Integrating export control into anti-corruption compliance programmes
The residual financial, reputational and operational trauma resulting from an export control prosecution can far outlast the effects of operating under a deferred prosecution agreement in an FCPA case.
In addition to jail time, significant financial penalties and reputational damage, export control violations are usually accompanied by:
- long-term debarment from doing business with the United States and state and local governments
- extremely expensive creation or remediation of control policies and procedures
- the imposition of an export control compliance monitor, usually for a period much longer than an anti-corruption compliance monitor and, consequently, at a much greater expense.
Faced with the possibility of staggering long-term effects resulting from an export control violation, why don’t more companies treat their export control programmes with the same level of attentiveness and in-depth analysis they now devote to their third party due diligence programme? The considerable overlaps in third party due diligence and prohibited parties export analysis beg yet another question: Why don’t more companies integrate components of their anti-corruption due diligence and export control programmes?
The source of export controls
In the United States, various government agencies enforce export controls and regulations against sanctioned countries. These agencies include:
- Directorate of Defense Trade Controls (DDTC), under the State Department – enforces the International Traffic in Arms Regulations (ITAR), aimed at regulating defence articles and services
- Bureau of Industry and Security (BIS), under the Department of Commerce – enforces the Export Administration Regulations (EAR) which govern dual-use items
- Office of Foreign Assets Control (OFAC), under the Department of Treasury – administers various economic sanctions laws.
Other United States agencies have also gotten into the act of enforcing export and sanctions rules, including the Department of Justice, Immigration and Customs Enforcement (ICE) and the Securities and Exchange Commission (SEC). This increase in enforcement bodies is likely to mean more-substantial penalties for organisations and individuals that fail to comply with applicable regulations.
Broadly speaking, export and sanctions regulations require an exporting company to assess the legality of transferring an item from the United States to another country and, if the export is legal, to file complete and accurate records documenting the transfer with the appropriate United States federal agency. Certain export control regulations (such as those administered by BIS) are extremely detailed and technical. Other regulations, such as the sanctions regulations administered by OFAC, are ambiguous by design to encourage businesses to err on the side of caution when approaching certain transactions. The very nature of these laws can make compliance difficult for even the most well-meaning companies.
The BIS requires companies to obtain information about the customer and its intended use of the product. An exporter should research not only the identity of the customer, but also information about the company’s ownership. In addition to the customer, all parties involved in the shipment and sale of the product should be checked. In the export chain of custody, this means cross-checking the third party intermediaries (e.g. freight forwarders) that will be involved in the process of transferring the item(s) to the intended recipients.
Regardless of whether the customer is a distributor, reseller or end purchaser, identifying who a company’s customer really is and what the customer intends to do with the items the company sells are paramount to satisfying the export due diligence requirements. BIS opinions and guidelines make clear that additional due diligence is required on customers not found on any watchlist if any suspicious signs about the customer’s intentions present themselves. The BIS has defined these warning signs as “red flags”, and they are as follows:
- The customer or its address is like one of the parties found on the Commerce Department’s [BIS’] list of denied persons.
- The customer or purchasing agent is reluctant to offer information about the end-use of the item.
- The product’s capabilities do not fit the customer’s line of business, such as an order for sophisticated computers for a small bakery.
- The item ordered is incompatible with the technical level of the country to which it is being shipped, such as semiconductor manufacturing equipment being shipped to a country that has no electronics industry.
- The customer is willing to pay cash for a very expensive item when the terms of sale would normally call for financing.
- The customer has little or no business background.
- The customer is unfamiliar with the product’s performance characteristics but still wants the product.
- Routine installation, training, or maintenance services are declined by the client.
- Delivery dates are vague, or deliveries are planned for out of the way destinations.
- A freight forwarding firm is listed as the product’s final destination.
- The shipping route is abnormal for the product and destination.
- Packaging is inconsistent with the stated method of shipment or destination.
- When questioned, the customer is evasive and especially unclear about whether the purchased product is for domestic use, for export, or for reexport.
The extra level of investigative expertise required to satisfy this intended use analysis is where most export compliance programmes fall short. Some companies (who offer tens of thousands of items for export) are simply too overburdened by the resources required to monitor the ever-evolving product classifications to devote much time to conducting customer due diligence beyond watchlist checks. Other companies have neither the headcount nor the local resource network to track down this added layer of information on their own. As a result, these warning signs or red flags are often ignored rather than explored, leading to heightened risks of export and sanctions exposure.
To effectively manage compliance in this area, it is recommended that companies:
- integrate export control and sanctions due diligence with their general integrity due diligence programme
- engage a due diligence vendor to help with the customer/third party review and vetting process.
Integrating export control and sanctions due diligence with general integrity due diligence
One may think that integrating one set of due diligence processes to comply with compliance with two different sets of obligations (export controls/sanctions versus anti-corruption) will not yield any tangible benefits. However, many of the same red flags that are investigated through third party due diligence are also concerns in export control and sanctions due diligence.
These red flags include:
- business background – learning about an organisation’s business background through third party due diligence will help provide context as to why it is ordering a certain item, whether it is customarily in the business of ordering and using such items, and what sorts of other parties it may attempt to pass that item onto – all useful in the export control context
- reputational enquiries – reputational enquiries conducted through third party due diligence will help you gain an insight into how the customer conducts business and whether the modus operandi utilised in sourcing an item is typical of the customer, the general status of the customer within its industry, how their peers interact with them and who their peers are.
Beyond saving time and money by determining common red flags, there are other advantages to integrating the due diligence processes. These advantages include:
- the ability to build comprehensive profiles that account for all relevant concerns on any existing or potential third parties – from general integrity to anti-corruption, export controls and sanctions
- saving further time and resources by cross-training business units to vet third parties for more than one type of business concern.
Engaging a due diligence vendor
A sound due diligence vendor is qualified to investigate and report its findings regarding one or all of the BIS suspicious “red flags”.
The advantages of engaging due diligence vendors for an export control programme are numerous and include:
- acquiring an expansive network of third party investigators who are familiar with local language and business practices and the common fraudulent schemes of customers
- access to weighted analyses and reporting on customer backgrounds, business practices and positions within the industry using bespoke, independent criteria
- access to the vendor’s cohesive desktop solution, which provides companies with the option to integrate distribution, supply chain and end purchaser data into a single platform.
Using a vendor to identify, catalogue and investigate potential export controls makes sense because vendors will be solely dedicated to uncovering the key information. This intelligence can then be passed onto the company for analysis and used when making important business decisions. Using the information to make quick and decisive choices regarding which customers to work with means that company resources can be committed to developing the relationships needed to make such transactions successful.
“Know thy customer” is the first commandment of successful sales and marketing. This directive should also apply to every company undertaking anti-corruption due diligence and export control analysis. As various corruption and export sanctions enforcement decisions demonstrate, companies must do more than simply check names against a watchlist.
While many companies have amplified the level of anti-corruption due diligence applied to third parties by seeking more-detailed analyses, relatively few utilise this existing investigative resource infrastructure to conduct more-thorough analyses on the parties to whom they export.
With a bit of planning and investment, a company can leverage its existing third party due diligence protocols and data to substantially mitigate its export control exposure. The results are an integrated, single-source repository for third party data (distribution networks, suppliers and end purchasers), better and more complete data about the business each company conducts in a particular country and, over time, improved resource efficiencies resulting from the use of a single database to serve both anti-corruption and export control due diligence functions.