Originally published by the Journal of Commerce in October 2018

While a lot of well-deserved attention is being paid to the steel, aluminum and China tariffs, and the new U.S.-Mexico-Canada Agreement, change is afoot in many other ways. For example, in July 2018, the Office of Foreign Assets Control (“OFAC”) issued an advisory about risks to the supply chain through links to North Korea. In October 2018, OFAC issued a reminder through the Financial Crimes Enforcement Network about the risks to the financial network (which have broader application) from “mischief” caused by Iran’s shenanigans in trying to circumvent U.S. sanctions, in the face of the Joint Comprehensive Plan of Action withdrawal taking full effect. These reminders should be read in concert with the actions of Customs and Border Protection (“CBP”) and its changing how importers report their identity to the agency. What all of these activities have in common is the need for all parties in the supply chain to conduct due diligence and be vigilant in those efforts.

The overarching point to all of these reminders is the possibility of legitimate parties being inadvertently lured into what they think are routine business matters, only to find out they are involved with ill-willed parties seeking an improper outcome or advantage.

Regarding North Korea, parties were reminded to carefully consider the provisions in contracts and sub-contracts, as well as how goods, services and technology are labeled, e.g., product descriptions and origin; artificially low pricing;  I.T. services and other sales of goods or services through front or sham companies, aliases, and third country nationals. The lack of transparency being one key factor consistently mentioned.

Some of these very same factors are mentioned in OFAC’s recent advisory about Iran. OFAC describes the publication as intended to assist financial institutions to “better detect” potentially illicit transactions.  Again, reference is made to front and shell companies, the exploitation of financial institution worldwide, the obligation of financial institutes under the Bank Secrecy Act and other know your customer laws and regulations, the misuse of banks and exchange houses, forged documents in the context of commercial shipping, trading of precious metals (especially gold), the masking of transactions (by use of third parties and other misidentification) and the expanding use of virtual currency.

The message from OFAC in both contexts is know with whom you are dealing, make sure you are comfortable you have all the needed details, and if you do not, request additional information; conduct account and transaction reviews to better spot anomalies; correspond with business partners, especially when third parties are involved.  The front companies mentioned were located in China, Ukraine, Iraq, Kyrgyzstan, the UAE, Thailand, Turkey, Malaysia and the U.K.

In considering one’s actions, it is well worth keeping in mind the “red flag” indicators long ago published by the Bureau of Industry and Security, Dept. of Commerce, see https://www.bis.doc.gov/index.php/compliance-a-training/export-management-a-compliance/freight-forwarder-guidance/23-compliance-a-training/51-red-flag-indicators. They consist of the following keys:

  • The customer or its address is similar to one of the parties found on the Commerce Department’s [BIS’] list of denied persons.
  • The customer or purchasing agent is reluctant to offer information about the end-use of the item.
  • The product’s capabilities do not fit the buyer’s line of business, such as an order for sophisticated computers for a small bakery.
  • The item ordered is incompatible with the technical level of the country to which it is being shipped, such as semiconductor manufacturing equipment being shipped to a country that has no electronics industry.
  • The customer is willing to pay cash for a very expensive item when the terms of sale would normally call for financing.
  • The customer has little or no business background.
  • The customer is unfamiliar with the product’s performance characteristics but still wants the product.
  • Routine installation, training, or maintenance services are declined by the customer.
  • Delivery dates are vague, or deliveries are planned for out of the way destinations.
  • A freight forwarding firm is listed as the product’s final destination.
  • The shipping route is abnormal for the product and destination.
  • Packaging is inconsistent with the stated method of shipment or destination.
  • When questioned, the buyer is evasive and especially unclear about whether the purchased product is for domestic use, for export, or for reexport.

CBP has added to this list by outlining steps customs brokers can take to vet importers when signing powers of attorney. Those steps can be found here – https://www.cbp.gov/trade/programs-administration/customs-brokers/validating-power-attorney – and consist of:

  • To the greatest extent possible, have POA’s completed in person so the grantor’s unexpired government issued photo identification (driver’s license, passport, etc.) can be reviewed.
  • Check applicable web sites to verify the POA grantor’s business and registration with the State authority.
  • If the principal uses a trade or fictitious name in doing business, confirm that the name appears on the POA.
  • Verify that the importer’s name, importer’s number and Employer Identification Number (also known as the Federal Tax Identification Number) on the POA match what is in ACE.
  • Verify the importer’s address is a “brick and mortar” location on a public mapping program, and not simply a “postal box” or undeveloped parcel of land.
  • Dial the provided phone landline number for authentication.
  • Cross-check the provided information through a third party entity, i.e.: credit report, DUN’s number, or similar business identifying entity.
  • Access the client’s website for depth of content versus only a surface containing a landing page.
  • Check whether the POA grantor is named as a sanctioned or restricted person or entity by the U.S. Government.  See the Bureau of Industry and Security’s Export Enforcement (https://www.bis.doc.gov/index.php/oee).

The last modified date is stated to be May 25, 2018, but some form of this list has been on CBP’s website for the last several years. Other suspicious factors according to CBP include the use of cell phone numbers and the failure to have an email address associated with the firm’s domain name.  The use of personal checks for business matters has long been questionable. Wire transfers making payment from third parties, incomplete, questionable or contradictory documents, shipments to known transshipment ports may also present suspicious actions.

Now, to this, gets added the data required for the CBP Form 5106 which took effect in June 2017. While the form has limited application, meaning it is submitted only for new importers or if changes are required (doesn’t that seem to cover just about everyone?), the required data elements are clearly designed to tell CBP much more about the importer than ever before, including such factors as business description, any predecessor business entities, bank data, a copy of the Articles of Incorporation, and personal identification details for officers and those with financial knowledge about the company, including Social Security or Passport Numbers.

The bad guys are out there looking to take advantage. Are you reasonably well prepared?