Buried Deep: Book Transfers and Sanctions Evasion – Part Two

Part One of this article shed light on how book transfers can be used to evade sanctions and why the sanctions risk they pose can be difficult to mitigate. This second part discusses regulatory expectations when it comes to the sanctions risks posed by book transfers and the policies and procedures banks can adopt to meet those expectations.

Regulatory expectations around book transfers are murky. A recent search on OFAC’s website yielded no specific guidance on how banks are expected to address their sanctions risk.There is a similar lack of specific guidance on the unique sanctions risk of book transfers published by the Federal Financial Institutions Examination Council, the European Commission, H.M. Treasury, and the Wolfsberg Group. In September 2022, OFAC acknowledged the “lower sanctions risk” posed by domestic instant payments, signaling that it does not expect banks to filter domestic payments under a risk-based approach.However, as discussed in Part One, book transfers are often used in a non-domestic context to access the U.S. financial system indirectly.

Testimony by U.S. officials offers some degree of further insight into their views on book transfers beyond the mechanical descriptions contained in OFAC enforcement actions. In 2016, then-senior U.S. Treasury official Adam Szubin testified that a bank which processes transactions offshore on behalf of sanctioned parties using USD “in its own vaults and on its own books” does not necessarily invoke OFAC’s jurisdiction.3, 4 The following year, however, Szubin’s successor voiced concern over “creative book-entry accounting” being used “to violate both the spirit and the clear meaning of Iran sanctions” and signaled that future investigations would “examine fully the facts and circumstances surrounding any book-entry or book-transfer system in light of the applicable regulations concerning Iran.”5

OFAC has made clear that any transaction carried out “by a non-U.S. person” which “causes a U.S. person to violate” U.S. sanctions is prohibited.6 In light of its enforcement actions, this strongly suggests that OFAC considers offshore USD transactions, including those carried out by book transfer, to be within its jurisdiction and may pursue enforcement, even if those transactions do not directly involve U.S. persons or the U.S. financial system. Whether OFAC actually pursues enforcement appears to depend on a variety of factors, including transaction timing, intent, and the interest a sanctioned party has in the transactions.

In the absence of specific guidance from regulatory and enforcement authorities, what can banks do to address the unique sanctions risk posed by book transfers? Aside from widely known controls such as customer due diligence, customer screening, and transaction filtering, here are four suggestions:

Maintain a Detailed Transaction Filtering Policy That Addresses Book Transfers 

A bank’s transaction filtering policy should address what types of transactions require filtering and any exceptions to those requirements. It should define and distinguish between book transfers and wire transfers, domestic and non-domestic transactions, and address any other factors that impact whether a transaction is filtered (e.g., currency denomination). A detailed filtering policy is important (i) as a basis for testing whether a bank’s filtering control is functioning as intended, and (ii) to avoid “outsourcing” the interpretation of an ambiguous policy to local compliance staff who may reach different views and adopt inconsistent filtering standards as a result.

Be Able To Distinguish Between Book Transfers and Other Kinds of Transactions 

Banks must be able to distinguish between book transfers and other kinds of transactions. If it is not clear whether a given transaction is a book transfer, a bank won’t be able to test that its filtering exemptions conform to policy. In my experience, comprehensively isolating book transfers can be far more difficult than a bank might expect. Oftentimes, there is no particular field in a payment system database that identifies a book transfer as such. Examiners must instead rely on a combination of fields and values known only to system experts who themselves may not be entirely sure of the distinction. Banks need to be able to identify book transfers within a random sample of transactions promptly upon request. When responding to regulators, banks should also be wary of the circular logic in defining book transfers based on their filtering history, then testing their filtering controls with transactions to which that definition was applied.

Be Able To Comprehensively Identify All USD Accounts Globally 

To accurately and confidently assess its sanctions risk, a bank should be able to identify all USD accounts it maintains for customers and correspondents across the globe. USD accounts represent one of the most likely conduits through which customers can access the U.S. financial system, even if done so indirectly using book transfers. Without a comprehensive global inventory of such accounts, it will be difficult for a bank to measure its OFAC sanctions risk and determine where, geographically, that risk is concentrated. Lacking such knowledge can lead to inaccuracies in a bank’s risk assessment, which in turn may lead to inaccurate reporting to senior management and the inefficient allocation of compliance resources. Moreover, a bank may face increased scrutiny and skepticism if it is unable to respond to regulatory or law enforcement requests for comprehensive global data on its USD accounts.

Consider Risk-Based, Retroactive Filtering 

As discussed in Part One of this article, OFAC-sanctioned parties may be able to transfer USD to or from a counterparty at another bank using book transfers. This sanctions risk would be difficult for the counterparty’s bank to mitigate because (i) the book transfers are rarely filtered and (ii) the counterparty bank’s customer screening system would not detect it since the sanctioned party is not its customer. OFAC has signaled a willingness to pursue enforcement of such offshore activity when the transactions are sufficiently “correlated” with others that directly involve the U.S. financial system. Therefore, banks should consider targeted, retroactive filtering of high-risk book transfers to ensure they do not involve OFAC-sanctioned parties. The extent and frequency of such filtering could be based on a client’s overall risk rating, the geographic risk of the branch, and other such factors. Since the filtering would be targeting a specific residual risk, a bank might also wish to set its name matching thresholds to a higher-than-normal level for this exercise.

Conclusion

The years ahead are likely to bring greater scrutiny of book transfers from regulators, law enforcement, and other government officials, especially those in Western nations who view banks and payment systems as critical links in ensuring the effectiveness of their sanctions regimes and, by extension, their national security and foreign policies. In the absence of specific guidance on book transfers from such authorities, this article will hopefully provide value to financial institutions seeking to withstand this scrutiny.

Footnotes:

1: OFAC website as of January 27, 2025, Link.

2: “Sanctions Compliance Guidance for Instant Payment Systems,” U.S. Department of the Treasury, Office of Foreign Assets Control (September 2022).

3: “Testimony of Adam J. Szubin, Acting Under Secretary for Terrorism and Financial Intelligence, U.S. Department of the Treasury,” Hearing Before the U.S. Senate Committee on Banking, Housing, and Urban Affairs (May 25, 2016).

4: Szubin gave the example of a Chinese bank “doing transactions with Iran” denominated in USD and noted that this would generally not be prohibited so long as that bank “steer[s] clear of our banks and [the U.S.] financial system.”

5: “Testimony of Sigal P. Mandelker, Nominee for Under Secretary for Terrorism and Financial Intelligence, U.S. Department of the Treasury,” Hearing Before the U.S. Senate Committee On Banking, Housing, and Urban Affairs (May 16, 2017).

6: “Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments,” U.S. Department of the Treasury, Office of Foreign Assets Control (September 21, 2021).

Related Insights

Published

May 26, 2025

temp Key Contacts

James Bracken

Managing Director

Most Popular Insights

  1. What Directors Think Report
  2. Know Your Risk: Terrorist Designation of Cartels on Business Interests in Mexico
  3. Four Predictions for Private Equity in 2025
  4. Global CFO Survey 2025
  5. Current Power Trends and Implications for the Data Center Industry

Sign up to get access to FTI Consulting Insights

Subscribe