THOMSON REUTERS
Westlaw Today
Enter to open, tab to navigate, enter to select
Part II — Converging practices for bribery, export controls and sanctions anti-evasion regimes
2023 PRINDBRF 0317
• Practitioner Insights Commentaries
• July 6, 2023
(July 6, 2023) - In the second part of a two-part series, Hughes Hubbard & Reed LLP partners Michael Huneke and Jan Dunin-Wasowicz provide practical guidance for in-house teams and discuss what it means for sanctions to be the "new Foreign Corrupt Practices Act."
In-house teams who have historically prioritized anti-corruption compliance can leverage their experience to mitigate their companies' export controls and international economic sanctions risks — and in so doing meet U.S. authorities' expectations
In Part I, we explored the "old" FCPA to provide a baseline for considering the implications today for companies' export control and sanctions compliance practices now that the DOJ has prioritized its enforcement efforts and declared sanctions the "new" FCPA. In this Part II, we identify these implications and suggest practical ways in-house departments can respond.
Part II: What are the implications for companies' compliance practices now that DOJ has declared sanctions to be the "new FCPA"?
It is not new that U.S. authorities responsible for enforcement of U.S. export controls and international economic sanctions have stressed the importance of these legal regimes, nor that U.S. authorities have stated an expectation that companies look beyond mere know-your-customer ("KYC") checks in sanctions databases when assessing compliance with sanctions laws. Far from it. Both regimes have for decades been important tools for promoting U.S. foreign policy and national security.
What is new, however, is that the U.S. DOJ is today pointing unambiguously to FCPA enforcement and anti-corruption compliance as the guidepost for both the DOJ's own enforcement efforts and for what it expects from companies in terms of export controls and sanctions compliance.
By expressly rejecting the sufficiency of "sanctions-screening software and attention to a few sanctioned countries" — the equivalent to "check-the-box" compliance in the anti-corruption community — and explaining that sanctions are the "new FCPA" in that "a new level of diligence and attention is required," DOJ could not be clearer that it expects companies to take their ways of addressing corruption risks and applying the same mindset that is successful at mitigating FCPA-evasion risk to their efforts at mitigating export controls- and sanctions-evasion risks. Sanctions are in this sense to be treated as the new FCPA in terms of companies' compliance efforts.
This would include not only companies' third-party anti-evasion due diligence efforts, but also companies' processes for assessing their evasion risks and for responding to allegations or evidence of potential evasion. The Principal Associate Deputy General stated on May 3, 2023, for example, that DOJ is "finding dangerous violations of our national security laws in unexpected places. And we believe company executives and compliance officers need to reassess corporate risks with that threat landscape in mind."1
Such processes are not new to the compliance professionals in the export controls and sanctions fields. Indeed, although the "awareness of a high probability" standard in the FCPA is unique among U.S. federal criminal statutes, it has appeared in U.S. administrative regulations — including since 1996 in the regulations that prohibit evasion of export controls.
The prior redefinition of "knowledge" for U.S. export controls
U.S. export control is a "strict liability" regime, meaning that regulators can impose administrative penalties for export control violations regardless of whether or not the violations were intentional — although in practice, following enforcement guidance, a violators' degree of knowledge is a factor in authorities' determination of the consequences to impose.2
The Export Administration Regulations ("EAR") have nonetheless, in anticipating attempts at evasion, referred to a "knowledge" standard. But the definition of such "knowledge" was not always clear, nor was consistent terminology applied in the EAR regarding knowledge requirements.
In November 1993, the office that is today the Bureau of Industry and Security ("BIS") announced an interim rule that, among other things, addressed requests to adopt a common "knowledge" standard for the EAR.3 The new definition mirrored the 1988 amendments to the FCPA:
Knowledge. Knowledge of a circumstance (the term may be a variant, such as "know," "reason to know," or "reason to believe") includes not only positive knowledge that the circumstance exists or is substantially certain to occur, but also an awareness of a high probability of its existence or future occurrence. Such awareness is inferred from evidence of the conscious disregard of facts known to a person and is also inferred from a person's willful avoidance of facts. . . .4
BIS explained that references to "knowledge" needed to have the same meaning and include more than "positive" (i.e., actual) knowledge.5
As with the FCPA's anti-evasion provision, criminal prosecutions for export control violations also require U.S. prosecutors to establish that the defendant acted "willfully."6
International economic sanctions
The U.S. does not have a monolithic sanctions "regime." Myriad U.S. sanctions regimes exist, each designed to achieve particular U.S. foreign policy and national security objectives.
U.S. sanctions regimes are strict-liability regimes, as are U.S. export controls, in terms of the imposition of administrative penalties. Also as with U.S. export controls, authorities will consider a violator's degree of knowledge in assessing the consequences to impose.7 Unlike the EAR, however, U.S. international economic sanctions have not adopted an express "awareness of a high probability" knowledge standard to fight evasion. For example, under the "Ukraine-/Russia-Related Sanctions Regulations,"8 the anti-evasion provision prohibits "any transaction" that "evades or avoids" the sanctions, causes a sanctions violation, or attempts to violate the sanctions — or conspires to do any of the foregoing.9
Yet there is a primordial call-back to the FCPA's original knowledge standard (discussed in Part I) in the same sanctions regime. The regime includes a definition of "knowingly" as meaning "that a person has actual knowledge, or should have known."10
This definition is used, for example, to prohibit transactions by U.S. financial institutions involving any foreign financial institution that has "knowingly facilitated certain significant transactions," for example, on "behalf of any Russian person included on OFAC's [Specially Designated National ("SDN")] List pursuant to . . . any . . . Executive order addressing the crisis in Ukraine."11 While these prohibited transactions are not directly prescribed as "evasion," they do incentivize foreign financial institutions to look beyond their actual knowledge and consider the risk of what about the transactions they "should have known."
This sanctions regime further requires prosecutors to establish that a defendant acted "willfully" in order to impose criminal penalties, just as in the case of the FCPA and U.S. export controls criminal enforcement.12
The standards and expectations set in the recent Tri-Seal Compliance Note are thus not entirely foreign to the U.S. sanctions regimes, even if their anti-evasion provisions had not formally adopted it.
Tri-seal compliance note
In the first half of 2023 U.S. authorities have recently re-emphasized their expectations for companies' export controls and international sanctions compliance efforts in manners that reminds companies that the implications of this knowledge standard from the FCPA and export controls anti-evasion requirements extend to the authorities' international economic sanctions anti-evasion expectations.
Specifically, in the March 2, 2023 Tri-Seal Compliance Note, titled "Cracking Down on Third-Party Intermediaries Used to Evade Russia-Related Sanctions and Export Controls," the Departments of Justice, Commerce, and the Treasury state:
Companies such as manufacturers, distributors, resellers, and freight forwarders are often in the best position to determine whether a particular dealing, transaction, or activity is consistent with industry norms and practices, and they should exercise heightened caution and conduct additional due diligence if they detect warning signs of potential sanctions or export violations.13
This is unmistakably a high probability standard. As with the DOJ's FCPA guidance, the Departments' joint Tri-Seal Compliance Note provides examples of such "warning signs" that "can indicate a third-party intermediary may be engaged in efforts to evade sanctions or export controls" and that include several that are familiar to anti-corruption practitioners:
•Use of corporate vehicles (i.e., legal entities, such as shell companies, and legal arrangements) to obscure (i) ownership, (ii) source of funds, or (iii) countries involved, particularly sanctioned jurisdictions;
•A customer's reluctance to share information about the end use of a product, including reluctance to complete an end‐user form;
•Use of shell companies to conduct international wire transfers, often involving financial institutions in jurisdictions distinct from company registration;
•Last‐minute changes to shipping instructions that appear contrary to customer history or business practices;
•Payment coming from a third‐party country or business not listed on the End‐User Statement or other applicable end‐user form;
•Use of personal email accounts instead of company email addresses;
•Operation of complex and/or international businesses using residential addresses or addresses common to multiple closely held corporate entities;
•Changes to standard letters of engagement that obscure the ultimate customer;
•Transactions involving entities with little or no web presence; or
•Routing purchases through certain transshipment points commonly used to illegally redirect restricted items to Russia or Belarus.
When faced with such heightened concerns, the Departments state that "[b]est practices . . . can include screening current and new customers, intermediaries, and counterparties through the Consolidated Screening List and [Treasury's Office of Foreign Assets Control ("OFAC")] Sanctions Lists as well as conducting risk-based due diligence on customers, intermediaries, and counterparties. Companies should also regularly consult guidance and advisories from Treasury and Commerce to inform and strengthen their compliance programs."
Put another way, develop and apply risk-based methodologies for identifying evasion risks and then assessing whether they can be cleared or sufficiently mitigated — just as legal and compliance departments did in response to the FCPA's increased enforcement.
Even more recently, on May 19, 2023, the U.S. Financial Crimes Enforcement Network ("FinCEN") and BIS issued a joint alert reiterating their similar expectations to detect and prevent attempts to evade Russia-related export controls.14 Among other risks, the alert urges financial institutions to conduct export controls evasion risk assessments and "employ appropriate risk mitigation measures," then highlights a "select list of potential red flag indicators of export control evasion" that should be considered "in conjunction with conducting appropriate risk-based customer and transactional due diligence . . . ."15
This joint alert is another unambiguous reminder to companies that common considerations run across the three anti-evasion regimes, highlighting for example the following indicators of evasion risk:
•A new customer . . . was incorporated after February 24, 2022;
•An existing customer who did not receive certain exports prior to February 24, 2022, but who is receiving such items now;
•A customer lacks or refuses to provide details to banks, shippers, or third parties, including about end users, intended end-use, or company ownership;
•Parties to transactions listed as ultimate consignees or listed in the "consign to" field do not typically engage in business consistent with consuming or otherwise using commodities (e.g., other financial institutions, mail centers, or logistics companies);
•The customer is significantly overpaying for a commodity based on known market prices; and
•The customer or its address is similar to one of the parties on a proscribed parties list, such as the BIS Entity List, the SDN List, or the U.S. Department of State's Statutorily Debarred Parties List.16
Practical implications for in-house teams
This practical convergence in anti-evasion regimes offers in-house legal and compliance teams an opportunity to deploy common experience and expertise across otherwise technically distinct (and complex) U.S. enforcement regimes.
In the early 2000s, fighting international corruption become a policy priority for the DOJ. Coupled with the FCPA's own anti-evasion provision, the DOJ and SEC have successfully resolved hundreds of investigations and imposed billions in fines or other penalties. As noted above, this led to the development by in-house teams as a matter of practice and expediency, and by U.S. authorities in the form of guidance, of risk-mitigation methodologies and strategies to identify and address their greatest risks of FCPA evasion.
Now we are in a similar epoch of anti-evasion enforcement encompassing U.S. export controls and international economic sanctions. Again we have the convergence of DOJ enforcement priorities with publicly emphasized guidance urging the adoption of risk-based standards for corporate compliance efforts. U.S. authorities are forecasting an expectation that export controls and sanctions evasion investigations and prosecutions will parallel FCPA enforcement.
In-house legal and compliance departments who might have historically prioritized mitigating the risks of FCPA evasion now face a reiterated and emphasized expectation to apply the same mindset and approach to mitigating FCPA evasion risk to mitigating the risks of export controls and sanctions evasion. The expectation is not that companies reduce anti-corruption compliance resources and redeploy those to export controls and sanctions compliance, but that they maintain those commitments while applying the same mindset and risk-mitigation methodologies discussed in Part I to export controls and trade sanctions compliance (if they are not already doing so).
Thinking of these legal regimes collectively and holistically — and following a similar playbook in assessing risk and responding to alleged violations of any of the three — could also be particularly useful to compliance teams fresh off the successful completion of a settlement with regulators, when their in-house stakeholders very appropriately would assess resource needs and allocation going forward.
If the past two decades of FPCA anti-evasion enforcement and risk management practices are any guide, U.S. authorities will only continue to expect more of companies — even while acknowledging the important roles companies' legal and compliance teams play on the front lines of fighting evasion. This is all the more reason for companies to ensure, to paraphrase DOJ's May 3, 2023 public statements, that they "meet the moment" by leveraging their prior anti-corruption expertise to deal with the "geopolitical and national security challenges that mark today's global environment."17
Notes
1 U.S. DOJ, Principal Associate Deputy Attorney General Marshall Miller Delivers Remarks at the Ethics and Compliance Initiative IMPACT Conference, Remarks as Prepared for Delivery (May 3, 2023).
2 Dep't of Commerce, Guidance on Charging and Penalty Determinations in Settlement of Administrative Enforcement Cases, 81 Fed. Reg. 40,499, 40,508 (June 22, 2016).
3 Dep't of Commerce, Export Administration Regulation; Simplification of Export Administration Regulations, 61 Fed. Reg. 12,715 (Mar. 25, 1996).
4 Id. at 12,930; codified at 15 C.F.R. § 772.1.
5 61 Fed. Reg. at 12,930.
6 50 U.S.C. § 4819(b).
7 See generally U.S. Dep't of the Treasury, Economic Sanctions Enforcement Guidelines, 74 Fed. Reg. 57,593, 57,602 (Nov. 9, 2009).
8 31 C.F.R. Part 589.
9 31 C.F.R. § 589.213.
10 31 C.F.R. § 589.322.
11 31 C.F.R. § 589.209.
12 31 C.F.R. § 589.701(a)(3).
13 Tri-Seal Compliance Note, at 2 (Mar. 2, 2023).
14 FinCEN & BIS, Supplemental Alert: FinCEN and the U.S. Department of Commerce's Bureau of Industry and Security Urge Continued Vigilance for Potential Russian Export Control Evasion Attempts (May 19, 2023).
15 Id. at 5–8.
16 Id. at 9 (footnote omitted).
17 U.S. DOJ, Principal Associate Deputy Attorney General Marshall Miller Delivers Remarks at the Ethics and Compliance Initiative IMPACT Conference, Remarks as Prepared for Delivery (May 3, 2023).
Michael H. Huneke is a partner in Hughes Hubbard & Reed LLP's anti-corruption and internal investigations practice group. Huneke helps clients navigate multijurisdictional anti-corruption investigations, design and execute risk-based strategies for due diligence on third parties, and conduct pre- and post-acquisition anti-corruption due diligence and integration. He is based in Washington, D.C. and can be reached at [email protected]. Jan Dunin-Wasowicz is a partner in the firm's sanctions, export controls and anti-money laundering, anti-corruption and internal investigations, and arbitration practice groups. He has experience navigating economic sanctions, export controls and trade compliance issues from both European Union and U.S. perspectives in a variety of contexts. He is based in Paris and can be reached at [email protected].
)
Michael Huneke)
Jan Dunin-Wasowicz| End of Document | © 2024 Thomson Reuters. No claim to original U.S. Government Works. |