In late November 2018, the U.S. Treasury Department, Office of Foreign Assets Control (OFAC) announced that Cobham Holdings, Inc. agreed to pay $87,507 to settle violations of U.S. sanctions on Ukraine and Russia.
According to OFAC, the violations were committed by Cobham’s former subsidiary, Metelics, prior to the sale of Metelics to MACOM. It was MACOM that identified the violations during due diligence related to its acquisition of Metelics. And it was presumably MACOM that required Cobham to make the voluntary disclosure to OFAC that led to the penalty in this matter.
The penalty is small by recent OFAC standards. (For example, it is about 620 times less than Societe Generale paid to OFAC as part of its global settlement of sanctions violations.)
But as a cautionary tale, the Cobham matter is important to any exporter.
According to OFAC, during a six-month period in 2014 and 2015, Metelics sold products through distributors in Canada and Russia to a blocked entity under U.S. sanctions. That entity – Almaz Antey Telecommunications LLC (AAT) – was not explicitly named as a blocked party on the OFAC List of Specially Designated Nationals and Blocked Persons (the SDN List).
Yet AAT was nonetheless a blocked person because it was 51 percent-owned by a party – JSC Almaz-Antey – that was named on the SDN List. As OFAC has made abundantly clear, any entity that is owned 50 percent or more by one or more blocked persons is a blocked entity itself.
Any blocked person, whether named on the SDN List or not, is effectively off limits to U.S. companies and individuals.
The chronology of this matter demonstrates the challenges exporters face when screening third party business parties.
According to OFAC, on June 18, 2014, Metelics agreed to sell products to AAT through a Canadian distributor. On June 19, Metelics screened AAT against its prohibited parties screening software. At that time, JSC Almaz-Antey was not a prohibited party – and thus neither was AAT.
On June 27, Metelics shipped products to AAT. In connection with that shipment, Metelics again conducted denied parties screening and identified no match for AAT.
None of this is surprising or problematic from OFAC’s standpoint because JSC Almaz-Antey was not designated as an SDN until July 16, 2014. That is when things get more interesting.
On July 31, 2014, Metelics made another shipment to AAT. In connection with this shipment, Metelics again conducted denied parties screening for AAT and again did not identify any matches – even though JSC Almaz-Antey, the majority owner of AAT, was now named on the SDN List.
Based on this, OFAC deemed the screening effort to be insufficient. OFAC emphasized that Metelics proceeded with shipment to AAT “despite the inclusion of two uncommon terms [‘Almaz’ and ‘Antey’] in the names of both the SDN and [AAT].” OFAC’s statement suggests that the screening software should have identified at least a potential match, which Metelics would presumably have reviewed further before continuing with the transaction.
Notably, there is no indication that Metelics somehow set the software or screening mechanism to avoid identifying a match with AAT. In fact, in its press release, OFAC states that the screening software was set-up to identify “fuzzy” search criteria yet missed the similarities between AAT and JSC Almaz-Antey.
It thus appears that Metelic was not entirely to blame for these apparent violations. Yet in explaining the penalty in this case, OFAC also notes that Metelics “was subject to a consent agreement for violations of the International Traffic in Arms Regulations [ITAR]… resulting from recurring compliance failures.” Arguably those ITAR compliance failures should have made Metelics particularly vigilant about protecting against failures with its screening system.
While OFAC does not name the provider of the screening software in this case, the agency does state that “[p]ersons employing sanctions screening software should take steps to ensure it is sufficiently robust.” In other words, simply because a company uses software to conduct screening does not mean that software is adequate to protect against violations.
This may be a tough lesson for exporters to absorb. It’s not clear that many exporters conduct quality control checks of their screening software. The raison d’etre for such software is to identify actual or potentially prohibited parties based on name similarities. That is exactly what Metelics expected its software to do.
The proliferation of prohibited and restricted parties – and the lists of such parties – makes it impossible for most companies to keep up-to-date with those lists on their own. That’s the reason so many companies seek software solutions to help meet their compliance obligations. It is the responsible thing to do.
Which makes it a little jarring to read the following exhortation from OFAC:
It is essential that companies engaging in international transactions maintain a culture of compliance where front line staff are encouraged to follow up on sanctions issues, including by promptly reporting to compliance personnel transactions suspected to involve sanctioned parties.
That is surely good advice but it is not clear how it pertains to the facts in the Cobham matter. There is no indication that any Metelics employee was aware of a transaction suspected to involve sanctioned parties – or that any employee ducked their head in the sand.
Nevertheless, it is useful to remember the value of periodic risk assessments during which compliance policies, procedures, and processes are reviewed. Potential weaknesses can be identified and addressed before they lead to violations.