The right stuff: whose job is it to manage regulatory risk?
ACI's AML & OFAC Compliance for the Insurance Industry (Day 1)
1. Going Beyond OFAC Screening:
What Insurance and Reinsurance
Companies Must Do To Avoid
Sanctions and Ensure
Compliance
American Conference Institute
AML and OFAC Compliance
for the Insurance Industry
January 24-25, 2012
2. Speakers’ Information
Frank Bria
General Reinsurance Corporation
David Butman
Locke Lord LLP
Martin Feuer
Zurich Financial Services
Kathy Silberthau Strom
Cahill Gordon & Reindel LLP
This presentation is solely for educational and
informational purposes. It is not intended to constitute
legal advice and should not be relied upon as a
substitute for legal advice.
January 10, 2012 2
3. Agenda
• Economic Sanctions Programs
• U.S. Persons ‒ Kathy Strom
• Facilitation ‒ Kathy Strom
• Iran Sanctions ‒ David Butman
• Compliance Programs
• Primary Insurance ‒ Martin Feuer
• Reinsurance ‒ Frank Bria
• Enforcement Actions ‒ David Butman
• Questions?
January 10, 2012 3
4. Economic Sanctions Programs
Key Statutory Bases: International Emergency Economic
Powers Act (IEEPA) and Trading with the Enemy Act (TWEA)
(Cuban program)
Country Programs – Burma, Cuba, Iran, Sudan, Syria, etc.
Targeted Programs – SDNs-based, terrorism, non-proliferation,
drug trafficking, etc.
“U.S. persons” — defined for most programs as any U.S.
citizen, permanent resident alien, entity organized under U.S.
law or any jurisdiction within the U.S. (including foreign
branches) or any person in the U.S. — are subject to OFAC
economic sanctions programs, and may not engage in
“prohibited facilitation”
Non-U.S. persons face risk as well — U.S.-origin goods,
causing violations by U.S. persons, branches within the U.S.,
servers or other functions performed in the U.S., etc.
January 10, 2012 4
5. OFAC: Facilitation Risks
“Facilitation” by a U.S. person of conduct engaged in
by a foreign person where that conduct is proscribed
by U.S. sanctions programs is prohibited.
Definitions of facilitation vary among programs, but
concepts are similar.
For insurance and reinsurance industry subject to
OFAC jurisdiction, facilitation includes providing
insurance or reinsurance for conduct, which if done by
a U.S. person, would violate an OFAC sanctions
program.
January 10, 2012 5
6. Country Program Definitions
Burma: 31 CFR § 537.205 (basic concept)
U.S. persons are prohibited from “approving, financing,
facilitating or guaranteeing a transaction by a person who is a
foreign person where the transaction would be prohibited if
performed by a U.S. person or within the United States.”
Iran: 31 C.F.R. § § 560.206 and 560.417
Same basic concept and adds the following to the definition of
“prohibited facilitation”:
where a U.S. person alters its operating policies or procedures or
those of a foreign affiliate to permit a foreign affiliate to accept or
perform a specific contract or transaction involving Iran without
the approval of a U.S. person where such transaction (cont)
January 10, 2012 6
7. Country Program Definitions
previously required approval by a U.S. person and such
transaction would be prohibited if performed directly by a U.S.
person; or
where U.S. person refers to a foreign person bids or orders
involving Iran to which a U.S. person could not directly
respond as a result of prohibitions; or
where U.S. person changes the operating policies and
procedures of an affiliate with the specific purpose of
facilitating transactions prohibited if performed by a U.S.
person.
January 10, 2012 7
8. Country Program Definitions
Sudan: 31 CFR § 538.407
Includes basic concept as well as prohibitions on
changes in procedures or referrals. States that U.S.
parent must ensure that its foreign subsidiaries act
independently of any U.S. person with respect to all
transactions and activities relating to exportation of
goods, technologies or services going to or from Sudan,
including but not limited to:
business and legal planning, decision making, designing,
ordering or transporting goods and financing, insurance and
other risks.
January 10, 2012 8
9. Country Program Definitions
Syria: E.O. 13582, dated August 17, 2011
Prohibits in Section 2(b) and 2(e);
- The exportation, sale or supply, directly or indirectly
from the U.S. or by a U.S. person of “any services
to Syria”; and
- any “approval, financing, facilitation or guarantee
by a U.S. person of a transaction by a foreign
person where the transaction by that foreign person
would be prohibited . . . if performed by a United
States person.”
January 10, 2012 9
10. Best Practices to Reduce Facilitation
Risk
Consider each of these definitions of “facilitation” to be
part of OFAC’s interpretation of facilitation, and
potentially applicable to all OFAC sanctions programs.
Review all proposed business and insurance risks with
these concepts in mind.
Alert and train all risk personnel and business
managers regarding facilitation risks.
Identify all “U.S. persons” so as to prevent facilitation by
such persons.
January 10, 2012 10
11. Best Practices to Reduce Facilitation
Risks (con’t)
Scrutinize and screen all parties involved in risks to be
insured (and owners thereof).
Obtain and understand the details (business, place,
parties, etc.) of transactions for which insurance or
reinsurance is considered.
Include sanctions clauses in all policies and
agreements.
Review and discuss all business in light of changing
sanctions programs.
January 10, 2012 11
12. IRAN Sanctions
Iranian Transaction Regulations
Comprehensive Iran Sanctions, Accountability, and Divestment
Act of 2010 (CISADA)(2010)
Foreign Persons Liable
Knowingly supporting Iran’s development of petroleum resources ($1M/yr or $5M aggregate)
Knowingly facilitating Iran’s domestic production of refined petroleum products ($250K/yr or
$5M aggregate)
Knowingly exporting refined petroleum products to Iran ($1M/yr or $5M aggregate)
Knowingly exporting goods, technology or services to Iran that would contribute materially to
Iran’s acquisition of weapons of mass destruction
Parent Vicariously Liable
Corporate parent liable if it “knew” of subsidiary’s prohibited activity
Divestment from Companies Investing in Iran
State and local governments authorized to divest/prohibit investments in persons
investing/extending credit of $20M+ in Iran’s energy sector
January 10, 2012 12
13. IRAN Sanctions cont.
Executive Order 13590 (November 2011)
Authorizes sanctions on persons that sell, lease or provide goods,
services, technology or support to Iran that could directly and
significantly facilitate the maintenance or expansion of domestic
production of petrochemical products ($250,000 FMV or $1M/yr.)
HR 1540 (2011)
Foreign Persons Sanctions
Foreign financial institutions that knowingly conduct or facilitate significant transactions with
The Central Bank of Iran are barred from opening correspondent or payable through accounts
in U.S.
Requires President To Impose Mandatory Sanctions Absent Exception or
Waiver
Statutory provision for waiver of sanctions by President in “national security interest”
Presidential signing statement says “non-binding” to the extent it interferes with President’s
constitutional authority to conduct foreign affairs.
January 10, 2012 13
14. Some sanctions challenges faced by
international insurers
What to Screen and When?
– OFAC, UN, OSFI, DPL, E.U.?
– Sanctions have become more “list-based”; how do you
manage the various lists?
– Insured, additional insured, beneficiaries, third parties (how
far do you go?)
– Do you screen pre-quote, at quote and or upon payment of a
claim?
– Sanctions need to be considered during the entire Product and
Insurance Life Cycle
– Should you screen periodically or at sanctions lists updates?
– OFAC requires regular screening at the update of its sanctions list
Should you use enterprise-wide interdiction software?
– Does your interdiction software integrate with your in-house systems and
database?
January 10, 2012 14
15. Some sanctions challenges faced by
international insurers, cont’d
Extraterritorial nature of sanctions regimes such as OFAC
Do you audit third party providers to ensure they conduct regular
sanctions checks?
Should you approve screening mechanisms utilized by third parties
screening on your behalf to ensure compliance with your policy?
Consider OFAC anti-blocking legislation of countries such as Canada,
Mexico and the E.U. nations
– Canadian based companies can do business in Cuba; this can be a
challenge for U.S. based parent companies
– Your company could be subject to conflicting requirements; advise staff to
contact regional Compliance or legal functions for guidance
Do you “ring-fence” international customer data and transactions that
involve an OFAC embargoed country such as Cuba?
– Where is your international customer data stored?
– Ensure there are no “Cuban-related” customer data warehoused on your
computer servers in the U.S.
– What about expatriates?
January 10, 2012 15
16. Evaluation of Sanctions policies
Responsibility for your Sanctions Compliance Program
Policy should acknowledge individual responsible for
the day-to-day compliance of the program
“Top-down” approach to OFAC and sanctions
Operational procedures and sanctions screening
requirements are owned by the business
Compliance professionals within the business with
reporting line to the regional compliance officer
Business Unit Compliance -> Regional Compliance
-> Global Compliance
January 10, 2012 16
17. Evaluation of Sanctions policies, cont’d
Identification of High Risk Areas
– Does your policy address the identification of higher-risk customers/areas as part
of your CDD procedures?
– Does your policy address the assessment of customers, product lines, geography
and nature of transactions?
Reporting Requirements
– Provide clear guidelines to local staff for handling items blocked or rejected under
the various sanctions programs
– Escalation process must be clearly defined and address reporting to senior
management and OFAC, or other sanctions regulator
Does your policy address the scope of your sanctions program?
– What about the sanctions laws of other countries?
Does your policy provide guidance for all U.S. persons, wherever they are
located in the world? 1
Does the policy address part-time and temporary workers, third parties who
do business on your company’s behalf, such as consultants, advisers, service
providers, suppliers, intermediaries, agents or brokers globally?
Include sanctions screening requirements in contract agreements with third parties
1
Sanctions generally apply within the jurisdiction they are established in, but some sanctions have extraterritorial reach,
and/or become relevant depending on where business is conducted.
January 10, 2012 17
18. Recommendations
Establish common enterprise-wide screening policies and work-flow
procedures. Require Third Party Administrators (TPAs) to follow same
policies and procedures;
Adopt and implement an enterprise-wide technology that is adaptable to the
business;
– Zurich is presently implementing a common global platform
Provide adequate training for all appropriate employees
– Mandatory for new employees within North America
– Targeted training provided to compliance personnel and client facing employees
such as underwriters
– Training should be risk-based and targeted to your organization
Compliance as a second line of defense
– Advise all employees globally to contact their local/regional compliance or legal
function should they have questions regarding sanctions
January 10, 2012 18
19. Summary
The adverse effect of reputational risk associated with OFAC
compliance issues is great
Be mindful of the weakest link: third parties
Test for sanctions compliance on a regular basis
Maintain an open dialogue with OFAC and local sanctions regulators at
all times; don’t assume anything; ask for guidance
We all make mistakes, but a robust, OFAC and sanctions compliance
program will mitigate the severity of any penalty
Manage the examination process with an open and collaborative
methodology
Train all U.S. persons within the company; don’t forget to train those
living/working overseas
Periodically assess products and services for sanctions regulatory
requirements
Incorporate “red flags” within company policies and procedures; and
Ensure senior management has approved your policy
January 10, 2012 19
20. Designing an Effective OFAC Compliance Program
ASSESS
● Obtain senior management’s input and support
● Conduct legal and risk assessments
January 10, 2012 20
21. Designing an Effective OFAC Compliance Program
BUILD
● Implement policies and guidelines
● Implement screening software (ensure that all underwriting
submissions, claims payments and wire transfers are screened
against the Specially Designated Nationals List ("SDN List"))
● Create awareness at all levels of the company
● Train employees
● Establish procedures to encourage employees and third
party vendors to report potential OFAC violations
● Encourage trade sanctions exclusions for global insurance
and reinsurance policies
January 10, 2012 21
22. Designing an Effective OFAC Compliance Program
CERTIFY
● Appoint and train representatives from each business
and service unit to:
-oversee the OFAC screening
-ensure that the unit complies with screening guidelines
-routinely meet with Legal to review OFAC compliance efforts
and report any changes within the unit that may impact screening
● Obtain confirmation from vendors and business
partners that they have an OFAC compliance program
that includes some form of screening
January 10, 2012 22
23. Designing an Effective OFAC Compliance Program
REVIEW
● Regularly reassess the company’s legal and business
risks
● Routinely rescreen clients, insureds, claimants, and
beneficiaries to confirm that they have not been added to
the SDN List
● Conduct audits of the compliance program
January 10, 2012 23
24. Potential Trade Sanctions Exposures for Insurers and Reinsurers
LINES OF BUSINESS
● Political Risk Coverage, more than any other class of
business, tends to involve sanctioned countries
● Mobile risks, such as ocean marine and aviation,
present the potential for prohibited claims payments
● International Group Life Policies
● Premiums and Claims that are reported on a bulk
report may lack critical information and may be difficult
to screen against the OFAC list
January 10, 2012 24
25. Potential Trade Sanctions Exposures for Insurers and
Reinsurers
REGIONAL EXPOSURES
● Middle East - large number of SDNs and trade
with Iran, Syria and other sanctioned countries
and entities
● Portions of Central and South America - large
number of SDNs and trade with Cuba
January 10, 2012 25
26. Challenges for U.S. Insurers and Reinsurers in the
E.U.
Compliance challenges due to Legal
Differences between the U.S. and E.U.
● E.U. Blocking Laws
● E.U. privacy laws – German Federal Data
Protection Act and Section 203 of the German
Criminal Code
January 10, 2012 26
27. Practical Tips to Enhance Compliance Programs
U.S. insurers and reinsurers should conduct the following:
(1) screen their existing policyholders, claimants, and beneficiaries against
the SDN list;
(2) conduct due diligence on political risk, mobile risks and international
group life policies;
(3) establish a process to review premiums and claims reported on bulk
reports;
(4) monitor Iranian efforts to evade sanctions; and
(5) include a trade sanctions exclusion on global policies.
January 10, 2012 27
28. OFAC LIABILITY/PENALTIES
Civil Penalties (TWEA and IEEPA)
Unintentional violations/Strict Liability
$250,000 ($1.075M Kingpin) or 2xs the value of transaction (greater of)
Forfeit pecuniary gains
Criminal Penalties (TWEA and IEEPA)
“Willful violations” of regulations
Individuals
$250,000 Maximum ($5,000,000 Kingpin); or
Imprisonment up to 20 years (IEEPA) or 10 years (TWEA) (30 years Kingpin Act); or
Both
Corporations
$1,000,000 Maximum ($10,000,000 Kingpin); or
Twice the amount of the transaction; or
Both
Reputational Injury
Stock Price Penalty
January 10, 2012 28
29. OFAC LIABILITY/PENALTIES Cont.
Value of the Insurance Transaction
Underwriting = Total Premium Charged
Claims = Amount of Claim Payment
Stacking Penalties
January 10, 2012 29
30. OFAC LIABILITY/PENALTIES Cont.
OFAC ENFORCEMENT RESPONSES
No Action – OFAC determines evidence insufficient to establish a
violation or action is otherwise not required.
Request Additional Information - May issue subpoena for more
information before determining appropriate action.
Cautionary Letter – Same as “No Action”, but warns that conduct could
result in future violations or compliance program may be insufficient.
Finding of Violation – OFAC determines a violation occurred, but
identification of violation and remedial steps are appropriate response
rather than civil monetary penalty.
January 10, 2012 30
31. OFAC LIABILITY/PENALTIES Cont.
Civil Penalty – OFAC determines that a violation occurred which warrants
imposition of a civil monetary penalty.
Criminal Referral - In appropriate circumstances, OFAC may refer the
matter to appropriate law enforcement agencies for criminal investigation
and/or prosecution.
Other Administration Action – In addition to or in lieu of the foregoing
OFAC may:
Deny, suspend, modify or revoke license where needed.
Issue cease and desist orders
January 10, 2012 31
32. OFAC LIABILITY/PENALTIES Cont.
CIVIL PENALTIES PROCESS
Pre-Penalty Notice
Describe the alleged violation
Number of alleged violations
Value of each alleged violations
Identify law/regulation allegedly violated
Base category upon which proposed penalty amount calculated
Aggravating/Mitigating factors relevant to proposed penalty
Maximum potential penalty under law/regulation
Proposed Penalty
Response
Written Response within 30 days (post mark of pre-penalty notice)
Agree/Disagree as to violation/Disagree as to penalty amount
No Response = Imposition of Civil Penalty
Penalty Notice
Final Agency Action
January 10, 2012 32
33. OFAC LIABILITY/PENALTIES Cont.
Egregious Case
No Yes
BASE PENALTY
CALCULATION (1)
One-Half (3)
Transaction Value One-Half
Yes ($125K Cap per Statutory
violation violation/ Maximum
Voluntary $32,00 for TWEA)
Self-Disclosure
(2)
Applicable (4)
No Schedule Amount Statutory
($250k Cap per Maximum
violation/$65K for
TWEA)
January 10, 2012 33
35. OFAC LIABILITY/PENALTIES Cont.
Mitigating Factors:
Compliance Program in Place
First Offense (25% Reduction)
Voluntary Disclosure/Self-Reporting (50% Reduction)
Substantial Cooperation (20% - 40% Reduction)
Entering Into Settlement (10% Reduction – unwritten)
Aggravating Factors:
Willfulness (double the penalty)
Lack of compliance program
Familiarity with Sanctions programs
Second or subsequent offense
No remedial action after discovery
January 10, 2012 35
36. OFAC PENALTIES
Barclays, Aug. 2010
Iranian and Sudanese Regulations
$298 Million Penalty
Stripped Iranian and Sudanese references from U.S. dollar transactions to U.S.
correspondence banks
Lloyds TSB, Jan 2009
Iranian and Sudanese Regulations
From 1997-2007, stripped Iranian and Libyan references from U.S. dollar transactions to U.S.
correspondent banks
ABN Amro, December 2005
Iranian and Libyan Regulations
$80 Million Penalty
Stripped Iranian and Libyan references from U.S. dollar transactions to U.S. correspondent
banks
UBS, May 2004
Cuba, Iran, Libya and Former Yugoslavia Regulations
$100 Million Penalty ($25,000 per day of violation)
Distribution of U.S. Bank Notes in violation of OFAC Regulations and concealment
Guidant Corporation, March 2007
Iraqi and Iranian Regulations
$277,017
Exporting goods for ultimate resale to Iraq and Iran from 2000 to 2004
January 10, 2012 36
37. INSURANCE INDUSTRY PENALTIES
Penalties Published on OFAC Website: www.ustreasury.gov
U.S. P&C (Re)Insurer, March 2001
Cuban Asset Control Regulations (CACRs)
$2.4 Million Penalty
British companies selling reinsurance to Cuban companies
U.S. Reinsurer, June 2011
Iranian Transaction Regulations
$59,130 Penalty
Two reinsurance claim payments totaling $309,740.65 to a protection and indemnity association or P&I Club
U.S. Broker, April 2011
Iranian Sanctions Regulations
Placement of 6 Commercial Multi-Peril policies insuring submersible oil rig ($453,364 total premium)
$122,406 Penalty
U.S. Broker, January 2011
Iranian Transaction Regulations
$36,000 Penalty
Placement of two retro contracts ($62,883 total premium) between European reinsurer and European retros.
U.S. Personal Lines Insurer, June 2010
Foreign Narcotics Kingpin Regulations
$11,000 penalty
Unauthorized auto policy issued to SDN
January 10, 2012 37
38. Broker Example 1
Step 1: Determine Number of Transactions
(6 Contracts)
Determine “Value” of Transaction
(Total Premium for 6 contracts = $453,364)
Step 2: (a) Egregious v. Non-Egregious
(Non-Egregious)
Voluntarily Disclosed v. Disclosed By Other Means
(Not Voluntarily Disclosed)
(b) Determine “Base Penalty” Amount
($75,560 avg prem per policy x 50% reduction x 6 placements)
BASE PENALTY = $226,680
Step 3: Adjust Penalty (Mitigating and Aggravating Factors)
(a)25% first offense
(b)10% settlement
ASSESSED PENALTY = $122,408
January 10, 2012 38
39. Broker Example 2
Step 1: Determine Number of Transactions
(2 Contracts)
Determine “Value” of Transaction
(Total Premium $62,883)
Step 2: (a) Egregious v. Non-Egregious
(Non-Egregious)
Voluntarily Disclosed v. Disclosed By Other Means
(Not Voluntarily Disclosed)
(b) Determine “Base Penalty” Amount
($100K for transaction values between $50K-$100K)
BASE PENALTY = $100,000
Step 3: Adjust Penalty (Mitigating and Aggravating Factors)
(a)20%-40% substantial additional information/cooperation
(b)25% first offense
(c)10% settlement
ASSESSED PENALTY = $36,000
January 10, 2012 39
40. FOREIGN PERSON CONSIDERATION
Foreign Corporations – “What Me Worry?”
U.S. citizen employees, managers, officers or directors
Non-U.S. citizen employees while in the U.S.
U.S. co-insurers
U.S. reinsurers
U.S. offices
U.S. capital/investments
Insuring/Reinsuring transactions involving export/re-
export of U.S. origin goods
Cuba (and Iran – CISADA)
CAUSING OFAC VIOLATIONS
January 10, 2012 40
41. Contact Information
Martin Feuer
Zurich Financial Services
Chief Compliance Officer Americas
917-534-4536
martin.feuer@zurichna.com
Frank Bria
General Reinsurance Corporation
Vice President and Assistant General Counsel
203-328-5112
FBria@genre.com
David Butman
Senior Counsel
Locke Lord LLP
312-443-0207
dbutman@lockelord.com
Kathy Silberthau Strom
Counsel
Cahill Gordon & Reindel LLP
202-862-8944
stromk@cgrdc.com
January 10, 2012 41
Notes de l'éditeur
C:\\Documents and Settings\\chy5484\\Local Settings\\Application Data\\Office\\Macros\\Ppt_ci\\Templates\\Pres_blue_on_white.pot
C:\\Documents and Settings\\chy5484\\Local Settings\\Application Data\\Office\\Macros\\Ppt_ci\\Templates\\Pres_blue_on_white.pot
C:\\Documents and Settings\\chy5484\\Local Settings\\Application Data\\Office\\Macros\\Ppt_ci\\Templates\\Pres_blue_on_white.pot
C:\\Documents and Settings\\chy5484\\Local Settings\\Application Data\\Office\\Macros\\Ppt_ci\\Templates\\Pres_blue_on_white.pot
C:\\Documents and Settings\\chy5484\\Local Settings\\Application Data\\Office\\Macros\\Ppt_ci\\Templates\\Pres_blue_on_white.pot
C:\\Documents and Settings\\chy5484\\Local Settings\\Application Data\\Office\\Macros\\Ppt_ci\\Templates\\Pres_blue_on_white.pot
C:\\Documents and Settings\\chy5484\\Local Settings\\Application Data\\Office\\Macros\\Ppt_ci\\Templates\\Pres_blue_on_white.pot
Additional Mitigating Factors: Provide Useful Enforcement Information Remedial Measures Clerical Error