Since the start of the Trump administration, the Department of Justice and the Securities & Exchange Commission have resolved 40 cases (against 27 corporate defendants) under the Foreign Corrupt Practices Act (FCPA). In the same timeframe, the Department of Treasury’s Office of Foreign Asset Controls (OFAC) has resolved 33 cases for violating the various sanction programs. However, since the end of the third quarter of 2018, there have been 10 FCPA resolutions against six (6) corporate defendants. By contrast, there have been 18 OFAC settlements during that time period. In 2019 alone, there have been 13 enforcement actions (against 10 different companies) totaling almost $1.3B in settlement payments. This dramatic increase and shift in enforcement activity correlates with an increase in the size of the fines against the violators.

Even though the mega fines have primarily been assessed against the banks, the majority of OFAC and the Department of Treasury enforcement actions have been against non-financial institutions. While most of the enforcement activity concerned Iran, there were several actions resulting from transactions with Cuba. In total, the 2019 enforcement actions covered sanction violations relating to Iran, Cuba, North Korea, Zimbabwe, Syria, Sudan and Russia.

Although small in terms of the fine, OFAC’s most recent enforcement action (April 25, 2019) against Haverly Systems, Inc. portrays how any company in any industry can turn a fairly typical commercial transaction into an OFAC violation by not knowing the rules. Haverly is a software and support company. It licensed software and sold support services to JSC Rosneft, a Russian oil company. Rosneft is an entity on the sectoral sanctions list for contributing to the situation in Ukraine. Under the sanctions programs, U.S. persons are prohibited from transacting or otherwise dealing in new debt greater than 90 days, which includes payments terms. In this case, Haverly licensed software and sold services. Haverly issued two (2) separate invoices for these transactions. One invoice had payment terms due 30 days after issuance and the other invoice 70 days after issuance. Within the due date, Rosneft told Haverly that it needed additional documentation to process the payments. This request pushed the payment beyond 90 days when Rosneft finally paid one of the invoices, which was violation number one. For the second invoice, Rosneft tried to pay, but the banks rejected the payment because it was on the sanctions list and the payment was past 90 days. Instead of seeking a license or guidance from OFAC, Haverly, at the suggestion of Rosneft, re-issued and re-dated the invoice and received payment. Even though OFAC concluded that re-issuing the second invoice showed reckless disregard, OFAC agreed to a settlement of $75,375 after Haverly instituted a robust risk-based compliance program with screening designed to review all current and future clients and appointed a Sanctions Compliance Officer.

2019 has also already seen several enforcement actions (Kollmorgen, AppliChem and Stanley Black & Decker) involving infractions resulting from M&A activities. The newly acquired entities did not stop selling to sanctioned countries or entities, despite controls put in place by the acquiring company. The cases are summarized in the chart below. These cases highlight the necessity that acquirers need to perform appropriate due diligence prior to acquisition and then implement effective controls to ensure that OFAC violations will not occur. Perhaps most important is the need to monitor and audit the acquired entity to ensure compliance.

In addition, e.l.f., ZAG International and Acteon demonstrate the importance of recognizing red flags when dealing in certain high-risk markets or industries. Having a robust sanctions compliance program that includes training for employees and agents on the importance of knowing your customers and the risk of diversions is critical in avoiding violations or mitigating fines and penalties in the event that violations occur.