Economic sanctions remain a primary tool used by the U.S. government to achieve foreign policy goals. The last several years have seen significant enhancements to the various OFAC lists, particularly those that relate to Venezuela, Iran and Crimea. While historically, sanctions risk for credit unions was low, in the past few decades there has been significant growth in the size of credit unions, the consumer bases they serve and the products they offer. This has introduced new types of risk for credit unions, one of which is that a member or partner could engage in transactions with sanctioned entities.
Most credit unions recognize that the first step to effective sanctions compliance is risk-appropriate screening of members. The effects of and reasons for OFAC designation mean that domestic members are highly unlikely to be an OFAC Specially Designated National, but it can happen and it has resulted in enforcement activity in the past. It is when credit unions provide services to non-natural person entities, particularly money services businesses (MSBs) that risks rise significantly. In particular, it is the risks posed by the "customers' customer' in this circumstance that pose potential risk to the hosting credit union. It is important to note that few risks cannot be offset by the application of proper controls, but that the costs of such controls when providing services to entities that have their own customers engaging in financial activities, may challenge profitability.
While credit unions provide tremendous value to their members, money services firms may seek credit union relationships because they have been pushed out of relationships at banks, where their sanctions and anti-money laundering practices could have been found to be insufficient. And while most credit unions look to maintain or develop the proper controls for their membership composition and service, there are some that have been seduced by the extraordinary amount of revenue that these consumers can bring, without knowing the full risk. Namely, the credit union can be held responsible, in whole or in part, if the MSB's transactions breach sanctions regulations.
Recommended For You
In a case that received significant publicity, North Dade Community Development Federal Credit Union of Miami Gardens, Fla., was subjected to civil monetary penalties and subsequently shuttered. North Dade had assets of $3.6 million with 616 members in its last year of operation. Almost 90% of its revenue came from transaction fees on remittances by high-risk money service businesses – $2 billion passed through it in 2013 alone. At the time, Jennifer Shasky Calvery, director of FinCEN said, "When a small institution opens its doors to the world, takes on greater risks than it can manage, and puts profits before AML controls, bad actors are bound to take advantage. North Dade's five-person staff did not have sufficient resources or technical expertise to administer a program capable of ensuring compliance with the BSA."
While the penalties against North Dade were predicated on Bank Secrecy Act violations, the underlying activity of concern was primarily high risk transactions from Latin America – transactions that also bring significant sanctions risk. In the North Dade case, the credit union permitted an MSB to open sub-accounts for that MSB's own foreign MSB customers. In this way, the foreign customers were directly using North Dade's services. It is important to note, however, that even if a credit union believes it has a relationship only with an MSB and not the MSB's customers, regulators and enforcement agencies have pursued sanctions violations against all institutions in a transactional "string." This is the reason why banks will often require that MSB customers agree to provide extensive documentation and audit rights to the banks in return for access to dollar clearing, and this intrusiveness is what is driving some MSBs to look for institutions with lower controls thresholds. The 2016 FinCEN enforcement action against the former Bethex Federal Credit Union is another example of the risk MSBs may present.
To counter sanctions risk, a credit union must ensure its members are screened for sanctioned parties at the time of onboarding. Then, on an ongoing basis, it should screen payments made by its members to others to ensure the recipient is also not a sanctioned entity. For a credit union that provides services to commercial members, particularly if they are money services businesses, it should ensure the MSB is screening against OFAC and other sanctions lists, and that the MSB's own processes and policies are sufficient to ensure compliance.
Sanctions programs are highly nuanced, and it is important for credit unions to watch for changes to programs and regional influences that can change member behavior and increase risk. Additionally, the relaxation of sanctions in certain countries does not automatically mean a credit union can start receiving payments from individuals in those regions. In the case of Iran, many people interpreted the relaxation of Iran Sanctions as an indication that Iran was "open for business" when U.S. dollar-denominated transactions with Iranian entities remains largely restricted. In Cuba, the lifting of sanctions for industries such as telecommunications, education, tourism and travel generated widespread media coverage. But many people are unaware that there are still strict controls around what money is sent to and from Cuba. It is therefore imperative that credit unions have strong country-specific expertise if they plan to service members' transactions from or to those jurisdictions.
Creating an appropriate screening process for sanctioned individuals or entities can be challenging for financial institutions of all types and sizes. Governments make sanctions lists public, so in many cases a sanctioned individual or entity will try to disguise its identity by using shell companies or layers of financial institutions to evade detection. But as regulated entities, credit unions have significant potential liability for transactions they facilitate, and the liability under OFAC is strict.
The use of a CUSO to complete a wire transfer does not absolve the originating or receiving credit unions of their responsibilities to screen for OFAC. While a transaction with an OFAC Specially Designated National is likely to be interdicted by a corporate credit union with effective screening processes, their subsequent communications to OFAC could inadvertently highlight ineffective processes at the originating or receiving credit union. Most corporate credit unions clearly advise their participating credit unions that screening by the corporate entity does not absolve credit union members of their own requirement to screen.
It is also worth reminding credit unions that OFAC gives significant credit for self-disclosure and cooperation and for the implementation of more robust controls. Credit unions should carefully assess their OFAC exposure and the exposure their members and partners bring, and implement a risk-appropriate controls environment. Their survival may depend on it.
Daniel Wager is VP, Global Financial Crime Compliance for LexisNexis Risk Solutions. He can be reached at [email protected].
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
