Thought Leadership

Financial Services Provider Settles with OFAC for Apparent U.S. Sanctions Violations Associated with Processing for Online Payments

Client Updates

On July 23, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) announced the entry into a $1,400,301.40 settlement with Payoneer, Inc. (“Payoneer”), a global provider of online payment distribution solutions headquartered in New York, for over 2,200 apparent violations of multiple U.S. sanctions programs.1

According to OFAC, between approximately February 2013 and February 2018, Payoneer processed 2,260 transactions (worth over $800,000) on behalf of individuals and entities located in certain jurisdictions and regions subject to sanctions, including Crimea, Iran, Sudan, and Syria, as well as persons on OFAC’s Specially Designated Nationals and Blocked Persons (“SDN”) List.

These alleged violations, which related to commercial transactions processed by Payoneer on behalf of both its corporate customers and card-issuing financial institutions, resulted from several breakdowns in the company’s sanctions compliance processes, including:

  • weak algorithms in its sanctions screening protocol, which did not flag close or “fuzzy” matches to SDN List entries;

  • the failure to screen for Business Identifier Codes (BICs), even when SDN List entries contained them;

  • permitting flagged and pended payments to be automatically released without further review for sanctions risks during screening backlogs; and

  • the lack of focus on sanctioned locations (especially Crimea) because it was not monitoring IP addresses.

The statutory maximum civil monetary penalty that OFAC could have imposed against Payoneer was $666,142,614.  However, in settling the matter for $1,400,301.40, OFAC considered several mitigating factors, including Payoneer’s commitment to employ the following measures to minimize the risk of similar conduct occurring again:

  • Replacing its Chief Compliance Officer, retraining all compliance employees, and
    hiring new compliance positions focused specifically on screening;

  • Enhancing its screening software to include financial institution alias names and BIC
    codes and to automatically trigger a manual review of payments or accounts that
    match parties on the SDN List;

  • Enabling the screening of names, shipping and billing addresses, and IP information
    associated with account holders in order to better identify jurisdictions and regions subject to sanctions;

  • Stopping transactions flagged by its filter instead of allowing them to automatically proceed during screening backlogs; and

  • Conducting a daily review of identification documents uploaded to Payoneer, and a rule engine that halts payments identified as connected with jurisdictions or regions subject to sanctions.

Compliance Takeaways

The Payoneer settlement underscores the emphasis that OFAC consistently has placed (most recently in enforcement actions against bitcoin payment service provider BitPay2 and German software company SAP3) on the effective utilization of IP address identification and blocking capabilities as a core component of sanctions compliance for internet-based companies.  Most of the apparent violations committed by Payoneer were the result of processing payments for parties located in sanctioned jurisdictions, which could have been better identified through geolocation IP address screening.

Additionally, as with its February settlement with BitPay (also a payment services provider), OFAC’s settlement with Payoneer highlights the importance for companies to screen all available information on customers and counterparties at their disposal in order to mitigate all potential sanctions risks associated with a proposed transaction.  Such screening protocols should also be established such that any transaction that may present a sanctions risk (be it a possible connection to a sanctioned jurisdiction or a potential party identified on the SDN List) is appropriately flagged and held until it has undergone a more scrutinized review by a compliance specialist. 

Baker Botts is an international law firm whose lawyers practice throughout a network of offices around the globe. Based on our experience and knowledge of our clients' industries, we are recognized as a leading firm in the energy, technology and life sciences sectors. Since 1840, we have provided creative and effective legal solutions for our clients while demonstrating an unrelenting commitment to excellence. For more information, please visit

Related Professionals