Record penalties for US sanctions and export controls violations

In the course of a single week, the US Department of Commerce’s Bureau of Industry and Security (BIS), the US Department of Justice (DOJ), and the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced separate record-breaking settlements of alleged violations of US sanctions and export controls. On April 19, 2023, BIS announced the largest standalone administrative penalty in the agency’s history on US-based hard drive manufacturer Seagate Technology LLC (Seagate US) and its Singapore subsidiary, Seagate Singapore International Headquarters Pte. Ltd. (Seagate Singapore). On April 25, 2023, DOJ and OFAC announced the largest North Korea sanctions penalty to settle criminal and civil charges with UK-based tobacco product manufacturer British American Tobacco (BAT) and its Singapore subsidiary, BAT Marketing Singapore (BATMS). These actions are a reminder that the US government is continuing to aggressively enforce sanctions regulations and scrutinize the activities of non-financial institutions, and highlight the need for US and non-US companies to implement a robust, cross-border strategy for compliance with US sanctions and export controls.

BIS administers penalty for sales to Huawei

BIS announced a US$300 million settlement with Seagate US and Seagate Singapore, including a mandatory multi-year audit and a five-year suspended denial order, to resolve alleged export violations related to the sale of hard disk drives (HDDs) to Huawei Technologies Co. Ltd. (Huawei). Standard BIS denial orders prohibit the listed person from, among other things, directly or indirectly participating in any exports subject to the Export Administration Regulations (EAR). The involvement of such persons in supply chains or sales can cause transactions to be prohibited.

Seagate US and Seagate Singapore are affiliates of Seagate Technology Holdings, which markets itself as the largest computer hard drive manufacturer in the world. BIS alleged that Seagate US and Seagate Singapore sold over 7.4 million HDDs to Huawei in violation of US export controls. In May 2019, Huawei and several of its non-US affiliates were added to the BIS Entity List. As a result, licensing requirements were imposed on exports, re-exports and transfers (in-country) of all items subject to the EAR destined to or involving these listed Huawei entities. In August 2020, BIS added several Huawei affiliates to the Entity List and imposed a license requirement on foreign-produced direct products (FDP) of certain US-origin software and technology when: (1) there is knowledge that a listed Huawei entity is a party to any transaction involving the foreign-produced item and (2) the foreign-produced item is produced by any plant or major component of a plant that is located outside the United States and that itself is a direct product of US-origin technology or software subject to the EAR that is specified in certain Export Control Classification Numbers (ECCNs).

BIS alleged that despite these restrictions, over the following year, Seagate US, Seagate Singapore and other affiliates repeatedly engaged in transactions with Huawei without BIS authorization and therefore in violation of US export controls. BIS faulted Seagate for continuing to supply Huawei while its competitors declined similar exports in the wake of these expanded restrictions. BIS also emphasized that the US$300 million penalty was “more than twice what BIS estimates to be the company’s net profits for the alleged illegal exports to or involving Huawei.”

DOJ and OFAC impose criminal and civil penalties for sanctions violations

Together, DOJ and OFAC imposed a total monetary penalty of over US$629 million on BAT and BATMS, marking the largest penalty administered to date for a violation of sanctions related to North Korea. DOJ has also entered into a three-year deferred prosecution agreement with BAT that includes a requirement for BAT to implement a compliance and ethics program and to comply with US sanctions and anti-money laundering measures while BATMS entered a guilty plea to felony charges for bank fraud and sanctions evasion. In OFAC’s parallel proceeding, BAT was also charged with violations of the Weapons of Mass Destruction Proliferators Sanctions Regulations and, as part of the settlement, has committed to making significant compliance program enhancements over the next five years. OFAC noted that the BAT/BATMS economic penalty is its largest settlement ever with a non-financial institution.

BAT markets itself as one of the largest tobacco product manufacturers in the world. In 2007, BAT had spun off its North Korea sales to a third-party joint venture entity. DOJ alleged that over the next decade, BATMS remained in control of the North Korea tobacco sales and BAT used the third-party joint venture entity and a network of front and shell companies to run these USD transactions through the US financial system. Based on such conduct, DOJ claimed that BAT and BATMS conspired to commit bank fraud and violate the International Emergency Economic Powers Act (IEEPA). In the civil context, OFAC’s investigation found that from 2009 to 2016, BAT and BATMS engaged in a conspiracy to violate, and cause US banks to violate, US sanctions by sending funds through a string of designated North Korean banks, foreign intermediaries, and US banks. US persons are prohibited from engaging in transactions with persons designated on the Specially Designated Nationals and Blocked Persons List (SDN List) (or owned 50 percent or more by one or more such SDNs) unless licensed or otherwise authorized. DOJ and OFAC emphasized that these enforcement actions are part of the US government’s greater strategy for combatting the funding of the North Korean nuclear program.

Non-US subsidiaries must consider risks of local enforcement

Notably, both the Seagate and BAT settlements involved non-US subsidiaries incorporated in Singapore. In addition to the risks presented by the scope of US sanctions laws (which can extend to non-US companies in certain circumstances), non-US companies should also be mindful of the local sanctions regime in their country of operation. Although it is unclear whether related enforcement action was taken by the Singapore authorities with respect to the present matters, it is apposite to highlight that the Singapore sanctions regime similarly prohibits dealings with designated individuals and entities (and includes blanket prohibitions against supplying, selling or transferring designated items to any person in certain countries) and has recently adopted a more concerted effort in enforcing United Nations sanctions (which in Singapore have been implemented domestically via the United Nations Act 2001 and the Regulations thereunder), resulting in the imposition not only of fines on companies and individuals involved but also imprisonment terms for key individuals—including the directors of errant companies. Because every jurisdiction’s regulations and enforcement priorities can differ, multi-jurisdictional companies should ensure that their sanctions compliance programs adequately account for the breadth and depth of both local and foreign jurisdictional risks.

Practical takeaways

Together, these settlements from BIS, DOJ and OFAC demonstrate that US authorities are increasingly taking a coordinated approach to enforcement of sanctions violations and wielding their enforcement authorities to their fullest extent. Most BIS enforcement actions to date have not resulted in civil monetary penalties and any such penalties have tended to be more modest than those of OFAC and DOJ. The Seagate settlement represents a significant deviation from that trend. In addition, both settlements demonstrate that although much of the sanctions-related regulatory focus within the past year has been on Russia, the US has not taken its eye off other sanctions regulations. The BAT settlement is the largest North Korea sanctions penalty ever imposed. Moreover, while historically, financial institutions have been the subject of the largest penalties, these settlements underscore that increased regulatory scrutiny is being directed to non-financial institutions.

Further, the involvement of Singapore subsidiaries in these matters is a reminder for companies with multi-jurisdictional operations to evaluate their sanctions compliance strategies and programs to ensure they can effectively preempt and proactively address their operational risks. While the sanctions and export controls landscape is ever-evolving, reasonable risk-based approaches should include consideration of trends in regulatory enforcement in all applicable jurisdictions. Companies subject to the Singapore sanctions regime, for instance, should note the Singapore authorities’ heightened enforcement efforts against violations of United Nations sanctions and the scope of potential risks, including fines for companies and imprisonment for key individuals.