April 30, 2022
An Australian company’s settlement with the Office of Foreign Assets Control (OFAC) for more than $6 million is instructive for non-US companies of the financial risks they run in using US banks and currency to settle transactions with OFAC-sanctioned persons and entities and of the importance of voluntary disclosures.
Freight-forwarding and logistics company Toll Holdings Ltd, with affiliates and suppliers, apparently violated US sanctions law by using US banks and dollars for transactions for sea, air and rail shipments to sanctioned jurisdictions and people on the Specially Designated Nationals and Blocked Persons List (SDN List). The value of payments was nearly $48.5 million, processed through US financial institutions or their foreign branches, OFAC said in its enforcement release of April 25.
OFAC accounted for 2,958 apparent violations from January 2013 to February 2019 of its sanctions programs against the Democratic People’s Republic of Korea (DPRK), Iran and Syria.
OFAC said the settlement of $6,131,855 reflects that Toll voluntarily disclosed its apparent violations, adjudged to constitute a non-egregious case. The statutory maximum penalty in this matter is more than $826 million.
Under OFAC’s Economic Sanctions Enforcement Guidelines, 31 CFR Part 501, app A, the base civil monetary penalty applicable in this matter is $15,329,638, equalling one-half the transaction value for each violation, capped at the lesser of $125,000 for transactions on or before November 2, 2015, and at $153,961 for transactions after November 2, 2015, or one-half of the applicable statutory maximum per violation.
Thomas Knudsen, managing director of Toll Group, said that the alleged violations occurred because of a “misunderstanding about regulations regarding payments through the US financial system [that] related to otherwise permissible shipments.” He added: “We take compliance seriously and have acted to keep this from happening again, instituting rigorous control systems and enhanced training and accountability. None of the individuals involved in the transactions at issue are employed any longer by Toll Group.”
Details of the Transactions
Of the payments, 424 involved Mahan Airlines, designated under EO 13224 (blocking property and prohibiting transactions with persons who commit, threaten to commit or support terrorism). This accounted for 327 transactions. Hafiz Darya Shipping Lines Company, designated under EO 13882 (blocking property of weapons of mass destruction proliferators and their supporters) accounted for 97 transactions. The rest of the transactions comprised 2,534 funds transfers for payments for shipping through the DPRK, Iran and Syria.
Payments generally originated or were received by 23 of Toll’s overseas entities across Asia, Europe, the Middle East and North America. The entities remitted and received payments in settlement of invoices for services performed by Toll for entities within its corporate structure, and between Toll and its customers, agents, suppliers, and other outside business partners.
Toll, processing such payments through US financial institutions, failed to adopt or implement policies and controls that prevented it from conducting transactions with designated concerns in sanctioned jurisdictions. The absence of such policies and controls resulted in part from Toll’s rapid expansion over the preceding period without a requisite increase in compliance resources.
In 2007, Toll began acquiring freight-forwarding companies internationally. By 2017, Toll had almost 600 invoicing, data, payment, and other system applications spread across its business units.
Bank Warns Toll About Using Dollar Account for Syrian Payment
In 2015, “some Toll personnel knew or had reason to know” that transactions were occurring in “potential violation” of US sanctions prohibitions, OFAC said. A bank Toll used restricted a subsidiary’s use of its US dollar account after identifying a US dollar transaction involving Syria.
The Syrian-related payment prompted an employee at Toll headquarters to instruct employees in United Arab Emirates and South Korea affiliates to avoid including the names of sanctioned jurisdictions on invoices. The concern was that the payment would disrupt a separate, large impending internal transfer.
The bank continued to raise concerns with Toll, including “potentially violative payments involving US banks.” Before agreeing to transfer funds, the bank required Toll to provide supporting documentation to show transactions did not involve a sanctioned interest, and to confirm its payments did not violate US (and other countries’) sanctions regulations.
The CEO of a Toll operating division sent an email to its employees reminding them of its international sanctions compliance obligations. But the bank was still concerned about “potentially problematic payments and apparent control deficiencies.”
In 2016, after adjudging Toll’s controls unacceptable, the bank told Toll it would terminate its relationship. Toll reiterated its commitment to abide by all applicable sanctions laws and requirements, attesting it did not participate in prohibited transactions with sanctioned jurisdictions.
Compliance Officers’ Instructions Not Followed
Toll decided to cease all business with US-sanctioned countries. Toll’s compliance office repeatedly instructed business units to stop shipping to US-sanctioned countries, but they did not follow policies and procedures, nor did Toll’s head office audit their actions.
In 2017, Toll introduced “hard controls” that disabled the country and location codes for ports and cities in sanctioned countries in its freight management system, preventing shipments to or from sanctioned countries. Of the 2,958 payments that caused the apparent violations, 2,853 occurred before Toll implemented these hard controls.
Toll subsequently retained an accounting firm to conduct a detailed forensic examination of its payment practices with sanctioned jurisdictions and persons and disclosed its findings to OFAC.
OFAC said that by causing US financial institutions to export financial services to the DPRK, Iran, or Syria, or to transact in property or interests in property of entities on OFAC’s SDN List, Toll appears to have violated § 510.212 of the North Korea Sanctions Regulations, 31 CFR part 510; § 542.205 of the Syrian Sanctions Regulations, 31 CFR part 542; § 560.203 of the Iranian Transactions and Sanctions Regulations, 31 CFR part 560; § 544.201 of the Weapons of Mass Destruction Proliferators Sanctions Regulations, 31 CFR part 544; and § 594.201 of the Global Terrorism Sanctions Regulations, 31 CFR part 594.
Determination of Aggravating Factors
- Toll acted with reckless disregard for US economic sanctions laws. Over six years it caused at least 2,958 payments involving shipments from, to, or through sanctioned jurisdictions or the blocked property or an interest in blocked property of entities on the SDN List to be routed through US financial institutions. Toll’s conduct occurred despite an existing company compliance policy to abide by all applicable sanctions laws, and despite multiple warnings from a US financial institution about Toll’s sanctions compliance risks
- Toll knew or had reason to know of the apparent violations, including concerns raised by Toll’s bank and business practice of transacting with US-sanctioned persons and its use of the US financial system.
- Around 14% of the apparent violations were for transactions involving entities blocked by OFAC for terrorism or WMD concerns. Toll’s activities facilitated participation in comprehensively sanctioned jurisdictions in international shipments and business, contrary to US policy objectives.
- Toll is a commercially sophisticated company and a major global freight forwarder. At the time of the apparent violations, its network comprised around 1,200 agents, franchises, offices, and affiliates, procuring and providing commercial freight services worldwide.
- On first learning in 2015 of problematic transactions and its initial engagement with its bank, Toll did not take immediate or adequate steps to address and stop its processing of transactions with sanctioned interests through the US financial system.
Determination of Mitigating Factors
- Toll had not received a penalty notice or “finding of violation” from OFAC in the five years preceding the earliest date of the transactions giving rise to the apparent violations.
- Toll voluntarily self-disclosed the apparent violations to OFAC and cooperated with OFAC’s investigation by conducting a thorough forensic analysis of the transactions giving rise to the apparent violations and submitting detailed information in a well-organized manner, and engaging responsively in answering requests for additional information.
- Toll ultimately took extensive actions to remedy its compliance gaps, including:
- conducting a risk-mapping exercise to identify the root causes of the compliance lapses and instituting appropriate remedial measures and targeted controls;
- developing and implementing an audit plan that has resulted in recommendations and further implementation of changes to its remediation efforts;
- restructuring its compliance division to address procedural issues and streamline approaches to sanctions screening, and granting elevated sanctions-related responsibilities to its most senior compliance executive;
- implementing a sanctions compliance training program for all relevant employees, training more than 500 employees across five countries;
- implementing “hard controls” within its freight management system that disabled the ability to book shipments involving sanctioned jurisdictions;
- applying its sanctions compliance standards to anyone acting on behalf of Toll, including but not limited to Toll’s representatives, consultants, agents, brokers, and subcontractors;
- risk-based screening of transactions, third parties, and agents with whom Toll does business against its internal sanctions lists, to include the SDN List as well as other less-restricted parties lists; and
- ending all franchise relationships, as part of a broader risk-mitigation strategy, and introducing enhanced due diligence measures for onboarding agents, and instituting a due diligence screening process where all third parties adhere to the same compliance standards as Toll.
Lessons to Take Away
Entities must identify and implement measures to mitigate sanctions risks when merging with or acquiring other enterprises. The need for such efforts can be particularly acute when expanding rapidly, including when disparate information technology systems and databases are integrated across multiple entities. Resourcing compliance functions, including compliance personnel and sanctions-related technology, is important.
This case illustrates the care non-US persons should take to avoid prohibited transactions involving sanctioned jurisdictions and persons when their activities rely on the use of US financial institutions or otherwise involve US persons or a US nexus. Non-US persons that seek to conduct business involving US persons or the US, including processing transactions through the US financial system, should ensure their compliance policies contain measures to prevent violative dealings with sanctioned persons or jurisdictions.
A Framework for OFAC Compliance Commitments provides all organizations with OFAC’s perspective on the essential components of a sanctions compliance program. It outlines how OFAC may incorporate these components into its evaluation of apparent violations and resolution of investigations resulting in settlements. An appendix offers a brief analysis of some of the root causes of apparent violations of US economic and trade sanctions programs OFAC has identified during its investigations.