On September 25, 2020, Generali Global Assistance, Inc (“Generali”) entered into an agreement with the US Treasury’s Office of Foreign Assets Control (OFAC) to pay $5,864,860 for 2,593 apparent violations of Cuba sanctions totaling $285,760. Generali attempted to circumvent the US financial system and evade sanctions in its transactions with Cuban entities, but its sanctions compliance program (SCP) exposes the company to other risks. Although Generali has an established SCP to screen transactions against OFAC’s List of Specially Designated Nationals and Blocked Persons (SDN List), its dependence on list-based screening would almost certainly allow entities and individuals located in embargoed regions or that are owned or controlled by designated individuals to slip through the cracks.
- Generali knew it was prohibited from transacting with Cuban nationals or corporations, so the company routed its Cuba payments through a Canadian affiliate to circumvent US sanctions. An experienced compliance officer would have informed Generali that using a Canadian affiliate to reimburse payments to Cuban service providers was an insufficient effort to ensure compliance.
- Although Generali had an SCP in place when the violations took place, its procedures failed to require screening for countries and regions subject to OFAC prohibitions, according to the settlement. Avoiding transactions in countries such as Cuba or North Korea may be easier than determining whether a transaction is in violation of US law in a region located inside a foreign country, such as Crimea, which is located in Ukraine but was annexed by Russia in 2014.
- OFAC sanctions also apply to all entities that are 50 percent or more owned by a designated individual or entity. A simple screen of OFAC’s SDN List would almost certainly miss entities that are owned or controlled by sanctioned parties. Some companies purchase ready-made lists from data vendors to supplement their list-based screening, but experienced investigators and analysts are better positioned to research ownership and control, especially when ultimate beneficial ownership is unclear.
In its settlement agreement with Generali, OFAC noted that the company will be required to establish a robust SCP that observes the five requirements in OFAC’s “Framework for OFAC Compliance Commitments” and will have to undergo annual OFAC certification checks to confirm that Generali adheres to the compliance improvements in the settlement.
This enforcement action highlights the importance of ensuring that compliance policies address both direct and indirect sanctions compliance risks and conducting policy reviews by subject matter experts, who almost certainly would have determined that implementing a procedure to indirectly process transactions whose direct processing would be prohibited exposed Generali to potential penalties and reputational risk. Although the fact that Generali had an established SCP was a mitigating factor in OFAC’s penalty determination, this case confirms that merely having an SCP and screening against the SDN List is insufficient to avoid violations. Sanctions compliance professionals should be provided with resources, authority, and autonomy to ensure that firms are compliant with US laws.
FiveBy can help travel firms build a compliance program that mitigates compliance and reputational risk. We offer risk intelligence expertise to help our clients avoid violating OFAC sanctions and conduct due diligence research. Please contact us for assistance.