Although there are numerous parallels between sanctions enforcement and the FCPA, which I talked about last time, there are also significant differences. Let’s look at a few of those.
Self-Contained v. Distributed. The FCPA is one law in just two parts — the anti-bribery provisions and the accounting standards.
The anti-bribery provisions prohibit directly or indirectly giving or promising to give anything of value to a foreign official to obtain or retain business or gain an unfair advantage. That’s it (in an oversimplified but still ok nutshell).
The accounting standards require issuers and individuals acting for them to make and keep books and records that accurately and fairly reflect the transactions and dispositions of the issuer’s assets. Issuers must also devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that transactions are properly executed and recorded. Again, short and well-defined requirements.
Sanctions are very different. They aren’t one law or even multiple parts of a single law. They are several collections of laws and regulations.
For a start, OFAC (the Treasury Department’s Office of Foreign Assets Control) administers 35 separate regulatory programs, some country-based and others policy-based. The most common sanction prohibits doing business with a “blocked” entity or person (that’s OFAC’s SDN List that I discuss below).
Embargoes ban trading with a country or traveling to it. Export controls restrict or ban the sale or transfer of designated items to targeted countries. Sanctions can impose U.S. visa bans on individuals and their family members and associates. Capital controls restrict investment into or from targeted countries, regions, or industries. Sanctions can deny access to the U.S. banking system. Asset freezes prevent the sale or removal of assets under U.S. jurisdiction. Sanctions can also lead to asset forfeiture actions.
OFAC issues this warning: “The terms of each sanctions program are different and each one must be considered separately. . . . Due to the diversity among sanctions, we advise visiting the ‘Sanctions Programs and Country Information’ page for information on a specific program.”
There are other sources of sanctions besides OFAC, some of which fall under the jurisdiction of other agencies, as I discuss below.
Two Enforcement Agencies v. Many. The DOJ is the only agency that can bring FCPA-related criminal enforcement actions, while the SEC brings FCPA civil enforcement actions.
Other U.S. federal agencies may bring enforcement actions under different laws if the FCPA defendant’s behavior also violated those other laws.
For example, the DOJ prosecuted a mining and commodities trader, Glencore plc, for criminal FCPA anti-bribery violations. At the same time, the Commodity Futures Trading Commission (CFTC) brought a civil action against Glencore under other laws for “manipulative and fraudulent conduct—including conduct relating to foreign corruption.”
Even with the wrinkle of parallel DOJ and SEC enforcement and occasionally related actions by other agencies, FCPA enforcement is simpler than sanctions enforcement.
Let’s start with OFAC. It enforces violations of the 35 programs it administers through civil enforcement actions. The DOJ can bring criminal prosecutions for sanctions violations.
Separately, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) administers laws and regulations collectively falling under the jurisdiction of the Export Administration Regulations (EAR). BIS enforces the EAR through civil actions. The EAR regulate the trade of dual-use items — commercial items that can also be used in conventional arms, weapons of mass destruction, terrorist activities, or human rights abuses.
Moving on to the State Department, it administers ITAR — the International Traffic in Arms Regulations — which implement the Arms Export Control Act and include the United States Munitions List. The State Department acts through its Directorate of Defense Trade Controls in the Bureau of Political-Military Affairs.
OFAC, BIS, and the State Department enforce the laws and regulations under their jurisdiction through civil actions, while the DOJ can bring criminal prosecutions based on those laws.
Stable v. Dynamic. The FCPA rarely changes. Congress has only amended it twice, and courts have generally upheld how the DOJ and SEC interpret and enforce it.
(Harry wrote about a baffling and grammatically challenged FCPA disclosure from an SEC filing that said in part, “FCPA is a complex patchwork of laws can change rapidly with relatively short notice.” Wrong.)
In contrast to the FCPA, sanctions are constantly in flux. They’re built that way.
OFAC currently has about 12,000 names on its Specially Designated Nationals and Blocked Persons List (SDN List). It also keeps separate lists of people or entities subject to other OFAC-administered sanctions.
OFAC’s lists are frequently updated — names are added or removed, often daily. The burden is on users to stay current. As OFAC cautions, “Because OFAC’s programs are dynamic, it is very important to check OFAC’s website regularly. Ensuring that your sanctions lists are current and you have complete information regarding the latest relevant program restrictions is both a best practice and a critical part of your due diligence responsibility.”
A further aspect of sanctions differentiates them from the FCPA. The President can impose or remove some sanctions with the stroke of the pen. By Executive Order, he can restrict trade with countries during peacetime under the International Emergency Economic Powers Act (IEEPA) and when the United States is at war under the Trading with the Enemy Act. OFAC administers sanctions imposed under both those laws.
In the concluding post, I’ll compare enforcement data for the FCPA and sanctions and look for trends that might be emerging.