Oklahoma-based MidFirst Bank will not pay a civil penalty after self-reporting to the Treasury Department’s Office of Foreign Assets Control (OFAC) apparent violations of weapons of mass destruction proliferator sanctions at the bank.

OFAC on Thursday hit MidFirst with a finding of violation (FOV), which resolves the matter through documenting the alleged failures without the addition of a fine. The timing and relatively low harm of the apparent violations, along with the bank’s cooperation, were among mitigating factors in the regulator’s determination.

MidFirst did not respond to a request for comment.

The details: MidFirst processed 34 payments on behalf of two individuals added to OFAC’s List of Specially Designated Nationals and Blocked Persons (SDN List), according to the regulator’s enforcement release. The transactions all occurred within two weeks of the individuals’ designations under the Weapons of Mass Destruction Proliferators Sanctions Regulations on Sept. 21, 2020.

At fault for the violations was MidFirst’s misunderstanding of how often its sanctions screening vendor screened its overall customer base, according to OFAC.

“Although the vendor conducted daily screenings of new customers and of existing customers with certain account changes (e.g., changes to a customer’s name or address), the vendor only screened MidFirst’s entire existing customer base once a month,” OFAC stated. “MidFirst misunderstood the scope of the contract with its vendor, mistakenly believing that the daily screenings would screen its entire customer base against additions and changes to the SDN List.”

Upon learning Oct. 5, 2020, of the designation of the two individuals from the vendor’s monthly report and its own monthly screening, MidFirst blocked their accounts and subsequently notified OFAC of what occurred, the enforcement release explained.

An investigation into the transactions found five totaling $604,000 occurred within six hours of the individuals being designated. Of that total, $400,000 came via internal book transfers. The remaining 29 transactions totaled less than $10,000 on behalf of the blocked persons, OFAC stated.

In response to the incident, MidFirst in November 2020 changed its policies to manually rescreen its customer base whenever there are updates to the SDN List and had its vendor increase the frequency of its screening of all customers beginning December 2020.

“This FOV reaffirms that financial institutions should take a risk-based approach to sanctions compliance, including when implementing sanctions screening tools, and demonstrates the importance of ensuring the scope and capabilities of outsourced sanctions compliance services are consistent with the financial institution’s assessment of its exposure to sanctions risks,” OFAC stated.