On June 20, 2023, Swedbank Latvia reached a final settlement with the U.S. Treasury’s Office for Foreign Assets Control (OFAC). The settlement addressed the bank’s previous deficiencies that resulted in OFAC sanction breaches, and Swedbank agreed to pay a sum of 37 million Swedish kronor ($3.5 million).
 
Prior to the 2014 invasion of Crimea by Russia, Swedbank Latvia had a client in the shipping industry based in Crimea. This customer utilized Swedbank’s e-banking platform from an IP address located in Crimea to directly send payments to individuals in Crimea, using U.S. correspondent banks as intermediaries. Between February 5, 2015, and October 14, 2016, this client initiated 386 transactions with a total value of $3,312,120 through accounts held by special purpose companies (SPCs). These transactions were processed through U.S. correspondent banks.
 
The KYC data provided clear evidence that the client had a physical presence in Crimea. Swedbank Latvia possessed this information at the time of the apparent violations. However, despite collecting and storing customer IP data, Swedbank Latvia failed to incorporate this data into its sanctions screening processes. If the IP data had been screened, it would have revealed that the client was situated in Crimea during the apparent violations.