Company’s Subpar Geolocation Processes Led to Sanctions Violations, OFAC Says
The Office of Foreign Assets Control fined Washington-based Tango Card $116,048.60 for violating U.S. sanctions as a result of its “deficient geolocation identification processes,” the agency said last week. OFAC said Tango Card, an electronic gift and reward services company, violated U.S. sanctions related to the Crimea region of Ukraine and sanctions imposed against Cuba, Iran, Syria and North Korea.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
OFAC said Tango Card discovered the violations in 2021 when one of its clients found multiple award recipient email addresses had top-line domains associated with sanctioned jurisdictions. The company then conducted a “lookback review of its database” for any “similar occurrences involving email addresses previously provided by other clients,” OFAC said, and found several. In total, Tango Card transmitted more than 27,000 merchant gift cards and promotional debit cards worth more than $386,000 to people with internet protocol addresses linked to Cuba, Iran, Syria, North Korea and Crimea.
Although the company used geolocation tools to identify “high-risk” transactions, screened against OFAC sanctions lists and employed know-your-business “mechanisms,” the agency said it didn’t use those controls to “identify whether recipients of rewards, as opposed to senders of rewards, might involve sanctioned jurisdictions.” OFAC said this violated the Cuban Assets Control Regulations, the Iranian Transactions and Sanctions Regulations, the Syrian Sanctions Regulations, the North Korea Sanctions Regulations and an executive order that blocks certain transactions with people in the Crimea region of Ukraine.
The maximum civil monetary penalty amount was more than $9 million, but OFAC reduced the fine in its settlement with Tango Card because the case was non-egregious and the violations were voluntarily self-disclosed. OFAC also said Tango Card implemented a range of “remedial measures” by geo-blocking IP addresses and email addresses associated with sanctioned countries, hiring more compliance staff and instituting more compliance training. The company also brought on more sanctions screening tools, began monthly look-back reports to identify any recipients that could be located in sanctioned countries and “substantially” cooperated with OFAC’s investigation.
The agency also pointed to several aggravating factors that led to the six-figure fine, including Tango Card’s failure to impose “risk-based geolocation rules using tools at its disposal” despite having reason to know that it was sending rewards to people in sanctioned jurisdictions. OFAC also said the company conferred more than $386,000 in “economic benefit” to jurisdictions subject to U.S. sanctions.
OFAC said the case highlights the importance of using “geographic information” and geolocation tools as part of a sanctions compliance program. “In addition, while contractually obligating customers to comply with sanctions regulations can help mitigate risk,” the agency said, “it does not obviate the need to impose other sanctions compliance controls when appropriate on a risk basis.” Tango Card didn't immediately respond to a request for comment.