In the last several years, the U.S. has been aggressively enforcing laws governing exports and international conduct. This is amply illustrated by the continuing imposition of large penalties on multinational companies for violations of U.S. economic sanctions and export control laws. To stay ahead of the threats, manufacturers can better manage their risk and mitigate costs by adopting a risk-based approach to compliance tailored to their unique method of operations, risk profile, countries of operation, and products sold.

The U.S. government has undertaken a strategy of aggressively enforcing U.S. laws governing extraterritorial conduct. These include the Foreign Corrupt Practices Act (FCPA), economic sanctions largely administered by the Office of Foreign Assets Control (OFAC), and export controls on U.S.-origin goods. These laws underscore the premium that all multinational companies need to place on aggressively identifying and managing regulatory risk, particularly for their international operations.

Many manufacturers—reading the headlines and not the actual changes in the law—have mistakenly concluded that the recent easing of sanctions with regard to Cuba and Iran mean that these countries are “open for business.” This is especially true with regard to their non-U.S. operations, which often have only a hazy understanding of how aggressive and creative the U.S. government is with regard to applying these laws abroad. The reality is, the primary sanctions remain in place for both countries—even for Iran after the announced easing of certain sanctions on January 16, 2016—meaning that the risk of dealing with these countries remains high.

Greater Risk Awareness Leads to Greater Exports and International Compliance

Manufacturers face elevated risk when dealing with large global supply chains, downstream manufacturing by worldwide affiliates, and frequent international trade in U.S.-origin goods, services, and technologies. Multinational business practices also raise concerns, with sales, operations, and joint ventures reaching into countries known for high levels of corruption, industrial espionage, and illegal export diversion.

U.S. laws governing exports and international conduct pose unique risks for manufacturers, especially those in the automotive sector. From the FCPA to ever-changing sanctions and export controls, companies involved in the automotive supply chain face an increasingly complex universe of requirements governing how and where they conduct business overseas. These regimes also shape business decisions at home, with the so-called “deemed export” rule compelling exclusively domestic companies to seek export licenses before disclosing controlled articles, data, software, and technology to their non-U.S. employees. Combined with new disclosure requirements for listed companies and government contractors, the regulatory environment grows more complicated with each passing day.

Enforcement trends amplify these risks. In recent years, U.S. government agencies have targeted automotive and automotive supply chain companies under a number of different regulatory regimes, particularly FCPA investigations.

The importance of compliance also is underscored by the 2015 announcement by the Department of Justice that it will require that in investigations, companies identify individuals who participated in the conduct at issue. The goal is to bring an element of personal liability and responsibility into enforcement actions.

Develop a Comprehensive Approach to International Compliance

With U.S. companies increasingly liable for the actions of their overseas agents and affiliates, a risk-based, integrated approach to international compliance offers the best means of identifying, managing, and mitigating these risks. Faced with these challenges, manufacturers should carefully consider how U.S. laws impact behavior both within and outside the United States.

This means identifying and addressing the risks that are likely to arise based on the nature of their business, the places where they conduct business, and the customers they serve. It also means evaluating the degree to which foreign parties — whether subsidiaries, joint ventures, or even contractors — engage in activities that expose their U.S. counterparts to civil and criminal liability. By taking a comprehensive approach, companies can best manage their risk and mitigate costs by conducting periodic risk assessments, crafting tailored internal controls, conducting frequent training, and coordinating common standards across their entire organizations.

The same principles apply in the domestic compliance context. Suppliers need to understand their areas of risk and rigorously monitor and enforce their compliance policies, procedures, and codes of conduct. Conducting periodic internal reviews, reviewing and updating written policies and procedures, and updating and enhancing training programs are all components of a robust compliance program. Encouraging your employees to report any improper, unethical, or illegal conduct is critical to uncovering any potential fraud within your organization. Clearly delineating responsibility for compliance with various policies and internal controls ensures accountability.