Compliance with international sanctions and export control regulation is a significant issue for companies and their legal and compliance teams. Recent significant sanctions enforcement actions, large fines and resulting reputational damage mean managing sanctions risk is a key issue for a company's risk radar.
For European companies, and those based in the US with European interests, it is often easy to lose sight of obligations under European sanctions and export control regulation. A perception we often come across within the business community is that US regulation is broader and more complex than that in the EU. Companies therefore risk falling into the trap of relying on an over-arching framework, predominantly designed to accommodate US provisions, to manage their global compliance risk. However, there are significant differences between the EU and US regulatory framework and in the interpretation and application of sanctions and export control regulation.
The scope, complexity and extra-territorial application of sanctions and export control regulations imposed by Brussels is a match for anything produced in Washington and its application varies between EU Member States. Destinations subject to EU restrictive measures and the range of prohibited activities are not the same as those under US programmes. There is no transatlantic harmonisation of goods, software and technology which requires prior export authorisation and the list of individuals and entities subject to wide ranging EU and US economic sanctions provisions is not uniform.
WHAT ARE THE RISKS?
A succession of multi-million dollar settlements involving European banks demonstrates the importance of effective risk-based compliance. The recent "high profile" enforcement activity has focused almost exclusively on violations of US regulations administered by the US Office of Foreign Assets Control (OFAC). For the vast majority of trade compliance officers, the biggest concern remains the long-arm reach of US enforcement agencies.
The focus on US regulation is understandable. US enforcement agencies continue to demonstrate a determination to pursue global investigations and a policy of aggressive enforcement. Their interest in European companies is clear - banks financing trade with countries in the Middle East, IT providers transferring US technology, shipping operators transporting goods to Russia, and oil and gas subcontractors undertaking contracts for the Iranian petrochemical sector.
However, adopting a US-centric approach to trade compliance obligations carries significant risks on both sides of the Atlantic. Companies operating in destinations subject to US or EU sanctions programmes, or those in sectors such as finance, insurance, logistics, oil and gas, manufacturing, IT, telecommunications, aerospace, and defence should be particularly wary.
It's often all too easy for companies to assume that:
- International agreements, for example, UN Security Council Resolutions or multilateral non-proliferation treaties, are interpreted and applied in the same way in Europe and the US;
- European regulation does not apply to companies based in the US;
- Extra-territorial application is a unique facet of US regulation;
- Systems and procedures designed to ensure compliance with US trade laws are sufficient to manage regulatory risk in Europe; and
- Activities not subject to prohibition or control in one jurisdiction are permitted in the other.
In today's economic environment companies face increased pressure to consolidate compliance spend and establish harmonised systems and procedures. Compliance with US regulation will undoubtedly continue to be a crucial factor for trade compliance managers wherever they are based. However, for any company involved in international business, there are significant risks of confining regulatory risk management to a single jurisdiction.
MANAGING RISK - WHAT SHOULD YOU BE DOING?
If your company:
- supplies a customer across the Atlantic;
- procures items from a transatlantic supplier;
- is considering securing capital from a US or European investment fund;
- is a branch, representative office, or subsidiary of a parent entity based in the US or EU; or
- simply employs a US or European national,
you will need to consider how to comply with both EU and US provisions. Non-compliance with EU sanctions and export control regulation carries significant civil and criminal liabilities and any breach of US or EU trade restrictions is likely to attract the attention of a wide range of regulators, investigation agencies and enforcement bodies on both sides of the Atlantic.
In order to improve your company's sanctions and export control risk assessment, it is worthwhile considering the following issues:
- Don't assume that US regulation mirrors that in the EU.
- Sanctioned individuals, entities, and countries are not the same under European and US sanctions programmes.
- Transatlantic trade controls don't cover the same products or activities - reliance on the transferability of official rulings therefore carries risk.
- US and EU trade law has wide-ranging extraterritorial application - don't believe the myth that only US provisions have extra-territorial application.
- US re-export controls follow a product throughout its life - has your company investigated whether prior authorisation is required for re-exporting US products?
- Wide-ranging US restrictions on "facilitation" prohibit the provision of certain support services from the US.
- Economic sanctions generally prohibit the transfer of funds to and from EU and US sanctions targets - are you sure that you are able to get paid?
- Do your company's standard contractual T&Cs cover trade compliance obligations - is it possible to minimise your company's exposure to regulatory risks?
- Instances of non-compliance in one jurisdiction will impact on your ability to do business in the other - non-compliance with EU law may restrict opportunities in the US and vice versa.