The Office of Foreign Assets Control (OFAC) has fined a financial services and payment provider $204,213 for lapses in IP address geolocation screening. The amount was substantially reduced from the maximum civil monetary fine that could have been applied because the company self-disclosed and the violations were deemed to be non-egregious.
The company also rapidly moved to substantially strengthen its denied party screening process, by including IP address screening, blocking email addresses from sanctioned countries and regions, and conducting third-party compliance audits.
This is the latest in a series of OFAC enforcement actions against companies unwittingly doing business with entities in sanctioned countries.
- IP address geolocation screening helps reveal the true location of people engaging in online transactions.
- Violations can lead to significant penalties.
- Leveraging proven denied party screening solutions can help to greatly reduce the risk of breaches.
Details of the Latest Case
In the latest enforcement action, the payment provider allowed transactions with individuals in the sanctioned jurisdictions of Crimea, Iran, Syria and Cuba. While the company had a compliance process in place, it relied on the user telling them where they were located.
Had they been using a robust denied party screening solution that included IP address screening, it most likely would have uncovered the true picture.
Compliance Strategies to Mitigate Risk
Not having IP address screening creates a compliance gap that bad actors can exploit. Businesses can navigate complex OFAC regulations more effectively by putting in place processes that prioritize:
- Regular compliance due diligence.
- Ongoing procedural updates.
- Automated screening.
IP address screening is especially important for organizations engaged in global business, such as those in financial services, software, ecommerce among many others.
How We Can Help with IP Address Screening
We are a provider of industry-leading international trade compliance solutions that seamlessly operate within a risk-based environment. These solutions help financial institutions to comply with export control rules and regulations in the U.S. and around the world.