Today's OFAC Civil Penalties notice* provides an important lesson for banks that rely upon their software to do it all. Sometimes that jack-of-all-trades software you are using is not as all-inclusive as you think. Have you ever checked it ?
Branch Banking & Trust Co., known to the public as BB&T, was processing a wire transfer for $25,000, for a Sudanese national that the bank determined was not a Specially Designated National, but the bank's AML/CFT software failed to record it when the officer input "Sudanese" into the program; the software could not accept that notation.
Why is this important ? It appears that the software in use by the bank could not flag any country sanctions information; OFAC pointedly listed Cuba, Myanmar/Burma, Iran and Sudan as examples that the program was not set up to record, report, or note, for any purpose. The software was deemed by OFAC to be inadequate with regard to the sanctions screening process. Why wasn't this caught by compliance ?
The fine was minimal: $19,125, but the reputation damage sustained by being named & shamed on the OFAC CivPen list is serious; We all read those postings, and when we learn that a major bank has never checked its software to ensure that it kicked out potential sanctions violations, that bank's status in the industry suffers, and law enforcement agencies may check to see that there aren't any other problems over there.