With continually evolving regulations, broad extraterritorial reach and significant penalties for non-compliance, export controls and economic sanctions are high-stakes areas for companies in and outside the United States.

Les Carnegie, a partner in Latham & Watkins' Export Controls, Economic Sanctions & Customs Practice, discusses the latest developments in the area and offers guidance on how to make sure your company is in compliance.

How are US export controls changing and what should companies know about these changes?

Carnegie: At the moment, US export controls are undergoing significant revisions as a result of the Export Control Reform Initiative. Under this initiative, the leading US export control agencies are working towards the ambitious goal of creating a “Single Control List” of items subject to varying levels of export control restrictions, a single US agency for export licensing, a single IT infrastructure to submit and process license applications and a single enforcement agency. Today, the US Commerce Department and the State Department are working on revising their respective control lists — the Commerce Department’s Bureau of Industry and Security (BIS) maintains a list of dual-use commercial products called the Commerce Control List (CCL); while the State Department’s Directorate of Defense Trade Controls (DDTC) maintains a list of defense articles called the United States Munitions List (USML). What that means in practice is that the agencies are trying to put “higher walls” around fewer sensitive items to enhance national security, assist US allies and enhance the competitiveness of key US manufacturing and technology sectors. 

Starting in mid-October 2013, the aerospace industry will experience a significant first step in export control reform. Under new regulations scheduled to take effect on October 15, certain military aircraft and related equipment and technologies are moving off the USML and onto the CCL, along with new regulatory definitions, such as “specially designed,” as well as other “transition” rules, for instance to eliminate the need to secure licensing from both BIS and DDTC for a single export. What this means for US companies with established export control programs is that they will need to reevaluate how their products, software and technologies are classified. And for companies that have neglected to focus on how US export controls impact their business, the current Export Control Reform Initiative is a perfect opportunity to dig into the new rules and upcoming changes.  

Are you seeing any new trends or developments in US sanctions?

Carnegie: In the past few years, sanctions against Iran have increased, and the way these sanctions have been extended and strengthened may signal a trend for future US sanctions programs. 

The US sanctions against Iran have had a direct impact on US companies since the mid-1990s. Recently, these sanctions were expanded to reach parties that are owned or controlled by a US person, which includes foreign subsidiaries of US companies. This development largely brought the US sanctions against Iran on par with the reach of the long-standing US sanctions against Cuba. 

In addition, both the US Congress and the Obama Administration have implemented a number of “secondary” or extraterritorial sanctions measures that target the activities of non-US banks and companies in or relating to certain sectors and parties in Iran (e.g., energy, shipping, automotive and shipbuilding sectors), even if the non-US companies and banks have little or no connection to the United States. These sanctions — which can include, among others, a denial of access to US financial markets or the inability to contract with the US government — are intended to alter the behavior of parties that are beyond the reach of the United States’ primary sanctions against Iran.  

In addition, recent US legislation now requires issuers that file annual or quarterly reports with the US Securities and Exchange Commission (SEC) to disclose in their public filings certain activities in or relating to Iran or with respect to certain Specially Designated Nationals listed under terrorism or WMD executive orders. These disclosures are required even when the disclosable activities by non-US companies are entirely lawful. This type of "sunshine measure" — which blends US sanctions and SEC requirements — could be expanded to cover other activities determined to undermine US foreign policy and national security. This new SEC disclosure requirement is something we have seen a lot of questions on recently in our practice.

What are a couple of factors companies should think about when designing a foreign trade controls program?

Carnegie: A critical element of any effective foreign trade controls program is the accurate classification of the company’s products, software and technologies (collectively “items”).  At the outset, a company needs to determine which US agency or agencies have jurisdiction over its items. For instance, the Commerce Department has jurisdiction over dual-use commercial items and short supply items (e.g., crude oil), the Department of State has jurisdiction over defense articles and defense services, the Department of Energy has jurisdiction over nuclear technology and natural gas exports, the Nuclear Regulatory Commission has jurisdiction over nuclear materials and equipment, and other agencies have similar roles. Once the company has identified the agency with jurisdiction over its items, the classification exercise requires a close review and analysis of the regulations conducted together with someone who is intimately familiar with the technological aspects and parameters of the company’s items. If there is doubt as to the proper jurisdiction or classification of the item, the agencies generally accept filings to help companies make these important determinations.  

Once a company has accurately pinned down the export jurisdiction and classification of its items (a conclusion that may change over time, especially in light of the Export Control Reform Initiative discussed above), the company can then determine where its items can be exported or transferred without export or reexport licensing from the US government, assuming no end-use or end-user restrictions or concerns. 

An effective foreign trade controls program also includes policies, procedures, tools and mechanisms to ensure compliance with the embargo programs administered and enforced by the Treasury Department’s Office of Foreign Assets Control (OFAC). For US companies, and in some cases their foreign subsidiaries, some markets may be entirely off-limits (with certain limited exceptions and exemptions), such as Cuba, Iran, Sudan, Syria, and North Korea.  In addition, OFAC maintains a government blacklist called the List of Specially Designated Nationals (SDN List). Parties on the SDN List — many of which are located in jurisdictions not subject to a comprehensive US embargo — are also generally off-limits to US companies. An effective foreign trade controls program implements solutions to prevent dealings with markets subject to US sanctions and to guard against dealings with parties on the SDN List by screening customers, banks, vessels, and other parties against the relevant US government blacklists. 

How should companies approach export control and sanction compliance when considering an acquisition or merger, including the relevant of export control to CFIUS considerations?

Carnegie: Analyzing past compliance with US export control and US sanction compliance is a vital part of any due diligence review in the deal context. As companies are contemplating an acquisition or a merger, they should be evaluating the target's past compliance with these laws. US export control and sanctions agencies have a track record of pursuing theories of vicarious liability and holding the acquirer responsible for violations by the target party, even if they occurred before the acquisition, and especially if the non-compliant conduct continues after closing. As the acquirer, in advance of closing, you want to have a good sense of the potential legal exposure as a result of the target's non-compliance with US export controls and sanctions.

When US companies acquire or merge with businesses outside the United States, there is additional emphasis on identifying early in the diligence whether the non-US company does business with countries subject to US sanctions — such as Cuba, Iran, Sudan and Syria — or parties that are generally off-limits to US companies and are identified on the SDN List.  So, for example, if the foreign target is a company in Europe that has contracts with parties in Iran, that business would have to be discontinued in advance of the closing, or the US company could be liable.

With respect to foreign companies making investments in the United States, such as acquiring a US business (or acquiring a US subsidiary as a result of a merger with a foreign company), it is also imperative to evaluate the need to secure a national security clearance from the Committee on Foreign Investment in the United States (CFIUS).  CFIUS considers the impact on US national security of “any merger, acquisition, or takeover … by or with a foreign person which could result in foreign control of any person engaged in interstate commerce in the United States.” 

CFIUS is a multi-agency group chaired by the Secretary of the Treasury that includes, among others, the Secretaries of Defense, Homeland Security, State, Commerce and Energy, and the Attorney General.  Parties to transactions that are subject to CFIUS jurisdiction make “voluntary” filings with CFIUS to obtain clearance prior to closing, though CFIUS is authorized to commence a review without a filing, including after a transaction has closed. If CFIUS determines that a transaction threatens to impair US national security, the President can block or unwind the transaction. 

Securing CFIUS clearance is particularly important for US businesses that have products or technologies that are subject to stringent dual-use export controls under the Export Administration Regulations (EAR), or businesses involved in the manufacture, trade, or provision of defense articles and defense services regulated under the International Traffic in Arms Regulations (ITAR). The ITAR also impose an independent and mandatory 60-day pre-close notification requirement where there is an intended sale or transfer to a foreign person of ownership or control of an ITAR-regulated business. 

What kinds of penalties are you seeing for companies who fail to comply with US sanctions and export controls?

Carnegie: The penalties for non-compliance are significant, and they are among the factors that have made compliance with US export controls and sanctions top of mind for industry in the past five to seven years. As a general matter, the baseline civil penalty is US$250,000 per violation or twice the value of transaction, whichever is greater, and a single transaction may have several violations attached to it.  We have also seen that the lead export control agencies — in particular OFAC, the Commerce Department’s Office of Export Enforcement (OEE), and the DDTC — have shown a willingness to flex their enforcement muscle. 

There are also criminal penalties in this area — up to US$1,000,000 per violation and the possibility of 20 years of prison — for those who engage in willful conduct in violation of US export controls and sanctions. In recent years, we have seen a dramatic increase in criminal enforcement of these laws by the US Department of Justice.  

In addition, non-compliance with US export controls and sanctions laws can have profound collateral consequences, such as damage to a company’s reputation and investor relations.  

The Treasury, Commerce and State Departments all accept written voluntary disclosures from parties that have identified instances of non-compliance within their organizations, and these agencies generally give great weight to a company’s decision to make a full and complete disclosure in determining penalties and assessing a company's mitigation efforts. We assist many companies in investigating potential instances of non-compliance within their organization, evaluate disclosure options and make written disclosures to the relevant US agencies.