Export control and sanction requirements have been around for years, but now are taking on increasing prominence in the wake of record-setting fines. Basic economic sanctions compliance best practices are being adopted by many multinational automotive exporters to minimize their sanctions-related regulatory risks.
Proper economic sanctions compliance often overlaps with export controls compliance. This is because the export controls and economic sanctions regulations work hand in hand, with export controls primarily aimed at controlling U.S.-origin goods, information, technology and software, and economic sanctions primarily aimed at the actions of U.S. persons, including their investment activities and trading activities. Some U.S.-based multinational companies have dealt with sanctioned countries, such as Iran, for many years. But these dealings have always been completed using foreign subsidiaries, which under certain circumstances — including operating completely separate from U.S. headquarters and without the involvement of any U.S. nationals — do not fall under the jurisdiction of U.S. sanctions regulations. The exception is in regard to the Cuban sanctions, which are issued pursuant to the Trading with the Enemy Act and accordingly extend to foreign subsidiaries.
Many multinational automotive companies are reconsidering these transactions in light of recent enhanced enforcement activity. Regardless of whether such sales are occurring, with the recent tightening of the Iranian sanctions, the advent of European Union (EU) sanctions against trade with Iran and generally heightened enforcement of economic sanctions laws, the importance of sanctions compliance has never been greater.
Establishing an economic sanctions compliance program
As a starting point, it is essential to conduct a thorough economic sanctions risk assessment. Key considerations are the areas of operation of all subsidiaries and affiliated companies, the customer base and where they likely sell and resell products, the export control status of the goods and technology involved and whether there are arguments that any services are provided where the benefit would be received in sanctioned countries or by sanctioned persons. More specifically, to help delineate areas of risk, the company should consider the following:
• The customer base, with lower risk being presented by a stable, well-known customer base and higher risk by a large, fluctuating client base.
• The number and variety of countries served, including the presence of customers in countries known to present higher diversion risks (such as many Middle Eastern countries).
• The presence of customers in countries with a recent history of OFAC enforcement actions, such as can occur where subsidiaries deal with high-risk countries or known diversions risk points. Known diversion points include certain non-sanctioned countries of the Middle East (risk of diversion to Iran and Syria), and much of Central America (risk diversion to narcotics traffickers).
As with other compliance elements, a company needs to engage in a risk-based approach to sanctions compliance. The goal is to have a program that:
• Automatically screens exports to countries under embargo and other restricted persons or entities;
• Ensures that the company “knows its customers” and is aware of discoverable reexports and other attempts to circumvent U.S. export controls and sanctions requirements;
• Incorporates the latest changes in regulations and SDN lists;
• Screens all new customers and destination countries for potential embargo or restricted-person issues;
• Ensures that exporters and U.S. persons “know their customers” and are aware of discoverable re-exports and other attempts to circumvent U.S. embargoes;
• Analyzes exports of products from foreign subsidiaries for potential sanctions issues;
• Takes reasonable steps to identify related parties and customers to ensure the true end user is known and allowed;
• Allows ready differentiation between allowable and disallowed transactions with countries under embargo, based upon the transaction at issue;
• Automatically screens against frequently changing blocked-person lists, including known aliases and related parties, subsidiaries and other affiliates; and
• Ensures prompt follow-up on suspected violations, including automatic procedures to prevent shipment where a potential violation is unearthed.
PAGE 3
Interdiction procedures
A key part of sanctions compliance program is that it lays out the due diligence requirements for customers and other persons who are receiving goods, services, information and technology. This involves gathering information regarding customers and other export recipients and comparing it to the regularly updated databases of designated entities.
The process should guide the user through relevant steps. At a minimum, a company should consider the following checks:
• Pre-order entry screen checks and application of know-your-customer red flags;
• checks on lists of blocked persons;
• checks on end-use restrictions (missile systems and unmanned air vehicles, chemical and biological weapons and nuclear end uses);
• checks on product and country licensing; and
• diversion risk checks.
One of the key headaches of coping with export controls and economic sanctions requirements is the number of forbidden companies and entities, which currently total more than 6,000 individual entries. Although some companies still manually download the file from Office of Foreign Assets Control and scan using common search terms in a word processor, a more rigorous approach is to use interdiction software.
Given that the lists of blocked persons include thousands of individuals and entities, and variations on their names, it is hard to see how proper compliance can occur for larger companies that may be processing hundreds or even thousands of transactions without the use of some form of interdiction software, whether purchased from an outside vendor or developed internally. These products, which generally are available over the Internet, allow for bulk screening of multiple orders against the large databases of forbidden destinations, people, and entities.
Compliance with export controls and economic sanctions regulations heavily relies on identification of red flags. For this reason, many automotive exporters disseminate red flags throughout relevant areas of the firm (logistics, contracting, order taking and so forth).