As the sanctions landscape becomes more complex and enforcement efforts expand across an array of federal agencies, it is increasingly necessary to regularly evaluate supply chain and trade operations to ensure companies are meeting their compliance expectations. The problem is compounded as the information technology landscape grows more robust and suppliers and buyers can be screened in real time, as well as the related parties within the transaction.
Sanctions compliance is predicated on strict liability, meaning no set of actions provides a safe harbor from an enforcement action. Consequently, we see a compliance race as part of which new processes and technologies are rolled out every single year. Even if your company is benchmarked to its peers, the compliance program you consider industry standard today may be judged substandard the following year by regulators. To companies under the enforcement microscope, it often feels like OFAC heightens compliance expectations on a regular basis.
Trade operations are extremely complex and require a thoughtful sanctions setup. The first place to start is understanding your customer. Increasingly, integrity monitors in high risk industries have been setting the standard for firms to engage in Know Your Customer (KYC) practices which seek to understand customer’s ownership structures and supply chains. While some firms may need to take a risk based approach as a first step, it’s important to fully vet your top suppliers and buyers, and ensure goods are scrutinized throughout the entire product and service life cycle (including product warranties and maintenance contracts).
There are three distinct points in your supply chain required to assess sanctions risks and maintain compliance:
- Your suppliers;
- Your buyers (and possibly their buyers); and
- Your shipment processes.
Suppliers and Buyers:
Understanding your suppliers and buyers is crucial to preventing a transaction that may be prohibited by sanctions. The first thing to check for is if your supplier and buyer are subject to sanctions themselves. Failing to properly vet suppliers may seem like a much lower risk than failing to vet customers (i.e. buyers), but appearances can be deceiving. It’s important to keep in mind that sanctions risks associated with the supply chain works both ways, and the gamut of sanctions designations ranges from farms in Zimbabwe to trading companies in Russia responsible for large commodities sales. Suppliers create risk when goods coming upstream originated from a sanctioned country, such as Cuban sugar or nickel, or Iranian textiles, while buyers create risk when any products you deliver to them could be directed to a sanctioned country.
Screening your suppliers and buyers alone, however, is also not enough. According to OFAC guidance, if an entity is owned 50% or more by a sanctioned party (or multiple parties in the aggregate), that entity is also considered blocked. EU sanctions take this blocking step further and consider an entity subject to sanctions if a sanctioned person exerts control over the entity. Therefore, it is important to collect and vet suppliers’ and buyers’ ownership information.
While this type of vetting is not always common practice outside of financial institutions, the increase in penalties and precedents set in OFAC cases like Weatherford are changing market expectations. At a minimum, when major suppliers and buyers are onboarded, your firm should conduct due diligence to identify all persons owning 25% or more of the company. Depending on the jurisdictions in which your firm operates, you may need to screen against watch lists outside of OFAC: Singapore’s MAS list or Australia’s DFAT list.
Another question to consider is whether your suppliers and/or customers are sourcing or selling to comprehensively sanctioned countries, namely Iran, Syria, Cuba, North Korea, and the Crimea region. This past year, Siemens sold turbines to a Russian front company that then shipped the goods to Crimea, thereby violating the EU sanctions regime. Proper end-user checks and due diligence on the Siemens sale could have prevented the resulting reputational and possibly legal crisis.
At a minimum, companies should protect themselves by including sanctions warranties preventing suppliers and buyers from dealing with a sanctioned country. Including this warranty allows your company to cancel contracts and avoid placing your company in a position where it may be violating commercial laws (e.g., terminating a contract without cause or refusing to pay) to avoid violating another set of laws (e.g., US or EU sanctions regulations). The best practice is to administer a comprehensive questionnaire to your supplier and buyer:
- Where do you source your steel?
- Who are your distributors, and are they in high risk locations?
- Is there a “reason to know” your buyer will be shipping goods to Iran?
- Does your supplier source Cuban origin goods?
These are the types of questions you should be prepared to administer to your counterparties and back up with your own due diligence. A warranty from a customer may be a nice measure to have, but it should not be the extent of your compliance controls.
Tracking a Shipment:
A key vulnerability in the supply chain process is the shipment of goods. Goods may be diverted, third parties may be introduced that are subject to sanctions, and any transaction that involves carriage by a vessel introduces a risk.
For instance, the vessel itself may be designated, its owners and operators designated or located in a sanctioned country, or the vessel may transit a sanctioned port along the way to delivering your goods. Although recent OFAC guidance does not consider the goods themselves subject to sanctions if they simply transit through Iran, the financing of the transaction may be prohibited. Nothing is worse for business than having your goods stuck in demurrage because your bank refuses to process your letter of credit for OFAC reasons!
Companies can implement robust sanctions controls to prevent these types of issues from arising. An array of vessel tracking software is available to rapidly screen vessels for sanctions concerns and track their movements. Additionally, all parties, goods and ports/shipment geographies on the bill of lading and any invoices should also be subject to screening. If this information is stored electronically, make sure a process exists to have the information automatically filtered and analysts are available to review alerts in real-time.
Ownership database tools are becoming increasingly robust and good option. Tools, such as those available from Bureau van Dijk and Thompson Reuters, provide extensive detail on a wide range of firms worldwide. The data is organized and arranged in a format to simplify the comparison process.
However it is done, effective due diligence should account for entities owned, 50% or greater in the aggregate, by a designated individual or entity. There are three approaches:
- Enhance your company’s watch list to include entities with identified sanctions ownership;
- Obtain ownership information on your counterparty; or
- Preferably a combination of both 1 and 2.
Depending on your company’s geographic profile and/or risk tolerance, your company may need to also consider whether it is exposed with respect to other sanctions regimes, e.g. the EU’s consolidated list and arms embargoes, UN Security Council resolutions, or even smaller regimes such as Australia’s DFAT list or lists produced by Singapore’s MAS.
When engaging in deeper relationships with suppliers and buyers, a company should understand the counter-party’s exposure to comprehensively sanctioned countries. Companies should vet their suppliers and buyers against both OFAC’s SDN list and a non-consolidated list, as well as any other applicable lists. A shipment tracking program could take the form of a vessel tracking tool that would rapidly screen vessels for sanctions concerns and track their movements. Taking these steps will put your company well on the way to avoiding the ire of the regulators.