In today's global business environment, companies must navigate a complex web of sanctions regulations. The stakes are high, and the consequences of non-compliance can be severe. This article outlines key considerations for companies navigating the era of heightened sanctions enforcement identified by Baker McKenzie's Global Sanctions Investigations Group from its involvement in many such investigations.
The journey begins with understanding the common triggers for sanctions investigations. Suspicious transactions, whistleblower reports, and customs detentions are just a few of the red flags that can initiate an investigation. Many of these triggers are outside of a company's control.
Customs authorities worldwide enforce their jurisdictions' laws at the border, including sanctions and export controls, and have broad authority to stop shipments. With increasing use of export controls and product controls, customs authorities in the UK, EU, and US are stopping shipments more frequently, especially for destinations with high diversion risks.
Financial institutions also play a crucial role in driving sanctions compliance by reporting breaches or suspicious activities to regulators. Common scenarios include banks identifying inconsistencies in license payments, performance bonds for goods, payments to beneficiaries owned/controlled by designated parties, and coupon payments on bonds issued by designated parties. Banks typically report these types of issues to regulators, which may then request further information and potentially initiate sanctions investigations.
As companies navigate sanctions investigations, they may encounter the dilemma of voluntary disclosures. There's an increasing trend among businesses to voluntarily disclose sanctions violations to regulators. While this can be beneficial, it also comes with risks. Companies must carefully consider the timing and scope of their disclosures to avoid unintended consequences, such as triggering additional investigations or penalties. For example, submitting a voluntary self-disclosure ("VSD") too early, without a full understanding of the facts, can be problematic. Agencies often request detailed information during VSD reviews, so companies must be prepared for thorough examinations and respond thoughtfully.
In some countries, VSD regimes can be more targeted. For example, in Germany, VSDs are limited to specific circumstances and do not cover breaches of licensing requirements under sanctions or export controls, nor breaches related to providing funds or resources to EU-designated persons. VSDs mainly offer potential immunity for technical violations involving documentation and information obligations, and thus may not always be beneficial.
Different enforcement agencies have varying expectations regarding information sharing and cooperation during sanctions investigations. Companies must strategically manage the information shared with different agencies, ensuring consistency and accuracy while understanding the specific requirements of each agency. It's a delicate balancing act that requires careful planning and execution.
For example, US enforcement authorities, have clear expectations for cooperation and proactive engagement during sanctions and export controls investigations. Successful resolution often hinges on the company's level of cooperation and engagement.
Other jurisdictions, such as the UK, have differing expectations among agencies. The UK Office of Financial Sanctions Implementation, which is responsible for implementation and enforcement of UK financial sanctions, may ask a significant number of questions, in order to build its intelligence and understanding of a potential breach and views VSDs as an important mitigating step that can lead to a more favorable enforcement outcome. On the other hand, HM Revenue & Customs, which is responsible for UK trade sanctions breaches, offers limited guidance on their enforcement process and criteria.
When sanctions investigations cross borders, the challenges multiply due to overlapping and diverging sanctions regimes, especially concerning Russia, Iran, and Cuba. Companies must understand local laws, customs, and practices to navigate the practical and legal hurdles that arise, even if an investigation is focused initially on US export control compliance for instance.
Effective coordination between jurisdictions is essential to ensure that interviews are conducted in a way that respects the legal requirements of each country involved. In the United States, providing an Upjohn warning is a key best practice before starting an interview. In the EU and UK, it is not always necessary to provide an Upjohn warning at the start of an interview, especially if the interview notes won't be protected by legal privilege under local law. However, it is still considered best practice, particularly for cross-border investigations involving the United States.
Furthermore, data protection regulations vary across jurisdictions, adding another layer of complexity to cross-border investigations. Companies must manage data appropriately, balancing the need for compliance with the requirements of data privacy. It's a tightrope walk that requires careful attention to detail.
The EU's General Data Protection Regulation imposes strict restrictions on accessing and transferring data outside the European Economic Area. These transfers are only lawful if the rights of the data subjects are protected, either through their consent or a legitimate interest.
There have also been several data protection laws implemented in China in recent years. This includes the Cybersecurity Law, Personal Information Protection Law, and Data Security Law, which impose strict requirements on processing personal information and cross-border data transfers.
Proper documentation is crucial for regulatory scrutiny and potential legal defenses. Companies should maintain consistency and clarity in their documentation, aligning legal and compliance teams to support their compliance efforts. When documenting sanctions investigation results, it is important to tailor the documentation to meet the specific needs of various stakeholders. Internal stakeholders, such as senior management, the board of directors, and human resources, have different concerns compared to external stakeholders like regulators, prosecutors, external auditors, and transaction counterparties.
In addition, attorney-client privilege is crucial in sanctions investigations, allowing companies to withhold privileged documents from third parties and protect their legal and business interests. This is particularly important if the company chooses not to disclose findings to regulators. However, the application of this privilege varies by jurisdiction, so companies should consider it carefully in multi-jurisdictional investigations.
In a sanctions investigation, deciding with whom to share information, what levels and types of information to share, and how to mitigate risks are critical considerations. Companies must carefully manage relationships with auditors, shareholders, and customers to avoid loss of legal privilege, leaks, and triggering disclosure obligations.
Detailed information sharing with shareholders can risk attorney-client privilege loss and potential lawsuits, so companies often provide factual summaries instead of legal analyses. Non-disclosure agreements can offer some protection, but they are not foolproof against privilege waiver or information leaks.
Sometimes, companies must consider their engagement with customers related to reported sanctions violations. If a customer is implicated, companies must avoid "tipping off" to prevent legal complications and adhere to law enforcement instructions.
Sanctions investigations often involve multiple enforcement agencies due to the international flow of implicated products or funds and the expansive extraterritorial reach of relevant laws. This can lead to enforcement actions by various authorities across different countries, each with overlapping jurisdiction and a vested interest in enforcing their laws.
When dealing with enforcement agencies in multiple countries, coordination is essential. Establishing a central point of contact within the company can ensure effective communication to manage interactions with enforcement agencies. This ensures consistency in communications and helps to avoid conflicting information.
One of the biggest challenges in multi-jurisdictional sanctions investigations is the risk of multiple agencies imposing separate penalties for the same conduct, potentially leading to multiple fines. Coordinating resolutions between agencies can help avoid this. In recent cases in the United States, the US Treasury Department's Office of Foreign Assets Control and the US Commerce Department's Bureau of Industry and Security credited penalties imposed by the other agency against their own penalties. Companies may also leverage favorable outcomes in one jurisdiction to influence slower-moving investigations in others.
Navigating the era of heightened sanctions enforcement is a challenging journey. But with the right approach, companies can successfully steer through it. By understanding the triggers, taking proactive steps, managing disclosures, navigating agency expectations, and maintaining robust documentation and compliance programs, companies can best avoid the severe consequences of non-compliance and build a strong foundation for sustainable growth in the global market.
Comments
No comments on this item Please log in to comment by clicking here