In brief

Mini vandePol, Gerald Lam and Andrea Kan of Baker McKenzie and Vivian Wu of FenXun Partners set out the framework of the various US and PRC sanction regimes, and discuss best practices for financial institutions to consider and implement.

---

Contents

1. US sanctions imposed against the PRC
2. PRC sanctions
3. Impact of USand PRC sanctions
4. Best practices: What financial institutions need to know and do
5. Sanctions Screening and Diligence

---

As current tensions between the PRC and the US have evolved beyond mere contradictions to a deep distrust, geopolitical considerations have been thrust to the forefront of compliance concerns for multinational businesses and financial institutions operating across Asia Pacific and globally. The US has demonstrated its commitment, during the Trump and Biden Administrations, to utilize economic and trade sanctions as a way to further its foreign policy objectives; to protect its national security; and to defend against what it deems to be threats to international peace and stability. 

Other countries and international organizations (such as the United Nations Security Council) also have well-established sanctions regimes to target human rights violations, international terrorism; nuclear proliferation; and drug trafficking. However, the US stands out in its use of “long arm” jurisdiction to impose sanctions upon foreign countries, entities, and individuals. More recently, the COVID-19 pandemic has deepened the resolve of the Biden Administration to utilize such policy measures to protect US supply chains, and to restrict the export and re-export of its sensitive technologies to strategic competitors such as the PRC.

In this context, the various US sanctions imposed against the PRC, as well as the countering foreign sanctions measures issued by the PRC against the US, have since 2019 become a prominent feature of the global geopolitical landscape. This has directly affected multinational financial institutions with PRC business (and PRC financial institutions with international operations), and have left them to wonder how to navigate the increasingly frequent, expansive, and complex sanctions laws and regulations.

US sanctions imposed against the PRC

US sanctions are enforced by the Treasury Department’s Office of Foreign Assets Control (OFAC), while US export controls are enforced by the Department of Commerce’s Bureau of Industry and Security (BIS). Although OFAC administers a number of different sanctions programs, which can range from comprehensive or selective, these are accomplished through the blocking of assets and through trade restrictions to accomplish the US’s foreign policy and national security goals.

OFAC’s sanctions vis-à-vis the PRC selectively target various areas of US concern, ranging from the activities of the so-called “Chinese Military-Industrial Complex Companies” (CMICs), to individuals and entities connected with alleged abuses against ethnic minorities in Xinjiang Province. The CMIC regime effectively replaces the restrictions the Trump Administration previously imposed on “Communist Chinese Military Companies”, and now targets PRC entities operating in the defence or surveillance technology sector more broadly. US persons are restricted from purchasing or selling the publicly traded securities of CMICs (see Executive Order 14032 Addressing the Threat From Securities Investments That Finance Certain Companies of the People’s Republic of China (3 June 2021)). OFAC’s Xinjiang-related sanctions are under its Global Magnitsky Sanctions regime, which targets human rights abuses globally. The UK and EU have also implemented their own sanctions under their respective human rights sanctions regimes against certain PRC individuals and entities in relation to the alleged abuses in Xinjiang specifically. The sanctioned parties are subject to various restrictions such as asset freezes, travel bans, and transacting with UK/EU persons. More recently, OFAC’s sanctions have also targeted government officials in charge of enforcing Hong Kong’s National Security Law.

The Biden Administration has also recently issued an Executive Order broadly authorizing a “rigorous, evidence-based analysis” of the national security risks associated with the transfer of or access to data by persons owned, controlled, or subject to the jurisdiction of “foreign adversaries” (see Executive Order 14034 on Protecting Americans’ Sensitive Data from Foreign Adversaries (9 June 2021)). This new Executive Order revokes the Trump Administration’s Executive Orders 13942, 13943 and 13971, which previously banned certain PRC software applications, including WeChat and TikTok, from operating in the US.

All US persons, including US-incorporated entities, their foreign branches (including non-US entities owned or controlled by a US person that are also subject to US sanctions with respect to certain sanctions programs, such as the US’s Iran, Cuba, and North Korea sanctions programs) and employees, are prohibited from transacting with sanctioned parties. However, OFAC has traditionally taken an expansive view on US jurisdiction, and held that non-US persons may also be subject to sanctions restrictions based on various jurisdictional hooks. For instance, OFAC has held in a number of cases that a jurisdictional nexus exists where the conduct involved the use of the US financial system and commenced enforcement action against non-US parties based solely on the use of US dollars in transactions with a sanctioned party. For example, OFAC’s settlement with CSE Global Limited (CSE) and CSE TransTel Pte. Ltd. (Transtel) (15 July 2017) and OFAC’s settlement with Union de Banques Arabes et Françaises (UBAF) (4 January 2021) CSE and its wholly-owned subsidiary Transtel, both non-US entities, maintained US dollar bank accounts at non-US financial institutions, but transferred money from those accounts to multiple third party vendors that supplied goods or services to Iran. UBAF, also a non-US entity, operated US dollar bank accounts on behalf of Syrian financial institutions and processed internal transfers on behalf of these entities that were followed by corresponding transfers through a US bank.

The danger with non-US parties transacting in US dollars is that this process necessarily involves clearing funds through US correspondent banks, which in turn “causes” US persons to engage in prohibited activity. OFAC has also established jurisdictional nexus where the connection was even more tenuous—for example, where the non-US entity was involved in bankruptcy proceedings in the US when the suspect transaction occurred (see OFAC’s Finding of Violation against B Whale Corporation (3 February 2017).

The US Hong Kong Autonomy Act (HKAA), enacted in July 2020, is of particular significance, as it expressly targets “foreign financial institutions”, which knowingly conduct a significant transaction with individuals who have “materially contributed” to the PRC Government’s “failure to meet its obligations under the Sino-British Joint Declaration or the Hong Kong Basic Law”. Any such financial institution would be subject to a range of secondary sanctions that would effectively exclude it from the US financial system, US financial products, and US investors. Importantly, the senior officers of these financial institutions may also be subject to the same restrictions. Furthermore, the consequences of non-compliance with the HKAA could significantly affect a financial institution’s existing relationships with other financial institutions, customers, and counterparties, and may also affect its ability to operate in other jurisdictions. At present, no financial institution is designated under the HKAA (see Treasury Department’s 11 December 2020 Report to the Congress and 18 May 2021 Report to the Congress pursuant to Section 5(b) of the HKAA). Although the HKAA does not define what constitutes a significant transaction, previous Treasury Department guidance indicates that the totality of facts and circumstances would be taken into account in determining whether transactions are significant, including the size, nature and frequency of the transaction; the level of awareness of management; and whether the transaction is part of a pattern of conduct (see Treasury Department’s FAQ No. 850, on its “Frequently Asked Questions”).

OFAC is increasingly active in the enforcement space, and fines of hundreds of millions of US dollars have been imposed. The risk for banks and other financial institutions is particularly acute, given their operations routinely involve processing of monetary transactions between international parties. Some of the aggravating factors affecting OFAC penalty decisions also disproportionately apply to large financial institutions. Factors such as commercial sophistication, size of operations, financial condition, as well as the volume of transactions that an institution undertakes on an annual basis with the sanctioned party have been factors that were taken into account by OFAC in assessing fines (see OFAC’s Enforcement Guidelines). In the last decade, OFAC imposed nearly USD 4.9 billion in civil penalties for violating US sanctions. The ten largest penalties from this period, accounting for nearly USD 4.3 billion of the USD 4.9 billion, were all imposed on multinational financial institutions.

OFAC also impose non-monetary penalties, including designation on its “Specially Designated Nationals and Blocked Persons” (SDN) List and mandatory compliance remediation measures. A key consequence of being designated as an SDN is that all property (and interest in the property) belonging to the designated party or any entity that is owned, directly or indirectly, 50% or more by them, individually or with other sanctioned persons, are “blocked”. As such, under this so-called “50 Percent Rule”, any entity that is owned 50% or more in the aggregate by one or more SDNs would in effect be “tainted” and treated as an SDN, even if they are not specifically listed. Unless authorized by OFAC or otherwise exempt, all transactions by US persons (or those that are within or transiting the US) that involve any such blocked property is prohibited. Therefore, the risk of violation and enforcement has significant commercial and reputational ramifications for US and non-US financial institutions.

PRC sanctions

The PRC has recently launched a standalone sanctions regime to counter any “unilateral foreign sanctions” imposed by foreign states against the PRC. The PRC Anti-Foreign Sanctions Law (中华人民共和国反外国制裁法) (“Anti-Foreign Sanctions Law“), was enacted on 10 June 2021 after two readings only (instead of the standard three) and provides helpful clarifications on the application scope of the PRC sanctions regime.

Art. 3 of the Anti-Foreign Sanctions Law applies where a foreign state “violates international law and basic norms of international relations (i) to suppress the PRC under any kind of pretext or based on their domestic laws, (ii) to employ discriminatory restrictive measures against PRC citizens and organizations, and (iii) to interfere with the PRC’s internal affairs” (“Restrictive Measures“). Any individual or entity who is directly or indirectly involved in the formulation, decision, and implementation of the Restrictive Measures (as well as specified affiliate persons) will be subject to a list of non-exhaustive punitive measures, including travel and transaction prohibitions and asset freezes. These measures are similar to those previously announced by the PRC Ministry of Foreign Affairs against specified foreign entities and individuals, but the Anti-Foreign Sanctions Law now provides more clarity on who may be sanctioned as well as the specific punitive measures they may face.

Art. 12 of the Anti-Foreign Sanctions Law also broadly prohibits any organization or individual from “implementing or assisting in the implementation” of any “discriminatory restrictive measures”. If any person violates this provision and infringes the legitimate rights and interests of any Chinese citizen or organization, Chinese citizens or organizations may file a lawsuit to the PRC courts to claim for the cessation of the infringement and compensation for any loss suffered.

Importantly, the Anti-Foreign Sanctions Law also provides clear legislative authority for previous countermeasures introduced by the Ministry of Commerce (MOFCOM), such as the Unreliable Entity List (UEL) Regime and the PRC Blocking Rules:

• The UEL Regime: MOFCOM announced the UEL Regime in May 2019, and in September 2020 introduced specific principles for its implementation (UEL Regulations) (see the Provisions on the Unreliable Entity List (不可靠实体清单规定). The UEL Regulations set out various blacklisting considerations, including actions that endanger the PRC’s national sovereignty, security, or development, or damage the legitimate rights and interests of PRC individuals and entities. The potential consequences include fines and other broad restrictions on travel, investment, and trade. As at the time of writing, no foreign company has been designated under the UEL.
• The PRC Blocking Rules: In January 2021 MOFCOM also announced the Rules on Counteracting Unjustified Extra-territorial Application of Foreign Legislation and Other Measures (阻断外国法律与措施不当域外适用办法) also known as the PRC Blocking Rules to counteract the impact on PRC companies and citizens of “unjustified extra-territorial application” of foreign legislation and other relevant measures. It includes a new reporting obligation on PRC individuals and entities to disclose when they have been restricted from engaging in normal economic or trade activities with a third country entity or individual due to foreign regulations. If an “unjustified extra-territorial application” can be established, such as through the impact of US sanctions, MOFCOM may issue a prohibition order that the relevant measure should not be accepted or complied with by PRC citizens and entities. Following the issue of this order, any PRC citizen or entity may also institute legal proceedings and claim for compensation in a Chinese court, unless an exemption has been granted. As at the time of writing, no prohibition order has been issued by MOFCOM.

Impact of US and PRC sanctions

US and PRC sanctions have significantly impacted, and will continue to significantly impact, the way financial institutions conduct business. At a very basic level, these measures will affect who they can transact with, how they should transact with these parties and if they should transact at all.

US financial institutions are prohibited from dealing with any US sanctioned parties, whether directly or indirectly, or formally or informally. To avoid so-called “secondary” sanctions under the HKAA, non-US financial institutions must also ensure that they do not transact with any of the individuals designated under the legislation. Currently, 34 individuals have been designated under the HKAA, including Carrie Lam, the Chief Executive of Hong Kong. The State Department designated 10 individuals on 14 October 2020, and another 24 individuals on 16 March 2021. All of the designated individuals were already sanctioned under Executive Order 13936 on Hong Kong Normalization.

HKAA considerations aside, non-US financial institutions should also avoid dealing with sanctioned parties. Given the significant financial and reputational risks associated with non-compliance, and the substantial risk of enforcement by OFAC through secondary sanctions, it would not be advisable for non-US financial institutions to ignore US sanctions requirements on the basis that there appear to be no obvious US jurisdictional nexus. OFAC has stated in its May 2019 Framework for OFAC Compliance Commitments (“OFAC Compliance Manual“) that it “strongly encourages organizations subject to US jurisdiction, as well as foreign entities that conduct business in or with the United States, US persons, or using US-origin goods or services” to adopt a compliance program to comply with OFAC standards. Additionally, compliance with OFAC requirements would also avoid any potential violation of sanctions-related contractual provisions with other counterparties, such as insurers.

Finally, for financial institutions operating in the PRC and Hong Kong, a growing concern remains on complying with competing sanctions requirements. The US sanctions regime is broadly applicable to, and is strictly enforced against, US and potentially non-US financial institutions alike. In contrast, the possibility that compliance with US or other foreign sanctions may lead to countermeasures under the Anti-Foreign Sanctions Law, the UEL Regulations and the Blocking Rules, cannot be discounted. 

Best practices: What financial institutions need to know and do

The most important and effective way to ensure compliance with sanctions laws and regulations around the world is to implement a comprehensive risk-based sanctions compliance program. It is insufficient to simply rely on off-the-shelf screening products or one-size-fits-all solutions—the compliance program needs to be tailored to the business-specific and region-specific risks that are faced. From a US sanctions perspective, for example, particular attention should be paid to parties that operate in one of the targeted industries, or parties that have strong government connections.

The OFAC Compliance Manual lists five essential elements of a successful compliance program. OFAC expressly states that it will “consider favorably” companies that had effective compliance programs at the time of an apparent violation. OFAC has also broadly adopted the same compliance framework in a recent settlement agreement with a non-US enforcement subject (see, for example, OFAC’s settlement with UniCredit Bank AG (15 April 2019)):

1. Management commitment to and support of the risk-based compliance program.
2. Adopting a risk-based approach to designing or updating the compliance program, including conducting a routine and ongoing “risk assessment” to identify potential sanctions issues.
3. Having in place effective internal controls, including policies and procedures, in order to identify, escalate, report, and keep records of activities that may be prohibited under US sanctions. Two important controls include: (i) sophisticated sanctions screening capabilities and (ii) robust due diligence measures, which we further elaborate on below.
4. Assessing the effectiveness of the internal controls implemented and checking for inconsistencies between these and day-to-day operations.
5. Communicating compliance standards to all employees and personnel on a periodic basis through a structured and tailored training program.

Sanctions Screening and Diligence

Sanctions screening against international sanctions lists (including both US and PRC sanctions lists) should be conducted at the outset of any client relationship or transaction with a new counterparty and at regular intervals throughout the course of the relationship/transaction to take into account any new updates to restricted party lists. It is insufficient to simply rely on manual desktop searches against the name of a client or counterparty, which would be highly inefficient and will likely result in false negatives, given the OFAC’s “50 Percent Rule” (as explained above). It has been observed that an increasing number of financial institutions are outsourcing this function to external sanctions experts, like law firms and risk advisory companies, which have the technological capabilities and sanctions knowledge and experience to carry out this work efficiently and effectively.

Due diligence is a process that both supplements and informs basic sanctions screening. Financial institutions’ core Know-Your-Client (KYC) and other diligence processes allow them to gather more substantive information about the identity and background of its customers and counterparties, including their subsidiary entities and affiliates. This will suggest additional sanctions searches where necessary from a risk-perspective. It is important to request responses to broad questions covering all types of dealings, all geographical areas, and all restricted party lists during this process to ensure that relevant information is provided.

After the screening and due diligence processes have been carried out, contractual and other documentary protections should be utilized. This includes mandatory sanctions declarations in account opening forms, as well as sanctions representations and warranties and covenants in financing and other agreements. Other contractual protections, such as a broadly drafted “material adverse change” and termination clauses, may also allow the financial institution to mitigate its risks by allowing unilateral termination of its relationship (or a transaction) with a newly sanctioned party.

Contingency measures should also be put in place to actively identify, flag and address any newly-designated customer or counterparty. The protocol should contain practical guidance and standard operating procedures from a legal, commercial, and reputational point of view, to escalate and review sanctions lists and media findings on potentially sanctioned parties.

Ultimately, the current web of US and PRC sanctions will only get more complex going forward. Any decision on compliance with competing sanctions requirements will require thorough risk assessment from both US and PRC law perspectives, as well as careful consideration of both legal and commercial concerns. It will be vital for financial institutions to keep up to date with political, legal, and economic developments in this space, and seek specialist sanctions advice to adequately mitigate the attendant risks.

This article was first published on China Law & Practice, www.chinalawandpractice.com