MORE FACE TIME. LESS WAIT TIME. Visit NebraskaBlue.com/Telehealth to learn more. Health benefits that give you access to virtual visits with doctors and specialists, even if you’re out of state. So you can get the care you need — wherever you are, whenever you need it. An independent licensee of the Blue Cross and Blue Shield Association. for banks, particularly those with global operations and complex transaction volumes, are far-reaching. Why the Change? OFAC’s decision to propose this 10-year requirement is due to a change in the statute of limitations for the civil and criminal violations under the International Emergency Economic Powers Act3 (IEEPA), which was signed into law on April 24, 2024, by President Biden. The act, titled the 21st Century Peace through Strength Act, extended from five (5) years to 10 years the statute of limitations. The act applies to any “violation that was not time-barred at the time of its enactment.”4 The change in the statute of limitations is largely motivated by the increasing complexity and longevity of sanctions investigations. As the financial landscape grows more intricate, tracking cross-border transactions and identifying potential sanctions violations often takes longer than in the past. In many cases, the evidence needed to establish non-compliance may not surface until several years after the fact, prompting the need for a longer retention period. A longer record-keeping period ensures that OFAC and other regulatory bodies have access to historical transaction data, which can be critical in uncovering long-term or sophisticated sanctions evasion schemes. Impact on Banks: Compliance, Costs and Operational Challenges For banks, the extension of the record-keeping requirement presents both challenges and opportunities in terms of operational changes, technology investments and risk management: 1. Increased Compliance Burden The 10-year record-keeping requirement will add to the existing compliance workload for banks. Compliance officers will need to ensure that data storage systems are capable of securely retaining transaction records for a full decade. This includes not just basic transaction data but also customer due diligence records, sanctions screening logs and any other documentation related to sanctions compliance. Additionally, the extended timeframe could result in more requests from regulators and more audits and/or reviews of historical transfer records to ensure ongoing compliance with OFAC regulations. 2. Data Management and Technology Upgrades The proposed rule may very well require significant upgrades to a bank’s data management policies and potentially their infrastructure. Current systems are designed to store and manage records for five (5) years to seven (7) years and may not be equipped to handle this requirement. The sheer volume of data that must be stored securely for an additional five (5) years may strain existing systems, requiring new investments in cloud storage solutions, data encryption technologies and cybersecurity measures. 3. Cost Considerations The costs associated with extending the record-keeping period will likely vary depending on the size and complexity of the bank, but the potential for increased costs may stem from: • Expenses related to data storage, technology upgrades, and increased compliance efforts could be substantial. • In addition to the direct costs of upgrading technology and hiring additional compliance staff, banks must also consider the potential cost of non-compliance. 4. Risk Management and Legal Considerations The increase in the statute of limitations will expose banks to additional risks of investigations and audits, and potentially civil and criminal penalties. Banks will most likely need to consider whether transfers to risky 19 NEBRASKA BANKER
RkJQdWJsaXNoZXIy ODQxMjUw