United States: OFAC Enforcement Update: November 2020

Two recent enforcement actions taken by the U.S. Treasury Department, Office of Foreign Assets Control (OFAC) serve as a reminder of the long-arm and broad scope of U.S. economic sanctions jurisdiction. (Separately, perhaps nothing illustrates the breadth of OFAC's purview as well as the agency's recent Advisory on Potential Sanctions Risks Arising from Dealings in High-Value Artwork.) OFAC is the main U.S. government agency that administers U.S. sanctions.

Berkshire Hathaway Agrees to Settlement for Violations of U.S. Sanctions on Iran

On October 20, 2020, OFAC announced a settlement with Berkshire Hathaway related to alleged violations of U.S. sanctions on Iran committed by Berkshire's Turkish subsidiary. Berkshire is the multinational holding company headed by billionaire Warren Buffett.

According to OFAC, Berkshire's Turkish subsidiary made 144 shipments of cutting tools and related products to Turkish distributors with knowledge that the goods would be shipped on to Iran. The products were valued at approximately $383,000.

U.S. Sanctions on Iran Extend to non-U.S. Subsidiaries of U.S. Companies

There is no indication that the products were of U.S. origin or that any U.S. person was involved directly in or in facilitating the transactions. The transactions were financed in euros so there was no U.S. jurisdiction based on U.S. dollar payments.

Instead, the basis for jurisdiction was that, under U.S. sanctions on Iran, a non-U.S. entity owned by a U.S. person (i.e., Berkshire) is treated just like a U.S. person. This means that, as was the case here, even where there are no U.S.-origin goods, no U.S. persons, and no U.S. dollar-denominated transactions, U.S. sanctions can still reach the conduct.

Internal Audit Might Have Identified Issues

In announcing the $4,144,651 settlement, OFAC outlined a number of steps taken by Berkshire's Turkish subsidiary to obfuscate the Iran transactions. Among other things, according to OFAC, the Turkish subsidiary:

• Arranged with other Turkish companies to issue false invoices related to the transactions
• Used fake and incorrect names of the end-users of products
• Used private, non-work email addresses to communicate about orders involving Iran

In addition, the Iranian distributor apparently made at least some payments in cash (in euros) to avoid using formal banking channels.

Notwithstanding these efforts at subterfuge, in the settlement agreement, OFAC stated that employees of certain affiliates of the Turkish subsidiary "were exposed to specific information in emails which could have revealed that orders . may have been destined for Iranian end-users." In particular, OFAC noted, emails included information suggesting that the transactions at issue involved parties in Iran.

These seem like exactly the sorts of details that a sanctions compliance audit would identify. OFAC does not indicate whether there was any such audit during the relevant time period, but it seems safe to conclude there was not. (If there was an audit, and it failed to identify these issues, that is a significant problem, too.)

Not surprisingly, as part of the settlement, Berkshire committed to conducting effective audits in the future. This aligns with the OFAC Framework for Compliance Commitments, which the agency published in May 2019, and standard settlement agreement language since even earlier (as detailed in our January 2019 blog article).

Berkshire is bound to conduct audits - but it is unquestionably a best practice for any company that does business internationally. Critically, personnel conducting the audit must have an understanding of key sanctions law issues. Compliance lawyers and managers can support the audit team, but it is the auditors who are on the front line and must be equipped with the ability to discern sanctions issues.

Comtech Agrees to Settlement for Violations of U.S. Sanctions on Sudan

In September 2020, OFAC announced its settlement with Comtech Telecommunications Corporation, a publicly traded company based in New York, as a result of violations of U.S. sanctions on Sudan. According to OFAC, Comtech's U.S. subsidiary EF Data sold U.S.-origin equipment to a Canadian company with knowledge that the Canadian company would incorporate the U.S. equipment into a satellite telecommunications system for sale to Sudan. (The violations occurred in 2014 and 2015, before comprehensive U.S. sanctions on Sudan were lifted in 2017.)

There is no indication that the telecommunications system shipped to Sudan from Canada was subject to U.S. export regulations. Though the settlement agreement does not say, the Canadian-manufactured satellite system evidently did not contain more than a de minimis amount of U.S.-origin content under the language of the U.S. Export Administration Regulations, and thus the system was not subject to U.S. export controls.

Yet that was irrelevant because EF Data knew the U.S.-origin equipment was going to be provided to Sudan, even if as part of a new, Canadian-manufactured product. That knowledge was enough to establish prohibited facilitation.

In addition, EF Data facilitated action by its Canadian affiliate, Memotec, to provide continuing support and warranty services to the Sudanese end-user once the satellite telecommunications system was installed in Sudan.

Comtech ultimately agreed to settle with OFAC for $894,111 and, in so doing, agreed to virtually all of the same compliance obligations as Berkshire Hathaway.

Facilitation Leads to a Violation Even with No Direct U.S. Person Involvement

Unlike U.S. sanctions on Iran, U.S. sanctions on Sudan at the relevant time - and as is the case with most U.S. sanctions programs - did not generally prohibit non-U.S. subsidiaries of U.S. companies from conducting business with sanctioned targets so long as no U.S. person was directly or indirectly involved in the transaction. If Memotec had provided warranty service without the involvement of EF Data or any other U.S. person, that provision of service would not by itself have triggered U.S. sanctions jurisdiction.

U.S. Companies Must Ensure OFAC Compliance Across International Organizations

Both of these matters are indicative of the challenges that international companies face when dealing with U.S. economic sanctions obligations. Those obligations extend to non-U.S. subsidiaries of U.S. companies - directly in the case of Iran (and Cuba) and indirectly in the case of any U.S. sanctions program when a U.S. person provides facilitation or other support.

U.S. companies thus must ensure that non-U.S. subsidiaries, and other third parties that act on their behalf, are trained on U.S. sanctions law. Training then needs to be underscored through targeted sanctions compliance audits and other testing and reviews. Not only will an audit verify that training and company policies have been appropriately implemented. The audit is itself another means of demonstrating the importance of compliance to all personnel who work for and with the company.

To be clear, an audit need not be an exercise in which the entire company is turned upside down. That's actually not advisable in most cases. But carefully tailored testing and review, based on a risk assessment of the company's operations, is highly advisable.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.