Recent actions involving the economic sanctions programs administered by the Office of Foreign Assets Control (“OFAC”) highlight the strict liability nature of those programs, as they involve routine low-dollar-value transactions and/or connections with sanctioned individuals that would appear attenuated to the average observer. All US businesses, even those that deal in small-dollar-value transactions or have attenuated ties to international trade, need to be aware of OFAC’s expectation of a comprehensive compliance program and the lack of any sort of de minimis or inadvertence exceptions in US sanctions laws.
In February 2017, a major US retailer disclosed that it had voluntarily disclosed to OFAC that it had violated US economic sanctions with respect to Iran from 2012 until 2016. It appears that the aggregate amount of the prohibited transactions was $100,000, but what is particularly interesting was the size of individual prohibited transactions. The retailer disclosed that one prohibited transaction was a $50 order of consumer products that were sent to an Iranian embassy. Other transactions included a $1,300 order of consumer products by a person sanctioned under Executive Order 13224 and a $250 order of consumer products by a person who may have been acting for an entity sanctioned under Executive Order 13382. Each of these consumer transactions was minuscule in comparison to the retailer’s overall business and none appears to have involved the retailer knowingly doing business with a prohibited person (indeed, the retailer has completely automated order processing systems). Despite these mitigating circumstances, the retailer concluded that it should self report to OFAC.
In another case, in January 2017, OFAC entered into a settlement involving violations of US sanctions with respect to Cuba. In that case, an individual and a small affiliated charity were fined $10,000 for arranging two trips to Cuba for a total of 20 people in 2010 and 2011. OFAC imposed the fine even though OFAC expressly noted both that the violations caused minimal harm to the current objectives of US sanctions law and that the size of the fine was constrained by the individual’s modest financial means.
Another case demonstrates the truly strict liability of US economic sanctions. In September 2016, a US exporter was penalized for exporting seven shipments of orthodontic devices to Iran between 2008 and 2010. In the consent order, OFAC noted that it probably would have granted a special license to the exporter if the exporter had requested pre-authorization for the shipments. The fact the shipments were medical devices, had occurred six years earlier, and could have been allowed under certain compliance procedures did not dissuade OFAC from imposing a $43,000 penalty for transactions that had an aggregate value of $60,000.
Another relevant de minimis case includes two findings of violation that OFAC issued to US insurance companies in August 2016. The insurance companies had issued health insurance policies to three individuals in 1992 and then serviced the policies. The insured individuals were subsequently designated by OFAC in 2009. Between 2010 and 2011, the two insurance companies accepted a total of 34 premium payments with an aggregate value of $14,000 from the sanctioned individuals. While OFAC did not fine the companies for these violations, its findings of violation publicly named the companies and could serve as an aggravating factor in any future sanctions matters.
Lastly, in February 2016, OFAC fined a US oil services company $305,000 for allowing its Cayman Island subsidiaries to provide services to an Angolan oil and gas consortium in which a Cuban government-owned company owned only a five percent interest. In the settlement agreement, OFAC indicated that it expected the US provider would have systems in place such that its Cayman subsidiaries would have conducted due diligence on who owned the consortium and identified the presence of a five percent Cuban-government-owned investor. Under the Financial Crimes Enforcement Network’s recently adopted customer due diligence rule, a bank is not necessarily expected to conduct due diligence to identify sub-25 percent owners of potential customers. OFAC, however, appears to be taking a much harder line on the issue of identifying minority investors in customers.
OFAC officials have publicly stated that they consider even a $1 violation to be important because it shows that a company’s compliance systems are not sufficient to prevent all prohibited transactions. This can be a difficult standard for many businesses, especially high-volume, low-dollar-value businesses, to address. By contrast, anti-money laundering requirements incorporate risk-based compliance measures rather than impose strict liability for violations. Similarly, US criminal laws typically require a wrongful state of mind as an element of any violation.
Given OFAC’s focus on violations regardless of the dollar value of the transaction at issue, it is good practice for all companies—including those engaged in a large volume of low-dollar-value transactions—to dedicate compliance resources to identify and investigate potential violations of US sanctions. Companies may wish to engage outside counsel to assist in investigating the violations, implementing appropriate remedial measures and determining whether a voluntary self-disclosure to OFAC would be prudent.