The global reach of OFAC sanctions

OFAC sanctions are trade and economic sanctions administered by The U.S. Treasury Department’s Office of Foreign Asset Control (OFAC). They are often intended to have extra-territorial effect, meaning that they apply outside the U.S. territory. In some instances a connection with the U.S. territory is required. However, that connection can be anything but obvious – a mail passing through a mail server located within the U.S. territory or a USD transaction passing through a U.S. bank. In other situations, sanctions apply even if there is no connection with the U.S. As a result, OFAC sanctions can apply to business activities quite unexpectedly.

Several European companies have experience from being investigated and fined for breach of OFAC sanctions. The Swiss telecoms company Société Internationale de Télécommunications Aéronautiques SCRL recently agreed to pay a fine of USD 7.8 million for 9,256 alleged violations caused by way of providing commercial services and software, which had a connection with the U.S., to the benefit of several airlines designated by OFAC. The initial penalty against the company was USD 13.3 million.

The global reach of unilateral extra-territorial sanctions is controversial. EU’s position is that they generally have no effect within the EU territory on the basis that they are contrary to public international law principles regarding the sovereignty of states. The U.S., on the other hand, frequently justify extraterritorial sanctions by saying that U.S. is in a state of national emergency and that the sanctions therefore are necessary to protect fundamental U.S. security interests. Be that as it may, from a practical perspective, OFAC’s sanctions are undoubtedly effective (and enforceable) considering companies’ direct and indirect dependencies on the U.S. financial system.

Since 2003, OFAC has published information on its website about penalties and settlements in relation to sanction breaches. The sum of penalties imposed for 2019 was an all-time high of USD 1,3 billion. A large portion of this sum comprises of two fines paid by Standard Chartered Bank (UK) and UniCredit Bank AG (USD 639 million and USD 533 million respectively). The banks were fined for having made transactions to or through the U.S. that involved sanctioned individuals and countries. Notably, in 2014, BNP Paribas paid USD 963 million for similar sanction breaches. The initial penalty against BNP Paribas was USD 19.2 billion.

The sums are staggering, something which prompts the questions how violations are assessed and penalties calculated. To this end, OFAC makes a distinction between “egregious” and “non-egregious” violations and whether the violation is voluntarily disclosed. Furthermore, the legislation (31 Code of Federal Regulations Appendix A to Part 501) provides for detailed tariffs and sophisticated methods of calculation. Notably, OFAC also provides a list of factors which it considers when assessing the severity of the violation. The factors can be summarised as follows:

• Was there any wilful or reckless behaviour?
• Were there efforts to conceal the violation?
• Was it a pattern of conduct?
• Was there any management involvement?
• Was there any awareness/actual knowledge/reason to know?
• What was the harm to sanctions program objectives / U.S. policy?
• What was the economic or other benefit?
• What are the characteristics of the violator such as commercial sophistication, size and volume of transactions, type of customers and type of environment?
• Existence of compliance programmes
• What remedial response was taken?
• Was there any self-disclosure?
• What was the nature and extent of cooperation with OFAC?
• The timing of the violation in relation to the imposition of the sanction legislation
• Future compliance/deterrence effect in the same industry sector
• Other relevant factors which OFAC deem relevant

Apart from the risk of being fined, a sanction breach can also result in that a company is entered on the list of Specially Designated Nationals (SDN list), OFAC’s sanction list. OFAC describes the SDN list as follows on its website:

“As part of its enforcement efforts, OFAC publishes a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them.”

Although reference is made to terrorists and narcotic traffickers there are examples of “normal” companies having been listed as an SDN. For instance, in April 2019 was one European shipping company entered on the SDN list for shipping Venezuelan petroleum products in breach of Executive Order 13850, which prohibits companies to have any involvement in the Venezuelan oil sector because of its link to the Maduro regime.

In sum, if a company’s business is global, the company can expect to be subject to the global jurisdiction of OFAC. Companies should therefore exercise high level of caution if their business activities risk involving regimes/individuals/entities sanctioned by OFAC. In order to properly manage the sanction risk, companies are recommended to implement an effective sanction compliance programme taking in consideration trade and economic sanctions imposed by the UN and EU as well as OFAC. The programme should address, among other things, sanction risks under contracts, which preferably are mitigated by way of a properly worded sanction clause.

For any questions about sanctions or compliance please contact:

Anders Leissner, Sanctions, Shipping & Insurance Expert

Mia Falk, Head of Corporate Crime & Compliance

Malin Arentoft, Criminal Law Expert

Björn Nicolai, Partner

Martin Johansson, Partner, Head of Brussels Office