Payoneer Inc. will pay $1.4 million to settle its potential liability for apparent violations of six different US sanctions regimes, the US Treasury’s Office of Foreign Assets Control announced Friday, July 23.
Over five years, from February 2013 to February 2018, the New York-based money services business (MSB) was determined to have processed 2,260 transactions for entities located in sanctioned jurisdictions such as Crimea, Iran, Sudan, and Syria, as well as individuals on OFAC’s List of Specially Designated Nationals and Blocked Persons. Together, the transactions totaled just over $802,000.
According to OFAC, Payoneer had formally implemented policies and procedures prohibiting transactions involving any parties in sanctioned jurisdictions back in June 2015. But the company fell short in closing compliance gaps and ensuring its screening processes were robust enough to follow through on the stated policies.
Among other compliance deficiencies, OFAC cites Payoneer’s reliance on weak algorithms that failed to flag fuzzy matches to sanctioned entities and the MSB’s decision not to screen for Business Identifier Codes when OFAC provided them. It also singled out its failure to monitor IP addresses and flag physical billing and shipping addresses in sanctioned locations. Finally, OFAC found that when backlogs occurred, Payoneer’s payment system would release previously flagged payments automatically and before anyone could review them.
Only 19 of the apparent sanctions violations were voluntarily self-disclosed, but all are considered non-egregious. In addition to the settlement, Payoneer has hired a new chief compliance officer and has provided its employees with additional training. OFAC also acknowledged that the MSB has taken steps to strengthen its screening processes, including revising its software filters and manually reviewing transactions or accounts that raise red flags.
OFAC’s settlement with Payoneer and the apparent violations highlight the importance of using all information available when screening customers and transactions. That is, IP addresses and other information routinely collected, such as billing and shipping addresses or copies of identification documents, should all be leveraged for compliance processes — even if compiled by another department or for another purpose.
It also demonstrates how easy it is for designated entities and prohibited transactions to slip through the compliance net when officers lack the proper training and screening technology. Therefore, companies would do well to prioritize making investments in advanced tools that facilitate thorough customer and transaction screening, lest they too find themselves on the hook for inadvertent sanctions violations.