The international financial services company Nasdaq was issued a US$4 million fine by the Office of Foreign Assets Control (OFAC) due to the actions of its former subsidiary. Between 2012 and 2014, the subsidiary provided services to an Iranian state-owned bank, violating active sanctions.  

Nasdaq later self-disclosed these breaches and developed more robust controls to prevent future occurrences, earning a reduction in the base level $16 million calculation to the $4 million fine. 

Key Takeaways: 

• Nasdaq’s former subsidiary provided financial services for an extended period, which the company even identified in 2012 and 2013, but no corrective action was taken. 
• OFAC calculated the base level fine as $16 million, reducing it due to Nasdaq’s self-disclosure and implementation of a robust sanction compliance program (SCP). 
• The breaches and resulting fines are a strong example of the necessity of a comprehensive SCP. 

Main Points of Nasdaq’s OFAC Sanctions Violation and Fines 

Nasdaq acquired OMX AB, a Swedish financial company that operates the Armenian Stock Exchange (ASE), in 2008. Once acquired and renamed Nasdaq OMX Armenia, the company continued to provide ASE services to Mellat Armenia, a subsidiary of Bank Mellat, an Iranian state-owned bank. 

Sanctions enacted in 2012 included Bank Mellat, but its subsidiary was still provided access to ASE. A total of 151 apparent sanctions occurred before the issue was resolved in 2014.  

Nasdaq self-disclosed these violations in 2014, yet two previous internal audits in 2012 and 2013 identified the violations without taking action to stop them.   

OFAC considered all the aggravating and mitigating factors and then decided to reduce the $16 million fine to $4 million. The agency also commented on the complexity of international subsidiaries and M&As, creating the necessity for a robust SCP to avoid violations. 

Understanding OFAC’s Advice for M&As and Subsidiaries 

Nasdaq is an internationally respected financial services corporation that still failed to implement corrective measures or correctly identify the scope of transacting with a sanctioned party. OFAC’s enforcement release included overall comments advising enterprises to ensure M&As and subsidiaries are fully compliant, as they are still the parent company’s responsibility.  

The company referred to its framework, which focuses on overall guidance to help organizations create an SCP with the following steps: 

1. Management must commit to the initial and ongoing development of an SCP.

2. A comprehensive risk assessment must identify possible vulnerabilities for violations.

3. Robust internal controls should be implemented to identify and correct any issues.

4. The SCP should be continually audited and tested for effectiveness, implementing corrective actions as needed.

5. Training should be provided to all employees annually at a minimum, with course material covering job-specific requirements to avoid violating sanctions. 

How We Strengthen OFAC Sanctions Screening 

Descartes has developed and refined industry-recognized compliance solutions focusing on streamlined, accurate denied party screening. Our Visual Compliance platform allows companies to screen new and existing partners throughout their entire organization, including subsidiaries and M&As. 

This article is an excerpt from an article in the Descartes Visual Compliance Export Compliance Journal, which dives deeper into all the moving pieces and how enterprises can enhance sanctions screening. Read the full article here.