Viewing U.S. export controls and economic sanctions compliance as a cost center misses the strategic marketing and reputational benefits to be gained by implementing an effective compliance program. Customers, suppliers, joint venture partners, and investors crave the stability and reliability offered by supply chain partners with effective compliance. In stark contrast, companies without the foresight to make the investment in compliance can offer only unnecessary licensing delays, protracted due diligence checks, and the ruinous collateral consequences of enforcement actions. A solid compliance program makes good business sense in today's ramped-up enforcement environment, with unprecedented multi-million dollar fines and jail time for violations of these trade regulations.
U.S. Export Controls
The compliance program must address U.S. export controls, which are primarily administered by the U.S. Departments of State and Commerce. The State Department's Directorate of Defense Trade Controls ("DDTC") controls exports of arms, components, and related technology and services pursuant to the International Traffic in Arms Regulations ("ITAR"), which also regulates the activities of anyone dealing with these U.S.-origin defense items, including overseas brokers and facilitators. The Commerce Department's Bureau of Industry and Security ("BIS") regulates virtually all other goods, technology and software pursuant to the Export Administration Regulations ("EAR"). Both agencies have licensing authority for the items within their jurisdiction, placing restrictions on end uses, end users, and certain destinations depending on the sensitivity of the particular item to be exported.
EAR and ITAR controls apply extraterritorially to the export and reexport (shipment between non-U.S. countries) of U.S.-origin goods by any person, whether or not such person has any ties to the United States or is subject to U.S. jurisdiction. They also apply to certain activities of U.S. persons as well as those of non-U.S. persons if they are in the United States.
Civil penalties can be as high as $250,000 to twice the value of the transaction per EAR violation and $500,000 per ITAR violation. Criminal penalties for willful violations can be as high as $1 million per violation or 20 years in jail. The cost to businesses in monetary penalties is compounded by the risk of contract debarment, forfeiture, and the loss of export privileges.
U.S. Economic Sanctions
The program must also take into account U.S. economic sanctions, administered primarily by the U.S. Department of Treasury's Office of Foreign Assets Control ("OFAC") with some overlap with BIS under the EAR. Economic sanctions are of two types:
• Comprehensive restrictions applicable to unlicensed exports and reexports of U.S.-origin goods to countries designated as State Sponsors of Terrorism, including: Cuba, Iran, North Korea, Sudan, and Syria.
• Sanctions targeting specified persons such as members of political factions in Burma, Lebanon, and Liberia or persons involved in terrorism, drug trafficking, and WMD proliferation.
Knowledge of the specific sanction program is critical to compliance as each program has tailored restrictions that vary widely. Economic sanctions are binding on all U.S. persons, that is, anyone in the United States, U.S. citizens and green card holders wherever located, worldwide activities of U.S. companies including their non-U.S. branches, and U.S. offices of non-U.S. companies. Under some programs, the applicability of the sanctions is broader. For example, activities of non-U.S. companies that take place in the U.S. or involve an employee that is a U.S. person or green-card holder require compliance with U.S. economic sanctions.
Prohibitions include dealing in property or interests in property (very broadly defined) of targeted persons that come within the U.S. or within the possession or control of a U.S. person, and also include the import or export of any goods or services (including financial services and advice) to or from a target country or its government, whether directly or through third countries. Again, the program is administered through a system of licensing that is coordinated between OFAC and BIS, which can be complicated.
Civil penalties for sanctions violations are the same as for EAR violations, since both are governed by the same law: as high as $250,000 or twice the value of the transaction per violation. Similarly, criminal penalties can be up to $1 million per violation and 20 years in jail.
Recent enforcement trends reflect a heightened determination to ensure that the high cost of non-compliance is being felt beyond the usual suspects and on the diverse array of business dealings potentially subject to export jurisdiction. Knowledge gaps that have resulted in heavy penalties include the failure to understand the regulatory risks involved in mergers and acquisitions, to manage human resources in companies that trade in sensitive technology, and to recognize liabilities that can be incurred by successor companies as well as any link in the business supply chain.
Some recent cases illustrate this impact, not just on U.S. companies and not just for traditional exports of tangible goods. In January 2009, DDTC imposed a $25 million fine against Qioptic, a Luxembourg-based company, for a subsidiary's unlicensed exports of military grade night vision items and technology, prior to its acquisition by Qioptic. In another case, the release of sensitive controlled technology to unauthorized foreign nationals, known as a "deemed export," resulted in a $126,000 BIS fine against Ingersoll Machine Tools. The CEO of Ingersoll Machine Tools said the violation was an oversight, since they didn't know licenses were required to hire six Indian nationals, recent graduates from local universities who were here legally.
Beyond targeting multinational corporations, enforcement efforts are directed at all industry sectors that facilitate trade in controlled exports. Freight forwarders and logistics companies have been at the forefront of this trend, but increasingly financial institutions, including insurers, are being required to minimize the risk and liability associated with non-compliance. In August 2009, OFAC and BIS concluded a settlement agreement with DHL, for $9.44 million in fines for hundreds of shipments to Iran, Sudan and Syria, as well as recordkeeping failures. Moreover, banks facilitating transactions with sanctioned countries are paying particularly heavy fines. Lloyds TSB Bank, Credit Suisse, Wachovia and mostly recently, ABN AMRO have collectively paid over $1.2 billion in civil and criminal fines for not having adequate programs in place to comply with U.S. sanctions.
OFAC has also enlisted the insurance industry to defend against "foreign threats to our national safety, economy and security" by making insurers responsible on a strict liability basis - not only for their own trading practices, but those of customers who violate the sanction and embargo rules. These rules apply to U.S. underwriters, brokers, agents, primary insurers, and reinsurers, as well as U.S. citizen employees of foreign insurance companies.
Threat To Global Business Opportunities
Implicit in these examples are the collateral consequences to a company's competitive position. The mere threat of losing export privileges and the high litigation costs associated with regulatory investigations, regardless of the result, make trading partners in information technology, defense materials, and associated products cautious in dealing with U.S. business partners in their supply chain or relying on U.S. finance to support their transactions. Concerned with the bureaucracy of U.S. regulations and the risk that failure or delay in procuring the proper licenses may disrupt or block transactions, many foreign purchasers are hesitant to partner with U.S. businesses in export controlled deals. To overcome this hesitancy, companies must demonstrate the expertise and preparation to efficiently navigate the processes associated with licensing in order to prevent delays, potential investigations, and other costly complications. The ability of U.S. businesses and financiers to instill confidence in their understanding of and compliance with regulatory obligations is thus key to obtaining business and maintaining global competitiveness.
At a minimum, a compliance program should include the following critical elements:
• A written compliance program , circulated with strong management endorsement, and made accessible on the company website with e-mail updates. The program should include a forceful statement of commitment to compliance at the highest level of company management. The program should include a compliance infrastructure, a training regimen, recordkeeping procedures, regular auditing, a reporting and whistle blowing mechanism, an internal investigation procedure, a disciplinary policy, and incentives. Each of these elements should be adjusted to the company's size and particular risks.
• Adequately resourced compliance program infrastructure , with responsibility placed at an appropriate level of management, with trained compliance professionals who have adequate authority and access to senior management. The levels of compliance management below the central compliance officer will depend on the company's size and business. Incorporating compliance as a criterion in managers' performance evaluations is a no-cost way to encourage adoption of compliance measures.
• Compliance training , with appropriate scope, depth, regularity, focus and coverage, adapted to the real risks facing a particular company, with a means of assessing understanding. While all relevant employees should be trained to recognize and report red flags, compliance personnel should have a higher level training to evaluate and advise on appropriate responses. Existing internal auditors can be trained to incorporate an export control component in their regular audits thereby increasing the coverage of the export control auditing program with minimal investment.
• Screening and recordkeeping procedures, that protect and document the company's compliance efforts.Screening of all parties to a transaction, against all agency lists, throughout the life of the transaction, with documented results and resolution of matches against designated parties is crucial to compliance. Moreover, records of the screening should be kept with the records that agencies require companies to keep, in an organized and accessible system. Recordkeeping violations carry the same fines as substantive violations.
• Auditing, reporting and remediation mechanisms, that will withstand scrutiny by government enforcement agencies. Regular audits and reviews to identify export violations are critical. Furthermore, any investigation of such violations must be credible and thorough enough to identify whether the violation is a systemic problem or an isolated instance and whether it is deliberate or the result of a misunderstanding. Communication with government regulators must be considered and undertaken carefully. In some instances, an exhaustive investigation is not necessary so that the company can focus its resources on aggressive remediation. Counsel with experience in conducting internal investigations and expertise in export controls and economic sanctions, including dealing with BIS, DDTC, OFAC, and DOJ, can provide guidance.
Effective compliance will strengthen a company's business position by instilling customers, suppliers and other trade partners with confidence in continuity. When considering whether to cut back on compliance measures, factor in the very real loss of key business relationships and opportunities as potential partners look elsewhere for reliability, in addition to the increased risk of loss due to violations. Done well, compliance makes good business sense.
Wendy Wysong is the former Deputy Assistant Secretary for Export Enforcement, Department of Commerce, and an Assistant U.S. Attorney in the District of Columbia. She is now a partner with Clifford Chance US LLP in Washington, D.C