OFAC Enforcement Actions

The Office of Foreign Assets Control (OFAC) administers various sanctions programs designed to prevent financial transactions that facilitate or support terrorist, narcotics trafficking, and other criminal enterprises. To ensure compliance with these sanctions programs—both in the United States and abroad—OFAC conducts investigations and initiates administrative enforcement actions that can result in substantial penalties.

OFAC typically initiates around 20 enforcement actions each year. These enforcement actions target companies and financial institutions in the U.S. and abroad, and they range widely in terms of the severity of the alleged violations involved. In 2023, for example, the penalties OFAC has imposed through enforcement actions have ranged from about $72,000 to more than $508 million.

Put our highly experienced team on your side

Brian J. Kuester

Former U.S. Attorney

Former DA

Amanda Marshall

Former U.S. Attorney

Local Counsel

Joe Brown

Former U.S. Attorney
& Former District Attorney

Local Counsel

John W. Sellers

Former Senior Trial Attorney
U.S. Department of Justice

Local Counsel

Linda Julin McNamara

Former Chief, DOJ Appeals

Local Counsel

Joanne Fine DeLena

Former Assistant U.S. Attorney

Local Counsel

Aaron L. Wiley

Former Federal Prosecutor

Local Counsel

Roger Bach

Former Special Agent (OIG)

Chris Quick

Former Special Agent (FBI & IRS-CI)

Kevin M. Sheridan

Former Special Agent (FBI)

Ray Yuen

Former Supervisory Special Agent (FBI)

Dennis A. Wichern

Former Special Agent-in-Charge (DEA)

An Overview of OFAC’s Enforcement Actions So Far in 2023

Here is an overview of OFAC’s enforcement actions so far in 2023:

1. Godfrey Phillips India Limited (March 1, 2023)

On March 1, 2023, OFAC announced a settlement with Godfrey Phillips India Limited (“GPI”) related to apparent violations of OFAC’s North Korea Sanctions Regulations. According to OFAC, GPI “agreed to pay $332,500 to settle its potential civil liability for five apparent violations of the North Korea Sanctions Regulations (NKSR) . . . [which] resulted from GPI’s use of the U.S. financial system to receive payments for tobacco it indirectly exported to the Democratic People’s Republic of Korea . . . in 2017.”

OFAC’s Enforcement Release also states that GPI “relied on several third-country intermediary parties to receive payment, which obscured the nexus to [North Korea] and caused U.S. financial institutions to process these transactions.” Notably, OFAC notes that the settlement amount reflects the Office’s determination that GPI’s conduct was “non-egregious.” However, it also takes into account the fact that the apparent violation was “not voluntarily disclosed.”

2. Wells Fargo Bank, N.A. (March 30, 2023)

On March 30, 2023, OFAC announced a settlement with Wells Fargo Bank, N.A. related to 124 apparent violations of three sanctions programs. According to OFAC’s Enforcement Release, “For about seven years beginning in 2008 and ending in 2015, Wells Fargo, and its predecessor, Wachovia Bank, provided a foreign bank located in Europe with software that the foreign bank then used to process trade finance transactions with U.S.-sanctioned jurisdictions and persons.” As the Enforcement Release goes on to state, Wachovia “knew or should have known [that the foreign bank’s use of the software would include engaging in trade-finance transactions with sanctioned jurisdictions and persons.”

In the Enforcement Release, OFAC notes that the statutory maximum civil monetary penalty (CMP) for the apparent violations at issue is in excess of $1 billion. However, as Wells Fargo voluntarily disclosed the apparent violations (which qualify as “egregious” under OFAC’s Economic Sanctions Enforcement Guidelines), the base penalty amount was reduced by half to $533 million. OFAC agreed to settle with Wells Fargo for $30 million, taking into consideration mitigating factors including (but not limited to) the fact that Wells Fargo “had a historically strong overall sanctions compliance program.”

3. Uphold HQ Inc. (March 31, 2023)

On March 31, 2023 OFAC announced a settlement with Uphold HQ Inc., a California-based money services business, related to apparent violations of multiple sanctions programs that involved “processing transactions for customers who self-identified as being located in Iran or Cuba and for employees of the Government of Venezuela.” In its Enforcement Release, OFAC notes that the apparent violations were both non-egregious and voluntarily self-disclosed, which (among other factors) led to a settlement of $72,230.32 while the company faced a statutory maximum CMP in excess of $44 million.

The Enforcement Release states that Uphold and its affiliates “failed to exercise due caution or care when it onboarded or conducted diligence on customers who provided information indicating sanctions risks . . . and implemented inadequate screening and other compliance processes to identify, analyze, and address these risks.” In discussing the mitigating factors leading to the settlement, OFAC also notes that Uphold took “numerous” remedial steps in response to the apparent violations, including suspending the relevant accounts and implementing several new screening protocols designed to prevent similar sanctions-related issues going forward.

4. Microsoft Corporation (April 6, 2023)

On April 6, 2023 OFAC announced a settlement with Microsoft Corporation, which Microsoft entered into on behalf of itself and its subsidiaries in Ireland and Russia. According to OFAC’s Enforcement Release, Microsoft “agreed to pay $2,980,265.86 to settle its potential civil liability relating to the exportation of services or software from the United States to comprehensively sanctioned jurisdictions and to Specially Designated Nationals (“SDNs”) or blocked persons in violation of OFAC’s Cuba, Iran, Syria, and Ukraine-/Russia-Related sanctions programs.”

Similar to the Uphold case, OFAC notes that the settlement reflects the fact that the apparent violations at issue were “non-egregious and voluntarily self-disclosed, and further reflects the significant remedial measures Microsoft undertook upon discovery of the apparent violations.” Before settling, Microsoft faced a statutory maximum CMP of more than $404 million.

5. British American Tobacco P.L.C. (April 25, 2023)

On April 25, 2023, OFAC announced a settlement with British American Tobacco P.L.C. for more than $508 million. This reflects the full statutory maximum CMP for the apparent violations at issue. According to OFAC, the apparent violations related to “a conspiracy to export tobacco and related products to North Korea and receive payment for those exports through the U.S. financial system and from its subsidiary’s use of U.S. financial institutions to receive or otherwise process U.S. dollar-denominated (USD) payments for its sale of cigarettes to the DPRK Embassy in Singapore.”

As aggravating factors, OFAC found that British American Tobacco acted willfully in conspiring to transfer hundreds of millions of dollars through U.S. banks that involved transactions in North Korea, and that the company’s management “had actual knowledge regarding the apparent conspiracy from its inception through its termination.” The Enforcement Release also notes that British American Tobacco is facing legal action by the U.S. Department of Justice (DOJ), and that the company’s liability for the $508 million CMP “shall be deemed satisfied by payment of a greater amount in satisfaction of penalties assessed by DOJ.”

6. Poloniex, LLC (May 1, 2023)

On May 1, 2023, OFAC announced a settlement with Boston-based trading platform Poloniex, LLC. According to OFAC’s Enforcement Release, Poloniex agreed to pay more than $7.5 million to settle its potential civil liability for 65,942 apparent violations of multiple sanctions programs from January 2014 through November 2019. The Enforcement Release states that the company’s trading platform “allowed customers apparently located in sanctioned jurisdictions to engage in online digital asset-related transactions . . . with a combined value of $15,335,349, despite having reason to know their location based on both Know Your Customer information and internet protocol address data.”

The settlement amount reflects OFAC’s determination that the violations were not egregious and the fact that Poloniex voluntarily self-disclosed them. Prior to settling, the company faced a statutory maximum CMP of more than $19 billion. The Enforcement Release also notes that Poloniex was a “small start-up” when it committed the apparent violations.

7. Murad, LLC (May 17, 2023)

On May 17, 2023, OFAC announced a settlement with California-based cosmetics company Murad, LLC arising out of the company’s “participation in a conspiracy to engage in the unauthorized export of goods and services from the United States to Iran over an approximately eight-year period.” The alleged conspiracy resulted in 62 exports to Iran with a total value of more than $11 million. While the apparent violations qualify as “egregious” under the Economic Sanctions Enforcement Guidelines, the Enforcement Release highlights the fact that Murad voluntarily self-disclosed the violations following its acquisition by Unilever.

Notably, an unnamed former senior executive also agreed to pay $175,000 to settle their personal potential civil liability arising from their direct involvement in the apparent violations. The company faced a statutory maximum CMP of more than $22 million (and agreed to pay the base penalty amount based on its voluntary self-disclosure), while the former senior executive faced a statutory maximum CMP of nearly $2.8 million.

8. Swedbank Latvia AS (June 20, 2023)

On June 20, 2023, OFAC announced a settlement with Swedbank Latvia AS related to 386 apparent violations of OFAC’s sanctions on Crimea. According to the Enforcement Release, “[t]hroughout 2015 and 2016, a customer of Swedbank Latvia used [its] e-banking platform . . . from an internet protocol (‘IP’) address in Crimea to send payments to persons in Crimea through U.S. correspondent banks.” Swedbank Latvia faced a statutory maximum CMP of more than $112 million with a base penalty amount of $6.2 million due to the non-egregious nature of the apparent violations, and ultimately settled with OFAC for just over $2.4 million. While Swedbank Latvia did not voluntarily self-disclose the apparent violations, several other mitigating factors weighed in the bank’s favor.

Speak with an OFAC Lawyer at The Criminal Defense Firm

Our OFAC lawyers have extensive experience representing financial institutions, companies, and individuals in all aspects of OFAC sanctions compliance. If you, your company, or your financial institution is facing scrutiny from OFAC, we encourage you to contact us promptly for more information. Call 866-603-4540 or inquire online to schedule an appointment today.