American consumers using peer-to-peer (“P2P”) payment services, such as Venmo and PayPal, could unwittingly violate U.S. foreign policy—at least if their transactions involve parties on the Treasury Department’s foreign sanction list. The Office of Foreign Assets Control (“OFAC”), a division of the Treasury Department, enforces economic sanctions based on U.S. national interests, and prohibits Americans from doing business with foreign actors that threaten “the national security, foreign policy or economy of the United States.” 1 While it is unsurprising that Americans are barred from transacting with entities under OFAC sanction, consumers might be surprised by how easily they can fall under investigation, especially for seemingly innocuous transactions.

In one recent incident, a United States consumer found himself caught between an otherwise unremarkable Cuban sandwich purchase and an investigation for possible OFAC violations—simply for typing a certain keyword (“Cuban”) while making a Venmo payment. 2 In a similar episode, a PayPal user’s transaction came under investigation after the consumer paid another American to review a book entitled Castro’s Cuba. 3 PayPal halted the transaction, and its compliance department sent a boilerplate email to the customer, detailing the reason for the block:

“PayPal is committed to complying with and meeting its global regulatory obligations. One obligation is to ensure that our customers, merchants, and partners are also in compliance with applicable laws and regulations, including those set forth by OFAC, in their use of PayPal.” 4

PayPal’s message went on to ask the consumer for an explanation as to the “goods and services involved in the transaction,” further requesting the customer email its compliance department and visit the PayPal Resolution Center to explain the following text from the transaction message: “Hi Ben – Your Castro’s Cuba review is up! Thanks so much! Carla.” 5

These regulatory compliance efforts illustrate a problematic trend for P2P payment start-ups; fintech companies have struggled to abide by federal regulations in P2P transaction services, (perhaps due to the rapid nature of P2P transactions, 6 and the substantial technical burden in vetting the billions of dollars in such transactions for regulatory compliance), 7 resulting in significant monetary judgments against the companies. 8 Whereas a decade ago, transactions with foreign nationals might have been made via traditional wire transfers, these transactions can now happen much more rapidly, circumventing those larger intermediaries and passing through applications such as Venmo in a fraction of the time. 9 Traditional banking institutions, however, are generally more experienced in regulatory compliance than newcomer, disruptive P2P services—and with the comparatively pedantic nature of traditional services, questionable money transfers can be easier to spot and interdict before they are completed. 10

Electronic P2P payments—generally defined as informal, digital money transfers between two persons—have become a prominent feature of the sharing economy. According to the Federal Reserve, the number of P2P payments increased from $146.6 million to $205.3 million from 2009-2012, growing annually by 11.9%. 11 The markets seem to have grown logarithmically since then: in 2015, Venmo alone processed more than $7.5 billion in P2P payments (with an annual growth of 174%), and one Business Insider report estimates that total U.S. P2P transactions volume could reach $86 billion by 2018. 12

One reason for the P2P economy’s rapid growth is the lower transaction costs associated with services such as Venmo, PayPal, or Apple Pay. 13 Not only can consumers avoid financial burdens such as credit card fees, ATM withdrawal charges, or the nominal cost of a new checkbook, texting the payment to a friend is just easier than signing a receipt or going to withdraw cash. As one commentator put it, these services “make transferring money faster, less expensive, and more precise.” 14 Still, with a rapidly expanding industry, and even faster financial transactions, service providers are hard-pressed to ensure that transactions remain in compliance with regulatory schemes. In addition, the regulatory compliance will impact the profitability of P2P service providers, increasing the transaction costs both financially and socially. 15

PayPal learned this lesson the hard way in 2015; the P2P giant settled a case brought by the Treasury Department for $7.7 million, apparently for 486 unintentional violations of U.S. economic OFAC sanctions. 16 According to OFAC, for several years until 2013, PayPal’s internal compliance mechanisms were either non-existent, or insufficient to “identify, interdict, and prevent” transactions that could violate OFAC sanctions. 17 Pursuant to the settlement order, PayPal enhanced its compliance processes—presumably by including search algorithms to target keywords, or combinations of keywords, to meet OFAC’s requirements to “identify, interdict, and prevent” potential OFAC sanctions. 18

OFAC has long regulated traditional financial institutions to ensure compliance with U.S. national interests, but for newcomer P2P start-ups, the PayPal case illustrates that they, too, are within the ambit of OFAC regulation. OFAC’s stated mission is to administer and enforce “economic and trade sanctions based on U.S. foreign policy and national security goals.” 19 Under the authority of federal legislation and Presidential national emergency powers, OFAC can unilaterally block transactions and freeze assets within United States jurisdiction if parties to the transaction fall within any group of targeted actors. 20 Specifically, OFAC, compiles a list of “individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries.” 21 It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific, known as “Specially Designated Nationals” or “SDNs.” Their assets are blocked and U.S. persons are generally prohibited from dealing with them. 22 To this end, Americans suspected of entering into any such prohibited transactions will similarly be blocked from doing so.
Unfortunately for PayPal and its P2P cohort, compliance with these OFAC regulations is perhaps more onerous than they initially considered—and the best way to comply might very well be a massive data keyword dragnet, such as one that catches transactions including “Cuba” or “Syria” in the message thread. 23

While American consumers might find the extra regulatory compliance measures a bit ridiculous, burdening a few customers could be a small price for PayPal to pay, especially when the alternative price tag is closer to $8 million. 24 Still, it remains to be seen whether there are better methods for companies to comply with OFAC sanctions, or whether OFAC itself needs to adapt to a brave, new, financially-innovative world. The federal government should weigh the costs and benefits of existing U.S. foreign policy measures against the costs and benefits of stimulating U.S. fintech growth in P2P payments. Adapting regulations or penalties for fintech companies, for example, could increase the companies’ profitability and competitiveness, without destroying foreign policy. Unless OFAC adopts new policies, however, American companies and citizens can expect the same enforcement measures, stiff penalties, and keyword dragnets to continue.