Thank you for sharing!

Your article was successfully shared with the contacts you provided.
Imagine yourself in this scenario, based on the proverbial true story: You are an in-house counsel for a technology company. As you sip your morning coffee, the VP of your company’s product development group bursts into your office and asks if you can drop everything to review an inbound software license that she calls “critical” to the company’s efforts to update one of its key products. Her face reddened by stress, she explains that the deal needs to close “yesterday.” When you review the contract, you are relieved to discover that its terms are fairly reasonable, so it will not need major changes. The other party to the contract, you notice, is a U.K. corporation based in London with an innocuous sounding name: Critical Software Ltd. Before noon, you send your redlined markup of the contract to the e-mail address of a contact person at Critical Software and learn within a few hours that all of your changes have been accepted. Your internal client is elated and thinks you are positively brilliant to turn the contract around so quickly. After the contract is fully executed, your company wires the license fee to Critical Software, and then awaits delivery of the code and documentation. The next day, your company learns that the wired payment was never received by Critical Software. It was blocked by the bank that received the wire payment, pursuant to the rules of a U.S. agency you’ve never heard of: the Office of Foreign Assets Control. What’s more, says the bank, your company will never receive the software code and the documentation, may never get its license fee “unblocked” and refunded, and now faces an OFAC penalty of $250,000. The explanation? Critical Software is a front for a foreign government on OFAC’s list of specially designated nationals, or SDNs. Rubbing salt in the wound, the bank explains that when it reports the prohibited transaction to OFAC, the agency will likely make the company’s violation public. Your simple transaction has turned into an expensive business failure and a public relations disaster. Never heard of the SDNs list? As in-house counsel, if you don’t know what an SDN is or don’t have an OFAC compliance program in place, your company may be playing Russian roulette every time it engages in a transaction. OFAC, which is part of the Treasury Department, prohibits any transaction of any size or kind involving an SDN and property, or interests in property, in the United States or within the possession or control of U.S. persons. Violations can result in severe civil and criminal penalties (including, in the case of individuals, jail time), as well as harm to reputation. OFAC’s enforcement efforts target transactions and property interests, rather than persons; therefore, the agency is not constrained by due process protections for persons. The scope of OFAC’s authority over transactions may not be widely understood among in-house counsel. Traditionally, OFAC has primarily focused on financial institutions that may be involved in money-laundering transactions. But after Sept. 11, 2001, President George W. Bush expanded the agency’s authority and focus with Executive Order No. 13,224. The SDNs list can be revised at any time by executive order of the president, by international treaty, by the secretaries of state or treasury, or by the attorney general. As recently as March 7, the president added 77 persons associated with the government of Zimbabwe. If the scope of OFAC’s enforcement authority over transactions is taken literally, it means that before a department store sells a pair of socks, or a pizza parlor delivers a pizza, they must first conduct thorough due diligence to make sure the customer is not an SDN. Common sense would suggest that due diligence cannot be performed on customers in routine domestic retail transactions, and there is no evidence that OFAC has sought to enforce its rules in such cases. But there is no assurance that, in the midst of the war on terrorism and other global conflicts, your company would not be the first test case. Clearly, OFAC enforcement should be expected in its traditional “sphere of influence” — transactions involving securities, mergers and acquisitions, exports and imports, and financial transactions of any kind. FIRST PRIORITY: IDENTIFICATION To comply with OFAC, establish a procedure to identify SDNs before the company executes a transaction with that party. If the compliance procedure identifies an SDN, the company must then block or reject the SDN transaction and report that action to OFAC twice (within 10 days and then annually). Aside from this obvious benefit of staying out of trouble, establishing an OFAC compliance policy should be a mitigating factor (along with evidence of a good faith effort to implement it), should a violation occur. Your company can comply by checking a particular party to a transaction against the SDNs list “manually,” by downloading the list from OFAC’s Web site: www.ustreas.gov/offices/enforcement/ofac/. You will also need to sign up for automatic updates via e-mail or by synchronizing your Web browser. Then you can run the software’s “edit/find/find next” functions to determine if a particular person, entity, or country is on the SDNs list. If your company engages in a high volume of transactions, you may want to consider automatically checking prospective transactions by buying software. It’s highly recommended to maintain a record of all SDN searches the company conducts and, more important, a log of all “hits” your searches triggered against the SDNs list. What if the name involved in a transaction search generates a “hit” on the SDNs list, but you’re not sure if the name is identical to the one on the list? Names on the SDNs list frequently include identifying information such as aliases, passport numbers, date of birth, etc. SDNs are more likely to use an alias than their real name in a conventional business transaction, and some foreign language names can have more than one accepted spelling in English (e.g., Osama and Usama). You may have concerns that disclosing transactional and customer information to OFAC may violate company privacy policies, privacy regulations, and nondisclosure agreements. Because OFAC’s disclosure requirements are mandatory, however, SDN-related disclosures should fall under the “legally compelled disclosure” exception common in most privacy policies, regulations and nondisclosure agreements. Nevertheless, in-house counsel would be wise to revisit the terms of the company privacy policy and nondisclosure agreement form. In addition, if your company works with a third party that is authorized to engage in transactions on behalf of your company, you should find out whether that party has an OFAC compliance program, and if so, whether your company needs special contractual representations, warranties, and indemnification relating to its OFAC compliance program. If you have specific questions, OFAC operates a compliance hotline — (800) 540-OFAC (6322). Under some circumstances, it may be more prudent to have your outside counsel contact OFAC on your company’s behalf. Marc S. Martin, a special counsel at Kelley, Drye & Warren, was vice president, general counsel, and corporate secretary of the Vienna, Va.-based Convera Corp. and a senior in-house counsel of BET Holdings and the Capital One Financial Corp. He can be reached at [email protected]. Evan Wagner is director of information technology at Convera and can be reached at [email protected].

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.