Does
ISTwatch© work with databases such as SQL Server,
Oracle etc?
Yes. ISTwatch© can be integrated with a variety of databases such as
SQL Server, Oracle, DB2, MySQL, etc.
What is the price of ISTwatch©?
It is our company's policy not to post the prices on the
web site. Please contact
us and we will be happy to answer your questions.
How do I purchase
ISTwatch©?
Once you are ready to purchase you can simply let us know and we will be happy
to assist you. At
any
time if you have any questions feel free to contact
us.
How do I trial ISTwatch©?
IST offers a free trial of the software to help you evaluate the performance
of the product in your working environment. Please contact
us to set up a call with our technical sales staff. We look forward to hearing
from you.
Can I call ISTwatch© and
its functions from my application?
Applications can interface with CorrectAddress® and use its functionalities
on all supported systems. The modules can be invoked from a wide array of environments
and languages, including C/C++, Java, Visual Basic, VBA, VB.NET, C#, PERL, PL/SQL,
T-SQL, Visual FoxPro, PHP, Python, ColdFusion, Power Builder and COBOL.
A number of SDKs and demos are available to assist developers with the integration
of CorrectAddress® into existing applications or creating new applications
from scratch.
CorrectAddress® library modules are multi-thread safe and can be shared by
many users.
Once you decide to try the software, it is our goal to assist
you in implementing the software and to ensure that everything works correctly
and proceeds smoothly.
Who
must comply with OFAC regulations?
All U.S. persons must comply with OFAC regulations,
including all U.S. citizens and permanent resident
aliens regardless of where they are located, all persons
and entities within the United States, all U.S. incorporated
entities and their foreign branches. In the cases of
certain programs, such as those regarding Cuba and
North Korea, all foreign subsidiaries owned or controlled
by U.S. companies also must comply. Certain programs
also require foreign persons in possession of U.S.
origin goods to comply.
How much are the fines for violating OFAC regulations?
The fines for violations can be substantial. Depending on the program, criminal
penalties can include fines ranging from $50,000 to $10,000,000 and imprisonment
ranging from 10 to 30 years for willful violations. Depending on the program,
civil penalties range from $11,000 to $1,000,000 for each violation.
Is there a mechanism for a company
to report its past undetected violations of OFAC
regulations for completed transactions? Is any
type of "amnesty" available for inadvertant
failure to comply prior to the company becoming
aware of the OFAC regulations?
Yes, a company can and is encouraged to voluntarily
disclose a past violation. Self-disclosure is
considered a mitigating factor by OFAC in Civil
Penalty
proceedings. A self-disclosure should be in the form of a detailed letter,
with any supporting documentation, to R. Richard Newcomb, Director, Office
of Foreign Assets Control, U.S. Department of the Treasury, 1500 Pennsylvania
Ave., N.W., Washington, DC 20220. OFAC does not have an "amnesty" program.
The ramifications of non-compliance, inadvertent or otherwise, can jeopardize
critical foreign policy and national security goals. OFAC does, however, review
the totality of the circumstances surrounding any violation, including the
quality of a company's OFAC compliance program.
What is an OFAC
SDN list?
As part of its enforcement efforts, OFAC publishes a list of individuals and
companies owned or controlled by, or acting for or on behalf of, targeted countries.
It also lists individuals, groups, and entities, such as terrorists and narcotics
traffickers designated under programs that are not country-specific. Collectively,
such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their
assets are blocked and U.S. persons are generally prohibited from dealing with
them.
How often is the
SDN list updated?
The SDN list is frequently updated. There is no predetermined timetable, but
rather names are added or removed as necessary and appropriate. Please see
the link titled "Automating OFAC Compliance" in the LINKS section
of this document for suggestions on how to keep constantly up-to-date.
What do I do if
I have a match to the SDN list?
If you have checked a name manually or by using software and find a match,
you should do a little more research. Is it an exact name match, or very close?
Is your customer located in the same general area as the SDN? If not, it may
be a "false hit." If there are many similarities, contact OFAC's "hotline" at
1-800-540-6322 for verification (a more detailed process is described in the
next section). Unless a transaction involves an exact match, it is recommended
that you contact OFAC Compliance before actually blocking assets.
How to report a match via
OFAC “hotline”?
Before you call the OFAC compliance “hotline”, make sure you go
through the following “due diligence” steps.
1. Is the “hit” or “match” against
OFAC’s SDN list or targeted countries, or is it “hitting” for
some other reason (e.g., Denied Persons List, Canadian OSFI List,
Bank of England List), or can you not tell what the “hit” is?
• If it’s hitting against
OFAC’s SDN list or targeted countries, continue to 2 below.
• If it’s hitting for some other reason, you should contact the “keeper” of
whichever other list the match is hitting against. For questions about:
• The Denied Persons List, please contact the Bureau of Industry and Security
at the U.S. Department of Commerce at 202-482-4811.
• OSFI List, please contact Office of Superintendant of Financial Institutions
via extcomm@osfi-bsif.gc.ca
• UK List, please send inquires to The Financial Sanctions Unit at +44
20 7601 4768/5811/4783/4607 Fax: +44 20 7601 4309 or via email sanctions.unit@bankofengland.co.uk
2. Now that you’ve established
that the hit is against OFAC’s SDN list or targeted countries,
you must evaluate the quality of the hit. Compare the name of your
accountholder with the name on the SDN list. Is the name of your
accountholder an individual while the name on the SDN list is a
vessel, organization or company (or vice-versa)?
• If yes, you do not have a valid
match.*
• If no, please continue to 3 below.
3. How much of the SDN’s name is
matching against the name of your accountholder? Is just one of
two or more names matching (i.e., just the last name)?
• If yes, you do not have a valid
match.*
• If no, please continue to 4 below.
4. Compare the complete SDN entry with
all of the information you have on the matching name of your accountholder.
An SDN entry often will have, for example, a full name, address,
nationality, passport, tax ID or cedula number, place of birth,
date of birth, former names and aliases. Are you missing a lot of
this information for the name of your accountholder?
• If yes, go back and get more
information and then compare your complete information against
the SDN entry.
• If no, please continue to 5 below.
5. Are there a number of similarities
or exact matches?
• If yes, please call the hotline
at 1-800-540-6322.
• If no, you do not have a valid match.*
* If you have reason to know or believe
that processing this transfer or operating this account would violate
any of the Regulations, you must call the hotline and explain this
knowledge or belief.
What is the Control list?
What is the difference between the Control list
and OFAC's SDN list?
The Control List was developed by the law enforcement community in response
to the events of September 11. It was separate from the OFAC's SDN list and
was not disseminated by OFAC. On November 26th, 2002, the regulators announced
the discontinuation of the Control List and unveiled a new process for handling
information requests from the government (see CONTROL LIST TIMELINE section
of the document), based on section 314(a) of the USA PATRIOT Act.
How often do I
need to scan my customer database for SDNs?
The frequency of running an OFAC scan must be guided by your internal company
policy and procedures. Keep in mind, however, that if your organization fails
to identify and block a target account (of a terrorist, for example), there
could be "real world" consequences such as a transfer of funds or
other valuable property to an SDN, an enforcement action against your bank,
and negative publicity.
How do I setup
a compliance program for my organization?
There is no prepackaged compliance program that fits the needs of every company.
A good starting point is to look through the “OFAC Regulations by Industry" documents.
Then read the brochure for the Financial Community. This brochure provides
insight as to how your particular bank could set up a compliance program.
What do I do if
a person tries to open an account and the person's name is on OFAC's
SDN list? Do I open the account and then block the funds?
A U.S. bank cannot open an account for a person named on the SDN list. This
is a prohibited service. However, you should pay careful attention to be sure
the person trying to open the account is the same person as the one named on
OFAC's list. In many cases you may get a "false positive," where
the name is similar to a target's name, but the rest of the information provided
by the applicant does not match the descriptor information on OFAC's SDN list.
CONTROL LIST TIMELINE:
SUMMARY: Control List was
a confidential document containing names related
to the FBI terrorist investigations. The list was
recently discontinued – instead, process
described in section 314(a) will be used for sharing
information between financial institutions.
October 2001: In response to the September
11, 2001, attacks, the FBI created a confidential document called
the Control List. The List was compiled by various federal law enforcement
agencies conducting investigations into terrorist activities and consisted
of names and identifying data of individuals and entities that these
agencies believed may be related to their investigation. In October
of 2001, the FBI provided the Control List to all financial institution
regulators. The regulators, in turn, forwarded the List to financial
institutions under their supervision once the financial institution
had "registered" with its respective regulator. Financial
institutions were given until October 12, 2001, to provide their regulator
with the name of a senior level person as the contact for the Control
List, that person's title, telephone number, and e-mail address. Upon
receipt of this registration information, the regulators e-mailed
a copy of the Control List to the institution.
October 26, 2001: The USA PATRIOT Act is
signed into law and is intended to thwart terrorist activity in the
United States. Title III of the Act amends a number of sections under
the Bank Secrecy Act and sets out new compliance requirements for
financial institutions.
September 18, 2002: Final regulations are
released implementing Section 314(a) of the USA PATRIOT Act. The final
rule became effective on September 26, 2002 and is now part of the
Bank Secrecy Regulations. The section 314(a) regulations establish
a mechanism for law enforcement authorities to communicate names of
suspected terrorists and money launderers to financial institutions.
Upon receipt of name information from the federal government, financial
institutions are expected to conduct a search of their account records
and report any matches.
November 26, 2002: The Treasury Department
releases a Joint Agency Notice, according to which the FBI has discontinued
the use of the Control List and will instead rely on the section 314(a)
process to communicate their information requests.
SECTION 314(a) INFORMATION PROCESS
All communications regarding information requests from the federal government
will be funneled through FinCEN and the section 314(a) process. In order
for FinCEN to "know" who to send information requests to, it is
imperative that all financial institutions be included in the contact list
used by FinCEN. In developing their contact list, FinCEN used contact information
collected for disseminating the old Control List. If your organization has
not received any requests from FinCEN since November 4, 2002, you should
contact your primary regulator and ask to be added to FinCEN's contact list.
In requesting information, FinCEN will
use a standard cover letter called Form C and an information request
attachment called Form B. The request attachment or Form B will contain
the identifying information FinCEN has regarding a suspect. Presumably,
this identifying information will be the person's name and/or various
aliases, but it could also be an address, date of birth, etc. Using
the identifying information you are given, you must search your records
for:
1. Any current account maintained by
or on behalf of the named suspect;
2. Any prior account maintained by or on behalf of a named suspect during
the preceding twelve months;
3. And any transaction (other than a transaction conducted through an account)
conducted by or on behalf of a named suspect, or any transmittal of funds
conducted in which a named suspect was either the transmitter or the recipient,
during the preceding six months that is required under law or regulation
to be recorded by you or is recorded and maintained electronically.
If you find a match in conducting your search of accounts and transactions,
you must provide FinCEN with the following information:
1. The name of the individual, entity or organization;
2. The number of each account, or in the case of a transaction, the date
and type of the transaction; and
3. Any specific identifier provider by the suspect when the account was opened
or the transaction conducted, such as a date or birth or an address.
Only the above information should be submitted back to FinCEN. Do not send
any records of an account or transaction when responding to a section 314(a)
request. If the government needs additional information, they will need to
follow the procedures under the Right to Financial Privacy Act and obtain
a subpoena or court order. Positive responses should be sent within seven
business days to FinCEN by electronic mail at sys314a@fincen.treas.gov. If
you do not have e-mail, you may submit your response by facsimile transmission
at 703-905-3660. In your response, you must identify your organization as
the sender and the person you have designated to receive similar information
requests in the future. Also, e-mail responses must contain FinCEN's Tracking
Number in the subject line. The tracking number is located in the upper right-hand
corner of Form B and will begin with "Fin 314a". Finally, it is
important to remember that FinCEN is not interested in negative responses
or responses that state no matches were found. The government can only handle
so much paperwork and must limit feedback to positive responses.
The information you receive via section 314(a) should only be used for purposes
of responding to FinCEN. You should not disclose to others that FinCEN has
requested information from you except to the extent to comply with the request.
Policies and Procedures:
In order to ensure that information requests are handled promptly and timely,
it is important to create detailed compliance policies and procedures. As part
of this process, be sure to designate specific staff who will handle section
314(a) requests. Given the confidentiality expectations, it is important that
the number of employees "touching" section 314(a) requests be limited.
Tools:
For institutions large and small, the amount
of account data generated can be insurmountable. Manual searches for
matches with government lists can be a timely and costly process.
Now is the time to consider software products to assist you in complying
with section 314(a) requests. Whether it is to comply with the USA
PATRIOT Act or help prevent fraud and identity theft, realistically,
using software is the only practical way to stay ahead of the game.
Training:
As with any new law and process, training
at all levels is essential. Once you have designated an employee to
handle section 314(a) requests, that person will need detailed training
on how to process the requests. This person will also need to understand
your system for searching accounts and transactions for matches to
information requests.
Your Board and management will also need
to be brought up to speed on the section 314(a) requirements and the
need for adequate tools to comply with the new law. The board should
formally approve your policies and procedures in this area.
Finally, all employees should receive some awareness training on section 314(a).
The specific compliance details may not be necessary, but you definitely want
to send the message that this process is highly confidential. All employees
should be told who in your organization to contact regarding government requests
for information.
LINKS:
OFAC Frequently
Asked Questions Links:
http://www.ustreas.gov/offices/enforcement/ofac/faq/index.html
Information on USA PATRIOT Act section
314(a) provisions on FinCEN website:
http://www.fincen.gov/fi_infoappa.html
Joined Agency Notice by FinCEN and the
primary federal regulators:
Moratorium on sec. 314(a) Info Requests & Discontinuation of the Control
List
http://www.fincen.gov/314amoratorium.pdf
Section 314(a) final rule:
http://www.treas.gov/press/releases/docs/314finalrule.pdf
Compliance Headquarters - regulatory compliance
information:
http://www.complianceheadquarters.com/
Automating OFAC Compliance:
http://www.ustreas.gov/offices/enforcement/ofac/automation/index.html
Useful OFAC documents:
http://www.ustreas.gov/offices/enforcement/ofac/articles/index.html
Compiled by Intelligent Search Technology © 2004
|
