Impact of US, UK and EU Sanctions and Export Controls in the Asia-Pacific Region
This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight
Comprising dozens of nations with diverse business cultures and economies in various stages of development, the Asia-Pacific region (APAC) is responsible for a substantial portion of annual global trade. Whether a company is based in APAC or is operating there, economic sanctions and export control risks are now a daily concern. With long-standing US and United Nations (UN) sanctions and export control programmes targeting North Korea, multilateral sanctions and export controls targeting China and Myanmar, and, as of 2022, unprecedented sanctions against Russia (an important trading partner), APAC has, in many ways, supplanted the Middle East as the world’s sanctions and export control hotspot.
In 2020 and 2021, the United States intensified its use of sanctions and export controls in relation to Hong Kong, China’s Xinjiang Uyghur Autonomous Region (XUAR) and the South China Sea. In March 2021, the EU, UK and Canada joined with the United States in imposing targeted sanctions on Chinese officials over allegations of human rights abuses in the XUAR. In October 2022, as tensions in the US–China relationship intensified, the United States implemented expansive new export controls on China, with a focus on the semiconductor and advanced computing industries in the country (including Hong Kong).
In June 2021, the US Department of Treasury’s Office of Foreign Assets Control (OFAC) also made amendments to its Chinese Military-Industrial Complex Companies (CMIC) sanctions to broaden the definition of CMICs to include any entities determined to operate or have operated in the defence and related materiel sector or the surveillance technology sector of the economy of China. These sanctions are limited in scope and generally prohibit US persons from any purchase or sale of publicly traded securities, or any publicly traded securities that are derivative of these securities or are designed to provide investment exposure to these securities, of any CMIC. These sanctions do not prohibit US persons from providing various support services related to the purchase or sale of covered securities of CMICs (e.g., clearing, execution, settlement, custody, transfer agency or back-end services).
Meanwhile, the Chinese government unveiled a framework for Chinese unilateral sanctions and a ‘blocking order’ against foreign sanctions deemed inimical to China’s national interests. Multinational companies – and at least one UK barristers’ chambers – were confronted with legal and political risks on all sides. In February 2023, China also announced its first ever use of its Unreliable Entity List by designating two US companies. Outside of Greater China, in February 2021 the clock seemed to reverse after a military coup in Myanmar, which led to the reimposition of many sanctions that were lifted just a few years before. In 2022 and 2023, Australia, Japan, New Zealand, Singapore and South Korea joined a coalition of nations imposing sanctions against Russia following its invasion of Ukraine.
For legal and compliance practitioners, this environment presents unique challenges, especially when balancing the interests of stakeholders in multiple regions, which may be operating from different perspectives. In this chapter, we describe the sanctions and export control risks for business transactions in APAC and share best practices for managing these risks from the front lines.
Economic coercion is a fact of life in Asia, owing to the high degree of state intervention in many economies. China, in particular, regularly withdraws economic opportunities (including tourism) from its neighbours to achieve political objectives. We distinguish these trade-boycott practices from sanctions and export controls whereby governments regulate private commerce to gain economic leverage over a foreign adversary. With the exception of multilateral UN sanctions, few countries in Asia rely on sanctions and export controls as a tool of foreign policy. (Apart from trade boycotts, China’s use of unilateral sanctions has so far been limited.) Australia, Japan and a handful of other countries have unilateral (or autonomous) sanctions, but they do not enforce these sanctions or export controls outside their home jurisdictions for the most part. In 2022 and 2023, New Zealand and Singapore were among the countries that adopted novel legal tools for imposing Russia-related sanctions outside of existing UN frameworks. For companies in APAC, the greater risk still arises from ‘long-arm’ or extraterritorial US sanctions and, to a lesser extent, sanctions from the European Union or United Kingdom.
Extraterritorial sanctions that impact companies in APAC are broadly divided into primary sanctions and secondary sanctions. Primary sanctions are jurisdiction-based prohibitions that are enforceable against individuals or entities through traditional criminal or administrative means. For instance, UK sanctions on Myanmar’s military holding companies, introduced in March 2021, apply to UK persons and UK-incorporated companies globally, while US primary sanctions apply to US persons and US-incorporated companies globally. Secondary sanctions, on the other hand, are intended to discourage activities that are beyond the traditional legal jurisdiction of the sanctioning state by threatening the imposition of sanctions on persons engaged in certain activity outside that jurisdiction. The Hong Kong Autonomy Act is an example. It threatens secondary sanctions against foreign financial institutions that ‘knowingly’ engage in ‘significant transactions’ with Chinese and Hong Kong officials identified by the US State Department. These officials include no less than the current and former chief executives of Hong Kong.
During the past decade, companies in APAC have faced an increasing risk of primary and secondary sanctions. This shift is due in part to the companies’ foray into western markets, where primary sanctions jurisdiction is most likely to exist, and greater efforts by western governments to investigate and prosecute activities that threaten their security or foreign policy aims. For these reasons, compliance with foreign sanctions is often the only commercially reasonable choice, particularly for companies that want to minimise the risk of losing access to the US markets and the US financial system.
As explained in greater detail below, the first step in managing sanctions and export control risk is identifying and assessing it in business transactions. A risk assessment for primary sanctions requires understanding and mapping the somewhat intricate rules of foreign legal jurisdiction to business operations. For example, a Chinese manufacturer exporting products to Iran should identify any financial transactions that may implicate the US financial system. A risk assessment for secondary sanctions requires imagining how emerging geopolitical risks may disrupt existing commercial arrangements. That same manufacturer should consider US secondary sanctions that may apply to its Iranian exports and whether suffering US reprisals is a commercially sensible trade-off. Nowadays, the manufacturer may also need to think about the potential for retaliation from local authorities or the public who may discourage their compatriots from giving in to foreign economic pressures. After Russia’s invasion of Ukraine, many APAC companies scrambled to reassess long-standing business in Belarus and Russia in light of sweeping new sanctions and export controls impacting every facet of the supply chain in many sectors. Understanding how these risks manifest themselves in a dynamic environment can challenge even the most experienced practitioners.
Conditions that increase sanctions risks
First, APAC is a target-rich environment for new sanctions. Some nations – North Korea, Myanmar and, less recently, Vietnam, for example – are currently, or historically have been, targeted with broad embargoes by the United States or significant sanctions by the European Union, Canada, Australia, other western allies and the UN. The region also has a significant share of companies and individuals targeted for sanctions in response to human rights abuses, proliferation of weapons of mass destruction, narcotics trafficking, organised crime and other threats to regional and international peace and security. The United States, in particular, has used sanctions and export controls to target Chinese officials and firms that have committed violations of US laws or acted contrary to US national security or foreign policy interests. This trend accelerated under the Trump administration and has continued under the Biden administration, albeit with renewed diplomatic overtures.
Second, questions about sanctions or export control compliance often come not from government investigators, but from banking partners, suppliers and other counterparties. Sanctions authorities have long considered commercial actors to be ‘force multipliers’ in amplifying the effects of their sanctions. The abundance of multinational enterprises and cross-border supply chains in APAC offers endless touchpoints for introducing sanctions requirements through due diligence, compliance undertakings and internal guidelines to police the behaviour of counterparties. The presence of many large, regional and multinational financial institutions – a number of which have faced significant sanctions enforcement actions – has put pressure on customers to commit ‘voluntarily’ to abide by US, EU and UK sanctions and export controls. Some banks demand that customers implement formal compliance programmes as a condition of services. A number of significant internal corporate investigations have started as a result of enquiries from banks about customers’ payments potentially involving sanctions targets.
Third, given the complexity of sanctions and export controls and the threat of secondary sanctions, many companies and banks in APAC implement compliance programmes with little regard to the nuances of legal jurisdiction, leading to examples of over-compliance or de-risking, whereby companies and banks walk away from business that is legally permissible. This is especially true in the region’s major trading hubs, such as Hong Kong and Singapore, where OFAC regulations are almost universally observed, regardless of their legal applicability, owing in large part to the high concentration of risk-averse banks. For instance, many financial institutions in the region were quick to sever ties with Myanmar Economic Holding Limited, Myanmar Economic Corporation and other entities targeted in early 2021 by the US, UK and the EU, despite their lack of jurisdiction over many of their activities. Similarly, many Asia-based companies, especially those with strong business ties to the US or EU, have voluntarily complied with sanctions against Belarus and Russia. Some US officials began calling the phenomenon ‘self-sanctioning’ to the extent companies were not already subject to US jurisdiction.
On the other hand, where US sanctions have been applied against major corporates, such as subsidiaries of China Ocean Shipping Company Limited (COSCO), we have observed a marked willingness among financial institutions and corporates to take a more nuanced, albeit still cautious, approach. This was especially the case in response to US Executive Order 13959, later amended under Executive Order 14032, which prohibited US persons from purchasing or selling publicly traded securities of CMICs, including some of China’s most prominent multinationals. Rather than let go of profitable investments, many Asian and European investors read the ‘fine print’ of the Executive Order and continued to trade in the securities, as permitted. The same can be said for the foreign subsidiaries of US companies, which fell outside the definition of ‘US person’ for the purposes of the Order. For its part, OFAC raised no public objections to this legalistic approach to sanctions, and clarified in FAQs that even US persons could continue to engage in some activities in relation to the covered securities.
The convergence of these three factors (that is, a high number of sanctions targets, counterparty demands and de-risking) presents a daunting compliance challenge, as in the following examples.
Sanctioned countries and governments
Transactions involving countries, territories or governments subject to comprehensive or broad unilateral US sanctions (currently, Cuba, Iran, North Korea, Venezuela, Syria, Crimea and the so-called ‘Donetsk People’s Republic’ and ‘Luhansk People’s Republic’ regions of Ukraine) or UN sanctions are not uncommon in the region and, for domestic political reasons, are sometimes encouraged. Many of these transactions are indirect transactions conducted through trading houses or shell companies in major trading hubs, such as Hong Kong, Singapore or Dubai. Careful due diligence of counterparties and their business activities is needed to identify transshipment or diversion risk.
The number of sanctioned individuals and entities located, or with economic interests, in APAC has increased dramatically in recent years. They may appear as direct counterparties to a transaction or indirectly as beneficial owners or shareholders of counterparties. Once identified, companies must determine whether the involvement of a sanctioned person precludes their participation in a proposed transaction. This issue came to the fore in April 2018 when OFAC designated numerous Russian individuals and entities as Specially Designated Nationals (SDNs), including one listed on the Hong Kong Stock Exchange. In September 2019, OFAC designated two subsidiaries of COSCO as SDNs for engaging in exports of petroleum from Iran. In July 2020, OFAC named China’s Xinjiang Production and Construction Corps (XPCC), a quasi-governmental conglomerate with significant commercial interests, as an SDN under the Global Magnitsky sanctions. In 2020 and 2021, the US Department of Defense identified dozens of Chinese companies as ‘military companies’, whose publicly traded securities were made off-limits to US investors under Executive Order 13959. The list was reborn as the Non-SDN CMIC List, in June 2021, and the US Treasury Department added several more companies to it in December 2021. One of the companies undertook a successful initial public offering shortly after its designation as a CMIC. And yet, in February 2023, OFAC added a Chinese company to the SDN List for its alleged assistance in the Russia invasion of Ukraine. In each of these cases, financial institutions and other counterparties grappled with how to maintain important commercial relationships while abiding by applicable US sanctions. The availability of general and specific licences allowed many to do so. Others have taken a legalistic view, continuing with activities outside of US jurisdiction. The United States has also added numerous Chinese companies to the Bureau of Industry and Security (BIS) Entity List for national security and foreign policy reasons, and, in certain circumstances, these listings have occurred prior to an initial public offering or exchange listing, inflicting greater costs on the targeted company and its investors. This issue will continue to be prevalent as long as the US government imposes sanctions concerning China and Hong Kong.
Supply chain risks attach to (1) raw materials sourced from, (2) suppliers located in, and, (3) in the case of North Korea, labour from designated countries or territories. For example, in January 2019, OFAC entered into a US$996,080 settlement with US-based e.l.f. Cosmetics, Inc for distributing false eyelash kits containing materials originating from North Korea. OFAC used the settlement to emphasise the importance of supply chain due diligence to identify the involvement of sanctioned goods or parties. In July 2020, OFAC and other US agencies published a Xinjiang Supply Chain Business Advisory, alerting the industry to sanctions and other risks associated with XPCC and the XUAR. The US government expanded its campaign later in the year by imposing import bans on certain products from the XUAR, including cotton, based on allegations of forced labour. In December 2021, the US Congress adopted the Uyghur Forced Labor Prevention Act (UFLPA), which will lead to the adoption of regulations further restricting the importation of XUAR-origin goods into the United States. As illustrated in the UFLPA Operational Guidance for Importers and the UFLPA Strategy released in June 2022, US importers are required to extend their supply chain tracing throughout the entire supply chain of an imported item or a specific component of the item. In practice, due diligence concerning these issues is often hampered by resistant counterparties, language barriers or inaccessible records. Companies often find themselves reliant on declarations or contractual representations concerning a counterparty’s compliance. In some cases, third-party due diligence firms are called in to bridge the gap.
Goods, technology and software originating from the United States
BIS, located within the US Commerce Department, regulates the export, re-export and transfer of items subject to the Export Administration Regulations (EAR). The risk of diversion of EAR-controlled items is high, and transshipments through trading hubs such as Hong Kong and Singapore are commonplace. Yet few companies in the region have sophisticated compliance controls for identifying and tracking items subject to the EAR, including controlled components incorporated into finished products. This is an area of emerging risk, with high enforcement potential, especially given the increasing number of Chinese technology firms targeted by the Entity List. Financial institutions, which are potentially at risk of facilitating their customers’ violations of the EAR, have recently begun strengthening their export control procedures, demanding more information from customers who remain primarily responsible for understanding how the EAR applies to their activities.
Affiliates or tangential business lines
All these risk factors are compounded by the presence of many large, international, private and state-owned conglomerates. Sanctions and export control concerns frequently arise during the due diligence phase of transactions when affiliates of an investment target are found to have exposure to sanctioned persons or territories, even if that activity is seemingly unrelated to the business opportunity at hand. Use of proceeds clauses and restrictions on the transfer of goods and services offers a limited means of risk mitigation. However, given that US authorities do not accept the outsourcing or transfer of liability for sanctions risks, these provisions offer very limited protection if the company is found to have known (or should have known) about the sanctioned element and facilitated prohibited activity.
As explained above, mapping out the jurisdiction and scope of applicable sanctions and export controls is a good first step in identifying and controlling risks. The following sections offer a few reference points for managing sanctions and export control risk with an eye on recent high-profile enforcement actions.
US, EU and UK sanctions jurisdiction
Most legal systems recognise jurisdiction over activities taking place within their state’s sovereign territory, regardless of nationality, as well as activities undertaken by their nationals, regardless of location. This territorial-based jurisdiction applies to most sanctions, regardless of country, and is the typical framework applied to UN sanctions enforcement in APAC.
However, jurisdiction may also exist over activities undertaken outside a state’s sovereign territory conditioned on an underlying factual nexus, such as the direct or indirect involvement of nationals of the state. Long-arm or extraterritorial sanctions fall under this heading. Understanding clearly the jurisdictional hook underlying a primary or secondary sanction enhances a company’s ability to decide whether and how to comply with it.
Application of sanctions to US persons
OFAC’s administrative enforcement jurisdiction generally applies to ‘US persons’, defined to include (1) all US citizens or permanent residents (i.e., green card holders), regardless of location, (2) all entities organised under US law (including their offices and branches outside the United States), and (3) all persons in the United States, regardless of their nationality. The basic rule is simple: US persons are required to follow OFAC regulations at all times. Additionally, OFAC regulations under the Cuba, Iran and North Korea programmes apply to the activities of non-US entities owned or controlled by US persons or (in the case of North Korea) US financial institutions.
In APAC, US jurisdiction is often based on the involvement of financial institutions (often overseas branches of US banks), offices of US-incorporated companies, subsidiaries of US-based companies, or US-based companies transacting, or investing, in the region or as individuals employed by non-US companies. While non-US subsidiaries of US companies are not subject to many OFAC programmes, it is common for subsidiaries to follow the sanctions policies of their headquarters, with limited allowances for local law. An increasing number of non-US companies are devising recusal protocols to document the ways in which their ‘US person’ employees are ring-fenced from transactions involving US-sanctioned persons or territories.
Non-US nationals are considered US persons when within the United States, and clients must often be reminded to abstain from engaging in activities, including phone calls or emails, concerning their companies’ business with sanctioned persons or territories while visiting the United States, whether for business or pleasure. Search and seizure of business records at US borders should remain high on the list of senior executives’ worries while travelling. In serious cases, extradition from a third country to the United States is also a possibility.
Application of sanctions to EU and UK persons
Jurisdiction under EU and UK law follows a similar pattern as US law, although EU Member States and the UK are less inclined to pursue ‘extraterritorial’ prosecutions, citing international law and comity. Broadly speaking, EU and UK sanctions apply within the territory of the European Union or the UK, aboard aircraft or vessels under their jurisdiction, to nationals of EU Member States or the UK, to entities constituted under the laws of EU Member States or the UK, and in respect of business performed in the EU territory or the UK by non-nationals. To date, neither the EU nor the UK has aggressively enforced sanctions against foreign persons processing transactions through EU or UK financial systems, in contrast to the United States. Nevertheless, EU and UK banks tend to apply a similar level of scrutiny and control to their transactions as their US counterparts.
Like US persons, EU and UK persons may appear in a variety of roles in transactions in APAC, and the presence in the region of many prominent EU and UK corporates and financial institutions makes EU and UK sanctions among the most important foreign sanctions regimes in APAC, after that of the United States.
Application of sanctions to non-US and non-EU/UK persons
As indicated above, US, EU and UK sanctions exert a significant influence on commercial activities in APAC. With respect to EU and UK sanctions, this effect is attributable mainly to the presence of many EU and UK-based corporates and financial institutions that are obliged to follow their home sanctions as a matter of law or internal policy. The case is different when it comes to US sanctions because US authorities routinely seek to assert law enforcement jurisdiction over the activities of non-US persons when those activities involve a US jurisdictional element, understood to include US persons, the US financial system and items of US origin (i.e., goods, technology and software that are subject to the EAR).
Of these three elements, it is the US financial system that has the broadest jurisdictional hook. US-dollar denominated transactions, most of which clear through US correspondent accounts, make up the lion’s share of international trade in the region (and globally). OFAC and the US Department of Justice (DOJ) undertake dozens of investigations each year into transactions processed through the US financial system believed to involve prohibited trade with sanctioned persons or territories. Underpinning these cases is the legal theory, among others, that non-US persons ‘cause’ US financial institutions to violate OFAC regulations by initiating transactions that are cleared through US-based accounts.
For example, in July 2017, OFAC entered into a US$12,027,066 settlement with Singapore-based CSE Global Limited and CSE-Transtel Pte Ltd (Transtel) for violations of the Iranian Transactions and Sanctions Regulations (ITSR). According to the OFAC settlement notice, Transtel processed more than 100 wire transfers in its US-dollar denominated account held at a Singapore bank in connection with its business in Iran. While the business presumably was legal under Singapore law, the wire transfers cleared through the Singapore bank’s US correspondent accounts, thereby triggering the ITSR’s prohibition against exports of services, directly or indirectly, by US persons (i.e., the US banks holding those accounts). The Singapore bank had previously informed Transtel of this risk and obtained an attestation that the company would not use its account for its Iranian business. The Singapore bank subsequently detected the activity and disclosed it to OFAC. As noted by many commentators, the Singapore bank was not named in the settlement. Rather, OFAC penalised the bank’s customer, Transtel, for causing the violations. In the context of this case, the Singapore bank was rewarded for having effective sanctions compliance controls. However, the settlement also spotlights the conflicting interests of banks and their customers when OFAC violations are detected – a major point of contention in light of recent high-profile enforcement cases against Chinese companies.
For clients new to the subject, it may seem contradictory that a financial transaction could be illegal while the underlying trading activity – which often is not subject to OFAC jurisdiction – is perfectly fine under domestic law. Practically speaking, the challenge for practitioners is to identify transactions involving the US financial system (which can include both US financial institutions and, in some cases, non-US entities owned or controlled by them) and to interdict transactions that would be prohibited for a US bank. Some transactions can be safely processed outside the US financial system, subject to relevant secondary sanctions and the internal policies of the processing banks. While US persons are not allowed to facilitate these types of transactions, non-US persons who are familiar with the regional banking system are increasingly finding open payment channels for certain activities.
Enforcement risks from the United States: select cases
The following examples highlight important enforcement trends in APAC and compliance pitfalls to be avoided.
In 2016, BIS added ZTE and three affiliates to the Entity List during an investigation of the company’s business in US-sanctioned territories, including Iran and North Korea. To continue its business operations while it resolved the investigation, the company obtained the first ever temporary general licence, giving it continued access to US-origin goods, software and technology. However, the threat to its business operations posed by its inclusion on the Entity List led to the company’s US$1.19 billion civil and criminal settlement with BIS, OFAC and the DOJ in March 2017. While US$300 million of the penalty was suspended, the settlement also mandated the hiring of a compliance monitor for three years to report to the DOJ on the company’s compliance with US sanctions and export control laws and a seven-year suspended denial order. The denial order was triggered in April 2018, when the US government determined that the company had made apparent false statements to BIS. In June 2018, the company agreed to pay an additional US$1 billion, which included the hiring of an additional external compliance consultant, who will report to BIS, for 10 years.
ZTE’s violations primarily involved the unlicensed re-export from China to Iran and North Korea of items subject to the EAR. The company obtained some of the items via ‘isolation companies’. The US investigation into ZTE has served as a template of sorts for similar investigations and set the stage for a raft of legislative initiatives, executive orders, regulations and administrative actions aimed at reducing China’s involvement in the US telecommunications sector, which continue to this day. While BIS’s use of the Entity List during an investigation was novel in 2016, BIS now routinely uses it as a threat to encourage cooperation and resolution on its terms in addition to using it to advance US national security and foreign policy objectives.
US-based branches of Asian banks
Several APAC-based financial institutions have entered into settlements with US sanctions and state banking regulators, including the New York Department of Financial Services, for violations of US sanctions and anti-money laundering (AML) laws. These include Japan’s MUFG Bank (2013, 2014 and 2019), Taiwan’s Mega Bank (2016), the Agricultural Bank of China (2016) and South Korea’s Industrial Bank of Korea (2020). In each case, the financial institutions failed to implement adequate sanctions and AML controls in their New York branches, leading to violations of the state’s AML regulations, in addition to OFAC regulations.
Along with direct liability, APAC-based banks have also found themselves on the receiving end of subpoenas relating to the conduct of their customers. In a highly publicised case, in 2019 the US Court of Appeals for the District of Columbia upheld a lower court decision holding three Chinese banks in contempt for refusing to comply with subpoenas for information held outside the United States about transactions through their US correspondent accounts or branches involving a Hong Kong-based customer alleged to be a North Korean front company.
The US National Defense Authorization Act for Fiscal Year 2021 expanded the authority of the Attorney General and the Secretary of the Treasury to issue subpoenas to any non-US bank that maintains a US correspondent account in the United States to obtain records or pursue civil forfeiture of funds in relation to a broad range of financial crimes, regardless of whether the records sought relate specifically to the US correspondent account. The law also provides that the existence of a conflicting foreign secrecy or confidentiality law would not be the sole basis for quashing or modifying the subpoena.
North Korea indictments and secondary sanctions
North Korea, which is subject to both US comprehensive sanctions and broad UN sanctions, has been a constant source of risk for companies in APAC, especially since the issuance of Executive Order 13722 in March 2016. The North Korean government is widely believed to operate networks of front companies throughout the region, including in Hong Kong, and North Korean workers have historically been sent outside the country to earn revenue for the government. The US government’s efforts to restrict North Korea’s access to the US financial system picked up steam in mid-2017 with the sanctioning of China’s Bank of Dandong, followed by sanctions against China-based trading companies and individuals alleged to act as North Korean intermediaries, as well as vessels and operators engaged in ship-to-ship transfers in apparent violation of UN sanctions.
As with Iran, the US government has issued indictments against numerous individuals and companies outside the United States for violating OFAC’s North Korea Sanctions Regulations by processing transactions through the US financial system in relation to North Korean trade. These indictments are often accompanied by forfeiture orders, under which funds held in US interbank accounts can be seized in an amount equivalent to the violative transactions. Additionally, OFAC is authorised under Executive Order 13810 to target bank accounts through which North Korea-related transactions have been processed, even if those accounts are not themselves held by sanctioned persons. Recently, OFAC designated persons for attempted arms deals between North Korea and Russia under Executive Order 13551.
Commodities trading and investigations
OFAC has placed numerous APAC-based companies, individuals and vessels on the SDN List for engaging in sanctionable trade with North Korea and Iran, with or without a nexus to the United States. These include persons alleged to have engaged in exports of Iranian petroleum or petrochemical products via front companies in China, Hong Kong and the Middle East and a Singapore commodities house sanctioned for indirectly trading with North Korea through its Southeast Asian intermediaries. The DOJ and other law enforcement agencies are actively investigating and pursuing criminal enforcement actions against individuals and companies in APAC, many of whom stand accused of making illicit payments through the US financial system. In Singapore, at least one individual has been prosecuted for exporting luxury products to North Korea in violation of UN sanctions under Singapore law. Unfortunately, many clients are unaware that their activities are problematic until the moment OFAC designates a counterparty or a US bank (acting under the direction of US law enforcement) begins freezing wire transfers passing through the United States. As a result, more companies in APAC are adopting sophisticated sanctions due diligence and transaction monitoring programmes to avoid getting entangled in costly and potentially damaging probes.
Blocking orders and other local countermeasures
Companies increasingly face a dilemma in markets such as China and Hong Kong, where local authorities may discourage compliance with some foreign sanctions. The issue came to the fore in mid-2020 with the adoption of Executive Order 13936, which authorised sanctions on Hong Kong government officials, and the Hong Kong Autonomy Act, which authorised secondary sanctions on financial institutions engaged in significant transactions with them. In response, the Hong Kong government issued statements reminding financial institutions to treat their customers fairly and stating that Hong Kong law only recognises UN sanctions. Some commentators speculated that financial institutions that complied with US sanctions could even breach the recently adopted national security law.
In September 2020, China’s Ministry of Commerce (MOFCOM) announced the Provisions of the Unreliable Entity List, developing a mechanism to designate foreign companies that are considered ‘unreliable’. The Unreliable Entity List was used for the first time in February 2023, when two US companies were added to the List amid heightened tensions between the United States over the ‘balloon incident’. In January 2021, MOFCOM introduced an order authorising ‘prohibition orders’ that would restrict compliance with foreign sanctions in China. The order bore a striking resemblance to the EU blocking statute. In June 2021, China’s National People’s Congress adopted the Anti-Foreign Sanctions Law, giving the Chinese government new legal tools to discourage the adoption of, and compliance with, foreign sanctions perceived to threaten Chinese national interests.
It is not unusual for companies in APAC to face pressure behind the scenes not to comply with foreign sanctions that conflict with local interests or threaten profits. Sometimes that pressure is public, as was the case in 2021 when several apparel brands faced consumer boycotts over their policies on sourcing cotton from the XUAR. The possibility that a company could face administrative or criminal charges or other legal actions raises the stakes even higher. For practitioners, this means anticipating how a compliance decision made in London or Washington could impact stakeholders in APAC. We find that multinationals are relying more on team members based in the region for this much-needed perspective.
Strategies for managing multinational sanctions risks
Identification of a US, EU or UK nexus
As primary sanctions are jurisdiction-based, identifying sanctions risk is often a matter of determining whether there is jurisdiction at the outset. In addition to mapping out a company’s exposure to sanctioned territories or persons, spotting touchpoints with the United States, the European Union or the United Kingdom is an essential step in implementing an effective compliance programme. This is particularly true for financial institutions and corporates whose customers and counterparties change frequently.
For example, once a nexus to the US financial system has been found, a company should adopt real-time name screening controls to filter out transactions involving sanctioned persons or territories. A distributor with a significant EU supplier should consider whether those products can be sold to persons on an EU sanctions list. For the reasons explained above, there are endless examples of these touchpoints in APAC, and it is evident that many companies have allowed themselves to become operationally dependent on US, EU or UK services without having considered the potential sanctions exposure.
In addition to traditional supply chains and financial services, companies are strongly advised not to overlook US, EU or UK connections that may exist in their data processing, including the use of US-origin software or US-based servers. In February 2020, OFAC settled with Switzerland-based SITA for US$7,829,640 for transactions involving sanctioned airlines that relied on US-origin software or servers in the United States. US agencies, including OFAC and the DOJ, are increasingly aware of how US jurisdiction may be asserted over data. The massive popularity of digital services in APAC – including cryptocurrency exchanges and other digital asset service providers – makes this an area of increasing enforcement risk for the region.
Defining common ground and expectations for sanctions compliance
It is not uncommon for companies in APAC to take the simpler and often prudent decision to implement US, EU and UK sanctions as a matter of internal policy, regardless of jurisdiction. When this is not possible for political or commercial reasons, it is necessary to define common ground to allow transaction parties to perform their roles with the least amount of residual risk. Unfortunately, it is also still commonplace for companies engaged in transactions with sanctioned persons or territories to do so in a manner that is not transparent and often without the awareness of their major suppliers or banking partners. The disruption wrought in the telecommunications sector as a result of recent US enforcement cases is an object lesson in why this approach is not advisable. The example given above involving Singapore’s Transtel offers another. The better approach is to identify sanctions risks early on, analyse them and engage stakeholders in decision-making about how to conduct business in a manner that respects applicable rules as well as the tolerances of counterparties. A legal memorandum explaining the issues is often helpful in this regard.
A common situation encountered in APAC involves capital markets or lending transactions in which banks insist that issuers or borrowers ring-fence proceeds from their activities with sanctioned territories or persons, once those activities have been identified through due diligence prior to the transaction. The meaning of the term ‘ring-fence’ in this context is vague, and it is typically taken to mean segregation of the proceeds from general operating accounts or the adoption of accounting controls to record how the proceeds are used in compliance with use-of-proceeds clauses. (A similar approach is often taken with respect to goods originating in the United States or other territories, which may be subject to export controls.)
Often, parties are satisfied with a simple use-of-proceeds contractual provision, particularly when funds are raised for specific purposes that are unrelated to a sanctioned territory or person. It is rare in capital markets transactions for underwriters to demand the termination of that business, unless it is particularly problematic. However, lenders appear to be more willing to demand that their borrowers cease activities with sanctioned territories or persons as a condition of financing. This is especially true after the reimposition of US secondary sanctions against Iran, beginning in August 2018. It is also common for depository institutions to refuse to open or maintain accounts for individuals or corporates with tangential exposure to sanctioned territories (e.g., nationals of sanctioned territories), although the legal basis for these policies is unclear. From a regulatory perspective, financial institutions’ enforcement risk is low if they are not directly or indirectly financing prohibited activities.
Drafting mutually acceptable contractual terms and common issues
It is no secret that lawyers in the region spend a good amount of time negotiating sanctions clauses (sometimes for transactions with no apparent sanctions nexus). Given the fragmented legal picture, it is difficult to accommodate every party’s demands and yet retain succinct and clear contractual language. (Despite best efforts, many agreements are capacious, at best.) The following are some of the common issues to bear in mind.
Scope of representations and warranties
Because parties in the region are subject to differing sanctions and export controls, contract clauses should clearly define which countries or programmes are intended to be covered by the language in the agreement. This includes identifying the authorities issuing sanctions and the targets of those sanctions. Lawyers in the region spend endless hours finessing sanctions clauses to assuage the concerns of clients on both sides of a deal, often with watered-down results. As demonstrated in cases concerning the EU Blocking Regulation, and at least one case in Hong Kong involving frozen assets of a customer of a Hong Kong bank, courts may be called on to interpret imprecise language, to the detriment of one party or the other. As a minimum, drafters should be reasonably familiar with sanctions so as to precisely render the parties’ intentions.
In our experience, there are three approaches to defining prohibited business in sanctions clauses: (1) a total prohibition against dealings with sanctioned territories or persons, irrespective of their relevance to the transaction; (2) a prohibition against using the transactions’ proceeds for dealings with sanctioned territories or persons; or (3) a prohibition against violating sanctions with respect to a transaction (which may be read to permit proceeds to be used for this activity, provided it is done in compliance with applicable laws and regulations). Broadly speaking, it is now rare to find the first type of prohibition in APAC contracts. The second type is the most common and the least burdensome. The third type is increasingly common and often arises when parties that enter into a transaction are fully aware of the potential risks, and one party has agreed to assume that risk and to implement the appropriate compliance measures. It goes without saying that the party accepting these undertakings should have a reasonable basis for relying on them.
Changes in sanctions
While specificity is a virtue in contract drafting, language can become outmoded if sanctions change during the life of the contract. This problem is most often solved by indicating that references to particular sanctioned territories, persons or lists are ‘without limitation’ or are defined ‘at the time of the transaction’ to which they apply. Problems arise, however, when a party to a transaction becomes sanctioned after the adoption of an agreement. Companies are increasingly attempting to account for this possibility with the inclusion of termination provisions triggered by changes in the sanctions status of any party, and they may even define a mechanism for unwinding the transaction in compliance with applicable regulations.
For sanctions practitioners, advising clients in APAC can be both intellectually challenging and professionally rewarding. Whereas in some places the answer to most questions about sanctions is a hard ‘no’, the answer in this region is often ‘maybe’, subject to the circumstances. Clients expect their advisers to understand the ins and outs of international sanctions rules and be prepared to justify the advice given. Situational awareness is paramount. With enforcement and geopolitical risks rising, practitioners require both operational and decision-making skills – due diligence, legal analysis, risk assessment, strategic guidance – to lead their clients through uncharted, sometimes perilous, legal terrain.