General Practices for Effective Identification of Sanctions Evasion
As industry actors implement appropriate due diligence and compliance programs based on their risk assessments, we recommend that they continually adopt business practices to address red flags and other anomalies that may indicate illicit or sanctionable behavior. Detailed below are specific practices that may assist in more effectively identifying potential sanctions evasion. However, these are not intended to be, nor should they be interpreted as, comprehensive, as imposing any specific requirements under U.S. law, or as otherwise addressing any particular requirements under applicable laws or regulations.
1) Institutionalize Sanctions Compliance Programs
We recommend that, as appropriate, private sector entities assess their sanctions risk, implement sanctions compliance and due diligence programs, and provide training and resources to personnel in order to best execute those programs. Entities may wish to consider communicating with their counterparties, partners, subsidiaries, and affiliates to articulate their compliance expectations in a manner consistent with applicable local requirements.
As appropriate, private sector entities continue to be encouraged to develop, implement, and adhere to written standardized operational compliance policies, procedures, standards of conduct, and safeguards. These compliance programs may establish that engaging in sanctionable conduct is cause for immediate termination of business or employment, or could determine that appropriate controls have been adopted that adequately mitigate potential risks associated with the activity. Further, it is a compliance best practice that employees who disclose illicit behavior be protected from retaliation and that a confidential mechanism exist to report suspected or actual illicit or sanctionable activity. To the extent appropriate, private sector entities may wish to have their sanctions compliance programs routinely audited by qualified third parties as a means of continuous improvement.
Additionally, sanctions compliance programs may include communicating to counterparts, including but not limited to ship owners, managers, charterers, and operators, an expectation that they have adequate and appropriate compliance policies that respond to their internal risk assessments. In addition to doing so themselves, and when appropriate, private sector entities are encouraged to communicate to their counterparts an expectation that they: 1) conduct their activities in a manner consistent with U.S. and United Nations (UN) sanctions, as applicable; 2) have sufficient resources in place to ensure execution of and compliance with their own sanctions policies by their personnel, e.g., direct hires, contractors, and staff; 3) ensure subsidiaries and affiliates comply with the relevant policies, as applicable; 4) have relevant controls in place to monitor AIS; 5) have controls in place to screen and assess onboarding or offloading cargo in areas they determine to present a high risk; 6) have controls to assess authenticity of bills of lading, as necessary; and 7) have controls in place consistent with this advisory.
2) Establish AIS Best Practices and Contractual Requirements
AIS manipulation and disruption may indicate potential illicit or sanctionable activities. Entities in the maritime industry may wish to consider, based on their individual risk assessments, researching a ship’s history to identify previous AIS manipulation and monitoring AIS manipulation and disablement when cargo is in transit. As appropriate, maritime industry participants, flag registries, and other private sector entities to include insurers and financial institutions that conduct business with ship owners, charterers, and managers are encouraged to promote continuous broadcasting of AIS throughout the life of the transaction, consistent with SOLAS, especially in those areas determined to pose a high risk for sanctions evasion.
Private industry, including those industries referenced in Annex A, are encouraged to investigate signs and reports of AIS transponder manipulation before entering into new contracts involving problematic vessels or when engaging in ongoing business. Financial institutions may continue to assess this activity pursuant to a risk-based approach and—as appropriate—implement relevant controls for their maritime industry clients, particularly those that own, operate, and/or provide services to ships operating in areas determined to pose a high risk for sanctions evasion. Service providers may wish to consider amending contracts to make disabling or manipulating AIS for illegitimate reasons, grounds for termination of contracts or investigation, which could lead to termination of services or contracts if illicit or sanctionable activity is identified. Additionally, parties could consider incorporating contractual language that prohibits transfers of cargo to client vessels
that are not broadcasting AIS in accordance with SOLAS or have AIS history that indicates manipulation or termination for illegitimate reasons.
Additionally, port state control and vessel traffic services authorities are encouraged to reiterate the requirement to maintain AIS broadcasts to tankers and bulk containers arriving in and leaving their jurisdictions. If a vessel cannot account for its AIS history consistent with SOLAS, port authorities may wish to consider investigating the underlying activity to ensure that it is not sanctionable or otherwise illicit. If determined to be illicit, the port authorities may wish to consider prohibiting that vessel from entering their ports or taking other appropriate actions.
3) Monitor Ships Throughout the Entire Transaction Lifecycle
As appropriate, consistent with their risk assessments, ship owners, managers, and charter companies are encouraged to continuously monitor vessels, including those leased to third parties. This could include supplementing AIS with Long Range Identification and Tracking (LRIT) and receiving periodic LRIT signals on a frequency informed by the entity’s risk assessment. Port authorities in areas that present a high risk related to sanctions evasion may wish to consider monitoring ships using LRIT within their areas of operation as a risk mitigation strategy. Ship owners and managers may wish to consider raising awareness of common deceptive practices among vessel operators that conduct STS transfers in areas determined to be high-risk. Prior to any such transfers, vessel operators may wish to consider verifying the other vessel’s name, IMO number, and flag, and checking that it is currently broadcasting AIS. As part of identifying red flags, industry actors may also consider looking for situations where ownership of a vessel is transferred between companies controlled by the same beneficial owner and where there is no discernable legitimate purpose for the transfer.
4) Know Your Customer and Counterparty
Flag registry administrations, insurers, financial institutions, managers, and charterers should continue to conduct risk-based due diligence as appropriate. This due diligence might include maintaining the names, passport ID numbers, address(es), phone number(s), email address(es), and copies of photo identification of each customer’s beneficial owner(s). For example, if a legal entity is seeking to register a vessel with a flag or seeking insurance or financing for a vessel, each of these parties could request documentation regarding the ultimate beneficial owner(s) of the vessel, and seek to verify this with the documentation above, as appropriate and on a risk-basis.
5) Exercise Supply Chain Due Diligence
As appropriate, exporters and entities across the maritime supply chain are encouraged to conduct appropriate due diligence as relevant to ensure that recipients and counterparties to a transaction are not sending or receiving commodities that may trigger sanctions, such as Iranian petroleum or North Korea-origin coal. They may also consider implementing controls that allow for verification-of- origin and recipient checks for ships that conduct STS transfers, particularly in high-risk areas. As necessary, they should consider requesting copies of export licenses (where applicable) and complete, accurate shipping documentation, including bills of lading that identify the origin or destination of cargo.
As appropriate, private sector maritime entities are encouraged to review the details of the underlying voyage, including the vessel, cargo, origin, destination, and parties to the transaction. In particular, and in line with their internal risk assessment, parties are encouraged to review the relevant
documents in order to demonstrate that the underlying goods were delivered to the port listed in the documentation and not diverted in an illicit or sanctions-evading scheme.
6) Contractual Language
Members of the industry are encouraged to incorporate these best practices in contracts related to their commercial trade, financial, and other business relationships in the maritime industry.
7) Industry Information Sharing
Successful sanctions compliance programs often rely on fostering industry-wide awareness of challenges, threats, and risk mitigation measures. The Department of State, OFAC, and the U.S. Coast Guard recommend that industry groups encourage members to provide relevant information and share it broadly with partners, other members, and colleagues consistent with applicable laws and regulations. For example, when a protection and indemnity (P&I) club insurance company becomes aware of illicit or sanctionable activity or new tactics in sanctions evasion, it may wish to consider notifying other P&I clubs, as appropriate, redacting personally identifiable information that cannot be shared with third parties where necessary. Similarly, vessel owners and clubs are encouraged to share information with the financial industry, potentially working though competent authorities where required, and flag administrations should routinely pass information to the IMO and parties to the Registry Information Sharing Compact.