The Case for Knowing: Compliance Liability in the Time of Data
If you already have the data, you already know.
In today's world of heightened geopolitical tensions and increased regulatory scrutiny, adherence to the laws and regulations governing international trade is paramount for any company involved in global commerce. Failure to comply can lead to severe legal liabilities and penalties, including personal criminal liability for leadership and potentially billions of dollars in fines in extreme cases. With growing pressure from government authorities to identify red flags and voluntarily disclose violations, it is imperative that trade compliance departments urgently adopt proactive measures to achieve that data transparency and analytics necessary to keep pace.
I. General Legal Responsibilities:
If trade compliance regulations were boiled down to their essence, we have two primary responsibilities: 1) Don't lie to the government, and 2) Don't engage in restricted transactions without authorisation.
For example, in the U.S. businesses must avoid making false statements to government authorities when entering merchandise into the United States' commerce. Whether due to fraud, gross negligence, or negligence, any material and false document or electronically transmitted data, or any omission of material information, can lead to severe legal consequences.
Further, companies must take steps to ensure that they comply with export controls and sanctions, as failure to do so can result in significant legal liabilities and penalties, as well as other consequences such as inefficient business processes and repetitional harm.
When we start to consider our company data, we see the conflict that can arise with company data. If we are reliant on company data to make decisions and to make statement to the government regarding our trade practices, it is important that we have clear visibility of that data because we are liable for its resulting consequences.
II. Liability for Knowledge:
"Do I really want to know? Because once we know, we know..."
Misconception: Looking into data would create additional liability for the company. “We don’t want to go seeking red flags in our data, once we know, we know” Where does this come from? BIS Guidance: If There Are Red Flags If “red flags” are raised, an exporter has an affirmative duty to investigate the suspicious circumstances and take steps to determine the end-use, end-user, and ultimate country of destination of the item being exported, before the company can proceed with the transaction. If There Are No Red Flags Absent “red flags,” there is no affirmative duty upon a party to inquire, verify, or otherwise “go behind” a customer’s representations
Liabilities in trade compliance can be evaluated based on the level of knowledge and intent demonstrated by the involved parties. While some violations may require proof of knowledge or reasonable cause to suspect, others may be subject to strict liability, irrespective of the party's awareness.
Let's think about three scenarios:
Scenario 1: Uncovering Sanctions Violations
Consider a situation where a company engages in business with a new customer in the UAE seeking to purchase dual-use items. During discussions, the customer represents themselves as the end-user, and the sales team observes no clear indication of risk. Relying solely on the available information, the sales team proceeds with the transaction. Unfortunately, it is later discovered that the customer acted as a middleman and sold the items to a military end-user in China. In this case, data analytics could have identified red flags, such as past behaviors or unusual patterns in the transaction, preventing the illegal sale and mitigating potential legal liabilities.
Scenario 2: Overlooking Distribution Details
In another instance, a German-based company conducts business with a new distributor in Turkey. The items being purchased are of U.S. origin and considered EAR99. To avoid hindering the sale, the sales team refrains from asking questions about the distributor's business or customers. Consequently, the U.S. items end up in Iran, resulting in legal liabilities for the company. Transparent utilization of data and data analytics could have revealed red flags and potential risks associated with the transaction, allowing the company to take appropriate measures to ensure compliance.
Scenario 3: You are doing business with a new customer in Turkey, who wants to buy dual-use items from your company. In the discussions with your sales team, the representative from the customer does not provide information regarding the end-user of the product when asked, and instead only provides the name of a freight forwarder. Sadly, it is later discovered that your items ended up in Iran.
In scenario 1:
In scenario 2:
In scenario 3:
How are you currently made aware of red flags at your company?
Training & Awareness to Teams?
Employees call you when they identify an issue?
Your Data is Calling You!
Just because your sales manager doesn’t call you to inform you of transactional red flags that arose with a customer doesn’t mean they don’t exist. Just because your data isnt calling to inform you of red flags, doesnt mean they don’t exist. Lack of your awareness ≠ lack of existence Reality: You already know! Your company data is not a “black box” sitting somewhere externally that you can keep closed and claim you didn’t know, it is internal information that your company HAS regardless of your personal human-level of awareness. It contains evidence of what your company is doing (or not doing), and the red flags and risk indicators already exist.
• IP addresses • A recent trend in enforcement actions has focused on utilization of IP address data as indicative of sanctions violations. • Example: OFAC Settles Two Enforcement Actions for over $24M and $29M Against Virtual Currency Exchange Bittrex, Inc. for Apparent Violations of Multiple Sanctions Programs, based on internet protocol (“IP”) address information and physical address information collected about each customer at onboarding, Bittrex had reason to know that these users were in jurisdictions subject to sanctions. • Past Behavior • A very common basis for knowledge in enfocrment actions is a past behavioral indicator that the compay is aware of the applicable laws and proccess. • Example: there are almost too many examples of authorities looking at scenarios where a company has exported an item with a license to one country but then did not use a license for a comparable country in another instance. • Relevant Data • Authorities have been pushing companies to utilize all relevant data. • Example: Recent VD by Amazon related to their automated sanctions-screening processes which reportedly “failed to fully analyze all transaction and customer data relevant to compliance,” according to OFAC.
Worth noting: “Amazon voluntarily self-disclosed the apparent violations to OFAC, cooperated with OFAC’s investigation by providing data analysis of the apparent violations and submitting detailed information in a well-organized manner” 2) Amazon voluntarily self-disclosed the apparent violations to OFAC, cooperated with OFAC’s investigation by providing data analysis of the apparent violations and submitting detailed information in a well-organized manner, and entered into tolling agreements with OFAC. In addition, Amazon conducted an internal investigation without receiving an administrative subpoena and identified and disclosed the circumstances of the transactions that led to the apparent violations.
III. Uncovering Invaluable Insights with Data Analytics:
Data analytics is an invaluable tool that can offer unparalleled insights by revealing hidden patterns and red flags that may not be evident through manual processes alone. Even if the available data is imperfect, its analysis can still provide valuable information for trade compliance efforts. Trade compliance departments should not wait for a perfect time to implement data analytics; rather, they must embrace continuous opportunities to strengthen their legal position and protect their business interests effectively.
IV. Embracing Data Analytics for Enhanced Compliance:
So what‘s the value of data analytics and transparent utilization of data? Don’t get so caught up in “knowing your customer” that you forget to know yourself! Misconceptions: Good data isnt available, so we can’t use analytics. “Garbage in, garbage out”, “I don’t have access to our data”, ”master data isn’t my responsibility” Trade compliance departments have long struggled with Master Data quality (if it exists at all), and the responsibility and ability to improve it is a constant debate. Reality: Garbage can be insightful, especially since you already rely on it. To an extent, the data that exists is the „reality” of the business, especially if that is what is being determined & declared for trade purposes.One common misconception is that good data may not be readily available, making data analytics challenging or even impossible. However, even imperfect data can be insightful and provide valuable information for compliance teams. Additionally, transparent utilization of data allows businesses to make informed decisions, identify potential risks, and stay proactive in their compliance efforts.
In the dynamic landscape of trade compliance, legal liabilities and penalties loom for businesses that fail to identify red flags and manage risks effectively. By embracing data analytics, trade compliance departments can uncover invaluable insights, detect potential violations, and safeguard their organizations from legal repercussions. Leveraging real-life examples, this essay emphasizes the significance of data analytics in enhancing compliance efforts and proactively managing legal liabilities. Trade compliance departments should prioritize the transparent utilization of data, implementing data analytics tools to strengthen their compliance programs and protect their businesses in an ever-changing regulatory environment. Embracing data analytics not only enhances risk management but also ensures a future-ready compliance strategy for businesses in the global marketplace.