On August 2, 2016, the U.S. Treasury Department, Office of Foreign Assets Control (OFAC) issued a Finding of Violation against two health insurance providers for activities that violated U.S. economic sanctions. The companies allegedly had issued health insurance policies that covered individuals on OFAC’s List of Specially Designated Nationals and Blocked Persons (the SDN List).  In general, U.S. companies are prohibited from performing any transaction with or involving parties on the SDN List.

OFAC updates the SDN List frequently, and often without warning. In this case, after OFAC designated the three parties at issue, neither company (nor their third-party administrators) screened the policyholders against the SDN List.  As a result, the companies failed to identify and block the policies and premium payments in which one or more of the SDNs had an interest.

Among the factors that led OFAC to issue Findings of Violation, as opposed to penalties, against the companies were that: (i) none of the companies’ personnel, including managers or supervisors, had actual knowledge of the conduct that led to the violations; (ii) neither company had received a penalty notice or Finding of Violation from OFAC relating to substantially similar violations in the past five years; and (iii) both companies cooperated with OFAC’s investigation, including by executing a statute of limitations tolling agreement. OFAC also took into account that one company voluntarily self-disclosed the violations.

These enforcement actions suggest that OFAC may be focusing its attention on the insurance industry and serve as yet another reminder of the importance of periodic screening of all international transaction partners against U.S. prohibited parties lists. The actions also highlight the weight that OFAC puts on cooperation and self-disclosure in determining the type and degree of penalties to impose in response to a sanctions violation.

Finally, these actions illustrate the difficulty of achieving full compliance with U.S. sanctions laws. As the U.S. Sentencing Commission Guidelines recognize, given the complexities of global operations, even the best compliance programs cannot prevent all violations.  Effective compliance, therefore, consists of more than just a good faith effort to prevent violations; it also requires timely and effective detection of violations when they do occur.

Any company that becomes aware of a potential or actual U.S. sanctions violation should consider carefully whether to self-disclose the violation to OFAC. As illustrated here, in some cases, self-disclosure and cooperation can protect a company against the imposition of any financial penalties.