Sanctions expertise is in short supply in Asia. How will companies manage their growing compliance risks as the U.S. ratchets up economic pressure in the region?
U.S. Sanctions in Asia
For years, it seemed U.S. regulators were focused on sanctions risks coming from Europe and the Middle East. That all changed with the introduction of comprehensive sanctions against North Korea in March 2016 and the subsequent U.S. withdrawal from the Joint Comprehensive Plan of Action (JCPOA) with Iran in May 2018.
Nowadays, U.S. agencies like the Department of Justice and the Office of Foreign Assets Control (OFAC) are looking to Asia for the next wave of big enforcement cases.
In May 2019, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS)—the equivalent of OFAC but for export controls—added China’s Huawei Technologies Co. and dozens of its affiliates to the Entity List, prohibiting them from receiving U.S.-origin goods and technology subject to the Export Administration Regulations (EAR) without a license.
In March 2016, BIS took similar action against China-based ZTE Corporation and three of its affiliates before penalizing the company nearly $2.3 billion in 2017 and 2018. While the Entity List does not restrict financial services like OFAC’s Specially Designated Nationals (SDN) list does, financial institutions (FIs) and companies throughout Asia had to scramble to assess how the BIS actions would affect their business.
In June 2019, the U.S. District Court for the District of Columbia held three major Chinese FIs in contempt for refusing to respond to law enforcement subpoenas, one of which was authorized under the USA PATRIOT Act. The subpoenas related to an investigation into a company based in Hong Kong suspected of acting as a front for North Korea. The U.S. Court of Appeals for the District of Columbia upheld the contempt order in July 2019. Some commentators speculated the case could lead the Treasury Department to restrict one of the banks’ U.S. correspondent accounts under Title III of the USA PATRIOT Act.
Meanwhile, the U.S. government continues its “maximum pressure” campaign against Iran using secondary sanctions to discourage non-U.S. companies from engaging in a wide range of commercial activities. The reimposition of secondary sanctions in August and November 2018 had enormous consequences in Asia as many companies—particularly in China, Japan and India—sought new opportunities in Iran following the implementation of the JCPOA in January 2016.
Foreign FIs in particular face the risk of correspondent and payable-through account sanctions for engaging in certain “significant transactions” related to Iran. China’s Bank of Kunlun, which appears on OFAC’s List of Correspondent Account or Payable-Through Account Sanctions (CAPTA List), is a prime example.
U.S. sanctions against Russia are another source of concern. Asian companies scrambled again after the adoption of the Countering America’s Adversaries Through Sanctions Act (CAATSA) in August 2017. In April 2018, OFAC designated several high-profile Russian individuals and companies as SDNs, including United Company RUSAL, a Hong Kong-listed company. (RUSAL was removed from the SDN List in January 2019.)
The U.S. government’s focus on Asia is accompanied by heightened expectations for companies to adopt sophisticated sanctions compliance programs.
In May 2019, OFAC issued new guidance called A Framework for OFAC Compliance Commitments, which summarized lessons from recent enforcement cases and offered recommendations for building an OFAC compliance program. The guidance is meant for U.S. companies and “foreign entities that conduct business in or with the United States, U.S. persons, or using U.S.-origin goods or services.”1
The guidance outlines five “essential components” of a sanctions compliance program: (i) management commitment, (ii) risk assessment, (iii) internal controls, (iv) testing and auditing and (v) training. OFAC recommends a risk-based approach based on factors such as clients and customers, products, services, supply chain, intermediaries, counterparties, transactions and geographic locations.
According to OFAC, the guidance will be taken into consideration when the agency decides whether to penalize a company under the OFAC Enforcement Guidelines. Companies with robust sanctions programs are more likely to receive mitigation credit that could reduce their monetary penalty significantly or even result in no penalty.
When it comes to talent, OFAC will consider “the quality and experience of the personnel” responsible for sanctions compliance. Specifically, OFAC will consider the following:
- “(i) the technical knowledge and expertise of these personnel with respect to OFAC’s regulations, processes, and actions; (ii) the ability of these personnel to understand complex financial and commercial activities, apply their knowledge of OFAC to these items, and identify OFAC-related issues, risks, and prohibited activities; and (iii) the efforts to ensure that personnel dedicated to [sanctions compliance] have sufficient experience and an appropriate position within the organization, and are an integral component to the organization’s success.”
FIs are not the only ones impacted. Of the 15 OFAC enforcement cases published in the first half of 2019, only four were related to FIs. The others involved companies in the manufacturing, shipping, retail, travel, oil services and other sectors. Several of the cases involved violations that took place in whole, or in part, in Asia.
Having the staff who understands regulations is one thing, but sanctions compliance is also about technology. Computerized controls are a must-have for companies with thousands or even millions of customers and transactions. Name screening software must be integrated smoothly into business and compliance processes. Creating the right design is critical.
The Hong Kong Monetary Authority (HKMA) places special emphasis on sanctions name screening. In April 2018, HKMA published guidance based on a review of screening software at licensed FIs in Hong Kong. In addition to technical findings, the guidance highlighted the importance of having knowledgeable staff to oversee name screening systems. According to HKMA, FIs “with training programmes and relevant subject matter expertise demonstrated a more thorough understanding of system filter performance. It was apparent in a few other interviews, however, that staff had not been provided with the right skills to support an effective system deployment.”2
The Wolfsburg Guidance on Sanctions Screening makes a similar point. According to the guidance, an effective screening program requires staff with “appropriate skills and experience in understanding the nuances of often arcane sanctions requirements and how these might influence screening outcomes and decisions, as well as the technical capabilities of screening software.”3
The need for sanctions specialists with a knack for technology is especially acute in Asia, where the financial ecosystem is ever changing. Asia is home to a vast array of mobile payments, stored valued facilities, real-time settlement networks and cryptocurrencies, in addition to traditional banking services. The diversity of geographies, regulators, languages and commercial cultures adds to the challenge. No wonder there are too few sanctions experts to go around.
Information about sanctions compliance is everywhere—regulators, law firms and the Association of Certified Anti-Money Laundering Specialists (ACAMS) are good places to start. Some western banks are now offering training to their correspondents to help manage their own sanctions risks. On an operational level, sanctions compliance has a lot in common with anti-money laundering/counter-terrorist financing (AML/CTF), meaning many companies do not need to start from scratch. OFAC’s recent compliance guidance provides a helpful road map.
In the meantime, U.S. regulators will continue to expect companies to comply with applicable OFAC sanctions and forthcoming enforcement actions will undoubtedly spur new hiring throughout the region. For their part, Asian regulators—while still principally focused on enforcing United Nations sanctions— have emphasized the importance of customer due diligence and monitoring to detect sanctions evasion, especially in regards to North Korea.
U.S. sanctions compliance is a relatively new concept in many markets in Asia. While some companies have chosen to import their talent from North America and Europe, others are training up local staff to meet their needs. For AML/CTF professionals who are willing to learn, the opportunities in the region are boundless.
Nick Turner, CAMS, foreign registered lawyer, Clifford Chance, Hong Kong, firstname.lastname@example.org
- “A Framework for OFAC Compliance Commitments” Office of Foreign Assets Control, https://www.treasury.gov/ resource-center/sanctions/Documents/ framework_ofac_cc.pdf
- “Feedback from Recent Thematic Review of AIs’ Sanction Screening Systems,” Hong Kong Monetary Authority, April 12 2018, https://www.hkma.gov.hk/media/ eng/doc/key-information/guidelines-andcircular/2018/20180412e1.pdf
- “Publication of Guidance on Sanctions Screening,” The Wolfsberg Group, January 21, 2019, https://www. wolfsberg-principles.com/articles/ publication-guidance-sanctions-screening