U.S. Agencies Highlight That Sanctions and Export Controls Apply to Non-U.S. Companies and Individuals in Latest Tri-Seal Compliance Note

Please download the full client alert here.

On March 6, 2024, the U.S. Departments of Commerce, Treasury, and Justice issued a Tri-Seal Compliance Note (“Note”) warning non-U.S. persons of the risks of violating U.S. sanctions and export control laws.

The Note follows previous tri-seal compliance notes focused on voluntary self-disclosure policy and the use of third-party intermediaries for sanctions evasion and reflects enhanced interagency cooperation on enforcement of sanctions and export controls.

The Note does not impose any new legal obligations or amend existing laws.

Application of U.S. Sanction Laws to Non-U.S. Persons

All “U.S. persons” must comply with U.S. sanction laws wherever located. “U.S. persons” are United States citizens, permanent resident aliens, entities organized under the laws of the United States including their foreign branches and subsidiaries and all persons located in the United States. In certain sanctions programs, including Iran, Cuba and North Korea, foreign entities owned or controlled by U.S. persons also must comply with U.S. sanction laws.

However, the Note warns that non-U.S. persons are also subject to sanctions prohibitions. “Non-U.S. persons are prohibited from causing or conspiring to cause U.S. persons to wittingly or unwittingly violate U.S. sanctions, as well as from engaging in conduct that evades U.S. sanctions.”

The Note provides examples of activities by non-U.S. persons that constitute violation of U.S. sanctions, including where a non-U.S. person:

• “Obscures or omits reference to the involvement of a sanctioned party or jurisdiction to a financial transaction involving a U.S. person in transaction documentation;
• Misleads a U.S. person into exporting goods ultimately destined for a sanctioned jurisdiction; or
• Routes a prohibited transaction through the United States or the U.S. financial system, thereby causing a U.S. financial institution to process the payment in violation of OFAC sanctions.”

OFAC may use its enforcement authorities against U.S. and non-U.S. persons who violate applicable sanctions prohibitions. OFAC’s authority to enforce prohibitions against non-U.S. persons is distinct from its authority to impose sanctions on non-U.S. persons.

Application of U.S. Export Controls to Non-U.S. Persons

The U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) administers and enforces U.S. export controls contained in the Export Administration Regulations (“EAR”). All items of U.S. origin, items physically located in the United States as well as items produced outside the United States that incorporate a certain percentage of U.S.-origin components or produced using U.S. technology or software are subject to the EAR wherever located in the world. Such items are “subject to the EAR.”

The Note stresses the extraterritorial application of the EAR and the types of transactions that the regulations cover, which are exports, reexports (transfer from one foreign country to another foreign country) and transfer within a foreign country of all items subject to the EAR.

Criminal Penalties

For willful violation of U.S. sanctions and export control laws, the Department of Justice (“DOJ”) can impose significant criminal penalties including imprisonment of up to 20 years and a fine of $1 million.

How Non-U.S. Persons Can Comply with U.S. Sanctions and Export Controls

The Note recommends measures for non-U.S. persons to remain compliant with U.S. sanctions and export control laws, including:

• “Employ a risk-based approach to sanctions compliance by developing, implementing, and routinely updating a sanctions compliance program.
• Establish strong internal controls and procedures to govern payments and the movement of goods involving affiliates, subsidiaries, agents, or other counterparties to detect linkages to sanctioned persons or jurisdictions that may otherwise be obscured by complex payment and invoicing arrangements.
• Ensure that know-your-customer information and geolocation data are appropriately integrated into compliance screening protocols and information is updated on an ongoing basis based on its overall risk assessment and specific customer risk rating.
• Ensure that subsidiaries and affiliates are trained on U.S. sanctions and export controls requirements, can effectively identify red flags, and are empowered to escalate and report prohibited conduct to management.
• Take immediate and effective action when compliance issues are identified, to the extent possible, to identify and implement compensating controls until the root cause of the weakness can be determined and remediated.
• Identify and implement measures to mitigate sanctions and export control risks prior to merging with or acquiring other enterprises, especially where a company is expanding rapidly and/or disparate information technology systems and databases are being integrated across multiple entities.
• Parties who believe that they may have violated sanctions or export control laws should voluntarily self-disclose the conduct to the relevant agency.”

Conclusion

The Note’s emphasis on extraterritorial application of U.S. sanctions and export controls highlights risks for non-U.S. persons operating in global commerce. Non-U.S. persons are strongly advised to establish extensive internal screening and due-diligence systems and employ a risk-based approach to remain compliant with U.S. sanctions and export control laws.