Ties That Bind

Sanctions
By John R. Adams, CRCM

Former vice President and Senior Compliance Manager, Summit Bank, Princeton, New Jersey On April 24, 1996 President Clinton signed into law The Antiterrorism and Effective Death Penalty Act of 1996 (The Act) (Pub. Law #104-132 Section 321, 18 USC 2332d) making it a criminal offense for United states persons, except as provided in regulations issued by the Secretary of the Treasury in consultation with the Secretary of State, to:

"Engage in financial transactions with the governments of countries designated by The Export Administration Act, that support, condone or encourage international terrorism."
There are few words that tend to raise one's blood anxiety level as much as "terrorism". It causes deep and immediate fear and apprehension.

Next came Executive Order 12947 declaring a national emergency with respect to grave acts of violence committed by foreign terrorists, imposing sanctions and condemning actions by persons whose acts of violence have the purpose or effect of disrupting the Middle East peace process. The Executive Order blocked all properties and interest in the effects of:
(1) Persons designated in The Executive Order.
Persons designated by the Secretary of State, and others that have been found to have: Committed or pose a significant risk of committing acts of terrorism, who have assisted, sponsored or provided financial aid, supplied sensitive information and technological support, offered services in support of terrorism or who have violated appropriate licensing provision or other authorizations.

The impact of this broad order and its implementing regulations is directed not only toward the primary malefactor, but also toward any person who in some way played a part in carrying out the act of terrorism.

The Federal Register on June 26, 1996 published an extensive list of all blocked persons that were identified as specially designated nationals (SDN), specially designated terrorists (SDT) and specially designated narcotics traffickers (SDNT). How long was this list? The names, listed in an eight-point font (too small for disclosures to customers!) covered 82 pages. Quite a document to say the least! What does all of this mean to compliance and security professionals? Are there requirements that necessitate close compliance attention? The answer to this question, in the writer's opinion, is yes.

There are four major areas that compliance and security professionals need to be concerned about:
Knowing the regulation's coverage rules,
Instituting internal communication strategies,
Planning staff training, and
Building a compliance infrastructure.

Knowing the Rules
When dealing with any regulatory issue, the first important step is to know the coverage rules or the provisions of the new or modified regulation. This is an essential step in managing the implementation of the regulation. This Act has four principal coverage segments: prohibitions; exemptions; recordkeeping requirements; and non-compliance penalties. You need to know each of these segments to insure desired levels of compliance.

The Act prohibits any transactions, transfers or dealings by United States persons for the benefit of a SDT that include: real property, an interest in real property, or making or receiving of contributions, goods or services.

The Act identifies certain exemptions:
The transfer does not represent a willful violation of the Act;
The person(s) involved did not have a reasonable cause to know or suspect that the transfer was a violation of The Act;
Appropriate disclosure was given to the appropriate governmental agency that gave full details about the transfer; or,
A license or other official authorizations were obtained.

Other exempt transactions include:
Personal communications that do not involve transfers of anything of value, or involving any postal, telegraphic, telephonic or other personal communications, information or informational material, non sensitive technical data; or,
Incidents of travel such as baggage for personal use, personal living expenses, goods and services for personal use, or other reasonable incidents of travel.

Recordkeeping
There are two required procedures involving recordkeeping that must be maintained. First, records must be retained for five years, a retention period that parallels the Bank Secrecy Act. Second, those records must be easily retrievable.

Penalties
Like most regulations, this Act has both civil and criminal penalties for non-compliance. Penalties can include monetary fines up to $50,000, and imprisonment for up to ten years.

Under the penalty section there is additional exposure for willful violations by those who are acting as catalysts for the transaction. These penalties include monetary fines and imprisonment for up to five years as well as relevant penalty provisions of other applicable laws.

Your Compliance Strategy
Understanding the regulation's coverage provisions is the foundation for your internal communications strategy. The rules affecting compliance with the Act must be clearly articulated so there are no misunderstandings or spontaneous "off of the wall" interpretations that result in serious regulatory failures.

This is not an area to choose to take a business risk because the act's provisions are so extensive and the consequences so serious. It is very important that the right message is consistently transmitted, and that the message should clearly state that acceptable business practices need to be exercised when compliance is required.

Staff training is essential since the provisions of the act will not implement themselves. Well-directed training is necessary to bring life and momentum to any regulatory mandate. Your staffs must be equipped to manage the demands of this act, including what tasks must be accomplished and what risks must be avoided. Implementing the act's provisions requires a strong foundation that can only be built and strengthened by on-going training.

The Compliance Program: The four "ings"
In order to make the process work, a compliance infrastructure needs to be developed to include the four ''ings" of compliance - planning, implementing, monitoring and assessing. Each one of these "ings" has a significant contribution in reaching the goal of full compliance with this act.

In building your bank's compliance infrastructure you must develop responses to these questions: Who will have what responsibilities? How will appropriate information be circulated? What oversight process will be put in place to manage the gray areas? How will Senior Management be kept informed and involved in the process?

The risks are too great to leave anything to chance. Essential elements of your compliance program include:
Training for all affected staff;
A system for maintaining records;
A method for protecting impounded property;
Modifying and monitoring internal systems;
Establishing and following Know Your Customer rules;
Developing compliance policies and procedures;
Maintaining on-going compliance policies, procedures, and monitoring.

The ties that bind, in the form of antiterrorism sanctions, obligate the banking industry to comply with the provisions of the act. Our role as financial intermediaries becomes the bond that unites the reality of the enforcing provisions of the act to our industry and requires us to manage this emerging risk through knowledge, creativity and commitment.

Like so many of the regulations that have shaped our business practices, The Antiterrorism and Effective Death Penalty Act of 1996 can take its place with the others, adding another complex layer to the already multi-tiered regulatory burden to be managed.

ACTION STEPS

Meet with staff from departments in your bank (such as branch, operations, trust, private banking, wire room) that should be a part of the compliance program. Discuss these requirements and assess their knowledge levels and compliance efforts.
Determine, based on your meetings and other contacts throughout the bank, what the bank's training needs are and identify training materials and resources to fill the need.
Review or develop your policies and procedures.
Review your systems for record retention and impounding of accounts or assets.
Review your Know Your Customer procedures for guidance on identifying SDNs and any transactions subject to these rules.