The Department of Commerce, Department of Treasury, and Department of Justice released a Tri-Seal Compliance Note (“Note”) to assist companies in identifying warning signs and implementing appropriate compliance measures to prevent evasion of Russian-related sanctions and export controls. The Note highlights one of the most common evasion tactics used to hide the involvement of sanctioned persons or parties on the Entity List and obscure the true identities of Russian end-users: the use of third-party intermediaries or transshipment points.
The Note identifies red flags and facts from recent enforcement cases that may indicate a scheme to evade U.S. sanctions and export controls, including the following:
- Use of shell companies or other corporate vehicles to obscure ownership, the source of funds, or the countries involved, including claiming shell companies are intermediate consignees or end-users;
- A customer’s reluctance to share information about a product's end-use or to complete an end-user form;
- Dividing an order of controlled items into multiple shipments;
- Shell companies involved in international wire transfers, including financial institutions in different jurisdictions than where the company is registered;
- A customer declining customary installation, training, or maintenance;
- A customer’s IP address does not match the customer’s reported location data;
- Last-minute changes to shipping instructions that are inconsistent with the customer’s history or business practices;
- Payments coming from countries or businesses not listed on the End-User Statement;
- The use of personal, rather than business, email addresses;
- Complex or international businesses using residential addresses or addresses common to multiple closely held corporate entities;
- Revisions to standard engagement letters that obscure the ultimate customer;
- Changes to transactions previously planned for shipment to or payment from Russia or Belarus;
- Using aliases for the identities of the intermediaries and end-users;
- Entities with little or no physical presence (e.g., a company with no visible signage or a seemingly empty office in a strip mall);
- Entities with little or no web presence; or
- Routing purchases through China (including Hong Kong and Macau), Armenia, Turkey, and Uzbekistan, which are transshipment points commonly used to divert products to Russia or Belarus.
As part of a risk-based compliance program, companies should have policies and procedures in place to identify potential red flags, screen parties, and conduct further due diligence before proceeding with a transaction. An effective risk-based compliance program should also be routinely updated and include management commitment (e.g., appropriate compensation incentives), risk assessment, internal controls, testing, auditing, and training.
The Note serves as a reminder that “[b]usinesses of all stripes should act responsibly by implementing rigorous compliance controls, or they or their business partners risk being the targets of regulatory action, administrative enforcement action, or criminal investigation.”