Scoutinternal

OFAC Compliance Hotline Auto-Replies and LGO Whitelist Requests

OFAC Compliance Hotline Auto-Replies and LGO Whitelist Requests

Problem

BitGo's support queue receives two categories of low-actionable inbound tickets in this cluster: (1) automated "Auto Reply" bounce-back messages from OFAC (Office of Foreign Assets Control) indicating that a previously used OFAC email address is no longer active and that compliance queries must now be submitted through OFAC's new online Compliance Hotline platform, and (2) legacy "LGO - Whitelist Request" tickets for address whitelist additions, removals, or approvals. Both ticket types generate volume in the queue but contain minimal diagnostic or resolution detail in the source records.

Diagnostics

  • Identify the ticket type: Check the subject line. OFAC auto-replies consistently have the subject "Auto Reply" and originate from an OFAC email address. LGO whitelist requests have subjects containing "LGO- Whitelist Request," "LGO- Whitelist Requests," "LGO-Whitelist," or "LGO- Whitelist approve and removal requests."
  • Check the ticket body for the OFAC auto-reply signature text: Look for the phrase "This email address is no longer active. Emails sent to this address will not receive further responses." This confirms the ticket is an automated bounce-back, not a customer inquiry requiring action.
  • For LGO whitelist tickets: Verify whether the ticket contains any actionable request details (address to whitelist, address to remove, approval needed). Note that in the source tickets reviewed, these LGO whitelist tickets contained no problem description or resolution details — they appear to be legacy or bulk-migrated records.
  • Check the Salesforce case number: Both ticket types reference SF case numbers (e.g., SF#00356900 for OFAC, SF#00045452 for LGO). Cross-reference in Salesforce if additional context is needed.

Resolution

Scenario: ofacs-hotline-ofac-compliance#ofac-auto-reply-bounce

Trigger: The ticket is an automated bounce-back from OFAC stating their email address is no longer active, received in response to a compliance-related outbound email from BitGo.

Signals: Auto Reply, OFAC, Compliance Hotline, email address is no longer active, license application, Licensing Portal, Check Application Status

Steps:

  1. Confirm the ticket body contains the OFAC auto-reply text indicating the email address is no longer active.
  2. No customer-facing action is required — this is an automated bounce-back, not a customer request.
  3. If BitGo's Compliance team was attempting to reach OFAC via email, notify the Compliance team that OFAC transitioned its Compliance Hotline to a single online platform on August 16, 2024. Future queries to OFAC must be submitted through OFAC's online OFAC Compliance Hotline on OFAC's website.
  4. For checking the status of a license application or other request, advise the Compliance team to use the "Check Application Status" feature in OFAC's Licensing Portal, or call OFAC's Licensing Division by phone.
  5. Close the ticket as resolved/no action needed.

Notes: These auto-reply tickets were generated in bulk (30+ tickets on the same date) suggesting BitGo had multiple outstanding emails to the now-deactivated OFAC email address. The Compliance team should update any internal runbooks or contact lists that reference the old OFAC email to point to the new online platform instead.

"This email address is no longer active. Emails sent to this address will not receive further responses. Please be advised that OFAC transitioned its Compliance Hotline to a single, user-friendly online platform on August 16, 2024. Submit your queries on OFAC's website—and provide all necessary details—using OFAC's new OFAC Compliance Hotline." (ticket #286415)

"If you want to check the status of a license application or other request submitted through OFAC's Licensing Portal, please use the 'Check Application Status' feature in OFAC's Licensing Portal or call OFAC's Licensing Division at 1-[PHONE]." (ticket #286415)

Scenario: ofacs-hotline-ofac-compliance#lgo-whitelist-request-legacy

Trigger: The ticket subject references "LGO- Whitelist Request" (or similar variations) and contains no problem description or actionable resolution details.

Signals: LGO, Whitelist Request, Whitelist approve, removal requests, whitelist

Steps:

  1. Check the ticket body and any associated Salesforce case (SF# reference in the subject) for whitelist addresses, removal requests, or approval instructions.
  2. If the ticket contains actionable whitelist details, route to the appropriate operations or compliance team for processing per standard whitelist procedures.
  3. If the ticket is empty or contains no actionable information (as observed across all sampled LGO whitelist tickets in this cluster), verify with the Compliance or Operations team whether the request was already fulfilled or is obsolete.
  4. If confirmed as already handled or no longer relevant, close the ticket as resolved.

Notes: The source tickets for LGO whitelist requests uniformly lacked problem descriptions and resolution details, with only medium-confidence resolution entries. These may represent legacy or bulk-migrated records. If a customer follows up on a whitelist request, treat it as a new request and process through current whitelist workflows.

Related

  • understanding-policies — Whitelist-related policies may govern address approval workflows referenced in LGO whitelist requests.
  • custody-withdrawals — Withdrawal security layers may intersect with whitelist enforcement for custody wallets.
  • none identified — No existing KB article directly covers OFAC compliance hotline procedures or bulk auto-reply ticket handling.