By Meredith Mays Espino
Earlier this month, Amazon, Inc. settled with the Department of Treasury’s Office of Foreign Assets Control (OFAC) for $134,523 for claims of civil liability for violations of multiple OFAC sanctions programs. OFAC alleged that Amazon’s deficient sanctions screening processes allowed transactions for products and services to go through to sanctioned customers as well as those in sanctioned regions. The value of the transactions, primarily consisting of low-cost retail items, was $269,000. The potential liability for Amazon’s alleged violations had a statutory maximum of $1,038,206,212 but the amount was reduced based on certain mitigating factors.
The Office of Foreign Assets Control (“OFAC”), within the US Department of the Treasury, oversees the economic and trade sanctions against foreign countries and governments as well as companies, non-governmental groups, and individuals, including alleged terrorists, drug traffickers, arms dealers, and others engaged in activities detrimental to the United States. OFAC publishes lists of these entities and persons individuals owned, controlled by, or acting on behalf of these entities and persons.
OFAC has numerous sanctions lists. The primary list is the Specially Designated Nationals and Blocked Persons (SDN) List, which lists individuals and companies with a relationship to targeted countries. The SDN list also include individuals, groups, and others involved in terrorism and criminal activity that specific to any country. The individuals on this list have their assets blocked in the US, and US companies and individuals are not permitted to do business with them. Other lists include: Consolidated Sanctions List; Sectoral Sanctions Identifications List; Foreign Sanctions Evaders List; Non-SDN Palestinian Legislative Council List; Non-SDN Iranian Sanctions List; List of Foreign Financial Institutions Subject to Part 561 (Part 561 List), and List of Foreign Financial Institutions Subject to Correspondent Account or Payable-Through Account Sanctions (CAPTA List).
Sanctions are provided for under the following federal statutes: Trading With the Enemy Act, 50 U.S.C. App. §§§§ 1-44 (“TWEA”); International Emergency Economic Powers Act, 50 U.S.C. §§§§ 1701-06 (“IEEPA”); Iraqi Sanctions Act, Pub.L. 101-513, 104 Stat. 2047-55 (“ISA”); United Nations Participation Act, 22 U.S.C. §§ 287c (“UNPA”); International Security and Development Cooperation Act (“ISDCA”) 22 U.S.C. 2349 aa-9 (Iran); The Cuban Democracy Act (“CDA”), 22 U.S.C. §§ 6001-10; The Cuban Liberty and Democratic Solidarity (“LIBERTAD”) Act, 22 U.S.C. 6021-91; The Antiterrorism and Effective Death Penalty Act, enacting 8 U.S.C. 219, 18 U.S.C. 2332d and 18 U.S.C. 2339b; The Foreign Narcotics Kingpin Designation Act, Pub L. No. 106-120, tit. VIII, 113 Stat 1606, 1626-1636 (1999) (to be codified at 21 U.S.C. §§§§ 1901-1908); and The Criminal Code at 18 U.S.C. §§ 1001.
In 2020, OFAC published “A Framework for OFAC Compliance Commitments,” providing guidance on establishing a sanctions compliance program. The Framework also provides information on causes of OFAC violations. Penalty and enforcement information can be found at the Reporting, Procedures, and Penalties Regulations, 31 C.F.R. Part 501 and the Economic Sanctions Enforcement Guidelines, 31 C.F.R. Part 501, app. A.
Where Amazon Went Wrong
Though Amazon employed an automated screening system, that system failed to identify transactions that should have been flagged. For example, Amazon’s system missed shipping details because an alternative spelling for a city in a sanctioned country was used. At other times, Amazon failed to flag transactions shipping to embassies of sanctioned countries in third countries.
Amazon sold products and services, primarily low-cost retail items, in Crimea, Cuba, Iran, North Korea, Sudan, and Syria. Additionally, Amazon sold products to individuals on OFAC’s SDN List who were blocked, including blocks based on regulations concerning narcotics trafficking, weapons of mass destruction, global terrorism, and foreign narcotics kingpins. Sales to individuals also violated sanctions from specific countries, including Democratic Republic of the Congo, Venezuela, and Zimbabwe.
Moral of the Story
It is essential when doing business globally to create, implement, and maintain a sanctions screening compliance program, be it manual or automated. The program may be risked based but must align with the scale of the enterprise’s transaction and customer volume. If an automated system is being used, the system should be set up to take into account data quality issues such as common place and name misspellings, variations to address formats, and alternative place names.
About the Author:
Meredith Mays Espino is Corporate Counsel for Accuity, Inc., a financial technology and data company, where she focuses on technology transaction and privacy issues. She is a graduate of The John Marshall Law School. The views expressed are her own and do not necessarily reflect those of Accuity, Inc. or its affiliates.