Over the year following Russia's illegal and unprovoked war against Ukraine, the U.S. government has used its economic tools to degrade Russia's economy and war machine.
Along with international partners and allies, the Department of the Treasury's Office of Foreign Assets Control (OFAC) and the Department of Commerce's Bureau of Industry and Security (BIS) have imposed sanctions and export controls of an unprecedented scope and scale in an effort to degrade Russia's ability to wage its unjust war and to prevent it from taking military action elsewhere. The Department of Justice (DOJ) has matched these unprecedented restrictions with equally unprecedented enforcement efforts to aggressively prosecute those who violate U.S. sanctions and export control laws, led by the work of Task Force KleptoCapture.
Despite these efforts, malign actors continue to try to evade Russia-related sanctions and export controls. One of the most common tactics is the use of third-party intermediaries or transshipment points to circumvent restrictions, disguise the involvement of Specially Designated Nationals and Blocked Persons (SDNs) or parties on the Entity List in transactions, and obscure the true identities of Russian end users. This Note highlights several of these tactics to assist the private sector in identifying warning signs and implementing appropriate compliance measures.
DETECTING SANCTIONS AND EXPORT CONTROL EVASION
It is critical that financial institutions and other entities conducting business with U.S. persons or within the United States, or businesses dealing in U.S.-origin goods or services or in foreign- origin goods otherwise subject to U.S. export laws, be vigilant against efforts by individuals or entities to evade sanctions and export control laws. Effective compliance programs employ a risk-based approach to sanctions and export controls compliance by developing, implementing, and routinely updating a compliance program, depending on an organization's size and sophistication, products and services, customers and counterparties, and geographic locations. Companies such as manufacturers, distributors, resellers, and freight forwarders are often in the best position to determine whether a particular dealing, transaction, or activity is consistent with industry norms and practices, and they should exercise heightened caution and conduct additional due diligence if they detect warning signs of potential sanctions or export violations.
Equally important is the maintenance of effective, risk-based compliance programs that entities can adopt to minimize the risk of evasion. These compliance programs should include management commitment (including through appropriate compensation incentives), risk assessment, internal controls, testing, auditing, and training. These efforts empower staff to identify and report potential violations of U.S. sanctions and export controls to compliance personnel such that companies can make timely voluntary disclosures to the U.S. government. Optimally, compliance programs should include controls tailored to the risks the business faces, such as diversion by third-party intermediaries.
Common red flags can indicate that a third-party intermediary may be engaged in efforts to evade sanctions or export controls, including the following:
· Use of corporate vehicles (i.e., legal entities, such as shell companies, and legal arrangements) to obscure (i) ownership, (ii) source of funds, or (iii) countries involved, particularly sanctioned jurisdictions;
· A customer's reluctance to share information about the end use of a product, including reluctance to complete an end-user form;
· Use of shell companies to conduct international wire transfers, often involving financial institutions in jurisdictions distinct from company registration;
· Declining customary installation, training, or maintenance of the purchased item(s);
· IP addresses that do not correspond to a customer's reported location data;
· Last-minute changes to shipping instructions that appear contrary to customer history or business practices;
· Payment coming from a third-party country or business not listed on the End-User Statement or other applicable end-user form;
· Use of personal email accounts instead of company email addresses;
· Operation of complex and/or international businesses using residential addresses or addresses common to multiple closely-held corporate entities;
· Changes to standard letters of engagement that obscure the ultimate customer; iB Transactions involving a change in shipments or payments that were previously scheduled for Russia or Belarus;
· Transactions involving entities with little or no web presence; or
· Routing purchases through certain transshipment points commonly used to illegally redirect restricted items to Russia or Belarus. Such locations may include China (including Hong Kong and Macau) and jurisdictions close to Russia, including Armenia, Turkey, and Uzbekistan.
Further, entities that use complex sales and distribution models may hinder a company's visibility into the ultimate end-users of its technology, services, or products.
Best practices in the face of such risks can include screening current and new customers, intermediaries, and counterparties through the Consolidated Screening List and OFAC Sanctions Lists, as well as conducting risk-based due diligence on customers, intermediaries, and counterparties. Companies should also regularly consult guidance and advisories from Treasury and Commerce to inform and strengthen their compliance programs.
Further, entities that use complex sales and distribution models may hinder a company's visibility into the ultimate end-users of its technology, services, or products.
Best practices in the face of such risks can include screening current and new customers, intermediaries, and counterparties through the Consolidated Screening List and OFAC Sanctions Lists, as well as conducting risk-based due diligence on customers, intermediaries, and counterparties. Companies should also regularly consult guidance and advisories from Treasury and Commerce to inform and strengthen their compliance programs.
CIVIL ENFORCEMENT AND DESIGNATION ACTIONS
Companies should also review BIS and OFAC enforcement and targeting actions, as they often reflect certain tactics and methods used by intermediaries engaged in Russia-related sanctions and export evasion. In November 2022, for example, OFAC designated individuals and entities involved in a global procurement network maintained by a Russian microelectronics company, AO PKK Milandr, which used a front company to transfer funds from Milandr to another front in a third country, which purchased microchips to divert to Russia. Another front company elsewhere also purchased Asian-made components for Milandr. OFAC's civil enforcement actions also illustrate a range of sanctions evasion techniques employed across multiple sanctions programs, including falsifying transactional documents, omitting information from internal correspondence, and shipping goods through third countries.
CONCLUSION
Given the proliferation of sanctions and export controls imposed in response to Russia's unjust war, multinational companies should be vigilant in their compliance efforts and be on the lookout for possible attempts to evade U.S. laws. The U.S. government has a variety of tools to crack down on evasion efforts, and the past year has shown that it will not hesitate to pursue criminal prosecutions, administrative enforcement actions, or additional designations where the circumstances so warrant. Businesses of all stripes should act responsibly by implementing rigorous compliance controls, or they or their business partners risk being the targets of regulatory action, administrative enforcement action, or criminal investigation.
Equally important is the maintenance of effective, risk-based compliance programs that entities can adopt to minimize the risk of evasion. These compliance programs should include management commitment (including through appropriate compensation incentives), risk assessment, internal controls, testing, auditing, and training. These efforts empower staff to identify and report potential violations of U.S. sanctions and export controls to compliance personnel such that companies can make timely voluntary disclosures to the U.S. government. Optimally, compliance programs should include controls tailored to the risks the business faces, such as diversion by third-party intermediaries.
Common red flags can indicate that a third-party intermediary may be engaged in efforts to evade sanctions or export controls, including the following:
i Use of corporate vehicles (i.e., legal entities, such as shell companies, and legal arrangements) to obscure (i) ownership, (ii) source of funds, or (iii) countries involved, particularly sanctioned jurisdictions;
i A customer's reluctance to share information about the end use of a product, including reluctance to complete an end-user form;
i Use of shell companies to conduct international wire transfers, often involving financial institutions in jurisdictions distinct from company registration;
i Declining customary installation, training, or maintenance of the purchased item(s);
Bi IP addresses that do not correspond to a customer's reported location data;
i Last-minute changes to shipping instructions that appear contrary to customer history or business practices;
i Payment coming from a third-party country or business not listed on the End-User Statement[1] or other applicable end-user form;
i Use of personal email accounts instead of company email addresses;
[1] Officially known as Form BIS-711, “Statement by Ultimate Consignee and Purchaser,” and available on
the BIS website: https://www.bis.doc.gov/index.php/documents/iust-licensing-forms/803-bis-711-statement-by- ultimate-consignee-and-purchaser-1/file.