Wells Fargo Fined for Lax Sanctions Compliance

Joint action by FRB and OFAC for oversight failures


The Treasury and Federal Reserve have jointly fined Wells Fargo Bank nearly $100 million for failing to prohibit sanctions violations conducted on its trade finance platform Eximbills over a period of seven years.

The San Francisco Bank. agreed to pay OFAC  $30 million to settle its potential civil liability for 124 apparent violations of three sanctions programs. The Federal Reserve fined Wells Fargo an additional $67.8 million for inadequate oversight.

For about seven years beginning in 2008 and ending in 2015, Wells Fargo, and its predecessor, Wachovia Bank (“Wachovia”), provided a foreign bank located in Europe with software that the foreign bank then used to process trade finance transactions with U.S.-sanctioned jurisdictions and persons.

Wells Fargo did not identify or stop the European bank’s use of the software platform for trade-financetransactions involving sanctioned jurisdictions and persons for seven years despite potential concerns raised internally within Wells Fargo on multiple occasions following Wells Fargo’s acquisition of Wachovia.

Wachovia specially designed a customized version of Eximbills for Bank A to “host” on Bank A’s own systems, in part so that Bank A could use Eximbills to handle international trade finance instruments involving OFAC-sanctioned jurisdictions and persons. Nonetheless, Bank A’s use of the Hosted Eximbills platform continued to rely on Wachovia’s (and then Wells Fargo’s) technology infrastructure at the bank’s branch in Hong Kong and data facility in North Carolina to manage the 124 non-OFAC- compliant transactions.

A lack of clear communications within Wachovia resulted in different interpretations about whether OFAC prohibitions would be implicated by Wachovia’s provision of the Hosted Eximbills platform to Bank A. Regardless, Wells Fargo’s senior management should reasonably have known that Bank A was using the Hosted Eximbills platform to engage in transactions with OFAC-sanctioned jurisdictions and persons

Wells Fargo compliance and legal personnel reviewed the trade insourcing business, including by retaining a third-party consultant to review certain relevant anti-money laundering and sanctions controls. This review did not identify any sanctions compliance risks specific to the Hosted insourcing business, but one of the consultant’s main conclusions was that contracts with insourcing clients contained inconsistent anti-money laundering and sanctions compliance clauses, a finding that prompted Wells Fargo to begin the process of reviewing and standardizing its insourcing contracts.

n July 2014, an internal audit report found that the insourcing business line needed corrective action because the agreements with various clients were negotiated individually, which resulted in inconsistencies. However, Wells Fargo’s internal audit team did not specifically review the Hosted Eximbills platform business because the audit team relied on the relevant business line’s self-assessment that the software platform was not high risk.

Penalty Calculation

The statutory maximum civil monetary penalty applicable in this matter is $1,066,738,422.22. OFAC determined that the Apparent Violations were voluntarily self-disclosed and that the Apparent Violations were egregious.

Accordingly, under OFAC’s Economic Sanctions Enforcement Guidelines (“Enforcement Guidelines”), 31 C.F.R. part 501, app. A, the base civil monetary penalty applicable in this matter is one-half of the statutory maximum, which is $533,369,211. The settlement amount of $30,000,000 reflects OFAC’s consideration of the General Factors under the Enforcement Guidelines.

Mitigating factors:

 OFAC acknowledges that, more broadly, Wells Fargo had a strong sanctions compliance program at the time of the Apparent Violations, including in the trade finance line of business, and that the failure by Wells Fargo and its senior management to identify and prevent the Apparent Violations was not a result of any systemic compliance breakdown within the broader Wells Fargo organization. 

The majority of the 124 apparent violations related to agriculture, medicine, and telecommunications and therefore may have been eligible for a general or specific license, thus mitigating the harm to sanctions policy objectives.

Promptly after Wells Fargo identified the Apparent Violations, the bank terminated Bank A’s access to the Hosted version of Eximbills, voluntarily disclosed the matter to OFAC, conducted an extensive internal investigation and produced the results to OFAC, and otherwise provided substantial cooperation with OFAC’s investigation, including by agreeing to toll the statute of limitations