On March 6, 2024, the U.S. Department of Justice (DOJ), the Bureau of Industry and Security (BIS) of the Department of Commerce, and the Office of Foreign Assets Control (OFAC) of the Department of the Treasury jointly issued a Compliance Note on Obligations of Non-U.S. Persons to Comply with U.S. Sanctions and Export Control Laws. This initiative aims to clarify the legal responsibilities of foreign individuals and entities under the framework of U.S. sanctions and export control laws, particularly for non-U.S. companies engaged in business with the U.S. or potentially involved in transactions subject to U.S. jurisdiction.

(1) U.S. Sanctions Laws
The U.S. administers and enforces economic and trade sanctions through OFAC targeting specific countries, entities, and individuals. These sanctions include asset freezes, restrictions on certain transactions, and comprehensive or partial trade embargoes. Sanction targets include foreign regimes, terrorists, international drug traffickers, and other malicious actors deemed to threaten U.S. national security and foreign policy.

(2) Export Control Laws
U.S. export controls are implemented by BIS under the Export Control Reform Act of 2018 (ECRA) and the Export Administration Regulations (EAR). The EAR regulates not only items exported from the U.S. but also re-exports, foreign transfers, foreign-made items containing U.S.-origin components or software, and certain foreign-made items produced using U.S. technology or production equipment.

Non-U.S. companies that fail to comply with U.S. sanctions or export control laws may face significant legal and economic risks, including civil or criminal penalties. Notably, OFAC can impose civil liability under the strict liability principle, even if the non-U.S. entity was unaware that its actions violated U.S. laws.

Non-U.S. entities should adopt the following compliance measures to mitigate risks of violating U.S. sanctions and export control laws:

Develop and implement risk-based compliance procedures:Establish and maintain an effective compliance framework, including internal controls, audit, and training programs to manage payment and goods flows involving U.S. connections.
Know Your Customer (KYC):Enhance customer due diligence to ensure proper integration of customer information and geographic data with compliance screening protocols.
Risk Assessment:Conduct regular risk assessments on business activities, particularly transactions involving sanctioned countries, individuals, or entities.
Voluntary Self-Disclosure:If potential violations of U.S. laws are suspected, voluntarily disclose possible violations to relevant authorities.
Monitoring and Reporting:Establish effective monitoring and reporting mechanisms to promptly identify, report, and resolve compliance issues.

Non-U.S. entities must recognize that when engaging in business with the U.S. or when their activities may be subject to U.S. sanctions and export control laws, proactive measures should be taken to ensure compliance. By implementing robust compliance programs and appropriate risk management strategies, violation risks can be effectively reduced, protecting businesses from potential legal and economic consequences.

Original announcement:Department of Commerce, Department of the Treasury, and Department of Justice Tri-Seal Compliance Note