Dealing with the compliance challenges presented by near daily new US sanctions and export controls requires a risk-based compliance program that addresses rapid change and mitigates increasing global enforcement risk, while still being practical and business friendly.
Executive Summary
Most GCs will be familiar, at least to some degree, with the increasing risks presented by the extraterritorial application of US sanctions and export controls. Frequently changes, in both scope of territories and parties caught and the types of restrictions, coupled with possible severe consequences (blacklisting, monetary penalties), mean that compliance programs must be nimble, addressing key risks while being practical and business friendly.
Key Risk Assessment Questions
What is my US nexus?
- US corporate ownership or control of a non-US company can mean that US sanctions apply directly (in case of Cuba and Iran sanctions). Even if such sanctions do not apply directly, US ownership and control usually means operational involvement of US persons such that most companies consider policies that either recuse involvement of such US persons or set forth restrictive corporate policies on doing business with sanctioned territories.
- A listing on a US stock exchange subjects a non-US company to SEC jurisdiction. While this does not prohibit sanctioned territory dealing by the non-US company per se, such business can implicate SEC reporting requirements and increased scrutiny.
- Working with US financial institutions/USD also means increased US sanctions scrutiny as these financial institutions act as effective gatekeepers for the review of sanctions risks. Even non-US financial institutions seek to comply with US sanctions given, among other things, the risk of sanctions for processing or facilitating financial transactions with US sanctions targets.
- Dealing in US-origin hardware, software, and technology (“Items”) can mean that US sanctions and export control jurisdiction attaches. Thus, non-US companies should assess the US nexus of their supply chain, prioritizing identification of those Items that are perhaps dual-use or subject to higher controls. Inadvertent reexport of Items subject to US law, not only to sanctioned territories and parties but also to countries subject to higher US export controls in general, can result in violations.
Where do I do business?
- Business involving Crimea, Cuba, Iran, North Korea, Russia, Syria, and Venezuela should be the focus of US sanctions compliance efforts because these are the territories subject to the most sanctions. Recently, Turkey has been the subject of some limited US sanctions, providing a recent example of how sanctions can be used in rapid response to geo-political situations.
- Dealing with some of these territories also presents risks under EU sanctions and not dealing with Cuba and Iran because of US sanctions presents risks under European countermeasures such as the so-called EU Blocking Regulation.
- Even if there is no US nexus, business with these markets can present US secondary sanctions risks for dealing with certain sanctioned parties or sectors associated with these territories. Secondary sanctions range from becoming a Specially Designated National (“SDN”) (i.e., a “blacklisted” party effectively cut off from the US market) to menu-based sanctions (for example, inability to obtain visas for US travel or licenses for Items subject to US law).
With whom am I doing business?
- Dealing with SDNs or other restricted parties can be prohibited or restricted where there is a US nexus, risk secondary sanctions even without US nexus, and create commercial/contractual risk.
Compliance Program Minimum Considerations
Much of the above risk can be mitigated by a compliance program which at least has robust controls to cover:
- Restricted Party Screening: a risk-based process to screen (usually involving automated and manual review) third parties, such as partners, distributors, purchasers, and customers.
- Review of Dealings Involving Sanctioned Territories: coupled with screening, a process to assess legality of such dealings, risk of secondary sanctions, and commercial/contractual risks, which can start with something as simple as a checklist for reviewing key issues.
First published in General Counsel Netherlands October 2019.