In June 2018, the U.S. Treasury Department, Office of Foreign Assets Control (OFAC) announced that Ericsson, a Swedish telecommunications company, agreed to pay approximately $145,000 for violating U.S. sanctions on Sudan. Among other things, this is one of the few OFAC enforcement actions explicitly premised on a non-U.S. actor causing a U.S. company to violate U.S. sanctions.
According to OFAC, the violations involved Ericsson, AB (EAB), which is based in Sweden, causing a U.S. seller of a satellite hub to export that hub from the United States to Sudan. Interestingly, in connection with EAB’s purchase of the satellite hub, an EAB employee communicated about the matter with Ericsson’s compliance department. In those communications, the EAB employee was informed that the purchase of the satellite would violate Ericsson’s sanctions compliance policy.
Yet the EAB employee proceeded with the acquisition, with support from an Ericsson employee in the United States. OFAC asserted that the two Ericsson employees agreed to identify “Botswana” as the destination of the satellite hub. The EAB employee then structured the acquisition so that the satellite hub was shipped through several other countries, including with help from a third party in Lebanon, before eventually arriving in Sudan.
It appears that, when the Ericsson U.S. employee was first contacted by his counterparts at EAB, he informed them that he could not be involved in any Sudan business. But subsequently, he did assist his EAB counterparts by providing technical guidance related to the Sudan project. (The U.S. employee sent one e-mail related to Sudan in which “East Africa” was listed as the subject of the e-mail.) The U.S. employee also met in person with an EAB employee to discuss the project.
There is no indication that the U.S. employee had any role in purchasing or shipping the satellite hub to Sudan. Nonetheless, by providing guidance and advice about the Sudan project, the U.S. employee facilitated that project and thereby violated U.S. sanctions on Sudan. Like other U.S. sanctions programs, under U.S. sanctions on Sudan, U.S. persons were prohibited from indirectly supporting (or facilitating) a project in Sudan that the U.S. person could not engage in directly.
As we have discussed in prior blog posts (see this January 2018 blog post), it typically takes a long time for OFAC to impose penalties for sanctions violations. The conduct at issue in the Ericsson matter occurred in 2011 and 2012. Ericsson tolled the statute of limitations during OFAC’s investigation of the matter.
In fact, by the time Ericsson agreed to settle the matter, U.S. sanctions on Sudan had been lifted. However, the U.S. government does maintain export controls on Sudan under the Export Administration Regulations. As a result, an export license is needed to export most U.S.-origin items to Sudan, even though economic sanctions have been lifted.
This illustrates one of the practical challenges for U.S. companies considering business in Sudan. Discussions about that business and even the provision of business services are generally permitted without a license. Actual exports of products still usually require a license. So Sudan is not entirely open for business from a U.S. perspective.
The compliance narrative in this matter is jumbled. As detailed above, the Ericsson compliance department advised the EAB employee – correctly – about the potential liability associated with Sudan business. The U.S. employee of Ericsson originally responded to requests related to Sudan by stating his inability to work on a Sudan project. Yet both the EAB employee and the Ericsson U.S. employee proceeded with the Sudan business.
This seems on its face like a situation in which company employees went rogue. Notably, the company disclosed the violation to OFAC, which is one reason that OFAC imposed a penalty well below the statutory maximum amount (roughly $360,000).
Yet in imposing any penalty, OFAC indicates that Ericsson could have done better. In particular, in the press release related to the matter, OFAC states the following:
This enforcement action highlights the importance of empowering compliance personnel to prevent transactions prohibited by U.S. economic and trade sanctions. Entities should ensure their sanctions compliance teams are adequately staffed, receive sufficient technology and other resources, and are delegated appropriate authority to ensure compliance efforts meet an entity’s risk profile.