[SEE ORIGINAL PDF FILE FOR FULL DEFERRED PROSECUTION AGREEMENT; OTHER ATTACHMENTS]
ATTACHMENT A
STATEMENT OF FACTS
The following Statement of Facts is incorporated by reference as part of the non prosecution agreement between the United States Department of Justice, Criminal Division, Money Laundering and Asset Recovery Section and the United States Attorney’s Office for the District of Columbia (the “Offices”) and UniCredit Bank Austria AG (“BA” or the “Bank”), and between the New York County’s District Attorney Office (“DANY”) and BA. BA hereby agrees and stipulates that the following information is true and accurate. BA admits, accepts, and acknowledges that it is responsible for the acts of its officers, directors, employees, and agents as set forth below:
1. BA admits that its conduct, as described herein, violated Title 18, United States Code, Section 371, by conspiring to violate the International Emergency Economic Powers Act (“IEEPA”), specifically Title 50, United States Code, Section 1701 et seq., which, during the period of relevant conduct, made it a crime to willfully attempt to commit, conspire to commit, or aid and abet in the commission of any violation of the regulations prohibiting the export of services from the United States to Iran, Libya, Sudan, and Burma.
2. Specifically, BA admits that it conspired with certain customers to violate IEEPA from at least in or around 2002 to at least in or around 2012 by processing payments to or through the United States involving persons prohibited under IEEPA from accessing the U.S. financial system.
3. BA further admits that its conduct, as described herein, violated New York State Penal Law Sections 105.05 and 175.10.
4. Beginning in 2002, and up through and including 2012, BA knowingly and willfully conspired to violate United States and New York State laws by processing sixteen transactions worth at least $20 million through the United States involving persons located or doing business in Iran and other countries subject to U.S. economic sanctions or otherwise subject to U.S. economic sanctions, willfully causing financial services to be exported from the United States to sanctioned customers in Iran and elsewhere in violation of U.S. sanctions laws and regulations. BA’s conduct caused U.S. financial institutions located in New York, New York, to process U.S. dollar transactions that otherwise should have been rejected, blocked, or stopped for investigation pursuant to U.S. economic sanctions laws and regulations.
Applicable Law
5. Pursuant to U.S. law, financial institutions are prohibited from participating in certain financial transactions involving persons, entities, and countries that are subject to U.S. economic sanctions (“Sanctioned Entities”). The United States Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) promulgates regulations to administer and enforce
U.S. law governing economic sanctions, including regulations for sanctions related to specific countries, as well as sanctions related to Specially Designated Nationals (“SDNs”). SDNs are individuals and companies specifically designated by OFAC as having their assets blocked from the U.S. financial system by virtue of being owned or controlled by, or acting for or on behalf of, targeted countries, as well as individuals, groups, and entities, such as terrorists and weapons of mass destruction proliferators, designated under sanctions programs that are not country-specific. Violators of OFAC regulations are subject to a range of penalties, both criminal and civil, and U.S. financial institutions, among others, are required to reject or block those transactions from proceeding.
The International Emergency Economic Powers Act
6. The International Emergency Economic Powers Act, Title 50, United States Code, Sections 1701 to 1706 (“IEEPA”), grants the President of the United States a broad spectrum of powers necessary to “deal with any unusual and extraordinary threat, which has its source in whole or substantial part outside the United States, to the national security, foreign policy, or economy of the United States, if the President declares a national emergency with respect to such threat.” Title 50, United States Code, Section 1701(a).
7. The President exercised these IEEPA powers through Executive Orders that imposed economic sanctions to address particular emergencies and delegate IEEPA powers for the administration of those sanctions programs. On March 15, 1995, the President issued Executive Order No. 12957, finding that “the actions and policies of the Government of Iran constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States,” and declaring “a national emergency to deal with that threat.” On May 6, 1995, the President issued Executive Order No. 12959, which imposed comprehensive trade and financial sanctions on Iran. These sanctions prohibited, among other things, the exportation, re- exportation, sale, or supply, directly or indirectly, to Iran or the Government of Iran of any goods, technology, or services from the United States or U.S. persons, wherever located. This includes persons in a third country with knowledge or reason to know that such goods, technology, or services are intended specifically for supply, transshipment, or re-exportation, directly or indirectly, to Iran or the Government of Iran. On August 19, 1997, the President issued Executive Order No. 13059, consolidating and clarifying Executive Order Nos. 12957 and 12959 (collectively, the “Executive Orders”). The most recent continuation of this national emergency was executed on March 12, 2019. 84 Fed. Reg. 9219 (Mar. 13, 2019).
8. The Executive Orders authorized the U.S. Secretary of the Treasury to promulgate rules and regulations necessary to carry out the Executive Orders. Pursuant to this authority, the Secretary of the Treasury promulgated the Iranian Transactions and Regulations (“ITRs”),[1] 31 C.F.R. Part 560, implementing the sanctions imposed by the Executive Orders. With the exception of certain exempt transactions, the ITRs prohibited, among other things, the export of financial services to Iran, including prohibiting U.S. depository institutions from servicing Iranian accounts, and directly crediting or debiting Iranian accounts, without a license from OFAC. 31 C.F.R. § 560.204. The ITRs defined “Iranian accounts” to include accounts of “persons who are ordinarily resident in Iran, except when such persons are not located in Iran” and explicitly prohibited the exportation of financial services performed on behalf of a person in Iran or where the benefit of such services was received in Iran. 31 C.F.R. §§ 560.320, 560.410. The ITRs also prohibited unlicensed transactions by any U.S. person who evades or avoids, has the purpose of evading or avoiding, or attempts to evade or avoid the restrictions imposed under the ITRs. The ITRs were in effect at all times relevant to the conduct described herein.
[1] On October 22, 2012, OFAC renamed and reissued the ITRs as the Iranian Transactions and Sanctions Regulations. All of the conduct described herein took place prior to the renaming.
9. OFAC has provided exemptions for certain types of transactions. For example, until November 2008, OFAC permitted U.S. banks to act as an intermediary bank for U.S. dollar transactions related to Iran between two non-U.S., non-Iranian banks (the “U-turn exemption”). The U-turn exemption applied only to sanctions regarding Iran, and not to sanctions against other countries or entities, and only applied until November 2008.
10. OFAC was located in the District of Columbia.
11. Pursuant to Title 50, United States Code, Section 1705, it is a crime to willfully violate, attempt to violate, conspire to violate, or cause a violation of any license, order, regulation, or prohibition issued under IEEPA, including the ITRs.
12. The unlawful transactions discussed below were not licensed or authorized by OFAC.
New York State Law Regarding False Business Records
13. New York State Penal Law Sections 175.05 and 175.10 make it a crime to, “with intent to defraud,…1. [m]ake[] or cause[] a false entry in the business records of an enterprise [(defined as any company or corporation)]…or 4. [p]revent[] the making of a true entry or cause [] the omission thereof in the business records of an enterprise.” It is a felony under Section 175.10 of the New York State Penal Law if a violation under Section 175.05 is committed and the person’s or entity’s “intent to defraud includes an intent to commit another crime or aid or conceal the commission thereof.”
Sanctions Screening Generally
14. Financial institutions using the United States financial system are obligated to ensure they do not violate U.S. sanctions and other laws, and, as a result, screen financial transactions including international wire payments effected through the use of Society for Worldwide Interbank Financial Telecommunication (“SWIFT”) messages. Because of the vast amount of wire payments processed by financial institutions in the United States, particularly those involved in correspondent banking, institutions often employ sophisticated computer software, commonly referred to as filters, to automatically screen all wire payments and messages against lists of sanctioned countries and parties, among other things. When the filters detect a possible match to a sanctioned country or party, the payment can be stopped and held for further manual review. When a financial institution determines that a transaction violates U.S. sanctions regulations, the institution must “reject” or “block” the payment—that is, refuse to process or execute the payment—and notify OFAC of the attempted transaction. The sending institution must then demonstrate to OFAC that the payment does not violate U.S. sanctions before the funds can be released and the payment processed.
UNICREDIT BANK AUSTRIA
15. BA was established in 1991 as a result of the merger of two Austrian banks. In 2000, HypoVereinsbank (“HVB”) acquired Bank Austria. In 2005, UniCredit S.p.A. (“SpA”) acquired both HVB and BA. HVB was renamed UniCredit Bank AG (“UCB AG”) and BA was renamed UniCredit Bank Austria AG. BA Consistently Processed Transactions Connected to Sanctioned Jurisdictions through the United States Non-Transparently
16. BA is a member of SWIFT and historically has used the SWIFT system to transmit international payment messages to and from other financial institutions around the world. There are a variety of different SWIFT message formats, depending on the type of payment or transfer to be executed. For example, when a corporate or individual customer sends an international wire payment, the de facto message type is known as an MT103 SWIFT message. When a financial institution sends a bank-to-bank credit transfer the de facto standard is known as an MT202 SWIFT message. The different message types contain different fields of information to be completed by the sending party or institution. During the relevant period, some of these fields were mandatory— that is, they had to be completed for a payment to be processed—and others were optional.
17. Transactions in U.S. dollars between two parties who are located outside the United States and who maintain accounts at different banks typically must transit through the United States and U.S. correspondent banks through the use of SWIFT messages. This process typically is referred to as “clearing” through the United States
18. In September 1999, a BA document relating to the processing of foreign commercial payments explained that U.S. banks were obligated to “FREEZE, WITHOUT EXCEPTION, PAYMENT ORDERS and COVER PAYMENT ORDERS which have any connection to” what BA called “embargo countries,” which included Iran, Cuba, Syria, and others. This document instructed BA employees that they should “ON NO ACCOUNT WHATSOEVER” route wire transfers denominated in U.S. dollars that were connected with embargo countries and destined for a third country through U.S. banks. The document also instructed BA employees to conceal the nexus to the sanctioned jurisdiction in processing foreign commercial payments. Specifically, the document stated: “IT IS ABSOLUTELY IMPERATIVE to replace the Ordering Party’s information (to the extent he/she is a resident of an embargo country) by ‘BY ORDER OF OUR CLIENT.’ Reasons for payment which show a connection to an embargo country must ON NO ACCOUNT WHATSOEVER be mentioned.”
19. Consistent with this practice, between 2004 and 2012, BA processed approximately 83.9% of its foreign exchange, money market, and financial institution payments, including certain trade finance payments, with a connection to a sanctioned jurisdiction through U.S. banks using a non-transparent double MT202 method, and approximately 92.6% of its commercial payments, including certain trade finance payments, using a cover payment method. Under these methods, BA sent one payment message to the U.S. correspondent bank that did not contain information on the originator or beneficiary of the payment and a separate message to the overseas beneficiary bank that did contain information regarding the originator and beneficiary of the payment. As a result, the U.S. bank did not receive adequate information needed to screen and potentially reject or block transactions involving a sanctioned jurisdiction.
20. In contrast, during the same period, BA processed approximately 52.8% of all customer transfers (including certain trade finance payments) and approximately 99.6% of financial institution transfers (including certain trade finance payments) that did not involve a sanctioned jurisdiction using transparent serial MT202 or serial MT103 methods. These methods would have allowed the U.S. bank to identify and screen the originator or beneficiary of the transaction.
21. Between 2004 and 2012, BA processed transactions worth approximately $4.2 billion with a connection to a sanctioned jurisdiction through the United States. Of this total, BA processed transactions worth approximately $3.9 billion using a non-transparent method, which meant that U.S. banks could not screen the originator or beneficiary of the transaction. The majority of these transactions, totaling approximately $3.8 billion were, however, legal Iranian U- turns. BA Understood that U.S. Dollar Payments Could Violate U.S. Sanctions and, Despite Warnings from the Treasury Department, Sent Sanctions Violative Transactions through the United States
22. During the relevant time period, BA employees were aware of U.S. sanctions and understood that U.S. sanctions could impact BA’s U.S. transactions. For example, in early 2006, BA employees drafted a message to the Treasury Department explaining that the bank was “willing to support [U.S.] efforts to mitigate or eliminate concerns” regarding BA’s relations with sanctioned jurisdictions. In March 2006, BA employees met with representatives from the U.S. Treasury Department who raised concerns that BA was conducting transactions with Iran, Syrian, North Korea, and other sanctioned jurisdictions. During this time period, employees discussed whether the bank could “simply cancel the business relationships [with clients in sanctioned jurisdictions] (as obviously the United States wishes).” BA did not cancel these relationships at this time, however.
23. Later, in June 2006, BA employees again acknowledged the impact U.S. sanctions could have on the Bank’s business, noting that other banks had stopped banking a particular Iranian bank as a “result of US pressure in connection with their US activities.” When considering whether to accept dollar clearing business for the Iranian bank, employees explained that BA’s “activities will eventually become known to the US authorities which might lead to some restrictions of group’s US activities [and] also … to restrictions on our USD – clearing accounts.”
24. In September 2006, a senior employee of the United States Treasury Department told SpA that UniCredit Group banks, which included BA, were sending or receiving payments to and from Iran “without correct indications of the ordering and the beneficiary [party], not allowing the monitoring of suspect transactions” at U.S. banks. SpA employees asked BA and UCB AG employees to investigate this statement. A BA employee responded that BA did not “withhold” information regarding Iranian bank clients but “[w]hat indeed can be [sic] is that the information indicated in the payment request is not sufficient for inquiries.”
25. Effective September 8, 2006, OFAC removed Bank Saderat (“Saderat”) from the U-turn exemption, making it illegal for U.S. banks to process transactions involving Saderat. BA was aware of the issue, circulating a news article regarding the change. BA employees discussed whether to freeze Saderat transactions and raised concerns that the U.S. government could monitor SWIFT messages and that this “theoretically this might cause damage to image or other damage to us” if BA did not freeze Saderat transactions.
26. UCB AG employees also discussed Saderat’s designation in the days after Saderat’s designation, explaining that Saderat would be “cut off from access to the U.S. financial system and banking market in the future. … This results in that U.S. financial institutions may no longer conduct USD clearing transactions with direct or indirect involvement of Saderat. … the following consequences are to be expected for foreign … banks (such as, e.g., HVB) participating in transactions which, in any case, indicate a reference of any kind to Saderat: (a) withdrawal and permanent loss of (client) funds, which have been forwarded to the respective U.S. bank for USD clearing purposes; and (b) lasting damage if not outright termination of a business relationship between the participating U.S. and foreign bank. Against this background, we recommend, no longer executing any USD clearing transactions whatsoever with the participation of an OFAC- regulated financial institution (i.e., U.S. financial institutions, their foreign branch offices as well as U.S. branch offices of non-U.S. financial institutions).” BA employees received this email.
27. In the wake of Saderat’s removal from the U-turn exemption, BA employees discussed whether the Bank should continue business with Saderat and the importance of processing U.S. dollar transactions for Iranian banks, explaining that “the USD remains the most important currency for commercial business transactions and investments.” Despite the recommendation from UCB AG above and understanding that U.S. banks could not process certain transactions for Saderat, BA processed eight U.S. dollar payments involving Saderat between September 14, 2006 and April 3, 2007.
28. Concerned that the United States would place restrictions on additional Iranian banks, in October 2006, BA employees discussed how to route U.S. dollar payments for Iranian banks to handle “possible problems in connection with the freezing of further Iranian banks by OFAC.” In November 2006, while searching for a new U.S. dollar correspondent bank, a BA employee noted in connection with BA’s Iranian bank business that it was “strictly forbidden by US law to hide any information with respect to any transaction.” At the same time, BA employees discussed processing U.S. dollar transactions for sanctioned Iranian banks with UCB AG employees, who explained that UCB AG would no longer process U.S. dollar transactions for sanctioned Iranian banks and that not disclosing the ultimate beneficiary in U.S. dollar transactions was “unlawful.”
29. In 2007, BA employees discussed the intensifying risks associated with U.S. sanctions in conjunction with new EU requirements that the ordering party be listed on transfer messages and BA’s continued policy to route payments up to $35,000 through the United States without revealing the ordering party. In February 2007, BA employees noted that payments with connections to Iran and certain other countries were “too hot” for many other large banks and questioned whether BA should continue to take the risk to process these payments. In July 2007, a BA employee noted that previously BA did not provide the ordering party’s nationality to the U.S. banks and so the connection to a sanctioned jurisdiction was “not apparent.”
30. In August 2007, BA employees escalated the “problems” with crisis country payments internally. BA made a “business policy decision” to continue non-transparent payment processing and created guidelines for processing payments related to crisis countries like Iran and Syria. The policy instructed employees to process payments up to $35,000 through the United States and to give “attention … that no obvious references in the payment request are included
which can suggest an infringement of international regulations (e.g. reason for payment or acting parties).”
31. BA stopped processing U.S. dollar business with Iranian banks by November 2007 and stopped using the non-transparent double MT202 payment message method in 2008.
32. In November 2009, SWIFT introduced a new type of message, the MT202COV, which replaced the MT202 and required a bank to include information on the ordering and beneficiary parties for cover transactions. BA employees noted that this new message type “might have implications on our payments business with OFAC countries in the sense that if a MT202COV is used certain client data (details as to the sender/receiver of payment) will be fully disclosed to third party banks incl. US settlement banks.” By this time, the Bank had substantially wound-down any business involving sanctioned countries, and the last payment involving an SDN bank was in November 2007.
33. Between 2002 and 2012, BA processed at least $20 million through the United States on behalf of sanctioned banks, including Bank Saderat, in willful violation of U.S. sanctions. All of these payments were processed without obtaining a license from OFAC in violation of IEEPA and the ITRs, and caused false entries to be made in the business records of financial institutions located in New York, New York.
1) For consolidated comment on the case, see Civil Enforcement Information - Acteon Group Ltd., and 2H Offshore Engineering Ltd (Settlement 1 of 2 in web post) (2019).