U.S. Agencies Issue Tri-Seal Compliance Note on Foreign-based Persons’ Obligations to Comply with U.S. Sanctions and Export Controls

On March 6, 2024, the three U.S. agencies charged with administration and enforcement of sanctions and export control laws—the Department of the Treasury, the Department of Commerce, and the Department of Justice (“DOJ”)—released a new guidance document discussing the legal and compliance obligations of foreign-based persons. The tri-seal compliance note focuses on the legal exposure for non-U.S. companies with respect to U.S. sanctions and export controls and provides compliance considerations for such entities to help mitigate risk.

Applicability of U.S. Sanctions and Export Controls to Non-U.S. Persons 

Sanctions: The note highlights how non-U.S. persons are subject to certain prohibitions administered by the Department of the Treasury’s Office of Foreign Assets Control (“OFAC”). Non-U.S. persons are prohibited from “causing or conspiring to cause U.S. persons to wittingly or unwittingly violate U.S. sanctions, as well as engaging in conduct that evades U.S. sanctions.” Examples of such conduct include when a non-U.S. person:

  • Obscures or omits reference to the involvement of a sanctioned party or jurisdiction to a financial transaction involving a U.S. person in transaction documentation;
  • Misleads a U.S. person into exporting goods ultimately destined for a sanctioned jurisdiction; or
  • Routes a prohibited transaction through the United States or the U.S. financial system, thereby causing a U.S. financial institution to process the payment in violation of OFAC sanctions.

OFAC may impose civil penalties for sanctions violations on a strict liability basis—that is, the person in violation need not know or have reason to know that it was engaging in a violation. The note cites past sanctions enforcement actions targeting conduct by non-U.S. persons, including most recently the settlement with Swedbank Lavia AS. In that case, the entity, a subsidiary of a Sweden-based financial institution, had allowed a customer to use its e-banking platform from an internet protocol address in a sanctioned jurisdiction to send payments to persons located in a sanctioned jurisdiction through U.S. correspondent banks.

Export Controls: Export controls administered by the Department of Commerce’s Bureau of Industry and Security (“BIS”) extend to items subject to the Export Administration Regulations (“EAR”) anywhere in the world and to the foreign persons who deal with them. Export controls apply not only to exports from the Untied States, but also to re-exports from one foreign country to another and in-country transfers. The EAR also applies to goods that incorporate a certain de minimis threshold of controlled U.S. content and certain foreign-made goods produced using U.S. software, technology, or production equipment (also known as goods subject to the so-called foreign direct product rules).

The note provides examples of recent enforcement actions against foreign persons for violations of U.S. export control laws. Among them are the multiple temporary denial orders imposed against foreign airlines for operating U.S. and foreign aircraft subject to the EAR on flights into and out of Russia, pursuant to the imposition of controls on aviation-related items exported to Russia following Russia’s invasion of Ukraine.

Criminal Enforcement

In addition to civil liability, the note describes how the DOJ is authorized to bring criminal charges against non-U.S. persons for wilful violations of U.S. sanctions and export control laws. Under the relevant statutes, prohibited conduct includes (i) causing a violation of any license, order, regulation, or prohibition issued pursuant to the International Emergency Economic Powers Act and (ii) causing or inducing of any act prohibited by, or the omission of any act required by, the Export Control Reform Act or the EAR. 

The note provides recent examples of DOJ indictments against foreign persons for sanctions and export control violations. For example, in November 2023, the DOJ announced a guilty plea by Binance, a cryptocurrency exchange company, for offenses including violations of U.S. sanctions. Binance “admitted to knowing that it had a significant number of users from comprehensively sanctioned jurisdictions, such as Iran, as well as a significant number of U.S. users, and Binance further knew that its system would cause U.S. users to transact with users in sanctions jurisdictions.” In addition, in December 2023, DOJ charged one Iran-based person and one China-based person “for conspiring to illegally purchase and export from the United States to Iran dual-use microelectronics commonly used in UAV production.” The defendants allegedly caused Canadian and French companies to place orders with U.S. manufacturers to be re-exported to Iranian end users.

Compliance Considerations for Foreign-based Persons

The tri-seal compliance note concludes by discussing compliance considerations for foreign-based persons to avoid violations of U.S. sanctions and export controls. These include: 

  • Employing a risk-based approach to sanctions compliance;
  • Establishing strong internal controls and procedures to govern payments and the movements of goods;
  • Ensuring that know-your-customer information and geolocation data are appropriately integrated;
  • Ensuring that subsidiaries and affiliates are trained on U.S. sanctions and export controls;
  • Taking immediate and effective action when compliance issues are identified;
  • Identifying and implementing mitigation measures prior to merging with or acquiring other enterprises; and
  • Voluntarily self-disclosing potential violations of sanctions or export controls.

It should be noted that shortly after the issuance of the note, Deputy Attorney General Lisa Monaco announced a new whistleblower rewards program on March 7. Areas of focus for the program include criminal abuses of the U.S. financial system, such as sanction violations, and foreign corruption cases outside the jurisdiction of the Securities and Exchange Commission. The DOJ will begin to develop the program over the next 90 days, with a formal start date expected later this year. Acting Assistant Attorney General Nicole Argentieri further stated on March 8 that the program is intended to incentivize disclosures of corporate misconduct “where no such incentives currently exist.”

The DOJ’s National Security Division (“NSD”) also updated its enforcement policy on March 7. Updates include NSD’s encouragement to companies to voluntarily self-disclose, in addition to sanctions and export control violations, potential violations “of other criminal statutes that affect national security because they arise out of or relate to the enforcement of export control and sanctions laws, such as money laundering, bank fraud, smuggling, fraudulent importation, and false statement offenses.”

Conclusion

The new tri-seal compliance note provides a succinct and clear explanation of the applicability of U.S. sanctions and export controls to foreign persons. The note builds on the three agencies’ prior engagement with the private sector and emphasis on transparency to date, including the recent announcement of the whistleblower rewards program. It also puts potential violators on notice for the types of conduct that would warrant the attention of the U.S. regulators. Foreign companies should continue to reassess their existing compliance frameworks and protocols based on this guidance.