On July 8, 2020, Treasury’s Office of Foreign Assets Control (OFAC) settled with with Amazon.com, Inc. over the company’s potential civil liability for its likely violations of US sanctions. The tech giant has agreed to pay $134,523 to settle allegations that it provided goods and services to individuals in Crimea, Syria, and Iran.
The fine imposed by OFAC is relatively minor, with the “non-egregious” nature of the violations and remediation measures implemented by Amazon as mitigating factors.
So what happened?
From on or about November 15, 2011, to on or about October 18, 2018, persons located in Crimea, Iran, and Syria placed orders or otherwise conducted business on Amazon’s websites for consumer and retail goods and services where the transaction details demonstrated that the goods or services would be provided to persons in Crimea, Iran, or Syria. Amazon also accepted and processed orders on its websites for persons located in or employed by the foreign missions of Cuba, Iran, North Korea, Sudan, and Syria.
Amazon did not intentionally violate US sanctions. The company’s automation failed to fully analyze all relevant transaction and customer data to ensure compliance, according to OFAC. Amazon’s screening processes in one case did not flag alternative spellings of sanctioned jurisdictions for additional review, and in several hundred other instances, the company’s automated sanctions screening processes failed to identify the correctly spelled names and addresses of persons on OFAC’s SDN List.
Amazon was not the only US company to have run afoul of OFAC designations due to automation failure this year. In April, OFAC found the American Express Travel Related Services Company (AMEX) to be in violation of US sanctions after the company issued a prepaid card and processed 41 transactions on behalf of US-designated weapons of mass destruction smuggler Gerhard Wisser. The violations resulted from human error and screening system defects, but resulted in no monetary penalty, because AMEX voluntarily disclosed the errors to OFAC and remediated the automation problems that caused the violations.
So what happened?
The AMEX system “risk engine” identified Wisser as a potential SDN match after he applied for an American Express GlobalTravel card at a non-US bank and automatically generated multiple “declined” messages to the financial institution, indicating that the application could not be processed. The non-US bank, however, made several additional approval attempts, which eventually led the risk engine to time out, causing the application to be automatically approved and separately routed to a manual review queue for investigation of potential sanctions-related issues. The AMEX compliance analyst incorrectly determined that the individual applying for the GlobalTravel Card was not sanctioned by the United States, probably because the automated system generated an approval, and placed him on the company’s “Accept List.”
These two recent OFAC actions highlight the critical importance of human review in any compliance program.
Automation makes our lives easier and machine learning and artificial intelligence can certainly help boost the effectiveness of compliance programs and prevent financial crimes. Artificial intelligence can improve the speed with which compliance checks can be conducted as well as the accuracy of those checks.
However, there is no substitute for human expertise, for language skills, and for regional knowledge.
Amazon’s automation did not catch an alternate spelling of “Crimea,” but a skilled linguist with regional expertise would have probably been able to stop or at least flag that transaction.
A skilled analyst with regional and linguistic expertise can warn about jurisdictional red flags and note alternate name spellings that may evade automated checks.
An experienced analyst has the ability to examine complex ownership structures in multiple jurisdictions, gauge the credibility of available sources, and make sophisticated assessments regarding company ownership or control.
And a subject matter expert can build unique profiles for existing and prospective clients and partners, provide enhanced due diligence, and bring an understanding of the inherent risks and nuances of the different regions where you have business relationships.
In addition, analysts with regional and linguistic expertise have the ability to review and fine-tune automation screening tools based on their knowledge of high-risk geographic regions, allowing for a feedback loop that will help develop screening tool “intelligence” over time and promote accuracy and cost efficiency.
FiveBy Solutions can help bridge the gap between automation and a robust compliance program. Our analysts are fluent in 18 languages and have regional expertise all over the world, including risky jurisdictions, such as Venezuela, Latin America, and China.
Contact us to find out more.