Export bans, sanctions and restrictions can throw up unique challenges when transporting technology to different countries – and when it comes to non-compliance, ignorance is not an excuse.
Early reports of the Ukraine conflict included photographs of an abandoned Russian tank; an image that sparked concerns over more than the threat of war alone. Eagle-eyed experts quickly pointed out that the vehicle had been using a radio-jamming system which contained British parts. An investigation into Russia’s assets revealed this to be an extensive problem, with many military units including tanks and missile systems containing large amounts of western technologies. The evidence posed two difficult questions: how did they get there and who supplied them?
Almost all weapons manufacturers are subject to strict supply and export rules set by their country prohibiting supplying to or even liaising with countries deemed a direct threat or political risk. But grey areas exist when it comes to dual-use products – those suitable for civilian use which can be adapted for military applications.
So did the manufacturers of the hardware spotted in the tanks break the rules? And if so, should they have taken preventive action? The answer is yes and yes because, according to the UK government: “As an exporter it is your responsibility to ensure that you are compliant with the requirements of any new legislation.” Unfortunately for procurement and supply chain professionals, the responsibility sits firmly with them.
This may seem an extreme example, but controlled items often find their way into countries under bans or sanctions, particularly when companies have not carried out thorough due diligence on their buyer, or believe they are too small to be a target.
“Ignorance is bliss, but not a defence,” says Malcolm Budd, a consultant advising on export compliance issues who previously worked in procurement and export compliance at Rolls-Royce. The reality is, many commercially available materials, products and technologies, including IT components, connectors and circuitboards or even chemicals, could have a military application and be subject to export controls, or may be covered by end-use controls or sanctions. Therefore, a decision as innocent as bulk buying memory sticks manufactured by a US company and sending them to your employees in a sanctioned country could land procurement in a great deal of trouble if the encryption software is above a certain threshold.
‘Expensive to astronomical’ consequences
The consequences of non-compliance with export rules range from expensive to astronomical. At the very least it may incur financial and reputational damage. British companies found to be in breach of the rules may be publicly named by the Department for International Trade (DIT) and be fined hundreds of thousands of pounds. Investors, banks and customers could question whether the firm is capable of maintaining compliance, and whether the products being incorporated or sold on could be subject to seizures and legal barriers.
Elsewhere, penalties can be far more severe. In the US they have been known to run into tens of millions of dollars – plus jail sentences. There may also be secondary sanctions that apply to any non-domestic firm that chooses to trade with sanctioned entities or countries, such as Iran, effectively barring them from trading with the US. The US has a great deal of power in regulating use of its technologies because this framework is extraterritorial, so controls extend beyond its own borders, and the re-export of goods and technology with US content or origins may require government authorisation. And US authorities do pursue people who break their rules, for instance, in 2012, retired British executive Christopher Tappin was extradited to the US and jailed for his part in exporting batteries used in a missile system.
Why are firms failing to address export compliance?
“Often, SMEs don’t want to know they have compliance issues because it costs them money,” says Budd. But this is a false economy. In truth, having an appropriate compliance regime in place confers a competitive advantage, avoiding the costs and fines associated with non-compliance, ensuring products will not be impounded, and assuring companies that products are safe to use or to re-export, he points out.
Larger companies are often scrupulous about compliance and increasingly refuse to do business with firms not operating at the same level. In 2012, a well-known shipping giant asked its suppliers to identify and disclose all US-content held in systems on their ships – a task involving 38,000 components. Suppliers that couldn’t comply were temporarily frozen, with the shipper placing no new business with them until they provided the information.
“Firms are starting to use their compliance regime as leverage in negotiations, and larger firms will always [prefer] those they trust over those they don’t,” says Budd. Bigger firms may also include clauses in their contracts that put the burden of compliance on to suppliers, making compliance an imperative, so if an issue arises, the small fish will be left on the hook.
Plug the gaps in your product journey
What can SMEs do to ensure compliance and protect themselves? First, know your customer and contract so you can prove due diligence. While a firm may be aware that selling to sanctioned entities or countries is prohibited, it pays to check for ‘leaks’. The UK placed an arms embargo on Russia in 2014, and a dual-use ban early this year, so the new tech in those tanks has prompted close scrutiny of all countries that buy from the UK and have refused to speak out against the war – including China and India – as being more likely to divert valuable goods.
Second, firms need to understand the intricacies of their supply chains, including all components. It’s important to check if any elements are subject to origin rules and to prioritise those, especially US parts. American content poses high risks for procurement. US export administration regulations use a de minimis rule, which states that if the amount of US-owned material in an end-product exceeds a set limit – 10% or 25%, depending on the country – it can only be re-exported with authorisation from the US Department of Commerce.
Under this rule a complete product could meet the requirements but its spare parts may exceed the threshold and be blocked. This would impact sales, spares and services. In short, could you actually support your customer?
Products take convoluted journeys post-sale, but that is not a valid reason for breaching sanctions. In 2019 the US Treasury Office of Foreign Assets Control (OFAC) fined a US aviation firm $20m after three aircraft engines it leased had been operated in North Sudan in breach of regulations, arguing that the engine owners had not done enough to ensure its products were not used illegally. “The risk of getting the US compliance wrong is very expensive, and potentially liberty threatening,” warns Budd.
The ball’s in your court
Ultimately, if your component or product has a potential military use, it is wise to check government rules on export control periodically, particularly in times of political change. It is essential that firms understand and keep up with the fast-changing sanctions situation. Since Russia invaded Ukraine, many countries, including the US and EU, have imposed sanctions on individuals, banks and businesses at a rate of up to 200 per day. Quite suddenly a company could find that while their customer is not on the list, the bank they use is, so it will be very hard to receive payment.
The regulations are increasing quickly and it is worth establishing a process to ensure visibility of change and to track the impact on the company for a timely response. Plus, the risk of retaliatory sanctions and an increasing trade war between the West and China, Russia and their allies creates further uncertainty. As such, what is possible today, might not be tomorrow, and compliance should not be treated as a box-ticking exercise, but a business-critical approach to managing risk.