you don’t have – it’s not a single violation; it’s very difficult to avoid single violations of sanctions. It’s when they snowball into something significant that you end up in regulatory hot water. So that’s pretty much it for now.

MR. BURKE: Thanks, Brian. Yeah, you know, it’s – that’s really the heart of – it kind of illustrates that it’s not easy for a bank to – I mean, a bank might have – you know, a large global financial institution might process hundreds of millions of transactions a day that are worth over, you know, several trillion dollars. And finding – making sure that all of those stay within the boundaries of sanctions requirements is difficult, and so these systems are necessary.

And to give an example, you know, we – coming from the policy world, we’re familiar with this idea that we looked at policy objectives and we created policy recommendations and – in implementation that just said, here’s what we want to do; here are – (inaudible) – I could go out and do it. Can’t you just do that? It makes sense to us. But when you work inside the banks, they have to actually make that work, and it’s a very difficult – it’s a very cumbersome process, and so that’s why a lot of these things are automated, and they have to have a system that captures that.

One example that came to mind – I thought it was funny when Brian was talking about the different permutation of lists, and they call it – so here we – you have this slide that talks about fuzzy logic. “Fuzzy logic” is a term that says, well, we need to make sure our screening capability picks up different spellings and that sort of thing. I remember coming to work one day at the Treasury Department and learning that OFAC had designated Israel, because there was a group that was put on the SDN list whose acronym spelled “Israel.” But what that caused was that banks were stopping transactions that dealt with Israel, and they had to fix that. So that’s one case where these things happen, and it has to comport, and banks have to figure out how to – how to – how to adjust.

So let me just kind of move quickly through here so we can get to the questions. And I’d rather talk about what you’re interested in and make sure we hit on that. This is a snapshot of OFAC penalties from 2004 to 2012, so it doesn’t include anything this year, which there were some significant fines, but you can see the yellow is financial services, so that’s been a big industry that’s hit by OFAC fines.

And then let me hit on a few highlights here. What this shows is the top of the line are some key actions, not all of them, but some key actions throughout the Iran sanctions program since 1987, when the first ban was on imports, and how that’s evolved. It’s gotten a lot more concentrated on the right side. But the – below the line is basically the impact that’s had on banks, and just a few things I want to highlight.

Number one, September 2006 was the revocation of the “U-Turn” license for Bank Saderat, Iran’s Bank Saderat. What that means is a – there was a ban on doing direct transactions with all Iranian banks, but the “U-Turn” license was implemented to allow Iranian banks to access the U.S. financial system indirectly, meaning that there was a license that said if an Iranian bank was party to a transaction, it could come through the U.S. as long as the Iranian bank was not on either side directly of the transaction. So using their correspondent accounts I described earlier, an Iranian bank would have to go to another non-Iranian bank, which could then come into the U.S. for the transaction to put into dollars and then go out to another non-Iranian bank and then – and then to another bank. Maybe it’s a – you know, probably not – Iran would only be on one side of that transaction, but that was the “U-Turn” license. That was revoked in 2006 for Bank Saderat, and that started this whole kind of campaign for targeting banks based on their activity.

So then from 2007 to 2010 on the top side you had – Bank Sepah was designated, which was – you know, by the U.S. and then ultimately by the U.N. It’s still only one of two Iranian banks designated by the U.N. And then there was a series of kind of banks, Iranian banks that were designated for their conduct, mostly – Saderat was designated as supporting terrorism. The rest of the banks were designated under the WMD authorities for being related to proliferation.

And then that kind of spawned this kind of international effort to target banks. And what that resulted in was that banks had to freeze their assets, and they’re subject to U.S. jurisdiction. And then as more jurisdictions and countries put these measures into place targeting banks, that same thing would happen, and they couldn’t conduct any transactions with them. And the “U-Turn” license was eventually revoked for all Iranian banks, so the “U-Turn” – the “U-Turn” wasn’t – if a bank was designated, they couldn’t use the “U-Turn,” but if they were nondesignated banks, they could use the “U-Turn,” and then that capability was taken away as well.

And then you have CISADA in July 2010, which I’m sure you’re familiar with. This was, as I mentioned before, the paradigm shift, in my view, of saying, OK, you know, we’ve cut Iran off from the U.S. financial system, you know, 20 times already. Now we’re going to say that if you’re a foreign bank doing this business with Iran, you’re going to get cut off, and that spawned a bunch of subsequent actions that continue to look at how can we apply that same concept of CISADA-ing banks and also nonbanks now for doing certain business with Iran.

So that’s where you led into the NDAA targeting oil; Foreign Sanctions Evaders has the same concept, the TRA and then the IFCPA. And on that, CISADA, I’ll mention the two actions that have been taken were against Bank of Kunlun of – in China and Elaf Bank in Iraq. So Treasury Department made a determination that those banks conducted significant financial transactions with designated Iranian banks, and as such, they prohibited them from maintaining correspondent accounts in the United States.

In February of 2012, there was an executive order issued that blocked the government of Iran. And this is a distinction that I never used to pick up on, but this was interesting. The government of Iran was always prohibited from accessing the United States, but it was a rejection program. So if a transaction from the government of Iran came to the United States, it would be rejected. It would be sent back. The bank would have to say, I’m sorry, we can’t process that, and they’d send the transaction back.

They changed that to a blocking program, which meant that when that transaction came to the United States, it had to be held and blocked. And that caused quite a bit of, I think, consternation for those who were transacting with Iran for legitimate purposes. A lot of people can’t keep this stuff straight. So a foreign country’s importers, exporters who were doing business in U.S. – they don’t know what they can and can’t do, and they – but they saw this as, like, well, now if we send this transaction forward, and we may – and we – and we messed up, we won’t get it back; it’s going to have to be blocked.

And so that had quite an impact, I think, on some of the psychological thinking behind doing any business, any trade with Iran, even if it’s permissible, because there are some categories, as you probably know, that are not prohibited. And so that – and so that – but that concept of CISADA continues, I think, today.

MS. EOYANG: Jon, why don’t we hold the economic impact stuff for questions, because I think people will have a lot about that, and I think we probably want to get the audience a little bit more involved.

MR. BURKE: OK. Sure, that was the last slide, so –

MS. EOYANG: OK, great. So as the moderator, I’ll ask the first question, which is, you know, in Congress, when members of Congress pass a sanctions regime, and they say, OK, we’re going to take this action against this foreign country, they sort of feel like, OK, done; we’ve done our job. How long does it take the financial – you know, between the executive branch regulations and the financial institutions to actually put that in place? Is it – you know, you pass it, it’s signed into law, and then we’re just done, or does it take some period of time? Because you guys have described a fairly complex regime that has to be in place in order to make sure that transactions are stopped. What can people reasonably expect before a country starts to feel the pinch from a sanctions regime passing?

MR. BURKE: Well, I’ll start, and these guys can jump in. But as you know, laws have come out have different timelines associated with them, so those have been built in to some degree. It’s been – you know, you – within six months, you have to do this. I think the deadline just hit. For foreign banks purchasing oil from Iran, with an exception from NDAA, can no – now, as of February 6th, no longer process those transactions through a third party. It has to be done – that was the bilateral trade provision that was in the TRA, so that deadline was imposed.

MS. EOYANG: So that was like a six-month –

MR. BURKE: So it was six months, so by that point any transactions after that could be subject to sanctions. But in terms of the SDN list, if there’s a new party that’s put on the SDN list, designated, whatever, as Brian mentioned, that gets put into screening filters, and they update their – you know, they rescreen every time that list is updated. So OFAC will push out an updated SDN list. The banks will see that, and they’ll screen, you know, right away, and it’ll be immediately incorporated into their framework, you know, provided they have the framework in place, so just a couple examples.

MS. EOYANG: Great. We have some microphones that’ll go around the room for folks. If people have questions, just raise your hand while I make sure someone brings the mic to you. We have one here.

Q: Yeah, two questions. The first one – based on your slides, it seems like if you’re not knowingly engaging with Iranian banks or institutions, GOIs, then you should be theoretically cleared. Can you talk about why – what regulations are actually on the banks to comply with this and why it – the onus is on them and not on the government? Because it would seem like, you know, I don’t know where the money’s coming from; ignorance is bliss.

The second question is you hear a lot about Iranian sanctions are there, but it’s not being enforced. Can you talk about leeway in enforcement policies? Thank you.

MS. EOYANG: Great.

MR. GRANT: Sure. I can take a – take a stab at answering that. So in terms of – the obligation to comply with the Office of Foreign Assets Control regulations rests on U.S. persons. Now, U.S. persons is defined differently depending on the program, but broadly, there are sort of two ways in which U.S. persons are defined. One is U.S. companies, U.S. individuals, any foreign branches of the U.S. person – company. And that – and that definition excludes foreign-organized subsidiaries. But in two situations, Iran and Cuba, foreign-organized subsidiaries – so subsidiaries of U.S. corporations set up under foreign law, operating at an arm’s length, are actually encompassed in the Iran and Cuba sanctions.

In terms of the obligation to identify transactions with – you know, to identify parties that are potentially subject to sanctions, I think it’s a shared obligation between the governments and the banks, right? So the government – and you know, this is what Jonathan and I spent a lot of time doing – you know, works very hard to keep generating and putting new names on the list to kind of give life to these programs, and as Iran, for example, circumvents sanctions programs by changing the vessel names that it has or changing the names of its front companies, well, Treasury is hard on their heels redesignating those entities and putting that information out. The banks are doing the best that they can to understand their customers, understand the affiliations of their customers, you know, be very proactive in the due diligence phase when they’re onboarding something. And they’re – you know, and they’re – through the risk assessment process, they’re identifying jurisdictions and sorts of classes of transactions and whatnot that potentially pose higher risk from a sanctions perspective and heightening their monitoring there. So it’s a – I mean, it’s a shared responsibility.

But I mean, at the end of the day, with list-based programs, the government needs to put people on the list for banks to be able to really – I mean, banks have capabilities; they’re not intelligence agencies.

MR. FERRELL: And the reality is financial institutions are strained for resources. They have a number of different compliance programs that they’re implementing, and attempting to implement sanctions or AML puts yet another strain on them. Look, I was at FinCEN, and when I left FinCEN, I shifted into a financial services organization that I got to see how the regulations that we had put in place impacted that financial institution. And that was an eye-opening experience. The strain on these organizations is – it’s a noose. It’s a noose around their necks as they try to wend their way through the various regulatory schemes that are out there.

MR. BURKE: And can I just add – or try to combine both of your question together, I think, if I could – that there’s different criteria for enforcement based on the program, right? So if you’re a U.S. financial institution, there’s a strict liability associated with conducting transactions, and there’s a – you know, self – you know, disclosing that to OFAC – if you find that you conducted a transaction with a sanctioned party, you can disclose that to OFAC, which would mitigate the penalty that would be assessed to you. And they take that into account because they know, I mean, you know, something might slip through. And if you tell them about it, then they’ll work with you. And you might still get fined because it’s a strict liability, but be mitigated.

There are other programs, like CISADA, that applies to foreign financial institutions. And the penalty is not a fine; it’s getting cut off. And the standard is knowingly conduct significant financial transactions. And they use the constructive knowledge, as they call it, “known or should have known.” So if you say, oh, we’ve got all these screening filters in place, and we try to do this, and you say, well, I can put it in Google and tell you that that’s an Iranian shipping company, then maybe you should have known that. And that could jeopardize your access. So it varies based on the program, the penalties involved, and kind of, like, you know, how you approach it.

MS. EOYANG: I think we had another question in the back.

Q: Yeah, hi. Thank you very much for taking the time to explain to us sanctions today. I have a question more generally based on – I’m going to try to capture it – you know, banks work on a global level, and basically, some of them have, working under different jurisdictions, branches, subsidiaries, extensions in different countries. How do they all basically collaborate in terms of managing sanctions? Are there any, like, work-throughs with that? Do they have any, like, whistle-blowing techniques that they can basically alarm one another whether, you know, they go through with sanctions or whether they don’t? It’s more or less what I’m trying to get to.

MS. EOYANG: Brian, you want to –

MR. GRANT: Sure. That’s a good question, and maybe even the key question when you’re talking about institutions of this size and geographic footprint. And there’s no easy answer how do they collaborate on a – on a global level. I mean, there’s a variety of different ways. One is through, you know, information sharing, making sure that there’s a management information reporting infrastructure in place such that the center group-level compliance has a good view into what screening trends and what sanctions trends are going on at the various – at the different country levels. There are – a lot of institutions are setting up committees, global compliance committees that deal with sanctions issues, so if there are material changes that a particular jurisdiction feels like it needs to make with respect to the way in which it conducts sanctions compliance, sanctions screening, that it’s being decided at a global level with – under a consistent thought process. So that’s – you know, that’s one of the – one of the tools is management information reporting, committees, information sharing, issue management and escalation, so when there’s been a compliance issue identified in one particular jurisdiction that it’s elevated such that other affiliates understand what’s going on in that jurisdiction and can take their own measures to mitigate the risks that are coming from their own affiliates. There’s a lot of different ways, but it’s a big – it’s a big challenge.

MS. EOYANG: Brian, let me take another on that question, which is how much are the banks actually interested in this compliance? We’re talking about transactions where there’s a lot of money at stake. Are the incentives there for them to actually – and given how complex the compliance regime is, do they really want to work together to do this? Is there an upside for them about living in the gray areas? Is it sloppy compliance? What’s their mindset about how much they want to be in compliance with this?

MR. GRANT: I mean, when you say, when they want to work together, you’re talking intrabank?

MS. EOYANG: Intrabank, yeah.

MR. GRANT: I mean, certainly within a bank, there’s a lot of incentive because the reputational risk hits the bank as a whole. Even if – even if the compliance issue emanates from some obscure corner of a far-flung financial institution, you know, it’s going to have the name of the bank, the global brand. So it’s that reputational risk that gets, I think, everybody interested.

MR. BURKE: And I would also add to that, I mean, you know, even from – remembering trader days – banks feel that it’s not profitable to operate in the gray because you’re talking about sanctions parties who aren’t big clients, and so it’s – you know, if they could expunge them in a cost-effective way, they would do it, and it’s a matter of trying to find – you know, figure out – find a needle in the haystack. So I think that they do want to do that.

Q: So I would just like to build on that question and just follow through with more of an economic dimension. At what point do the banks step in and say, you know, we’re going to – you know, we see the transaction here, and we see the sanction – I mean, do they let it go to the (intermediary ?) market at that point; they allow the money to kind of generate money, and then they red-flag it and bring it back? Or is there a provision or safeguards in place before that can even happen? Because obviously, banks are, you know, in the business to make money, and you know, it’s – you know, I think it’s important just to be able to capture at what point they red-flag it. Thanks.

MR. GRANT: I mean, I think, you know, banks – obviously, I mean, they’re economic entities, and you know, they’re – you know, as all companies, they’re interested in making money. But the way you make money is with your core businesses in, you know, the – the corporates, the everyday people that you issue loans to; it’s not – for large institutions, it’s not through sanctions busting or sanctions evasion. That is – that’s not a profit center; it’s a tremendous cost center, compliance costs, reputational costs, which are very hard to calculate. And you’re seeing a lot of institutions, when they’re – when they do the weighing, when they look at particular units that are costly from a compliance perspective but maybe particularly not – you know, not a core business, they’re exiting. A lot of banks are exiting businesses globally. You’re seeing a contraction in some areas, exiting geographic areas, exiting product lines. That’s one of the key things that I think we’re seeing over the last couple of years.

MR. FERRELL: The global financial institutions are taking sanctions very seriously. You can’t spend a day without opening the page to the Washington Post or New York Times and see a financial institutions that’s been hammered with a fine by either Treasury or the OCC or some other federal government entity. It’s – they are trying to fix it. So they’re hiring folks like ourselves to come in with our – with our expertise and help them figure out how best to do it. Again, there’s hundreds of millions of transactions running through one global financial institution a day. And they’re trying to sort out how best to capture that and avoid the risk and the fines.

MR. BURKE: Yeah, juts to add to that, I mean, there’s not any one right way to do it either, right? So OFAC says, these are the sanctions; don’t violate them. A bank has to figure out, well, how do we – how best do we do that? And that’s – you know, Brian was showing the sanctions control framing that kind of gives it an idea of most of the key categories of where you need to apply some kind of control to make sure that you’re in adherence of sanctions and something doesn’t slip through.

But there’s no right way, and banks are different, so something might work for one bank and may need to be different for another bank based on their lines of business, their footprint, where they operate, what kind of business they do, that sort of thing. So it’s really a – you know, in terms of that, it’s really – it varies by bank, and it’s a constant work in progress.

MS. EOYANG: The – we have another question in the back.

Q: You mentioned that it takes so – that it’s – you – I see in the – in the timeline that there are so many different laws in the last few years that have deal with Iran sanctions.

MS. EOYANG: There’s a mic there if you need it.

Q: OK. You mentioned the timeline that shows how many Iran sanctions there have been in the last few years. How long does it take for us to be able to tell if it’s working? And is it helpful to have other laws pile on other laws immediately after?

MR. BURKE: I mean, I would say that – I don’t know what the lag time is before you see an impact. I think there’s just actually probably some lag time. I mean, I – if you look at the stats, you know, the recent press, the Iranian oil minister said 45 – they have a 45 percent decrease in the repatriating of oil money. So, you know, a lot of the – the part of the impact that I was going to talk about here is that they’ve lost access to financial services, which increases costs, makes things difficult. And that’s one example of what you’ve seen. And that was probably from, you know, NDAA, when NDAA came out and said, you know, you have to have these exemptions (to do ?) oil, and there were time frames associated with that.

So I mean, I don’t know the actual answer of how long, but I do think that there’s probably some time associated with, just in the terms of the global commerce, how you see things happen, timelines put into effect for the implementation of sanctions, like the recent February 6th deadline of no more third-party transactions with Iran. I don’t know if anybody’s seen any impact from that yet, and I don’t – I don’t know when you would.

But I think you also look at the impacts cumulatively over time. There’s a number of things that drive up costs, and people react, and they do different things, and then there’s deception, and then there’s more sanctions. And so it’s kind of a cumulative effect that kind of all goes together, which I know doesn’t give you a time frame, but that’s how I see it.

MS. EOYANG: One of things I noticed when you were talking about the Iran sanctions was sort of the multilateral nature of them and how the EU was on board. What does it mean to be able to have more than just the U.S. on board? How much is the lack of other country compliance creating a backdoor for sanctioned countries to be able to continue their business? And how does that work in the financial markets – or the financial institution, sorry.

MR. BURKE: So the value of having – from a policy perspective, if you’re the United States and you’re opposing sanctions, you are limited in your jurisdiction. And so a lot of countries, when they reacted to the CISADA approach and said, this is extraterritorial – I mean, some countries have laws – Europe has a law that says, you know, it’s illegal for a European entity to abide by foreign sanctions laws, which creates this conflict of laws issue where they say – if they want to break a contract because we just sanctioned somebody and if they continue to do business with that sanctioned entity, they could lose access here, they have a problem, you know, getting out of that contract because they can’t do it because of foreign laws. So you have those types of situations.

But to the extent that you have sanctions programs aligned, it bolsters the – their reach. And so the fact that the list of Iranian banks designated by the EU is very close, if not – well, I think there’s a couple (off ones ?), but for the most part, they’re identical as the U.S., and it’s not by accident, because it helps to create solidarity, but also, for banks, it’s a lot easier for a European bank to say, we can’t do that business either because it’s an EU law, but it’s also – protects us from, you know, what they would consider extraterritorial sanctions from the U.S.

MS. EOYANG: We have a question in the back. Darrell (sp). Can – he’s bringing you a mic.

Q: (Off mic) – but what’s – what remedies do the financial institutions have if they’ve complied with – as far as they know, with the applicable laws, they’ve done all their due diligence, and a transaction – series of transactions gets flagged and sanctioned, and ultimately, it turns out that they were legitimate transactions that should not have been sanctioned? What kind of remedies do they have? Because what – it’s hard to uncrack the egg, and you spend, you know, perhaps hundreds of thousands, millions of dollars in compliance costs in fighting a potential OFAC or other sanction. How do they – how does Treasury and other institutions deal with – how do they deal with that?

MR. GRANT: So can I just ask a clarifying question? Are you saying a situation where a financial institution is penalized for transactions that ultimately are revealed to be permissible?

Q: Right, they may be penalized, but they may not even get to that stage, but just the – dealing with it and trying to manage it once the transaction has been sanctioned.

MS. EOYANG: Yeah. I think that’d be useful, just to sort of – in the gray – if there are sanction – or if there are transactions that are questionable, what’s the – either the parties or the banks remedied it, trying to resolve that with – (inaudible).

MR. GRANT: OK. Well, let me sort of break this down. So transactions that are questionable, then you have a situation where maybe you engage in a transaction that turned out to be in violation of some kind of a sanctions regulation – and then I’ll try to answer the last situation where there was a penalty, but I’m not aware of that ever happening, a penalty being assessed that it turns out after the fact was permissible.

But with respect to questionable transactions, there’s an internal and external process. So internally, financial institutions have pretty well-developed escalation processes. So if they – if they have filters flag a payment, for example, that they believe may represent a sanctioned party, they will elevate that up. Usually, it’s identified at the business level by the wire room. For example, they might elevate that to – if – to the country compliance officer. And depending on the complexity, it can go all the way up to the group compliance level. They’ll look at it if they need guidance. Meanwhile they’ll place their payment in suspension. If they need guidance they’ll call – they’ll call OFAC directly. And that was my job for a number of years. I had headphones; I’d field the calls all day long. OFAC’s got a whole bunch of people that that’s what they do. And OFAC can provide real-time payment guidance and things like that.

Now, with respect to a violative transaction, OFAC has produced pretty helpful enforcement guidelines, which are on their website, and they lay out all the aggravating and mitigating factors. Mitigating factors are, Jonathan mentioned, voluntary self-disclosure, having a compliance program in place, having, you know, limited or no prior violations with OFAC, actively cooperating with OFAC, remediating – putting in place an aggressive program to fix whatever issue you had. If you take all those things together, you can really mitigate down a potential penalty. And remember, it’s not so much the isolated technical breach of sanctions, which is very difficult to avoid, just given the volume of global payments; it’s when they snowball into a systemic issue that things become a challenge.

And then to your final question, I – honestly, I mean, if it’s – if a transaction was not in violation – was not in violation, you know, I don’t think – I’ve never seen OFAC go after a financial institution if there is a reasonable demonstration that it’s not a violative transaction.

MR. BURKE: Yeah – (inaudible) – it’s all – it’s just like anything else; I mean, it’s subject to legal challenge, right? And what I didn’t put out before is that all these authorities, these executive orders that get put out and why they’re so specific, any sanction taken under executive order comes with it a legal packet, a legally reviewed and approved evidentiary package. So you’ll just throw people on a sanctions list for whatever reason. It’s got to be grounded in an authority, and it’s got – you know, like the IEEPA, and then an executive order that says this is the – this is the case, and there’s got to be evidence, and that goes into a package that can be classified to have evidence in it. But those designations can be challenged by foreign parties. And in fact, I think one of the Iranian banks just won a court case in Europe for challenging the sanction under European law, which – much different, and they have different criteria. But that’s why you have such different criteria for getting somebody on a list – you know, you have to have their name, their birthdate or their – some type of identification information because it’s – it could be legally challenged and overturned, so there’s always that route.

MR. GRANT: But just to add to that, it can also – the legal challenge is not just through the courts; it’s administratively with OFAC. And I’ve – there’s a – OFAC is a very well-developed process for removing people the list. I’ve removed people from sanctions list. So it’s something that definitely does happen.

MS. EOYANG: Other questions? Jessica (sp) – can we get a micro up here?

Q: Yeah, I had a question about data sharing. Seems to me like on targeted sanctions, especially, you know, if you’re going after individuals, and they’re changing names and creating new accounts and, you know, using relatives’ names and whatever, that – in order to evade sanctions – that ultimately, it would be up to the quality of the information we have about that – those people in the country, you know, for us to be able to track that down.

So I guess my question is, on U.S. government’s ability to do that, especially with countries like North Korea where we don’t have diplomatic relations, and obviously, it’s a very closed country, how do we gather that level of detail and information to be able to track those, you know, permutations and so forth?

MS. EOYANG: Jon – (inaudible)?

MR. BURKE: I mean, yeah, you know, the government – and I – you know, I’ve been out of government now, but I could tell you that they use all-source information to try to identify front companies, companies owned or controlled by people acting for – on behalf of all those derivative powers, where they put somebody on the SDN list, and then – you know, Iran was the issue I worked, and it was a great example of the shipping companies that would change names immediately, and it would change them, like, numerically. It would be Ocean One (sp), and then Ocean Two (sp), Ocean Three (sp), and you’d see all these. And so OFAC would just kind of continuously update the SDN list to account for new names.

Well, what’s interesting from the banks’ perspective and from nonbank companies as well in terms of how do they perceive that – because you can take the SDN list and screen it, and that company may have changed names, and so you have a transaction with a name that’s not on the SDN list, but it’s still a sanctioned party. And I haven’t seen a challenge in terms of whether that creates a liability or not, but what I have seen is companies – in one case, this is not a bank; it was a company that did a lot of international logistics. And they put on their website a list – I mean, the website was four pages, and one page was a list of entities of concern. And that included all the designated Iranian shipping companies, the North Korean designated shipping companies.

And I compared it in time to see before, you know, what they had here – and then I knew we had some designations coming out and that the list was going to change – they had names of Iranian shipping companies on their list before they were on the SDN list, because a lot of times you see industries know things, and they know their industry, and they know the players, and they could – I mean, that’s pretty – that’s a much smaller industry than a bank, but they could tell that, and they would – they would conduct their own due diligence. You’ll see the address is the same. So you might have a P.O. box. I think there were some recent designations in Cyprus of Iranian shipping front companies, and it was all the same address. So it was just – you know, and they just get added en masse.

So I think you see cases where, yes, there’s an ongoing effort from OFAC to put things on the list, but there’s also a lot of due diligence that’s happening in the private sector, in banks and in other companies, to try to identify where those risks are and make sure they don’t do business with them as well.

MS. EOYANG: I noticed in your slide on OFAC penalties that we had sort of very few, and then all of a sudden, starting in 2009, you have a huge number of them. What happened? Did people start getting worse at this? Did we increase enforcement? What’s sort of the – what accounts for that difference?

MR. GRANT: Well, couple of things. I mean, one, there is one fine in 2006 that should be on there that would make a pretty big bar there that – it’s not on there because it was – I think it was a forfeiture, not an OFAC penalty or – you know, I think it’s just – that’s a hard question to answer as to why it’s – you know, I think there’s a couple of answers.

I mean, one, OFAC is a much larger and more sophisticated agency than it was, you know, 20 years ago. Even when I joined, when I started at OFAC, basically, in 1999, it was a much, much smaller agency with far fewer people, far fewer programs. The programs that were being administered were, you know, large country-based programs against Cuba and Iraq, and since then, it’s really – it’s now a centerpiece of national security strategy. This entire Office of Terrorism and Financial Intelligence has sprung up around it.

And to answer the earlier question, I mean, how do you do this, how do you play this game of Whac-a-Mole where you kind of follow, you know, your targets as they – you build an Office of Terrorism and Financial Intelligence that has – you know, you put an intelligence capability in your finance ministry where you map these things out; you have a diplomatic arm of this office that goes around the world. And you know, Jonathan and I, this is what we’d do, Jonathan in particular on the Iran front. I mean, he drove a lot of this stuff. So it’s that kind of an effort.

MR. BURKE: And I think just – you know, we talked about the lag earlier of when do you see this impact. And you know, when I look at the timeline of things, the Iran campaign that went beyond the embargo we had really started in 2006 with the revocation of the “U-Turn” license of Bank Saderat, and then it snowballed from there into targeting banks. You know, this slide here isn’t just Iran; this is a snapshot of OFAC penalties in general. But I think, you know, you have all these – this kind of uptick of sanctions measures being taken, and then you have a period of building up their resources to enforce these sanctions and implement them, and then you have a period of investigating, you know, when there have been violations of those sanctions. And so to me – and this is just my own personal speculation that it kind of makes sense that from 2006, you know, that’s when it kind of heated up, and then in 2009 that’s when things were resolved, if you will, because that’s when the fines were assessed.

MS. EOYANG: Gotcha. In our National Security Program, “Whac-a-Mole” has a totally different context, but – (chuckles) – sorry, we’re much more kinetic. But anyway, other questions from the audience? No?

All right, I think at this point then, Lauren, do you want to – do you have a question?

MS. OPPENHEIMER: I have just one last question. I was wondering if you can talk about why the – like, North Korea, Sudan and – oh, thanks – just, you know, North Korea’s been in the news. We were chatting about it earlier. Can you talk a little bit about the difference between the sanctions with North Korea versus Iran, or are they not at all different?

MR. BURKE: No, they’re different, and Brian, you may know more. I’ll – I can give you my two cents. They’re different – and this goes back to this first slide about the difference with sanctions. The sanctions are very specific; they have different targets, different objectives. And North Korea and Iran may look very, very similar because they’re both, you know, pursuing or one may have nuclear capability, but they’re very different countries. And so you have targeted – the one thing that is similar, I think, is the fact that they both use front companies to procure items that are banned and deception to do it. And so there’s a similar element in order for the government to identify those companies and put them on a list so that people don’t transact with them, because they may – they’re not necessarily located in North Korea, right?

But they’re different in terms of their integration with the international financial sector. North Korea, I would argue, is much more isolated from the world community than Iran, even culturally but businesswise. I mean, Iran – it’s amazing how much international commerce the country of Iran has. I mean, they’re an oil producer. There are countries that heavily depend on that oil, and that’s been that subject of implementing the NDAA, but then just regular commerce.

There’s quite a robust relationship there I don’t think you have in North Korea, and North Korea kind of hoarded it all at top levels, which is kind of why the target or the sanction that was pursued was one of luxury goods, because the idea being that – can deny North Korean leadership these luxury items, they might change their behavior. There wasn’t ever a discussion of trying to deny Iran luxury items, because they’re not taking all their money and buying yachts. That’s the difference I see.

MR. GRANT: I mean, just a – I think a very brief answer – and I – and I say this in – not in a value-laden way or anything – sanctions are a political tool, as a statement of fact. They’re a political tool designed to achieve foreign policy goals, and the foreign policy goals differ depending on the – on the foreign policy target. So the sanctions against North Korea are significantly less stringent at the current time than they – than they are against Iran.

Does anybody know what the most stringent sanctions program that the United States government administers is? Anyone? Cuba. That’s right. You know, it’s a foreign policy tool. I think that’s the answer.

MS. EOYANG: Great. If there are no further questions, Lauren, do you want to conclude for us?

MS. OPPENHEIMER: Thank you, everyone, again for coming. We – well, thanks for coming. And I know that we’ve had a great following with the Capital Markets 101 series, so come again, and we will see you next time. Thanks.


  • Foreign Relations119