End-Use Statements Helpful but Not 'Sufficient’ for Good Due Diligence, Lawyer Says
End-use certificates can be a good way to mitigate some sanctions and export control risk, but “it doesn't necessarily make the risk completely disappear,” said Jan Dunin-Wasowicz, a Hughes Hubbard trade lawyer. Dunin-Wasowicz cautioned companies about relying solely on end-use and end-user statements when conducting due diligence, adding that companies can take other compliance steps to vet a transaction, especially because some customers are willing to lie about a product's end-use.
Although many companies already require customers to sign end-use declarations, which may certify that a certain product or service won’t be used in a way that violates trade laws, that isn’t the only practice that should be included in companies' due diligence processes, Dunin-Wasowicz said. “It's one element, but it’s certainly not sufficient,” he said during a webinar hosted by the Association of Certified Sanctions Specialists last week focused on due diligence with EU sanctions and export controls.
Overseas companies looking to evade sanctions know that some compliance departments need only a signed end-use statement to get the “green light to proceed,” Dunin-Wasowicz said. “There are lots of people out there in the world that are happy to sign whatever you present to them, whatever documentation,” he said.
Although companies could “reasonably come to a conclusion” that an end-user statement, coupled with other vetting procedures, mitigates enough of the risk with a particular transaction, he said that’s often a judgment call.
“Quite often you'll be in situations where you'll have to arbitrate” and “exercise that judgment,” he said.
The Bureau of Industry and Security earlier this year urged exporters to require customers to sign written compliance certifications if their shipment involves items that fall under one of nine Russia-related high-priority Harmonized System codes and the customer is in a country outside the U.S.-led global export controls coalition (see 2310020023). But BIS warned that those certifications shouldn't replace other due diligence practices used to mitigate risk.
At a minimum, companies should vet all the parties involved in a transaction as well as understand “the transaction itself and the nature of the products and the services involved,” said Nicolas Burnichon, also a Hughes Hubbard trade lawyer. This includes making sure the other parties aren’t “directly or indirectly” sanctioned, he said, while also gathering information about what the product or service will be used for.
“At the end of the day, it's all about asking the right questions,” he said during the webinar. “Due diligence cannot be only limited” to “simple screening of counterparties anymore. You need to actually understand -- with the help of your business, of your operational teams -- the operation itself, the activities of your company and your third parties.”
Burnichon added that thorough due diligence has become even more important now that many compliance departments, especially in the EU, have seen their “workload increase” since Russia’s invasion of Ukraine last year. “It is indeed very important to be able to identify the sensitive or high risk transactions and to dedicate more time and resources on them,” he said.
Although there may be a set of common due diligence practices all companies can take, Dunin-Wasowicz stressed no compliance blueprint applies to all businesses. “The good news is that no one here is saying that everyone needs to do the same thing. No one is saying that you need to have the same compliance program and no one is saying that you need to have the same approach to due diligence,” he said.
“What you need, however, is to ensure you have thought about how you are going to do it, and that the way you're doing it corresponds or reflects all of your business risks that you have identified.”