Compliance measures to address sanctions enforcement: ‘the new FCPA’ | American Conference Institute (ACI)

In line with the Biden administration’s declaration last year that anticorruption is a “core United States national security interest,” sanctions evasion enforcement rapidly has become a core priority for the Department of Justice (DOJ). Companies should be looking to enhance their sanctions compliance programs and due diligence practices accordingly.

During a moderated discussion at the New York City Bar Association’s 2022 White Collar Crime Institute in April, Deputy Attorney General (DAG) Lisa Monaco said she is seeing an “increasing intersection between national security issues and corporate crime and corporate criminal enforcement,” such as terrorist group financing, money laundering, and cybercrime.

Following Russia’s invasion of Ukraine on Feb. 24, the DOJ remains especially focused on investigating and prosecuting sanctions evasion violations as it concerns Russia. During her remarks, DAG Monaco provided further details around what to expect from this new whole-of-government effort.

With Task Force Kleptocapture, for example, investigators are “drawing on money laundering and sanctions enforcement expertise within the Department of Justice and the Treasury Department. We are drawing on cybercrime investigators both in the Criminal Division and in the National Security Division,” she said.

Moreover, the intelligence community is feeding DOJ investigators and prosecutors information about the location of assets that belong to sanctioned individuals. “You wouldn’t have seen that years ago, that kind of interaction to help feed our enforcement efforts,” DAG Monaco said.

The launch of the cross-border Russian Elites, Proxies, and Oligarchs (REPO) multilateral task force brings further focus on enforcement of Russia sanctions evasion. “That means more cross-border investigations,” said Jamie Schafer, a partner at law firm Perkins Coie.

Sanctions compliance best practices

In offering insight about the role legal and compliance professionals can play, DAG Monaco said, “As you’re having discussions with your clients, they’ve got to be factoring in this changed landscape,” she said, referring to sanctions as “the new FCPA.”

That’s not to say Foreign Corrupt Practices Act (FCPA) enforcement isn’t a priority, but rather that sanctions enforcement is now more on par with FCPA enforcement, legal experts said. DOJ is more “aggressively and intensively” involved in sanctions enforcement than historically has been the case, Schafer said.

DAG Monaco further stressed that sanctions enforcement “absolutely” will spread beyond industries that historically have been at the center of sanctions enforcement, like financial services. She added it’s “critically important” for all multinational companies to think about how these sanctions regimes affect them and “something they should be having conversations about.”

Schafer said we may start to see “major enforcement actions around industries where there has not historically been a focus on sanctions compliance, because there hasn’t historically been a big focus on sanctions enforcement [in these industries].”

Thus, it will be important for companies to reevaluate and enhance their sanctions compliance programs in the following ways:

Map out the company’s jurisdictional touchpoints. “Are you a U.S. company that sells products only out of the United States? In that case, maybe you’re focused only on U.S. sanctions,” said Anthony Rapa, leader of Blank Rome’s national security team. However, if the company has operations in multiple countries, or deals with intermediaries in other countries, “you need to be mindful not only of the sanctions in the jurisdiction of which you’re organized, but also different touchpoints along the way where you may have exposure to Russia,” he said.

Don’t ignore indirect ties to Russia. “One place where I see U.S. companies come up short in analyzing their risk and conducting diligence is thinking through the indirect exposure they might have to Russia,” Schafer said. That requires performing due diligence on high-risk suppliers and distributors and understanding where products are coming from, and where they are going, she said.

Companies should ensure their high-risk suppliers and distributors have their own risk mitigation practices in place as well. “You want to make sure they are doing the proper due diligence as well,” said Mark Bini, a partner at ReedSmith.

Watch for new industry-focused sanctions. Sanctions and enforcement actions by the Treasury Department’s Office of Foreign Asset Control (OFAC) are increasingly sweeping in new industries. Companies cannot afford to ignore sanctions compliance lapses, as “Russia enforcement matters likely are the top enforcement priority for OFAC right now,” Rapa said.

One recent example: OFAC’s sanctioning of Moscow-based virtual currency mining company, BitRiver. OFAC stated it designated its holding company, BitRiver AG, “for operating or having operated in the technology sector of the Russian Federation economy.”

That signals to the legal and compliance profession that “there are entities and individuals that are ending up on the sanctions list in places you wouldn’t expect,” Bini said. “I wouldn’t have expected a crypto miner to be on the sanctions list.”

Additionally, effective June 7, U.S.-based accounting, management consulting, and trust and corporate formation services are banned from providing services to any person or entity located in the Russian Federation, under new OFAC sanctions. Service providers should also be conducting diligence, ensuring they’re not facilitating transactions with a nexus to Russia, Schafer said.

Currently, legal services do not fall under OFAC’s service provider ban. However, during a recent press conference, a White House official stated that U.S. sanctions could be broadened at a later date to include legal services.

Implement robust screening tools. In several sanctions enforcement cases of late, sanctioned persons or sanctioned countries were able to remotely access the servers of U.S. companies. So, it’s important to screen the names of those who are using the company’s servers. “That is a level of diligence OFAC has made clear it expects, but a lot of companies really aren’t meeting that expectation,” Schafer said.

Stay apprised of FinCEN advisories. An April 14 advisory issued by the Financial Crimes Enforcement Network (FinCEN) listed 10 common red flags designed “to assist financial institutions in detecting, preventing, and reporting suspicious transactions associated with kleptocracy and foreign public corruption.” FinCEN noted that suspicious transactions include not just bank accounts, but physical property like luxury real estate, private jets, yachts, and artwork.

Examples of specific red flags include transactions involving foreign government business conducted through personal accounts; funds moving to and from countries not tied to the public officials; and public officials’ assets that aren’t commensurate with the public official’s reported source of wealth or that fall outside that individual’s normal lifestyle.

Other red flags FinCEN cited include the use of third parties to shield foreign public officials’ identities; and assets held in the name of intermediate legal entities whose beneficial owner or owners are tied to a kleptocrat or his or her family member. “That could be particularly challenging for the financial service industry, trying to detect, for example, the involvement of oligarchs through webs of ownership and shell companies,” Rapa said.

Educate key stakeholders on red flags. Business units that are most often directly impacted by sanctions restrictions include procurement, sales, risk management, accounts payable, and accounts receivable, Bini said. All these departments need to be trained on identifying which red flags, such as those cited by FinCEN, to raise to the compliance department. Know your customer (KYC). Prudent legal and compliance professionals know the importance of conducting due diligence and identifying the owners of sanctioned firms, but that’s challenging in situations where the ownership structure is complex, or the customer or counterparty is opaque.

Even before Russia’s invasion of Ukraine, the DOJ and Treasury Department were placing greater emphasis on beneficial ownership transparency. “FinCen is looking at additional regulations in that area, and that appears to be a priority of this administration,” Bini said. The Financial Action Task Force (FATF) has issued some helpful guidance for companies seeking clarity in this area.

Stay apprised of sanctions developments. Rapa recommended financial institutions and multinational companies sign up for OFAC’s newsletter to stay apprised of its latest enforcement actions and sanctions developments, as well as the Commerce Department’s announcements on U.S. export control developments.

Responding to a question of whether the DOJ plans to issue sanctions guidance as it has done with FCPA guidance, DAG Monaco responded, “It’s probably something that we could be developing more guidance on.”

“We’re kind of in the process of building the airplane as we’re flying it,” she added. “New sanctions are coming out almost on weekly basis, so we do owe it to companies, and those who advise them, to be as transparent as we can be in terms of what we’re expecting.”