OFAC released a periodic enforcement notice on July 29, 2015, this time about Massachusetts-based Blue Robin, Inc. for violating the Iranian Transactions and Sanctions Regulations (ITSR). Blue Robin was fined $82,260 by OFAC for the violations. The allegations center around Blue Robin’s outsourcing of about $205,000 of work to an Iranian technology company named PersiaBME. This case brings three core issues to our attention:
(1) The sanctions are not over, and OFAC has not relented on sanctions enforcement. Many people wrongly think the July 14, 2015 announcement of a Joint Comprehensive Plan of Action (JCPOA) between Iran and the P5+1 (US, UK, France, Russia, China, and Germany) meant that the sanctions regime against Iran is now over. This should be obvious, but with all the news of various foreign delegations traveling to Iran to seal business deals and all the frozen funds being returned to Iran, it is understandable that some may think the sanctions are over. Most importantly to U.S. persons is the fact that the sanctions regime as applies to them will remain largely intact, and even those changes have not been implemented yet, nor will they be implemented for a while.
(2) You cannot outsource technology work to Iran. I get questions about this all the time. “Can we outsource web design to Iran?” The answer is obviously no. It is prohibited in the ITSR as it constitutes the importation of a prohibited service, and will remain so for the time being it seems – there is no indication this will be allowed any time soon. There are a few minor exceptions to the prohibition on the importation of services, but they are very narrow and have many limitations.
(3) Voluntary Self-Disclosures (VSDs) and Compliance Programs should be taken seriously, even by smaller companies. Note the penalty was what it was because Blue Robin voluntarily self-disclosed its violations to OFAC, and because it is a small company experiencing financial difficulty, not in spite of that. VSDs are a great way to mitigate any potential penalties with OFAC, and if they qualify as a “voluntary self-disclosure” under the OFAC penalty guidelines, they are entitled to a 50% discount off the maximum penalties under the IEEPA (the law that enables most sanctions regulations), which can be up to $250,000 or twice the value of the transaction, whichever is greater, per transaction. This is not something just reserved for larger companies. Smaller companies need to also pay attention, and the same thing goes for compliance programs. This is a factor that OFAC does take into consideration when determining penalties.
Many think that having a compliance program signals knowledge of the sanctions regulations and that this could bring about heftier penalties. The reality is that compliance programs show diligence and care for the law. It is certainly not a green light to violate, but compliance programs do reduce the risk of violations, and can help in the event of a violation. A solid compliance program is not one that is necessarily verbose or complicated but rather one that is comprehensive but usable. We have done a number of these for smaller entities. There is no one-size-fits all approach. OFAC is more understanding of an unknowing violation or mistake when a company has a compliance program than when it does not. Not having one signals willful disregard for the law, and sanctions laws are something that are becoming increasingly known in the business community. No company that does any work with overseas or in sensitive technologies should go without one.