CISADA Creating Challenges for Banks

CISADA Creating Challenges for Banks



On July 1, 2010, President Obama signed into law the Comprehensive Iran Sanctions, Accountability and Divestment Act of 2010 (CISADA). The new sanctions build upon existing Iran sanctions and are intended to increase pressure on Iran because of nuclear program and human rights violations related to its June 2009 presidential election.

In a broad extraterritorial move, the new sanctions target international energy and banking organizations. They also have implications for companies that are U.S. federal government contractors as well as shipping companies, international brokers, and other companies involved in international trade. 

CISADA also expands and harmonizes financial and criminal penalties for violating Iranian sanctions.

Implementation Issues and Challenges

For international financial institutions, the choice is which country do you want to do business with: the United States or Iran? Doing business with both is not an option.

While U.S. financial institutions are already precluded from financing trade transactions to or investments in Iran, CISADA makes the financing of imports to Iran of refined products or investments in its petroleum sector sanctionable offenses for all foreign financial institutions, as well. How will the United States enforce these sanctions? By prohibiting U.S. financial institutions from maintaining correspondent or payable through accounts for foreign financial institutions that engage in sanctioned activities with Iran.

By September 28, 2010, the Secretary of the Treasury must promulgate regulations requiring U.S. financial institutions maintaining correspondent or payable through accounts for non-U.S. financial institutions to:

  • Perform audits of foreign financial institutions to determine whether they are engaged in sanctionable activities.
  • Report any transactions or other financial services provided related to sanctionable activities.
  • Certify that foreign financial institutions are not engaged in sanctionable activities.
  • Establish due diligence policies, procedures and controls to detect whether foreign financial institutions are engaging in sanctionable activities.

There is some thought that Treasury may issue regulations in final form, leaving the industry little opportunity for comment. On a positive note, however, there is a view that financial institutions in jurisdictions that have supported U.N. sanctions against Iran will be afforded a transition period to comply.

Our Point of View

Various websites are already publishing not only the names of the 16 Iranian banks that the Treasury Department has charged with supporting terrorism and Iran’s nuclear program, but also foreign financial institutions that are believed to provide services to these 16 Iranian banks, and U.S. banks that, in turn, conduct business with the foreign banks that service the Iranian banks. Whether the information on these sites is totally accurate and complete is not certain, but even if this information is only partially correct, there is the possibility that the Treasury regulations could have a profound effect on the correspondent banking market in the United States since these various lists include the names of some of the world’s international banks that are domiciled in jurisdictions not generally considered high risk for sanction compliance.

U.S. financial institutions will need to monitor closely the release of the Treasury regulations. They should also consider some advance contingency planning related to the impact on their business if the Treasury regulations demand bright line compliance. Issues for consideration might include the following:

  • Do we have internal resources to perform correspondent bank audits, or should/can this be outsourced?
  • Can multiple institutions partner to commission an audit of a correspondent bank and share the results? 
  • What types of contract amendments with existing correspondents may be required to facilitate compliance?
  • Can the anticipated cost of compliance be quantified? If so, what is the breakeven point beyond which we should consider terminating certain correspondent relationships?


How We Help Companies Succeed

Members of Protiviti’s Regulatory Team assist companies in understanding the requirements of new regulations, identifying attendant risks and the controls that should be put into place to mitigate these risks, and developing and implementing sustainable compliance programs. Our team members also work with clients to develop and deliver customized compliance training and to perform compliance reviews and audits.


An international financial institution with offices in the United States requested our assistance in developing and implementing an OFAC risk assessment methodology. We worked with the client to identify the geographic, customer and product considerations that were key to understanding its OFAC risks as well as the controls currently in place to mitigate risks. We also assisted the client in ensuring that OFAC risks and controls were appropriately linked to other components of its compliance program, including customer account opening as well as screening and monitoring. Our scope also included a review of the technology used by the client for OFAC screening to determine whether it was properly calibrated given the client’s risk profile. Finally, we worked with the client to revise its OFAC policies and procedures and update its OFAC training and audit work programs.

As a result, our client was able to demonstrate to its regulators the completeness of its OFAC risk assessment methodology and how the risk assessment contributed to the development of an effective OFAC compliance program.


Carol Beaumier
[email protected]
John Atkinson
[email protected]
Shaun Creegan
[email protected]

Ready to work with us?