Compliance and Economic Sanctions in the Virtual Arena, Workable and Never Ending

A U.S.-based Massive Open Online Courses (MOOC) educational services provider, Coursera, felt recently the sanctions regulations pinch. In an unusually public way, as far as cases such as these go, Coursera cut out Cuba, Iran, and Sudan from its service area. You can read the press statement here.

The United States maintains country-based programs (just a handful of countries affected) and, for lack of a better term, list-based sanctions programs (one of the more challenging aspect of compliance in the virtual world). In addition to economic sanctions, certain technologies and services are subject to export controls.

According to Coursera (emphasis added is my own):

interpretation of export control regulations as they relate to MOOCs has been unclear and Coursera has been operating under the interpretation that MOOCs would not be restricted. We recently received information that has led to the understanding that the services offered on Coursera are not in compliance with the law as it stands. Accordingly we have instituted a restriction in compliance with the current export controls to ensure that our business remains in good standing with the law.

For companies doing business on the Internet, the law will always be unclear. Caution is always a good idea, especially when you’re dealing with high-risk country-based sanctions areas. For the list-based sanctions, for example Treasury’s SDN list that includes names and entities that are blocked from the U.S. financial system for a whole variety of policy reasons, the compliance challenge is more daunting.

Many clients become very frustrated with these laws. I’ve counseled many and the decision should be clear cut. When all the legal analysis said and done, the key question to doing business in high risk countries boils down to this: Is the legal risk worth the cost of doing business in a sanctioned country or area of concern?

It is, and never will be, easy to comply with these rules and regulations. You need to take a close look at the line of business you’re in, the product or service you’re selling, and the screening options you have in place to ensure compliance.

The bad guys are clever.  Masking an IP is easy to do. Users also lie, use aliases. Certain countries use the Internet to control information flows to its people, or deny usage outright. And much more. As a result, some companies make a business and policy decision to just stay away from certain places.

The United States, through its elected in the Congress as well as the White House, have made policy decisions through the years that result in these laws. Human rights violators, drug smugglers, terrorists, money launderers, state sponsors of terrorism, labor and sex traffickers are the targets of these sanctions. The export control aspect of this issue aims to keep away dual-use and military technology and services from these bad actors.

Coursera is doing the responsible thing, muddling its way through it. While I do not have full information, they should have thought of this before making their services available in sanctioned countries. And, even if they did, these programs evolve with technological and legal developments. Yes, compliance never ends.

In all likelihood, because Coursera is in the education and information arena, they may be able to custom design certain offerings for areas of concern. If the critics have an issue Coursera’s approach, and a few do, they should take it up with the U.S. Congress and the Obama Administration.

WSJ: US Sues Over Magnitsky Scandal-Linked Assets

According to Journal, “[t]he 65-page complaint, filed Tuesday in New York federal court, accused 11 corporations of laundering a portion of the money through the purchase of real estate, including four luxury residential apartments and two commercial spaces in Manhattan.”  You can access the case, as well as a statement by the U.S. Attorney’s Office, by following this link.

If you would like to learn more about the history of the Magnitsky matter, as well as the law passed in the U.S. on it, in April 2013, the World Export Controls journal published an item that one our lawyers wrote about it: “The Magnitsky List: a trend-setter process in global human rights and compliance law?” You can access it here (pdf).

On the books for some time: National Emergency With Respect to Syria

One of the things I find most fascinating about the current national debate on the Syria matter is what we are not hearing. Absent from  most media reports, or for that matter during the Congressional debates last week, is a clear articulation of U.S. foreign policy toward Syria. Any use of weapons of mass destruction by any party to the Syrian civil war must be forcefully condemned; however, that is not a foreign policy goal. I think this is leading to a great deal of political confusion in the United States and internationally. 

Speaking with a senior diplomatic official from a European and NATO ally government late last week, it was evident that the President’s announcement, and the ensuring Congressional debate, was missing something. There is not reason for it because, if folks cared to focus a bit, the United States has had a clear mission with respect to Syria for quite some time. A considerable chunk of U.S.-Syria has also been legislated and signed into law, as well as enforced through numerous Executive Orders and regulations. But no one is really talking about it in that manner. 

Pursuant to numerous laws, executive orders, and regulations, since 2004 the United States has maintained a national emergency with respect to Syria. The United States has done so for numerous reasons including Syria’s involvement in global terrorism, the Lebanon occupation, pursuing weapons of mass destruction and missile programs, and undermining U.S. and international efforts to stabilize Iraq. You can read it more about here.

When you factor in that a NATO ally borders Syria, you can appreciate the complex legal and diplomatic equities at play. It is for these reasons that I did not think the President needed to request Congressional approval to engage in limited military operations in Syria. What he was really seeking was political cover. It could also be a caculated move to force a negotiation with the various interests in the region, including the Syrian government. Whatever the reason, we may never really know, economic sanctions have been in place for some time and will continue to be enforced. 

If you or your company does business in that part of the world, you should make sure that your compliance policies and procedures are up to date. Keeping your systems current with the latest U.S. government watch lists, as well as having a designated person in your company keep current with regional political developments, can help foster a compliance culture within your organization so that your team will be better prepared to manage complex transactions in a timely and efficient manner when they arise.

Economic sanctions are not going away anytime soon. If anything, this Syria matter reminds us that governments tend to increasingly use these foreign policy tools because they are efficient ways to exact certain behavior from target nations and persons. 

UAE Company Fined for Violating U.S.-Syria Sanctions, Export Control Laws

 “actions with the intent to evade the Regulations in connection with the unlawful export and reexport to Syria of items subject to the Regultions. The items included equiptment and software designed for use in monitoring and controlling Web traffic that are classified under Export Control Classification Numbers (ECCNs) 5A002 and 5D002 … controlled for National Security and Anti-Terrorism reasons and as Encryption items, and valued at approximately $1,400,000.”

It appears that Computerlinks personnel lied not only to to its California-based supplier, Blue Coat Systems in Sunnyvale, California, but to BIS investigators as well. On its website, Computerlinks says it has more than twenty-five years of experience in IT technology and information security. It seems that its internal compliance program needs to catch up to their technological know-how. BIS is seeing to that.

According to the Order, Computerlinks will need to perform three external audits of its export compliance program to review and, as necessary, implement a compliance program to ensure that senstitive U.S. technology does not end up in the wrong hands. They will be busy on the compliance front for at least two years. Likely more.

You can read the BIS Order here.

US State Department: Terrorist Designations of Ansar al-Dine

 “In AAD’s March 2012 attack against the town of Aguelhok, the group executed 82 Malian soldiers and kidnapped 30 more. Before the French intervention in January 2013, Malian citizens in towns under AAD’s control who did not comply with AAD’s laws faced harassment, torture, or execution.”

The designation of AAD makes it unlawful for U.S. persons to knowlingly engage in transactions with the AAD or those entities or persons that support them. In addition, any assets that can be linked to AAD are subject to blocking. 

For more information, visit the State Department website.