Enforcement Release: JUNE 20, 2023
OFAC Settles with Swedbank Latvia for $3,430,900 Related to Apparent Violations of Sanctions on Crimea
Swedbank Latvia AS (“Swedbank Latvia”), which is headquartered in Riga, Latvia and is a subsidiary of Swedbank AB (publ) (“Swedbank AB”), an international financial institution headquartered in Stockholm, Sweden, has agreed to remit $3,430,900 to settle its potential civil liability for 386 apparent violations of OFAC sanctions on Crimea. Throughout 2015 and 2016, a customer of Swedbank Latvia used Swedbank Latvia’s e-banking platform (the “e-banking platform”) from an internet protocol (“IP”) address in Crimea to send payments to persons in Crimea through U.S. correspondent banks (the “Apparent Violations”). The settlement amount reflects OFAC’s determination that Swedbank Latvia’s conduct was non-egregious and not voluntarily self-disclosed.
Conduct Leading to the Apparent Violations
Prior to Russia’s 2014 invasion of the Crimea region of Ukraine, Swedbank Latvia had...
1) IP ADDRESSES AND BEING "IN" A SANCTIONED DESTINATION
From a legal basis standpoint, this is a straightforward example of a non-U.S. bank "causing" a U.S. person processing bank to export financial services to Crimea, which includes the exportation of any service to a person in or ordinarily resident in Crimea. Consistent with typical practice, OFAC regards evidence of services being provided to person with a sanctioned destination IP address as evidence, effectively irrebuttable, that such person was located "in" the sanctioned destination at the time the services were provided. Compare Wells Fargo Bank, N.A. (1st action), suggesting that the violation was based on the failure to use IP addresses to “identify registered users located in Iran”.
2) ABSENCE OF URSR REFERENCE
OFAC cites violations of Section 6(a) of