On July 21, 2022, the US Department of the Treasury’s Office of Foreign Assets Control issued a Finding of Violation (FOV) to MidFirst Bank, a private bank based in Oklahoma, for maintaining accounts and processing 34 payments for two individuals in violation of the Weapons of Mass Destruction Proliferators Sanctions Regulation (WMDPSR). OFAC reports that the violations occurred in 2020 within 14 days of the individuals’ designations and stemmed from MidFirst’s misunderstanding of the frequency with which its vendor screened its existing customer base against new names added to OFAC’s List of Specially Designated Nationals and Blocked Persons (SDN List).
According to OFAC, the two individuals were added to the SDN List on September 21, 2022, and, later that day, MidFirst processed five transactions totaling $604,000 on behalf of accounts held by the blocked persons. MidFirst also processed an additional 29 transactions totaling less than $10,000 between September 22, 2020 and October 5, 2020. OFAC reports that 98 percent of the value of the post-designation transactions occurred within 6 hours of the designations.
The violations occurred because MidFirst Bank was under the impression that its vendor’s daily screening process included checking its entire customer base against additions and changes to the SDN list. However, the vendor’s daily screening only checked for minor account changes such as changes to a customer’s name or address, while MidFirst’s entire customer base was checked once a month for SDN List changes. MidFirst informed OFAC that it promptly blocked the two customer accounts as soon as it was notified by the vendor on October 5, 2020 that the two customers had been designated.
According to OFAC, MidFirst violated § 544.201 of the WMDPSR when it processed the 34 transactions; however, OFAC determined that, under the circumstances, the appropriate administrative action was an FOV instead of a civil monetary penalty. It is important to note that MidFirst also took steps to remediate the issue in November 2020 when it implemented a process by which its entire customer base would be manually rescreened whenever there were updates to the SDN List. Furthermore, in December 2020, MidFirst’s vendor also updated the frequency with which it conducts entire account base screenings.