OFAC fines Payoneer $1.4M for sanctions violations

Between February 2013 and February 2018, Payoneer processed 2,241 payments for parties located in sanctioned jurisdictions including the Crimea region of Ukraine, Iran, Sudan, and Syria, according to OFAC. Additionally, Payoneer processed 19 payments on behalf of sanctioned persons on OFAC’s List of Specially Designated Nationals and Blocked Persons (SDN List). These payments totaled just over $802,000, OFAC stated.

Compliance failures: “Payoneer’s policies and procedures dating back as far as June 2015 specified that transactions involving parties in sanctioned locations were prohibited, but the testing and auditing conducted to verify that these policies and procedures were being implemented failed to identify the compliance deficiencies that led to the apparent violations,” according to OFAC.

Sanctions compliance control breakdowns, as described by OFAC, included the following:

• Weak algorithms that allowed close matches to SDN List entries not to be flagged;
• Failure to screen for business identifier codes (BICs) even when SDN List entries contained them;
• Allowing flagged and pended payments to be automatically released without review during backlog periods; and
• Lack of focus on sanctioned jurisdictions, especially Crimea, due to IP address/location lapses.

Mitigating factors: Senior management at Payoneer “acted quickly” to self-disclose the apparent violations upon discovery, stated OFAC, which deemed the case “non-egregious.”

The regulator further credited Payoneer with undertaking the following measures intended to minimize the risk of recurrence of similar conduct:

• Replacing its chief compliance officer, retraining all compliance employees, and hiring new compliance positions focused specifically on testing;
• Enhancing its screening software to include financial institution alias names and BIC codes and automatically triggering a manual review of payments or accounts that match persons on the SDN List;
• Enabling the screening of names, shipping and billing addresses, and IP information associated with account holders to identify jurisdictions and regions subject to sanctions;
• Pending transactions flagged by its filter instead of allowing them to complete during a backlog; and
• Reviewing daily identification documents uploaded to Payoneer and a rule engine that stops payments with identification indicating jurisdictions and regions subject to sanctions.

These enhancements helped Payoneer avoid a fine of $3.9 million.

“This action highlights that money services businesses—like all financial service providers—are responsible for ensuring that they do not engage in unauthorized transactions prohibited by OFAC sanctions, such as dealings with blocked persons or property, or engaging in prohibited trade-related transactions with jurisdictions and regions subject to sanctions,” OFAC stated.