ST. PAUL, Minn. – Chances are prior to September 11′s terrorist attack on the U.S., most credit unions had never heard of the Office of Foreign Assets Control (OFAC) regulations. Those that had, say some experts, probably thought the regulations didn’t apply to them. President Bush’s September 24′s Executive Order not only changed that, it attached stiff punishment for non-compliance. When it comes to OFAC, John Zasada, national director of National Director of Credit Union Compliance Consulting for RSM McGladry Inc. said financials used to think in terms of regulatory and security risk. Now credit unions are facing “patriotic risks,” or risks whose compliance is essential to national security. “Many credit unions have been under the misunderstanding that OFAC only applied to large financials with overseas branches,” said Zasada. “That’s not true. None of the individuals on the OFAC list have to be a member of a credit union or make a deposit at a credit union for the credit union to be on the lookout for them. “Credit unions in the past have prided themselves on saying they know their members, but the events of September 11 highlighted that even members could be wiring money to terrorists,” Zasada added. If there’s one thing the recent terrorist attacks taught Americans it’s that the evidence of potential terrorism is not always obvious. One thing sources Credit Union Times spoke with agreed on: Credit unions are going to have to dedicate resources to train and educate employees on dealing with suspicious activity and things they have to do to be in compliance with the laws and regulations administered “Ignorance is no longer an acceptable excuse for non-compliance with OFAC,” said Zasada. “Credit unions have strict liability, there’s no way to get around this.” It is up to credit unions to make sure they have updated lists from OFAC (this is the only definitive source for this information.) Indeed, with President Bush’s issuance of his September 24 Executive Order which among other things, added 450 names to the OFAC list (there are now more than 5,000 entries), President Bush has made it clear the Administration’s increased emphasis on the enforcement of sanctions against financials which do business or let their customers do business with foreign countries and their agents, as well as organizations and individuals who engage in narcotics trafficking and those who sponsor terrorism. “This is not a new law,” NASCUS President/CEO Doug Duerr emphasized. “It’s been on the books for awhile, but in the past the enforcement agencies didn’t closely follow money trails even though financials had the obligation to block suspicious transactions. There have always been penalties for non-compliance on the books, but enforcement hasn’t been as profound as it will be in the future.” In a “Special Message” sent by NASCUS to its state supervisory agency members, the association cited President Bush’s September 24′s Executive Order and “the President’s intent to punish those financial institutions at home and abroad that continue to provide resources and/or services to terrorist organizations.” NASCUS emphasized to state regulators that, “Where your credit unions may not have had violation exposure in the past, when this new class of Specially Designated Nationals (SDN) and Block Persons was added to the list, that exposure has now changed,” and it’s very significant.” A credit union which fails to block and report any financial transaction with any country, association or individual whose name appears on the list can face: * corporate and personal criminal liability up to $1million and 12 years in prison and civil liability up to $250,000 per incident; * possible forfeiture of funds and property involved in the transactions. Hypothetically, Duerr offered, that means if a $25 million credit union that is 10% capitalized-it has $2.5 million in capital-has to pay a $1 million penalty for a non-compliance with OFAC, that would drop them down to having $1.5 million in capital or being 6% capitalized. The credit union would have to develop a capital restoration plan. Even if a $1 billion credit union was cited several times for being in non-compliance with OFAC and had to pay $250,000 for each incident, it could see a serious decline in its capital. “Ultimately, the credit union has to be responsible for making sure it’s in compliance,” he said, and that will not be an easy task. To help credit unions comply, Duerr suggested regulators approach this situation just as they did Y2K – encourage credit unions to designate oversight to a highly responsible trained staff person who will review compliance from the top down. NASCUS also is encouraging state regulators as part of their examination process to include a review of the OFAC issue into the examination format and to talk with the CU’s designated person to make sure they’re cognizant of and being proactive with being in compliance with OFAC regulations.” “Even though credit unions are ultimately responsible for compliance with OFAC, state regulators have an interest in the issue both in terms of a civic responsibility and the economic and criminal liability for credit unions,” said Duerr. Being in compliance with OFAC regulations will require credit unions to go beyond just reviewing their membership rolls: if a credit union member, not on the OFAC list, writes a share draft to, or has a credit card transaction with an individual or organization that’s on the OFAC list, the credit union is required to block that check or settlement in the clearing process and the credit union has to notify OFAC. NASCUS recommends credit unions that clear transactions through a third party should check with their check clearing and credit card processors and make sure they have the software and compliance programs in place that: * blocks any prohibited transaction; * reports any blocked transaction to OFAC within 10 business days; * files an annual report of all property blocked as of June 30 of each year with OFAC by September 30 of the same year; * meets the OFAC requirement that a relevant record be retained for five year. “The government wants financials to be the red flag and the first line of defense against money laundering,” said Zasada. September 11′s terrorist attacks have resulted in a groundswell of patriotism and unity throughout the country and a desire by financials to do the right thing. But what will happen if – and when – the enforcement of OFAC regulations and the pending money laundering legislation come up against Gramm-Leach-Bliley consumer privacy provisions? Zasada opines they will butt heads. CUNA’s Associate General Counsel for Regulatory Advocacy Mary Dunn agrees “on the surface” GLB and OFAC “do bump up against each other, but they don’t cross over. OFAC is intended to ferret out people who illegitimately use financials for illegitimate purposes.” Dunn said she is confident credit unions will have the necessary procedures in place to be compliant with OFAC. It’s in their interest and the country’s interest to be compliant, she said. “It’s also in credit unions’ interest to make sure members understand what OFAC is about,” she added. NAFCU’s Director of Regulatory Compliance Linda Dent said the OFAC regulations fall under section 716.15 of Gramm-Leach-Bliley concerning exceptions. She added that, “Gramm-Leach-Bliley was never intended to diminish existing law. Financials always had to freeze the accounts of persons on the OFAC list.” Dunn, like Zasada, predicts there will be another push for “Know Your Customer/Member” rules. “Financials will do whatever is reasonable to help with the process,” she said. She added that she hoped that, “In trying to respond and do the right thing, financials don’t wind up getting overly burdened with regulations that don’t help the process.” – ekingoff@cutimes.com