The complicated and changing nature of sanctions can put organisation at risk of both civil and criminal liabilities if they fail to maintain a high level of due diligence. As Russia issues its first sovereign debt offering since 2013 and Iran opens up to western companies, more businesses face new challenges around compliance.
Russia has launched its first sovereign debt offering since European Union (EU) and United States (US) sanctions were imposed on the country following the crisis in Ukraine. Despite the bond’s prospectus promising not to fund sanctioned companies, regulators in the EU and US have issued warnings over participation to western investment banks that investment could violate the spirit of the sanctions.
If proceeds from the raise were used to fund a sanctioned entity, EU and US banks linked to the transaction may face criminal charges for breaching sanctions regimes placed on Russia’s financial sector.
The recent story highlights the complexity of the sanctions landscape and the challenge this presents to international businesses. International bodies including the EU, the United Nations (UN), and the US Office of Foreign Assets Control (OFAC), issue, regulate and regularly update a complicated list of sanctions involving multiple countries, entities and individuals.
At the beginning of 2016 $100 billion of frozen Iranian assets were released and the majority of financial and nuclear-related sanctions previously imposed on Iran were lifted following the Joint Comprehensive Plan of Action (JCPOA). While many businesses are now assessing new opportunities as Iran encourages foreign investment, several restrictions and bans remain in place relating to Iranian support of terrorism and the government's human rights abuses.
On 26 April 2016 the UK Foreign Office issued updated guidance summarising challenges, considerations and licencing requirements for doing business in Iran, but EU-wide guidance on remaining Iran sanctions does not yet exist.
In addition to trade-related regulations, the impact of national cybersecurity on international business is becoming increasingly important. Most recently the US-proposed ‘Iran Cyber Sanctions Act of 2016’, which is linked to an executive order issued in April 2015, aims to implement legislative processes to impose sanctions on state-sponsored individuals and entities involved in malicious cyberattacks.
In March the US Department of Justice (DOJ) announced an indictment of seven hackers connected to the Iranian government following attacks aimed at a New York dam and a number of financial institutions. While this was the first time the US has charged state-sponsored individuals for cybercrimes, the use of sanctions as a deterrent represents a growing area of additional attention for compliance departments. It demonstrates the substantial risks that remain in Iran and reinforces the potential for sanctions to be reinstated outside of Iran failing to meet its nuclear commitments.
Enhanced due diligence in high-risk jurisdictions can prove challenging when dealing with complex corporate structures. Assessing the risk posed by a potential supplier or customer with any certainty can be difficult in situations where company beneficial ownership is hidden. This can present a particular risk in countries like Iran where trade sanctions have been lifted but a large number of individuals remain sanctioned. If a business is to mitigate any action brought for indirect or unintentional violation it must be able to demonstrate persistent, proactive due diligence and consistent monitoring of sanctions and Politically Exposed Persons (PEP) lists.
Variations in these lists, particularly between the EU and US, also increases the compliance challenges faced by large international businesses. If a company listed in the EU conducts business within a country where EU sanctions have been lifted but US sanctions remain in force, it can be difficult to ensure no involvement of US individuals or US listed subsidiaries.
In February 2016 OFAC issued an enforcement action against Johnson & Johnson (Middle East), a New Jersey listed corporation and wholly owned subsidiary of Johnson & Johnson, for violating the Sudanese Sanctions Regulations. A corporate restructuring in 2009 led to a prohibited shipment of goods to Sudan by a US-listed subsidiary. The case highlights the need for companies to ensure all employees are properly trained in sanctions compliance and that international businesses focus on US compliance requirements.
OFAC stated four factors it considered aggravating in the decision to bring the enforcement action: firstly, that the subsidiary acted with reckless disregard for US sanctions requirements after being made aware that it might be subject to restrictions; secondly, that the subsidiary manager for the region was both aware of and involved in the transaction; thirdly, that the subsidiary is part of a large and experienced organisation that did not properly take into consideration sanctions following its restructuring and finally, that the subsidiary failed in its sanctions compliance training program.
On 31 March 2016, the UK Government officially established the Office of Financial Sanctions Investigations (OFSI), a completely new sanctions-enforcement authority in line with the OFAC in the US. OFSI will be responsible for: applying the new Policing and Crime Bill; raising awareness of sanctions regimes; aiding compliance; detecting breaches and bringing enforcement actions and providing a professional service to businesses and individuals that may be affected by sanctions.
Shortly after its launch, OFSI published updated guidance on the operation of the financial sanctions framework in the UK. This guidance includes export licencing processes and practical examples of common scenarios affected by sanctions regimes.
OFSI aims to ensure financial sanctions make the fullest possible contribution to UK foreign policy and national security goals while maintaining the integrity of the UK financial services sector. Its establishment will increase pressure on UK companies in relation to financial sanctions compliance and the body will be working closely with the private sector to achieve its stated objectives.
1. To protect your business and reputation you need to better understand your customers, employees and vendors. Lexis Diligence brings together all the intelligence you need in one place to conduct consistent due diligence and comply with anti-money laundering and anti-bribery regulatory requirements.
3. Subscribe to our blog to have updates delivered directly to your inbox.