When conducting a OFAC risk assessment, it is important to consider the likelihood of your institution’s encountering a real OFAC hit or match. To do this, it is necessary to understand who and what is on the OFAC list, and where the risks are of encountering a customer or vendor that is on the OFAC list. Then, by leveraging sound AML and OFAC practices and controls, the organization can trust that they’ve taken an effective approach to their OFAC compliance program.

Changes at the top of FinCEN, the main U.S. agency in charge of AML controls, has affected enforcement of the Bank Secrecy Act. In August 2012, the Department of Treasury announced that Jennifer Shasky Calvery, a former-chief of the Department of Justice’s Asset Forfeiture and Money Laundering Section (AFMLS), was tabbed the new Director of FinCEN. Since that appointment, FinCEN has become significantly more diligent and stringent, as Shasky has a proven background as an aggressive prosecutor with a record of large bank penalty/forfeiture victories.

The ability of consumers to use the internet, cell phones, and other electronic means to make payments, transfer funds and so on has led to a range of challenges related to compliance with Anti-Money Laundering laws.

Many of these new technologies fail to leave much of an audit trail, allow for high levels of anonymity and thus create opportunity for abuse. Money laundering risk can be mitigated when limits are placed on the amounts that can be transferred, and when strict customer identification is required and maintained.

• OFAC training for an import-export company should be different than OFAC training for a financial institution.
• OFAC training for front-line staff should be different than training for senior management.
• For example, when training senior management, “real life examples” should be used of firms receiving penalties or reputational harm for non-compliance with OFAC.