The U.S. Securities and Exchange Commission’s (SEC) recent activity suggests that it is expanding its regulatory reach into the world of economic sanctions. First, in 2018 and 2019, the SEC increased the number of letters it sent to public companies requesting information about how their corporate activities might impact compliance with U.S. economic sanctions requirements. More recently, the SEC has dipped its toes into the waters of sanctions enforcement.

In September 2019, the SEC’s Division of Enforcement issued a cease and desist order against a public company that had concealed transactions subject to U.S. sanctions, among other violations. In the order, the SEC relied on the Foreign Corrupt Practices Act’s (FCPA) books and records and accounting provisions as the “vehicle” to support the economic sanctions violation. The SEC’s increasing regulatory activity in the sanctions arena sends a clear message—that issuers, public companies, and financial firms should strengthen compliance programs to account for the ever evolving financial crimes compliance environment.

The SEC’s Growing Role

By way of background, both the Department of Justice (DOJ) and SEC share enforcement authority under the FCPA. Among other things, the DOJ has criminal enforcement authority over public companies (“issuers”), their officers, directors, employees, agents, or stockholders acting on the issuer’s behalf, while the SEC has civil enforcement authority over these entities and individuals. Enforcement of U.S. economic sanctions violations, on the other hand, has fallen squarely within the jurisdiction of the Department of the Treasury’s Office of Foreign Assets Control (OFAC) and the DOJ, until now.

In its September 26, 2019, enforcement action against a Midwest printing company, the SEC found that the company had violated the FCPA by engaging in multiple bribery schemes to secure business as it paid or promised over a million dollars in bribes through its subsidiaries in Peru and China.1 However, in addition to the bribery findings, the SEC found that the company’s Peruvian subsidiary had violated U.S. economic sanctions and export control laws by engaging in transactions with a state controlled Cuban telecommunications company. The SEC tied the sanctions violation to the FCPA in two ways: (1) by also finding that the Peruvian subsidiary had violated the FCPA’s books and records provisions when it created false records to conceal the sanctioned transactions; and (2) finding that the parent company failed to have sufficient internal accounting controls in place to detect or prevent the misconduct. As a result of the findings, the SEC ordered the parent company to pay approximately $7.4 million in disgorgement and a $2 million civil penalty.

Despite stating that the printing company had “violated U.S. sanctions and export control laws” by engaging in the aforementioned transaction, technically, the SEC’s order did not find violations of specific OFAC regulations. Instead, the SEC’s order points to the company’s failure to implement a robust compliance program and maintain sufficient internal accounting controls as “allow[ing]” the sanctions violations to occur. Additionally, the order essentially holds that the company’s conduct in connection with the sanctions violations in turn caused violations of the FCPA. Specifically, the falsification of books and records to conceal the sanctioned transactions resulted in inaccurate books and records in violation of FCPA and SEC requirements.

This finding is not unlike certain Financial Industry Regulatory Authority (FINRA) enforcement findings where the failure to adhere to a regulatory requirement (one outside of FINRA’s jurisdiction but, nonetheless, required under the federal securities laws such as the Investment Company Act of 1940) causes a broker-dealer to violate the FINRA rule requiring adherence to high standards of commercial honor and just and equitable principles of trade. In short, violations outside of a particular regulator’s jurisdiction can become the vehicle to establish a violation if they can be tied to the rules within that regulator’s jurisdiction.

In addition to its enforcement activity, the SEC’s recent comment letters to public companies have sought detailed facts about dealings that these companies have had with countries subject to U.S. sanctions. These letters seek responses to questions on a number of sanctions-related topics, including previously self-disclosed suspicious transactions, potential violations of trade restrictions, and the impact that the company’s economic sanctions risks have on investors and its overall business.2

What Companies Should Do Next

The SEC’s sanctions-themed comment letters underscore the importance of having a strong sanctions compliance program and risk management framework for any issuer or public company doing business today, particularly given the global reach that technological advances have afforded all businesses.

The extent to which the September decision and the SEC’s other recent activity signal that the SEC is interested in getting more actively involved in U.S. economic sanctions, or other areas of financial crimes compliance for that matter, remains to be seen. One thing is clear, however, the SEC (and likely other U.S. financial regulators) is thinking outside the box to ensure that issuers and public companies are taking sufficient steps to protect customers and do their part to keep up with the evolving world of financial crimes compliance.

This thinking is consistent with messages that the SEC’s Office of Compliance Inspections and Examinations (OCIE) has sent to broker-dealers over the years in its annual examination priorities letters. The SEC expects these firms to establish anti-money laundering programs and perform independent testing with a focus on monitoring for suspicious activities to detect and combat terrorist financing, public corruption, market manipulation, and a variety of other fraudulent behaviors. Not surprisingly, OCIE once again reiterated these expectations in announcing its 2020 Examination Priorities on January 7, 2020. The SEC recognizes that both public
companies and financial firms are particularly vulnerable to these financial crimes risks, and it is adjusting its regulatory priorities accordingly.

Given the new global focus on financial crimes compliance for public companies, and the ever-growing list of U.S. economic sanctions, companies need to be prepared to reexamine their compliance requirements with a broader eye. Especially with the SEC playing a bigger role in economic sanctions, companies would be wise to reevaluate the robustness of their compliance programs and internal controls, as well as ensure that books and records are accurate and do not include negligent or intentional misrepresentations. Periodic independent testing and reviews are essential to help ensure that compliance programs are healthy, up to date, and consistent with regulatory requirements.

2 Mengqi Sun and Mark Maurer, “SEC Questions More Companies About Sanctions Disclosures,” Wall Street Journal (August 28, 2019) (citing Audit Analytics).