John Carrington, a former North Carolina state senator, and president and chief executive officer of Sirchie Fingerprints — a police and forensics equipment supply company — wanted to sell some products to Hong Kong and China. However, he had no intention of U.S. export control licensing requirements holding him up. He simply shipped the goods to an Italian associate who was quite happy — for a price — to send them to Carrington's customers in China. The U.S. government eventually caught Carrington, slapped him in 2005 with a criminal fine of $850,000, a year of supervised release and barred him from exporting anything for five years. Sirchie Fingerprints also was barred from exporting for five years and was required to pay a $400,000 civil penalty. Undaunted, Carrington continued illegally exporting through a successor company he created. The feds caught him again. In 2010, Carrington's successor company had to pay $2.5 million for 10 violations plus another $10.1 million in criminal fines and had to stop exporting for another five years.
[This case history is from the July 2014 U.S. Bureau of Industry and Security (BIS) publication, Don't Let This Happen To You!]
Scores of U.S.-based companies either unwittingly or knowingly illegally divert products by selling them to customers in federally accepted nations only to have those customers resell the items to companies or individuals in embargoed countries — such as Syria — or nations that require rigorous government oversight through export control licensing and associated conditions and requirements — such as China.
The U.S. federal government is increasingly enforcing sanctions and export controls in pursuit of national security and foreign policy goals. As a result, U.S.-based companies must implement more effective internal controls to prevent fraudulent shipment diversions. The penalties — both criminal and civil — are severe for failing to take adequate preventive steps. The U.S. Department of Treasury's Office of Foreign Asset Control (OFAC) alone has issued recent penalties rivaling those for violations of the Foreign Corrupt Practices Act.
Other countries are also cracking down on fraudulent shipment diversions. Witness the joint European Union and U.S. imposition of sanctions against Russia related to the Ukraine crisis. And the Wassenaar Arrangement on Export Controls — implemented among 42 countries to this point — requires implementation of adequate transaction screening procedures to prevent diversion of the export/transfer to unauthorized end users or end uses.
In this article, I'll review U.S. requirements for preventing diversion, which are similar to other Wassenaar Arrangement signatory countries. I'll provide some case studies and then discuss best practices for 1) balancing incentives for sales personnel, 2) empowering international trade compliance personnel to impose transaction holds when necessary and 3) conducting proper and adequate transaction due diligence on end users and end uses.
As of the publication of this article, the OFAC imposes almost total embargoes on such countries as Cuba, Crimea, Iran, North Korea, Syria and Sudan. (The embargo on Iran might change because of the July 14 announcement of the Nuclear Containment Agreement.)
Meanwhile, the Obama administration is pushing to have the Cuban embargo lifted. And Congress has begun to take action in that direction through the July 23rd Senate Committee amendments to the Senate Financial Services appropriations bill. (See the Reuters article on MSN, Senate panel passes amendment to end restrictions on travel to Cuba.)
The U.S. also imposes limited sanctions against many other countries, specially designated nationals and denied parties. (See: http://tinyurl.com/398fb4p.) Companies, of course, must ensure they aren't conducting business with any of these and other blacklisted entities.
Meanwhile, the U.S. Department of Commerce's Bureau of Industry and Security enforces export and embargo controls. Among these controls is the prohibition against end-users who are proliferators of nuclear, biological and chemical weaponry and missile delivery systems. The law requires inclusion of a destination control statement on all relevant export documentation stating at a minimum:
"These commodities, technology, or software were exported from the United States in accordance with the Export Administration Regulations (EAR). Diversion contrary to U.S. law is prohibited."
Under the Export Administration Regulations, the government can impose criminal penalties up to $1 million and 20 years imprisonment per violation while administrative penalties can reach the greater of $250,000 per violation or twice the amount of the transaction that is the basis of the violation.
Criminal penalties for willful violations of OFAC sanctions can include fines ranging up to $20 million and imprisonment of up to 30 years. Civil penalties for violations of the U.S. Trading with the Enemy Act can range up to $65,000 for each violation. Meanwhile, civil penalties for violations of the International Emergency Economic Powers Act can range up to $250,000 or twice the amount of the underlying transaction for each violation.
Computerlinks FZCO, the United Arab Emirates subsidiary of the German firm Computerlinks AG, committed three violations of the EAR for transferring devices manufactured by Blue Coat Systems Inc. (USA) for monitoring and controlling Internet traffic to Syria.
Computerlinks — at the time an authorized reseller for Blue Coat of Sunnyvale, California — ordered equipment valued at approximately $1.4 million, which the U.S. government controls for national security and anti-terrorism reasons as encryption items.
Computerlinks falsely stated to Blue Coat, the U.S. manufacturer and exporter, that the ultimate destination and end users for the items was the Iraq Ministry of Telecom or the Afghan Internet service provider Liwalnet and not the actual Syrian end users. Blue Coat subsequently shipped the items to Computerlinks in the UAE. Computerlinks UAE then shipped the items to Syria without obtaining the required licenses.
On April 24, 2013, Computerlinks agreed to pay a $2.8 million civil penalty — the statutory maximum — and complete three external audits of its export control compliance program. “It is vital that we keep technology that can be used to further the repression of the Syrian people out of the hands of the Syrian government," said Under Secretary for Industry and Security Eric L. Hirschhorn.
[The preceding case history is from the July 2014 U.S. Bureau of Industry and Security (BIS) publication, Don't Let This Happen To You!]
I once worked as chief compliance officer at a U.S.-based company — we'll call it GlobalRentz — that rented satellite communications equipment to international firms. The company provided VSAT satellite communications equipment to a Chinese customer in Singapore. However, the Chinese customer later said it was planning to take the equipment to Iran to use on its projects there. GlobalRentz was unable to retrieve the equipment. Meanwhile, a high-level engineer for GlobalRentz based in Singapore took it upon himself to continue to provide the Chinese company managed technical services as a subcontractor to a Singapore vendor of the Singapore GlobalRentz company. Remarkably, the general manager of the Singapore GlobalRentz office at the time approved this arrangement without consulting headquarters in the U.S.
That general manager left GlobalRentz Singapore to help manage a different regional office. His successor in the Singapore office discovered the engineer's abnormal arrangement when he reviewed management accounting reports. He happened to notice the Singapore vendor's payments to GlobalRentz Singapore for services rendered rather than the GlobalRentz Singapore company paying the vendor. (It was a vendor after all and not a customer.) GlobalRentz hired outside counsel to conduct an investigation to pursue this red flag, which led to the discovery of the fraudulent diversion of managed technical services to support the Chinese customer's project in Iran.
The diversion violated OFAC regulations and potentially violated U.S. export control laws — because the components in the equipment originated in the U.S. — and broke the U.S. company's code of conduct, which forbids activities that amount to a conflict of interest. Put another way, the former Singapore office general manager evidently attempted to sustain sales revenue by joining with a vendor and permitting his chief engineer to undertake contract services work for the vendor to serve a customer operating in a forbidden, sanctioned jurisdiction.
After an investigation, GlobalRentz dismissed the former general manager and the high-level engineer for violating U.S. laws applicable to its U.S.-controlled subsidiary and for the unreported conflict of interest. As part of the company's self-disclosure to the U.S. government, outside counsel advised the company that it had to be able to demonstrate disciplinary action against those responsible and show remedial measures to prevent future occurrences.
I spearheaded GlobalRentz' creation of an operations manual to alert personnel to be on the lookout for customers that might be at risk for operating in sanctioned countries. Also, company personnel are now requiring customers to return any rented equipment to GlobalRentz if they're contemplating work in a sanctioned country.
Traps can arise from fraudulent representations of unscrupulous foreign intermediaries, overzealous customer service activities of foreign-based employees trying to keep their numbers up and even former state senators (like Carrington) who might believe they're above the law and who make fraudulent conveyance of company assets to evade their own denial orders. It's clear that companies need to conduct risk assessments on vulnerabilities and train all personnel in vulnerable positions.
Fortunately, BIS has developed principles the government considers components of the cornerstone of best practices for avoiding fraudulent diversions.
Here are those BIS principles verbatim with my comments in italics:
Best practice No. 1: Companies should pay heightened attention to the Red Flag Indicators on the BIS Website and communicate any red flags to all divisions, branches, etc., particularly when an exporter denies a buyer's order or a freight forwarder declines to provide export services for dual-use items.
15 CFR Part 732, Supp. 3 lists red flags, which indicate a fraudulent diversion is likely. The key red flags are:
Best practice No. 2: Exporters/Re-exporters should seek to utilize only those Trade Facilitators/Freight Forwarders that administer sound export management and compliance programs which include best practices for transshipment.
This will require proper due diligence on a company's freight-forwarding agents.
Best practice No. 3: Companies should “know" their foreign customers by obtaining detailed information on the bona fides (credentials) of their customer to measure the risk of diversion. Specifically, companies should obtain information about their customers that enables them to protect dual-use items from diversion, especially when the foreign customer is a broker, trading company or distribution center.
Undertaking screening against the various black lists is just the start of such due diligence efforts.
Companies should "know" their foreign customers by obtaining detailed information on the bona fides (credentials) of their customer to measure the risk of diversion."
These are instances in which foreign parties certify, as the freight-forwarding agent principal, that the exports from the U.S. are legal.
Best practice No. 5: When the Destination Control Statement (DCS) is required, the Exporter should provide the appropriate Export Control Classification Number (ECCN) and the final destination where the item(s) are intended to be used, for each export to the end-user and, where relevant, to the ultimate consignee. For exports that do not require the DCS, other classification information (EAR99) and the final destination should be communicated on bills of lading, air waybills, buyer/seller contracts and other commercial documentation. For re-exports of controlled and uncontrolled items, the same classification and destination specific information should be communicated on export documentation as well.
This best practice goes beyond what's required by law, but it will go a long way in helping the exporter demonstrate due care and good faith for the mitigation of any penalties.
Best practice No. 6: An Exporter/Re-exporter should provide the ECCN or the EAR99 classification to freight forwarders, and should report in the Automated Export System (AES) the ECCN or the EAR99 classifications for all export transactions, including “No License Required" designation certifying that no license is required.
This is an attestation that the exporter has knowingly checked all the requirements for a license exception and that it has and will meet these requirements.
Best practice No. 7: Companies should use information technology to the maximum extent feasible to augment “know your customer" and other due-diligence measures in combating the threats of diversion and increase confidence that shipments will reach authorized end-users for authorized end-uses.
The new state-of-the-art method for ensuring compliance is integrating with the web portal of a company's freight forwarder to track shipments. Radio frequency identification technology is making this tracking more foolproof. In our rented equipment case, we even potentially discussed including a GPS tracking device on U.S. origin equipment so that we could monitor potential unlawful diversions in real time.
Companies can use additional strategies to help prevent fraudulent diversions. Be sure to train all personnel on global sanctions and export controls, including foreign-born employees — particularly those not living in the U.S. (The BIS itself conducts regular training.)
Certain countries are known for high incidences of improper transshipments: Hong Kong, Singapore and the United Arab Emirates. The BIS has assigned seven export control officers to those countries plus China, India and Russia. (See the Keynote Speech of David W. Mills, Assistant Secretary for Export Enforcement UPDATE Conference, July 30, 2014.) Companies should conduct in-person training for personnel in branch, subsidiary and sales agent offices in these countries. Sales personnels' bonus and commission structures should include the key performance indicator of meeting export control compliance requirements.
Finally, similar to the concept of an “empowered official" under U.S. International Traffic in Arms Regulations (see: 22 CFR §120.25), exporting companies should appoint international trade compliance officers who have the authority to issue stop orders on any transactions in which red flags are present. Companies should mandate that compliance officers perform due diligence on proposed shipments with personnel in countries known for a high incidence of transshipments.
If U.S.-based companies don't work to prevent fraudulent diversions of their products, they can expect prosecution, potential substantial criminal and civil penalties, denial orders against exporting privileges and certain reputational damage.
The views expressed by the author are his own and don't necessarily express the views of Hewlett-Packard.
Robert J. Ward Jr., Esq., CFE, CUSECO, is the global customs and export controls compliance manager at Hewlett-Packard. Ward is a Certified U.S. Export Compliance Officer. His email address is: robertjwardjr@gmail.com.
Unlock full access to Fraud Magazine and explore in-depth articles on the latest trends in fraud prevention and detection.
Read Time: 12 mins
Written By:
Annette Simmons-Brown, CFE
Read Time: 16 mins
Written By:
Dick Carozza, CFE
Read Time: 6 mins
Written By:
Patricia A. Johnson, MBA, CFE, CPA
Read Time: 12 mins
Written By:
Annette Simmons-Brown, CFE
Read Time: 16 mins
Written By:
Dick Carozza, CFE
Read Time: 6 mins
Written By:
Patricia A. Johnson, MBA, CFE, CPA
