Well, Implementation Day has come and gone.  Hassan Rouhani peeked out of his house, did not see his shadow, and his handlers declared that winter would soon be over … at least if you’re in Europe.  If you’re in the United States, not so much, where the sanctions remain pretty much the same, albeit more confusing.  Meanwhile half of the CEOs of European companies are booking first class flights on Air France to Tehran where they will sign lucrative contracts to sell their goods and services.

For U.S. persons, there are a few minor benefits to Implementation Day.   U.S. companies can sell civil aircraft parts to Iran as long as they get a license from OFAC.  And you can now enjoy Iranian foodstuffs such as Iranian caviar and pistachios.   In addition, foreign subsidiaries of U.S. companies can deal with Iran as long as the parent company, its employees and all U.S. persons carefully tread the treacherous facilitation line where one misstep leads to immediate catastrophe, penalties and, maybe, jail terms for all.

The only other benefit of Implementation Day to anyone in the U.S. involves removals of certain persons and companies from the SDN List.  But, but, but (surprise!) there are major caveats.   The removed parties are still blocked and off-limits to U.S. persons if they are part of the Iranian government (including state-owned enterprises) as defined in section 560.304. Second, they can’t be an Iranian financial institution as defined in section 560.324.

Now this is where the fun begins.   Many of the entries removed from the SDN List on Implementation Day were either Iranian government entities or financial institutions.   So, OFAC now has a new list for you to check of people removed from the SDN list who are still blocked and off-limits to U.S. persons.  That’s right:  implementation day brought U.S. citizens yet another list to check.  These are the entities marked with an asterisk in Attachment 3 to Annex II of the JCPOA which are now compiled in the new list, the E.O 13599 List, and which can be found here (at least until OFAC, to keep its web designers employed, reorganizes its website again and breaks all previous links).

But the fun doesn’t stop there.  The federal government, aware of its own incompetence and keen to punish those who rely on it, says this in the otherwise excellent January 16 guidance on the effect of implementation day:

Please be advised that, under the ITSR, U.S. persons continue to have an obligation to block the property and interests in property of individuals and entities listed in Attachment 3 to Annex II of the JCPOA that do not have an asterisk next to their name and are not included on the E.O. 13599 List if such persons meet the definition of either the Government of Iran or an Iranian financial institution as set forth in section 560.304 or 560.324 of the ITSR, respectively.

In plain English, just because we screwed up and didn’t put a removed party on the 13599 List and that party is in fact related to the Government of Iran, we still get to fine you if you blithely assume that removed parties not on the 13599 List are safe to deal with.  Heads we win, as they say, tails you lose.

Happy Implementation Day, everyone!

Back in September, we reported on industry criticism of the list published by the Office of Foreign Assets Control (“OFAC”) of medical devices eligible for export to Iran without a license for certain glaring omissions, namely, infant warmers used in maternity units and neo-natal intensive care devices. This seemed ironic given that certain contraceptive devices were on the list, but critical infant care items were not.

Well, OFAC just updated the list to add a number of devices eligible for unlicensed exports to Iran, including “infant radiant warmer and parts and accessories … [and] [n]eonatal equipment (phototherapy, nasal CPAP, etc. and all components).” Whether or not OFAC listened to what we had to say or not, it clearly listened to industry and did the right thing.

There are a substantial number of additions to the new list, too many to detail here, but I noticed certain changes of particular interest. The category of radiology equipment was expanded from a single item (medical ultrasound equipment) to pretty much the full array of radiology equipment: MRIs, X-ray machines, x-ray film, contrasting agents, mammography machines, and tomography scanners.

Also on the list, and it’s hard to understand why this took so long, are hearing aids. It seems to me that we were in no position to say that Iran was not listening to our arguments on nuclear proliferation at the same time we were restricting the export of hearing aids to the Iranians.

BMO Harris Bank on Wednesday escaped an OFAC fine, even though it admitted to having processed six funds transfers totaling $67,357 representing payment by a customer of sums to an Iranian entity from which the customer had purchased Persian rugs. The customer, apparently a retailer that purchased and resold Persian rugs from Iran, had been a bank customer since 2009 when the importation of rugs from Iran was still legal. Because the customer’s name contained the word “Persian,” the bank’s somewhat overzealous interdiction software had been resulting in hits for each transaction by the customer, so the bank put the customer on a false hits list to prevent transactions by the customer from being flagged each time.

On September 29, 2010, OFAC banned the importation of Iranian rugs but, apparently, the bank’s customer didn’t get the message. (That’s what you get for not reading the Federal Register cover-to-cover each morning!) The customer continued to import Iranian rugs and the bank continued to process related wire transactions. In 2011, a suspicious downstream bank in the transaction requested additional information. A Harris Bank employee apparently then learned that the payment was to Iran for Persian rugs but, because the customer was on the false hit list, did not do anything and, as a result, Harris processed five additional transactions for payments to Iran.

Normally such a scenario is a sure-fire guarantee that the company involved will get walloped with an OFAC fine, but in this case OFAC decided to show a little mercy, apparently feeling that the false-hit list was to blame and stating that the bank “may have been unaware of the risks associated with a false hit list that was not reviewed and updated regularly.” This is a bit strange given that the issue here had nothing to do with reviewing and updating the list. The customer, which was on the false hit list, was still a false hit. It had not become an SDN, and the violation did not result from an error in the list.

The violation occurred not because the bank did not review the list but because it did not review the transaction. And this reveals an all-too-common misunderstanding by front line employees about OFAC sanctions. They often see it merely as a list-checking exercise. Is the customer on the list? Nope. Okay, then, everything’s good to go. And this appears to be exactly what happened here. The front line bank employee saw that the customer wasn’t on the SDN list and was instead on the “false hit” list and that was the end of the inquiry

Even though this case really isn’t about a bad false hit list, OFAC used it as an opportunity to issue a “False Hits List Guidance.” The new guidance, if it can really be called that, states the obvious: namely, that false hit lists are a “legitimate” practice as long as you check them periodically to make sure that someone who was not an SDN two weeks ago did not suddenly become an SDN yesterday. Oddly, OFAC does not say anything in the guidance about the glaring lesson from the case at hand, so I’ll say it for them: just because a customer is on the false hit list does not mean that the transaction itself need not be reviewed. (Your welcome, OFAC.)

Of course, I can’t leave the guidance without reference to a tiny bit of silliness in it. The guidance says that a review of the list should be triggered by any “meaningful change” in the customer’s information such as “a change in ownership status, business activity, address, date of birth, place of business, etc.” Wait a second. Does this mean you can change your birth date? Really? Please tell me how you do that. My birthday comes really close to Christmas and I’ve always wanted to move it back into a more present-friendly zone such as June. Also, I bet a number of us would like to shave a few years off that birth date as well.

Crédit Agricole just agreed to pay $787.3 million to settle charges that it violated the U.S. sanctions on Iran and other countries by stripping references to those countries in communications sent to U.S. banks to process dollar-based transactions. And to quote Yogi Berra: “It’s déjà vu all over again.”

The payment is divided up as follows: $385 million to the New York State Department of Financial Services, $156 million to the U.S. Attorney’s Office for the District of Columbia, $156 million to the Manhattan District Attorney’s Office, and $90.3 million to the Federal Reserve. Once again the biggest chunk of change goes to the NYDFS which, as you probably know, doesn’t have the power to enforce any U.S. sanctions inasmuch as it’s just a state agency, notwithstanding its own delusions of grandeur.

But wait a minute. Where is OFAC in all this? I mean, after all, the last time I checked the Iran, Cuba and Sudan sanctions all had OFAC’s name written all over them. Well, OFAC announced today at the same time a $329.5 million fine against Crédit Agricole. Is that on top of the $787.3 million, pushing the fine over $1 billion? Nope. Read the fine print at the end of the OFAC press release:

CA-CIB’s $329,593,585 settlement with OFAC will be deemed satisfied by the bank’s payment of that amount to DOJ, DANY, and the Board of Governors for the same pattern of conduct.

As noted above, out of the $787.3 million, $402.3 million dollars is going to DOJ (through the U.S. Attorney for the District of Columbia), the DANY and the Federal Reserve, more than enough to satisfy the OFAC penalty under this somewhat odd arrangement. But it is not completely insignificant that OFAC did not say that payments to the NYDFS would discharge the OFAC penalty, perhaps indicating a bit of pique by OFAC with NYDFS trying to cash in on violations of OFAC rules.

In this context, an email that Reuters obtained back in June from OFAC to NYDFS in reference to an unnamed investigation of a foreign bank (presumably Crédit Agricole) by NYDFS was not very nice at all.

Given the ongoing negotiations, the situation regarding Iran is extremely sensitive at the moment. As a result, any actions that are taken in connection with sanctions violations pertaining to Iran may have serious impacts on the ongoing negotiations and U.S. foreign policy goals and objectives. The Iranians are not going to distinguish between enforcement actions taken at the state level versus enforcement actions taken at the federal level.”

One has to assume that the NYDFS, driven to feed its addiction to federal sanctions money, gave a terse and impolite response to OFAC that can’t be printed in a family blog, which explains the oddity of OFAC settlement in this case. I think we can safely assume that NYDFS isn’t being invited to OFAC’s holiday party this year.