Multi-Agency Settlement May Signal Greater Sanctions, Export Control Enforcement, Law Firms Say
A “groundbreaking” settlement agreement between a German software company and three U.S. agencies (see 2104290069 and 2105070042) may signal greater enforcement of sanctions and export violations and present more compliance challenges for industry, law firms said. The more than $8 million settlement between SAP SE and the Justice, Treasury and Commerce departments -- the first non-prosecution agreement under the Justice Department's revised voluntary disclosure policies (see 2008180043) -- also includes several important lessons for businesses and may lay out how monitorships can be avoided, the firms said.
Maybe most importantly, the settlement marked a “new level of coordination” between the three enforcement agencies, Herbert Smith Freehills said May 10. “The coordination between the [DOJ], BIS, and OFAC suggests that, going forward sanctions and export controls compliance may represent a greater focus of U.S. law enforcement,” the firm said. Thompson Coburn said the agreement served as a due-diligence warning. “These penalties indicate both the seriousness with which the United States considers these violations and the significant mitigation considerations that are given to companies that commit to compliance,” the firm said May 19.
Under its recently revised disclosure policy guidelines, the Justice Department outlined benefits for companies that disclose export control and sanctions penalties (see 1912130047). While SAP SE’s penalty was significant, it was able to “escape” without a monitor imposed over its business activities because of its cooperation with the U.S. government, Ice Miller said May 14. The firm said that was a “significant development as monitorships are extraordinarily complex and expensive undertakings for the company,” and sends a signal to companies that cooperation will be rewarded.
But the German company did agree to future disclosure obligations, Ice Miller said, which will require it to “be very diligent and thorough about investigating any allegations of misconduct.” The non-prosecution agreement may also have implications for the border industry and “influence” how the agency defines best practices for export control and sanctions compliance, Herbert Smith Freehills said. “This may present certain compliance challenges for companies, as companies may have to navigate different or competing compliance paradigms,” the firm said, referencing different compliance obligations between the Treasury’s Office of Foreign Assets Control and the Justice Department. “Companies that have drafted internal protocols to comply with OFAC policies might be well-served to revisit such policies in light of the DOJ Enforcement Policy.”
The penalty also highlighted the government’s effort to enforce violations beyond just trade in goods, as SAP SE allowed more than 2,300 Iranian users to access U.S.-based cloud services. Software services “are often challenging to scope and often overlooked in export-focused industries that view exports as tied to ‘things,’” Ice Miller said. The firm said data, software and cloud services companies should make sure they are blocking downloads of “software, support, and maintenance” from Iran and other embargoed countries and screening third parties and customers. They should also review their supply chain partners to “limit resale to companies” in embargoed countries and implement geolocation internet protocol address screening for software delivered from the U.S. Companies in this space “should pay attention to export controls and sanctions restrictions,” the firm said, “because digital trade can cross borders easily and with little notice.”