A Guide for GCs Investigating Suspected Economic Sanctions and Export Control Violations
When a company discovers that it may have committed a violation of economic sanctions or export control (ES/EC) laws, it needs to react swiftly and methodically.
September 10, 2019 at 02:40 PM
6 minute read
On Friday evening, you get a call informing you that your company's German subsidiary may have shipped products to Iran. How do you confirm this allegation is true? Do you inform the board? Should you tell the government? You ask yourself, "What do I do next?"
When a company discovers that it may have committed a violation of economic sanctions or export control (ES/EC) laws, it needs to react swiftly and methodically. The following checklist provides guideposts for considering and conducting such investigations, with emphasis on features unique to ES/EC laws.
- Assess the Information.
The company must quickly assess the information's merit. An anecdotal comment is different from a report with a paper trail. Seek to establish the precise scope of the issue, how long it has been going on, and whether it is still occurring. This process may include confirmatory steps such as background conversations with the persons who discovered the potential violations and preliminary testing of ERP data for indicators of sales to sanctioned countries or prohibited end users or uses. Take care to establish privilege over the preliminary review through involvement of in-house and/or external counsel.
- Be Aware of the Context.
The method by which information regarding a potential ES/EC violation surfaces can be relevant to the initial approach to response. It may have come to light in transaction diligence, during a routine compliance audit, or in response to a lender's questions regarding where the company does business. Alternatively, the trigger may have been an employee whistleblower or a query from the bank processing payment for one of the company's transactions. Work with the legal department or outside counsel to respond in accordance with applicable company protocols, protect confidentiality and privilege as possible, and ensure that there is no retaliation for reporting.
- Contain the Problem.
One of the most important first steps is to prevent additional violations from occurring. For example, implementation of "blocks" in an online drop-down menu to prevent customers from selecting certain countries (e.g., Iran) may stop additional shipments to those destinations. ES/EC violations that occur after discovery of a problem may be considered willful or intentional, increasing exposure to penalties.
- Consider Voluntary Self-Disclosure.
Another key early decision will be whether to self-report to the ES/EC regulators, namely the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC), the U.S. Department of Commerce's Bureau of Industry and Security (BIS), and the U.S. Department of State's Directorate of Defense Trade Controls (DDTC). It involves weighing several factors, including the probability that violations actually occurred, the likelihood that the government would find out about them independently, and the desire to have a clean slate, including being "exit ready" for future mergers and acquisitions. A particularly relevant consideration is that voluntary self-disclosures are afforded a fifty percent reduction in any penalties that may be imposed.
- Secure Management Buy-In.
Making a voluntary self-disclosure means notifying the government of the suspected violations fairly promptly, as letting time lapse can undermine voluntariness credit. It also means then carrying out a bona fide internal investigation, potentially including employee interviews, forensic review, and an analysis of up to five years of transaction data to check for ES/EC violations more broadly. In addition, it requires considering whether government authorizations may be necessary to engage in or continue certain activities. It is important to set the proper scope and obtain the necessary support, as the company must follow through and submit a report on what it commits to undertaking and the government will hold it accountable for those representations.
- Develop a Work Plan.
Upon deciding to proceed, it is advisable to design a guiding work plan. It should include technical work streams such as ERP searches for sanctioned countries, screening of counterparties against restricted lists and resolution of potential matches with restricted parties, and review of product export control classifications and potential license exceptions. It should also allot time to address the data privacy issues inherent in many cross-border transactional reviews, and incorporate strategic work streams such as identifying the root cause of potential violations, checking for the possibility that violations were intentional or willful, and adopting compliance enhancements. The company's actions likely will come under scrutiny from stakeholders such as its Board, auditors, investors, and lenders, and potentially the government.
- Preserve Relevant Evidence.
To safeguard the integrity of the investigation, at its outset steps must be taken to preserve relevant records and materials. Issue a hold notice to employees that is sufficiently broad to cover documents and communications relevant for ES/EC purposes, such as on sales and shipments, and on any prior interactions with government. Check for and suspend automatic deletion functions the company may have, e.g., for emails and other records stored on its servers. It will be counterproductive if the review is incomplete, or if the government forms the view relevant information has been lost, even inadvertently.
- Initiate Appropriate Remediation.
Even in an investigation's early stages, it is not too soon to commence remedial steps. Closing identified gaps, such as by making technical fixes to company systems and potentially integrating specialist third party providers, is a process that benefits from lead time. Ultimately, it will be necessary to implement risk-based measures such as policies and procedures, a screening process, terms and conditions in counterparty agreements, and regular training. These should meet applicable standards such as those in the recently issued "Framework for OFAC Compliance Commitments." A government-imposed compliance program is apt to be more complex and costly.
Though each case is different, using a checklist such as the above will help ensure best practices are followed.
Kirkland & Ellis lawyers Mario Mancuso, Sanjay Mullick, Anthony Rapa and Abigail Cotterill are members of the firm's international trade and national security practice.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllA Blueprint for Targeted Enhancements to Corporate Compliance Programs
7 minute readThree Legal Technology Trends That Can Maximize Legal Team Efficiency and Productivity
Corporate Confidentiality Unlocked: Leveraging Common Interest Privilege for Effective Collaboration
11 minute readTrending Stories
- 1Decision of the Day: Judge Reduces $287M Jury Verdict Against Harley-Davidson in Wrongful Death Suit
- 2Kirkland to Covington: 2024's International Chart Toppers and Award Winners
- 3Decision of the Day: Judge Denies Summary Judgment Motions in Suit by Runner Injured in Brooklyn Bridge Park
- 4KISS, Profit Motive and Foreign Currency Contracts
- 512 Days of … Web Analytics
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250