Enforcement takeaways from the Consent Order (per DFS allegations):
• After doing a lookback, Payoneer discovered it had engaged in approximately $793,000 worth of transactions with persons or entities in sanctioned countries during the period Iran, Sudan, Syria and individuals on the SDN List between 2013 and 2018
• Payoneer self-disclosed these violations to OFAC, which settled with Payoneer in 2021 for approximately $1.3 million
• DFS sought to highlight the deficiencies which led to these violations, including (a) weak algorithms that allowed close matches to SDN List entries to evade Payoneer’s sanctions filter, (b) failure to screen for Business Identifier Codes even when SDN List entries contained them, and (c) allowing flagged and pending payments to be automatically released without review during backlog periods.
• Additionally, DFS alleged the Company’s compliance program lacked a focus on sanctioned locations, including Crimea, such that IP addresses and mailing addresses in these locations were not properly flagged.
• DFS did not issue a press release in connection with this action.