(Part I of this article was posted in yesterday’s Daily Bugle.)
* Author: Alexandre Lamy , Esq., 1-202-835-1862, BakerMckenzie
As a jurisdictional matter, OFAC’s substantive regulations also apply to non-U.S. entities owned or controlled by U.S. persons under U.S. sanctions targeting Cuba and Iran.
Nonetheless, Section 501.604 appears only to apply to owned/controlled non-U.S. entities for Cuba purposes, because the term “persons subject to U.S. jurisdiction” appears in the Cuban As
sets Control Regulations,[FN/9] but not the Iranian Transactions and Sanctions Regulations.[FN/10]
Owned/controlled non-U.S. entities are not subject to U.S. sanctions jurisdiction under other OFAC regulations if they are operating with no U.S. nexus – e.g., no U.S. persons, no U.S.- dollar payments, no U.S. items.
Based on its plain language, there is no indication that Section 501.604 requires a non-U.S. entity outside of U.S. jurisdiction to report to OFAC about a transaction that it rejected under U.S. sanctions because a director, officer or employee of the non-U.S. entity involved in the transaction is themselves a U.S. person (e.g., a U.S. citizen or permanent resident alien) or the non-U.S. entity rejected a transaction because it otherwise involved a U.S. nexus (e.g., a U.S.-dollar payment).
Which types of rejected transactions should be reported to OFAC going forward?
While the jurisdictional scope of Section 501.604 appears clear, OFAC has not provided similar guidance to nonfinancial institutions about which types of transactions should be reported when they are rejected. As noted above, revised Section 501.604 provides that covered transactions may be “related to wire transfers, trade finance, securities, checks, foreign exchanges, and goods or services.”
In addition, in terms of documentation that OFAC expects about rejected transactions, Section 501.604(b)(7) was amended to require a “copy of any related payment or transfer instructions, accompanying bill of lading, invoice, or any other relevant documentation received in connection with the transaction.”
These points do not explain to nonfinancial institutions which of their commercial activities may trigger Section 501.604 as a practical matter.
Every day, companies engage in a wide variety of commercial activities – e.g., provide pricing information, conduct due diligence, respond to information requests – that would not normally be considered transactions, even if some of these activities may lead to a bona fide transaction.
OFAC’s approach to the revamped Section 501.604 and the absence of guidance have created uncertainty about which such commercial activities are subject to the rejected- transactions reporting requirements.
Reviewing dictionary definitions of terms like “transaction” and “rejection” provide a potential compliance road map. Definitions of transaction in Black’s Law Dictionary include an “act or an instance of conducting business or other dealings; esp., the formation, performance, or discharge of a contract” and a “business deal or arrangement that alters legal rights.”[FN/11]
The main definition of rejection from the same source is a “refusal to accept a contractual offer .”[FN/12]
From these common-sense definitions, we can narrow the scope of a company’s commercial activities that should reasonably be subject to reporting under Section 501.604.
What appears to be clearly covered by Section 501.604 are the formal steps of contract creation and performance because a transaction is primarily meant to include the formation, performance or discharge of a contract. In addition, a company deciding not to pursue a transaction once such formal steps have been taken would be engaging in a rejection – i.e., a refusal to accept a contractual offer.
At a high level, this would cover preliminary steps related to a transaction prohibited under U.S. sanctions (in OFAC programs that do not require blocking), such as the receipt of a purchase order, an order confirmation and the issuance of an invoice.
And it would cover the formal execution of a contract and all the remaining steps to the performance thereof – e.g., delivery or acceptance of goods or services, payments, etc.
This approach is consistent with the types of documents that OFAC says it expects as part of reports pursuant to Section 501.604 – i.e., “accompanying bill of lading, invoice, or any other relevant documentation received in connection with the transaction.”
Thus, the Section 501.604 reporting requirements would be triggered if a Section 501.604 party takes a step at any of those stages to advance a transaction that is prohibited (but not blocked) under U.S. sanctions and must be stopped to comply with U.S. sanctions.
By contrast, the types of commercial activities that do not appear to be covered by Section 501.604 in and of themselves are other steps that may predate or accompany a transaction that is prohibited (but not blocked) under U.S. sanctions. Such noncovered commercial activities should include:
- Responding to information requests about a product or to more general inquiries;
- Providing pricing information;
- Entering into a nonbinding letter of intent;
- Conducting due diligence about a potential counterparty;
- Implementing sanctions compliance measures such as internet domain blocking (e.g., blocking access by IP addresses from comprehensively sanctioned territories) or restricted-party screening; and
- Completing a sanctions compliance analysis about whether a potential transaction is permissible under applicable sanctions and advising personnel within a company about the results of the analysis.
These activities do not typically involve the formation, performance or discharge of a contract, or a “business deal or arrangement that alters legal rights,” and they should not be subject to Section 501.604, even if they could ultimately lead or are related to a later transaction.
Furthermore, the fact that some of these steps may result in a compliance team recommending that a company not pursue a proposed or potential transaction in order to comply with U.S. sanctions should not constitute a rejection, because there would be no contractual offer to refuse at that stage.
In the context of tenders or requests for proposals, or RFPs, this proposed compliance framework would mean that the receipt alone of such requests should not trigger Section 501.604.
That said, a Section 501.604 party that responds to a tender or RFP where a customer’s acceptance would create a binding contract would have a Section 501.604 reporting obligation if it turns out the transaction is prohibited (but not blocked) under applicable U.S. sanctions.
Although it should help most companies differentiate which types of typical commercial activities should and should not be reported under Section 501.604, this proposed compliance framework is not necessarily complete, in that it does not help adjudicate how some activities involving third parties should be treated.
One example is the status of online accounts. For instance, it would generally be prohibited for a nonsanctioned individual in North Korea to maintain an online account offered by a U.S. person company, under the North Korea sanctions regulations.[FN/13]
It is not clear that all online accounts involve transactions, as defined above, or that terminating such accounts involves a rejection. Some accounts may be of a general registration/information-collection nature, while others may enable a user to purchase goods or services.
Absent further guidance from OFAC, this compliance framework does not necessarily provide a bright-line test for such online activities. There may be other commercial activities, not considered by this article, that may not fit neatly within this proposed compliance framework and would need further consideration.
What practical steps can companies take to comply with the expanded scope of Section 501.604?
With this framework in mind, compliance teams can focus their efforts on the types of company activities that are most likely to be subject to Section 501.604 in order to comply with OFAC’s expanded requirements.
Specifically, corporate compliance teams should ensure that their transactional review processes include a new step at the end for a transaction that must be stopped and rejected for U.S. sanctions compliance reasons.
This additional step should primarily consist of compliance teams considering (1) whether a Section 501.604 party is involved and (2) whether the activities in question constitute reportable transactions discussed above.
For purposes of step one, a compliance team would want to confirm whether the corporate entity that was supposed to engage in the rejected transaction is itself a U.S. entity or, in a Cuba-related transaction, an owned/controlled non-U.S. entity.
That is an important jurisdictional limitation for Section 501.604 and should mean that it will not generally be relevant to the non-U.S. subsidiaries of U.S.-based companies.
As noted above, there is no indication that Section 501.604 requires a non-U.S. entity outside of U.S. jurisdiction to report to OFAC about a transaction that would have been prohibited under U.S. sanctions because a director, officer or employee of the non-U.S. entity involved in the transaction is themselves a U.S. person, or the non-U.S. entity rejecting a transaction because it otherwise involved a U.S. nexus (e.g., a U.S. dollar payment).
Step two should be focused on determining whether the steps taken by a Section 501.604 party involve a reportable rejection or, rather, other commercial activities that are not covered. If the compliance team determines that Section 501.604’s jurisdiction applies and a covered transaction is involved, then the company has 10 business days from the date a decision is made to reject the transaction to report it to OFAC.
Finally, prior to the OFAC regulatory changes discussed here, Section 501.604 parties could determine that a transaction was prohibited under U.S. sanctions and terminate it where no blocked property was involved, ideally before it was fully performed.
Such companies could then consider whether they should disclose the transaction to OFAC, but that was otherwise the end of the compliance review process for a problematic transaction – e.g., make sure it was stopped and implement measures as needed to avoid a similar incident.
Now, companies may sometimes find themselves in a position of a forced voluntary disclosure to OFAC, when they are reporting rejected transactions.
While Section 501.604 reports to OFAC should be a sign of a well-functioning compliance program, it is possible that such reports could prompt questions or an investigation from OFAC, particularly if a transaction is very far along when it is rejected or a company submits many reports.
When submitting Section 501.604 reports, compliance teams should try to mitigate such risks by providing appropriate context about rejections that are reported.
9] Cuban Assets Control Regulations, 31 C.F.R. pt. 515 (2020).
10] Iranian Transactions and Sanctions Regulations, 31 C.F.R. pt. 560 (2020).
11] Transaction, Black’s Law Dictionary (11th ed. 2019).
12] Rejection, Black’s Law Dictionary (11th ed. 2019).
13] North Korea Sanctions Regulations, 31 C.F.R. pt. 510 (2020).