On March 2, 2023, the US Department of Commerce Bureau of Industry and Security (BIS), Department of Treasury Office of Foreign Assets Control (OFAC), and Department of Justice (DOJ) issued a joint memo highlighting the need for companies to be mindful of Russia and Belarus sanctions. Companies need to ensure their compliance programs are risk-based and adequately address export controls and sanctions activity to avoid fines and penalties through enforcement actions.
Specifically, the memo highlights the need to have adequate compliance oversight around third-party intermediaries as they are one of the most common vehicles utilized to evade sanctions and export controls associated with Russia. Recent enforcement actions have highlighted several attempts to evade sanctions using schemes such as providing aliases to hide the identities of intermediaries, claiming shell companies were in fact intermediaries or end users, and transferring funds from shell companies abroad to US bank accounts then forwarding those same funds to disguise the audit trail. US regulatory agencies will certainly be on the lookout for similar activities going forward in enforcement of sanctions violations.
Such messaging is yet another example of the United States’ increased interest in pursuing sanctions violations and utilizing resources from multiple agencies to investigate wrongdoing. The DOJ and BIS recently announced the creation of the Disruptive Technology Strike Force, which utilizes personnel from several US government agencies to investigate and prosecute criminal violations of export laws, particularly technologies which have military capabilities. Additionally, BIS announced in June 2022 that it would be strengthening its administrative enforcement program through higher penalties for serious violations, training and compliance program enhancement requirements for minor violations, and providing cooperation credit to companies who admit to their wrongdoing as part of settlement agreements.
The memo notes companies should ensure their compliance programs are effective, risk-based, and include management commitment, risk assessments, internal controls, testing, auditing, and training. Specific to the risk presented by third parties, best practices to implement include:
- Screening current and new customers, intermediaries, and counterparts through the Consolidated Screening List and OFAC Sanctions Lists; and,
- Conducting proper due diligence on customers, intermediaries, and counterparties.
Additionally, companies should review recent enforcement actions to understand the methods utilized to evade sanctions, such as those noted previously, assess the risk each presents, and implement proper controls and oversight to mitigate such risk.
This does not solely apply to companies based in the United States; the memo indicates multinational companies also need to be vigilant in their efforts to bolster their compliance programs in accordance with US regulations.
As the fighting instigated by Russia’s invasion of Ukraine continues, companies should bolster their compliance programs, continuously monitor new guidance and enforcement activity, and adjust procedures accordingly to remain compliant in an area of rapidly changing, and increasing risk.
Department of Commerce, Department of the Treasury, and Department of Justice Tri-Seal Compliance Note