Stepped-Up Global Import-Export Enforcement

Know your customer” is sage advice for any good business. For companies that export goods or technology overseas, a recent case in Canada serves as a reminder that it’s also a compliance obligation.

Canadian authorities charged a Toronto man in April with attempting to ship nuclear technology to Iran, after first purchasing the equipment from a company in Massachusetts. They were first alerted to the man’s intentions when the U.S. manufacturer that sold him the equipment learned it would be sent on to the United Arab Emirates—a haven for forwarding all manner of goods onto Iran or other destinations forbidden by U.S. export law.

“The case in Canada highlights the fact that this is no longer just a U.S. issue,” says Brett Johnson, an associate at the law firm Snell & Wilmer.

The United States is well known for its strict export controls regime, and direct sale of goods to Iran (or Cuba, North Korea, or several other nations) is an extremely serious offense of federal law. Now, observers say, other trading partners such as Canada or the European Union are stepping up enforcement of their own export laws, upping the ante for violations.

U.S. laws require exporters to “know their customer” and the nature of the transaction. That means conducting the appropriate due diligence, including screening the recipient against lists of restricted parties, checking the item’s proposed end-use, and looking for—and investigating—suspicious circumstances. To help with that task, the Commerce Department has published guidance, aptly named “Know Your Customer” (KYC) guidance.

Krauland

Experts says export controls compliance and the associated KYC due diligence are more important than ever. The United States and other countries increasingly worry about “diversion concerns” and the proliferation of dangerous technologies that can be used by potentially hostile governments and terrorists groups, says Edward Krauland, a partner at the law firm Steptoe & Johnson. As such, enforcement of export law is a rising priority.

Compliance, however, isn’t easy. Companies must first classify products for export purposes; then, based on that classification as well as the product’s end-use, final destination, and customer, the company must determine whether an item can be legally exported and whether it requires a license. Moreover, companies can violate the law even without a physical shipment, since some technologies easily sent over the Internet can be controlled exports.

“It’s immensely complicated,” says Judith Lee, a partner with Gibson Dunn & Crutcher.

Worse yet, experts say many companies aren’t even aware that their exports are subject to regulation. “They receive an order through their Website and ship it without screening the customer, and they don’t even know there’s a violation because they don’t know the item is controlled,” says Johnson.

Among the myriad enforcers who could come calling, depending on the item and type of violation, are the Commerce Department’s Bureau of Industry and Security, the State Department Directorate of Defense Trade Controls, the Nuclear Regulatory Commission, the Department of Justice, and the Federal Bureau of Investigation, to name a few.

Offenders can face fines and prison time. And more seriously for businesses, Krauland says, they can be barred from exporting and government contracting. Commerce Department civil penalties for dual-use export control violations can be as high as $250,000 per violation, while State Department civil fines for violations of the International Traffic in Arms Regulations can be as high as $500,000 per incident.

Burns

Then there’s the potential damage to the company’s reputation. “No one wants to be the company that allows sensitive equipment or technology to get into the wrong hands,” says Clifton Burns, a partner in the law firm Bryan Cave who blogs about export controls compliance.

Implementing ‘Im-Ex’ Compliance

The extra-territorial reach of U.S. export control laws means U.S. companies can also get into trouble if a buyer—or even a foreign subsidiary—sends an item of U.S. origin forward to a place or a person in violation of U.S. law, since export control requirements are “based on the ultimate destination, not the first stop,” Krauland says.

For all of those reasons, stringent due diligence is critical, and extra caution should be taken if anything at all seems amiss. How much due diligence is enough to satisfy U.S. regulators? The answer “is a sliding scale” based on the sensitivity and risk associated with the item, Lee says.

RED FLAG INDICATORS

Below is an excerpt of the Department of Commerce Know Your Customer guidance.

Use this as a checklist to discover possible violations of the Export Administration Regulations. You may also wish to visit our page that provides "Know Your Customer Guidance".

The customer or its address is similar to one of the parties found on the Commerce Department’s [BIS’s] list of denied persons.

The customer or purchasing agent is reluctant to offer information about the end-use of the item.

The product’s capabilities do not fit the buyer’s line of business, such as an order for sophisticated computers for a small bakery.

The item ordered is incompatible with the technical level of the country to which it is being shipped, such as semiconductor manufacturing equipment being shipped to a country that has no electronics industry.

The customer is willing to pay cash for a very expensive item when the terms of sale would normally call for financing.

The customer has little or no business background.

The customer is unfamiliar with the product’s performance characteristics but still wants the product.

Routine installation, training, or maintenance services are declined by the customer.

Delivery dates are vague, or deliveries are planned for out of the way destinations.

A freight forwarding firm is listed as the product’s final destination.

The shipping route is abnormal for the product and destination.

Packaging is inconsistent with the stated method of shipment or destination.

When questioned, the buyer is evasive and especially unclear about whether the purchased product is for domestic use, for export, or for re-export.

Source

Department of Commerce BIS.

Burns says the best recourse is often simply to ask a lot of questions. “Customers who are up to no good often drop off the radar,” he says. But since questions won’t thwart all attempts to dupe a company, exporters should get independent verification of the answers, he adds. And if doubts linger, Burns and others say, the best course of action is not to ship, and to contact the proper authorities if that seems appropriate.

Companies should also get certifications from buyers—including distributors—that they won’t re-ship the item to a prohibited destination or person. Shipments to countries that don’t have stringent enforcement on exports should be subject to a higher level of due diligence.

Krauland says U.S. officials are also increasingly willing to pursue foreign companies that use U.S.-made parts or work with U.S. partners, so those businesses, too, need to understand and pay heed to the disposition of American-made goods or technologies.

Johnson says the same caution should apply when buyers come to the company. “Just because a person is there legally doesn’t mean they have legal authority to look at controlled goods or technology,” he says.

So far, Burns says, ignoring a red flag hasn’t been a predicate for criminal or civil prosecution. However, he cautions, “Sooner or later, someone is bound to get whacked with at least a civil penalty for ignoring a red flag that results in sensitive equipment ending up in the hands of the wrong people.”

Lee

To help avoid that fate, experts stress the importance of documenting all due diligence efforts. Even for an inadvertent failure, “If you haven’t documented what you’ve done, you can’t prove to the government that you’re working hard to comply,” Lee says.

While it sounds obvious, one of the most important things companies can do to keep themselves out of trouble is to have a written export compliance policy in place, including procedures for resolving red flags. Equally as important, Lee says, is actually following it.

“Companies hear about a big case, get scared and hire someone to develop a program that they don’t follow or that’s too complicated,” she says. “Don’t have program that sits on the shelf that the government can point to and say, ‘You’re not following your own rules.’”

Lee recommends designating one person to lead export control compliance—with the authority to stop shipments. “One of the worst things a company can do is to de-centralize the export compliance function so each business unit is making decisions for itself,” she says. “The other is letting the business, rather than compliance, drive the decision to ship.”

Companies should train employees on the rules and should audit regularly to make sure the policies are being followed, Johnson says. Any issues should be vetted by an independent external investigator.

If they do uncover a violation, Lee says companies should at least consider voluntary disclosure, since companies could get “a significant benefit in the form of a penalty reduction.”

However, Johnson say independent, outside counsel should be hired to gather the facts and draft any disclosure.

“If you disclose without all of the facts, you could eliminate any benefit,” he says.