March 8, 2024  On March 6, 2024, the U.S. Departments of Commerce, the Treasury, and Justice issued a Tri-Seal Compliance Note (the “Note”) highlighting the applicability of U.S. sanctions and export control laws to persons and entities located outside of the United States, as well as the enforcement mechanisms that are available for the U.S. government to hold non-U.S. persons accountable for violations of such laws, including criminal prosecution.

While the Note does not lay out any new legal basis or theories for the U.S. to assert sanctions or export control jurisdiction, it communicates a clear readiness to take action against foreign persons. To mitigate that risk, the Note also provides an overview of compliance considerations and measures for non-U.S. companies.

Potential Application of U.S. Sanctions to Non-U.S. Persons

The Note asserts first that all “U.S. persons” must comply with U.S. economic and trade sanctions—which are administered and enforced by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”). OFAC interprets U.S. persons to mean (i) all U.S. citizens and permanent resident aliens (i.e., so-called Green Card holders) regardless of where they are located, (ii) all persons physically located within the United States regardless of their nationality, and (iii) all U.S.-incorporated entities and their foreign branches. Under the sanctions programs targeting Cuba and Iran, foreign entities (including subsidiaries) owned or controlled by a U.S. person also must comply with applicable sanctions prohibitions.

The Note highlights that OFAC has also asserted its enforcement authorities against non-U.S. financial institutions and other foreign persons who have “caused” U.S. persons to violate OFAC sanctions, conspired to do so, indirectly exported services from the United States, or otherwise violated U.S. sanctions laws.

The Note provides the following examples of behavior that could cause a non-U.S. person to become subject to the applicability of U.S. sanctions. A non-U.S. person who:

  • Obscures or omits reference to the involvement of a sanctioned party or jurisdiction in documentation of a financial transaction involving a U.S. person;
  • Misleads a U.S. person into exporting goods ultimately destined for a sanctioned jurisdiction; or
  • Routes a prohibited transaction through the United States or the U.S. financial system, thereby causing a U.S. financial institution to process the payment in violation of OFAC sanctions.

Potential Application of U.S. Export Controls to Non-U.S. Persons

The U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) administers and enforces export controls on dual-use and certain munitions items through the Export Administration Regulations (“EAR”). Unlike many other countries, where export-related authorities are limited to direct exports, U.S. export control laws may extend to items subject to the EAR anywhere in the world and to foreign persons who deal with them. 

Items are “subject to the EAR” if they are (i) U.S.-origin, (ii) exported from the U.S., (iii) foreign-made and containing more than a de minimis amount of controlled U.S.-origin content, or (iv) the direct product of specific types of U.S. technology, software, or equipment. 

The Note highlights that U.S. export control laws “follow the goods.” Thus, in addition to the initial export, the EAR also applies to:

  • Reexports (i.e., the shipment of an item subject to the EAR from one foreign country to another foreign country);
  • In-country transfers (i.e., the transfer of an item subject to the EAR within a foreign country)
  • Exports from abroad, reexports, and in-country transfers of:
    • Goods that incorporate a certain percentage of controlled U.S. content (also known as the de minimis thresholds); and
    • Foreign-made items produced using U.S. software, technology, or production equipment (thus subject to a foreign direct product rule, or “FDPR”).

The Note warns that anyone involved in the movement of items subject to the EAR—regardless of where the offending party is located or their nationality—must adhere to U.S. export control laws.

Accordingly, parties to an export transaction cannot bypass the EAR by shipping items through a third country. Similarly, foreign parties to an export transaction cannot bypass EAR requirements by relying on the fact that the item is located outside the United States and was not shipped directly to the foreign party recipient. Additionally, foreign-produced items—even if they never enter the U.S. stream of commerce and no U.S. person is involved in the transaction—may still be subject to U.S. export control jurisdiction under the FDPRs.

Criminal Enforcement of Against Non-U.S. Persons and Entities

The U.S. Department of Justice is authorized to bring criminal prosecutions for willful violations of U.S. sanctions and export control laws, and the Note provides examples, including the guilty plea of Binance Holdings Limited that resulted in a $4.3 billion financial penalty. Prohibited conduct includes causing a violation of U.S. sanctions and export control laws. Willful violations are punishable by imprisonment of up to 20 years and a fine of up to $1 million fine per violation, or both.

Compliance Considerations for Non-U.S. Persons

The Note emphasizes that “any company participating in the global marketplace” must ensure it has robust compliance measures in place to avoid violating U.S. sanctions or export control laws. Particularly, the Note advises that non-U.S. companies should:

  • Employ a risk-based approach to sanctions compliance by developing, implementing, and routinely updating a sanctions compliance program.
  • Establish strong internal controls and procedures to govern payments and the movement of goods involving affiliates, subsidiaries, agents, or other counterparties. Such controls can help detect linkages to sanctioned persons or jurisdictions that may otherwise be obscured by complex payment and invoicing arrangements.
  • Ensure that know-your-customer information (such as passports, phone numbers, nationalities, countries of residence, incorporation, and operations, and addresses) and geolocation data are appropriately integrated into compliance screening protocols and information is updated on an ongoing basis based on the non-U.S. company’s overall risk assessment and specific customer risk rating.
  • Ensure that subsidiaries and affiliates are trained on U.S. sanctions and export controls requirements, can effectively identify red flags, and are empowered to escalate and report prohibited conduct to management.
  • Take immediate and effective action when compliance issues are identified, to the extent possible, to identify and implement compensating controls until the root cause of the weakness can be determined and remediated.
  • Identify and implement measures to mitigate sanctions and export control risks prior to merging with or acquiring other enterprises, especially where a company is expanding rapidly and/or disparate information technology systems and databases are being integrated across multiple entities.
  • If they believe that they may have violated sanctions or export control laws, voluntarily self-disclose (“VSD”) the conduct to the relevant agency. Guidance related to the DOJ, BIS, and OFAC’s policies encouraging VSDs may be found in a previous Tri-Seal Compliance Note on Voluntary Self-Disclosure of Potential Violations, which we summarized in a previous alert here.

Conclusion

Foreign companies should identify and evaluate their exposure to U.S. sanctions and export controls. The Note highlights that companies outside the United States should be aware of how their activities may implicate U.S. sanctions and export control laws. By publishing the Note, the U.S government is making its compliance expectations public for non-U.S. persons. The Note anticipates increased enforcement actions against non-U.S. persons.