Government regulations preventing money laundering and to isolate enemies have been in effect for years. However, their scope was further extended by the USA Patriot Act following 9/11. Today, all financial transactions in the country are subject to review in order to ensure they are legitimate and do not involve a proscribed person or organization.

Direct marketers who never considered themselves part of the financial industry are now obligated to perform such checks and are threatened with severe penalties should they make any errors.

The burden of surveillance falls directly on businesses themselves. Other than making various watch lists available and proscribing basic rules, the government relies on each firm to execute the requirements as it sees fit.

Only suspicious activities are reported to the authorities. This is good for people concerned about the government spying on them because, so long as they are not already on a watch list and refrain from doing anything unusual, the government never hears about them. Therefore, the threat to privacy is minimal, and the government’s ability to identify suspicious behavior is minimal as well, but the difficulties of doing this are so great that this probably doesn’t matter.

Businesses, which have to do the work, see fewer advantages to this approach. In a sense, it’s amazing that the economy hasn’t come to a screeching halt with the extra checking which is supposed to be going on. Or, it could be that the requirements are less burdensome than they seem. Or there could be a possibility that a lot of businesses just will not comply and the government isn’t insisting that they do. But, in all probability, it’s a little bit of both.

Although the government has been clear about penalties for allowing a forbidden transaction slip by, it has been vague on what constitutes an acceptable level of diligence to prevent such mistakes. Essentially, businesses have to block attempted transactions by entities identified on a government watch list and verify the identity of all new customers. This transaction blocking applies to all U.S. businesses and is separate from the Patriot Act.

The main watch list is known as the Specially Designated Nationals (SDN) list from the Treasury Department’s Office of Foreign Assets Control. Depending on the situation, other lists and sanctions against entire countries also apply. But, surprisingly, no standards exist for the quality of watch list checking.

The government’s Web site (www.treas.gov/offices/enforcement/ofac/faq) says that “users can search the PDF version of the SDN list by using the ‘find’ feature of the Adobe Acrobat Reader. Most word-processing programs also have a search function to scan OFAC’s ASCII versions of the SDN list.” However, it is hard to imagine that anyone familiar with the realities of name and address matching would believe this to be adequate.

More to the point, it’s hard to imagine the government would accept this as adequate should it discover your business has permitted a forbidden transaction. Still, the SDN list holds only 2,500 names and 2,100 aliases at 4,800 addresses, so the notion of an occasional manual search is not totally absurd.

Identity verification, required in section 326 of the Patriot Act, is an extension of the pre-9/11 rules that are aimed in preventing money laundering. It is limited to financial institutions, but these have been defined to include auto, boat and aircraft dealers, jewelers, real estate agencies, casinos, insurance companies, securities brokers, check-cashing bureaus, credit card system operators, travel agencies, wire transfer agents and currency exchanges. In short, any business involving a transfer of significant assets may be covered.

The government’s rules for customer identification programs are more detailed than those for OFAC list matching. But they mainly deal with the process of establishing a formal program, and touch just lightly on what that program must include. Beyond a customer’s name, address, birth date and social security number, each institution decides what information to gather and how to verify it is correct.

These decisions are supposed to be based on a risk assessment, but no standards exist for conducting the assessment or what proof is need for various risk levels. The basic principle is that each business must do whatever it needs to feel confident that their customers are in fact who they claim to be.

Despite the vagueness in OFAC and Patriot Act compliance requirements, there is no shortage of software vendors offering their assistance. Some provide a complete solution including identity verification, watch list searching, suspicious transaction identification, documentation and case management. But the majority provide only some of these functions. Chances are that any of these vendors software would do a better job than your word processor’s ASCII text search. However, it’s worth mentioning it’s quite a challenge in matching against the OFAC list is unusually .

The list contains many non-Western names and non-U.S. addresses, thereby causing big problems for matching systems tuned to U.S. consumer lists. False matches are expensive to investigate and annoy legitimate customers. Missed matches can will also bring about negative publicity, legal penalties and, in the worst case, a successful terrorist attack.

Odd as it seems, the government has more stringent standards for applying ZIP codes than identifying terrorists. So businesses looking for a solution are on their own in selecting an effective product.

Your best bet is to Ensure that your matching system has all the specialized reference tables, processing logic and experience to handle non-U.S. names and addresses. You should also ensure that your solution checks existing accounts against additions to the watch lists. Most important of all, you should have a competent adviser review your compliance programs. Doing this may be costly, but you should remember the cost of failure is worse.

If you would like more information regarding asset protection, trusts, family limited partnerships or the subject of this article please call or email our office.