Joint Compliance Note on Third Party Actors

Signaling a redoubled focus on countries providing conduits to evade western sanctions, Bureau of Industry and Security (BIS), the Department of Justice (DOJ), and Treasury’s Office of Foreign Assets Control (OFAC), issued a Tri-Seal Compliance Note to alert public to how traders use third-party intermediaries and transshipment points to circumvent restrictions and obscure the true identities of sanctioned end users.  

The Document called out for scrutiny transactiosn reouted through jurisdictions close to Russia, including  China, Armenia, Turkey, and Uzbekistan. Elizabeth Rosenberg, the assistant Treasury secretary for terrorist financing and financial crimes, said on Thursday that the UAE was a “country of focus” for the US.

The Note also describes common red flags that can indicate a third-party intermediary may be engaged in efforts to evade sanctions or export controls. "Effective compliance programs employ a risk-based compliance programs that entities can adopt to minimize the risk of evasion. These compliance programs should include management commitment (including through appropriate compensation incentives), risk assessment, internal controls, testing, auditing, and training. "These efforts empower staff to identify and report potential violations of U.S. sanctions and export controls to compliance personnel such that companies can make timely voluntary disclosures to the U.S. government. Optimally, compliance programs should include controls tailored to the risks the business faces, such as diversion by third-party intermediaries.

Red Flags

Common red flags can indicate that a third-party intermediary may be engaged in efforts to evade sanctions or export controls, including the following:

• Use of corporate vehicles (i.e., legal entities, such as shell companies, and legal arrangements) to obscure (i) ownership, (ii) source of funds, or (iii) countries involved, particularly sanctioned jurisdictions;
• A customer’s reluctance to share information about the end use of a product, including reluctance to complete an end-user form;
• Use of shell companies to conduct international wire transfers, often involving financial institutions in jurisdictions distinct from company registration;
• Declining customary installation, training, or maintenance of the purchased item(s); IP addresses that do not correspond to a customer’s reported location data;
• Last-minute changes to shipping instructions that appear contrary to customer history or business practices;
• Payment coming from a third-party country or business not listed on the End-User Statement or other applicable end-user form;
• Use of personal email accounts instead of company email addresses;
• Operation of complex and/or international businesses using residential addresses or addresses common to multiple closely-held corporate entities;
• Changes to standard letters of engagement that obscure the ultimate customer;
• Transactions involving a change in shipments or payments that were previously scheduled for Russia or Belarus;
• Transactions involving entities with little or no web presence; or
• Routing purchases through certain transshipment points commonly used to illegally redirect restricted items to Russia or Belarus. Such locations may include China (including Hong Kong and Macau) and jurisdictions close to Russia, including Armenia, Turkey, and Uzbekistan

Best Practices

Best practices in the face of such risks can include screening current and new customers, intermediaries, and counterparties through the Consolidated Screening List and OFAC Sanctions Lists, as well as conducting risk-based due diligence on customers, intermediaries, and counterparties. Companies should also regularly consult guidance and advisories from Treasury and Commerce to inform and strengthen their compliance programs.

Follow Enforcement Actions

Companies should also review BIS and OFAC enforcement and targeting actions, as they often reflect certain tactics and methods used by intermediaries engaged in Russia-related sanctions and export evasion. OFAC’s civil enforcement actions also illustrate a range of sanctions evasion techniques employed across multiple sanctions programs, including falsifying transactional documents, omitting information from internal correspondence,  and shipping goods through third countries.

DOJ has pursued criminal charges against those who it alleges are using front companies and intermediate transshipment points to evade Russia-related U.S. sanctions and export controls. In many cases, DOJ finds that the defendants use shell companies and transshipment points in third-party countries to evade sanctions and procure powerful dual-use items for use by the Russian defense sector 15.

The sensitive items at issue included advanced electronics and sophisticated testing equipment used in quantum computing, hypersonic, and nuclear weapons development as well as advanced semiconductors and microprocessors used in fighter aircraft, missile systems, smart munitions, radar, and satellites.16 In one of the cases, the indictment alleges that U.S.-manufactured component parts were found in seized Russian weapons platforms in Ukraine.

Tactics to evade detection have included the following:

• Claiming that shell companies located in third countries were intermediaries or end users; in one case, DOJ alleges that only one of the five intermediary parties had any visible signage and consisted of an empty room in a strip mall;
• Claiming that certain items would be used by entities engaged in activities subject to less stringent oversight; on at least one occasion, a defendant allegedly claimed that an item would be used by Russian space program entities, when in fact the item was suitable for military aircraft or missile systems only;
• Dividing shipments of controlled items into multiple, smaller shipments to try to avoid law enforcement detection;
• Using aliases for the identities of the intermediaries and end users;
• Transferring funds from shell companies in foreign jurisdictions into U.S. bank accounts and quickly forwarding or distributing funds to obfuscate the audit trail or the foreign source of the money;
• Making false or misleading statements on shipping forms, including underestimating the purchase price of merchandise by more than five times the actual amount;
• Claiming to do business not on behalf of a restricted end user but rather on behalf of a U.S.-based shell company.
• Businesses of all stripes should act responsibly by implementing rigorous compliance controls, or they or their business partners risk being the targets of regulatory action, administrative enforcement action, or criminal investigation

Voluntary Self Disclosure Encouraged

Parties who believe that they may have violated sanctions or export control laws should voluntarily self-disclose the conduct to the relevant agency. Information about BIS’s Voluntary Self-Disclosure (“VSD”) Policy can be found in Part 764.5 of the Export Administration Regulations or in the enforcement section of BIS’s website www.bis.doc.gov.

OFAC’s Enforcement Guidelines, which provide incentives for voluntary self-disclosure, are available at 31 CFR Part 501, Appendix A as well as in OFAC Frequently Asked Questions: https://home.treasury.gov/policy-issues/financial-sanctions/faqs/13. All potentially criminal violations of sanctions and export control laws should be disclosed to the Department of Justice’s National Security Division, Counterintelligence and Export Control Section. More information about DOJ’s VSD Policy is available at https://www.justice.gov/nsd/export-control.

These principles apply broadly to all U.S. government enforcement regimes, including the Disruptive Technology Strike Force, which was announced on February 16, 2023. That Strike Force, co-chaired by DOJ and Commerce, focuses on investigating and prosecuting the illicit transfer of sensitive technologies to hostile nation states.