Looming deadlines and decision points concerning Iran and Russia may portend changes in the implementation of existing sanctions, if not changes to the sanctions regimes themselves. How to manage these risks while still engaging in legitimate trade is a crucial compliance consideration. 

In a recent Compliance Week Webinar, sanctions experts Awith law firm Hughes Hubbard & Reed discussed strategies for how companies can draft compliance policies and manage commercial relationships to account for future developments in these and other programs.

Pertaining to Iran sanctions, the latest development occurred on Oct. 13, when President Trump announced that he was decertifying the Joint Comprehensive Plan of Action (JCPOA), the Iran nuclear deal agreed to by President Obama last year. President Trump further said he would formally terminate U.S. participation in the deal if Congress and U.S. allies were unable to address its perceived deficiencies. 

The decision to decertify effectively triggers a 60-day fast-track process under which Congress can (but is not required to) re-impose (or “snap back”) sanctions on Iran. The President indicated, however, that he does not intend to seek a re-imposition of sanctions at this stage, but rather said he would seek to work with Congress and U.S. allies to address perceived flaws in the JCPOA.

“The critical take away from the President’s statement is that the legal landscape, for now, remains unchanged with respect to Iran sanctions,” said Sean Kane, counsel at Hughes Hubbard & Reed. The nuclear-related “secondary sanctions” that were suspended as part of that agreement remain suspended, and General License H remains in place, as does the primary U.S. embargo that was not part of the JCPOA, which continues to prohibit most trading in goods, technology, and services between the United States and Iran.

Nonetheless, the President’s decision to decertify the JCPOA shifts the tone, creating a climate of uncertainty. “We might expect to see a more aggressive posture in the near-term to include the potential use of secondary sanctions authorities that remain in place,” Kane said. A clear target would be European companies that are transacting with entities in Iran that are owned by, or affiliated with, the Islamic Revolutionary Guard Corps (IRGC), a branch of Iran’s armed forces with extensive commercial and banking activities. “Those sanctions remain in the place under the deal,” he said. “They have not been aggressively implemented post-JCPOA, but we could see a renewed effort to focus on that sort of activity.”

“Companies operating in Iran should have exit strategies in place in the event of sanctions snap-back.”
Amanda DeBusk, Partner, Hughes Hubbard & Reed

The IRGC “has their tentacles in a lot of things going on in Iran,” said Amanda DeBusk, a partner at Hughes Hubbard & Reed, who leads the firm’s export controls and sanctions practice. Moreover, the U.S. Treasury Department has issued a statement urging the private sector “to recognize that the IRGC permeates much of the Iranian economy, and those who transact with IRGC-controlled companies do so at great risk.” U.S. companies haven’t been able to transact with IRGC for quite a while, so this warning shot really focuses on non-U.S. companies doing business in Iran, DeBusk said.

From a compliance standpoint, the key message is that “the due diligence bar keeps getting higher and higher,” DeBusk said. Foreign companies, and U.S.-owned or U.S.-controlled foreign entities, transacting in Iran need enhanced due diligence procedures, she said.

Consider these other compliance practices, as well:

Have in place a contingency plan.“Companies operating in Iran should have exit strategies in place in the event of sanctions snap-back,” DeBusk said. Include in contracts language allowing for unilateral termination if sanctions prohibit that performance.

Be vigilant about U.S.-dollar transactions. “U.S. dollar transactions I find to be one of the most frequent trip-ups,” DeBusk said.  Continue to monitor sanctions compliance in existing operations, ensuring that no U.S. persons are involved in, or facilitating, the transaction, that no U.S.-origin goods or technology are used, and that deals are not denominated in U.S. dollars, she said. 

Be alert for red flags. “One of the biggest mistakes that companies can make is to ignore red flags or not have a process for dealing with those red flags,” DeBusk added. Being willfully blind could result in criminal liability: “Did you know, or should you have known, that the transaction was unlawful and that it was occurring?”

Russia sanctions

In addition to Iran sanctions, sanctions imposed on Russia are also creating a significant level of uncertainty and confusion for companies right now. The “Countering America’s Adversaries Through Sanctions Act” (CAATSA), signed into law by President Trump Aug. 2, expanded and strengthened U.S. sanctions law, most especially targeting Russia.

Some of the most significant provisions in CAATSA amend the U.S. “sectoral” sanctions program targeting Russia by imposing tighter restrictions (known as directives) on U.S. persons’ business activities with Russian persons operating in certain specified sectors named on the Sectoral Sanctions Identification (SSI) List.


OFAC continues to push the bounds of its jurisdiction and establish new theories of liability, as the following case studies show.
Epsilon Electronics v. U.S. Treasury (May 2017): Upheld penalty even though OFAC never proved U.S. origin goods went to Iran. The case underscores narrow applications of general inventory rule
B-Whale Corporation (February 2017): Finding of violation underscored the fact that even minimal contacts with the United States are sufficient to establish jurisdiction
ZTE (March 2017): Largest OFAC settlement (> $100m) with non-financial institution, involving re-export of U.S. origin technology to Iran. (Total penalties assessed by several agencies were $1.2 billion).
CSE Global (July 2017): First time non-U.S. exporter found liable for a violation of U.S. sanctions, by routing payments for shipments of non-U.S. goods to Iran through U.S. banks.
Source: Compliance Week

Any company involved in Russian oil and gas projects will want to pay particular attention to the SSI List’s Directive 4, which will soon prohibit the exports of goods, technology, or services by U.S. persons in support of “new” deepwater, Arctic offshore, or shale projects worldwide; as well as those that involve a Russian sanctioned person who holds a 33 percent or greater ownership interest in such a project. Prior to CAATSA, Directive 4 prohibited goods, technology, and services that applied only to projects in Russian territory. “An important takeaway here, with the 33 percent threshold, is that it means that sanctioned Russia oil companies will not be able to block U.S. participation in developing fields simply by acquiring a small interest,” said Melissa Duffy, a partner at Hughes Hubbard & Reed, who focuses on export and trade sanctions controls.

Many of the provisions in the Russia sanctions law further authorize for the imposition of secondary sanctions. This means that non-U.S. companies that engage in certain activities, even if such activities do not involve U.S. individuals or the United States, may still be sanctioned by the United States. “This very similarly follows the pattern of the Iran secondary sanctions,” Duffy said.

Another provision of CAATSA shortens, by about half, the prohibited debt periods of the SSI List’s Directive 1 and Directive 2. Under Directive 1, U.S. persons will be prohibited from transacting in, providing financing for, or otherwise dealing in new debt of longer than 14 days’ maturity (down from 30 days) applying to Russian financial institutions. Under Directive 2, U.S. persons will be prohibited from transacting in, providing financing for, or otherwise dealing in new debt of longer than 60 days (down from 90 days) for the benefit of specified entities operating in Russia’s energy sector.

Consider, for example, a U.S. company that provides an invoice to a Russian company on the SSI list, and that Russian company takes more than 14 days to pay. The U.S. company will then be deemed to be dealing in a debt instrument of longer than 14 days. In practical terms, the amendments to these directives mean that non-banks should review their current invoicing processes and revise them accordingly. 

With the Russia sanctions, sectors that will be most affected include oil and gas, metals and mining, and the railway. Concerning the Russian sanctions, European companies are especially under a lot of pressure and scrutiny, because Russia is a significant supplier of natural gas to the European market. Case in point: the Nord Stream project, a natural gas pipeline from Russia transporting natural gas into the European Union.

Since Russia sanctions legislation is in the implementation stage, companies should watch for the issuance of Frequently Asked Questions (FAQs) from the Office of Foreign Asset Control (OFAC) on this topic for guidance. On Oct. 31, OFAC published new FAQs related to CAATSA, for example. “These FAQs are the latest OFAC actions to implement the responsibilities assigned and delegated to it under CAATSA,” OFAC stated. “They reflect close interagency consultation and coordination, as well as careful consideration of issues raised by Congress, industry, and international allies and partners,” OFAC stated.

Companies doing business with Russia should also conduct proper due diligence to assess whether a Russian customer, supplier, or other business partner is not listed on the Sectoral Sanctions Identification (SSI) List. In the past, OFAC has been heavily focused on enforcement against big banks, but “what we’re seeing is a shift to two new areas: exporters and non-U.S. companies,” Duffy said.

With the President decertifying the JCPOA and with the implementation of the Russia sanctions, in combination with all the uncertainty in this area, don’t make the mistake of waiting for a significant sanctions violation before reviewing and strengthening your sanctions compliance program.