OFAC and the UN Urge Enhanced Trade Sanctions Controls for Maritime Supply Chain Actors, Including Banks and Insurers
The following Advisory was updated on May 1, to include recent developments.
“[G]lobal banks and insurance companies continue to unwittingly facilitate payments and provide coverage for vessels involved [in sanctions evasion]” and their “due diligence efforts fall extremely short.” (UN Panel of Experts)
“OFAC will aggressively target for designation any person who provides support to [the Government of Syria]” (OFAC advisory)
“Those who in any way facilitate the financial transfers, logistics, or insurance associated with …[sanctions-busting] petroleum shipments … are at risk of being targeted by the United States for sanctions … regardless of location or nationality.” (OFAC advisory)
“The U.S. government recommends that … ship owners, managers, and operators, brokers, flag registries, oil companies, port operators, shipping companies, classification service providers, insurance companies, and financial institutions ... implement appropriate controls to identify North Korea’s illicit shipping practices” (OFAC advisory)
With these and other stern warnings, the United Nations Security Council Panel of Experts on North Korea and the U.S. Department of Treasury’s Office of Foreign Assets Control (“OFAC”) have put maritime sanctions compliance in the spotlight. Since early March 2019, a series of U.N. and OFAC reports and advisories (“the Advisories”) have announced heightened compliance expectations that, if not recognized, present significantly increased risk of adverse regulatory action for all actors involved in high-risk sectors of the maritime supply chain, including supporting players such as banks and insurers.
The Advisories and reports spotlight high risk sectors of the maritime supply chain from a sanctions perspective, namely those involving transport of petroleum product or coal, or ship-to-ship transfer-capable vessels, in the Mediterranean Sea, Red Sea, Gulf of Tonkin, East China Sea, or waters around the Korean Peninsula and Venezuela. For these high-risk sectors, the Advisories provide updated intelligence on potential red flags for maritime sanctions evasion, and significantly clarify regulators’ expectations regarding who should implement risk mitigation measures, and what controls should be implemented.
As to the who, the Advisories make clear that controls to prevent facilitation of maritime sanctions-busting must be implemented not only by ship owners, operators, charterers, traders, and others directly involved, but also by intermediary and supporting parties, including banks and insurers. They also reiterate that non-U.S. parties are at risk of adverse action if they, intentionally or unintentionally, facilitate transfers that offend U.N. or U.S. sanctions on North Korea, Iran, Syria, Cuba or Venezuela.
As to the what, the Advisories recommend compliance mechanisms that go well beyond standard screening of counterparties and vessels against sanctions lists. These compliance measures include historical and continuing analysis of Automatic Identification System (AIS) transmission data, AIS-related contract clauses, and careful scrutiny of shipping documents.
By making the expectations explicit, the advisories significantly increase enforcement exposure and reduce available mitigation for parties that fail to enhance their compliance programs accordingly. By way of example, in January 2019, OFAC reached a $1,000,000 settlement with e.l.f. Cosmetics Inc. arising from the company’s failure to identify North Korean content in false eyelash kits sourced from suppliers in China. That settlement came on the heels of a strongly‑worded July 2018 advisory to the manufacturing sector, urging adoption of due diligence intended to eliminate North Korean forced labor and North Korean content from U.S. supply chains. Against this backdrop, it seems reasonable to wonder who will become the poster child for the dangers of inadequate sanctions compliance controls in the maritime context.
This article first provides a refresher on relevant sanctions regulations and how they reach U.S. and foreign conduct, then summarizes the recent advisories, including the red flags identified therein, and the articulated expectations regarding who should implement controls and what controls should be implemented. We close with a few thoughts on the challenge presented by the new mandate to conduct AIS transmission analysis, and potential solutions.
Refresher on Relevant Sanctions Regimes
The U.S. and the U.N. maintain significant economic sanctions against the Democratic People’s Republic of Korea (“DPRK” or “North Korea”). The U.S. also maintains comprehensive embargoes targeting Cuba, Iran, Syria, and the Crimea Region, as well as rapidly evolving sanctions targeting sectors of the Venezuelan economy that support the current regime - primarily (for now) government-owned businesses and the petroleum and gold sectors.
Familiarity with U.S. sanctions is critical for the maritime sector because these regimes have broad extra-territorial application and the U.S. government aggressively enforces their requirements. Although U.S. sanctions primarily regulate transactions that have a nexus with the U.S., they can reach the activities of foreign persons outside the U.S. in surprising ways, exposing those persons to civil or criminal penalties, or to imposition of sanctions that cut them off from the U.S. economy.
For example, OFAC will have jurisdiction over, and can impose civil or criminal penalties for, transactions that appear to occur entirely outside the U.S., but that involve goods sourced from the U.S., or that are denominated in U.S. dollars and require a U.S. bank to perform dollar clearance, or that otherwise involve any activity (even attenuated involvement such as back office support) by U.S. persons (citizens, permanent residents, entities organized to do business in the U.S.) wherever located. If such transactions violate U.S. sanctions, OFAC can pursue action against the foreign parties and levy penalties of up to almost $300,000 per violation for inadvertent violations, and criminal penalties of up to $1,000,000 per violation and jail time of up to 20 years for willful violations. For many companies, especially those that are publicly traded, the scrutiny that ensues could have an even bigger impact than the penalty itself.
Even when no U.S. nexus exists, the U.S. reserves the right to impose sanctions on foreign parties whose activities undermine U.S. sanctions objectives. Such “secondary” sanctions can range from barring vessels from entering the U.S. for a period after visiting a prohibited port, to designating vessels, individuals, and entities as Specially Designated Nationals and Blocked Persons (SDNs). The latter results in freezing of property and inability to operate in the U.S. economy or transact with U.S. persons anywhere in the world. OFAC has made clear its intent to impose secondary sanctions, especially in the context of transactions by foreign persons that facilitate sanctions evasion by North Korea, Syria, Iran, and Venezuela with respect to imports and exports of petroleum and coal products.
The U.S. has not been shy about enforcement. In just the shipping sector, between March and April 2019 alone, the U.S. designated one Italian, one Greek, and four Liberian shipping companies as SDNs for transporting Venezuelan oil to Cuba (and thereby supporting the Maduro regime); and two shipping companies in China for facilitating North Korean sanctions evasion, including by providing goods and services in support of a trading company that was previously designated as an SDN for trading with North Korea. (Following these designations, all vessels owned 50 percent or more by these companies are also deemed to be blocked parties.)
In the same period, OFAC announced a settlement of almost $600 million with the German, Austrian, and Italian subsidiaries of UniCredit (the “Bank”). Among other issues, OFAC alleged that the Bank submitted payment instructions through U.S. financial institutions on behalf of a customer who was taking delivery in Kazakhstan of oil that was intended for onward delivery to Iran. According to OFAC, UniCredit should have known about the nexus to Iran from documents submitted in connection with the letter of credit (LOC) that the Bank issued for the transaction. Similarly, OFAC alleged that UniCredit unlawfully processed payments through U.S. financial institutions for sales of cotton from suppliers in Central Asia to buyers in the Far East, under circumstances where the Bank should have known from LOC documentation that the cotton would be transshipped via Iran. Because commercial documentation submitted in connection with LOCs may identify shipping lines and vessels, the UniCredit settlements underscore the need not only to scrutinize such documents carefully, but also to have a method of performing due diligence on vessels and fleets referenced in the documents.
The U.N. Report and OFAC Advisories
In early March 2019, the U.N. Panel of Experts for North Korea sanctions submitted a report (“U.N. Report”) recounting a dramatic increase in North Korean evasion of sanctions, particularly via maritime import of petroleum and export of coal. Building on the U.N. Report, OFAC issued a March 21, 2019, advisory specifically addressed to “parties involved in the shipping industry, including insurers, flag registries, shipping companies, and financial institutions,” in which it updated earlier (February 23, 2018) guidance about North Korean maritime sanctions evasion risks (“DPRK Shipping Advisory”). Then, on March 25, 2019, OFAC issued another shipping industry advisory, this time updating November 2018 guidance with further warnings about maritime transfers of petroleum to and from Syria, including from Iran and Russia (“Syria Shipping Advisory”).
The U.N. Report, DPRK Shipping Advisory, and Syria Shipping Advisory (collectively, “the Advisories”), highlighted a variety of increasingly sophisticated deceptive shipping practices used to facilitate illicit transfers of luxury goods, petroleum and coal, to and from North Korea, and of petroleum to and from Syria. These mechanisms include vessel identity theft, false AIS transmissions, switching off AIS transmissions to disguise illicit ship-to-ship transfers and calls at prohibited ports (“dark activity”), and falsifying shipping documentation.
Risk Indicators and Red Flags
Taken together, the Advisories identify a variety of risk indicators and red flags for maritime sanctions evasion, including:
- Sectors: Oil, coal, luxury goods, and ship-to-ship transfer-capable vessels.
- Waters: for North Korean sanctions evasion, waters around the Korean peninsula (Bohai Sea, Yellow Sea, East Sea/Sea of Japan), the East China Sea, or the Gulf of Tonkin; for Syrian and Iranian sanctions evasion, the Mediterranean Sea and the Red Sea.
- Ports: the Advisories noted that ships engaging in illicit ship-to-ship petroleum transfers visited the following ports in the waters listed above before or after the unauthorized activity: Vladivostok, Nakhodka (Russia); Busan, Yosu, Gwangyang (South Korea); Singapore; Hong Kong; Luhuashan, Zhoushan, Luoyuan, Taichung (China); Keelung, Taipei, Kaohsiung (Taiwan).
- Vessel characteristics: type of vessel (coastal, product and general-purpose tankers, ship-to-ship-capable vessels); age of vessel (older = higher risk); a history of poor scores on port control safety inspections and/or fines for pollution; sailing under the jurisdiction of flag-of-convenience states; double-flagging; frequent name changes.
- Specific vessels: the Advisories provided (non-exhaustive) lists of vessels suspected of having engaged in sanctions evasion with respect to DPRK and Syria. Importantly, some of these vessels have not been designated as SDNs and may not show up in sanctioned party screening processes (some screening tools have updated their databases to flag these vessels; others will only flag vessels that are actually on the SDN list). Parties engaging in high-risk maritime trade may therefore wish to check with their screening providers about whether non-SDN vessels listed in the advisories will be automatically flagged during screening and, if not, add a node to their compliance programs to check the lists of vessels identified in the Advisories as part of red flag detection, separately from sanctioned party screening. For ease of reference, we have compiled a list of vessels that are identified in the Advisories, but that were not subject to sanctions as of mid-April 2019. The list may be accessed via the Wiggin and Dana International Trade Compliance Practice Group website, under the Publications tab, at https://www.wiggin.com/international-trade-compliance/publications/.
Expected Compliance Controls
In addition to identifying potential red flags for maritime sanctions evasion, the Advisories spell out due diligence expectations and make clear that OFAC expects appropriate controls to be implemented by “all parties involved in the shipping industry,” “including ship owners, managers, and operators, brokers, flag registries, oil companies, port operators, shipping companies, classification services providers, insurance companies, and financial institutions.” As noted at the top of this article, the Advisories also include pointed warnings regarding the U.S. government’s determination to take action against all parties involved in sanctions evasion, whether intentionally or unwittingly, and whether U.S. or foreign.
Collectively, the Advisories recommend a long list of compliance mechanisms for parties in the maritime supply chain to implement in their compliance programs, as appropriate to their particular roles and risk profiles, and in addition to standard controls already assumed to be in place, such as sanctions clauses and party screening. The recommended compliance mechanisms include:
- Reminders regarding AIS transmission requirements: Port control authorities should remind vessels transporting petroleum products and coal of the requirement to maintain continuous AIS transmissions.
- “AIS switch-off” and “delivery verification” clauses: Protection and indemnity insurance and reinsurance companies, petroleum-product- and coal-trading, refining and producing companies, and financial institutions should include clauses in relevant contracts, letters of credit, loans, and other financial instruments mandating continuous AIS transmissions and presentation of evidence of full and complete delivery to the stated destination or vessel.
- AIS history and monitoring: Before contracting, or upon addition of new vessels to existing contracts, obtain and analyze AIS transmission history to identify patterns indicative of illicit activities, such as periods of unexplained “dark activity” in waters of concern, or use of identifiers associated with other vessels located far away or recorded as decommissioned. Thereafter, continuously gather and analyze AIS transmissions and investigate signs of AIS manipulation before continuing to provide services or engaging in other activities (such as processing financial transactions and insurance claims) with respect to transactions involving the vessel.
- Vessel due diligence: Research the IMO number, to obtain a picture of the vessel’s history, travel patterns, and ties to illicit activities, actors, or regimes, and pay attention to other attributes identified by the UN Panel of Experts as being correlated with a higher risk of involvement in sanctions-busting, including: type of vessel (coastal, product and general-purpose tankers, ship-to-ship-capable vessels); age of vessel (older = higher risk); a history of poor scores on port control safety inspections and/or fines for pollution; sailing under the jurisdiction of flag-of-convenience states; double-flagging; and frequent name changes.
- Ship-to-Ship “know your vessel” checks: Vessel operators conducting ship-to-ship transfers in waters around the Korean peninsula (Bohai Sea, Yellow Sea, East Sea/Sea of Japan), the East China Sea, or the Gulf of Tonkin should verify vessel name, IMO number and flag before participating in the transfer, and ensure that there is a legitimate business purpose for the transfer.
- Petroleum supply chain due diligence and end use checks: Oil companies should perform, and require others in the supply chain to perform, end use checks and other forms of due diligence to ensure that each recipient and counterparty is not providing oil to a North Korean tanker, particularly when transactions involve ship-to-ship transfers in the waters around the Korean peninsula and the East China Sea.
- Shipping document review: Shipping documents should be obtained and carefully reviewed to validate authenticity of transaction and purported end user and destination. Documentation (bills of lading, invoices, certificates of origin, packing lists, proof of insurance, etc.) should include details of the vessel, cargo, origin, destination, buyer, seller, end-user, and evidence that the cargo was in fact delivered to the declared destination. Omissions, inconsistencies, illegible entries, etc. should be investigated before proceeding.
- Clear communication of sanctions requirements to international partners: Clearly communicate sanctions requirements to transaction partners, as well as to association members, including by circulating relevant OFAC advisories.
- Know Your Customer (“KYC”) due diligence: In addition to the above, the Syria Advisory specifically admonishes all parties involved in the maritime petroleum shipping community to identify all the parties, geographies, and countries of origin and destination of the goods involved in underlying shipments, and to research companies, individuals, vessels, vessel owners, and vessel operators. It also urges financial institutions and “non-financial gatekeepers” to adopt due diligence procedures that are “consistent with Financial Action Task Force standards designed to combat money laundering … and [to] promot[e] beneficial ownership transparency.”
Implications for the Maritime Supply Chain
While the Advisories collectively recommend multiple risk mitigation measures, they place significant emphasis on AIS transmission analysis, as an antidote to “dark activity” and vessel identity theft. Take, for example, the following injunctions from the Advisories:
“Commercial shipping data, such as ship location, ship registry information, and ship flagging information…should be incorporated into due diligence practices.”
“Services providers should monitor the AIS transmissions of ships capable of transporting oil that operate in…areas where ship-to-ship transfers occur”
“Parties involved in the supply chain of ship-to-ship transfers of refined petroleum … should research a vessel’s AIS history to help determine whether the vessel may be involved in illicit activities.”
“Signs of AIS transponder manipulation should…[be] investigated fully prior to entering into contracts with, continuing to provide services to, or engaging in other activities with such vessels (including processing financial transactions in connection with the vessel’s activities”)
“Know Your Customer (KYC) due diligence…includes not only researching companies and individuals, but also the vessels…KYC on a vessel includes researching its IMO number…[for] a more comprehensive picture of [its] history, travel patterns, ties to illicit activities, actors, or regimes, and potential sanctions risks...”
Notably, of the mandates above, even those that don’t directly require analysis of AIS transmission data, and other vessel behavior data, do so implicitly. For example, if available AIS transmission data would reveal a contradiction regarding ownership structure or verified registry, or that cargo was not in fact delivered to the listed port because the vessel never called there, OFAC could well take the position that the availability of the relevant AIS data put the parties “on notice” of the suspicious activity.
Accordingly, it appears that OFAC may now consider AIS transmission due diligence and monitoring to be as indispensable a part of sanctions compliance as restricted party screening, at least for parties involved – directly or indirectly – in high-risk maritime transactions. Importantly, that includes not only commodity traders, shipping companies, charterers, and crews, but also actors who provide services that facilitate maritime commerce, including insurers, banks, port authorities, classification service providers, and bunkering providers.
As noted by OFAC, “[t]here are several organizations that provide commercial shipping data, such as ship location, ship registry information, and ship flagging information.”  However, OFAC’s seemingly straightforward instruction that “[t]his data should be incorporated into due diligence practices,” may present significant practical challenges, because detecting genuinely suspicious cessation of AIS transmission poses significant data input quality and signal-to-noise challenges.
To be effective, and to avoid swamping business and compliance teams with false positives, an AIS-related diligence and monitoring workflow requires high quality, vetted, validated, and verified data, plus a method for analyzing the high volume inputs in real time and against deep context. Mere cessation of AIS transmission may have multiple innocent explanations; identifying true “dark activity” requires accounting for a broad range of risk-predicting factors, such as: vessel attributes (type, age, history of safety or environmental violations), geography (was transmission interrupted in suspicious waters), past behavioral patterns (has the vessel’s conduct suddenly changed, has it recently changed its name or flag), the common practice of similar vessels in the region, and the practice of other vessels in the same fleet or operated by the same entity, to name a few. This kind of analysis requires not only firm understanding of economic sanctions, but also deep maritime expertise.
Despite the obvious challenges, companies that fail to implement an AIS-transmission due diligence and screening procedure for high-risk portions of shipping, insurance, and banking portfolios could have significant enforcement exposure now that the U.N. and OFAC have put the maritime industry on notice that they consider such protocols a necessary compliance practice. In other words, in the wake of the Advisories, parties who inadvertently facilitate illicit maritime transfers under circumstances where the use of commercially available vessel location and behavior data would have identified red flags may have difficulty defending their compliance program to OFAC and mitigating their exposure to fines or other sanctions for their involvement in sanctions-busting maritime transfers, however unintentional.
Fortunately, products for identifying and interpreting AIS data have become commercially available, including platforms that use artificial intelligence to analyze a broad range of available information about vessel behavior, predict sanctions‑related risk, and generate decision-ready outputs. A discussion of such solutions is beyond the scope of this article, but one possible starting point would be to identify platform providers from the list of Professional Partners maintained by the International Union of Marine Insurance (“IUMI”).
North Korea and Syria continue to take steps to evade U.S. and United Nations sanctions, and regulators have made it clear that they expect industry to enhance their controls to identify and counteract this illicit activity. Some of the risk mitigation measures proposed by the regulators – such as historical review and continuous monitoring of AIS transmissions – go beyond many maritime actors’ standard due diligence practices and pose significant challenges. In the wake of this explicit guidance, in order to avoid significant sanctions exposure, all parties in the maritime supply chain should take immediate action to review their compliance programs against the expectations articulated in the recent advisories, and enhance their procedures as necessary.
 UN Security Council, Report of Panel of Experts, March 5, 2019, available at https://www.un.org/en/ga/search/view_doc.asp?symbol=S/2019/171.
 Updated Guidance on Addressing North Korea’s Illicit Shipping Practices, March 21, 2019, available at https://www.treasury.gov/resource-center/sanctions/Programs/Documents/dprk_vessel_advisory_03212019.pdf; Sanctions Risks Related to North Korea’s Shipping Practices, February 23, 2018, available at https://www.treasury.gov/resource-center/sanctions/OFAC-Enforcement/Documents/dprk_vessel_advisory_02232018.pdf.
 Sanctions Risks Related to Petroleum Shipments involving Iran and Syria, March 25, 2019, available at https://www.treasury.gov/resource-center/sanctions/Programs/Documents/syria_shipping_advisory_03252019.pdf; Sanctions Risks Related to Shipping Petroleum to Syria, November 20, 2018, available at https://www.treasury.gov/resource-center/sanctions/Programs/Documents/syria_shipping_advisory_11202018.pdf.
 The lists of vessels are contained in an Annex to the Syria Shipping Advisory and in Annexes 4 and 5 to the DPRK Shipping Advisory.
 DPRK Shipping Advisory, page 1; see also Syria Shipping Advisory, page 1 (stating that all parties in the petroleum supply chain must take responsibility for preventing shipments of oil to Syria, “including shipping companies, vessel owners, managers, operators, insurers, and financial institutions”).
 Syria Shipping Advisory, page 4.
 DPRK Shipping Advisory, page 6.