Once thought adequately addressed by a simple representation of compliance with the appropriate law, sanctions risk in corporate transactions has increased steadily as sanctions have become more complex and more intertwined with other areas of regulatory compliance. To further complicate the diligence required in these transactions, the footprints of transacting parties have expanded around the globe, and expectations of various stakeholders (such as investors, lenders and regulators) have heightened. Today, whether the transaction involves an acquisition, establishment of a joint venture, appointment of an agent, onboarding a customer or even a divestiture, a full understanding and review of all applicable sanctions, anti-boycott and export control requirements is necessary if enforcement risks are to be minimised.
While this chapter attempts to present diligence principles and methodologies that can be applied irrespective of the jurisdictions of the parties and businesses involved, it will not escape the reader’s notice that principles of US law are featured prominently. Examination of potential US law exposure is a necessary element of almost all transaction diligence owing to the broad extraterritorial reach of US primary sanctions and related laws and regulations affecting international business, the robust enforcement of such laws, and the wide-ranging deployment of secondary sanctions designed to advance US national security and foreign policy goals. Of course, diligence must cover all potentially applicable laws and regulations. A comprehensive multi-jurisdictional review is beyond the scope of this chapter, but examples of commonly encountered issues posed by EU and national laws are addressed.
Scope of sanctions diligence
The establishment of new business relationships poses a myriad of risks when it comes to compliance with sanctions. This is especially so given the substantial overlap of sanctions regulation and enforcement with other regulatory areas, such as anti-boycott and export control laws and regulations. In the United States, both the Office of Foreign Assets Control (OFAC) and the export control agencies have jurisdiction over trade in goods subject to comprehensive embargoes. In addition, some sanctions programmes – notably, the Ukraine/Russia-related US sanctions – were implemented simultaneously with export control measures targeting many of the same actors. There is often a high correlation between sanctions evasion, diversion of export-controlled items and corruption. Anti-boycott regulations are viewed in some jurisdictions as sanctions subject to blocking laws. In the financial sector, sanctions compliance measures often double as a means of detecting money laundering and other financial crimes, and vice versa. The result is that sanctions diligence cannot be effective if approached in isolation – rather, prospective parties to transactions should deploy a holistic methodology to ensure that all relevant aspects of transactions are reviewed. Happily, such an approach also is less time-consuming and more cost-effective for parties to transactions.
Why diligence is important
Global businesses must comply with sanctions and other legal requirements in all jurisdictions in which they do business. Often, requirements of one jurisdiction will conflict with those of another (as, for example, when efforts to impose compliance with US primary sanctions run up against EU or national blocking statutes) or will apply alongside those of another (such as when US export control rules applicable to items manufactured outside the United States apply in addition to the export control rules of the country of manufacture). In addition, the increasing application of US secondary sanctions creates sanctions risks for companies even if they are in compliance with applicable local laws and not subject to US primary sanctions.
Another source of risk is the expansion ‘by operation of law’ of the list-based sanctions of several jurisdictions to entities owned or controlled by listed parties, which requires not only name screening of potential business partners but also an examination of their ownership and control.
Moreover, owing to the ‘long-arm’ reach of US export control regulations outside the United States to encompass re-exports (from one country to another) and transfers (within another country), non-US companies have not been immune from enforcement action for violations of US export controls and related sanctions. Recent examples include imposition of fines against a Lebanese company for re-exporting engines of US origin to Syria and OFAC’s action against a dental supply company for exporting dental products of US origin to third-country distributors with knowledge that the exports were destined for Iran.
In the merger and acquisition (M&A) context, due diligence is a must if the risk of successor liability for sanctions and export control violations and other offences is to be assessed. Transactions structured as mergers generally pass liability for the pre-transaction activities of the acquired entity to the buyer by operation of law, but successor liability can also arise from stock purchases, as well as transactions structured as asset purchases. Of course, stock purchases that maintain the separate status of the target entity do not create successor liability for the buyer in the strictest sense of the term, but enforcement costs incurred by the target entity in connection with pre-completion violations, with the associated reputational costs, will diminish the value of the buyer’s investment in the target entity. Even in jurisdictions without successor liability, difficulties may arise when company assets may include the proceeds of previous sanctions and export control violations.
As for asset purchases, in a string of US cases, beginning with Sigma-Aldrich in 2002, the Bureau of Industry and Security of the US Department of Commerce (BIS) has interpreted the International Emergency Economic Powers Act (IEEPA) and the Export Administration Regulations to impose successor liability for export violations on purchasers of assets when ‘substantial continuity’ of the business results from the transaction. Notably, IEEPA also is the statutory underpinning for all US sanctions programmes save the Cuban embargo. The Trading with the Enemy Act, which authorises the Cuban embargo, contains provisions similar to the IEEPA provisions interpreted in Sigma-Aldrich and goes a step further by purporting to impose obligations on non-US entities owned or controlled by US persons. Sigma-Aldrich thus laid the groundwork for both BIS and OFAC to impose successor liability on purchasers of assets when the purchased assets constitute a business that continues under the new owner. As enumerated in Sigma-Aldrich, a finding of ‘substantial continuity’ will be supported when:
the successor: (1) retains the same employees, supervisory personnel and the same production facilities in the same location; (2) continues production of the same products; (3) retains the same business name; (4) maintains the same assets and general business operations; and (5) holds itself out to the public as a continuation of the previous corporation.
The decision in Sigma-Aldrich was not appealed and the parties entered into a settlement agreement, following which the BIS position on successor liability was applied in subsequent settlement agreements with both BIS and OFAC.
The Directorate of Defense Trade Controls (DDTC) , which administers the International Traffic in Arms Regulations pursuant to the Arms Export Control Act, likewise has a long history of imposing successor liability dating back to 2003, when the DDTC entered into a consent agreement with Hughes Electronics Corporation and Boeing Satellite Systems, Inc (formerly Hughes Space and Communications). The consent agreement imposed penalties for violations that occurred several years prior to Boeing’s acquisition of the Hughes space and communications division in 2000. The DDTC’s position on successor liability is bolstered by its policy of requiring registered defence companies to agree in writing to assume responsibility for pre-acquisition export licences issued to the acquired business.
Although the US position on successor liability has been criticised by legal scholars, as a practical matter, given OFAC’s sweeping discretionary powers and the ability of US export agencies to deny export privileges, parties have tended to settle enforcement actions rather than embark on time-consuming and expensive challenges to agency authority. As a result, the risk of enforcement actions based on the successor liability concept remains an important focus of sanctions and export control diligence.
In addition to its role in detecting potential successor liability, diligence in M&A transactions is essential if patterns of violative behaviour that may continue post-closing are to be discovered. OFAC has shown little patience for companies that have allowed violations to continue post-closing, imposing penalties in a series of recent cases notwithstanding voluntary disclosures filed by the acquirors. Root causes of violations emphasised by OFAC included being ‘slow to integrate the subsidiary into the . . . corporate family, including with respect to compliance with U.S. sanctions’ (Expedia); failure to ‘implement procedures to monitor or audit [the subsidiary’s] operations to ensure that its Iran-related sales did not recur post-acquisition’ (Stanley Black & Decker); and not undertaking ‘a fuller internal investigation’ upon receipt of helpline reports of continued sales to Cuba (AppliChem). In Kollmorgen, a penalty was imposed notwithstanding ‘egregious conduct’ on the part of the newly acquired subsidiary, whose management actively attempted to thwart the buyer’s compliance efforts.
Transactional due diligence will focus on many of the same compliance issues but for different reasons. When vetting potential agents, distributors, joint venture partners or customers, a history of non-compliance with sanctions or export control laws can foreshadow a risk of becoming embroiled in violations and enforcement actions in the future. Companies contemplating entering into a transaction with a third party with a less than stellar compliance record should take a hard look at whether the risk that the party will commit violations in the future can be adequately addressed in the agreement governing the transaction. If the contemplated transaction is a long-term arrangement, such as a joint venture, care should be taken to ensure that the governing agreement provides a clear exit strategy if violations occur, or if changes in the law render continuation of the relationship unlawful.
What your diligence review should include
Diligence in corporate transactions has both business and legal elements, and both come into play in the context of sanctions, anti-boycott and export control due diligence.
From a legal perspective, verifying compliance with legal requirements is a standard starting point. However, establishing that a target company or potential business partner is in compliance with all applicable legal requirements prior to entering into a transaction will not suffice, as new requirements and risks may take effect when the transaction is consummated, with both business and legal implications.
For example, non-US businesses that come under the ownership or control of US persons will become subject to US anti-boycott rules and certain US primary sanctions requirements upon completion of the transaction. In the anti-boycott context, the rules apply to ‘US persons’, which is defined to include ‘controlled in fact’ foreign subsidiaries, affiliates, or other permanent foreign establishments of US business entities, which are termed ‘domestic concerns’ in the rules. ‘Control in fact’ is defined to consist of ‘the authority or ability of a domestic concern to establish the general policies or to control day-to-day operations of its foreign subsidiary, partnership, affiliate, branch, office, or other permanent foreign establishment’.
In the sanctions context, both the Iran and Cuba sanctions extend to non-US entities ‘owned or controlled by’ US persons. The Iranian Transactions and Sanctions Regulations provide that:
an entity is “owned or controlled” by a United States person if the United States person:
(i) Holds a 50 percent or greater equity interest by vote or value in the entity;
(ii) Holds a majority of seats on the board of directors of the entity; or
(iii) Otherwise controls the actions, policies, or personnel decisions of the entity.
Although what constitutes ownership or control is undefined in the regulations governing the Cuba sanctions programme, the definition applicable to Iran reflects OFAC’s long-standing interpretation of the reach of the Cuba sanctions as well.
Diligence should be designed to both ferret out historical compliance lapses and identify activities that will not be permitted post-completion, as well as the effects of implementing any such prohibitions on the business outlook. Cessation of activities that will be unlawful under US ownership or control may have a material adverse effect on the financial outlook of the acquired business, while compliance failures post-completion will give rise to enforcement risk. Nevertheless, the parties may decide to proceed with the transaction, notwithstanding any detrimental effect on the business that would result from the need to cease certain operations post-completion. In such cases, further diligence should be conducted regarding the legal risks associated with cessation so that advice can be taken on how best to navigate any potential roadblocks, such as those posed by so-called ‘blocking’ statutes. Several jurisdictions, as well as the European Union, have adopted blocking measures to counteract extraterritorial application of US sanctions against Cuba and Iran, while Canada has restricted its blocking measures to the Cuba embargo, and German law targets foreign boycotts. Thus, advice should be taken before completion so that an appropriate plan of action can be formulated, bearing in mind recent enforcement actions against US companies who failed to prevent their recently acquired non-US subsidiaries from continuing business with Cuba and Iran. Litigation risk arising from breach of contract claims from parties to discontinued relationships may also be a factor.
Transactional diligence, such as compliance programmes, should also be customised to fit the risks presented and the risk appetites of the parties. Some companies subject all potential agents or distributors to background checks; others apply such requirements only to relationships with third parties located in countries or regions considered high risk from a sanctions, corruption or export diversion perspective. In the absence of red flags, third-party certifications of matters such as ownership and control, as well as compliance, can be considered in place of more extensive diligence.
Diligence checklists must be the subject of continuous improvement. Laws and regulations in the sanctions and export control area change frequently, and these changes usually spawn new diligence requirements, as do new enforcement actions and agency guidance.
In each transaction, care should be taken to ensure that compliance with all applicable sanctions and export controls is reviewed, based on the jurisdiction of formation and places of business as well as products and services of the target company.
When considering doing business with or acquiring a company with operations outside the United States, possible secondary sanctions risk based on the nature of the target’s business also must be considered. US secondary sanctions target those doing business with numerous sectors of the Iranian economy, as well as Russia, Venezuela and North Korea, among other countries.
Relationships with customers, agents or distributors in countries or regions characterised by high risk for diversion or corruption also should be scrutinised carefully – several countries in Asia and the Middle East come to mind in this regard, although, surprisingly, US law enforcement officials also view Canada as a country of diversion risk.
Other often overlooked but important areas of potential liability when conducting due diligence on non-US companies include application of US sanctions and export control de minimis rules and compliance with US export controls applicable to foreign-produced items. Many non-US companies are unaware of the extent to which their products might be subject to US export controls and sanctions as a result of incorporating components of US origin or that have been manufactured using US technology or plant and equipment.
Though traditionally an exercise conducted primarily by the buyer, the increasing convergence of sanctions and export controls with other areas of law and regulation, including national security, anti-money laundering (AML) and anti-corruption, has given rise to diligence obligations for all parties to the transaction. In transactions that may be reviewed by the Committee on Foreign Investment in the United States, sellers will want to assess the sanctions and export control compliance history of potential non-US buyers, given new rules that ban companies with a history of violations of US sanctions and export controls from enjoying exceptions to mandatory filing requirements. Investors and bankers providing financing for a transaction will want to ensure sanctions and anti-financial crime compliance by all parties, as well as compliance with export controls and sanctions by the acquired company.
As much as possible, diligence should be streamlined to avoid having to go over the same ground multiple times. Particularly in the context of M&A, the target company’s appetite and capacity for responding to diligence requests can wane in the face of competing queries from a myriad of business and legal teams.
In the M&A context, efficiencies can be achieved by minimising the number of requests for the same information. For example, questions relating to sanctions risk assessment, internal controls, testing and auditing, compliance training and management’s demonstrated commitment to comply with applicable sanctions and export control law can be grouped with similar questions about other relevant compliance matters. Further efficiencies can be achieved if the various subject matter experts reviewing the responses to diligence queries coordinate their efforts to avoid having multiple reviewers pore over the same document.
When onboarding business partners, deployment of multiple work streams should be avoided. Questions relating to sanctions, anti-corruption, AML and export compliance should be consolidated into one online or paper form rather than sprinkled throughout a variety of documents and certifications. OFAC recently has signalled approval of this holistic approach. In a release regarding its the 2019 enforcement action against Apollo Aviation Group, LLC (Apollo), OFAC emphasised the importance of know-your-customer (KYC) diligence – traditionally the purview of export and AML compliance guidelines – in the context of sanctions compliance, noting ‘the importance of companies operating internationally to implement Know You [sic] Customer screening procedures and implement compliance measures that extend beyond the point-of-sale and function throughout the entire business or lease period’.
What to do if historical breaches are uncovered
If the diligence process uncovers historical breaches, the parties must decide how to proceed.
If compliance issues are discovered while conducting a background check of a potential customer or distributor, the way forward will depend on whether a relationship is off-limits as a result of the discovery (for example, if the party is on an asset freezing or other applicable sanctions list) or whether a trustworthy relationship can nevertheless be achieved in spite of historical issues (perhaps by imposing and monitoring adherence to various compliance terms and conditions).
In the M&A context, in most cases, the seller will learn of the historical breaches first while preparing responses to the buyer’s diligence queries. At this point, it will be important to consider whether a disclosure should or must be filed. In the United States, most disclosure processes are voluntary rather than mandatory. However, given the substantial reduction in potential fines for sanctions and export control violations that are voluntarily disclosed, many companies will decide to make a disclosure so as to reduce potential exposure. In some instances, the violation may be deemed not to warrant disclosure (such as a minor record-keeping violation), in which case the seller may elect to implement corrective action and disclose the matter to the buyer but not to the relevant agency.
However, there are circumstances in which disclosure is mandatory, for example, the requirement under the International Traffic in Arms Regulations to disclose violations involving arms embargoed countries, such as China. In addition, in some jurisdictions there may be mandatory obligations to report known or suspected breaches of AML laws or terrorist financing prohibitions, as well as specific obligations to report known or suspected breaches of sanctions. Moreover, EU regulations giving effect to sanctions laws are accompanied by general obligations to report information that would facilitate compliance.
If the filing of a disclosure is determined to be warranted or required, or if an enforcement action is commenced during the period of diligence, the buyer and its counsel may wish to have input into the disclosure or response to the enforcement action. In these circumstances, a joint defence agreement may be considered as a means of protecting privilege. Absent a joint defence agreement, sellers should keep in mind that legal privilege does not attach to responses to the buyer’s diligence queries. Furthermore, depending upon the jurisdiction, disclosures to one’s own in-house counsel likewise may not be protected, in which case it may be prudent to channel compliance diligence regarding potentially sensitive matters through external counsel.
Both parties can and should take steps to remediate compliance breaches and enforcement risks identified during diligence.
In the lead-up to a merger or acquisition, a seller who discovers historical breaches bears primary responsibility for stopping the unlawful conduct and beginning to implement corrective actions. However, while some remediation steps (such as disciplining employees involved in the misconduct) can be taken fairly quickly, other more systemic responses (such as overhauling compliance programmes and procedures) may be best left to the buyer, particularly if the buyer has a robust compliance programme that it intends to roll out to the newly acquired business. In such instances, the seller may choose to implement only those short-term remediation measures required to ensure that no further breaches occur prior to the closing.
The buyer, however, is responsible for lapses that continue or occur on its watch, and several recent OFAC enforcement actions discussed in this chapter (Expedia, Stanley Black & Decker, AppliChem and Kollmorgen) illustrate the importance of regular compliance monitoring in the context of integrating newly acquired businesses. Thus, it is not enough merely to have compliance policies and procedures and provide training; companies must also monitor compliance with their policies and procedures if they wish to avoid enforcement action.
In the context of agreements with customers and other third parties, the parties must decide to what extent a breach of compliance obligations triggers termination rights. The agreement also should clearly address the role that each party will play in remediation, in the absence of a triggering breach.
Supplementing diligence with compliance representations and covenants
Agreements recording corporate transactions, whether with business partners or buyers or sellers of businesses, contain numerous clauses designed to allocate risks associated with past or future violations.
All agreements should contain basic representations and warranties about the identity and ownership of the parties. To the extent that an agreement is intended to govern a relationship between the parties going forward, it should include covenants of both parties to advise the other if its circumstances change (e.g., if it or any of its owners is added to a sanctions list), as well as covenants to comply with applicable sanctions and export controls, related information exchange and termination rights, and, if applicable, rights and obligations of the parties in connection with any required remedial action.
The recent OFAC enforcement action against Apollo illustrates the importance OFAC assigns to regular compliance monitoring in the context of customer relationships. Although the party to whom Apollo leased aircraft engines failed to comply with lease provisions that prohibited the transfer of the engines to a country subject to US sanctions, and the violations were disclosed voluntarily, OFAC nevertheless penalised Apollo, noting that:
Notwithstanding the inclusion of this clause, Apollo did not ensure the aircraft engines were utilized in a manner that complied with OFAC’s regulations. For example, at the time, Apollo did not obtain U.S. law export compliance certificates from lessees and sublessees. Additionally, Apollo did not periodically monitor or otherwise verify its lessee’s and sublessee’s adherence to the lease provision requiring compliance with U.S. sanctions during the life of the lease.
Caution should be exercised, however, as including unmanageable audit requirements in agreements with customers and other third parties can come back to haunt companies who do not avail themselves of their audit rights. This is another area in which collaboration between various compliance functions within a company can add value. For example, personnel who conduct periodic audits for other purposes, such as financial or quality control, can be trained to incorporate checks for sanctions and export compliance into their audit process.
In the M&A context, representations and warranties regarding past compliance are critical, but there is a tension between the objectives of the buyer and seller in negotiating these clauses. Sellers often will prefer to couch these representations and warranties with varying degrees of materiality and knowledge qualifiers, while buyers may prefer more robust disclosures.
Purchase agreements typically also contain various provisions under which a buyer may seek indemnification from a seller for breaches of representations and warranties. These clauses impose monetary limitations on recovery, require claims to be made within a certain time, and exclude claims for known exceptions disclosed to the buyer. Occasionally, however, the parties may agree to include special indemnity provisions relating to potentially significant issues. However, it is important to understand that the indemnification clauses, with the representations and warranties, will define the limits of the seller’s responsibility to reimburse the buyer for costs associated with pre-completion compliance lapses. As a result, buyers must satisfy themselves during the diligence process that they are willing to bear any enforcement risk not covered by the negotiated indemnity.
Ongoing diligence expectations
In the end, irrespective of the scope of the representations and warranties that may be negotiated, or how ‘clean’ the results of a diligence review may be, the enforcement agencies have made clear their expectation that acquirors should conduct further diligence post-completion and that parties to commercial agreements should monitor compliance for the life of the relationship. Among other things, OFAC clearly expects buyers to conduct heightened diligence of parties known to do business with countries or entities subject to OFAC sanctions, appoint management personnel who are committed to compliance, conduct regular audits and risk assessments, provide ongoing training, and respond to red flags promptly. In the context of commercial relationships, OFAC expects risk assessments, exercise of caution when doing business with entities with known contacts with OFAC-sanctioned entities and jurisdictions, compliance monitoring throughout the life of the relationship, training, KYC screening procedures and, when applicable, the obtaining of compliance certifications.
In light of these ongoing diligence and compliance expectations, buyers evaluating potential mergers or acquisitions and parties contemplating commercial transactions should ensure that their pre-completion due diligence includes not only an assessment of the legal and business risks discussed in this chapter, but also an evaluation of their capacity to meet the expectations of regulators for ongoing diligence and compliance, as well as the enforcement risks they will face if these expectations are not met.
1 Barbara D Linney is a partner at Baker & Hostetler LLP. The author gratefully acknowledges the assistance of BakerHostetler associates Orga Cadet and Ragan Updegraff in the preparation of this chapter.
2 US ‘primary’ sanctions are those that proscribe behaviour of US persons (and, in the case of Cuba and Iran sanctions, non-US entities owned or controlled by them). ‘Secondary’ sanctions are those that do not proscribe conduct but rather impose consequences on persons engaging in activities identified as contrary to US national security or foreign policy.
3 See US Dep’t of the Treasury’s Office of Foreign Assets Control [OFAC], ‘Revised Guidance on Entities Owned by Persons Whose Property and Interest in Property Are Blocked’ (2014); European Commission Opinion of 19 June 2020 on Article 2 of Council Regulation (EU) No. 269/2014; Office of Financial Sanctions Implementation, ‘Financial Sanctions: Guidance’ (January 2020), at 15.
4 See, e.g., Bureau of Political Military Affairs, US Dep’t of State, BAE Systems plc Consent Agreement (2011); Bureau of Political Military Affairs, US Dep’t of State, Qioptiq S.a.r.l. Consent Agreement (2008). See also Bureau of Industry and Security, US Dep’t of Commerce [BIS], Order Relating to Ghaddar Machinery Co., SAL (2019) [Ghaddar].
5 OFAC, DENTSPLY SIRONA Inc. Settles Potential Civil Liability for Apparent Violations of the Iranian Transactions and Sanctions Regulations (2019) [Dentsply].
6 See Ghaddar (footnote 4, above); Dentsply (footnote 5, above).
7 Sigma-Aldrich Business Holdings, Inc., Case No. 01-BXA-06, US Dep’t of Commerce (29 August 2002) [Sigma-Aldrich].
8 International Emergency Economic Powers Act (codified at 50 U.S.C. § 1701 (2020)).
9 15 C.F.R. §§ 730 to 774 (2019). The Export Administration Regulations also include the US anti-boycott rules. See 15 C.F.R. pt. 760 (2019).
10 See Sigma-Aldrich (footnote 7, above), at 6, 7 and 12.
11 Trading with the Enemy Act (codified at 50 U.S.C. § 4301) (2020).
12 Sigma-Aldrich (see footnote 7, above), at 9.
13 See, e.g., BIS, Order Relating to Sirchie Acquisition Company, LLC (2010) and related Settlement Agreement (2009); Dentsply (footnote 5, above).
14 22 C.F.R. §§ 120 to 130 (2020).
15 Arms Export Control Act (codified at 22 U.S.C. 2778 (2014)).
16 Bureau of Political Military Affairs, US Dep’t of State, Order in the Matter of Hughes Electronics Corporation and Boeing Satellite Systems, Inc. and related Consent Agreement (2003).
17 See ‘Sample 5-Day Notice’ (for Buyer), Updating a Registration: Notification of Change for Mergers, Acquisitions, and Divestitures, Directorate of Defense Trade Controls, at https://www.pmddtc.state.gov/ddtc_public?id=ddtc_kb_article_page&sys_id=fc8aaa9adb74130044f9ff621f9619c3#tab-mad (last visited 25 June 2020).
18 See, e.g., OFAC, ‘Expedia Group, Inc. (“Expedia”) Settles Potential Civil Liability for Apparent Violations of the Cuban Assets Control Regulations’ (2019) [Expedia]; OFAC, ‘Stanley Black & Decker, Inc. Settles Potential Civil Liability for Apparent Violations of the Iranian Transactions and Sanctions Regulations Committed by its Chinese-Based Subsidiary Jiangsu Guoqiang Tools Co. Ltd’. (2019) [Stanley Black & Decker]; OFAC, ‘AppliChem GmbH Assessed a Penalty for Violating the Cuban Assets Control Regulations’ (2019) [AppliChem]; OFAC, ‘Kollmorgen Corporation Settles Potential Civil Liability for Apparent Violations of the Iranian Transactions and Sanctions Regulations’ (2019) [Kollmorgen].
19 Iranian Transactions and Sanctions Regulations, 31 C.F.R. pt. 560 (2019); Cuban Assets Control Regulations, 31 C.F.R. pt. 515 (2019).
20 15 C.F.R. § 760.1(b).
21 15 C.F.R. § 760.1(c)
22 31 C.F.R. § 515.329; 31 C.F.R. § 560.215.
23 31 C.F.R. § 560.215(b)(1).
24 See, e.g., Council Regulation (EC) No. 2271/96 of 22 November 1996 protecting against the effects of the extra-territorial application of legislation adopted by a third country, and actions based thereon or resulting therefrom (as amended by Commission Delegated Regulation (EU) 2019/1100 of 6 June 2018); and, for the position in the United Kingdom on the expiry of the Brexit transition period, see The Protecting against the Effects of the Extraterritorial Application of Third Country Legislation (Amendment) (EU Exit) Regulations 2019 (in draft form).
25 Foreign Extraterritorial Measures Act, R.S.C. ch. F-29 (1985), as amended by Bill C-54, proclaimed in force 1 January 1997; Foreign Extraterritorial Measures (United States) Order, 1992, as amended, SOR 96-84, 5 January 1996.
26 Foreign Trade and Payments Ordinance, § 7 (Boycott Declaration) (Ger.).
27 OFAC, ‘Acteon Group Ltd. and 2H Offshore Engineering Ltd. Settle Potential Civil Liability for Apparent Violations of the Cuban Assets Control Regulations’ (2019); AppliChem (see footnote 18, above); Stanley Black & Decker (see footnote 18, above); Kollmorgen (see footnote 18, above).
28 31 C.F.R. § 800.219; 31 C.F.R. § 802.215 (2020).
29 OFAC, ‘Apollo Aviation Group, LLC (“Apollo,” now d/b/a Carlyle Aviation Partners Ltd.1) Settles Potential Civil Liability for Apparent Violations of the Sudanese Sanctions Regulations’, 31 C.F.R. pt. 538, 3 (2019) [Apollo].
30 22 C.F.R. § 126.1(e)(2) (2020).
31 See, e.g., the anti-money laundering reporting requirements that must be implemented in EU Member States in accordance with Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU (OJL 156, 19/6/2018, at 43 to 74).
32 See, e.g., the UK reporting obligation as extended by The European Union Financial Sanctions (Amendment of Information Provisions) Regulations 2017.
33 See, e.g., Expedia (footnote 18, above); Stanley Black & Decker (footnote 18, above); AppliChem (footnote 18, above); Kollmorgen (footnote 18, above).
34 See Apollo (footnote 29, above).
35 See e.g., Stanley Black & Decker (footnote 18, above); Kollmorgen (footnote 18, above).
36 See Apollo (footnote 29, above), and discussion above at ‘Streamlining diligence’.
37 See e.g., Kollmorgen (footnote 18, above); Stanley Black & Decker (footnote 18, above); Expedia (footnote 18, above); AppliChem (footnote 18, above).
38 See Apollo (footnote 29, above) and discussion above at ‘Supplementing diligence’.