When the United States implements sanctions against a country or a group of individuals, domestic companies are required not to do business with the bad actors. From narcotic traffickers to suspected terrorists, belligerent states to authoritarian governments, there are many individuals and groups that companies are barred from dealing with.
These economic sanction programs are enforced by a branch of the U.S. Department of Treasury called the Office of Foreign Assets Control (OFAC). Ensuring compliance with OFAC is a risk management challenge that must be solved, or else a company can face fines and bad publicity.
To help companies understand how to navigate economic sanctions and the tools available to do so, PaymentsJournal sat down with David Barnhardt, Chief Experience Officer at GIACT, and Steve Murphy, director of Commercial and Enterprise Payments Advisory Service at Mercator Advisory Group.
A brief overview of risk management
As a research and consulting group specializing in the payments industry, Mercator Advisory Group focuses a lot on risk management concerns.
Since companies that deal with payments facilitate liquidity for global economic activity, “the industry is responsible for risk management and particularly vulnerable to risk management difficulties,” said Murphy. He sketched out two major buckets of risk management.
The first is that companies want to prevent and mitigate financial fraud. The second major area is that companies must comply with a myriad of laws related to sanctions, screening, automated money laundering, know your customer (KYC) requirements, and so on.
The increased interconnectivity of the economy means that both fraud prevention and regulation compliance are becoming expensive to handle, said Murphy. Yet, a failure to comply can cost a company even more, in terms of economic and reputational damage.
Companies operating in the United States face many compliance challenges as the country has some of the most stringent regulations governing payments, with OFAC being a prime example.
Who does OFAC impact?
At first glance, one might assume that only banks and other financial institutions would be bound by OFAC requirements, said Barnhardt. But in actuality, anyone who processes transactions “that are sanctioned by OFAC requirements must adhere to those regulations.”
This could include an eclectic mix of companies, ranging from automobile dealerships to insurance companies to cellular companies, not just banks. Barnhardt explained how at a car dealership, for example, they’re actually required to make sure a potential customer is not on a sanctions list prior to approving their transaction.
While many industries fall under the regulatory gaze of OFAC, compliance requirements can vary by industry.
“Being cognizant of the different industries and what those industries require is what GIACT really specializes in,” said Barnhardt. Different industries can have different requirements governing the frequency with which you have to screen new customers or your existing customer base.
GIACT’s approach to OFAC and risk management
To aid corporates and banks in their risk management efforts, GIACT created the EPIC Platform. The EPIC Platform is an acronym meaning enrollments, payments, identification, and compliance. It consists of multiple products which are all intraoperative with each other, enabling businesses to handle a range of risk management needs.
It starts with enrollment, allowing the business to confirm if the consumer really is who they say they are. Once the identity of the person in question is confirmed, the business can use gOFAC Monitoring—a component of the EPIC Platform—to ensure compliance with the OFAC requirements.
gOFAC Monitoring works by checking the confirmed identity against the OFAC sanctions list and the “politically exposed person” (PEP) list. Barnhardt noted how gOFAC is configurable to specific countries, meaning that companies doing business outside of the U.S. can effectively use the product as well. The platform also takes into account variations in name spelling or order to identify potential matches.
Since the frequency with which some companies need to check their existing customers against the OFAC sanctions list can vary by industry, gOFAC Monitoring can be configured to check at the proper times. Some companies need to check monthly, while others check quarterly, biannually, or annually.
“gOFAC Monitoring automates the screening of customer records and updated OFAC and sanction lists and notifies users of potential hits to review,” summarized Barnhardt.
Once a client is enrolled and passes the OFAC compliance check, the EPIC Platform can also be used to validate a bank account used to disperse funds to or debit from. “Not only can we confirm that the account is open and valid, we can also confirm the signatory or the name that’s authorized to transact on the account,” said Barnhardt.
He added that the EPIC Platform also helps fend off email compromises, as the software can be used to detect fraudulent or made up emails from people posing to be legitimate companies. So if your company receives a suspect phishing email from an account posing to be one of your clients, the EPIC Platform can flag it as suspicious.
The range of risk management tools bundled together in the platform stood out to Murphy.
“In addition to specific OFAC compliance and sanctions screening, there is an overlapping benefit to this type of platform and service, which is fraud mitigation and fraud prevention in the first place,” said Murphy. He added that such a service is crucial given the rise in fraud and email scams.
Barnhardt agreed, pointing out a comprehensive product was the goal of the EPIC Platform. “The platform is designed to allow [users] to fortify every touch point of the customer interaction,” said Barnhardt.
And it’s crucial to note that this fortification happens at blazing fast speeds, and with little involvement from the customer.
“All these things happen in milliseconds, instantaneously behind the scenes, and it only notifies them when something actually is amiss, or they need to do further review [or] take further action,” said Barnhardt. To notify customers, GIACT offers a real-time API or a portal for each customer to log into.
Barnhardt relayed that companies who used the EPIC Platform reported better operational efficiency and reduced costs related to fraud and expense to comply with government regulations.
When a bad actor does interact with the company’s system, that business can rest assured knowing that GIACT will provide a notification. With GIACT focusing on stopping fraud and ensuring compliance, companies can focus on what really matters: their day-to-day business activities.