The Expansive Jurisdictional Reach of U.S. Sanctions
- A Warning to Foreign Businesses -
U.S. sanctions have expansive jurisdictional reach, including those promulgated and implemented by the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”). OFAC’s sanctions target specific countries, groups, individuals, and activities. Notably, a foreign company that utilizes U.S. dollars or financing from “U.S. persons” (e.g., U.S. company, U.S. citizen or permanent resident) are subject to OFAC regulations, even if the company or transaction has no other U.S. nexus. This article (1) highlights OFAC’s recent enforcement action against a foreign company, which had no connection to the United States other than the fact that it engaged in U.S. dollar-denominated transactions with prohibited persons and/or countries, and (2) provides some measures that foreign businesses can adopt to mitigate OFAC sanctions exposure.
OFAC Regulations Can Apply to Foreign Entities with No Connection to the United States
OFAC sanctions generally prohibit “U.S. persons” from trade or financial transactions with countries or persons on the Specially Designated Nationals and Blocked Persons List (‘‘SDN List’’). That said, OFAC sanctions also apply to non-U.S. persons for “causing” OFAC violations (i.e., where a non-U.S. person is sanctioned for causing a U.S. person to commit a sanctions violation). Although there might not be any U.S. persons involved in the underlying transactions (e.g., foreign company shipping goods from a third-country to an OFAC-sanctioned country), the involvement of a U.S. financial institution in any payments associated with these transactions or use of U.S. dollars often results in sanctionable conduct.
Notably, OFAC’s enforcement action against Toll Holdings Limited (“Toll”), an Australian freight forwarding and logistics company, shows how a non-U.S. person can be subject to OFAC sanctions for using U.S. currency. Toll is not owned by U.S. persons or located in the United States or its territories. OFAC did not otherwise have direct jurisdiction over Toll. The company allegedly engaged in transactions where payments were made for shipments involving North Korea, Iran, or Syria, and/or property of a person on the SDN List. Because the payments flowed through U.S. financial institutions, OFAC determined that Toll “caused the U.S. financial institutions to be engaged in prohibited activities with … sanctioned persons or jurisdictions” and thus, liable under the OFAC regulations. OFAC further found that “Toll acted with reckless disregard for U.S. economic sanctions laws” and that Toll “knew or had reason to know of the apparent violations.” The statutory maximum penalty was over USD 826 million. OFAC treated Toll’s voluntary self-disclosure, internal investigation and efforts to strengthen its compliance procedures, however, as mitigating factors. Toll’s penalty was reduced to USD 6 million as a result.
Lessons for Foreign Companies
The Toll case shows OFAC’s increasing willingness to exercise its expansive jurisdiction over non-U.S. persons to protect U.S. national security interests. As such, foreign companies should implement certain measures to minimize the risk of OFAC violations and, if one has occurred, to mitigate potential OFAC penalties.
- Update the Compliance Program as Laws Change: Given the dynamic nature of U.S. economic and trade sanctions, a successful and effective compliance program should be capable of adjusting rapidly to changes in the SDN List. Indeed, OFAC expects that U.S. and non-U.S. companies will “develop, implement, and routinely update” risk-based sanctions compliance programs tailored to their particular business operations. Numerous companies have run afoul of the U.S. sanctions regime by failing to understand OFAC regulations. Because OFAC regulations essentially apply a strict liability standard, ignorance is no excuse.
- Ensure that Employees Receive Sufficient Training: OFAC expects companies to ensure that all appropriate employees and stakeholders are trained on their obligations under U.S. sanctions law. Training should be tailored to the products and services a company offers, the customers, clients, and partner relationships it maintains, and the geographic regions in which it operates. Moreover, training should be given to all appropriate personnel at least annually, and should (1) provide job-specific knowledge based on need, (2) communicate the sanctions compliance responsibilities for each employee, and (3) hold employees accountable for sanctions compliance training through assessments. If there is a confirmed violation, the company should provide training or other corrective action with respect to the relevant personnel.
- Conduct Due Diligence and Monitor Contractual Relationships: OFAC has stated that sanctions compliance provisions in contracts alone are insufficient to shield companies from liability. Prior to entering into any business relationship, a company should conduct appropriate due diligence on the parties involved and their owners and/or controlling shareholders. The compliance and legal departments should be involved to the extent necessary to review the proposed transactions to ensure compliance with U.S. sanctions laws. Companies also should screen business partners, including customers, agents, brokers, and other third-parties, against applicable U.S. prohibited parties lists. The lists that should be consulted will vary depending on the scope and type of business but should include, at a minimum, the SDN List.
- Remediate Quickly and Consider Self-Reporting: If the company discovers that there may have been an OFAC violation, the company will need to ensure that the conduct ceases and take remedial actions. This could include an internal investigation, contract termination, disciplinary action against employees involved in the violation, and enhancements to compliance policies and procedures. The company in consultation with counsel should determine whether the apparent violation should be voluntarily disclosed to OFAC. Under OFAC’s publicly issued Enforcement Guidelines, OFAC considers voluntary self-disclosures, cooperation with the government and timely remediation as mitigating factors when determining the amount and severity of penalties.
Foreign companies should be mindful of their OFAC obligations when conducting business with overseas entities, especially if those transactions are based in U.S. dollars. As the Toll case shows, a transaction using U.S. dollars with no other connection to the United States is covered by OFAC regulations. OFAC violations are financially and reputationally costly. Such risks could be mitigated by improving and strengthening the compliance program, keeping abreast of ever-changing sanctions laws, responding quickly upon discovery of a potential violation and self-reporting if appropriate.
(Written by: Christopher Studebaker)
*This column is provided for educational and informational purposes only and is not intended and should not be construed as legal advice.
For more information and questions regarding this column, reach out to us.