Report on Supply Chain Compliance 3, no. 2 (January 23, 2020)
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), the primary U.S. government agency that administers U.S. economic sanctions, was busy at the end of 2019. In the first few weeks of December 2019, the agency designated individuals and entities in multiple countries under U.S. sanctions programs covering corruption, cybersecurity, human rights, Iran, Nicaragua, South Sudan and Venezuela. OFAC designated each of these parties as a Specially Designated National (SDN). As a result, other than in very limited situations, no U.S. individual or entity may transact with any of these parties.
OFAC was also busy in November 2019. In addition to designating a number of parties under various U.S. sanctions programs, the agency announced two enforcement actions that illustrate important lessons for any party conducting business internationally.
On Nov. 7, OFAC announced a USD 210,600 settlement with Apollo Aviation Group LLC for 12 apparent violations of the Sudanese Sanctions Regulations. According to OFAC, beginning in 2013, Apollo leased two aircraft engines to an entity in the United Arab Emirates, which then subleased the two aircraft engines to a Ukrainian airline. The Ukrainian airline subsequently installed the engines on an aircraft leased to Sudan Airways. At the time of that lease, which lasted for approximately four months, Sudan Airways was designated as an SDN.
When it eventually received records outlining the use of the engines, Apollo became aware that the engines had been used on an aircraft operated by Sudan Airways. Apollo also determined that another engine it had leased to the Emirati entity, that was again subleased to the Ukrainian airline, had been on an aircraft wet-leased to Sudan Airways. At that point, Apollo demanded that that third engine be removed from the Sudan Airways plane, then confirmed that removal had occurred. It then disclosed the matter to OFAC.
In announcing its action in this matter, OFAC acknowledged that the lease agreement Apollo entered into with the UAE entity contained a clause prohibiting the lessee from maintaining, operating, flying or transferring the engines to any countries subject to U.S. or U.N. sanctions. However, OFAC also indicated that Apollo apparently did nothing to further ensure that the engines were in fact used in compliance with OFAC regulations. In particular, OFAC emphasized that Apollo did not request periodic certifications of compliance from the lessee or sublessees, nor otherwise closely monitor the use of the engines to ensure compliance with U.S. law.
On Nov. 25, 2019, OFAC announced a settlement with Apple, Inc. in which Apple agreed to pay USD 466,912 to settle OFAC allegations that it had violated the Foreign Narcotics Kingpin Sanctions Regulations. The regulations target individuals and entities that are deemed to be significant foreign narcotics traffickers. Such parties are designated by OFAC as SDNs.
According to OFAC, Apple’s violations involved hosting, selling and facilitating the transfer of software applications and associated content on behalf of a Slovenian entity, SIS D.o.o., that was designated as an SDN. Apple apparently was already doing business with SIS when the entity was designated by OFAC. And when SIS was designated, Apple screened the company (and other newly designated SDNs) against its sanctions screening tool.
Unfortunately for Apple, the screening did not identify SIS because of an inconsistency in the capitalization of letters in the entity’s full name. OFAC noted that the address Apple had for SIS matched the address for SIS included on the SDN List.
The Apple enforcement action is not entirely dissimilar from an enforcement action that OFAC took against Cobham Holdings, Inc. in November 2018, when OFAC imposed a civil penalty against Cobham for failing to identify an SDN to which it was selling products. In the Cobham matter, like in Apple’s case, the SDN was screened and no match was identified, and thus Cobham proceeded to transact with the SDN.
OFAC also observed that Apple had in its records the name of an individual, Savo Stjepanovic, a majority owner and director of SIS, who was also designated as an SDN at the time SIS was designated. According to OFAC, Apple had Stjepanovic listed as an account administrator in its records. At the time that Stjepanovic was designated, Apple did not screen parties identified as account administrators against the SDN List.
OFAC noted that Apple identified payments to SIS in the context of upgrading its screening processes, and halted those payments immediately. Apple subsequently disclosed the matter to OFAC, which is part of the reason that OFAC only penalized the company for a small fraction of the statutory maximum penalty (approximately USD 74 million, given the number of transactions).
In announcing the penalty against Apple, OFAC asserted that Apple had displayed “reckless disregard for U.S. sanctions requirements.” OFAC also emphasized that Apple is a large, sophisticated organization with extensive experience operating internationally. (It is frankly hard to think of many more sophisticated companies.)
Like Apple, Apollo settled for only a fraction of the maximum civil monetary penalty that OFAC could have imposed. OFAC concluded that a reduced amount was warranted because, among other things, Apollo voluntarily self-disclosed the apparent violations. OFAC also noted that, during OFAC’s review of the matter, Apollo “provided information to OFAC in a clear, concise, and well-organized manner.” In addition, OFAC counted as a mitigating factor Apollo’s implementation of internal compliance reforms to prevent further sanctions violations.
With respect to the Apple settlement, in addition to highlighting Apple’s voluntary disclosure, OFAC emphasized compliance enhancements that Apple implemented in connection with the matter. This is common: OFAC expects companies to consider and put in place strengthened compliance measures, hand-in-hand with disclosing the facts of the matter, to demonstrate the company’s commitment to addressing any compliance shortcomings and thereby reducing the chance of future issues. In that sense, companies need to understand that disclosure carries with it both obligations to cooperate with OFAC and the need to work proactively to improve compliance policies, procedures and processes. It is unlikely that Apple or Apollo would have received anywhere near the same reduction in penalties without both elements.
The outcome of the Apollo matter is also notable in that OFAC expressly articulated its expectation that companies involved in international transactions obtain periodic compliance certifications from business partners. This is not completely out of left field; it has long been considered a best practice to obtain such certifications from business partners. But in the Apollo matter, it arguably was the difference between a penalty and no penalty.
Apollo is something of a unique matter given that it is in the business of leasing aircraft and engines that are, by nature, mobile. Aircraft cross borders far more often than a normal piece of equipment leased to a transaction partner.
But it is not a huge leap to analogize OFAC’s view of the aircraft leasing business to a distribution model in which a manufacturer has a continuing relationship with a distributor. OFAC may very well take the view that the manufacturer should obtain periodic compliance certifications from its distributor — or else, if the distributor commits a violation distributing the manufacturer’s products, the manufacturer could be on the hook.
Indeed, in announcing its enforcement action against Apollo, OFAC emphasized that companies involved in high-risk industries need to implement thorough and effective compliance procedures “that extend beyond the point-of-sale and function throughout the entire business or lease period.”
Regardless of industry, the takeaway for exporters is that compliance monitoring is important. As in the Apollo matter, that may mean obtaining periodic compliance certifications from transaction partners. In particularly risky situations, or where there is reason to believe a violation may have occurred, an audit may be warranted. (Thus lease, distribution, agent and other such agreements should include an audit right.)
At its most basic, effective monitoring depends on an organization’s employees maintaining vigilance. Personnel need to be equipped with an understanding of applicable compliance laws so that if they identify a potential problem, they know to raise it to the organization’s compliance group. Personnel need also to be instructed that they are the eyes and ears of the company. This means training for employees, who are on the compliance front line of the organization.
It is impossible to protect against all violations. But as the Apple and Apollo matters demonstrate, the more vigilant a company is, the more likely it is to identify issues early — and the better the company’s defense if that issue turns into a violation.
Non-U.S. suppliers providing U.S.-origin goods or working with U.S. partners need to understand that they can be subject to the long arm of U.S. law.
U.S. companies must understand the risks of international supply chains and take appropriate compliance steps to address and monitor those risks.
*Thad McBride is the head of the International Trade practice at Bass Berry & Sims in Washington, DC.