Almost 20 years ago, when United States companies were just beginning to look at export-control compliance specifically for the United States, a proliferation of watchlists and sanctions lists were introduced by various governments. These lists were produced by many departments (including treasury, state and sometimes justice departments) who essentially wanted to warn the general public about terrorists, money launderers and other people on various law enforcement watchlists. They were relevant to export control mainly because they directly related back to the Arms Export Control Act and International Traffic in Arms Regulations, which prohibited the selling or shipping of United States-made products to certain people and countries.
Fast forward 20 years and export-control laws are much the same, while export-control compliance programmes have been implemented by large United States companies and are working reasonably well. However, in that 20-year period, many other major countries have also issued watchlists, sanctions lists, and various lists of ‘government-banned’ persons, as part of an attempt to copy United States export-control legislation. These lists have typically been developed in the European Union (EU), Japan and various Western markets, although several emerging markets, such as China, have also adopted similar lists. Some of these have been directly related to arms control, while others are more ‘tit-for-tat’ as a reaction to United States laws.
For many companies that are fairly new to doing business internationally, there is a growing view that in order to manage these issues the only thing they need to do is check the lists and not sell to anyone on a list. This couldn’t be further from reality, however. Companies also need to implement a specialised sanctions compliance programme. An export-control compliance programme and a sanctions compliance programme are two different things and cover two distinct areas of the law.
What has changed in the last 20 years, above and beyond the fact that more and more countries are implementing export-control legislation similar to that of the United States (principally to combat the development of nuclear arms and weapons of mass destruction), is that countries have sought to use the sanctions regime for political reasons and for a host of other reasons beyond access to weapons. This has been seen most recently in sanctions imposed by several countries, including by the United States and the EU on certain Russian nationals over their activities in the Ukraine. Therefore, sanctions compliance is no longer limited to export-control issues.
This change has led to several factors that companies need to think about.
Your existing export-control programme
If you have an existing programme, is it current? Does it address all new lists and regulations? Simply trusting your watchlist provider to compile a consolidated list, and then relying on that list, is no longer good enough. Export-control compliance is a tool to be used in your programme – it is not your actual programme. Thought should be given to whether or not your existing programme can be adjusted to reflect the broader sanctions regimes that are now in place around the world.
Build a sanctions compliance programme
It is likely that you will need to look at sanctions more broadly and consider this across all of your lines of business, both on the sales side and the procurement side. Sanctions compliance can touch the people that you hire, those that you engage as sales agents, your bankers, your suppliers, and other business partners – it touches almost every part of a business that a global company conducts. It cannot simply be seen as screening names against a list to make sure that you don’t ship to bad countries.
Don’t rely on lists
As has been mentioned already in this article, relying solely on a list is not effective. The lists change regularly, and the fraudsters and people on the lists are smart and cunning. They will get around the restrictions by creating side companies or using different names. You need to have a sufficiently fluid programme that doesn’t just look at the lists (even searching with some form of fuzzy logic will not suffice), but considers deeper research and due diligence before engaging someone. Simply saying ‘We checked the list and they were not there’ is not a suitable defence when something goes wrong.
Understand the law, not the lists
Lists are merely regulatory in nature and produced by executive order – the real ‘law’ is the underlying legislation that gave rise to the lists. Each list will have underlying legislation, and knowing that legislation is key. Just because someone is on a list does not always mean that you cannot do business with them. It is not the list that defines that restriction, it is the underlying law. In many cases, the law itself does not actually ban business with that company; it may restrict it in some way, require approvals or a licence, or, in other cases, it might be perfectly allowable to do business with them. The point is that you need to understand the law and what sits behind the regulatory-driven lists. A strong sanctions programme references the law regularly.
Your sanctions compliance programme should have options
There are many legitimate ways to manage a sanctions issue to allow you to deal with a listed person or company. A sanction on a particular company might not apply in another country, and you might be able to engage the person using a subsidiary in a different country that has not sanctioned the company. In many cases, this might not be possible because of political issues in your home country (which may be the country that has that person on a sanctions list) or because there is a strong ethical issue that your code of conduct does not permit. However, what is becoming clear is that sanctions are being used to implement political issues. Companies should therefore decide for themselves to what extent they are going to allow their business to suffer as a result of one country’s disagreement with another country.
Sanctions compliance is no longer limited to export-control issues, and it is no longer sufficient for compliance professionals to check sanctions lists and decide not sell to anyone on those lists. Companies must now implement a specialised sanctions compliance programme that touches almost every part of the business.