By Ryan Labriola, Senior Manager

Introduction

Recently, U.S. President Donald Trump and Colombian President Gustavo Petro argued about, and subsequently negotiated a resolution regarding, the U.S.’s attempt to repatriate Colombian migrants back to their home country via military transport. Initially approved for landing by the Colombian government, President Petro subsequently revoked landing authorization while the U.S. planes carrying Colombian migrants were in the air.

President Trump immediately took to social media, threatening massive tariffs and visa revocations on the South American nation. While trade and immigration were the stars of the show, the financial services industry was also included as President Trump’s threat to Colombia included “Treasury, Banking, and Financial Sanctions to be fully imposed,” per his social media post.^[1]

While Presidents Trump and Petro ultimately came to an agreement to avoid a trade war and further economic hostilities, the financial services sector discovered the quickness with which the new administration will move to promote its political and economic agenda. This article provides background on the laws and regulations invoked by President Trump, considerations for the financial services industry, and recommendations for preparing for future executive actions.

Background

On January 20, 2025, President Trump declared a national emergency at the southern border of the U.S. The most  striking aspect of this action was the choice of words used to describe the immigration crisis in the executive order: a) “America’s sovereignty is under attack;” b) “This invasion has caused…;” c) “This assault on the American people and the integrity of America’s sovereign borders represents a grave threat to our Nation;” and d) “Because of the gravity and emergency of this present danger and imminent threat…;” And, in invoking the reasoning for his action, the executive order stated that its reasoning in part was “to protect each of the States against invasion” (emphasis added throughout).^[2]

In threatening “treasury, banking, and financial sanctions,” President Trump invoked the International Emergency Economic Powers Act (IEEPA) which gives the president special economic powers “to deal with any unusual and extraordinary threat, which has its source in whole or substantial part outside the U.S., to the national security, foreign policy, or economy of the [U.S.].”^[3] While the Courts have limited some of the president’s power under IEEPA, the law still provides the president with significant powers including the regulation and prohibition of foreign exchange transactions and “transfers of credit or payments, by, through, or to any banking institution” with respect to a foreign nation or national.^[4] During armed hostilities with or attacks by a foreign nation or nationals, those powers increase to include property confiscation.^[5]

While it may have been initially seen as the encapsulation of long-standing campaign rhetoric, these recent events involving Colombia put the language of the executive order in a new light – namely, the use of the IEEPA as a means to achieve the new administration’s goals.

Considerations for the Financial Services Industry

The world news media focused primarily on the implications of President Trump’s threats from the lens of international trade and relations. The financial services industry, however, should keep in mind the president’s threat of sanctions and the rapidity with which the situation evolved. While details of the proposed banking sanctions have been scant, it is reasonable to infer that certain individuals and entities would have found themselves on the Sanctioned Designated Nationals and Blocked Persons List (SDN List) or otherwise sanctioned by the Office of Foreign Asset Control (OFAC). The extent to which President Trump would have leveraged this authority is not publicly known.

Part of the president’s threat to Colombia notably included “a travel ban and immediate Visa Revocations on the Colombian Government officials, and all Allies and Supporters…[and] Visa Sanctions on all Party Members, Family Members, and Supporters of the Colombian Government.”^[6] If implemented, financial institutions would need to immediately and rapidly scrub applications, originations, accounts, and other assets and liabilities against the SDN List and other OFAC sources. While most financial sanctions have been relatively predictable (i.e., Russian individuals and entities following Russia’s invasion of Ukraine in 2022, individuals and entities associated with Iran and Hamas following the terrorist attack on October 7, 2023, etc.) and provided financial institutions time to prepare, the specter of using financial sanctions as a means of threatening allies in real time will require a new playbook.

Given the executive order’s references to “attacks,” “assaults,” and “invasions”, alongside the IEEPA provision granting the president the authority to seize property when the U.S. is “engaged in armed hostilities or has been attacked by a foreign country or foreign nationals,” President Trump has, within a matter of weeks, demonstrated his readiness to contemplate unconventional actions. Financial institutions, with liens and other security instruments on property, often have unique and desirable information on the location of that property. In the event that certain people or entities were added to the SDN List, financial institutions could find themselves in the crosshairs of federal enforcement and possibly compelled to provide information.

This raises another interesting risk for financial institutions – the reliance on third parties (both systems and vendors) to perform OFAC searches for SDNs. A standard practice in the financial services industry is to on-board a third-party platform that scrubs applications and the institution’s servicing portfolio against the SDN List. The break-neck pace of President Trump’s proposed sanctions puts this third-party risk on prime display. If sanctions are authorized pursuant to an executive order on dozens (or even hundreds) of foreign nationals in response to a major international incident that is being discussed on news media platforms around the globe, it is likely  that the federal government would expect immediate compliance by financial institutions, with little-to-no room for error. If systems or vendors cannot update their practices quickly enough, the financial institution runs the risk of processing transactions made by or with an SDN.

Conversely, another reasonable scenario is one in which updates to the SDN List are made and then reversed quickly thereafter. Should the U.S. sanction Colombian officials, entities, and persons, or any other country subsequently deemed to be engaged in armed hostilities against the U.S., only for the situation to resolve itself in 12 hours, and the executive order ultimately is rescinded, financial institutions not only face the risks outlined above relative to the speed at which their third-party service providers can act on updates to the SDN List, but also face reputational risks for moving so swiftly. For example, if a financial institution was able to freeze transactions of new entries to the SDN List and then the executive order was rescinded, customer dissatisfaction is highly likely and, considering the speed at which information travels on social media and other platforms, the financial institution could face serious reputational issues.

Recommendations for Future Preparations

Within a few hours, the financial services industry could have been turned on its head. While these risks did not fully materialize, financial institutions should contemplate how to address scenarios such as these should they present themselves again in the future.

Maintaining a nimble, fast-moving, and effective regulatory change management program will be paramount. The speed at which the Colombian crisis manifested and was then defused was unprecedented. In a compressed timeline, the U.S .was prepared to levy tariffs and to impose visa restrictions as well as financial sanctions against Colombia and its citizens. It is not unreasonable to consider whether President Trump’s use of economic force could extend itself to financial services companies that are unable to immediately comply with new requirements made immediately effective by “executive-order-blitzes.” The regulatory change management program has historically been one of thoughtful, contemplative decision-making to prepare for compliance dates that don’t appear for years (and are predictably delayed several times). President Trump is ushering in a new norm, and financial institutions must adapt and be ready.

OFAC screening and associated third-party risk management can become one of the hottest topics in the industry with the wave of a pen. Financial institutions should review OFAC policies and procedures to account for rapid changes and the ability to comply with them. Typically conducted prior to onboarding and periodically thereafter, the rapidity and forcefulness of President Trump’s directives warrant the consideration of more frequent screenings. Some financial institutions perform nightly OFAC screenings, but one must now consider if that is enough. While always of significant importance, the proposed executive actions exemplified just how crucial regular OFAC screening will be throughout this administration. Financial institutions should re-engage their third-party vendors to discuss the feasibility of increased OFAC screenings when there are rapid changes to the SDN List, up to and including real-time searches, if such a capability exists. Additionally, financial institutions should work with their third-party service providers to discuss their ability to update their records (i.e., the SDN List housed in databases). Financial institutions should understand the timeframes at which the third-party service provider operates. For example, if they are only updating their database every 30 days, that may be insufficient for mitigating risks presented in the current environment.

Last but certainly not least, consulting appropriate legal counsel will be key to maintaining compliance in this changing landscape. The speed at which the new administration is moving does not dispense with the need for thoughtful interpretation of regulatory and legal considerations, similar to the scenario outlined above relative to OFAC SDNs. Having experienced legal counsel who can provide up-to-date legal advice and guidance will be critical.

Conclusion

President Trump’s threat to use financial sanctions highlights numerous operational, compliance, and regulatory risks for the financial services industry. Whereas most of the industry has considered potential impacts flowing from deregulation and less enforcement activity, the Colombia dust up brings to light additional areas that demand attention, active monitoring, and planning.  Given the new administration’s propensity to use economic sanctions, the financial services industry must take steps to maintain compliance with all applicable laws and regulations while staying apprised of new developments.

[1] https://truthsocial.com/@realDonaldTrump/posts/113896070273857964

[2] https://www.whitehouse.gov/presidential-actions/2025/01/declaring-a-national-emergency-at-the-southern-border-of-the-united-states/

[3] 50 USC 1701.

[4] 50 USC 1702(a)(1)(A)

[5] Ibid.

[6] https://truthsocial.com/@realDonaldTrump/posts/113896070273857964