Chinese technology company ZTE is set to pay up to $1.2 billion for violating US laws against selling American technology to Iran. This is the largest criminal fine in a US sanctions case.
Fined for activity in Iran and North Korea
An investigation by the Department of Justice, the Commerce Department and the Treasury Department's Office of Foreign Assets Control found that ZTE broke US sanctions rules by obtaining and illegally shipping US-made equipment to Iran, and sending goods to North Korea without the correct export licenses. ZTE has agreed to pay $892 million and a further $300 million if it fails to meet certain conditions. During the investigation, it is alleged that ZTE repeatedly lied to and misled federal investigators and its own attorneys and internal investigators.
1) Sanctions breaches carry heavy financial costs
The fine is one of the largest ever imposed for sanctions violations and is expected to cause significant damage to ZTE's financial performance. The Wall Street Journal reports that "the penalties – imposed by the Justice, Commerce and Treasury departments – will wipe out the equivalent of the past two years of ZTE net profits". This is bad news for a company which had to cut at least 3,000 jobs in January.
Further evidence of the costs of financial crime came in last week's report by Boston Consulting Group (BCG) which found that the world's biggest banks have paid $321 billion in fines since 2008 for regulatory failings including money laundering, market manipulation and terrorist financing. BCG predicts this figure will increase in the coming years as European and Asian regulators catch up with US regulators, who have imposed most fines since 2008.
2) Compliance is key
ZTE must meet a series of compliance standards as part of the agreement with the US agencies. This includes a three-year corporate probation period and submitting to an independent compliance monitor which will review and report on ZTE's export compliance programme. The company has also said it will make personnel changes and implement new audit and compliance procedures to prevent and detect future violations. If ZTE had made these changes ten years ago, perhaps it could have avoided the sanction breaches and the damage they have caused.
3) US enforcement shows no sign of weakening
The fine suggests that, despite changes in the US administration, the country will continue to actively investigate and prosecute companies engaged in financial crime. When announcing the fine, the US Commerce Secretary Wilbur Ross said: "Those who flout our economic sanctions, export control laws and any other trade regimes will not go unpunished, they will suffer the harshest of consequences. This case is just the beginning."
4) US enforcement has extraterritorial reach
This case shows the willingness of US regulators to take enforcement action against companies which are not headquartered in the US. Secretary Ross said: "We are putting the world on notice". This applies not just to sanctions policies, but also to bribery allegations. Last year, companies based in Israel, Brazil and the Netherlands paid significant fines to settle allegations of breaching the US Foreign Corrupt Practices Act. Every company with an international presence should make sure they keep up to date with the relevant national and international regulations around financial crime.
5) Sanctions policies change – so ongoing monitoring is needed
Companies should monitor sanctions developments in North Korea over the next year to make sure they do not breach national and intergovernmental sanctions. With further evidence of North Korea missile tests this month, France's United Nations envoy said the country will seek additional EU restrictions on North Korea. A LexisNexis report showed that "sanctions around the world changed significantly" in only a three month period in late 2016.
What can companies do?
As part of sanctions policies and procedures companies should consider the following:
-Ensure senior management understand company's sanctions obligations and endorse policy process
-Prepare company policy & procedures, including disclosure requirements
-Communicate policy & procedures to employees and third-parties (e.g. Contracts, sales agents etc.)
-Implement regular training to ensure staff and third-parties understand obligations and procedures
-Implement a screening process appropriate to the nature, size and risk of the company's business
-Align sanctions screening process to associated third-party due diligence procedures
-Ensure procedures include escalation contacts for sanctions enquiries and to report violations
-Audit and regularly review policy & procedures, training and screening systems
-Reinforce policy & procedures with independent audit and testing
-Don't wait for enforcement as a trigger to implement above actions