Five lessons from the ZTE sanctions violations

As we start the new year, we examine some of the lessons to be learnt from the ZTE sanctions violations settlement which was the largest such settlement with the US regulators in 2017.

Background

Zhongxing Telecommunications Equipment Corporation (more widely known as “ZTE”), entered into a settlement agreement (the “Settlement Agreement”) with the US Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) in March 2017 in relation to its breaches of US trade sanctions against both Iran and North Korea. This article will focus mainly on ZTE’s transactions with Iran.

ZTE had, from around January 2010 to around March 2016, “engaged in a pattern or practice” of wilfully attempting to “evade and circumvent” the Iranian Transactions and Sanctions Regulations (the “ITSR”).

Despite being aware of the consequences of violating sanctions, ZTE had deliberately adopted a company-wide policy for the purpose of engaging in trade with Iran. Specifically, it was found to have engaged in the following conduct:

  • Obscuring, concealing, and/or otherwise failing to disclose to US person suppliers the material fact that US origin goods were specifically intended for re-exportation to Iran, or re-exporting US origin goods subject to the US’s Export Administration Regulations (“EAR”) from China with knowledge that the goods were intended specifically for Iran.
  • Removing, attempting to remove, and/or conspiring to remove ZTE logos and other markings, references, and identifications from shipments and/or packages containing US origin goods destined for Iran with the purpose of obscuring their source and to give the appearance that ZTE was not involved or engaged in business with or in Iran, thereby minimising detection by US regulators, law enforcement, or OFAC.
  • Commingling US-origin goods in packages with foreign-origin goods with the specific goal of concealing US-origin items and minimising detection by US regulators, law enforcement, or OFAC.
  • Using various codenames at different times for Iran (“YL” and “Qatar”), Iranian customers (“YD”, “YA” and “YC”), US embargoed countries and State Sponsors of Terrorism (“special areas” and “Category Z”) in internal communications and documents to further avoid detection and conceal the fact that ZTE was conducting business with and in Iran and other embargoed countries.
  • Deleting and/or attempting to delete any references to Iran and Iranian customers in ZTE’s internal communications and documents after US government agencies began investigating ZTE.
  • Utilising or attempting to utilise third-party isolation companies that were effectively controlled by ZTE to serve as procurement and/or end-user intermediaries for US-origin goods specifically destined for Iran and/or Iranian customers.
  • Referring to Iran generically as the “Middle East” in internal communications and documents to further obscure and conceal the fact that the Respondent was conducting business with and in Iran. ZTE otherwise maintained a normal practice of identifying countries not subject to OFAC sanctions by their actual names.

ZTE had further entered into contracts and agreements with various Iranian companies that involved the supply of US origin goods.

Breaches

It was agreed that ZTE had engaged in activities that had violated the following regulations of the ITSR: 

  • Regulation 560.203, which contains a broad prohibition against the evasion, attempted evasion, causing violations of, and conspiring to evade and/or to cause violations of sanctions regulations.
  • Regulation 560.204, which contains a general prohibition against the exportation, re-exportation, sale or supply of US origin goods, technology, or services to Iran.
  • Regulation 560.205, which contains a general prohibition against the re-exportation of US origin goods, technology, or services to Iran or the Government of Iran even by non-US persons.

While the ITSR does contain specific exceptions to the general prohibition under Regulation 560.205, ZTE’s activities did not fall within these exceptions. Such exceptions are where the goods and technology to be exported or re-exported are either:

  • Substantially transformed into a foreign-made project outside of the US.
  • Incorporated into a foreign-made project outside the US if the aggregate value of such goods and technology described in the regulation constitutes less than 10% of the total value of the foreign-made product to be exported from a third country.

Nevertheless, even if ZTE’s activities had fallen under these exceptions, ZTE could still have been found liable under section 560.203 for conspiring to evade sanctions.

Decision

OFAC found that ZTE had:

  • Violated the ITSR.
  • Not made any voluntary self-disclosures of these violations to OFAC.
  • Engaged in egregious conduct with regard to the circumstances under which the breaches occurred and during the process of OFAC’s investigations. 

As such, OFAC levelled both criminal and civil penalties against ZTE.

As part of the Settlement Agreement, ZTE reportedly agreed to pay OFAC combined criminal and civil penalties worth USD 892.4 million, and an additional penalty of USD 300 million to the Bureau of Industry and Security (BIS) – which is a regulator under the US Commerce Department distinct from OFAC. This is the largest fine imposed on a non-financial entity to date.

Aggravating factors

It was stressed that ZTE had deliberately obscured its activities with Iran and had sought to hide any evidence of its own impropriety. As such, it was clear to OFAC that ZTE had been entirely aware of the illegality of its actions, yet still continued to engage in them.

Further, ZTE had a history of being investigated by OFAC. Indeed, OFAC conducted investigations into ZTE for engaging in substantially similar conduct in 2010 to 2012. In response to earlier investigations, ZTE had informed the US government agencies and the public that it was winding down its exports and re-exports of US-origin goods to Iran. As such, ZTE was found to have misled the US government as to their continuing activities in Iran.

Despite being investigated by OFAC and therefore being put on notice of possible sanctions violations, ZTE in fact resumed performance of ZTE’s prior contracts with their Iranian customers in November 2013. ZTE’s senior management had agreed to continue the performance of their obligations under the Iranian contracts following repeated requests from its Iranian customers. Instead of attempting to comply with the sanctions regulations, ZTE sought to establish a more “capable” third party to serve as the intermediary shell company between itself and its Iranian customers in an attempt to mask its violations of the ITSR.

Five lessons learnt

Following the announcement of the settlement, the chairman and president of ZTE had said in a statement that, “We have learned many lessons from this experience and will continue on our path of becoming a model for export compliance and management excellence.”
  
We set out below five lessons that should be learnt from the fallout of ZTE’s violations of US-imposed sanctions.

Lesson 1: The US actively enforces its sanctions regulations

Sanctions regulations are not promulgated just “for show” or for the purposes of simply making a political statement. These sanctions are actively enforced by the US regulators. Wilbur Ross, the US Secretary of Commerce, had warned at the time that penalties on ZTE were imposed that the “games are over” and that “those who flout [the US’s] economic sanctions and export control laws will not go unpunished – they will suffer the harshest consequences.”

Anyone who is potentially affected by sanctions regulations should be aware of which sanctions regulations affect them and should understand what precautions need to be taken to avoid breaches, whether deliberate or inadvertent, of such regulations.

Lesson 2: Non-US entities can also be subject to US sanctions regulations

While most US sanctions primarily affect US persons only, some US sanctions regulations also affect non-US entities outside the US. As this case illustrates, it would be naïve for a non-US entity operating outside the US to believe that US sanctions regulations will have no impact on its business or that the US will not be able to enforce its sanctions regulations against offending entities outside the US.

Any entity engaging in cross-border transactions should be aware that sanctions regulations of foreign countries may have an impact on its business. In the case of US sanctions regulations, it is important to appreciate that the regulations could affect non-US entities not only where the transaction involves sanctioned individuals / entities but also where there are US persons involved (perhaps as suppliers or service providers), or where a trade involves US origin goods, technology or services.

Although China has consistently maintained that it is inappropriate for the US to dictate who the rest of the world should trade with, Chinese Foreign Minister Wang Yi has noted that “we have always asked [Chinese] companies to operate legally abroad.”
The Singapore Ministry of Foreign Affairs has previously said in an official statement in relation to an earlier unrelated case involving breach of US sanctions by a Singapore trading company that “[i]n general, we are not in a position to enforce the laws of other countries. But we expect that given the importance of the US in the world economy, companies with dealings with countries subject to unilateral US sanctions will take notice… and make their own calculations in the light of their own commercial interests.”

Lesson 3: The US regulators appreciate self-disclosure

As in previous cases where companies have been fined for US sanctions breaches, one of the factors that is taken into account when the regulators are determining the level of fines to be imposed is whether the offending company had made any voluntary self-disclosure of the sanctions violations in question.

Where there has been no voluntary self-disclosure, and worse still, where the offending company has knowingly and actively tried to conceal its breaches of sanctions regulations, the penalties imposed will be much higher. Regulators generally appreciate if early voluntary self-disclosure is made even in circumstances where it is unclear whether or not there has in fact been a breach of sanctions regulations.

Lesson 4: Trying to circumvent US sanctions regulations is just as bad

When the US imposes sanctions against countries, this can sometimes have the unintended effect of incentivising certain companies to try to find a way “around” the sanctions regulations so that they can profit by doing business that other more conscientious and law-abiding companies would have to avoid.

Regulators know that that some individuals and companies will always try to find ways to circumvent sanctions regulations, whether through the use of intermediaries or some other forms of obfuscation. For this reason, “catch all” regulations such as ITSR Regulation 560.203 are framed in such a way that allow regulators to investigate and impose penalties on companies that may not have directly breached sanctions regulations but have attempted or conspired with others to evade such sanctions.

Lesson 5: Sanctions compliance procedures are key

If ZTE had proper sanctions compliance procedures in place and these procedures were followed, it would probably have been possible for many of these sanctions breaches to have been avoided. Such compliance procedures would have included, amongst other things, making genuine inquiries as to the origin, destination and the type of goods exported, as well as to the identities of the parties involved in each transaction. ZTE would also have had to identify, based on the information obtained, what sanctions regulations actually applied to each transaction and whether there was a risk of such regulations being breached.

While ZTE’s breaches in the present case appear to be largely deliberate, there can also be cases where despite a company’s best efforts, sanctions regulations have been inadvertently breached – for example, where a counterpart has concealed the identities of true receivers of goods. Having proper sanctions compliance procedures in place and maintaining the relevant records of enquiries made would be helpful even after a breach has been discovered. If it can be shown that there were adequate procedures in place and that the breach could not have reasonably been discovered, regulators would most likely consider such procedures to be a strong mitigating factor when deciding whether and what level of penalty to impose.

About the team

Kennedys Legal Solutions’ sanctions and compliance practice group is part of a wider global offering. In Singapore, we specialise in assisting clients in the shipping, international trade and insurance sectors, with issues relating to trade sanctions, anti-money laundering and anti-bribery regulations.

As these regulations continue to change and evolve in both Singapore and globally, we recognise the importance of monitoring key developments and assessing the potential impact on our clients’ businesses. This enables our clients to make appropriate commercial decisions and to ensure their businesses and employees always comply with international trade sanctions and applicable regulations.

Together with lawyers from our offices across the globe, we are able to provide our clients with comprehensive, all-encompassing compliance and regulatory advice in relation to global sanctions, anti-money laundering and anti-bribery regimes.