Export-controls, economic sanctions, anti-corruption and other foreign trade laws and regulations should be carefully considered when setting up and operating your business if you:
- export and re-export products and services from the United States to other countries
- engage directly in cross-border transactions and activities and make cross-border investments
- acquire or invest in other companies (or interests in pooled investment activities) that do these things
- are a non-U.S. company seeking to make acquisitions in the United States.
U.S. Sanctions Regimes: Office of Foreign Assets Control (OFAC)
The Department of the Treasury’s OFAC administers the Foreign Assets Control Regulations, more commonly referred to as the “OFAC Regulations” or “OFAC Sanctions.”
What do OFAC Sanctions Cover?
OFAC sanctions prohibit dealings with:
- certain persons and entities (e.g., terrorists and drug traffickers)
- certain foreign countries (including Cuba, Iran, North Korea, Sudan and Syria)
They apply to virtually all direct and indirect transactions with these prohibited persons, entities and jurisdictions. U.S. companies and persons, regardless of their location, cannot transact business with sanctioned persons, entities and jurisdictions without authorization. In addition, OFAC sanctions sometimes affect the operations of non-U.S. companies (e.g., where the company employs U.S. persons, or where the company is an affiliate or subsidiary of a U.S. company). The OFAC Sanctions are subject to various exceptions and licensing authorizations.
OFAC Sanctions are quite complex, arise in various contexts and intersect with the U.S. export-control issues discussed below. To comply with OFAC Sanctions, companies should, at a minimum:
- screen counterparties to any transactions against OFAC’s list of “Specially Designated Nationals” (a/k/a/ “Blocked Persons”). Third-party software products are available to facilitate these types of searches
- ensure that companies in which they invest are not conducting, and have not conducted, business with OFAC prohibited persons, entities or jurisdictions, unless in compliance with the regulations
- ensure proper diligence with respect to direct and indirect business dealings with companies and persons in Burma, Cuba, Iran, North Korea, Sudan and Syria, and with other OFAC-sanctioned persons, entities or jurisdictions
- beware of tricky “facilitation” issues, such as providing assistance to non-U.S. persons or entities in trade with a prohibited person, entity or jurisdiction. A proper compliance program should be tailored to the company’s risk profile.
U.S. Export Controls
U.S. export controls (other than the OFAC Sanctions) are administered by the Department of Commerce’s Bureau of Industry and Security, through the Export Administration Regulations (EAR); and by the Department of State’s Directorate of Defense Trade Controls, through the International Traffic in Arms Regulations (ITAR).
What is Regulated?
The EAR regulates the export and re-export of so-called “dual use” items and technology — e.g., encryption software, high-speed computers, valves, certain sensitive materials, etc. The ITAR regulates the export and re-export of military items, services and technology — e.g., weapons, but also various items modified for military use. Releases of technology to foreign nationals and the provision of defense services are also subject to these regulatory regimes.
To comply with U.S. export controls beyond the OFAC Sanctions discussed above, companies should first consider carefully whether their products, technologies and services are controlled under the EAR and/or the ITAR, whether future modifications of a company product (e.g., adding encryption, ruggedizing or modifying a product for a military customer, etc.) will bring it within the scope of the EAR and/or ITAR, and whether controlled technology may be accessed by foreign nationals, either within the company or outside of it. Answers to these initial questions will dictate the nature and scope of an appropriate compliance program, which is expected of companies that export products from the United States.
Anti-Money Laundering and Terrorist Financing
U.S. criminal laws prohibit all U.S. persons from engaging in money laundering (attempts to transfer funds that are the proceeds of illegal activities and make them appear legitimate) and terrorist financing (providing support and resources to terrorists). Financial institutions also are subject to various regulations adopted by the U.S. Treasury Department pursuant to the Bank Secrecy Act (“BSA”), as amended by the USA PATRIOT Act of 2001, but the most comprehensive BSA regulations, such as those that require anti-money laundering programs and reporting of suspicious activity to the federal government, do not apply to companies that are not “financial institutions” as defined by the BSA.
Anti-Money Laundering Laws
Money laundering generally is defined as a transaction that seeks to conceal or disguise the proceeds of illegal activities so that they appear to have been derived from legitimate sources. Money laundering do not always involve cash transactions and may be conducted through entities that are not financial institutions. Money laundering can occur, for example, when a company operating as a front for a drug cartel purchases goods from a legitimate business (using drug proceeds) and then sells the goods to other legitimate business (thus washing the drug money clean).
Terrorist Financing Laws
Terrorist financing may not involve proceeds of criminal conduct but, instead, an attempt to provide material support or resources to terrorists or terrorist organizations. “Material support or resources” is a broad term that includes, among other things, currency or monetary instruments, expert advice or assistance, communications equipment, facilities, personnel or transportation.
Companies and their employees cannot engage in, or help others engage in, money laundering or terrorist activities, and may not turn a blind eye to such activities, whether internally, at a counterparty, or at a company in which the company invests. To limit exposure to possible anti-money laundering and terrorist financing issues, companies and their employees should be watchful for possible suspicious activity in connection with transactions and investments. To further evaluate situations in which money laundering or terrorist financing issues may be of concern, companies should:
- conduct due diligence in connection with transactions and investments, particularly if they involve cash-intensive businesses
- thoroughly investigate any rumors or bad reputations of the parties involved in a transaction or investment
- thoroughly assess any and all unexplained payments and cash flows.
A proper compliance program should be tailored to the company’s risk profile.
Committee on Foreign Investment in the United States (CFIUS)
CFIUS is an interagency committee charged with reviewing foreign investment in the United States for possible national security concerns. Companies whose products, technologies, or services are controlled by the ITAR and/or EAR, or that play important roles in protecting the U.S. national security (e.g., through significant government contracts, or by maintaining U.S. technological superiority in areas like energy) will want to be mindful of the role played by CFIUS.
CFIUS can investigate any transaction that could result in foreign control in a way that adversely affects national security and, where deemed necessary, may block such transaction or require that control and/or national security concerns be mitigated. Recent amendments to the regulations make clear that CFIUS’s scope of review extends beyond the traditional areas of export-controlled goods to concerns about critical infrastructure and technologies, even if these are not subject to the U.S. export-controls laws.
Companies should consider whether to submit a CFIUS notice in connection with a transaction or investment; voluntary review leading to CFIUS clearance provides peace of mind that a proposed transaction or investment will not raise national security concerns and will not be subject to government interference. Given the lead time for preparing a CFIUS filing and clearing the process, these issues must be considered very early in the life cycle of the proposed investment or acquisition by a foreign person in a U.S. business. Companies should also thoroughly investigate potential acquirors to determine whether transactions with them might trigger CFIUS concerns.
The Foreign Corrupt Practices Act (FCPA)
The FCPA deals with bribery of government, political party and international organization officials. The FCPA also includes books and records provisions that require accurate recordkeeping and effective internal controls by U.S. companies that are “issuers” of public securities, including records that would reveal and controls that would prevent bribery.
How is International Bribery Defined?
The FCPA anti-bribery provisions prohibit the payment (or offer, authorization or promise to pay) of “anything of value” (including non-monetary favors such as a promise of future employment, entertainment, or favors for a family member), whether directly or indirectly, to any foreign government official, foreign political party, official of a foreign political party, or foreign political candidate, in order to get the recipient to act in obtaining, retaining or directing business or securing an improper advantage. Liability under the FCPA can arise if a U.S. company or one of its employees authorizes an agent or other person acting on its behalf, to authorize, make or offer payments to foreign officials in return for business favors.
There are certain narrow exceptions to the FCPA. For example, a U.S. person may be able to reimburse a foreign official for reasonable and bona fide expenditures incurred, such as travel or lodging, for expenses directly related to business promotion or execution of a contract with a foreign government.
FCPA Books and Records Provisions
The FCPA books and records provisions impose recordkeeping and internal controls requirements on companies that are “issuers” of public securities and subject to Securities and Exchange Commission (“SEC”) jurisdiction. These companies must
- maintain books, records and accounts that accurately and fairly reflect the company’s transactions and
- maintain internal controls to assure that the company’s management controls the use of business assets.
These provisions apply regardless of whether a bribe was paid or a foreign official was involved in a particular transaction.
FCPA Compliance Programs
To address potential FCPA issues, a company should consider adopting an FCPA compliance program tailored to the company’s risk profile. For example, a company could require employees involved in international transactions or investments to look for the presence or absence of any “red flags” that suggest possible exposure to prohibited payments. Examples of such “red flags” include a counterparty or agent that has relationships with a foreign government, a counterparty or agent that was suggested or recommended by a foreign government official, or a counterparty or agent that makes significant political or charitable contributions as a way of influencing official action. Depending on the level of possible FCPA exposure, companies also should consider requiring foreign counterparties and agents to make representations regarding FCPA compliance or to adopt FCPA compliance programs.
* * * * *
Given the vigor with which the above laws are enforced, their complexity, the increasing magnitude of penalties assessed for violations and the severe reputational damage that can result, it is critically important to understand how these laws affect your business from day one. You should consult with an attorney to best understand these complex issues.