Editor: Please tell us about the investigation of Standard Chartered for violations of U.S. sanctions against Iran. What are the major allegations, and where does the matter stand at present?
Segall: The Department of Financial Services in New York (DFS) – a state regulatory agency – recently served notice on Standard Chartered to appear at a hearing in connection with violation of reporting obligations under New York state law. Systematic violation of U.S. sanctions restrictions on Iran and other U.S. embargoed countries – which are administered by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) – were alleged. This prompted comments from federal enforcement agencies and the bank confirming that OFAC and the U.S. Department of Justice (DOJ) were engaged in an ongoing investigation of related sanctions concerns.
The basic allegations are parallel to charges against a number of other prominent international banks in recent years – including Lloyds, Barclays and ING – that have resulted in settlements for hundreds of millions of dollars. Standard Chartered was accused of a systematic pattern of practice to conceal information associated with billions of dollars in financial transactions it processed through its New York branch indicating transactions originating in Iran or other sanctioned countries. Standard Chartered immediately contested the allegations, asserting that less than $14 million in transactions reviewed by the bank violated OFAC sanctions restrictions. The bank then moved swiftly to settle the matter with the DFS in a matter of days and to pursue a final resolution with OFAC and DOJ.
Standard Chartered just settled the DFS charges with a penalty of $340 million, imposition of a compliance monitor and provisions for close oversight by state bank examiners. A final settlement with OFAC and DOJ is still pending. However, the amount of the settlement with the federal agencies in this case may well be significantly lower than the DFS settlement if the bank convinces federal officials that its own findings are accurate, and they find that the bank has been cooperative in its investigation and efforts to disclose and resolve the matter.
Regardless of the final outcome, the Standard Chartered case illustrates the many levels of legal, reputational and business risks when sanctions enforcement intersects overlapping state and federal regulatory restrictions, reporting requirements, disclosure obligations and fundamental corporate governance mandates.
Editor: Please expand on the significance of the allegations and the stakes involved.
Segall: The underlying allegations in this case follow a familiar pattern seen in a series of OFAC enforcement actions against international banks in recent years. What is unusual is the fact that, in this case, state regulators got out ahead of federal regulators in leveling charges publicly without prior coordination in the timing of their actions.
DFS does have authority over maintaining a bank’s license to conduct business in New York state, and this episode clearly highlights that the high stakes for foreign banks with a U.S. presence are not limited to the threat of federal enforcement action but also extend to their ability to retain licensing to do business at the state and local level.
The DFS enforcement action against SCB should be seen as a shot across the bow for financial institutions as it appears to signal increasing assertiveness of state regulators in these cases. While, previously, these investigations have been at the federal level, affected institutions now need to consider and coordinate their strategy to address both federal and state regulatory concerns in sanctions investigations.
Editor: What systemic risks may be presented in situations like this?
Segall: The same systemic risks illustrated in the Standard Chartered case are present in other banking cases and in the Lloyds, Barclays and ING settlements. In June, ING paid $619 million to settle similar allegations of systematic OFAC sanctions violations extending over many years.
Most importantly, these cases highlight a need, not limited to the financial services sector, for companies to establish and maintain strong, effective governance mechanisms to ensure compliance with U.S. sanctions and other anti-money laundering (AML) and trade controls laws. Essential safeguards that are required by institutions subject to the Bank Secrecy Act include screening against transactions with OFAC-designated parties through bank branches in almost any corner of the world that could ultimately transit electronically through U.S. institutions or branch offices. A failure to do so risks running afoul of myriad intersecting regulatory regimes that raise potentially material liabilities and are subject to the enforcement authority of numerous federal agencies and statutory mandates. These include Sarbanes-Oxley and Dodd-Frank mandates enforced by the Securities and Exchange Commission (SEC) and the DOJ, as well as regulatory regimes administered by the U.S. departments of Treasury, Commerce and State.
In the escalating enforcement climate associated with sanctions and other AML and trade control regimes, it is critical for any company with a global footprint - and not just financial institutions - to review its corporate culture of compliance and corresponding compliance profile. Alleged sanctions, FCPA and other trade control law violations are resulting in cases costing hundreds of millions of dollars in legal fees and costs and risking massive penalty assessments, potential debarment or denial of eligibility for business and licensing – not to mention increasing trends to pursue criminal enforcement and imprisonment of individuals culpable for violations; there’s no question that an ounce of prevention is worth a pound of cure when it comes to investment in compliance programs. A clear chain of accountable officials from the C-level on down, regular top-down communication of compliance mandates, the provision of periodic training and education and outreach to company personnel – these are all wise investments to safeguard against potential violations and reinforce a corporate culture of compliance.
Editor: Are U.S. sanction and export-control enforcement trends following the same steep and well-worn path established by U.S. enforcement of the FCPA over the last 10 years?
Segall: Yes. It is widely understood in the global business community that DOJ and SEC officials are aggressively pursuing enforcement of the FCPA. Before 2001, FCPA settlements were modest and rare. Since then, FCPA penalty assessments have steadily climbed from millions to tens and, more recently, hundreds of millions of dollars, reaching thresholds of materiality with fundamental implications for the bottom line and metrics of affected companies.
We have recently seen a steady increase in U.S. law enforcement funding and resources for U.S. export control and sanctions enforcement, accompanied by increases in the number of related investigations and the penalty assessment amounts. Moreover, law enforcement practices adopted by the Department of Justice in FCPA investigations (including use of sting operations) and features of settlements of such cases (including suspended terms and imposition of compliance monitors) are increasingly being applied in export control and sanctions cases as well.
In 2007 there was a substantial increase in statutory penalties under the IEEPA statute (the International Emergency Economic Powers Act) that multiplied the amount of potential penalties for sanctions and export control violations more than five-fold and recalibrated guidance on penalty assessment to more aggressive standards, including a new mandate for assessment of civil penalties based on the higher of maximum statutory penalty amounts or twice the value of related transactions. Terms of imprisonment for willful violations of U.S. sanctions and export control laws increased from 10 to 20 years. The penalties associated with enforcement actions under these laws are continuing to increase accordingly.
The architecture and relationships of relevant enforcement agencies have been reengineered to facilitate closer coordination of investigations, information sharing and awareness building to train U.S. attorneys offices nationwide on sanctions, AML and export enforcement concerns. In support of this, a new DOJ office was created under a National Export Control Coordinator to promote more effective investigation and enforcement in export control and sanctions cases. DOJ now plays a key role in coordinating efforts with key administrative agencies such as OFAC and the Office of Export Enforcement at the Commerce Department to more effectively access information from U.S. intelligence agencies and other sources and to take advantage of MLATs (mutual legal assistance treaties) to access evidence and support from law enforcement agencies of other countries. The results of these efforts are reflected in the increasing penalties, more invasive terms of settlements and general trends of sanctions and export enforcement since that time.
Editor: What is your sense of the level of global compliance with U.S. sanctions against Iran?
Segall: Global compliance trends are generally paralleling U.S. and international Iran sanctions enforcement. This trend is supported and, to some extent, equally driven by the fact that other countries – including the U.S.’s closest allies in Europe and other parts of the world – have been adopting sanctions measures against Iran in keeping with UN sanctions resolutions and other multilateral arrangements that provide a self-sustaining legal grounding that is not simply reactive to U.S. measures. Other countries’ sanctions enforcement officials and non-U.S. companies are now recognizing increased restrictions under the laws of countries in which they are operating. Norms of corporate governance and best practices for leading global companies are following these developments out of necessity.
Under the Iran Sanctions Act (ISA), administered by the U.S. Department of State, the U.S. has also increasingly pursued extraterritorial sanctions measures against Iran that target Iran’s nuclear program, oil and gas industry, shipping and aviation sectors, banking system and entities associated with international concerns regarding Iranian involvement in international terrorism and weapons proliferation. While these measures have been implemented more through diplomacy than by overt punitive actions, they appear to be increasingly effective in leveraging the threat of intervention to cut off non-U.S. companies from access to U.S. capital, goods and technology as a means to influence commercial decisions of companies with their center of gravity in other countries. Similar measures have been adopted by many other countries both in keeping with progressive tightening of multilateral sanctions resolutions and as part of coordinated diplomatic efforts.
A new law only just enacted by Congress and signed into law by President Obama – the Iran Threat Reduction and Syria Human Rights Act of 2012 (ITRA) – is also helping to drive U.S. sanctions against Iran farther offshore. Until now, the OFAC sanctions program for Iran – the Iran Transaction Regulations – generally applied to U.S. persons and companies, including U.S. branches and affiliates of foreign companies. But this sanctions regime couldn’t reach foreign affiliates and subsidiaries of U.S.-based companies to the extent they operated independent of U.S. person involvement in activities touching on Iran.
Under ITRA’s Section 218, however, U.S. persons and companies will now be held liable for OFAC sanctions penalties if offshore entities that are subject to their ownership or effective control engage in business activities that are inconsistent with core prohibitions of the OFAC sanctions against Iran. The OFAC sanctions impose a general embargo on almost any form of business activities involving Iran – even the sale of paper clips or paper plates – under core OFAC prohibitions. Moreover, Section 219 imposes new SEC reporting obligations on companies that must file quarterly or annual reports with the SEC in connection with activities of the issuer or its affiliates that touch on activities associated with Iran covered by ISA sanctions restrictions; this provides a further basis for liabilities under SEC regulations governing disclosure obligations.
These new sanctions measures concerning Iran have substantial implications for foreign affiliates of U.S. companies in almost any business sector. This includes foreign entities that are subject to majority or substantial U.S. investor equity ownership or effective control. Accordingly, the implications are substantial, as this law creates an imperative for U.S. investors and U.S. parent companies to more aggressively compel comprehensive compliance from affiliates based abroad that may be accustomed to operating with a greater degree of independence in their sanctions compliance practices.
Editor: What are the implications for corporate governance?
Segall: Recent trends of enforcement under U.S. sanctions and export control laws are moving these areas into the orbit of other areas of regulation that are focal frames of reference for good corporate governance in the same way that we have seen occur with the FCPA and AML laws. Moving along this trend, sanctions settlements (such as ING’s) have already crossed into the realm of hundreds of millions of dollars in which considerations of materiality, together with risks of shareholder derivative lawsuits for corporate governance failures, are evident and should be recognized as a significant governance issue up to the boardroom and executive suite level. Penalties in U.S. export control cases have recently approached the $100 million threshold, with increasing criminal prosecution and imprisonment of individuals found culpable for willful violations.
Returning to the banking sector, where our conversation started, there have been a number of OFAC sanctions cases in recent years in which major international banks have been accused of engaging in “transaction stripping,” practices in which programs were developed to systematically remove information indicating a nexus with a U.S.-sanctioned country from financial transactions and electronic transmissions processed through U.S. branches, worth billions of dollars, in order to evade U.S. sanctions restrictions and detection of sanctions violations. While a significant number of similar investigations are apparently ongoing and not yet public, the governance implications of previous settlements are already crystal clear. It remains to be seen over time, however, how high a level of corporate management enforcement targeting – or derivative actions of disgruntled investors – will ultimately reach.
Reputational considerations aside, ING’s $619 million penalty touches a level of magnitude that simply makes U.S. sanctions enforcement increasingly difficult for C-level executives to ignore as a matter of good governance. Such penalties are intended to impact the value and profile of a company. This magnitude of risk also intersects with the general challenge associated with disclosure obligations and potential liabilities for non-disclosure of companies that are listed with the SEC.
The new SEC disclosure requirements associated with foreign affiliate activities that touch on ISA-sanctioned commerce, provided in Section 219 of ITRA, suggest a potential evolution in the role in U.S. sanctions enforcement of the SEC and its Office of Global Security Risk (OGSR), created to track listed companies’ business dealings in countries identified as “state sponsors of terrorism,” for, previously, OGSR’s role had not intersected with SEC or DOJ enforcement. Failure to identify and disclose such issues could expose a company to significant liabilities for violation of its fundamental SEC reporting obligations. Where such issues are identified and disclosed, the new law requires notification of other federal agencies, the initiation of an enforcement investigation and notification of certain committees in the U.S. Congress.
The governance burden this new requirement imposes on potentially affected companies is substantial. Depending on the scope of their business interests and areas of commercial activity, potentially affected companies must consider how to maintain sufficient oversight and awareness of their global affiliates to enable senior officers to execute disclosures and filings with the SEC. Failure to address these issues effectively could subject them, as well as the company, to substantial legal liabilities.
Editor: Given the ITRA sanctions law is new, where do companies currently stand as to awareness and compliance?
Segall: In broad-brush terms, large multinational corporations in highly regulated industries, such as the financial services, defense, aerospace and energy sectors, have been sensitive to these concerns for a long time. Nevertheless, the risks of complacency and neglect of sanctions and other trade control issues, whether due to focus on other concerns or otherwise, are constant dangers for any company. Levels of awareness are not as high for companies in less sensitive and less regulated sectors, but that may change with the new law’s extension of sweeping OFAC sanctions restrictions to their offshore affiliates.
Given that the U.S. and other countries already impose substantial sanctions on Iran, many large global companies have already gradually wound down and withdrawn from business that touches that country as a matter of simple business risk assessment. However, the risk may be greater for other companies in less sensitive sectors that are U.S.-based and generally do not exercise close control over their foreign subsidiaries and affiliates. These companies may not have a full awareness of offshore business activities covered by the new law. Accordingly, these companies face real dangers if they do not undertake efforts to investigate and verify exclusion of Iran-related business by all of the entities that they own or effectively control in reference to the new law.
Many U.S.-based companies still face governance vulnerabilities associated with limitations in their chain of accountable officials for sanctions and other trade controls compliance, or inattention to mechanisms to promote awareness of related compliance concerns. Given the potential governance implications associated with the new ITRA law and continuing trends of enforcement in all of these areas of law, up to the C-level of management and the officials who ultimately must sign off on public filings of SEC-listed companies, trade controls compliance should be an increasing priority in corporate governance. Companies that fail to learn the lessons of recent enforcement trends in these areas and are themselves subject to enforcement will ultimately light the way for other companies that successfully integrate effective internal controls to address these areas of regulation in their corporate governance and corporate culture.
Published September 25, 2012.