Record Settlements for Sanctions Violations Show Aggressive Stance Towards Foreign Companies

On December 16, 2009, the Office of Foreign Assets Control (OFAC), the U.S. Department of Justice (DOJ) and the New York District Attorney’s Office announced a $536 million settlement with Credit Suisse AG, a Swiss bank, of civil and criminal charges involving alleged violations of several U.S. economic sanctions regimes  The settlement, which is the largest ever by OFAC, is based on the bank’s alleged systematic concealment of the involvement of sanctioned-country parties, including persons and banks in Iran, Sudan and Cuba, in various financial transactions processed through the United States.  This agreement was followed by a similar settlement with Lloyds TSB Bank, plc, an English company, on December 22, 2009, for $217 million.  These agreements represent the continuation of aggressive and coordinated multiagency enforcement focused on foreign banks and transactions involving targets of U.S. economic sanctions.  More broadly, it demonstrates OFAC’s expansive interpretation of its own regulations in applying jurisdiction to the operations of foreign companies, suggesting that multinationals in all sectors should consider these cases in assessing current compliance efforts.

Background

OFAC, which is part of the U.S. Department of the Treasury, administers and implements economic sanctions and embargoes, including programs involving Iran, Cuba, Sudan, Burma and the former regime of Charles Taylor in Liberia, as well as certain expired programs such as the one involving Libya[1].  These regulations generally prohibit persons subject to the jurisdiction of the United States from engaging in specified conduct involving certain countries and listed entities (i.e., Specially Designated Nationals).  Persons identified in the various regulations as subject to the jurisdiction of the United States include U.S. citizens, entities organized in the United States and persons “in the United States.”

Foreign companies are generally not identified in the sanctions regulations as subject to the jurisdiction of the United States—with certain notable exceptions.  For example, under the Cuban Assets Control Regulations (CACR), foreign companies that are owned or controlled by U.S. persons or companies are expressly subject to those regulations.  Similarly, foreign persons are clearly prohibited from re-exporting controlled U.S. goods, technology or services to Iran under the Iranian Transaction Regulations (ITR).

The regulations also prohibit a wide range of activities that occur in the United States without reference to the party covered by the prohibition.  For example, the Iranian Transaction Regulations prohibit “exportation . . . of services to Iran” without reference to whether the person making or causing the exportation is a “U.S. person.”  The sanctions programs involving Burma, Sudan and Libya have similar prohibitions, as well as prohibitions on dealing in property and interests of blocked persons that “come within the United States.”

Summary of Settlements

Lloyds

In January 2009, Lloyds entered into deferred prosecution agreements with DOJ and the New York district attorney for alleged violations related to its activities involving Iran, Libya and Sudan.  Specifically, the agreements stated that Lloyds falsified outgoing payment messages involving sanctioned entities at the bank’s foreign locations (a practice known as “stripping”), thereby enabling Lloyds to process transactions through U.S. banks from 1995-2007.  Lloyds agreed to pay DOJ and the state of New York $350 million as part of the agreements ($175 million to DOJ and $175 million to the state of New York).[2]

The December 22, 2009, settlement by OFAC arose from the same set of facts and covers transactions from June 2003 through August 2006.  Under the OFAC agreement, Lloyds agreed to pay $217 million, although OFAC agreed that the obligation was satisfied by Lloyds’ earlier payments to DOJ and New York.  In addition, Lloyds is required to conduct annual reviews for two years to ensure compliance with OFAC regulations.[3]

Credit Suisse

According to settlement documents, Credit Suisse processed thousands of transactions that concealed the involvement of sanctioned parties in wire transfers and securities transactions involving U.S. financial institutions.  The joint DOJ, OFAC and New York District Attorney’s Office investigation indicated that Credit Suisse developed and deployed, over a 20-year period, elaborate procedures to alter payment paths and payment information to conceal the involvement of parties subject to U.S. sanctions.  In addition, Credit Suisse’s London office processed securities trades through Credit Suisse’s U.S. branch on behalf of a then-designated Libyan state-owned investment company and a Sudanese bank.

Under the terms of the settlement, Credit Suisse will pay $536 million—the largest penalty ever assessed for U.S. sanctions violations.  Credit Suisse is subject to a cease and desist order and is obligated to implement an enhanced global regulatory compliance program, notwithstanding Credit Suisse’s partial voluntary disclosure of the alleged violations and its cooperation with U.S. authorities over a two-year period in an investigation into these transactions.  The settlement, which was completed in parallel with deferred prosecution agreements with DOJ and the New York District Attorney’s Office, stated that the penalty assessed was significantly mitigated as a result of this cooperation, a voluntary self-disclosure that covered some of the violations and remedial measures undertaken by Credit Suisse.[4]

Analysis

U.S. government statements indicate that these cases are intended to serve as a warning to international financial institutions.  Treasury Under Secretary for Terrorism and Financial Intelligence Stuart Levey stated that the Iranian government uses deceptive practices to evade U.S. sanctions, and “banks that do business with Iran expose themselves to the risk of becoming involved in Iran’s proliferation and terrorism activities.”  Assistant U.S. Attorney General Lanny Breuer, in charge of the DOJ Criminal Division, stated that “[he] hopes that other financial institutions are watching and learning from Credit Suisse’s experience.”

The regulated community relies on settlement agreements such as these to understand OFAC’s interpretations of its laws and regulations, as well as its enforcement positions on various issues.  On one level, these cases could be understood merely as criminal investigations of willful and longstanding conduct viewed by U.S. regulators and enforcement officials as subverting core prohibitions in U.S. sanctions regulations involving financial transactions.  Viewed in this way, the cases are relatively limited to situations in which foreign companies design elaborate schemes to evade and circumvent U.S. law.

However, the cases also seem to represent an expansion of the type of conduct by foreign persons that has historically been subject to OFAC enforcement.  The majority of the transactions covered by these settlements involved alleged violations of the Iran sanctions, but the transactions also included those that allegedly violated U.S. sanctions against Sudan, Libya, Burma, Cuba and the former Liberian regime of Charles Taylor.  The alleged violations can be grouped into several categories:

(1)   “exportation” of services from the United States to the sanctioned country (Iran, Burma, Sudan, Libya)

(2)   dealing in property and interests that “come within the United States” (Burma, Sudan, Libya, Liberia)

(3)   transfers of credit or payments between, by, through or to any banking institution, wherever located, with respect to any property subject to the jurisdiction of the United States (Cuba).

Although the settlement documents refer to various provisions in U.S. sanctions regulations, the legal basis for the allegations against the foreign companies is not entirely clear when measured against the foreign person conduct described in those documents. One theory is that OFAC is relying on language in the International Emergency Economic Powers Enhancement Act (“IEEPA Enhancement Act”) of 2007.  The International Emergency Economic Powers Act (IEEPA) is the statutory basis for all of the current sanctions programs except those targeting Cuba.  In addition to increasing civil penalties from $50,000 to $250,000 per violation, the IEEPA Enhancement Act expanded the types of unlawful activities covered by IEEPA to include “causing” a violation of any regulation.  Under this theory, foreign persons that “cause” a violation by a U.S. person (e.g., an export of financial services to Iran from the United States; a failure to block Iranian property in the United States) are themselves liable under the relevant sanctions regulations.

There are reasons to believe that OFAC is not relying on this “causing” provision, however, in the Lloyds and Credit Suisse cases.  The conduct in question occurred before the IEEPA Enhancement Act, presenting potential concerns with the retroactive application of the provision, and neither settlement mentions the IEEPA “causing” language.  Instead, the language used by OFAC in both settlements suggests that OFAC is interpreting certain regulatory provisions that apply to U.S. persons and activities in the United States to encompass the conduct of these foreign banks.  For example, in the Lloyds settlement, OFAC stated that Lloyds routed transfers through banks in the United States in violation of the prohibition against the “exportation . . . directly or indirectly, from the United States . . . of any … services to Iran.”  In other words, Lloyds, by engaging U.S. banks to process foreign transaction, “exported” a service from the United States.

In any event, these cases have ramifications not only for the financial industry, but for all sectors, ranging from manufacturing to investment funds and private equity.  For example, foreign manufacturing operations that rely on U.S.-sourced goods, technology or services for Iranian customers could be charged with violations of the ITR for the exportation—or causing exportation—of such goods, technology or services by U.S. persons to Iran.  Similarly, foreign fund managers must be sensitive to U.S. investor and portfolio company responsibilities under U.S. sanctions laws because actions undertaken to promote sanctioned-country business can potentially trigger liability exposure for the fund manager.

Conclusion

Foreign companies involved that deal in goods, technology or services from the United States or that are otherwise involved in transactions with a U.S. nexus should carefully consider the Credit Suisse and Lloyds cases.  Clearly, creating an international operational structure to shield U.S. persons from knowledge of the involvement of sanctioned country parties in transactions involving U.S. goods, technology or services creates a liability risk.  However, these settlements suggest that foreign companies could even be liable for activities that inadvertently cause violations by U.S. persons.  As such, they present an opportunity to re-examine current compliance efforts to ensure they are consistent with agency expectations and account for the risks posed by these sizeable settlements.

[1] 31 C.F.R. Parts 500-598. 

[2] The January 2009 DOJ settlement with Lloyds can be found here:  http://www.justice.gov/criminal/pr/press_releases/2009/01/01-09-09lloyds-attachment.pdf.

[3] The OFAC settlement with Lloyds is available at http://www.ustreas.gov/offices/enforcement/ofac/civpen/penalties/lloyds_agreement.pdf.

[4] The OFAC settlement with Credit Suisse is available at http://www.ustreas.gov/offices/enforcement/ofac/civpen/penalties/12162009.pdf.