Business Data

Startups Have To Care About Violating U.S. Sanctions Laws, Too

Doreen Edelman is a partner at Lowenstein Sandler and chair of the firm’s Global Trade & Policy practice. Abbey Baker is a Counsel in the Global Trade and & Policy practice at Lowenstein Sandler. Additionally, they counsel clients on U.S. sanctions, export controls, customs regulations, CFIUS rules, and anti-corruption requirements. Both are based in Washington D.C.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) doesn’t care whether a company means to violate the law or is unaware of U.S. sanctions. The regulatory organization’s role is to dole out significant penalties and even jail time for violations and it’s turning its sights on the tech world.

Many startups reason that since they aren’t technically financial institutions or operating off of open source code, they aren’t subject to stifling and irritating regulations.

Subscribe to the Crunchbase Daily

However, when it comes to U.S. sanctions, these companies are wrong, and that ignorance can lead to significant consequences. Recent headline-making OFAC cases such as Chinese telecom giant ZTE being fined $1.2 billion or the high-drama Canadian arrest of Huawei CFO Meng Wanzhou have underscored the impact of violating U.S. sanctions laws.

The costs are so palpable that Slack, the American cloud-based collaboration hub, recently banned all users with ties to embargoed locations including Cuba, Iran, North Korea, Syria and the Crimea region of Ukraine, even if those users have no negative history or connection to the embargoed area and now reside in friendly countries like Canada and Germany.

Although industry watchers might consider this overkill on Slack’s part since the company isn’t exporting physical products, Slack had every right to be concerned. The company is exporting services, and so had good reason to take the actions it took.

More On Sanctions

Sanctions are a legal requirement prohibiting U.S. persons from directly or indirectly dealing or trading with certain countries, regions, people, or entities around the world. Sanctions are the reasons that, for a long time, consumers couldn’t get a Cuban cigar, and now can’t get a new Persian rug.

Sanctions are also the reason many Chinese companies won’t conduct business with North Korea or that consumers can’t buy goods from someone in Crimea, take investments from Russian oligarchs, go on a beach vacation to Cuba, send pencils to Iran, or provide services to someone in Syria.

The U.S. president issues these sanctions to support U.S. foreign policy positions and address national security concerns – meaning that when the government doesn’t like what a person, entity, region or country is doing and it wants the activity to stop, the president puts sanctions on that target to limit U.S. parties from doing business with them.

If that happens, almost no one anywhere in the world will give the sanctioned party money, work or trade. Targeted entities will also have trouble simply opening bank accounts at banks around the world. Why is this the case? Because many of the world’s financial transactions go through the U.S. financial system and banks won’t risk getting shut out or facing large U.S.-imposed penalties for dealing with blacklisted parties.

OFAC Eyes Tech Market

If OFAC is so concerned about national security, why is it looking at the tech world? Simply, it’s worried about the movement of money and services that funds the “bad guys.”

Right now, cryptocurrencies make it possible for sanctioned entities previously shut out of financial markets to move money with little to no oversight. To some, this anonymity might be the point. But to the U.S. Government, it’s a national security problem. Similarly, providing sanctioned entities with online services that help them run their organizations and money-making businesses also compromises key U.S. security and policy objectives.

This problem trickles down to the global tech industry when U.S.-owned or controlled businesses provide support services to sanctioned entities, oftentimes unknowingly. Comprehensive programs like the Iran, Cuban, Syrian, North Korean and Crimean sanctions prohibit U.S. persons from directly or indirectly providing many services to those regions.

This means that if someone creates an account on your platform from Tehran or Sevastopol‎ and starts using your product/service – your company has probably violated U.S. sanctions law without ever taking any action. Exceptions do exist, but companies better check to make sure one applies to their situation before relying on it.

Sanctions violations are “strict liability,” which means violators don’t need to exhibit bad intent to break the law and as a result they can face serious penalties and damaging publicity if they do. On the other hand, if someone does know exactly what they were doing and did it anyway – they can face criminal charges and jail time.

OFAC has not only been investigating accounts originating from sanctioned locations, but it has even gone so far as to add two bitcoin addresses to its Specially Designated Nationals (SDN) List. The SDN is a list of individuals, governments, and entities with whom U.S. persons are banned from transacting. Some may argue that banning a digital currency address is ineffective. Effectiveness aside, this novel enforcement move is an undeniable example that OFAC is changing with the times and looking to keep its targets from utilizing new technology to subvert its regulatory reach.

Protecting Your Company

If tech is a new target area for enforcement, it’s critical that companies don’t assume they aren’t exposed just because they are a startup.

Part of getting entities to comply with the law is a strong show of public enforcement to scare players into compliance, meaning that it’s likely OFAC will want to make it clear that everyone is responsible. Smaller tech firms are already hearing from OFAC, and this is likely to continue.

Additionally, small enterprises allowing users to move millions of dollars undetected can be just as much of a threat to national security as larger operations. Further, don’t assume that just because a company isn’t located in the United States, that these rules don’t apply to them. If there are U.S. persons or U.S. ownership involved somewhere in a corporate chain, its transacting in U.S. dollars, or it uses or trades in U.S.-originated goods or technology – chances are U.S. sanctions rules apply.

Bottomline: To avoid being involved in OFAC’s next iteration of tech related enforcement measures, it’s time to take sanctions compliance seriously.

iStockPhoto/Monsitj