by Brent Carlson and Michael Huneke

Media coverage concerning the widespread use of U.S. or Western microelectronics in recovered Russian- or Iranian-manufactured missiles and drones is putting pressure on governments, manufacturers, and exporters to consider ways to reduce more effectively the flows of such items to prohibited end-users. Even considering that many of the items are ubiquitous consumer electronics, the discovery of such items after mass-casualty events—including fatalities—on the front lines puts manufacturers and exporters on the front pages and in the crosshairs of U.S. regulators, prosecutors, media, and congressional committees. However the items arrived on the battlefield, their presence begs the questions of how and through whom they arrived.

In Part 1 of this post,[1] we explored how the “willfulness” trigger for criminal liability works in practice and provided practical tips for manufacturers and exporters seeking to ensure their compliance programs were calibrated to the risk of criminal enforcement.

In Part 2, we similarly explore the “high probability” definition of knowledge—an equal alternative to actual knowledge—in the U.S. Export Administration Regulations (“EAR”). Manufacturers and exporters should similarly anticipate that regulators will leverage this existing definition of knowledge in fighting export controls evasion, especially in the face of media and political pressure. In fact, regulators have been signaling this for some time. Furthermore, such signals are not coming from U.S. regulators alone. Of note, a recent proposal in Europe encourages E.U. regulators to take a similar “fresh look” at available E.U. enforcement mechanisms.[2]

Manufacturers and exporters should accordingly ensure that their compliance programs are addressing and blocking exports not only in instances of actual knowledge of evasion but also where they are aware of the high probability of evasion. Public statements in response to media or U.S. congressional inquiries to the effect that their programs satisfy legal requirements will backfire if later enforcement actions establish facts that, even circumstantially, show an awareness of a high probability of evasion that was ignored. Now is the time to stress-test whether existing compliance programs are calibrated to current enforcement risks.

“High Probability” Origins and FCPA Parallels

The “high probability” standard targets “willful blindness”—in practice begging the question, “What did you really think was happening?” The same definition of “high probability” has been part of the U.S. Foreign Corrupt Practices Act (“FCPA”) since 1988, and in that context it drives both compliance and enforcement activity regarding indirect bribes made through third-party agents (in a sense, anti-bribery “evasion”).

Since 1996, this “high probability” standard also has been part of the EAR. Specifically:

Knowledge.   Knowledge of a circumstance (the term may be a variant, such as “know,” “reason to know,” or “reason to believe”) includes not only positive knowledge that the circumstance exists or is substantially certain to occur, but also an awareness of a high probability of its existence or future occurrence. Such awareness is inferred from evidence of the conscious disregard of facts known to a person and is also inferred from a person’s willful avoidance of facts. . . .[3]

The use of identical concepts in the FCPA and the EAR may be one reason why regulators have been signaling the significant changes underway by calling export controls and sanctions the “new FCPA.” Where decades of FCPA “high probability” enforcement already has occurred, the EAR regulators are sure to follow. The Department of Commerce’s Bureau of Information & Security (“BIS”) indeed now is staffed with enforcement officials having prior experience in FCPA enforcement.[4]

In looking ahead at export controls and sanctions enforcement, it is helpful to look back at the past decades of FCPA high-probability enforcement built around indirect and circumstantial evidence. In that context, a “high probability” of a circumstance (in that context, bribery) was shown, for example, where a defendant:  (1) was aware of “pervasive” corruption in a particular former Soviet state generally, (2) was aware that in such countries privatization of state-owned assets was particularly fraught with corruption risk, (3) was aware of prior media reports alleging his business partner acted corruptly in the past, and (4) interposed shell companies between himself and his partner.[5]

Like “willfulness,” “high probability” is not a bright-line rule. In the context of FCPA enforcement, the Department of Justice (“DOJ”) and Securities & Exchange Commission (“SEC”) have issued published guidance that includes common “red flags” indicating a high probability of corruption.[6]  While that guidance is not statutory law nor a court decision, in practice it does inform DOJ and SEC enforcement activity and, accordingly, anti-corruption compliance programs’ assessments of third-party risks.

Strong Signals of “High Probability” to be Increasingly Leveraged in Enforcement

Over the past year the signals have been loud and clear. Following the DOJ and SEC’s FCPA playbook, it is very straightforward for BIS to point to several public advisories or guides issued recently as indicating what “red flags” it would consider to be circumstantial evidence of an awareness of a “high probability” of evasion. These would include:

• BIS’s own public list of “Red Flag Indicators”;
• The June 28, 2022 “FinCEN & BIS Joint Alert” (listing “select red flag indicators of export control evasion”);
• The March 2, 2023 “Tri-Seal Compliance Note” with the Departments of Justice and the Treasury (listing several “common red flags”);
• The May 19, 2023 “Supplemental Alert” with FinCEN (highlighting the evasion risks of third-party intermediaries and identifying “new transactional and behavioral red flags”);
• The June 9, 2023 “Guidance to Industry on Iran’s UVA-Related Activities” with the Departments of Justice, State, and the Treasury (including a non-exhaustive list of red flags that “demonstrate that a party . . . may be engaged in efforts to evade or otherwise violate sanctions or export controls”);
• The October 18, 2023 “Iran Ballistic Missile Procurement Advisory” with the Departments of Justice, State, and the Treasury (listing deceptive methods employed by Iran’s procurement networks); and
• The November 6, 2023 “FinCEN & BIS Joint Notice” (again highlighting “red flags”); and
• The December 11, 2023 “Quint-Seal Compliance Note” with the Departments of Justice, State, Homeland Security, and the Treasury (identifying “red flags” in the maritime or other transportation industries).

It would be difficult, given the several public pronouncements above, to feign an unappreciation of these risks. Assuming BIS takes a similar approach as the DOJ and SEC regarding the FCPA, the presence of such red flags does not mean that proceeding with the shipment or transaction is impossible. But to do so safely, the manufacturer or exporter would need to conduct risk-based due diligence that establishes actual knowledge that evasion is not, in fact, going to happen.

U.S. Sanctions Enforcement

OFAC’s legal authorities do not include an express “high probability” alternative definition of “knowledge.” But U.S. sanctions programs typically define prohibited conduct as that undertaken with “knowledge or reason to know” of prohibited conduct,[7] and the Iran Sanctions Act of 1996 further defines “knowingly, with respect to conduct, a circumstance, or a result” to mean “that a person has actual knowledge, or should have known, of the conduct, the circumstance, or the result.”[8] Although “reason to know” and “should have known” are not as elastic as “high probability,” OFAC does have a history of bringing enforcement actions on a “reason to know” basis[9] and, given the Treasury Department’s co-signing of all of the above public advisories, manufacturers and exporters should similarly expect OFAC to either adopt a high-probability enforcement approach in practice or seek express statutory or presidential authorization to do so.[10]

Practical Steps for Companies, In-House Legal and Compliance Teams, and Boards of Directors

1) Fairly or not, U.S. authorities will view past conduct through today’s national security lens

The objective of U.S. national security policy is not to reward or exempt those with the cleverest lawyers or consultants. The objective is to stop bad people from doing bad things, including killing both combatants and civilians—others’ and our own. As war continues in Europe and reignites in the Middle East, continuing to exploit perceived loopholes or technicalities from an administrative, strict-liability enforcement environment which does not factor in consideration of whether there is a “high probability” of evasion—under today’s facts and circumstances—increasingly runs the risk of being viewed by BIS (or other enforcement officials such as the DOJ) as acting with an awareness of a high probability of evasion.

2) Do not take false comfort in loopholes or technicalities

Stress-test the risk calibration of your compliance program by asking yourself, “What do you think is really happening?” For example, when exports previously sent to an entity recently placed on the Entity List are simply rerouted to recently formed or as-yet unlisted subsidiaries of the same entity, are you comfortable seeking refuge in that loophole? Or is there a risk BIS will think differently under a leveraged high probability standard or that the DOJ might even consider the conduct evidence of “willfulness,” as we discussed in Part 1?

3) It’s cheaper to invest in front-end compliance program recalibration then prepare to challenge regulators’ new perspectives in court

Perhaps companies or individuals will challenge high-probability enforcement theories in court and will be able to do so successfully. But to do so, we expect they will need to run the gamut of costly and disruptive investigations and court proceedings, during or the result of which export privileges could be temporarily denied. The more prudent course, in our view, would be to take a fresh look at whether your company’s current practices and risk calibration would be the same in a more aggressive civil and criminal enforcement environment. Our previous posts offer guidance for doing so effectively and pragmatically.[11]

For C-Suite leaders and boards of directors, being effective and pragmatic are the key guiding principles in all this. In the context of the old FCPA, fully utilizing the “high probability” standard has brought FCPA enforcement risk to the top of international companies’ risk assessments.  In the context of the “new FCPA,” finally employing the same standard should have the same practical impact.

Footnotes

[1] See Brent Carlson & Michael Huneke, “How Not to Stand Out Like a Sore Thumb (Part 1):  A Fresh Look at the “Willful” Intent Standard for Criminal Liability in Export Controls and Sanctions Corporate Enforcement,” PCCE Compliance & Enforcement Blog (Feb. 13, 2024) (“Part 1”).

[2] Jan Dunin-Wasowicz and Gonzalo Saiz, Commentary:  Time to Act: Mobilising EU Sanctions against Facilitators of Circumvention (Feb. 7, 2024) (demonstrating that existing E.U. regulations allow the E.U. “to impose sanctions on circumvention grounds using a standard of ‘reasonable suspicion’, informed by red flags.”).

[3] 15 C.F.R. § 772.1 (emphasis added); see Dep’t of Commerce, Export Administration Regulation; Simplification of Export Administration Regulations, 61 Fed. Reg. 12,715 (Mar. 25, 1996).

[4] Matthew S. Axelrod, “The New Era of Export Enforcement,” NYU Law’s Program on Compliance and Enforcement, (July 18, 2023).

[5] United States v. Kozeny, 667 F.3d 122, 133 (2d Cir. 2011).

[6] See DOJ Criminal Division & SEC Enforcement Division, A Resource Guide to the U.S. Foreign Corrupt Practices Act, at 23 (2d ed. 2020).

[7] See, e.g., ITSR § 560.204.

[8] International Emergency Economic Powers Act (“IEEPA”), 50 U.S.C. § 1701 note, Iran Sanctions Act of 1996, Pub. L. 104-172 (as amended), Section 14(13).

[9] Gatta, Brian M., et al., The TURBOFAC U.S. Sanctions Encyclopedia (“TURBOFAC”) (queried Feb. 11, 2024).

[10] See Gatta, Brian M. et al., Commentary on OFAC’s Enforcement Release as to Alfa Laval Inc., TURBOFAC (accessed Feb. 11, 2024) (querying whether OFAC could not establish sufficient intent as to the U.S. persons for the export scheme (although it could as to a facilitation scheme)).

[11] See Brent Carlson & Michael Huneke, “An Ounce of Prevention is Worth a Pound of Cure . . . or an Imposed Compliance Monitorship: A Fresh Look at the DOJ’s Corporate Enforcement Toolkit Applied to Sanctions and Export Controls Enforcement,” PCCE Compliance & Enforcement Blog (Dec. 4, 2023).

Brent Carlson is a Director at the Berkeley Research Group, LLC. Michael Huneke is a Partner in the Anti-Corruption & Internal Investigations and Sanctions, Export Controls, and Anti-Money Laundering practice groups at Hughes Hubbard & Reed LLP. The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the opinions, position, or policy of Berkeley Research Group, LLC or its other employees and affiliates.

The views, opinions and positions expressed within all posts are those of the author(s) alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of the New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity or any statements made on this site and will not be liable any errors, omissions or representations. The copyright of this content belongs to the author(s) and any liability with regards to infringement of intellectual property rights remains with the author(s).