It may be hard to imagine a payment to a friend for holiday party expenses getting caught up in the “global war on terror,” but that’s exactly what happened to Arman Ghorbani.
“I usually just put emojis in the description like most people do, but recently Persian New Year passed and I sent some money with the tag like ‘Persian New Year Celebration’ or something along those lines to pay back my friend, and I got an email back saying that it was rejected,” Ghorbani says.
Ghorbani noticed others online having the same problem, so he tried sending another payment with a subject line containing the words “Iran,” “Iranian” and “Persian.” It, too, was flagged. Frustrated and still needing to pay back his friend, who lives in California, Ghorbani decided to send another payment with another intentionally lurid subject line to see if it would be flagged as well.
This transaction went through without a problem.
“I’m not saying that they should block any payments with those kinds of words or people insinuating that they’re selling drugs or any other illegal activity. Those are mostly jokes,” Ghorbani says. “But it’s mind-boggling that they’re OK with this on their servers, but they’re very strict about certain words like ‘Persian.'”
The long arm of OFAC
In an email back-and-forth with Ghorbani, a Venmo representative referred him to rules set forth by OFAC, the acronym for Office of Foreign Assets Control, a U.S. Treasury agency tasked with preventing the flow of money both to terrorist organizations and to countries that are under economic sanctions. The agency maintains a Specially Designated Nationals and Blocked Persons list of individuals, countries and groups for which it’s illegal to send money to or receive money from. The list (PDF file) runs 963 pages.
The agency doesn’t police all day-to-day payments, instead requiring financial services companies to do so themselves — and imposing hefty fines on those that don’t halt illegal payments.
“Financial institutions are responsible for screening their customers against that list,” says Thomas Feddo, an attorney and partner for Alston & Bird LLP. “If there’s a hit, or a match, it’s required under the various sanctions programs to do something with that transaction: Either block it and essentially freeze the funds … or to reject the transaction and send it back to the originator.”
When companies block or reject a transaction, they have to report to the government within 10 days.
Scary penalties for failure
For financial services companies that fail, the penalties imposed by both the Office of Foreign Assets Control and other financial regulators can be harsh, Feddo says. Depending on which law applies, each unlawful transaction can cost a bank up to $250,000 or twice the value of the transaction, whichever is higher. Another law allows penalties of up to $1 million for each unlawful transaction.
“Financial institutions have become very sensitive to the OFAC regulations because of recent enforcement activity by the U.S. government against financial institutions for not doing enough with respect to monitoring their customers and knowing enough about their customers,” Feddo says.
Doing the feds’ work zealously
The federal government effectively outsources enforcement to private companies. That might seem less heavy-handed than the government watching payments itself. But financial services companies avoid penalties by engaging “in a level of surveillance and control that the government would have a very hard time getting away with if it did it directly,” says Edward Hasbrouck, who consults on travel-related issues for civil liberties group The Identity Project.
“The situation that banks and other for-profit businesses are in is that if they allow any transaction through, they are subject to crushing fines,” Hasbrouck says. Any rational business will err on the side of caution, so “tight filters” are now the rule, not the exception, he says.
“Anything where there’s a hint of suspicion will be blocked because the cost of improperly blocking a transaction is negligible,” he says, adding that potential costs from customer lawsuits over blocked transactions pale in comparison to even one sanction from the Office of Foreign Assets Control.
Indeed, Venmo’s customer service account on Twitter receives a steady stream of angry tweets from customers who’ve had payments blocked for things like mentioning “Syria” or even making references to Cuban food.
— Leah (@Fach_Off) April 4, 2016
— Moshe Isaacian? (@MosheIsaacian) March 16, 2016
@venmosupport you flagged my post for it mentioning the country Syria. Do you know how blatantly discriminatory that is?
— 2460dork™ (@HelloIAmHala) March 4, 2016
It’s unlikely that a human at Venmo actually took action to block Ghorbani’s payment over the word “Persian.”
Instead, Hasbrouck says, it was probably software programmed to search for certain words or phrases, some of which are taken verbatim from the Specially Designated Nationals and Blocked Persons list and some of which are permutations of those terms or just terms that companies believe will reduce the risk of violating an agency rule. Without such programs, it would be impossible for financial services companies like Venmo to effectively screen out potentially illegal payments from among the millions of noncash payments made every single day.
Ridiculous and serious effects
Decisions made by these programs can sometimes seem capricious or downright ridiculous, as was the case last month when a dog’s name, “Dash,” was mistaken for “Daesh,” another name for ISIS, stopping a payment to a dog walker.
But they can have serious consequences. Hasbrouck’s checking account was locked after he tried to log in while traveling in Syria in 2008, before the civil war there. All movements of money into and out of his account, including direct deposits and bill payments, were immediately blocked, and Hasbrouck nearly lost an insurance policy due to nonpayment of premiums before his account was unlocked.
It took an hours-long phone call, made from outside Syria, to get his account unlocked, he says.
Hard to avoid
It’s tempting to watch what you write in a memo line (or to leave it blank) to keep innocent payments to friends and family from getting caught up in the machinery of anti-money-laundering rules. But it’s hard to know ahead of time what’s going to set off a financial service company’s filtering rules because they’re essentially a “black box,” Hasbrouck says.
“There’s not much that the individual can do to avoid it,” he says. “Any money transfer app or service is going to be subject to this.”
But filtering issues seem to be especially problematic for a “social” payments company like Venmo, which bills itself as a way to “connect with people” and “remember the moments you share with friends.” Limits on which moments you remember are sure to rankle users. Imagine trying to post something innocuous about a holiday party on Facebook and being told that your words would be investigated before going up on the site, and you get an idea of what some Venmo users might feel.
The problem may only get worse with the rise of “fintech” startups, whose investors are unlikely to be willing to bear much risk of running into penalties from the Office of Foreign Assets Control.
“They’re probably going to go even further overboard,” Hasbrouck says.
One thing’s clear: If you do get a notice like this, it’s important to respond, says Feddo, the attorney.
“Engage with the financial institution as soon as you can and find out as much as you can,” he says.