Going Beyond OFAC Screening: What Insurance and Reinsurance Companies Must Do To Avoid Sanctions and Ensure Compliance

American Conference InstituteAML and OFAC Compliancefor the Insurance Industry

January 24-25, 2012

Speakers’ InformationFrank Bria

General Reinsurance Corporation

David Butman

Locke Lord LLP

Martin Feuer

Zurich Financial Services

Kathy Silberthau StromCahill Gordon & Reindel LLP

This presentation is solely for educational and informational purposes. It is not intended to constitute legal advice and should not be relied upon as a substitute for legal advice.

January 10, 2012 2

Agenda

• Economic Sanctions Programs• U.S. Persons ‒ Kathy Strom• Facilitation ‒ Kathy Strom• Iran Sanctions ‒ David Butman

• Compliance Programs• Primary Insurance ‒ Martin Feuer • Reinsurance ‒ Frank Bria

• Enforcement Actions ‒ David Butman

• Questions?

January 10, 2012 3

Economic Sanctions Programs

Key Statutory Bases: International Emergency Economic Powers Act (IEEPA) and Trading with the Enemy Act (TWEA) (Cuban program)

Country Programs – Burma, Cuba, Iran, Sudan, Syria, etc. Targeted Programs – SDNs-based, terrorism, non-proliferation,

drug trafficking, etc. “U.S. persons” — defined for most programs as any U.S.

citizen, permanent resident alien, entity organized under U.S. law or any jurisdiction within the U.S. (including foreign branches) or any person in the U.S. — are subject to OFAC economic sanctions programs, and may not engage in “prohibited facilitation”

Non-U.S. persons face risk as well — U.S.-origin goods, causing violations by U.S. persons, branches within the U.S., servers or other functions performed in the U.S., etc.

January 10, 2012 4

OFAC: Facilitation Risks

“Facilitation” by a U.S. person of conduct engaged in by a foreign person where that conduct is proscribed by U.S. sanctions programs is prohibited.

Definitions of facilitation vary among programs, but concepts are similar.

For insurance and reinsurance industry subject to OFAC jurisdiction, facilitation includes providing insurance or reinsurance for conduct, which if done by a U.S. person, would violate an OFAC sanctions program.

January 10, 2012 5

Country Program Definitions

Burma: 31 CFR § 537.205 (basic concept) U.S. persons are prohibited from “approving, financing, facilitating or guaranteeing a transaction by a person who is a foreign person where the transaction would be prohibited if performed by a U.S. person or within the United States.”

Iran: 31 C.F.R. § § 560.206 and 560.417 Same basic concept and adds the following to the definition of “prohibited facilitation”: where a U.S. person alters its operating policies or procedures or

those of a foreign affiliate to permit a foreign affiliate to accept or perform a specific contract or transaction involving Iran without the approval of a U.S. person where such transaction (cont)

January 10, 2012 6

Country Program Definitions

previously required approval by a U.S. person and such transaction would be prohibited if performed directly by a U.S.

person; or where U.S. person refers to a foreign person bids or

orders involving Iran to which a U.S. person could not directly respond as a result of prohibitions; or

where U.S. person changes the operating policies and procedures of an affiliate with the specific purpose of facilitating transactions prohibited if performed by a U.S. person.

January 10, 2012 7

Country Program Definitions

Sudan: 31 CFR § 538.407Includes basic concept as well as prohibitions on changes in procedures or referrals. States that U.S. parent must ensure that its foreign subsidiaries act independently of any U.S. person with respect to all transactions and activities relating to exportation of goods, technologies or services going to or from Sudan, including but not limited to: business and legal planning, decision making, designing,

ordering or transporting goods and financing, insurance and other risks.

January 10, 2012 8

Country Program Definitions

Syria: E.O. 13582, dated August 17, 2011

Prohibits in Section 2(b) and 2(e);

- The exportation, sale or supply, directly or indirectly

from the U.S. or by a U.S. person of “any services to Syria”; and

- any “approval, financing, facilitation or guarantee by a U.S. person of a transaction by a foreign

person where the transaction by that foreign person would be prohibited . . . if performed by a United States person.”

January 10, 2012 9

Best Practices to Reduce Facilitation Risk

Consider each of these definitions of “facilitation” to be part of OFAC’s interpretation of facilitation, and potentially applicable to all OFAC sanctions programs.

Review all proposed business and insurance risks with these concepts in mind.

Alert and train all risk personnel and business managers regarding facilitation risks.

Identify all “U.S. persons” so as to prevent facilitation by such persons.

January 10, 2012 10

Best Practices to Reduce Facilitation Risks (con’t)

Scrutinize and screen all parties involved in risks to be insured (and owners thereof).

Obtain and understand the details (business, place, parties, etc.) of transactions for which insurance or reinsurance is considered.

Include sanctions clauses in all policies and agreements.

Review and discuss all business in light of changing sanctions programs.

January 10, 2012 11

IRAN Sanctions

Iranian Transaction Regulations Comprehensive Iran Sanctions, Accountability, and Divestment

Act of 2010 (CISADA)(2010) Foreign Persons Liable

Knowingly supporting Iran’s development of petroleum resources ($1M/yr or $5M aggregate) Knowingly facilitating Iran’s domestic production of refined petroleum products ($250K/yr or

$5M aggregate) Knowingly exporting refined petroleum products to Iran ($1M/yr or $5M aggregate) Knowingly exporting goods, technology or services to Iran that would contribute materially to

Iran’s acquisition of weapons of mass destruction

Parent Vicariously Liable Corporate parent liable if it “knew” of subsidiary’s prohibited activity

Divestment from Companies Investing in Iran State and local governments authorized to divest/prohibit investments in persons

investing/extending credit of $20M+ in Iran’s energy sector

January 10, 2012 12

IRAN Sanctions cont.

Executive Order 13590 (November 2011) Authorizes sanctions on persons that sell, lease or provide goods,

services, technology or support to Iran that could directly and significantly facilitate the maintenance or expansion of domestic production of petrochemical products ($250,000 FMV or $1M/yr.)

HR 1540 (2011) Foreign Persons Sanctions Foreign financial institutions that knowingly conduct or facilitate significant transactions with

The Central Bank of Iran are barred from opening correspondent or payable through accounts in U.S.

Requires President To Impose Mandatory Sanctions Absent Exception or Waiver

Statutory provision for waiver of sanctions by President in “national security interest” Presidential signing statement says “non-binding” to the extent it interferes with President’s

constitutional authority to conduct foreign affairs.

January 10, 2012 13

Some sanctions challenges faced by international insurers

What to Screen and When?

– OFAC, UN, OSFI, DPL, E.U.?– Sanctions have become more “list-based”; how do you

manage the various lists?– Insured, additional insured, beneficiaries, third parties (how

far do you go?)– Do you screen pre-quote, at quote and or upon payment of a

claim?– Sanctions need to be considered during the entire Product and

Insurance Life Cycle

– Should you screen periodically or at sanctions lists updates?– OFAC requires regular screening at the update of its sanctions list

Should you use enterprise-wide interdiction software? – Does your interdiction software integrate with your in-house

systems and database?

January 10, 2012 14

Some sanctions challenges faced by international insurers, cont’d Extraterritorial nature of sanctions regimes such as OFAC Do you audit third party providers to ensure they conduct regular

sanctions checks? Should you approve screening mechanisms utilized by third parties

screening on your behalf to ensure compliance with your policy? Consider OFAC anti-blocking legislation of countries such as Canada,

Mexico and the E.U. nations– Canadian based companies can do business in Cuba; this can be a

challenge for U.S. based parent companies– Your company could be subject to conflicting requirements; advise

staff to contact regional Compliance or legal functions for guidance Do you “ring-fence” international customer data and transactions that

involve an OFAC embargoed country such as Cuba?– Where is your international customer data stored?– Ensure there are no “Cuban-related” customer data warehoused

on your computer servers in the U.S. – What about expatriates?

January 10, 2012 15

Evaluation of Sanctions policies

Responsibility for your Sanctions Compliance Program Policy should acknowledge individual

responsible for the day-to-day compliance of the program

“Top-down” approach to OFAC and sanctions Operational procedures and sanctions screening

requirements are owned by the business Compliance professionals within the business with

reporting line to the regional compliance officer Business Unit Compliance -> Regional Compliance -

> Global Compliance

January 10, 2012 16

Evaluation of Sanctions policies, cont’d Identification of High Risk Areas

– Does your policy address the identification of higher-risk customers/areas as part of your CDD procedures?

– Does your policy address the assessment of customers, product lines, geography and nature of transactions?

Reporting Requirements– Provide clear guidelines to local staff for handling items blocked or

rejected under the various sanctions programs– Escalation process must be clearly defined and address reporting to

senior management and OFAC, or other sanctions regulator

Does your policy address the scope of your sanctions program?– What about the sanctions laws of other countries?

Does your policy provide guidance for all U.S. persons, wherever they are located in the world? 1

Does the policy address part-time and temporary workers, third parties who do business on your company’s behalf, such as consultants, advisers, service providers, suppliers, intermediaries, agents or brokers globally? Include sanctions screening requirements in contract agreements with third parties

1 Sanctions generally apply within the jurisdiction they are established in, but some sanctions have extraterritorial reach, and/or become relevant depending on where business is conducted.

January 10, 2012 17

Recommendations Establish common enterprise-wide screening policies and work-flow

procedures. Require Third Party Administrators (TPAs) to follow same policies and procedures;

Adopt and implement an enterprise-wide technology that is adaptable to the business;– Zurich is presently implementing a common global platform

Provide adequate training for all appropriate employees– Mandatory for new employees within North America– Targeted training provided to compliance personnel and client facing

employees such as underwriters – Training should be risk-based and targeted to your organization

Compliance as a second line of defense– Advise all employees globally to contact their local/regional compliance

or legal function should they have questions regarding sanctions

January 10, 2012 18

Summary The adverse effect of reputational risk associated with OFAC

compliance issues is great Be mindful of the weakest link: third parties Test for sanctions compliance on a regular basis Maintain an open dialogue with OFAC and local sanctions regulators at

all times; don’t assume anything; ask for guidance We all make mistakes, but a robust, OFAC and sanctions compliance

program will mitigate the severity of any penalty Manage the examination process with an open and collaborative

methodology Train all U.S. persons within the company; don’t forget to train those

living/working overseas Periodically assess products and services for sanctions regulatory

requirements Incorporate “red flags” within company policies and procedures; and Ensure senior management has approved your policy

January 10, 2012 19

Designing an Effective OFAC Compliance Program

ASSESS

● Obtain senior management’s input and support

● Conduct legal and risk assessments

January 10, 2012 20

Designing an Effective OFAC Compliance Program

BUILD

● Implement policies and guidelines

● Implement screening software (ensure that all underwriting submissions, claims payments and wire transfers are screened against the Specially Designated Nationals List ("SDN List"))

● Create awareness at all levels of the company

● Train employees

● Establish procedures to encourage employees and third party vendors to report potential OFAC violations

● Encourage trade sanctions exclusions for global insurance and reinsurance policies

January 10, 2012 21

Designing an Effective OFAC Compliance Program

CERTIFY

● Appoint and train representatives from each business and service unit to:

-oversee the OFAC screening

-ensure that the unit complies with screening guidelines

-routinely meet with Legal to review OFAC compliance efforts

and report any changes within the unit that may impact screening

● Obtain confirmation from vendors and business partners that they have an OFAC compliance program that includes some form of screening

January 10, 2012 22

Designing an Effective OFAC Compliance Program

REVIEW

● Regularly reassess the company’s legal and business risks

● Routinely rescreen clients, insureds, claimants, and beneficiaries to confirm that they have not been added to the SDN List

● Conduct audits of the compliance program

January 10, 2012 23

LINES OF BUSINESS

● Political Risk Coverage, more than any other class of business, tends to involve sanctioned countries

● Mobile risks, such as ocean marine and aviation, present the potential for prohibited claims payments

● International Group Life Policies

● Premiums and Claims that are reported on a bulk report may lack critical information and may be difficult to screen against the OFAC list

Potential Trade Sanctions Exposures for Insurers and Reinsurers

January 10, 2012 24

Potential Trade Sanctions Exposures for Insurers and Reinsurers

REGIONAL EXPOSURES

● Middle East - large number of SDNs and trade with Iran, Syria and other sanctioned countries and entities

● Portions of Central and South America - large number of SDNs and trade with Cuba

January 10, 2012 25

Challenges for U.S. Insurers and Reinsurers in the E.U.

Compliance challenges due to Legal Differences between the U.S. and E.U.

● E.U. Blocking Laws

● E.U. privacy laws – German Federal Data Protection Act and Section 203 of the German Criminal Code

January 10, 2012 26

Practical Tips to Enhance Compliance Programs

U.S. insurers and reinsurers should conduct the following:

(1) screen their existing policyholders, claimants, and beneficiaries against

the SDN list;

(2) conduct due diligence on political risk, mobile risks and international

group life policies;

(3) establish a process to review premiums and claims reported on bulk reports;

(4) monitor Iranian efforts to evade sanctions; and

(5) include a trade sanctions exclusion on global policies.

January 10, 2012 27

OFAC LIABILITY/PENALTIES Civil Penalties (TWEA and IEEPA)

Unintentional violations/Strict Liability $250,000 ($1.075M Kingpin) or 2xs the value of transaction (greater of) Forfeit pecuniary gains

Criminal Penalties (TWEA and IEEPA) “Willful violations” of regulations

Individuals $250,000 Maximum ($5,000,000 Kingpin); or Imprisonment up to 20 years (IEEPA) or 10 years (TWEA) (30 years Kingpin Act); or Both

Corporations $1,000,000 Maximum ($10,000,000 Kingpin); or Twice the amount of the transaction; or Both

Reputational Injury Stock Price Penalty

January 10, 2012 28

OFAC LIABILITY/PENALTIES Cont.

Value of the Insurance Transaction

Underwriting = Total Premium Charged

Claims = Amount of Claim Payment

Stacking Penalties

January 10, 2012 29

OFAC LIABILITY/PENALTIES Cont.

OFAC ENFORCEMENT RESPONSES

No Action – OFAC determines evidence insufficient to establish a violation or action is otherwise not required.

Request Additional Information - May issue subpoena for more information before determining appropriate action.

Cautionary Letter – Same as “No Action”, but warns that conduct could result in

future violations or compliance program may be insufficient.

Finding of Violation – OFAC determines a violation occurred, but identification of violation and remedial steps are appropriate response rather than civil monetary penalty.

January 10, 2012 30

OFAC LIABILITY/PENALTIES Cont.

Civil Penalty – OFAC determines that a violation occurred which warrants imposition of a civil monetary penalty.

Criminal Referral - In appropriate circumstances, OFAC may refer the matter to appropriate law enforcement agencies for criminal investigation and/or prosecution.

Other Administration Action – In addition to or in lieu of the foregoing OFAC may:

Deny, suspend, modify or revoke license where needed. Issue cease and desist orders

January 10, 2012 31

CIVIL PENALTIES PROCESS Pre-Penalty Notice

Describe the alleged violation Number of alleged violations Value of each alleged violations Identify law/regulation allegedly violated Base category upon which proposed penalty amount calculated Aggravating/Mitigating factors relevant to proposed penalty Maximum potential penalty under law/regulation Proposed Penalty

Response Written Response within 30 days (post mark of pre-penalty notice) Agree/Disagree as to violation/Disagree as to penalty amount No Response = Imposition of Civil Penalty

Penalty Notice Final Agency Action

OFAC LIABILITY/PENALTIES Cont.

January 10, 2012 32

OFAC LIABILITY/PENALTIES Cont.

Egregious Case

No Yes

(1)One-Half

Transaction Value ($125K Cap per

violation violation/$32,00 for

TWEA)

(3)One-Half Statutory Maximum

(2)Applicable

Schedule Amount

($250k Cap per violation/$65K for

TWEA)

(4)Statutory Maximum

BASE PENALTY

CALCULATION

Yes

Voluntary Self-Disclosure

No

January 10, 2012 33

Applicable Scheduled Amount

Transaction Value Scheduled Amount

< $1,0000 $1,000

$1,000 - $9,999.99 $10,000

$10,000 - $24,999.99 $25,000

$25,000 - $49,999.99 $50,000

$50,000 - $99,999.99 $100,000

$100,000 - $169,999.99 $170,000

>$170,000 $250,000

OFAC LIABILITY/PENALTIES Cont.

January 10, 2012 34

OFAC LIABILITY/PENALTIES Cont.

Mitigating Factors: Compliance Program in Place First Offense (25% Reduction) Voluntary Disclosure/Self-Reporting (50% Reduction) Substantial Cooperation (20% - 40% Reduction) Entering Into Settlement (10% Reduction – unwritten)

Aggravating Factors: Willfulness (double the penalty) Lack of compliance program Familiarity with Sanctions programs Second or subsequent offense No remedial action after discovery

January 10, 2012 35

OFAC PENALTIES

Barclays, Aug. 2010 Iranian and Sudanese Regulations $298 Million Penalty Stripped Iranian and Sudanese references from U.S. dollar transactions to U.S.

correspondence banks Lloyds TSB, Jan 2009

Iranian and Sudanese Regulations From 1997-2007, stripped Iranian and Libyan references from U.S. dollar transactions to U.S.

correspondent banks ABN Amro, December 2005

Iranian and Libyan Regulations $80 Million Penalty Stripped Iranian and Libyan references from U.S. dollar transactions to U.S. correspondent

banks UBS, May 2004

Cuba, Iran, Libya and Former Yugoslavia Regulations $100 Million Penalty ($25,000 per day of violation) Distribution of U.S. Bank Notes in violation of OFAC Regulations and concealment

Guidant Corporation, March 2007 Iraqi and Iranian Regulations $277,017 Exporting goods for ultimate resale to Iraq and Iran from 2000 to 2004

January 10, 2012 36

INSURANCE INDUSTRY PENALTIES

Penalties Published on OFAC Website: www.ustreasury.gov

U.S. P&C (Re)Insurer, March 2001 Cuban Asset Control Regulations (CACRs) $2.4 Million Penalty British companies selling reinsurance to Cuban companies

U.S. Reinsurer, June 2011 Iranian Transaction Regulations $59,130 Penalty Two reinsurance claim payments totaling $309,740.65 to a protection and indemnity association or P&I Club

U.S. Broker, April 2011 Iranian Sanctions Regulations Placement of 6 Commercial Multi-Peril policies insuring submersible oil rig ($453,364 total premium) $122,406 Penalty

U.S. Broker, January 2011 Iranian Transaction Regulations $36,000 Penalty Placement of two retro contracts ($62,883 total premium) between European reinsurer and European retros.

U.S. Personal Lines Insurer, June 2010 Foreign Narcotics Kingpin Regulations $11,000 penalty Unauthorized auto policy issued to SDN

January 10, 2012 37

Broker Example 1Step 1: Determine Number of Transactions

(6 Contracts)

Determine “Value” of Transaction (Total Premium for 6 contracts = $453,364)

Step 2: (a) Egregious v. Non-Egregious (Non-Egregious)

Voluntarily Disclosed v. Disclosed By Other Means

(Not Voluntarily Disclosed)

(b) Determine “Base Penalty” Amount

($75,560 avg prem per policy x 50% reduction x 6 placements)

BASE PENALTY = $226,680

Step 3: Adjust Penalty (Mitigating and Aggravating Factors)

(a)25% first offense

(b)10% settlement

ASSESSED PENALTY = $122,408

January 10, 2012 38

Broker Example 2

Step 1: Determine Number of Transactions (2 Contracts)

Determine “Value” of Transaction (Total Premium $62,883)

Step 2: (a) Egregious v. Non-Egregious (Non-Egregious)

Voluntarily Disclosed v. Disclosed By Other Means

(Not Voluntarily Disclosed)

(b) Determine “Base Penalty” Amount

($100K for transaction values between $50K-$100K)

BASE PENALTY = $100,000

Step 3: Adjust Penalty (Mitigating and Aggravating Factors)

(a)20%-40% substantial additional information/cooperation

(b)25% first offense

(c)10% settlement

ASSESSED PENALTY = $36,000

January 10, 2012 39

FOREIGN PERSON CONSIDERATION

Foreign Corporations – “What Me Worry?”

U.S. citizen employees, managers, officers or directors Non-U.S. citizen employees while in the U.S. U.S. co-insurers U.S. reinsurers U.S. offices U.S. capital/investments Insuring/Reinsuring transactions involving export/re-

export of U.S. origin goods Cuba (and Iran – CISADA) CAUSING OFAC VIOLATIONS

January 10, 2012 40

Contact Information

Martin FeuerZurich Financial ServicesChief Compliance Officer Americas917-534-4536martin.feuer@zurichna.com

Frank BriaGeneral Reinsurance CorporationVice President and Assistant General Counsel203-328-5112FBria@genre.com

David ButmanSenior CounselLocke Lord LLP312-443-0207dbutman@lockelord.com

Kathy Silberthau StromCounselCahill Gordon & Reindel LLP202-862-8944stromk@cgrdc.com

January 10, 2012 41