On November 6, 2023, the US Department of the Treasury’s Office of Foreign Assets Control announced that it reached a settlement with Illinois-based Swift Prepaid Solutions, Inc. d/b/a daVinci Payments, a financial services and payment firm, to resolve its potential civil liability for more than 12,000 apparent violations of OFAC sanctions on Crimea, Iran, Syria, and Cuba. OFAC reported that daVinci agreed to pay approximately $200,000 for enabling prepaid reward cards to be redeemed on its platform from users with Internet Protocol (IP) addresses associated with Iran, Syria, Cuba, and Crimea between 2017 and 2022.
A majority of the apparent violations were discovered by daVinci, between March 2020 and February 2022, during the course of an internal compliance review and subsequent investigation conducted. According to OFAC, once daVinci implemented protocols that prevented website access to users from IP addresses associated with the sanctioned jurisdictions, the company discovered that it redeemed 13 additional cards for recipients with email addresses with certain suffixes, also known as top level domains, that were associated with sanctioned jurisdictions. During the relevant time period, daVinci allegedly processed nearly $550,000 worth of prohibited card redemptions that OFAC considered to be apparent violations of the Cuban Assets Control Regulations (31 CFR § 515.201), the Iranian Transactions and Sanctions Regulations (31 CFR § 560.204), the Ukraine-/Russia-Related Sanctions Regulations (31 CFR § 589.287), and the Syrian Sanctions Regulations (31 CFR § 542.207).
According to OFAC, daVinci’s settlement amount reflects OFAC’s determination that the company’s conduct was both non-egregious and voluntarily self-disclosed. The settlement amount was also influenced by certain aggravating and mitigating factors. The aggravating factors included daVinci’s failure to exercise due caution or care when redeeming reward cards for recipients who appeared to be in sanctioned jurisdictions. The mitigating factors relate to a number of significant remedial measures taken by daVinci, including proactive steps to conduct an internally initiated review and its implementation of protocols to block IP addresses associated with sanctioned jurisdictions and email address suffixes from its platform.