Wells Fargo will pay almost US$100mn to settle allegations by US regulators that the bank supplied customised trade finance software to another lender, which used it to carry out transactions involving Iran, Sudan and Syria.

The US Office of Foreign Assets Control (OFAC) said on March 30 that Wells Fargo allowed an unnamed European bank to continue using the modified software for some six years after staff first raised concerns that it posed a sanctions risk.

Wells Fargo agreed to pay US$30mn to settle OFAC’s allegations, which it self-reported to the agency almost eight years ago, representing a steep discount on the possible statutory fine of just over US$1bn. The US Federal Reserve also fined the San Francisco-headquartered lender US$67.7mn for oversight and risk management failures relating to the sanctions breach.

The European lender, referred to by OFAC only as “Bank A”, carried out 124 transactions that OFAC deemed to be apparent violations of its strict sanctions regime, collectively worth US$532mn.

The alleged violations began in 2008, an enforcement notice published by OFAC shows, shortly before Wells Fargo purchased Wachovia Bank in a government-steered transaction amid the global financial crisis. Wachovia had just started offering a customised version of Eximbills, a trade finance platform developed by China Systems, to a European bank. OFAC has not accused China Systems of any wrongdoing.

A “hosted” version of Eximbills provided by Wells Fargo allowed the European lender to manage certain trade finance products, such as letters of credit, on its own rather than through the US bank.

Unknown to Wells Fargo, staff in Charlotte-based Wachovia’s trade services business had tweaked the software to comply with a request by the European lender “that the functionality include, in part, the ability to manage non-OFAC-compliant trade instruments”.

Wachovia, before the Wells Fargo acquisition, attempted to avoid its own personnel being involved in transactions with sanctioned countries using the modified version of Eximbills, but according to the notice, “Bank A’s use of the hosted Eximbills platform continued to rely on Wachovia’s (and then Wells Fargo’s) technology infrastructure at the bank’s branch in Hong Kong and data facility in North Carolina to manage the 124 non-OFAC-compliant transactions”.

OFAC says that senior management of neither Wachovia nor Wells Fargo “directed or had actual knowledge” that the European bank was using the software to carry out sanctions violations, but Wells Fargo “should reasonably have known” about the alleged offences following the takeover.

The notice describes multiple occasions between 2008 and 2015 when staff raised concerns about the sanctions risks posed by the European bank’s use of the customised Eximbills platform, but the bank still failed to identify the violations.

In 2013, following enforcement actions against European lenders ING and HSBC which in part related to their trade finance business lines, Wells Fargo set up a working group to assess the risks of the customised software.

However, original Wachovia staff who knew about the original contract with the European lender “did not inform other members of the group” about Wachovia’s modification of the platform to allow transactions with sanctioned countries and entities.

The action plan developed by the working group was also delayed after being rolled into a larger project looking at the bank’s insourcing and outsourcing of its trade services business.

That review finally identified the possibility that the European bank had been carrying out non-compliant transactions on the modified platform in late 2015. The issue was escalated to senior management, the bank’s access to Eximbills was cut off and Wells Fargo “promptly” self-reported the discovery to OFAC.

The Wachovia global trade services unit inherited by Wells Fargo “demonstrated reckless disregard” for US sanctions, OFAC says.

“By providing Bank A with a software platform specially designed to make it easier for Bank A to engage in trade finance transactions with persons located in Iran, Sudan, on one occasion Syria, and, on six occasions, sanctioned entities, Wells Fargo undermined the policy objectives of three US sanctions programs,” the notice says.

Announcing its own settlement with the bank, the Federal Reserve says Wells Fargo’s “risk-management and oversight framework failed to identify and address the legal and compliance risks with respect to the bank’s provision of Eximbills to the foreign bank”.

In a statement, Wells Fargo says it “is pleased to resolve this legacy matter involving conduct that ended in 2015, which we voluntarily self-reported and fully cooperated with OFAC and the Federal Reserve Board to address”.

Wells Fargo has since remediated the problems identified during its investigation of the violations and the successor platform to Eximbills is now managed in-house, according to the notice.

OFAC says the enforcement action highlights the need for businesses to carry out thorough reviews when carrying out mergers and acquisitions and that “when sanctions compliance risks are raised internally — including concerns arising from smaller, non-core business lines — companies should promptly seek to thoroughly investigate and address those risks”.


Update: statement from China Systems

“Following the enforcement actions by the US Treasury Department and Federal Reserve against Wells Fargo Bank for breaches of the US Office of Foreign Assets Control (OFAC) regulations and the settlements recently announced, China Systems wishes to clarify the situation with respect to the references to our registered trademark and product name, Eximbills, which is not relevant to the actions taken by the US regulators.

A legacy Eximbills platform was licensed, in 1998, to CoreStates Bank N.A., a predecessor to Wachovia, to provide a trade finance insourcing service. Wachovia was subsequently acquired by Wells Fargo Bank, in 2008. The penalties against Wells Fargo are not the result of running our platform. We emphasise that the OFAC violations, as clearly explained in the US Treasury Department Enforcement Release dated March 30th 2023, were due to reasons attributable to Wachovia/Wells Fargo as stated therein, with no bearing on Eximbills or China Systems.

Consequently, we are surprised and concerned at the references to Eximbills and are considering required actions to ensure the integrity of our good name in the market.”

This story and its headline were amended on May 10, 2023 to emphasise that the trade finance software provided by Wells Fargo to the European bank was customised and gave rise to Wells Fargo’s sanctions breaches as explained in the enforcement release from the Office of Foreign Assets Control of the US Department of the Treasury.