The four pillars of export control
Sanctions list screening
What is sanctions list check?
Sanctions lists are lists of persons, organizations or companies against which economic or legal restrictions have been imposed. As a European company, you are required to check all your business partners (whether domestic or foreign and regardless of the type of contract) against the sanctions lists. After the check, you will know if you are allowed to do business with this contact.
ATTENTION: There are additional country-specific embargoes against certain countries, e.g. Russia, in which persons are also listed. These must be checked as part of export control, but can also prohibit business activities with these persons. One and the same person can therefore also be sanctioned both via the sanctions lists and via a country embargo.
The following keywords are also used in the context for sanctions lists and their verification:
- Boycott lists
- Anti-Terrorism Lists
- Blacklist check
- Compliance screening
- Know your Customer
Why must the sanctions list check be performed?
After the attacks of September 11, 2001, screening of suspected terrorists began. The objective of the sanctions list audit is a targeted boycott of terrorist individuals, entities and organizations in order to deprive them of their financial and economic basis. Therefore, they may not receive any direct or indirect economic support (prohibition on providing economic resources, financial assets or funds).
What are the underlying legal principles?
The EU regulations are directly applicable law in the EU. In Germany according to § 34 para. 4, 5, 6 and 7 of the Foreign Trade and Payments Act (AWG):
- (EU) No. 2580/2001 (Anti-Terrorism)
- (EU) No. 881/2002 (Al-Qaeda)
- (EU) No. 553/2007 (Al-Qaeda) – Amendments to 881/2002
- (EU) No. 753/2011 (Taliban)
In order to apply for AEO, you must also prove that you also audit your employees, in accordance with paragraphs 252/253 Dienstvorschrift AEO.
Who must review sanctions lists?
The regulations must be observed by every company in the European Union, regardless of the country in which the business partner is located or the type of contract involved. This means that you must check ALL of your business contacts, including those within the country.
Who is responsible or involved in the company?
Sanctions list review does not only affect the export department, but many departments in the company:
- Sales (customers, especially new customers)
- Order processing (new partners, e.g. goods/invoice recipients)
- Distribution (transport companies commissioned by you, goods recipient addresses)
- Purchasing process (suppliers, service contract partners, transport partners)
- Financial accounting (accounts payable, accounts receivable, banks)
- Human Resources (Employees)
They must all ensure that no sanctioned natural or legal persons receive direct or indirect economic support.
The management is personally liable for non-compliance with the audit obligations or a breach of sanctions lists. It is irrelevant who in the company was actually responsible for this or whether it was an oversight or intentional.
What or who needs to be audited?
All persons involved in a transaction – regardless of whether they are domestic or foreign business partners – must be screened before the contract is concluded or executed.
Irrespective of the type of contract, this also applies to domestic contractual partners such as
- Suppliers and service contract partners e.g. also your cleaning company or advertising agency
- Interested parties / customers
- Consignee of goods, should this differ from your contractual partner/invoice recipient
- Transport service providers commissioned by you, such as freight forwarders, courier and express service providers, shipping companies, airlines
- Your insurers and banks
- For AEOs even employees (paragraphs 252/253 – Service regulation AEO).
Which sanction lists need to be checked?
If a company has its registered office and main area of activity in the EU, then the EU sanctions list EU_CFSP – Consolidated list of persons, groups and entities subject to EU financial sanctions is legally binding.
If you do business internationally, other sanctions lists (e.g. the Japanese, British or Swiss lists) may also be relevant to you.
ATTENTION: Special feature USA
The U.S. applies its export control laws extraterritorially. This means that non-US persons can also violate the regulations. If you have connections to the USA or work with goods of American origin, you should urgently check the US lists (in particular the SDN (Specially Designated Nationals And Blocked Persons List) list). Because in addition to penalties for violations, in the worst case scenario you could also end up on the U.S. sanctions lists yourself. Other companies would then stop doing business with you – and getting off the US lists is a lengthy and extremely complicated process, even if you were included there “by mistake”.
Always on the safe side with dbh: Advantage Compliance Sanctions List Check checks against the following daily updated sanctions lists even in the basic package:
- All EU financial sanctions (source: “Official Journal of the EU”)
- All publications in the “Bundesanzeiger”
- All lists recommended for consideration by the U.S. Department of Commerce, including US SDN and US DPL Denied Persons List.
- List of the United Kingdom (HMT Her Majesty’s Treasury)
- Japanese list: Japanese End User List METI (Ministry of Economy, Trade and Industry)
- Australian List: Australia DFAT (Department of Foreign Affairs and Trade).
- Canadian List: OSFI (Office of the Superintendent of Financial Institutions).
- Swiss SECO list
- UN Security Council Consolidated Sanctions List
How must sanctions lists be reviewed?
Compliance with the prohibitions must be ensured on one’s own responsibility – however, there are no precise regulations on how the sanctions lists must be reconciled or what the processes in the company must look like. Many companies rely on a software solution, but it would also be possible to perform a manual check, for example, using the following free databases on the Internet:
- Federal and state justice portal
- EU Sanctions Map
- EU database or EU_CFSP – Consolidated list of persons, groups and entities subject to EU financial sanctions as PDF
However, various updates are made per year and all changes become valid 2 working days after publication in the EU Official Journal. Software such as Advantage Compliance Sanctions List Check is thus the better alternative.
By the way: During customs and foreign trade audits, you may be asked to prove that you regularly comply with your obligation to check the sanctions list, e.g. by submitting an audit report. It is therefore essential that you ensure that all tests and results are documented – even if all tests were in the green. In the event of an inadvertent violation, a proven sanctions list check may have a mitigating effect on the penalty.
When must the sanctions list check be performed?
There is no specific requirement as to when the sanctions list review must be conducted. The legislation refers to this as “regularly”. However, since the sanctions lists change continuously and the regulations take effect two working days after publication in the EU Official Journal, a one-time check of the business partners is in no case sufficient!
In the optimalmall check:
- When recording an interested party or possible supplier
- Before a quotation / offer is made
- Upon receipt of an order
- In between for longer production times / projects
- At the time of export / preparation of export documents (last possibility).
- Before any financial transaction
- Before hiring a new employee
- When guests visit your company premises
Special case USA: Exclusion from the US market in case of sanctions violation
The U.S. interprets its export laws extraterritorially. As a result, companies that trade in U.S. goods or whose business has a connection to the U.S. must also comply with U.S. export control regulations. In the event of violations, companies not only face fines and imprisonment, but it is not uncommon for companies to end up on a “blacklist” themselves. The result: they lose the U.S. market as a sales option – and possibly other customers who, in turn, also check U.S. export control regulations.
How you get around it: the keyword is US (re-)export control.
What happens in case of hits?
Persons, institutions and organizations on sanctions lists may not receive direct or indirect economic support (prohibition of provision). No funds (e.g. for goods, services, salaries, loans, etc.), goods or technologies may be made available to them as a result. Real estate may also not be sold or rented, nor may it be purchased.
Depending on how precise the search is (matches only the name or also the address, different spellings), you will receive more or fewer potential matches for evaluation. Therefore, you should first of all block the business partner in your system until the final clarification and then compare the entries of the sanctions list with your data in detail: does only a part of the name possibly match? Does the entered contact differ clearly from your contact data by further descriptions like address or date of birth?
If you are sure that there is no positive match here, you can carry out the transaction. Important: document the decision and your reasoning!
You are not sure?
- Obtain further information from the export control department of the responsible Chamber of Industry and Commerce.
- Obtain information from BAFA on the hit or the overall transaction
- In case of further uncertainty, the safest way is to submit an informal application for the examination of the hit to BAFA. This leads to a time-intensive examination in which all possible authorities are involved in the process (e.g. also BND, Verfassungsschutz, etc.).
- Still insecurity? = Do not close deal
What are the consequences of violations?
Companies – regardless of where they or their business partner are located, whether they export or import, or conduct domestic business – must check against applicable regulations. Anyone who fails to do so or violates the regulations commits a criminal offense or administrative offense under the Foreign Trade and Payments Act (AWG).
There is usually a criminal investigation by the Office of the Attorney General against:
- the company
- the management
- the responsible parties
Violations of the provisions of the ordinances are either criminal offenses or misdemeanors under the AWG:
- 17 AWG = Acting recklessly, acting on behalf of an intelligence service of a foreign power, and acting on a commercial and/or gang basis, are punishable by imprisonment from one to ten years.
- 18 AWG = The violation as well as the mere attempt of a violation of the Sanctions List Ordinance or prohibitions from applicable law of the European Union, are considered a criminal offense. The penalty is imprisonment from three months to ten years or fines.
- 19 AWG = Whoever fails to provide complete information or acts negligently commits a misdemeanor. This is punishable by a fine of up to €500,000.
In addition to the damage caused by the company’s loss of reputation, the trade may also be prohibited or permits for customs simplifications and facilitations (e.g. authorized economic operator) may be revoked.
It should be noted that even demonstrable negligence is sufficient for legal action to be taken. Similarly, however, in the event of an inadvertent violation, a sanctions list check that can be proven to have been performed may have a mitigating effect on the penalty.
Practical tip: you should clarify these process questions
- Clarify responsibilities:
Who is responsible for the sanctions list check, who takes over the assessment of the hits and who decides on the continuation or termination of the business transaction? Make sure you also have a substitute(s) available for all steps in case of illness or vacation time.
When selecting employees, consider that they must be technically and organizationally capable of making an assessment and being responsible for decisions for or against the execution of a transaction. A combination of review, e.g. by a central coordination office, and final decision in the management is of course also possible.
By the way: from a purely legal point of view, the management remains liable, even if internally another responsible person checks hits and decides on the further course of action.
AL-KO KOBER AG relies on dbh Software Advantage Compliance
“We centrally check all accounts payable, accounts receivable and documents against the various EU and US sanctions lists for all European locations of the AL-KO Group. Thanks to the SAP interface from dbh Logistics IT AG, checking the approx. 300,000 addresses is smooth and efficient.” Wilhelm Gulden, Head of Customs, AL-KO KOBER AG.
- Determine scope of testing:
Who is checked and against which lists should be checked - Determine the timing of the tests
When should your data be checked? During input, during changes to the master data, during order acceptance…
Also remember to regularly check your old master data in addition to new contacts. - How is it tested?
Do you test synchronously or asynchronously, manually or via software, at a central location or decentrally? - Clarify behavior for sanction list hits:
What happens in case of a hit? Who is informed? Who reviews the cases? How does the release or further prohibition take place? How is it ensured that no further business activity takes place despite a hit?
In the best case, you have a work instruction that highlights these issues and clearly formulates how to proceed until a final review and decision by the compliance officer in the event of positive hits. If you use software, it can provide massive support, e.g. through automatic locks that prevent use, e.g. in orders and quotations, until they are released. - Documentation:
How do you prove that the sanctions lists have been checked? Who releases the process physically or by instruction to the processing MAs? Who documents the procedure? In the event of an audit, you must have this information ready. If you have software in use, you usually no longer need to worry about the issue of securing evidence. - Data changes:
How do you ensure that data changes are taken into account within the period of 2 days after publication or that you always have access to up-to-date content? Here, too, software provides optimal support – just make sure that your provider really does provide up-to-the-minute content.
We compile information on knowledge topics with the greatest possible care. However, dbh does not guarantee the completeness, accuracy and timeliness of the information, content and external links to third-party information provided.