BMO Harris Bank on Wednesday escaped an OFAC fine, even though it admitted to having processed six funds transfers totaling $67,357 representing payment by a customer of sums to an Iranian entity from which the customer had purchased Persian rugs. The customer, apparently a retailer that purchased and resold Persian rugs from Iran, had been a bank customer since 2009 when the importation of rugs from Iran was still legal. Because the customer’s name contained the word “Persian,” the bank’s somewhat overzealous interdiction software had been resulting in hits for each transaction by the customer, so the bank put the customer on a false hits list to prevent transactions by the customer from being flagged each time.

On September 29, 2010, OFAC banned the importation of Iranian rugs but, apparently, the bank’s customer didn’t get the message. (That’s what you get for not reading the Federal Register cover-to-cover each morning!) The customer continued to import Iranian rugs and the bank continued to process related wire transactions. In 2011, a suspicious downstream bank in the transaction requested additional information. A Harris Bank employee apparently then learned that the payment was to Iran for Persian rugs but, because the customer was on the false hit list, did not do anything and, as a result, Harris processed five additional transactions for payments to Iran.

Normally such a scenario is a sure-fire guarantee that the company involved will get walloped with an OFAC fine, but in this case OFAC decided to show a little mercy, apparently feeling that the false-hit list was to blame and stating that the bank “may have been unaware of the risks associated with a false hit list that was not reviewed and updated regularly.” This is a bit strange given that the issue here had nothing to do with reviewing and updating the list. The customer, which was on the false hit list, was still a false hit. It had not become an SDN, and the violation did not result from an error in the list.

The violation occurred not because the bank did not review the list but because it did not review the transaction. And this reveals an all-too-common misunderstanding by front line employees about OFAC sanctions. They often see it merely as a list-checking exercise. Is the customer on the list? Nope. Okay, then, everything’s good to go. And this appears to be exactly what happened here. The front line bank employee saw that the customer wasn’t on the SDN list and was instead on the “false hit” list and that was the end of the inquiry

Even though this case really isn’t about a bad false hit list, OFAC used it as an opportunity to issue a “False Hits List Guidance.” The new guidance, if it can really be called that, states the obvious: namely, that false hit lists are a “legitimate” practice as long as you check them periodically to make sure that someone who was not an SDN two weeks ago did not suddenly become an SDN yesterday. Oddly, OFAC does not say anything in the guidance about the glaring lesson from the case at hand, so I’ll say it for them: just because a customer is on the false hit list does not mean that the transaction itself need not be reviewed. (Your welcome, OFAC.)

Of course, I can’t leave the guidance without reference to a tiny bit of silliness in it. The guidance says that a review of the list should be triggered by any “meaningful change” in the customer’s information such as “a change in ownership status, business activity, address, date of birth, place of business, etc.” Wait a second. Does this mean you can change your birth date? Really? Please tell me how you do that. My birthday comes really close to Christmas and I’ve always wanted to move it back into a more present-friendly zone such as June. Also, I bet a number of us would like to shave a few years off that birth date as well.

Crédit Agricole just agreed to pay $787.3 million to settle charges that it violated the U.S. sanctions on Iran and other countries by stripping references to those countries in communications sent to U.S. banks to process dollar-based transactions. And to quote Yogi Berra: “It’s déjà vu all over again.”

The payment is divided up as follows: $385 million to the New York State Department of Financial Services, $156 million to the U.S. Attorney’s Office for the District of Columbia, $156 million to the Manhattan District Attorney’s Office, and $90.3 million to the Federal Reserve. Once again the biggest chunk of change goes to the NYDFS which, as you probably know, doesn’t have the power to enforce any U.S. sanctions inasmuch as it’s just a state agency, notwithstanding its own delusions of grandeur.

But wait a minute. Where is OFAC in all this? I mean, after all, the last time I checked the Iran, Cuba and Sudan sanctions all had OFAC’s name written all over them. Well, OFAC announced today at the same time a $329.5 million fine against Crédit Agricole. Is that on top of the $787.3 million, pushing the fine over $1 billion? Nope. Read the fine print at the end of the OFAC press release:

CA-CIB’s $329,593,585 settlement with OFAC will be deemed satisfied by the bank’s payment of that amount to DOJ, DANY, and the Board of Governors for the same pattern of conduct.

As noted above, out of the $787.3 million, $402.3 million dollars is going to DOJ (through the U.S. Attorney for the District of Columbia), the DANY and the Federal Reserve, more than enough to satisfy the OFAC penalty under this somewhat odd arrangement. But it is not completely insignificant that OFAC did not say that payments to the NYDFS would discharge the OFAC penalty, perhaps indicating a bit of pique by OFAC with NYDFS trying to cash in on violations of OFAC rules.

In this context, an email that Reuters obtained back in June from OFAC to NYDFS in reference to an unnamed investigation of a foreign bank (presumably Crédit Agricole) by NYDFS was not very nice at all.

Given the ongoing negotiations, the situation regarding Iran is extremely sensitive at the moment. As a result, any actions that are taken in connection with sanctions violations pertaining to Iran may have serious impacts on the ongoing negotiations and U.S. foreign policy goals and objectives. The Iranians are not going to distinguish between enforcement actions taken at the state level versus enforcement actions taken at the federal level.”

One has to assume that the NYDFS, driven to feed its addiction to federal sanctions money, gave a terse and impolite response to OFAC that can’t be printed in a family blog, which explains the oddity of OFAC settlement in this case. I think we can safely assume that NYDFS isn’t being invited to OFAC’s holiday party this year.