On March 25, 2015, the Department of the Treasury’s Office of Foreign Assets Controls (OFAC) announced a settlement with electronic funds transfer giant PayPal, Inc. At issue were almost 500 transactions totaling approximately $44,000 in violation of various U.S. sanctions programs, including for Iran, Cuba, Sudan, proliferation of weapons of mass destruction, and global terrorism. PayPal agreed to pay a civil fine of $7.66 million and to present its revamped compliance policies and procedures to OFAC within six months.
The settlement describes numerous failures by PayPal, including initially failing to establish a policy to screen account holders against OFAC’s list of Specially Designated Nationals (SDNs) and failing to adhere to their subsequently established policies on multiple occasions. Notably, the lion’s share of PayPal’s base penalty—$17 million of the total base penalty of $17,018,443—stemmed from transactions valued at under $7,500 and associated with just a single customer. Because of multiple failures to comply with PayPal’s policies and a “reckless disregard for U.S. economic sanctions requirements,” the settlement agreement identified these violations as egregious. The remainder of the apparent violations were considered non-egregious.
The final penalty amount was reduced based on several factors, including PayPal’s voluntary disclosure of the violations, its subsequent compliance efforts, cooperation with OFAC, and the lack of any other similar violations by PayPal in the preceding five years.
PayPal’s settlement highlights the risks associated with international financial transactions for money services businesses and the importance of an effective compliance policy. As seen here, even relatively low-dollar transactions associated with a single customer can merit significant fines.