Sanctions: The 5 questions your board and executives should be asking in 2017

By Peter Haig, Rachel Nicolson
Anti-bribery & AML Banking Corporate Governance International Business Obligations Risk & Compliance

In brief

Australian boards and senior executives are expected to maintain oversight of risk and compliance issues including bribery, sanctions, human rights and anti-money laundering. In-house counsel perform a central role in supporting this oversight and maintaining compliance. In the second of a five-part series, Partners Rachel Nicolson and Peter Haig, Senior Associate Christopher Holland and Lawyer Malak Johnson look at the key questions that Australian boards and senior executives should be asking themselves about sanctions in 2017.

What is happening in the world of sanctions in 2017?

In 2017, all eyes in the sanctions space are focused squarely on President Trump and the foreign policy of the United States. The status of sanctions against Russia and Iran – the two jurisdictions most relevant to Australian businesses from a sanctions perspective – are both in a state of uncertainty. President Trump said during the election campaign that his 'number-one' priority was to dismantle the 'disastrous deal with Iran'. Conversely, Trump has indicated that he would be open to lifting sanctions against Russia.

This uncertainty is bad for business, leaving corporates unsure of the security of their business activities in either jurisdiction. This is particularly so given the trend of aggressive enforcement by US regulators for breaches of US sanctions laws, with indications that other regulators – including here in Australia – may follow suit. Now more than ever, it is important for companies engaged in international business to stay up-to-date with sanctions laws.

Are your sanctions screening processes effective to ensure compliance?

Ensuring sanctions screening processes are risk-appropriate, carefully documented and monitored will help to avoid a breach of sanctions laws. Importantly, such measures will, in the event of a breach, position the company to avoid any finding of criminal liability. In Australia, the only defence available to a company that has breached a sanctions law (even inadvertently) is for it to prove that it took reasonable precautions and exercised due diligence to avoid such a contravention. As the company bears the burden of proof, carefully documented compliance and rigorous monitoring will be invaluable.

Sanctions screening processes are a key due diligence measure for every corporate engaged in international trade and commerce. Each company's risk profile will determine what is appropriate. For 'low-risk' Australian corporates, depending on the nature of the business, it may be sufficient for the company to check that:

  • it is not dealing with a country subject to Australian sanctions laws; and
  • its customers are not designated persons or entities on the Consolidated List maintained by the Department of Foreign Affairs and Trade (DFAT).

For 'high-risk' corporates, the requisite due diligence and screening processes will be much more comprehensive. Depending on the circumstances, it may involve considering the application of US, EU or other sanctions regimes, or a 'tiered' risk approach where different levels of due diligence are applied for transactions categorised according to their risk. In certain industries, sanctions screening technologies may be required to screen across multiple jurisdictions and complex transactions with 'fuzzy' search word capabilities (algorithms designed to detect near matches).

The expectations on large corporates are high – last year the US Office of Foreign Assets Control (OFAC) issued a finding of violation to AXA Equitable Life Insurance Company for failing to block health insurance policies and premium payments in which designated individuals had an interest. The media release noted:

As a large and commercially sophisticated company that provides insurance products and services, AXA failed to implement controls and measures to ensure it could identify, block and report insurance policies, premiums, or claims payments in which an OFAC sanctioned person(s) had an interest.

Sanctions compliance is more important than ever, particularly given that AUSTRAC (Australia's anti-money laundering and counter-terrorism financing regulator) and DFAT are exploring the feasibility of transferring the monitoring and supervising of compliance with Australia's targeted financial sanctions from DFAT to AUSTRAC. AUSTRAC has significantly greater resources and capability to detect sanctions breaches, and we expect would be more active in enforcing Australian financial sanctions laws.

Does your business conduct sanctions due diligence when acquiring assets overseas/entering into joint ventures?

Many corporates are well-versed in sanctions due diligence across international trade deals. However, the importance of sanctions due diligence in the context of mergers and acquisitions or joint venture arrangements is often overlooked.

When undertaking a merger or acquisition, a company should ensure that it is aware of the target's risk factors, including where it does business, the nature of the products exported by the company and the identity of its customers. It will also be necessary to ensure that a potential business partner is not designated or owned by a party that is designated. The acquiring company should also be familiar with the target company's sanctions policy and any transactions that have triggered 'red flags' or that may have breached sanctions laws. To take an example from the US, in early 2011, Marshall and Ilsley Bank processed six funds transfers in breach of US sanctions against Iran. Later that year, the bank merged with Harris NA to form BMO Harris Bank NA. In 2015, OFAC issued a finding of violation to BMO Harris Bank NA, as the successor entity. Clearly, acquiring an asset that is tainted by breach of sanctions laws may mean that the asset brings with it considerable baggage which affects the rest of the business.

Sanctions due diligence is also important in the post-acquisition phase. Sometimes it is only after acquisition that problematic conduct comes to light. If it becomes apparent that the target company had breached sanctions laws (or, following the purchase, had continued to breach sanctions laws), any breaches would need to be properly investigated and the problematic conduct stopped, and potentially disclosed to the appropriate authorities.

Given the complexity of corporate structures, how deep do you need to dive to give the green light to a transaction?

The depth of the 'due diligence dive' should always be commensurate to the risk.

For some companies, it is neither practical nor necessary to conduct due diligence into every potential supplier, customer or business partner. Instead, it may be appropriate for a company to focus its sanctions due diligence on business partners, subcontractors and customers that are from countries subject to Australian sanctions laws (or countries neighbouring those states). It may also be appropriate to set a monetary threshold, so that all contracts or transactions that exceed that amount are subject to sanctions due diligence.

For other companies, however, it may be necessary, and entirely appropriate, to delve deeper and conduct significant due diligence on every entity involved in a particular transaction, to mitigate against the risk of dealing with a company whose shareholders are designated persons or entities.

A company will contravene Australian financial sanctions laws if it 'directly or indirectly makes an asset available to, or for the benefit of, a designated person or entity' without a permit. DFAT has not provided any formal guidance as to the reach of 'indirectly' making an asset available, and whether this would extend to, for example, investing in an entity in which a minority interest is held by a designated entity. Based on guidance from OFAC, however, 'caution' is required when considering a transaction with a non-designated entity in which a designated person has a 'significant ownership interest' that is less than 50 per cent. While there are a number of measures open to corporates to mitigate against sanctions risks in such circumstances, it will require careful consideration at senior levels within the organisation.

How and when should we consult with DFAT – what is the tipping point?

It is well understood across Australian business that sanctions laws do not present a complete prohibition on sanctioned dealings, as a company may be able to obtain a sanctions permit to enable specific transactions to proceed.

According to a DFAT report released last month, during the 2015-16 financial year DFAT received 153 applications for sanctions permits (50 relating to Iran, and 44 relating to Russia). DFAT also received 114 'inquiries' through its online service, these inquiries typically seeking confirmation as to whether or not a sanctions permit would be required for a given activity. DFAT generally responds to formal applications and inquiries within two working weeks. It is important to note that receiving a permit from DFAT may not end the sanctions due diligence process – it may also be necessary to seek approval from the government agencies of any other country whose jurisdictional nexus is also triggered by the transaction.

In deciding when to consult with DFAT, in our experience sometimes issues raised as 'red flags' may not contravene applicable sanctions laws when the details of the transaction are subject to close scrutiny. However, it will sometimes be prudent to approach DFAT for confirmation (even if only informally), particularly where the application of Australian sanctions law is unclear. Timing is often an impediment to this course, given the commercial reality of transactions.

Is your business ready for the reach of US sanctions laws?

It is well understood that US sanctions laws have broad extraterritorial reach and are actively enforced by US regulators. OFAC exercises jurisdiction over all US persons, whether located in the US or overseas, and over all individuals and entities located in the US, regardless of nationality. The jurisdictional nexus required to enliven the US sanctions regime may also be satisfied where a transaction is in US dollars and processed through the US financial system (including US branches of foreign banks). To take a recent example of OFAC asserting jurisdiction, in February 2017, OFAC determined that a Thai company was a US person because it was present in the US for bankruptcy proceedings, and its assets were under the jurisdiction of a US bankruptcy court. In that case, the Thai company was found to have violated US sanctions against Iran when its vessel received over 2 million barrels of oil from a vessel owned by a designated Iranian company.

The consequences of such jurisdictional reach are significant for Australian corporates. Australian companies increasingly respond by walling off or 'ring-fencing' all US persons from particular transactions. This is understandable, particularly given that OFAC has stated that US persons must be ring-fenced from Iran-related business because US persons continue to be broadly prohibited from engaging in or facilitating transactions or dealings with Iran (subject to limited exceptions). This will require the company to have internal processes in place ready to accommodate any direction to 'wall-off' certain employees. Further, it may be necessary to ensure that a transaction is not processed through the US financial system – which would require the company to understand the jurisdictions 'touched' by each transaction.

In light of the above, Australian corporates need to be alive to the potential impacts of US sanctions on their business and the measures that may be necessary to ensure compliance.