Breaches of sanctions and export controls can be costly – and the costs are set to increase when the new Policing and Crime Bill, now nearing the end of its passage through Parliament, becomes law. Such breaches can inflict not only reputational damage, contractual penalties and lost business but also seizure of goods, substantial fines and even prison sentences. Companies which trade in military or dual-use goods, or with countries where restrictions apply, are strongly advised to conduct regular audits of their export control and sanctions compliance procedures. Such audits are essential to ensure that compliance procedures remain robust and up to date, to identify any breaches and to manage their disclosure to the regulators to minimise the impact on the business.
Identifying areas of exposure and the penalties for getting it wrong
Ensuring full compliance with sanctions and export control regulations can be complex and onerous, especially if operating in or doing business with certain less stable parts of the world. The first challenge is to identify what restrictions may apply to a proposed transaction. For many companies, sanctions and export controls are relevant only to discrete parts of a business. But where they apply they may prohibit transactions or require that they be licensed. Breaching these restrictions, even inadvertently, can incur penalties.
Export controls and trade sanctions
Potential breaches of UK export and trade controls are considered on a case-by-case basis by Her Majesty's Revenue and Customs (HMRC) and Border Force officials. They may:
- arrest suspects and interview them under caution;
- seize goods at the border or obtain a warrant that permits them to enter business premises and seize relevant goods, documents and electronic materials (in 2015, there were 232 such seizures);
- impose a fine up to three times the value of the goods;
- impose a compound penalty; or
- refer the matter to the Crown Prosecution Service (CPS) to determine whether to mount a prosecution.
Compound penalties have no defined limit but since 2010 have ranged from £1,000 to £575,000. They are offered in cases where there is sufficient evidence that would support criminal proceedings with a reasonable prospect of success. When considering whether to offer to them, HMRC takes into account a range of factors including:
- the seriousness of the alleged offence;
- whether fraudulent intent can be proven;
- the extent of the offender’s efforts to perpetrate the alleged offence;
- the type and value of the items involved;
- the offender’s previous history;
- penalties known to have been imposed by courts for similar offences;
- the extent to which the offender has tried to conceal the offence;
- whether the offender has taken remedial action;
- whether the offender has voluntarily reported the offence; and
- whether the offender has been otherwise compliant.
If HMRC refers a matter to the CPS, they will consider whether the evidence supports a realistic prospect of conviction and whether a criminal prosecution is in the public interest. Export control offences are generally prosecuted under the Customs and Excise Management Act 1979 (CEMA):
- Section 68 (1) makes it an offence for a person to export goods in circumstances where the export is subject to a restriction or prohibition; this is a ‘strict liability’ offence, applicable even if the exporter was ignorant of the law. Convictions are punishable by a maximum fine of up to three times the retail value of the goods;
- Section 68 (2) creates a more serious offence where a person is knowingly concerned in the export of goods with intent to evade a restriction or prohibition. Convictions in the magistrates court carry a maximum fine of three times the value of the goods or six months’ imprisonment or both. In the Crown Court, those convicted face an unlimited fine and a prison sentence of up to 10 years.
For example, in 2014, Gary Summerskill of Delta Pacific Manufacturing Limited was jailed for 30 months and ordered to pay £68,000 or serve a further 15 months in jail, for exporting controlled goods contrary to the regulations, in this case specialised alloy valves to Iran via Hong Kong and Azerbaijan. The company was ordered to pay £1,072,000.
Financial sanctions (i.e. those restrictions other than import or export restrictions) can take a variety of forms, including asset freezes, prohibitions on dealing with named persons or entities and investment bans; the penalty for breach is limited to a fine and/or a maximum of two years in jail. The absence of sanctions enforcement actions in the UK has been notable. However a bill currently passing through Parliament, the Policing and Crime Bill, contains provisions which would give the newly established Office of Financial Sanctions Implementation (OFSI) considerably enhanced powers, and increasing the maximum jail sentence to seven years, potentially also leading to a more proactive enforcement policy. A summary of the proposed new measures features in the following Dechert OnPoint. These proposed changes, if passed by Parliament as seems likely, make it all the more important that firms take appropriate steps to ensure compliance and to detect any breaches at as early a stage as possible.
How breaches may be detected
Most breaches are found in one of three ways.
First, OFSI, HMRC or the UK Border Agency may detect a breach when checking goods at the border, through a whistleblower, intelligence or police work, or during an audit. In minor cases they may allow the exporter to obtain the necessary licence and then to proceed with the export. But in more serious cases, they may decide to take enforcement action.
Second, the Export Control Organisation may detect a breach during one of their regular Compliance Audits of all companies holding open export licences. Such audits generally find some 20% of companies are non-compliant while another 15% are not fully compliant. They receive warning letters and if the issues are not resolved by the time of a re-visit, typically within six-eight months, their export licences may be suspended or revoked. Serious cases may be referred to HMRC at any stage, to consider enforcement action.
In both cases, the non-compliance has been detected by the regulator. This seriously reduces the scope for the offender to mitigate the potential penalty and exposes it to the risk of being accused of a deliberate breach, which carries much tougher penalties.
The third means by which a breach can be detected is by the company itself, for example in the course of an internal audit or as a result of an alert raised by a member of staff, or by an external audit.
Conducting such audits brings advantages: any concerns discovered by external legal experts will be protected by legal privilege and enable the company to benefit from specialist advice to manage the issues in order to minimise any potential penalties and other impacts on the business.
Audits can check for issues including:
- the applicability of export control and sanctions regulations, not only to the parent company but also its domestic and foreign subsidiaries, taking account of all the jurisdictions that may apply, particularly the extraterritorial application of US export controls and secondary sanctions and the anti-circumvention provision in most EU and other sanctions;
- the actions of individuals, particularly any indications that they may have deliberately breached the regulations, as well as any other concerns about their actions;
- Military and Dual-Use Export Controls, applicable to all goods, software and technology rated as military or ‘dual-use’ (i.e. commercial items that may have a military use), and any other item if the exporter knows or suspects that it may be intended for a Weapons of Mass Destruction programme, or for military end-use in a country subject to an arms embargo;
- US Export Controls, which require licensing of the re-export or other retransfer of US-origin military and dual-use goods, and of foreign-made goods incorporating any US-origin military content or more than a defined percentage by value (depending on the destination) of US-origin dual-use components;
- trade sanctions, that place restrictions for certain destinations (e.g. Iran, Russia) on transfers of specific goods (e.g. weapons, oil exploration or production equipment) and related technical or financial assistance;
- asset freezes: the EU, UK, US and other jurisdictions publish lists of entities and individuals, in sanctioned countries or from terrorist groups, subject to asset freezes which in effect prohibit doing any form of business with them, or with any entity which they own or control;
- other financial sanctions that restrict other transactions such as transfers of funds (under the former sanctions regime against Iran) or providing finance or investing in certain sectors;
- more broadly, the company’s compliance policy and procedures including its due diligence processes for new and existing customers, how it determines if sanctions or export controls may apply to a proposed transaction and how it ensures that the conditions of all licences that it holds are fully met.
If a company discovers that it has potentially breached the regulations, it is strongly advised to report the irregularity to HMRC (for export controls and trade sanctions) or to OFSI (for financial sanctions) as soon as possible. If the activities implicate export control laws of countries other than the UK, then disclosure to relevant government authorities in such countries also should be considered (e.g. the US State Department’s Directorate of Defense Trade Controls with respect to US-origin defence articles).
The key benefit of a voluntary disclosure is that it significantly mitigates the risk and scale of the potential penalties. It is important to recognise that voluntarily disclosing a breach does not guarantee that there will be no penalty but it makes a penalty (and a formal finding of breach) much less likely. HMRC and OFSI treat each instance on its merits and in serious cases may decide that a substantial penalty is nonetheless required. But a genuinely voluntary disclosure (as opposed to one made after a regulator has already identified concerns), made fully and promptly, together with a firm’s actions to improve its future compliance, and its level of co-operation with any subsequent investigation, will all be taken into account in deciding on the appropriate level of penalties.
Disclosures to HMRC should include at least:
- details of the export - including dates;
- any relevant documents - such as export documentation and commercial invoices;
- details of how the breach was discovered, why it occurred and what steps have been put in place to ensure it does not happen again.
Disclosure to OFSI should include:
- names of the parties involved, relevant amounts, method of payment, payment route, account names and numbers and the date on which the suspected breach was discovered;
- whether the transaction concerned is completed or an attempted transaction;
- what sanctions regime and specific prohibition is suspected of being breached;
- purpose of the transfer of funds;
- other persons and intermediaries involved in the transfer and their roles; and
- which persons or entities involved in the event documented by the disclosure are aware that the disclosure is being made to HM Treasury.
For both HMRC and OFSI, it is also valuable to include information on:
- the nature and structure of the business and its relevant trading activities;
- the process followed to investigate the potential breaches, to give the regulators confidence that this has been thorough and comprehensive;
- full details of all remedial actions taken, again to give confidence that there is senior commitment to full compliance with all applicable sanctions and export controls, and robust procedures, training and guidance are in place to prevent any recurrence.