On April 25, 2019, Haverly Systems, Inc. (Haverly) agreed to pay a penalty of $75,375 to the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) to settle charges related to two violations of sanctions restrictions for dealings with JSC Rosneft (Rosneft), which is on the U.S. Sectoral Sanctions Identification List (SSI List). While the amount of the penalty is not particularly substantial, the enforcement action is notable as the first one related to SSI List restrictions and because OFAC clearly is sending a message in urging persons to exercise caution when doing business with sanctioned entities (even if the underlying activities are permitted) and to implement effective sanctions compliance programs.

Overview of Relevant SSI List Restrictions

Under Directive 2 of the SSI List, U.S. persons are prohibited from dealing in certain new debt of specified tenors of Rosneft ranging from 60 to 90 days maturity depending on when the debt was issued or created. “New debt” is defined broadly to include extensions of credit (among others), and OFAC has issued guidance confirming that extending payment terms of longer than the applicable maturity constitutes a prohibited extension of debt to of SSI List entities.

While U.S. sanctions do not generally restrict most business with SSI List entities, companies must ensure that payment terms for the sale of goods or services to SSI List entities are less than the applicable debt maturity threshold from the point at which title or ownership has transferred (for payments relating to sales of goods) or the date of each final invoice (for payments relating to services, subscription arrangements, and progress payments). For example, if a U.S. person sells goods to an SSI List entity subject to restrictions on debt with a maturity of more than 60 days, the U.S. person can only give that entity 60 days or less from the date on which title transfers to the entity to pay for those goods. OFAC has advised that if companies believe that they will not receive payment in full by the end of the permitted period, they should contact OFAC to determine whether a license or other authorization might be required.

Haverly Fined for Receiving Payments Beyond Debt Threshold

According to settlement materials made public by OFAC, Haverly, a software company headquartered in New Jersey, issued two separate invoices to Rosneft in August 2015 related to the licensing of software and purchase of software support systems. At the time, U.S. persons were prohibited from dealing in new debt of Rosneft with a maturity of more than 90 days (this threshold later was reduced to more than 60 days) but were not otherwise restricted from dealing with Rosneft. Haverly therefore was permitted to license software and provide related support to Rosneft. The invoices issued to Rosneft initially had payment due dates of between 30 and 70 days from the date of issuance, which complied with SSI List restrictions in effect at the time.

Approximately 70 days after the invoices were issued, however, Rosneft notified Haverly that it would not make any payments until Haverly submitted certain additional tax documentation, which Haverly was not able to do for several months. Haverly eventually received payment on the first invoice in May 2016, approximately 9 months after the invoice was issued. Rosneft made four attempts from May 2016 to October 2016 to pay the second invoice – each attempt was rejected, properly, by financial institutions which determined that the payment represented a prohibited dealing in Rosneft debt with a maturity of more than 90 days. Haverly was aware of the banks’ potential sanctions concerns but, apparently, due to its lack of a sanctions compliance program, did not recognize at the time that the delayed collection of payments was prohibited. Haverly did not approach OFAC for guidance or authorization and instead worked with Rosneft to find an alternate way to settle the outstanding invoice. Eventually, Haverly re-dated and re-issued the second invoice to Rosneft and successfully received payment in January 2017.

OFAC noted a number of aggravating factors in determining the settlement amount, including that Haverly recklessly disregarded sanctions requirements by ignoring the banks’ concerns, Haverly’s management team had actual knowledge of the conduct giving rise to the violations, and Haverly did not maintain a formal sanctions compliance program. OFAC also determined that the violations were not voluntarily disclosed, but noted a number of other mitigating factors, including that the violations resulted in minimal actual harm to U.S. policy objectives and that Haverly engaged in remedial efforts such as creating a new Sanctions Compliance Officer position and implementing a risk-based compliance program to screen all current and future clients for sanctions purposes.

OFAC Urges Caution and Implementation of Effective Compliance Programs

As expressly noted by OFAC, this enforcement action is intended to demonstrate the general risk associated with engaging in transactions with Russian entities and Russian economic sectors targeted under U.S. sanctions. Companies doing business in Russia should exercise enhanced due diligence in business relationships that might involve SSI List entities to be fully aware of what restrictions might apply. While U.S. sanctions do not prohibit most dealings with SSI List entities, companies should avoid the use of unorthodox business practices such as the amendment or alteration of trade documents, or resubmission of payment information without a sanctions-related term, phrase, or location.

OFAC also is urging companies to develop and implement risk-based sanctions compliance programs which should include:

  • Policies, procedures, and controls capable of identifying at-risk transactions and customers or counter-parties for review;
  • A mechanism to escalate such matters to a sanctions compliance officer or point-of-contact for proper analysis;
  • An ability to respond and react to warning signs regarding potential violations, including transactions blocked or rejected by financial institutions in accordance with OFAC’s regulations; and
  • An adequate training program.

The proper implementation of an effective sanctions compliance program not only can significantly reduce the likelihood of sanctions violations, but also serves as a strong mitigating factor in potential enforcement actions if violations occur notwithstanding a company’s compliance efforts.