Our team advises U.S. and non-U.S. clients across industries on their most sensitive U.S. economic sanctions and Bank Secrecy Act/anti-money laundering (BSA/AML) issues. With our preeminent regulatory defense and white collar experience, we are uniquely positioned to assist clients in responding to regulator inquiries, examinations and subpoenas; conducting internal investigations; and handling matters that develop into multi-agency civil and criminal investigations. Our practice also encompasses regulatory advice, compliance counseling and transactional due diligence.
OFAC Reaches Settlement with Cobham Holdings, Inc. for Violations Resulting from Deficient Screening Software
November 29, 2018 Download PDF
On November 27, 2018, the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”) announced a nearly $90,000 settlement agreement with Virginia-based Cobham Holdings, Inc. (“Cobham”), a global provider of technology and services in aviation, electronics, communications, and defense, on behalf of its former subsidiary, Aeroflex/Metelics, Inc. (“Metelics”).[i] The settlement involves three shipments of goods through distributors in Canada and Russia to an entity that did not appear on OFAC’s Specially Designated Nationals and Blocked Persons List (the “SDN List”), but was blocked under OFAC’s “50% rule” because it was 51% owned by a company sanctioned under the Russia/Ukraine sanctions program. This is the second OFAC action of which we are aware that has relied on the 50% rule. The apparent violations appear to have been caused by Metelics’s (and Cobham’s) reliance on deficient third-party screening software.
While difficult to predict, OFAC’s decision to pursue this action—involving only three shipments, a violation of the 50 percent rule, and where the root cause of the apparent violations is attributable to deficient sanctions screening software—may signal a raising of OFAC’s compliance expectations, consistent with Treasury Under Secretary Sigal Mandelker’s warning in a recent speech that private sector companies “must do more to make sure [their] compliance systems are airtight.”[ii]
Below, we describe the settlement, OFAC’s penalty calculation, and several lessons learned.
The Apparent Violations
The apparent violations stem from three shipments by Metelics to end user Almaz Antey Telecommunications (“AAT”), an entity 51 percent owned by Joint-Stock Company Concern PVO Almaz-Antey (“JSC Almaz-Antey”), a Russian SDN. JSC Almaz-Antey was added to the SDN List on July 16, 2014, after the first shipment by AAT occurred but before three further shipments—constituting the apparent violations—were made.
Prior to JSC Almaz-Antey’s designation, Metelics entered into an agreement (the “Order”) to sell AAT several thousand switches and switch limiters through a distributor in Canada on June 18, 2014. On June 19, 2014, Metelics performed a denied party screening, which returned warnings for Russia generally, but not for AAT specifically.[iii] On June 27, Metelics prepared the first of two shipments pursuant to the Order and ran another denied party screening, which yielded the same results as the first. Pursuant to Metelics’s internal compliance procedures involving shipments to Russia, the screening results and end-use certificates were forwarded to Metelics’s Director of Global Trade Compliance for review and approval. The Director of Global Trade Compliance approved the shipment, which shipped on June 27, 2014.
On July 16, 2014, over two weeks after the first shipment, OFAC designated JSC Almaz-Antey and added it to the SDN List. JSC Almaz-Antey is a Russian entity engaged in the research, development, and manufacture of air defense missile systems, radar systems, and arms control systems, as well as other military, dual-use, and civil products.[iv] JSC Almaz-Antey was designated pursuant to Executive Order 13661, “Blocking Property of Additional Persons Contributing to the Situation in Ukraine,” dated March 16, 2014, for operating in the arms sector in Russia. At all times relevant to the conduct at issue, JSC Almaz-Antey owned 51 percent of AAT, which meant AAT was also blocked as of July 16, 2014 under operation of OFAC’s 50 percent rule.[v]
On July 31, 2014, Metelics prepared the second shipment of the Order, consisting of switch limiters and switches valued at $745,322, and again performed a denied party screening. Cobham’s denied party screening software failed to return any matches or warnings for AAT, despite the fact that JSC Almaz-Antey was on the SDN List and both its name and that of AAT, the specified end user, contain the uncommon terms “Almaz” and “Antey,” and the fact that Cobham had selected “fuzzy” search criteria to detect partial matches. Again, because the shipment involved Russia, it was elevated to Metelics’s Director of Global Trade Compliance, who relied on the screening results to approve the shipment. Metelics completed the second shipment on July 31, 2014.
In October 2014, Metelics received an order for 20 sample switch limiters for AAT through a Russian distributor. Metelics performed the same denied party screening process it performed in July, which again generated no warnings for AAT. The sample switch limiters were sent in two shipments, one in December 2014 and one in January 2015. As with the prior shipments, these shipments were reviewed and approved by Metelics’s Director of Global Trade Compliance. Each shipment was valued at ten dollars.
Cobham discovered the problematic shipments during sale negotiations and related due diligence prior to its December 14, 2015 sale of Metelics.
Factors Affecting OFAC’s Penalty Determination
Pursuant to Ukraine Related Sanctions Regulations (the “URSR”),[vi] Cobham faced a maximum civil monetary penalty of $1,990,644. Cobham voluntarily self-disclosed the apparent violations, which OFAC determined to be non-egregious, resulting in a base penalty of $125,010. In arriving at the final settlement amount of $87,507, OFAC considered both aggravating and mitigating factors pursuant to its Economic Sanctions Enforcement Guidelines.[vii]
OFAC determined the following to be aggravating factors:
- “Metelics failed to recognize warning signs when exporting goods on multiple occasions through distributors to the subsidiary of a blocked person with nearly the same name as the blocked person”;
- Metelics’s “Director of Global Trade Compliance reviewed and approved the transactions constituting the apparent violations”;
- “[T]he apparent violations resulted in harm to the sanctions program objectives of the URSR by conferring an economic benefit to a blocked person tied to Russia’s defense industry”;
- “Metelics and Cobham are large and sophisticated entities operating in a sensitive industry”;
- “Cobham and its compliance personnel were involved in prior apparent violations of the Iranian Transactions and Sanctions Regulations administered by OFAC”; and
- “Metelics was subject to a consent agreement for violations of the International Traffic in Arms Regulations administered by the U.S. Department of State resulting from recurring compliance failures.”[viii]
OFAC determined the following to be mitigating factors:
- “Metelics has not received a penalty notice or finding of violation from OFAC in the five years preceding the earliest date of the transactions giving rise to the Apparent Violations”;
- “Cobham cooperated with OFAC by submitting a detailed disclosure”;
- “[T]he primary transaction underlying the Apparent Violations straddled changes in the URSR such that a portion of the transaction occurred prior to it being prohibited”; and
- “Cobham implemented certain remedial measures,” including:
- terminating the alleged problematic conduct;
- acquiring and implementing new screening software to address the deficiency in the prior screening software;
- acquiring and implementing a new tool capable of identifying persons known to be owned by parties on the SDN List;
- implementing a process of enhanced due diligence for transactions that are high risk from the OFAC perspective; and
- circulating a “lesson learned bulletin” to all U.S.-based international trade compliance personnel.[ix]
As is its standard practice, OFAC did not disclose how it weighed these aggravating and mitigating factors in reaching the settlement amount.
Implications
Despite the relatively low settlement amount, this case provides a few key lessons.
First, this is only the second instance of which we are aware in which OFAC resolved a public enforcement action for the processing of transactions with an entity that was not on the SDN List, but was blocked by operation of the 50% rule. The first such action was against Barclays in 2016, where OFAC provided guidance suggesting that it would pursue enforcement actions involving the 50% rule particularly where, among other things, information concerning the SDN ownership of a customer is publicly available, such that a company should have been able to realize the blocked nature of the entity (for example, in the Barclay’s case, similar transactions had been rejected by other financial institutions).[x] Although OFAC does not offer an explanation, it appears here that the similarity in name between the SDN and its owned entity—such that either arguably should have triggered an alert during sanctions screening—justified a monetary penalty. More broadly, OFAC’s action based on the 50% rule highlights the need for companies, at a minimum, to understand the ownership structure of their customers, particularly when such counterparties are operating in a high-risk jurisdiction (such as Russia).
Second, in describing the company’s remedial measures, OFAC noted that the company acquired and implemented a “screening and business intelligence tool” with the capability of flagging persons “known to be owned by parties identified on the SDN List . . . to conduct enhanced due diligence on higher risk transactions.”[xi] Companies in a variety of sectors have increasingly utilized vendors to enhance their ability to identify entities that are blocked pursuant to the 50% rule, and OFAC’s recognition of this practice may offer further encouragement to adopt these techniques. OFAC also recognized other steps that companies may wish to emulate, including providing employees training on the 50% rule.[xii] OFAC also stressed that “it is essential that companies engaging in international transactions maintain a culture of compliance where front line staff are encouraged to follow up on sanctions issues, including by promptly reporting to compliance personnel transactions suspected to involve sanctioned parties.”[xiii]
Third, the Cobham settlement serves as an important reminder to entities conducting international business “in high-risk industries (e., defense) to implement effective, risk-based compliance measures, especially when engaging in transactions involving high-risk jurisdictions.”[xiv] In the past, OFAC may, depending on the circumstances, have excused a screening error with a cautionary letter, particularly where, as here, a company had implemented procedures to elevate high-risk transactions for review and approval by its compliance department, and failed to identify an SDN connection not through a failure to perform party screening, but through a deficiency in the validity of its third party screening software. OFAC’s decision to pursue a penalty against Cobham may suggest that OFAC is increasing its expectations that companies—and particularly “large and sophisticated entities operating in a sensitive industry”—will thoroughly pressure test their screening software to avoid these sorts of errors. OFAC stated that “persons employing sanctions screening software should take steps to ensure it is sufficiently robust and that appropriate personnel are trained on its functionality.”[xv] In light of this guidance, companies should consider periodically testing their screening software, including by ensuring that they do not utilize an “all word” match criteria, such that no hit will be generated if a search subject’s name shares only some words in common with a prohibited party.
Finally, an unusual facet of the Cobham settlement is the fact that Metelics is no longer a subsidiary of Cobham. Generally OFAC will not pursue a former owner, but will instead bring its enforcement action against the company being sold or the acquiring entity. In this instance, it could well be the case that Cobham submitted its voluntary self-disclosure prior to its December 2015 sale of Metelics, and Cobham’s willingness to accept responsibility for the Metelics’s conduct may have resulted from negotiations with the buyer. OFAC also describes the deficient screening software as “Cobham’s,” so it is also possible that Cobham undertook a larger internal investigation in connection with the software deficiencies identified in relation to Almaz-Antey and that OFAC felt Cobham, as the provider of the software to its subsidiary, was itself responsible for the apparent violations. Regardless, the settlement underscores that compliance with sanctions regulations can be a critical element of due diligence in mergers and acquisitions. Here, the apparent violations were discovered during diligence related to Metelics’s sale, presumably giving the parties the opportunity to contractually allocate the risk of any future OFAC enforcement action related to the apparent violations.
* * *
[i] See U.S. Dep’t of the Treasury, “Enforcement Information for November 27, 2018,” available here (“OFAC Web Notice”). In settling these apparent violations, the companies did not admit liability.
[ii] Sigal Mandelker, Under Sec’y for Terrorism and Fin. Intelligence, U.S. Dep’t of the Treasury, Speech before the Foundation for the Defense of Democracies (June 5, 2018).
[iii] The name of the specific software used to screen these transactions has not been disclosed.
[iv] See Bloomberg, Company Overview of Almaz-Antey PVO Concern Joint-stock Company, available here.
[v] Under OFAC’s 50 percent rule, an entity that is owned 50% or more by one or more SDNs must be treated as though it itself is on the SDN List. See U.S. Dep’t of the Treasury, “Revised Guidance on Entities Owned by Persons Whose Property and Interests in Property are Blocked” (Aug. 13, 2014), available here.
[vi] 31 C.F.R. part 589.
[vii] See 31 C.F.R. part 501, app. A.
[viii] OFAC Web Notice 2-3.
[ix] Id. at 3.
[x] U.S. Dep’t of the Treasury, “Enforcement Information for February 8, 2016,” available here; see also OFAC, Frequently Asked Questions: Sanctions Compliance, Additional Questions from Financial Intuitions, No. 116 (Jan. 15, 2015), available here.
[xi] OFAC Web Notice at 3.
[xii] Id.
[xiii] It is unclear however, how OFAC’s statement regarding a “culture of compliance” fits into the Cobham settlement, given that each of the three shipments at issue were elevated to and approved by the company’s Director of Global Trade Compliance.
[xiv] OFAC Web Notice at 3.
[xv] Id.