Scopelitis International News - May 2019
May 21, 2019
Scopelitis International News – May 2019
To help clients affected by the latest developments in international transportation, the Scopelitis International Transportation & Logistics Law team pulls together this monthly newsletter highlighting industry trends and updates. For more information contact Nathaniel Saylor, Braden Core, John Hove, or Jake Fisher. For any additional information on our Firm, please follow Scopelitis on social media.
OFAC Compliance Guidance
On May 2, 2019, The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued a policy document entitled “A Framework for OFAC Compliance Commitments.” The Framework sets out OFAC’s most specific guidance to date on its expectations for sanctions compliance programs dealing with OFAC-administered sanctions. While the Framework’s general contours should be familiar to compliance personnel, it does contain more in-depth details on what OFAC considers as necessary components of a sanction compliance policy, including “essential” or core areas:
- Management commitment
- Risk assessment
- Internal controls
- Testing and auditing
The Framework also describes circumstances where OFAC will consider holding individuals liable for sanctions violations, including specifically making mention of the potential liability for individuals at U.S.-owned or controlled foreign entities that facilitate sanctions violations and then attempt to obfuscate their actions. U.S. transportation companies should review their sanctions compliance policies in light of the release of the Framework and also consider conducting audits to identify any risks posed by the activities of their foreign subsidiaries or agents. Read A Framework for OFAC Compliance Commitments.
FCPA Case Highlights Foreign Official Gift Risk
On May 9, 2019, Telefonica Brasil agreed to pay a $4.13 million fine to the U.S. Securities and Exchange Commission (SEC) to resolve charges related to its practice of providing gifts to government officials, in this case tickets to the 2014 FIFA World Cup and another major soccer tournament. The SEC’s order alleges that Telefonica Brasil, while it had a code of ethics in place regarding gifts and hospitality, failed to maintain sufficient internal controls to enforce that policy where such gifts might influence government officials into improper action on its behalf – including officials who could “open doors” for the company in its business dealings. In addition, the SEC alleged that Telefonica Brasil failed to properly account for the ticket purchases on its books and records, mischaracterizing the true purpose of the tickets as merely for general advertising purposes.
Of particular interest to the Firm’s logistics clients is that the SEC order specifically notes that tickets were improperly given to a customs official in a free trade zone in order to ensure the person’s “ongoing support” in clearing a particular set of goods. Logistics companies interacting with foreign customs officials must be vigilant in ensuring all such dealings are proper, and avoid any conduct or gift giving that may raise an appearance of impropriety or an attempt to unduly influence official action.
European Legal Requirements Applicable to U.S. Operations
As we approach the one-year anniversary of the EU General Data Protection Regulation (GDPR) effective date, more and more U.S. freight forwarders, carriers, warehousemen and other supply chain participants are receiving contract amendment requests from their customers and upstream counterparts who do business in Europe. These requests typically take the form of Data Processing Agreements or Data Processing Addenda. Data controllers that have obtained EU personal data and want to transfer that data to a subcontractor or other vendor outside the EU are required by Article 28 of the GDPR to obtain certain assurances from their data transferees.
Many U.S. entities sign these contract document requests without much thought because they assume that they are not subject to the GDPR since they do not have any operations in Europe. In fact, the typical GDPR Data Transfer Agreement has significant action requirements and liability obligations that apply to operations wholly within the U.S. Anyone who is asked to sign a GDPR data processing document is well advised to review it thoroughly, to understand its unique terminology and EU regulatory references and to evaluate the very significant additional liability exposure which will subsequently be associated with its ordinary U.S. operations.
Scopelitis practice area newsletters are intended as reports to our clients and friends on developments affecting the transportation industry. The published material does not constitute an exhaustive legal study and should not be regarded or relied upon as individual legal advice or opinion.
© Scopelitis, Garvin, Light, Hanson & Feary, P.C. 2019. All rights reserved.
To subscribe, e-mail firstname.lastname@example.org.