SlideShare a Scribd company logo

OFAC Apple Inc Settlement. Lessons Learned

Download as PPTX, PDF
D
dtsiolis

The publication of every new OFAC settlement is a mine of information for the sanctions practitioners. The recent Apple Inc settlement reminds that regulators judge our decisions and methodology and not the data or the software tools used (usually deficient).

Business
1 of 9
“..hosted, sold, and facilitated the transfer of SIS’s software applications and associated content (the “Apparent Violations”)..” ● The relation to a sanctioned entity may not be always and uniquely through a financial transaction. ● Any indirect facilitation (e.g. application hosting) is a breach to the ‘knowingly’ term. ● Every single activity with a customer (e.g. hosting, selling, facilitting) should be individually checked against sanctions
“..During this screening, Apple failed to identify that SIS, an App Store developer, was added to the SDN List and was therefore blocked. Apple later attributed this failure to its sanctions screening tool’s failure to match the upper case name “SIS DOO” in Apple’s system with the lower case name “SIS d.o.o.” as written on the SDN List...” ● Screening software matching failures are not mitigating factors. ● Relying on private databases and third-party software for sanctions screening may have serious consequences. ● For sanctions screening, use only and uniquely the OFAC online search tool. ● Check regularly and document the performance of your screening tool with with test data on the production environment.
“..The owner of the Third Company took over the administration of SIS’s App Store account and replaced SIS’s App Store banking information with his own banking information. These actions were all conducted without personnel oversight or additional screening by Apple...” ● Changes to a relationship fundamental data requires thorough review and screening of the complete file. ● We should go beyond ‘tick the box’ and always clarify ‘Why a change is requested’. ● Internal procedures and IT systems should incorporate: Regulatory Approval and require due diligence on customer fundamental data updates.
“..Apple made 47 payments associated with the blocked apps, including payments directly to SIS, during the period of time that SIS was listed on the SDN List. In total, over 54 months, Apple collected $1,152,868 from customers who downloaded SIS apps..” ● Apple relied uniquely on software tools for detecting payments to sanctioned entities and not additional risk factors. ● The number of transactions, the total amount and time period (54 months) made the relation with the sanctioned entity: ‘significant’ and aggravated the case. ● Random checks should be performed on ‘significant’ relations. ● Checks and controls are more effective when done before the transaction is booked.
“..Reconfigured the primary sanctions screening tool to fully capture spelling and capitalization variations and to account for country- specific business suffixes, and implemented an annual review of the tool’s logic and configuration;..” ● Relying on private databases and third-party software for sanctions screening may have serious consequences. ● For sanctions screening, use only and uniquely the OFAC online search tool. ● Reconfiguring third party tools may either miss relevant hits or significantly increase irrelevant hits. (false positives)
“..Compliance measures should also anticipate potential vulnerabilities in a company’s compliance program that could allow sanctions evasion and circumvention, and should include preventative measures that alert and react to sanctions evasion warning signs, such as business and employment connections between individuals and entities...” ● Compliance program should be reviewed in depth regularly. ● Improve preventive measures with random checks on ‘significant’ relations and do not rely only on screening tools. ● Internal procedures and IT systems should incorporate: Regulatory Approval and require due diligence on customer fundamental data updates.
“..As noted in OFAC’s Framework for Compliance Commitments, U.S. companies can mitigate sanctions risk by conducting risk assessments, and exercising caution when doing business..” ● OFAC refers more and more frequently to the Framework for Compliance Commitments document for an effective compliance program. ● Risk assessment becomes essential before getting into a relationship ● Exercise caution (measure risk) when doing business
“..commitments to minimize the risk..mitigate sanctions risk..pose high risks..” ● Apply an effective risk management and go beyond the mere language of statutes and regulations. ● Regulators do not judge the amount of data or the software tools you are using but rather the decisions you take. ● Go beyond the ‘tick the box’ and name matching. Ask yourself ‘why’ and look for indirect links to sanctioned entities.
arrowlink.com

Recommended

Computer aided audit techniques and fraud detection
Computer aided audit techniques and fraud detectionComputer aided audit techniques and fraud detection
Computer aided audit techniques and fraud detection
Alexander Decker
 
Linckers
LinckersLinckers
Linckers
LINCKERS
 
Fiserv FCRM Platform Brochure
Fiserv FCRM Platform BrochureFiserv FCRM Platform Brochure
Fiserv FCRM Platform Brochure
Paul Stabile
 
Cloud Compliance Use Case Demo
Cloud Compliance Use Case DemoCloud Compliance Use Case Demo
Cloud Compliance Use Case Demo
forkish
 
Tackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-managementTackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-management
Charles Steve
 
14 e b rm mortgage risk toolkit and repository (national credit default datab...
14 e b rm mortgage risk toolkit and repository (national credit default datab...14 e b rm mortgage risk toolkit and repository (national credit default datab...
14 e b rm mortgage risk toolkit and repository (national credit default datab...
Mitchell Grooms
 
A summary of gao’s review of information security (naba barkakati)
A summary of gao’s review of information security (naba barkakati)A summary of gao’s review of information security (naba barkakati)
A summary of gao’s review of information security (naba barkakati)
Naba Barkakati
 
GP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheetGP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheet
Marco Villacorta Olano
 

Recommended

Computer aided audit techniques and fraud detection
Computer aided audit techniques and fraud detectionComputer aided audit techniques and fraud detection
Computer aided audit techniques and fraud detection
Alexander Decker
 
Linckers
LinckersLinckers
Linckers
LINCKERS
 
Fiserv FCRM Platform Brochure
Fiserv FCRM Platform BrochureFiserv FCRM Platform Brochure
Fiserv FCRM Platform Brochure
Paul Stabile
 
Cloud Compliance Use Case Demo
Cloud Compliance Use Case DemoCloud Compliance Use Case Demo
Cloud Compliance Use Case Demo
forkish
 
Tackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-managementTackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-management
Charles Steve
 
14 e b rm mortgage risk toolkit and repository (national credit default datab...
14 e b rm mortgage risk toolkit and repository (national credit default datab...14 e b rm mortgage risk toolkit and repository (national credit default datab...
14 e b rm mortgage risk toolkit and repository (national credit default datab...
Mitchell Grooms
 
A summary of gao’s review of information security (naba barkakati)
A summary of gao’s review of information security (naba barkakati)A summary of gao’s review of information security (naba barkakati)
A summary of gao’s review of information security (naba barkakati)
Naba Barkakati
 
GP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheetGP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheet
Marco Villacorta Olano
 
How Do You Define Continuous Monitoring?
How Do You Define Continuous Monitoring?How Do You Define Continuous Monitoring?
How Do You Define Continuous Monitoring?
Tieu Luu
 
ORIGINATIONNEXT- Risk Assessment Model
ORIGINATIONNEXT- Risk Assessment ModelORIGINATIONNEXT- Risk Assessment Model
ORIGINATIONNEXT- Risk Assessment Model
CRMNEXT
 
Why does-your-company-need-a-third-party-risk-management-program
Why does-your-company-need-a-third-party-risk-management-programWhy does-your-company-need-a-third-party-risk-management-program
Why does-your-company-need-a-third-party-risk-management-program
Charles Steve
 
Excel as a potent forensic accounting tool
Excel as a potent forensic accounting toolExcel as a potent forensic accounting tool
Excel as a potent forensic accounting tool
Dhruv Seth
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?
ObserveIT
 
Prevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringPrevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity Monitoring
ObserveIT
 
eob_dec14.artok
eob_dec14.artokeob_dec14.artok
eob_dec14.artok
Andrew Simpson
 
Treliant_IndustryAdvisory_AML_DFS_Dec2015
Treliant_IndustryAdvisory_AML_DFS_Dec2015Treliant_IndustryAdvisory_AML_DFS_Dec2015
Treliant_IndustryAdvisory_AML_DFS_Dec2015
Steven Reback
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
Maher Manan
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
Beji Jacob
 
Determine Maintenance strateg.docx
Determine Maintenance strateg.docxDetermine Maintenance strateg.docx
Determine Maintenance strateg.docx
DarkKnight367793
 
4. Management and optimisation
4. Management and optimisation4. Management and optimisation
4. Management and optimisation
Rian van der Merwe
 
10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)
Marie Peters
 
State of application performance management in the Indian BFSI sector
State of application performance management in the Indian BFSI sector State of application performance management in the Indian BFSI sector
State of application performance management in the Indian BFSI sector
ValueNotes
 
N6.pdf
N6.pdfN6.pdf
N6.pdf
TrungVThnh8
 
EAI Checklist
EAI ChecklistEAI Checklist
EAI Checklist
Ideba
 
A Paradigm Shift in Audit Process
A Paradigm Shift in Audit ProcessA Paradigm Shift in Audit Process
A Paradigm Shift in Audit Process
Padmapriya V
 
Audit Engagment Letter
Audit Engagment LetterAudit Engagment Letter
Audit Engagment Letter
Kimberly Haynes
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk Consulting
Prashant Jain
 
Event Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityEvent Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and Security
Dreamforce
 
3+ Keys to Proactive Underwriting (1).pdf
3+ Keys to Proactive Underwriting (1).pdf3+ Keys to Proactive Underwriting (1).pdf
3+ Keys to Proactive Underwriting (1).pdf
Cogitate.us
 
Pragmatic software governance
Pragmatic software governancePragmatic software governance
Pragmatic software governance
1E: Software Lifecycle Automation
 

More Related Content

What's hot

Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?
ObserveIT
 

What's hot (6)

How Do You Define Continuous Monitoring?
How Do You Define Continuous Monitoring?How Do You Define Continuous Monitoring?
How Do You Define Continuous Monitoring?
 
ORIGINATIONNEXT- Risk Assessment Model
ORIGINATIONNEXT- Risk Assessment ModelORIGINATIONNEXT- Risk Assessment Model
ORIGINATIONNEXT- Risk Assessment Model
 
Why does-your-company-need-a-third-party-risk-management-program
Why does-your-company-need-a-third-party-risk-management-programWhy does-your-company-need-a-third-party-risk-management-program
Why does-your-company-need-a-third-party-risk-management-program
 
Excel as a potent forensic accounting tool
Excel as a potent forensic accounting toolExcel as a potent forensic accounting tool
Excel as a potent forensic accounting tool
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?
 
Prevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringPrevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity Monitoring
 

Similar to OFAC Apple Inc Settlement. Lessons Learned

Treliant_IndustryAdvisory_AML_DFS_Dec2015
Treliant_IndustryAdvisory_AML_DFS_Dec2015Treliant_IndustryAdvisory_AML_DFS_Dec2015
Treliant_IndustryAdvisory_AML_DFS_Dec2015
Steven Reback
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
Beji Jacob
 
4. Management and optimisation
4. Management and optimisation4. Management and optimisation
4. Management and optimisation
Rian van der Merwe
 
10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)
Marie Peters
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk Consulting
Prashant Jain
 
Event Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityEvent Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and Security
Dreamforce
 
College University Auditor Fall 2015 P-Card Program (Jan)
College University Auditor Fall 2015 P-Card Program (Jan)College University Auditor Fall 2015 P-Card Program (Jan)
College University Auditor Fall 2015 P-Card Program (Jan)
Andrew Simpson
 

Similar to OFAC Apple Inc Settlement. Lessons Learned (20)

eob_dec14.artok
eob_dec14.artokeob_dec14.artok
eob_dec14.artok
 
Treliant_IndustryAdvisory_AML_DFS_Dec2015
Treliant_IndustryAdvisory_AML_DFS_Dec2015Treliant_IndustryAdvisory_AML_DFS_Dec2015
Treliant_IndustryAdvisory_AML_DFS_Dec2015
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
 
Determine Maintenance strateg.docx
Determine Maintenance strateg.docxDetermine Maintenance strateg.docx
Determine Maintenance strateg.docx
 
4. Management and optimisation
4. Management and optimisation4. Management and optimisation
4. Management and optimisation
 
10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)
 
State of application performance management in the Indian BFSI sector
State of application performance management in the Indian BFSI sector State of application performance management in the Indian BFSI sector
State of application performance management in the Indian BFSI sector
 
N6.pdf
N6.pdfN6.pdf
N6.pdf
 
EAI Checklist
EAI ChecklistEAI Checklist
EAI Checklist
 
A Paradigm Shift in Audit Process
A Paradigm Shift in Audit ProcessA Paradigm Shift in Audit Process
A Paradigm Shift in Audit Process
 
Audit Engagment Letter
Audit Engagment LetterAudit Engagment Letter
Audit Engagment Letter
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk Consulting
 
Event Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityEvent Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and Security
 
3+ Keys to Proactive Underwriting (1).pdf
3+ Keys to Proactive Underwriting (1).pdf3+ Keys to Proactive Underwriting (1).pdf
3+ Keys to Proactive Underwriting (1).pdf
 
Pragmatic software governance
Pragmatic software governancePragmatic software governance
Pragmatic software governance
 
Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09Continous auditing and risk monitoring 9 23-09
Continous auditing and risk monitoring 9 23-09
 
College University Auditor Fall 2015 P-Card Program (Jan)
College University Auditor Fall 2015 P-Card Program (Jan)College University Auditor Fall 2015 P-Card Program (Jan)
College University Auditor Fall 2015 P-Card Program (Jan)
 
Developing a Preventative and Sustainable P-card Program
Developing a Preventative and Sustainable P-card ProgramDeveloping a Preventative and Sustainable P-card Program
Developing a Preventative and Sustainable P-card Program
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controls
 

More from dtsiolis

More from dtsiolis (7)

Sanctions timeline-2021
Sanctions timeline-2021Sanctions timeline-2021
Sanctions timeline-2021
 
Risk Culture. At The Heart Of Your Decisions
Risk Culture. At The Heart Of Your DecisionsRisk Culture. At The Heart Of Your Decisions
Risk Culture. At The Heart Of Your Decisions
 
ArrowMiner
ArrowMinerArrowMiner
ArrowMiner
 
Compliance. Artificial intelligence. Are we concerned?
Compliance. Artificial intelligence. Are we concerned?Compliance. Artificial intelligence. Are we concerned?
Compliance. Artificial intelligence. Are we concerned?
 
Compliance. The Importance Of Risk Culture
Compliance. The Importance Of Risk CultureCompliance. The Importance Of Risk Culture
Compliance. The Importance Of Risk Culture
 
AML Data Mining. The Power of Decision Prediction
AML Data Mining. The Power of Decision PredictionAML Data Mining. The Power of Decision Prediction
AML Data Mining. The Power of Decision Prediction
 
ArrowMiner FAQs
ArrowMiner FAQsArrowMiner FAQs
ArrowMiner FAQs
 

Recently uploaded

Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
Roofing Contractor
 
Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...
Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...
Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...
lizamodels9
 
KALYANI 💋 Call Girl 9827461493 Call Girls in Escort service book now
KALYANI 💋 Call Girl 9827461493 Call Girls in Escort service book nowKALYANI 💋 Call Girl 9827461493 Call Girls in Escort service book now
KALYANI 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
allensay1
 

Recently uploaded (20)

Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
 
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTSJAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
 
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...
Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...
Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...
 
KALYANI 💋 Call Girl 9827461493 Call Girls in Escort service book now
KALYANI 💋 Call Girl 9827461493 Call Girls in Escort service book nowKALYANI 💋 Call Girl 9827461493 Call Girls in Escort service book now
KALYANI 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 

OFAC Apple Inc Settlement. Lessons Learned

  • 1. “..hosted, sold, and facilitated the transfer of SIS’s software applications and associated content (the “Apparent Violations”)..” ● The relation to a sanctioned entity may not be always and uniquely through a financial transaction. ● Any indirect facilitation (e.g. application hosting) is a breach to the ‘knowingly’ term. ● Every single activity with a customer (e.g. hosting, selling, facilitting) should be individually checked against sanctions
  • 2. “..During this screening, Apple failed to identify that SIS, an App Store developer, was added to the SDN List and was therefore blocked. Apple later attributed this failure to its sanctions screening tool’s failure to match the upper case name “SIS DOO” in Apple’s system with the lower case name “SIS d.o.o.” as written on the SDN List...” ● Screening software matching failures are not mitigating factors. ● Relying on private databases and third-party software for sanctions screening may have serious consequences. ● For sanctions screening, use only and uniquely the OFAC online search tool. ● Check regularly and document the performance of your screening tool with with test data on the production environment.
  • 3. “..The owner of the Third Company took over the administration of SIS’s App Store account and replaced SIS’s App Store banking information with his own banking information. These actions were all conducted without personnel oversight or additional screening by Apple...” ● Changes to a relationship fundamental data requires thorough review and screening of the complete file. ● We should go beyond ‘tick the box’ and always clarify ‘Why a change is requested’. ● Internal procedures and IT systems should incorporate: Regulatory Approval and require due diligence on customer fundamental data updates.
  • 4. “..Apple made 47 payments associated with the blocked apps, including payments directly to SIS, during the period of time that SIS was listed on the SDN List. In total, over 54 months, Apple collected $1,152,868 from customers who downloaded SIS apps..” ● Apple relied uniquely on software tools for detecting payments to sanctioned entities and not additional risk factors. ● The number of transactions, the total amount and time period (54 months) made the relation with the sanctioned entity: ‘significant’ and aggravated the case. ● Random checks should be performed on ‘significant’ relations. ● Checks and controls are more effective when done before the transaction is booked.
  • 5. “..Reconfigured the primary sanctions screening tool to fully capture spelling and capitalization variations and to account for country- specific business suffixes, and implemented an annual review of the tool’s logic and configuration;..” ● Relying on private databases and third-party software for sanctions screening may have serious consequences. ● For sanctions screening, use only and uniquely the OFAC online search tool. ● Reconfiguring third party tools may either miss relevant hits or significantly increase irrelevant hits. (false positives)
  • 6. “..Compliance measures should also anticipate potential vulnerabilities in a company’s compliance program that could allow sanctions evasion and circumvention, and should include preventative measures that alert and react to sanctions evasion warning signs, such as business and employment connections between individuals and entities...” ● Compliance program should be reviewed in depth regularly. ● Improve preventive measures with random checks on ‘significant’ relations and do not rely only on screening tools. ● Internal procedures and IT systems should incorporate: Regulatory Approval and require due diligence on customer fundamental data updates.
  • 7. “..As noted in OFAC’s Framework for Compliance Commitments, U.S. companies can mitigate sanctions risk by conducting risk assessments, and exercising caution when doing business..” ● OFAC refers more and more frequently to the Framework for Compliance Commitments document for an effective compliance program. ● Risk assessment becomes essential before getting into a relationship ● Exercise caution (measure risk) when doing business
  • 8. “..commitments to minimize the risk..mitigate sanctions risk..pose high risks..” ● Apply an effective risk management and go beyond the mere language of statutes and regulations. ● Regulators do not judge the amount of data or the software tools you are using but rather the decisions you take. ● Go beyond the ‘tick the box’ and name matching. Ask yourself ‘why’ and look for indirect links to sanctioned entities.