Rewards programme redeemed in sanctioned jurisdictions lands US firm with OFAC fine
Illinois-based daVinci Payments, which manages prepaid reward programmes, has agreed to pay $206,213 to settle its potential civil liability for apparent violations of sanctions on Crimea, Iran, Syria, and Cuba, the US Treasury’s Office of Foreign Assets Control (‘OFAC’) has announced.
‘Between November 15, 2017 and July 27, 2022, daVinci enabled reward cards to be redeemed from persons in sanctioned jurisdictions,’ OFAC said, 6 November. ‘The settlement amount reflects OFAC’s determination that daVinci’s conduct was non-egregious and voluntarily self-disclosed.’
OFAC said that in the course of a compliance review and subsequent investigation, daVinci discovered that on 12,378 occasions it had redeemed prepaid cards for users with Internet Protocol (IP) addresses associated with Iran, Syria, Cuba, and Crimea.
OFAC explained: ‘After daVinci began preventing access to its platform from IP addresses associated with these sanctioned jurisdictions, the company further discovered it had redeemed prepaid cards for 13 card recipients who had used email addresses with suffixes (sometimes called top-level domains) associated with sanctioned jurisdictions (e.g., Syria is .sy, Iran is .ir) during the redemption process and who were apparently resident therein. Over the course of the relevant time period, this absence of comprehensive geolocation controls led daVinci to process 12,391 redemptions totaling $549,134.89 for cardholders apparently located in sanctioned jurisdictions, resulting in apparent violations of the Cuban Assets Control Regulations, 31 C.F.R. § 515.201; the Iranian Transactions and Sanctions Regulations, 31 C.F.R. 2 § 560.204; the Ukraine-/Russia-Related Sanctions Regulations, 31 C.F.R. § 589.287; and the Syrian Sanctions Regulations, 31 C.F.R. § 542.207 (the “Apparent Violations”).’