university of st. gallen - executive m.b.l.-hsg€¦ · executive master of european and...
TRANSCRIPT
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
1
Sanctions Risk in M&A
Understanding Sanctions, Addressing Sanctions Risk and the Cost of
Getting it Wrong
Vicki Stewart
Supervisor: Christopher Wright
Switzerland, July 2017
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
2
To my Grandparents: ab imo pectore.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
3
I. Table of Contents
Table of Contents I. Table of Contents ........................................................................................... 3
II. List of Abbreviations ..................................................................................... 5
III. Sources ........................................................................................................... 7
IV. Introduction .................................................................................................. 16
A. Thesis Statement ............................................................................................................... 16
B. Statement on Topic Importance ........................................................................................ 16
C. Definition of the Question ................................................................................................. 16
D. Thesis Parameters .............................................................................................................. 17
E. Anticipated Conclusions ................................................................................................... 19
V. Understanding Sanctions ............................................................................. 20
A. Defining Sanctions ............................................................................................................ 20
B. Purpose of Section V ......................................................................................................... 22
C. What are Sanctions Designed to Achieve ......................................................................... 22
D. Why are Sanctions Relevant in M&A ............................................................................... 25
E. Types of Sanctions ............................................................................................................ 26
1. Financial Sanctions ................................................................................. 27
2. Non-Financial Sanctions ......................................................................... 28
F. Entities and Organisations that can Impose Sanctions ...................................................... 28
1. United Nations Security Council (UN Security Council) ....................... 28
2. European Union (EU) ............................................................................. 30
3. National Governments ............................................................................ 32
4. Financial Action Task Force (FATF) ...................................................... 34
VI. Addressing Sanctions Risk .......................................................................... 35
A. Due Diligence .................................................................................................................... 36
B. Legal Drafting in the SPA ................................................................................................. 38
1. Warranties ............................................................................................... 38
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
4
2. Material Adverse Effect .......................................................................... 40
3. Public M&A ............................................................................................ 41
C. Defining a Sanctions Framework ...................................................................................... 41
D. Sanctions Lists and Screening ........................................................................................... 44
E. Managing Alerts ................................................................................................................ 47
VII. The Cost of Getting it Wrong ...................................................................... 48
A. Examples of Breaches ....................................................................................................... 48
B. Weaknesses ....................................................................................................................... 53
C. The Cost of Breaching Sanctions ...................................................................................... 55
D. The Challenges of a Changing Enforcement Regime ....................................................... 57
VIII. Summary and Conclusions .......................................................................... 59
A. Closing Analysis ............................................................................................................... 59
B. Implications of the Paper .................................................................................................. 63
C. Study Limitations .............................................................................................................. 64
D. Recommended Direction for Future Research .................................................................. 65
IX. Appendix ...................................................................................................... 66
X. Abstract ........................................................................................................ 68
XI. Resume ......................................................................................................... 69
XII. Statement ..................................................................................................... 70
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
5
II. List of Abbreviations
BIS Department of Business Innovation and Skills (UK)
CFSP Common Foreign and Security Policy (EU)
DDTC U.S. Department of State, Directorate of Defense Trade Controls
EAR US Export Administration Regulations
ECHR The European Court of Human Rights
ECO Export Control Organisation
EmbA Federal Act on the Implementation of International Sanctions
EU European Union
FATF Financial Action Task Force
FCO Foreign & Commonwealth Office (UK)
FinCEN The Financial Crimes Enforcement Network
HMT Her Majesty's Treasury (UK)
IAEA International Atomic Energy Agency
ITAR International Traffic in Arms Regulations (US)
KYC Know-Your-Client
MAC Material Adverse Change
MAE Material Adverse Effect
M&A Mergers and Acquisitions
OFAC The Office of Foreign Assets Control (US)
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
6
OFSI Office of Financial Sanctions Implementation (UK)
p. Page
PCA The Policing and Crime Act 2017 (UK)
PEP Politically Exposed Person
SDN Specially Designated National
SECO The State Secretariat for Economic Affairs (CH)
SPA Sale and Purchase Agreement
UAE The United Arab Emirates
UK United Kingdom
UN The United Nations
UN DESA United Nations Department of Economic and Social Affairs
US The United States of America
US BIS US Commerce Department's Bureau of Industry and Security
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
7
III. Sources
1. Bousso, R. & Zhdannikov, D., France's Total to go ahead with major Iran gas project:
CEO, Reuters, (20 June 2017), Available at: https://www.reuters.com/article/us-iran-total-
idUSKBN19B0G5 [Last accessed 18 July 2017]
2. Bossuyt, M., The Adverse Consequences of Economic Sanctions on the Enjoyment of
Human Rights, United Nations: Human Rights, Office of the High Commissioner,
Available at:
http://www.ohchr.org/Documents/Events/WCM/MarcBossuyt_WorkshopUnilateralCoerci
veSeminar.pdf [Last accessed: 2 July 2017].
3. Brunsden, J., & Stafford, P., (2017), What is London's euro clearing market and why is
Brussels worried?, Financial Times (13 June 2017), Available at:
https://www.ft.com/content/18dcf566-5025-11e7-bfb8-997009366969?mhq5j=e2 [Last
accessed 2 July 2017].
4. Bureau of Industry and Security, U.S. Department of Commerce, (2017), Export
Administration Regulation Downloadable Files, Available online:
https://www.bis.doc.gov/index.php/regulations/export-administration-regulations-ear
[Last accessed 18 July 2017].
5. Burrell, P., Mortloch, D., Mitchell, R., & Feldberg, P., (2017), The European, Middle
Eastern and African Investigations Review 2017, Global Investigations Review, Available
at:
http://www.willkie.com/~/media/Files/Publications/2017/06/Cross_border_overview_San
ctions_enforcement.pdf [Last accessed: 6 July 2017].
6. Clifford Chance, (2015) Be clear on sanctions and export controls: 5 questions you need
to ask, Available online:
http://globalmandatoolkit.cliffordchance.com/downloads/5_questions_Sanctions_Risk.pdf
[Downloaded 7 June 2017].
7. Clyde & Co., (2012), Breaching sanctions: The consequences, Sanctions Update
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
8
(May 2012), Available at:
https://www.clydeco.com/uploads/Blogs/sanctions/files/CC001200_Sanctions_update_18.
05.pdf [Last accessed: 4 July 2017].
8. Council of Europe, (2017), Committee of Experts on the Evaluation of Anti-Money
Laundering Measures and the Financing of Terrorism, Available online:
http://www.coe.int/en/web/moneyval [Last accessed 18 July 2017].
9. DDTC website, (2008) Proposed charging letter for Northrop Grumman Corporation,
available at:
http://pmddtc.state.gov/compliance/consent_agreements/pdf/NorthropGrummanCorp_Pro
posedChargingLetter.pdf [Last accessed 8 July 2017].
10. Descartes (2016), Business White Paper: Denied Party Screening (DPS) & The Rise of the
Mega Fine and related infographic, Available online: https://www.descartes.com/DPS-
infographic-MA-Q2FY17 [Downloaded 7 June 2017].
11. Ed. Elleman, B., and Paine, S., (2006) Naval Blockades and Seapower: Strategies and
counter-strategies, 1805-2005, Goldrick, J., Maritime Sanctions Enforcement against Iraq,
1990-2003 (Routledge, London/New York) Available at:
https://books.google.ch/books?id=Vr9-
AgAAQBAJ&lpg=PA201&dq=sanctions%20sea%20blockade&hl=de&pg=PP1#v=onepa
ge&q=sanctions%20sea%20blockade&f=false [Last accessed 1 July 2017].
12. Ernst & Young Global, (2016), Effective screening control for sanctions and AML risk
management, Available online: http://www.ey.com/Publication/vwLUAssets/ey-effective-
screening-controls-for-sanctions-and-aml-risk-management/$FILE/ey-effective-screening-
controls-for-sanctions-and-aml-risk-management.pdf [Last accessed: 16 July 2017].
13. Escribà-Folch, A., (2008), Dealing with Tyranny: International Sanctions and Autocrats'
Duration, Presented at Conference 'Dictatorships: Their Governance and Social
Consequences', Princeton University 2008, Available online:
https://www.princeton.edu/~piirs/Dictatorships042508/Escrib%E0.pdf [Last accessed
19 June 2017].
14. EU P2P, (2017), Export Control Programme for Dual Use Goods, Available at:
https://export-control.jrc.ec.europa.eu/Home/Dual-use-trade-control [Last accessed:
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
9
16 July 2017].
15. EU P2P, (2017), EU P2P Export Control Programme, Available at: https://export-
control.jrc.ec.europa.eu/ [Last accessed: 16 July 2017].
16. European Council, (2017), Different Types of Sanctions, Available at:
http://www.consilium.europa.eu/en/policies/sanctions/different-types/ [Last accessed
3 July 2017].
17. European Union External Action, (2017), Sanctions policy, Available at:
https://eeas.europa.eu/topics/sanctions-policy_en [Last accessed: 18 July 2017].
18. Eversheds Sutherland (2017), UAE: Global Sanctions Guide, Available at:
http://sanctionsguide.eversheds.com/countries/uae/ [Last accessed: 16 July 2017].
19. FATF, (2017), International Standards on Combating Money Laundering and the
Financing of Terrorism & Proliferation, The FATF Recommendations, Updated
June 2017, Available at: http://www.fatf-
gafi.org/media/fatf/documents/recommendations/pdfs/FATF%20Recommendations%202
012.pdf [Last accessed 2 July 2017].
20. FATF, (2013), Politically exposed persons (Recommendations 12 and 22), FATF
Guidance (June 2013), Available at: http://www.fatf-
gafi.org/media/fatf/documents/recommendations/Guidance-PEP-Rec12-22.pdf [Last
accessed: 16 July 2017].
21. Federal Department of Foreign Affairs, (2014) UN policy of Switzerland, (June 2014),
Available at:
https://www.eda.admin.ch/dam/eda/en/documents/aussenpolitik/internationale-
organisationen/20140814-UNO-Politik-der-Schweiz_EN.pdf [Last accessed 4 July 2017].
22. Global Policy Forum (2000), The Adverse Consequences of Economic Sanctions,
Available at: https://www.globalpolicy.org/security-council/42495-sanctions.html [Last
accessed: 2 July 2017].
23. Global Policy Forum (2017), Sanctions, Available at:
https://www.globalpolicy.org/security-council/42495-sanctions.html [Last accessed:
2 July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
10
24. Harroch, R. & Lipkin, D., (2014), 20 Key Due Diligence Activities In a Merger and
Acquisition Transaction, Forbes (19 December 2014), Available at:
https://www.forbes.com/sites/allbusiness/2014/12/19/20-key-due-diligence-activities-in-a-
merger-and-acquisition-transaction/#fe7e8644bfc2 [Last accessed 16 July 2017].
25. International Compliance Association, (2015), Specialist Certificate in Managing
Sanctions Risk Course Manual, (International Compliance Training Ltd, Birmingham).
26. Lederman, J., (2017) US hits Hamas military commander with terrorism sanctions, AP
News (6 April 2017), Available at:
https://apnews.com/a180fc09f9cb4c03aa148da7b3f1d904/us-hits-hamas-military-
commander-terrorism-sanctions [Last accessed: 1 July 2017].
27. Leigh, D., Ball, J., Garside, J. & Pegg D., (2015) HSBC Files: Swiss bank hid money for
suspected criminals, The Guardian, (12 February 2015) Last Accessed:
https://www.theguardian.com/news/2015/feb/12/hsbc-files-swiss-bank-hid-money-for-
suspected-criminals) [Last accessed 2 July 2017].
28. Macabacus, (2017), Private vs. Public Deals, Available at:
http://macabacus.com/mechanics/private-vs-public [Last accessed: 16 July 2017].
29. Nestlé, (2017), Investments, Available at: http://www.nestle-
me.com/en/media/investments [Last accessed 25 June 2017].
30. O'Connell, M.E., (2002), Debating the Law of Sanctions, EJIL (2002), Vol. 13 No. 1, 63-
79 Available online: http://www.ejil.org/pdfs/13/1/473.pdf [Last accessed 22 June 2017].
31. OFAC, (2017), Resource Center – OFAC FAQ: Sanctions Lists and Files, Available at:
https://www.treasury.gov/resource-center/faqs/Sanctions/Pages/faq_lists.aspx [Last
accessed: 16 July 2017].
32. OFSI, (2017), Announcements, Consultations and Publications, Available at:
https://www.gov.uk/government/organisations/office-of-financial-sanctions-
implementation [Last accessed: 8 July 2017].
33. OFSI, (2017), Financial Sanctions: Guidance, HM Treasury (April 2017), Available at:
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/605980/OF
SI_Financial_Sanctions_-_Guidance_-_April_2017.pdf [Last accessed: 8 July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
11
34. OFSI, (2017), New penalties for breaching financial sanctions now in force, HM
Treasury, OFSI and Simon Kirby (3 April 2017), Available at:
https://www.gov.uk/government/news/new-penalties-for-breaching-financial-sanctions-
now-in-force [Last accessed: 4 July 2017].
35. Oxford Dictionary, (2017), Sanction, Available at:
https://en.oxforddictionaries.com/definition/sanction (last accessed 1 July 2017)
36. Parker, A., Bureiko, K. & Sharma, A., (2016), UK’s OFSI to Impose Cash Penalties for
Sanctions Violations, Debevoise & Plimpton, (6 December 2016) Available at:
http://www.debevoise.com/~/media/files/insights/publications/2016/12/20161206_uks_of
si_to_impose_cash_penalties_for_sanctions_violations.pdf [Last accessed 8 July 2017].
37. Pereira, A. & de Alba, A., (2014), Anti-Money Laundering controls in Mergers &
Acquisitions, Lexis Nexis (June 2014), Available at:
https://www.lexisnexis.com/risk/intl/de/resources/whitepaper/Controls-Mergers-
Acquisitions-AML.pdf [Last accessed: 4 July 2017].
38. Rambolamanana, V., (2016), Iraqi Wins UN Sanctions Case against Switzerland, Justice
Info.net (2 July 2016) Available at: http://www.justiceinfo.net/en/frontpage/iraqi-wins-un-
sanctions-case-against-switzerland.html [Accessed 2 July 2017].
39. Rathbone, M., & Lentz, A.J., (2013) Export Compliance in the M&A Context, Chapter 10,
Handbook of Export Controls and Economic Sanctions, (June 2013), Available at:
http://www.steptoe.com/assets/htmldocuments/Handbook%20of%20Export%20Controls
%20and%20Economic%20Sanctions.pdf [Last accessed 8 July 2017].
40. Red Flag Group, (2017), Webinar Slides: Pre-M&A Third Party Due Diligence, (2 March
2017), Available at:
https://static1.squarespace.com/static/54a3ac8ce4b037e9babb513f/t/58c0ad3e893fc02bf0
654f0c/1489022282910/MA+Due+Diligence-+The+Red+Flag+Group+March+2017.pdf
[Last accessed 16 July 2017].
41. Robertson, E. & Patel, S., (2017), The Policing and Crime Act 2017: Changes to the UK
Financial Sanctions Regime Skadden, (3 July 2017) Available at:
https://www.skadden.com/insights/publications/2017/03/the-policing-and-crime-act-2017
[Last accessed 8 July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
12
42. Schellenberg Wittmer, (2014), Sanction Compliance – An increasingly important risk
factor in transactions, Available online: http://www.swlegal.ch/Publications/The-M-A-
Perspective/The-M-A-Perspective-III-2014.aspx [Last accessed 7 June 2017].
43. State Secretariat for Economic Affairs, (2017), Sanctions / Embargoes, Available online:
https://www.seco.admin.ch/seco/en/home/Aussenwirtschaftspolitik_Wirtschaftliche_Zusa
mmenarbeit/Wirtschaftsbeziehungen/exportkontrollen-und-sanktionen/sanktionen-
embargos.html?_organization=703&_pageIndex=0 [Last accessed 16 July 2017].
44. Strosnider, K., & Bartenstein, S., (2015) US Trade Controls Considerations During M&A
and Transactional Due Diligence (16 December 2015) The Review of Securities &
Commodities Regulations Vol 48, No 22, Available at: https://www.cov.com/-
/media/files/corporate/publications/2015/12/us_trade_controls_considerations_during_ma
_and_transactional_due_diligence_2015.pdf [Last accessed 8 July 2017].
45. Thompson, M., (2011), A Guide to MAC (material adverse change) Clauses in M&A
Transactions, Steptoe & Johnson LLP (12 May 2011), Available at:
http://www.steptoe.com/publications-7569.html [Last accessed at: 15 July 2017].
46. Thomson Reuters, (2017), World-Check, Available at:
https://risk.thomsonreuters.com/en/products/world-check-know-your-customer.html [Last
accessed 16 July 2017].
47. Trace International, (2017), Notable increase in bribery enforcement worldwide
according to TRACE's seventh annual Global Enforcement Report, (2 March 2017),
Available at: http://www.prnewswire.com/news-releases/notable-increase-in-bribery-
enforcement-worldwide-according-to-traces-seventh-annual-global-enforcement-report-
300416608.html?tc=eml_cleartime [Last accessed: 16 July 2017].
48. Trachsler, D., (2010), Economic Sanctions: Silver Bullet or Harmless Dud? CSS Analysis
in Security Policy, Available at: http://www.css.ethz.ch/content/dam/ethz/special-
interest/gess/cis/center-for-securities-studies/pdfs/CSS-Analyses-83.pdf [Last accessed
2 July 2017].
49. Transparency International, (2017), Anti-Bribery Due Diligence for Transactions,
Available here: http://www.transparency.org.uk/publications/anti-bribery-due-diligence-
for-transactions/ [Last accessed: 16 July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
13
50. UK Government, (2017), Sanctions, embargoes and restrictions, Available at:
https://www.gov.uk/guidance/sanctions-embargoes-and-restrictions [Last accessed: 2 July
2017].
51. UK Policing and Crime Act 2017, Available at:
http://www.legislation.gov.uk/ukpga/2017/3/pdfs/ukpga_20170003_en.pdf [Last accessed
8 July 2017].
52. United Nations, Charter of the United Nations, 24 October 1945, 1 UNTS XVI, Available
online: http://www.un.org/en/sections/un-charter/chapter-vii/index.html [Last accessed
2 July 2017].
53. United Nations Security Council Subsidiary Organs, (2017) Consolidated United Nations
Security Council Sanctions List, Available online:
https://www.un.org/sc/suborg/en/sanctions/un-sc-consolidated-list [Last accessed 18 July
2017].
54. United Nations Secretary-General, (2016), Secretary-General's remarks at Dag
Hammarskjöld lecture: 'Evolving Threats, Timeless Values: The United Nations In A
Changing Global Landscape' [as prepared for delivery], Available at:
https://www.un.org/sg/en/content/sg/statement/2016-03-30/secretary-generals-remarks-
dag-hammarskj%C3%B6ld-lecture-%E2%80%9Cevolving [Last accessed: 2 July 2017].
55. U.S. Department of Commerce, Bureau of Industry and Security, (2017), Annual Report
to the Congress for Fiscal Year 2016, Available at:
https://www.bis.doc.gov/index.php/forms-documents/about-bis/newsroom/1629-bis-
report-to-congress-fy-2016/file [Last accessed 8 July 2017].
56. U.S. Department of State, (2017), State Department Terrorist Designation of Abu Anas al-
Ghandour, Available at: https://www.state.gov/r/pa/prs/ps/2017/04/269504.htm [Last
accessed 1 July 2017].
57. U.S. Department of State, Directorate of Defence Trade Controls, (2017), The
International Traffic in Arms Regulations (ITAR), Available online:
http://www.pmddtc.state.gov/regulations_laws/itar.html [Last accessed 18 July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
14
58. U.S. Department of the Treasury, (2013), Resource Center – Enforcement Information for
January 2, 2013, Available at: https://www.treasury.gov/resource-
center/sanctions/civpen/documents/20130102_ellman.pdf [Last accessed: 8 July 2017].
59. U.S. Department of the Treasury, (2017), Resource Center – Guidance on OFAC
Enforcement Policy, Available at: https://www.treasury.gov/resource-
center/sanctions/OFAC-Enforcement/Pages/enforcement.aspx [Last accessed: 4 July
2017].
60. U.S. Department of the Treasury, (2017), Resource Center – Sanctions Programs and
Country Information, Available online: https://www.treasury.gov/resource-
center/sanctions/Programs/Pages/Programs.aspx [Last accessed 18 July 2017].
61. U.S. Department of the Treasury, (2017), Resource Center - Settlement Agreement
between the U.S. Department of the Treasury’s Office of Foreign Assets Control and
American International Group, Inc. (26 June 2017), Available at:
https://www.treasury.gov/resource-center/sanctions/OFAC-
Enforcement/Pages/20170626_33.aspx [Last accessed: 8 July 2017].
62. U.S. Government Publishing Office, (2016), Appendix A to Part 501 – Economic
Sanctions Enforcement Guidelines, Available at: https://www.ecfr.gov/cgi-bin/text-
idx?SID=6796e37b78ede7e105e8fb288f461b9b&mc=true&node=ap31.3.501_1901.a&rg
n=div9 [Last accessed: 16 July 2017].
63. U.S. Government Publishing Office, (2016), Guidance on Charging and Penalty
Determinations in Settlement of Administrative Enforcement Cases, Federal Register
Volume 81, Issue 120 (22 June 2016), Available at:
https://www.gpo.gov/fdsys/granule/FR-2016-06-22/2016-14770/content-detail.html [Last
accessed 16 July 2017].
64. Velásquez Ruiz, M.A., (2012), International Law and Economic Sanctions Imposed by the
United Nations' Security Council. Legal Implications in the Ground of Economic, Social
and Cultural Rights, Int. Law: Rev. Colomb. Derecho Int. Bogatá (Colombia) No. 21:
223-254 June-December 2012, Available at:
http://www.scielo.org.co/scielo.php?script=sci_arttext&pid=S1692-81562012000200008
[Last accessed 2 July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
15
65. Vock, R., (2014), UNO-Sanktionen: Umsetzung in der Schweiz, Die Volkswirtschaft,
Available online: http://dievolkswirtschaft.ch/de/2014/12/vock/ [Last accessed 20 June
2017].
66. Wragg, A., (2014), Lloyd's Sanctions Guidance – Sanctions Clauses (REF: Y4832),
17 October 2014.
67. Interviews conducted for the paper as further detailed in the Appendix.
68. Example SPAs from various confidential transactions.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
16
IV. Introduction
A. Thesis Statement
The development and maintenance of a robust approach to sanctions implementation is vital
for mergers and/or M&A transactions because it improves monitoring, prevents breaches of
law and reduces reputational risk.
B. Statement on Topic Importance
With perpetual pressure to close M&A transactions faster and under an increasing burden to
reduce costs, the importance of a robust due diligence process in relation to sanctions can
sometimes be missed in the eagerness to 'get the deal done'. This paper will detail why
addressing sanctions risk in M&A should be one of the top items to be addressed by a
company along with the usual elements such as the price to be paid.
In practice, sanctions are the closest to the front line of the fight against crime and terrorism
that either most companies will get while incorporated or individuals will get during their
professional lives. It is vital for businesses and employees to understand their obligations in
relation to domestic and international sanctions and embargoes. Failure to address these
matters could result in the companies, management and agents involved facing legal and
regulatory issues which are both costly and reputationally damaging.
C. Definition of the Question
A merger or acquisition presents an array of legal and compliance risks. When such a
transaction has an international dimension, be it that the transaction transcends international
boundaries; the target has subsidiaries or operations in a different country; or the target
operates in a regulated industry, due diligence requires that the potential risk of breaching
national and international sanctions be assessed. These sanctions can take the form of trade
controls, import and export rules, economic sanctions, anti-boycott regulations and restricted
individual lists and come from international or national law. While superficially, sanctions
may not be considered a dynamic field, this paper will show that this is erroneous, with
sanctions themselves changing regularly to keep pace with international developments. The
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
17
sanctions in place remain in a permanently dynamic state of flux in response to this.
Additionally, the process of enforcement is noticeably behind the system for implementing
sanctions at the international and national level. Therefore enforcement against breaches will
also be examined in this paper.
The purpose of this paper is threefold:-
Firstly, it will seek to define what sanctions are and why sanctions are relevant in an M&A
context. Without this understanding, the element of commercial and reputational risk to the
companies, management and advisers involved is increased. The paper will also outline what
organisations can set sanctions. It is necessary to address both these elements at the outset to
provide a backdrop for the later sections of the paper.
Secondly, the paper will examine how companies and deal teams can address sanctions risks
within their transactions. This will concentrate upon the due diligence process and relevant
warranties that can be built in to the SPA. Practically, a comprehensive compliance procedure
coupled with sound professional advice is vital to mitigate the risk of an inadvertent breach.
Thirdly, the paper will look at what happens when there is a breach of sanctions in connection
with an M&A transaction. This involves the examination of available case law and an
analysis of the development of the enforcement process. This is a dynamic area, however, is
still in an early stage of development. Due to this, the author will hypothesise how this field
could develop.
Throughout the paper, the author will refer back to the theme of sanctions in the M&A
context and highlight the relevance of the analysis in context in order to prove – or disprove –
the initial paper statement. To achieve this, the setting of clear parameters is vital.
D. Thesis Parameters
This paper will show that the development and maintenance of a robust approach to sanctions
implementation is vital for M&A. In order to achieve that objective, it will assess the source
of sanctions, identify the key elements to mitigate sanctions risks and shall also analyse the
recourse available to regulators if such steps are not taken.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
18
It has been necessary to limit the scope of the paper. The topic is wide ranging and not all
elements are relevant for M&A, therefore not all sanctions shall be discussed in detail. While
defining sanctions is not complicated in itself, providing a narrow definition for the purposes
of this paper does not do justice to the many facets of the field. Therefore, the author will
rather concentrate attention on specific practical examples of the operation of sanctions.
Doing so does not trivialise sanctions that are not included within the examples or imply that
they are somehow the lesser for not being examined in depth, but rather highlights the
complexity behind each example that is given. In turn, this shows that the field of sanctions
analysis is a complex one with many moving parts that deserves greater academic study. Such
study would both enrich the business environment and also give wider awareness to the
importance of international law in upholding broadly acceptable international norms.
There is also a geographic limitation to the paper. While sanctions can be found worldwide,
the thesis concentrates on three jurisdictions in particular: the United Kingdom (UK), the
United States of America (US) and Switzerland. The US has been selected as it has its own
sanctions regime. It also has the most developed regulatory framework for dealing with
sanction breaches. Finally, as a litigious environment, it is anticipated that the US will provide
examples of cases brought against companies for sanctions breaches in an M&A context. The
UK has been selected as it arguably has the most developed business and finance law in
Europe with many transactions taking place under English law. Finally, Switzerland has been
selected as a contrast, as it is a small jurisdiction with an approachable sanctions regulator.
Given Switzerland's neutral status, it provides a different angle and motivation for regulatory
compliance and enforcement. It is impossible to analyse sanctions without also examining
internationally applied sanctions and the international context. One of the key sources for
sanctions policy is the uniquely placed United Nations. Therefore, over the national regimes
of all three countries will be sanctions under international law, being internationally imposed,
rather than solely nationally imposed.
There has been some limited study carried out, mainly by law firms rather than academics, on
the impact of sanctions on transactions. The focus of reviews to date has been predominantly
on trade sanctions, especially in the US, as well as updates on changes in enforcement
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
19
procedures. One of the limitations of the existing work is that it is addressed more at the
business and prospective client level rather than at an academic audience. While this is not
necessarily a negative (as the pieces provide tangible and manageable advice for addressing
sanctions risk), there is even less academic analysis of sanctions risk and the wider picture as
to the trends in this sensitive area.
This lack of clear analysis or prior academic research within the sanctions setting encouraged
the author to explore the issue and in the context of this paper. It is not anticipated that there
will be a broad range of different advice or opinions available, however, where this is
currently lacking, the author will suggest possible outcomes and balanced views as to where
the regulators may next develop their sanctions policies.
E. Anticipated Conclusions
The author expects that the thesis statement will be proved.
The author anticipates that despite the growing number of high profile cases against financial
institutions for breaching financial sanctions around know-your-client (KYC) checks and
SWIFT payments, the study of sanctions within M&A will still be relatively underdeveloped.
This will mean that there will be a limited number of cases available for examination, but that
each case will bring greater understanding of the regulators' developing position on breaches.
The author is aware that companies will be sensitive about revealing their M&A dealings.
Additionally, it is anticipated that companies will be reluctant to discuss in detail any business
that they carry out in countries which have sanctions imposed against them, or in a product
that has import and export restrictions levied against it. It is therefore likely that the amount of
quantifiable data will be severely restricted. Information that is disclosed is likely to be on a
confidential basis. This will make it difficult to assess the significance of the data in context.
If a company identifies a sanctions issue, it will either seek to have the restriction fixed prior
to closing the transaction or it will end negotiations until the target has dealt with the issue
itself. It is therefore predicted that either: issues that have been identified will have been
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
20
resolved; or sanctions-related issues that have resulted in a merger or acquisition not
proceeding will not be openly discussed.
The author expects that when companies in general are contemplating and implementing
M&A, that they are inadequately prepared to identify sanctions risks. However, at the same
time, the author believes that those companies which operate internationally either: in
countries that have sanctions imposed against them; or have products that are often restricted
by trade regulations or export rules, will be more knowledgeable of their obligations and will
be prepared accordingly. Consequently, companies that are most at risk of a breach are better
equipped to deal with the issue. It is therefore likely to be companies that do not have a
regular need to address sanctions risks within their compliance procedures that will be more at
risk. Such companies are not expected to have the appropriate compliance procedures in place
and hence will either not identify the correct risks or will have to rely upon external expertise
to manage the risks.
In the current international political climate and given the trend towards globalisation, the
author expects governments to increase individual national regulators' powers during the
coming years. This will also increase their ability to enforce against companies for breaches.
Fines to date are likely to have targeted institutions or companies involved rather than
individuals. This has limited any negative publicity and leaves it open for governments to
increase the penalties available to regulators without adverse public reaction. For these
reasons, the use and development of monetary fines in the US is likely to spread to non-US
countries. Not only is this seen by the regulators as an effective means of deterrence for the
companies involved, but also such fines provide a source of additional income for the state.
V. Understanding Sanctions
A. Defining Sanctions
Prior to addressing the issues outlined in the introduction, it is necessary to first define
sanctions for the purposes of this paper.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
21
International sanctions fall within three distinct categories to distinguish between the political
contexts for their initiation. Firstly there are sanctions that are designed to contain a threat to
peace within a geographical area. An example of this is the sanctions placed upon Russia
following military intervention in the Crimea Peninsula in Ukraine in 2014 with another
example being the sanctions placed upon Iraq following its invasion of Kuwait in 1990.
Secondly, there are sanctions that are designed to ensure cooperation with international law.
An example is the imposition of sanctions and economic embargoes against Iran in
connection with the development of its nuclear capabilities and non-compliance with the
safeguards established and administered by the IAEA. Thirdly are the sanctions applied
following decisions of the UN Security Council0F
1 pursuant to Chapter VII of the United
Nations Charter, Article 41 under which the UN Security Council "may decide what measures
not involving the use of armed force are to be employed to give effect to its decisions, and it
may call upon the Members of the United Nations to apply such measures. These may include
complete or partial interruption of economic relations and of rail, sea, air, postal,
telegraphic, radio, and other means of communication, and the severance of diplomatic
relations."1F
2 UN Security Council-imposed sanctions condemn actions of a specific member,
or non-member, nation.
These categories outline the basis upon which sanctions are applied; however sanctions are
not solely applied by one nation, or group of nations, against another. Sanctions can also be
targeted against specific individuals, for example, Son Jong Hyok appears on the UN Security
Council's list of sanctioned persons as a KOMID2F
3 official that has conducted business in
Sudan on behalf of KOMID’s interests. Additionally, sanctions can target specific industries
or actions, such as the absolute prohibition imposed on the two-way trade in arms applied
against Sierra Leone, which affects not only companies that sell weapons, but also companies
1 Current List of UN Security Council sanctions: https://www.un.org/sc/suborg/en/sanctions/un-sc-consolidated-list [Last
accessed: 22 June 2017].
2 United Nations, Charter of the United Nations, 24 October 1945, 1 UNTS XVI, http://www.un.org/en/sections/un-
charter/chapter-vii/index.html [Last accessed: 2 July 2017].
3 Korea Mining and Development Trading Corporation, North Korea's primary arms dealer and main exporter of goods and
equipment.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
22
that make components that could be utilised in weapons, such as chemical companies. In the
context of M&A, this means being fully aware of who is involved in the management of the
target, the products produced by the target, where business is undertaken, where sales are
made and the delivery routes.
B. Purpose of Section V
The purpose of this section is fourfold: firstly, to identify different types of sanctions;
secondly, to outline the purpose of the imposition of sanctions; thirdly, to identify which
organisations can impose them and fourthly, to comment upon why the consideration of
sanctions is important generally, before the following sections go into further details of
sanctions in the M&A context.
While the introduction has given a narrow definition of sanctions for the purposes of this
paper, it is necessary to consider the topic of sanctions in the context of the wider sanctions
framework in order to have a fuller understanding of the complexities involved with
compliance.
C. What are Sanctions Designed to Achieve?
The Oxford English Dictionary defines a 'sanction' as: "a threatened penalty for disobeying a
law or rule". It goes on to state that 'sanctions' are: "measures taken by a state to coerce
another to conform to an international agreement or norms of conduct, typically in the form
of restrictions on trade or official sporting participation."3F
4
Governments and international authorities impose sanctions primarily to prevent terrorism, to
prevent an increase or spread of weapons of mass destruction, be they nuclear, biological or
chemical, to protect civilians and to resolve conflicts. The role of sanctions in order to achieve
these objectives includes seeking to change the behaviour of the targeted country or
individual. Returning to the example of Son Jong Hyok given earlier, the personal sanction
against him aims to change his behaviour so that he stops conducting business in Sudan on
4 Oxford Dictionary: Definition of 'sanction', Available at: https://en.oxforddictionaries.com/definition/sanction [Last
accessed: 1 July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
23
behalf of KOMID’s interests. The individual on the targeted list is often made aware of the
reason for the sanctions being imposed within the targeted sanctions list itself, thereby making
it clear what behaviour needs to stop in order for the sanction to be lifted. Naturally the same
applies to organisations.
Sanctions also seek to apply pressure on the targeted country or regime to comply with a set
of objectives. For example, Iran's ability to carry on business with the outside world was
severely restricted by sanctions while it was building its nuclear programme. When Iran took
steps to curb this programme, the sanctions against it were eased.
Sanctions can also be used as an enforcement tool. As per Goldrick (2006): the US-led UN
coalition's thirteen year sea blockade of Iraq from 1990 to 2003 is "one of the most significant
and eventually successful exercises of naval power in recent years. There can be no doubt
that enforcement of the sanctions progressively debilitated Iraqi combat power to the extent
that it could not provide effective conventional resistance to the coalition forces in the 2003
conflict."4F
5 However, while for some like Goldrick, the blockage is seen as a success, it
resulted in broader condemnation of the sort of wide economic sanctions it enforced.5F
6
Finally sanctions are used to restrict the funding of individuals, entities or groups associated
with criminal or terrorist activity. For example in April 2017, the US State Department
designated Abu Anas al-Ghandour, a Hamas military commander, as a global terrorist,
thereby freezing any assets held by him or on his behalf in the US and barring US Persons6F
7
5 Ed. Elleman, B. & Paine, S., (2006) Naval Blockages and Seapower: Strategies and counter-strategies, 1805-2005,
(Routledge, London / New York) p. 201 Available at: https://books.google.ch/books?id=Vr9-
AgAAQBAJ&lpg=PA201&dq=sanctions%20sea%20blockade&hl=de&pg=PP1#v=onepage&q=sanctions%20sea%20blocka
de&f=false [Last accessed: 1 July 2017].
6 Global Policy Forum, (2000), The Adverse Consequences of Economic Sanctions, Available at:
https://www.globalpolicy.org/global-taxes/42501-the-adverse-consequences-of-economic-sanctions.html [Last accessed 2
July 2017].
7 US Person means: Individuals: US citizens, green card holders and permanent resident aliens located anywhere in the
world; individuals, regardless of citizenship, physically located in the US. Entities: Physically located in the US, including
US branches of entities from any other jurisdiction. Includes foreign branches of US incorporated entities and some
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
24
from doing business with him.7F
8 As per the State Department (2017), the designation: "notifies
the U.S. public and the international community that Ghandour has committed or poses a
significant risk of committing acts of terrorism. Designations expose and isolate
organizations and individuals, and result in denial of access to the U.S. financial system.
Moreover, designations can assist or complement the law enforcement actions of other U.S.
agencies and other governments."8 F
9
Dag Hammarskjöld famously said that the United Nations: "was not created to take mankind
to heaven, but to save humanity from hell."9F
10 This quotation could equally apply to sanctions
regimes, as policy-makers increasingly use sanctions as the tool of choice to respond to
geopolitical challenges and the increased threat of terrorism.
While financial institutions and the financial sector are at the forefront of the fight against
financial crime, it is also a regulatory requirement for financial institutions to combat money
laundering, terrorist financing and sanctions breaches.
It is not only the financial industry that is affected, with companies in industries such as oil
and gas, as well as commodity traders, needing to be alert to sanctions and to implement a
robust compliance programme to ensure minimal exposure to sanctions risks. With the correct
framework in place, business can flourish. Without it, then the full weight of national and
subsidiaries in certain instances. Source: International Compliance Association, Specialist Certificate in Managing Sanctions
Risk Course Manual (2015) p.10.
8 US Department of State - State Department Terrorist Designation of Abu Anas al-Ghandour
https://www.state.gov/r/pa/prs/ps/2017/04/269504.htm [Last accessed: 1 July 2017].
Lederman, J., (2017), US hits Hamas military commander with terrorism sanctions, AP News: 6 April 2017
https://apnews.com/a180fc09f9cb4c03aa148da7b3f1d904/us-hits-hamas-military-commander-terrorism-sanctions [Last
Accessed 1 July 2017].
9 State Department Terrorist Designation of Abu Anas al-Ghandour, (ibid).
10 Secretary General's remarks at Dag Hammarskjöld lecture: 'Evolving threats, timeless values: The United Nations in a
changing global landscape', (30 March 2016), Available at: https://www.un.org/sg/en/content/sg/statement/2016-03-
30/secretary-generals-remarks-dag-hammarskj%C3%B6ld-lecture-%E2%80%9Cevolving), [Last accessed 2 July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
25
international law as well as financial penalties, criminal proceedings and bad press can
follow. Just ask HSBC.10F
11
D. Why are Sanctions Relevant in M&A?
As shown in the preceding paragraphs, sanctions are a tool by which national governments
and the international community contain threats and ensure cooperation with international
law. In relation to M&A transactions, compliance with sanctions is primarily relevant for
individuals and companies, as it is critical that such individuals and companies fulfil their
legal and regulatory obligations in support of the wider political aims of the international
community.
There are some industries for which the application of sanctions is more relevant than others,
for example, industries producing or trading in goods which appear on the UK's strategic
export control list11F
12. This does not mean that other individuals and companies can relax their
vigilance. As will be shown within this section of the paper, sanctions come from many
sources and can apply to individuals, organisations, regimes and geographical locations.
In relation to M&A transactions, sanctions play a different role in comparison to daily trade.
This is because M&A transactions require not only thorough due diligence, but a watertight
contract and an element of trust. One company cannot know the business of the other to the
same extent that the second company knows itself.
This paper suggests that the law of M&A has still yet to catch up with modern sanctions
policies, with lawyers preferring to evade the issue rather than addressing it head-on. For
example, most SPAs only include a general compliance with laws provision along the
11 Leigh, D., Ball, J., Garside, J. & Pegg D., (2015) HSBC Files: Swiss bank hid money for suspected criminals, The
Guardian, (12 February 2015) Last Accessed: https://www.theguardian.com/news/2015/feb/12/hsbc-files-swiss-bank-hid-
money-for-suspected-criminals) [Last accessed 2 July 2017].
12 (a) Weapons and explosives, (b) goods, technology, software or components designed or modified for military use, and (c)
dual use goods, technology, software, documents or diagrams which must meet certain technical standard and could be used
for military or civilian purposes, e.g. including but not limited to chemical agents, electronics, sensors, lasers and machine
tools.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
26
following lines: "The Company does and has at all times conducted the Business and all of its
affairs in accordance with all applicable laws, regulations, European treaty provisions and
directives in all jurisdictions in which it carries on business or which apply to the
Business."12F
13
While such a provision does – at least contractually – give one party legal recourse in the
event that this representation turns out to be false, it does not protect that same party from the
legal and regulatory ramifications of entering into a merger or acquisition where the other
party has breached sanctions. Within section VI.B (Legal Drafting in the SPA), this paper
shall propose additional representations and warranties that parties would be wise to consider
including in their SPA.
It is therefore vital to have a thorough understanding of the relevant sanctions that could apply
while carrying out the due diligence for an M&A transaction and before closing the
transaction.
E. Types of Sanctions
In the following section, this paper shall outline some of the different types of sanctions that
are available to legislators and regulators, which will affect an M&A transaction and its
participants.
Sanctions in a broad sense are referred to as 'diplomatic sanctions' by the European Council.13F
14
These include the interruption of diplomatic relations or the coordinated recall of diplomats.
For the purposes of M&A transactions, such actions can act as an early warning system of an
increased risk of future, more targeted, sanctions.
13 SPA precedent.
14 European Council, (2017), Different Types of Sanctions, Available at:
http://www.consilium.europa.eu/en/policies/sanctions/different-types/ [Last accessed 3 July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
27
1. Financial Sanctions
Financial sanctions are a preferred tool for sanctions measures. Financial sanctions can target
a specific individual, organisation or regime, which can make them very effective without
causing economic hardship for the wider population.
An example of a financial sanction which is applicable for an M&A transaction is asset
freezing. This is where the target of the sanctions is prevented from having access, directly or
indirectly, to funds or economic resources. There have been a number of high profile asset
freezes in recent years, such as the Swiss freezing of Russian assets in connection with
Crimea. However, the freezing of assets cannot be made arbitrarily. In 2016, the European
Court of Human Rights (ECHR) upheld a previous decision in favour of Khalaf M. Al-
Dulimi, the suspected finance boss of Iraqi secret services under Saddam Hussein, against
Switzerland following the Federal Department of Economic Affairs' seizure in 2006 of 86,276
Swiss francs belonging to Al-Dulimi personally and more than 269 million Swiss francs from
his Panamanian-registered company Montana Management Inc. (based in Geneva at the time)
from a Swiss bank account.14F
15 Even though Switzerland had applied the UN Security
Council's resolutions, the ECHR found that the procedure imposed by the Security Council
was not in line with the right to a fair trial and that Switzerland had not conducted a review to
ensure that the listing of Al-Dulimi was not arbitrary.15F
16
Sanctions can also take the form of the prohibition of investments or providing economic
benefit to designated persons. As highlighted previously, the ability for a company to carry on
business with Iran was restricted while sanctions were in place. This ability was restricted
absolutely when it related to an individual on the sanctions list. The sanctions list contained
over one hundred Iranians that companies and individuals could not carry on business with,
even if the transaction involved a commodity as passive as bread.
15 Rambolamanana, V., (2016), Iraqi Wins UN Sanctions Case Against Switzerland (2 July 2016) Available at:
http://www.justiceinfo.net/en/frontpage/iraqi-wins-un-sanctions-case-against-switzerland.html [Last accessed: 2 July 2017].
16 Rambolamanana, V., (ibid).
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
28
2. Non-Financial Sanctions
The most restrictive non-financial sanctions that could affect an M&A transaction are import
and export controls. Such controls seek to restrict the movement of prohibited goods,
including those that have a dual-use purpose. Of course, trade barriers are not necessarily
perceived to be sanctions, given that they can take multiple forms, including tariff barriers,
however, they can have the same effect.
Sanctions can also be placed upon the movement of named individuals. In the case of a
citizen of a European member state, such a person may not be permitted to enter any other
European member states other than the one in which s/he holds citizenship. While this could
be troublesome to enforce in the case of an individual with citizenship of a member state
which is also a member of Schengen, it would be unwise to enable or encourage an individual
to breach sanctions against him/her in connection with an M&A transaction in case this action
polluted the wider transaction.
Naturally, restrictions on a named individual who is also involved with a company that is part
of an M&A transaction will likely result in sensitive negotiations around that person's future
involvement in the company. For both companies involved in an M&A transaction,
practically removing the restricted person from the business would be the preferred course of
action.
F. Entities and Organisations that can Impose Sanctions
1. United Nations Security Council (UN Security Council)
As previously stated, the UN Security Council can impose sanctions of a non-military nature
pursuant to Chapter VII of the United Nations Charter, Article 4(1).16F
17 The UN also has the
ability to authorise the use of force when there is a threat to international peace and security,
so although such military action is predominantly outside the scope of this paper, it should be
noted that the imposing of sanctions is only one element of the UN's capabilities. It also has
17 United Nations, Charter of the United Nations, 24 October 1945, 1 UNTS XVI, http://www.un.org/en/sections/un-
charter/chapter-vii/index.html [Last accessed 2 July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
29
the capacity to enforce such sanctions through military action. For example, the UN can
authorise naval blockades to enforce sanctions and has done so in Iraq as previously
highlighted. Additionally, the UN has authorised blockades against the former Yugoslavia,
Haiti and Sierra Leone.17F
18
It is also important to take into account the history of the UN and its list of member states.
The UN was founded in 1945 at the end of World War II. It currently has 193 member states
and the principles guiding its mission and work come from the United Nations Charter. The
UN has a number of sanctions committees which discuss and authorise the use of sanctions
against or by member states. The UN would commonly seek to find a diplomatic solution to
an issue first before resorting to sanctions, but they remain an important enforcement tool.
What sets the UN apart from other bodies that can impose sanctions is that list of member
states. These include the countries that often either have sanctions imposed against them or
are in areas of conflict such as the Islamic Republic of Iran, Iraq, Sierra Leone, Syrian Arab
Republic, Democratic Republic of the Congo and Democratic People's Republic of Korea.
Looking at the types of sanctions that the UN Security Council imposes highlights the impact
that its decisions can have on M&A transactions. The Council can impose comprehensive
economic and trade sanctions, as well as more targeted actions such as arms embargoes,
financial sanctions, restrictions on the provision of financial services, travel bans, as well as
import and export bans on commodities. When carrying out due diligence for an M&A
transaction, it is therefore important to check the Consolidated United Nations Security
Council Sanctions List (UN Sanctions List) available online18F
19 for the most up-to-date
position. It is not enough to check the countries against which active UN sanctions exist, but
also the individuals and the type of sanctions. If the company that is the target of an
acquisition is in a particularly sensitive business, such as chemicals or commodities, then the
18 UN Security Council, Frequently Asked Questions, Available at: http://www.un.org/en/sc/about/faq.shtml#measures [Last
accessed 25 June 2017].
19 Consolidated United Nations Security Council Sanctions List: Available at: https://www.un.org/sc/suborg/en/sanctions/un-
sc-consolidated-list [Last accessed 25 June 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
30
UN Sanctions List becomes even more important in order to be able to identify whether
sanction restrictions apply or not. However, an M&A transaction in a heavily sanctioned
country does not necessarily preclude the transaction from progressing. For example, the
United Nations Department of Economic and Social Affairs (UN DESA) exists in part to
promote sustainable and social development. If the M&A transaction is one which will bring
development to a developing country that is subject to certain sanctions, then it could be
appropriate to reach out to the UN DESA to work with it within the existing sanctions
framework. Nestlé has been operating in regions that are currently subject to sanctions for
decades. Looking specifically at two examples, Iran and Syria, Nestlé operates two factories
in Iran, the Anahita Polour Industrial Mineral Water factory which was opened in 2006 and
which manufactures the brand Nestlé Pure Life, and Nestlé Iran PJSCo, which started
production of the brands CERELAC® and NAN® in 2003. Given that these factories produce
either water or nutrition for babies and infants, it is clear to see how their development and
operation fit within the UN's own agenda. Nestlé also owns one factory in Khan El Sheikh in
Syria producing the brands NIDO®, CERELAC®, MAGGI® and MILO® since 1997. While
the factory in Syria predates the recent conflict, the UN sanctions have predominantly been
targeted at named individuals rather that the country as a whole, therefore the existence of a
factory in Syria would not necessarily be a breach of sanctions unless a sanctioned person was
involved in the transaction. Little public information is available about Nestlé's work in
sanctioned countries beyond the factory names, locations and brands produced, but Nestlé's
presence does demonstrate that even in challenging sanctions environments, there is scope to
invest.
2. European Union (EU)
The EU uses sanctions as a foreign policy tool to actively promote the objectives of: "peace,
democracy and the respect for the rule of law, human rights and international law"19F
20 in
accordance with its Common Foreign and Security Policy (CFSP) and to also achieve the
EU's objectives as set out in the Treaty of the European Union. While UN Resolutions have
20 European Union External Action, (2017), Sanctions policy, Available at: https://eeas.europa.eu/topics/sanctions-policy_en
[Last Accessed 18 July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
31
an effect on EU sanctions, as a general rule, the EU seeks as closely as possible to target the
individuals and entities responsible for the policies and actions it aims to change.
EU sanctions apply to all activities in the EU, any person inside or outside of the EU who is a
national of an EU member state, companies incorporated in the EU, including branches of
EU-incorporated companies in third countries, and any person or business related to business
activities undertaken in whole or in part within the EU. This scope is not so far off the reach
of the Office of Foreign Assets Control (OFAC) of the US Department of the Treasury,
except that there is no specific mention of transactions in the Euro currency resulting in the
application of EU sanctions. However, it would not be a stretch to consider that Euro
transactions would also bring a transaction within the EU borders due to the geographical
location of Euro trading. This is potentially one reason why the EU is concerned about the
amount of Euro trading that takes place in the City of London, given that a post-Brexit UK
outside of the EU would give the EU less say over trading in this third country.
Examples of EU sanctions include the expulsion of diplomats, the severing of diplomatic ties
and the suspension of official visits. While such actions may not, on the face of it, impact
M&A transactions, note that the announcement of new commercial contracts or investments
frequently coincides with official visits. Additionally the EU has also boycotted sporting and
cultural events. Economic and financial sanctions have included the freezing of assets, such as
finance and other economic resources, the prohibition of financial transactions and restrictions
on export credits or investment. The recent lifting of a number of sanctions previously
imposed against Iran has already resulted in a surge of investment into that state, such as
French company Total's recently announced investment into a new gas field in the region
where Total will hold 50.1% of the project.20F
21 Such investment could not have taken place
prior to the 2016 thawing of sanctions.
21 Bousso, R. & Zhdannikov, D., (2017), France's Total to go ahead with major Iran gas project: CEO, Reuters, (20 June
2017), Available at: https://www.reuters.com/article/us-iran-total-idUSKBN19B0G5 [Last accessed 18 July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
32
3. National Governments
While the previous two sub-sections have concentrated on international sanction efforts,
national governments also have a significant role to play. National governments are expected
to ensure that the international sanctions frameworks are enforced at a local level. Given that
there can be differences in interpretation, administration and enforcement, this can result in
conflicting practices. For example, a UK-incorporated company is expected to abide by EU,
UN and US sanctions, however if the same company has a subsidiary in Russia, then there
may be conflicting Russian legislation which prevents the Russian subsidiary from abiding by
certain of these sanctions without falling foul of Russian legislation. Two current examples
would be the opposing positions of the US and Russia regarding sanctions on Crimea or
against Syria. Given that national sanction regimes are applied in tandem rather than there
being an integrated worldwide approach, it is wise to approach government departments
directly for guidance.
a) Focus on the US
The primary statutory authority for US sanction regimes are the Trading with the Enemy Act,
which imposes restrictions on business between the US and targeted countries; the
International Emergency Economic Powers Act, which allows identification of an unusual
threat that originates outside the US as well as the confiscation of property and prohibition of
specific transactions; and Presidential powers which are implemented by Executive Orders.
Criminal and civil liability for sanctions breaches apply to all US Persons.
OFAC administers and enforces economic and trade sanctions, which are based on US foreign
policy and national security goals. It is a rigid programme with far-reaching implications,
with OFAC able to impose financial penalties for any breaches of its rules. While US
sanctions do not apply to non-US firms outside of the US, the use of US Dollars automatically
results in the application of OFAC regulations. It is also important to note that US citizens
have personal liability; therefore such persons may be required to recuse themselves from
certain business activities overseas, which are contrary to the US sanctions regimes.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
33
The Financial Crimes Enforcement Network (FinCEN) is an office of the US Department of
Justice whose primary objective is to protect the US financial system from unlawful use, to
promote national security and to tackle money laundering.
Additionally, the USA Patriot Act21F
22 contains provisions designed to help the financial sector
block terrorists from using the financial system. It includes provisions relating to money
laundering and anti-proliferation measures.
b) Focus on the UK
In the UK, the Foreign & Commonwealth Office (FCO) has overall responsibility for the
UK’s policy on sanctions and embargoes, including the scope of sanctions and the content of
the UK's sanctions regime; however, different types of sanctions are the responsibility of
different government departments.
The Department of Business Innovation and Skills (BIS) is responsible for trade sanctions.
The BIS regulates the export and trading of controlled goods, such as military goods or dual-
use goods like petrochemicals or telecommunication items22F
23, through the Export Control
Organisation (ECO).23F
24
Her Majesty's Treasury (HMT) is responsible for implementing and administering
international financial sanctions in the UK. However HMT's role is not solely one of
administering international sanctions; it is also responsible for domestic designations under
the Terrorist Asset Freezing Act 2010, the licensing of exemptions to financial sanctions and
22 The United and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act
of 2001 was passed in response to 11 September 2001.
23 Identified as dual-use goods on the UK Government website: https://www.gov.uk/guidance/sanctions-embargoes-and-
restrictions#putting-sanctions-and-embargoes-into-practice [Last accessed: 2 July 2017].
24 Export Control Organisation: https://www.gov.uk/government/organisations/export-control-organisation [Last accessed: 2
July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
34
maintaining the UK sanctioned parties list.24F
25 Unlike OFAC, HMT provides guidance to
companies on compliance with the UK sanctions regimes.
c) Focus on Switzerland
The Federal Act on the Implementation of International Sanctions (Embargo Act, EmbA) has
formed the legal basis for the implementation of sanctions imposed by Switzerland since
2003.25F
26 The Embargo Act provides the legislative framework that regulates general sanctions
matters such as the purpose, scope, the duty of disclosure and any data protection
requirements, the supervisory framework and the penalties that apply, including criminal
provisions. The Embargo Act does not contain specific measures against a particular country
or regime; these are instead contained in separate ordinances.
Switzerland also advocates for targeted sanctions. The State Secretariat for Economic Affairs
(SECO), which has responsibility for Switzerland's sanction regime, goes as far as stating on
its website that: "comprehensive economic sanctions have an indiscriminate impact on a
country and can entail severe negative humanitarian consequences for the civilian population
and third countries."26F
27
4. Financial Action Task Force (FATF)
FATF is a self-described policy-making body which was established following the Paris G7
Summit in 1989 to examine and develop measures to combat money laundering. It works to
bring about political will for change to implement legislative and regulatory reforms in the
25 UK consolidated list of asset freeze targets and list of persons subject to restrictive measures (Ukraine)
https://www.gov.uk/government/publications/financial-sanctions-consolidated-list-of-targets [Last accessed 2 July 2017].
26 SECO, (2017), Legal Basis, available at:
https://www.seco.admin.ch/seco/en/home/Aussenwirtschaftspolitik_Wirtschaftliche_Zusammenarbeit/Wirtschaftsbeziehunge
n/exportkontrollen-und-sanktionen/sanktionen-embargos/rechliche-grundlagen.html [Last accessed: 1 July 2017].
27 SECO, (2017), Smart sanctions – targeted sanctions, available at:
https://www.seco.admin.ch/seco/en/home/Aussenwirtschaftspolitik_Wirtschaftliche_Zusammenarbeit/Wirtschaftsbeziehunge
n/exportkontrollen-und-sanktionen/sanktionen-embargos/smart-sanctions--gezielte-sanktionen.html [Last accessed: 2 July
2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
35
areas of money laundering, terrorist financing and other related threats to the integrity of the
international financial system.
It has developed a number of recommendations that are recognised as the international
standard for combating money laundering, the financing of terrorism and the proliferation of
weapons of mass destruction.27F
28
FATF is made up of 37 members, with two observer countries and a number of associate
members and observer organisations. FATF's decision-making body is the FATF Plenary with
meetings convened by the FATF president three times per year. The FATF presidency has a
one-year term with the appointment coming from FATF's members.
While not the most well-known of sanctions issuers, in 2012 FATF revised its Forty
Recommendations28F
29 to include measures on the implementation of targeted sanctions related
to proliferation. Additionally Recommendation 16 (Wire transfers)29F
30 specifically seeks to
prevent terrorists and criminals from having access to wire transfer facilities to move their
funds.
VI. Addressing Sanctions Risk
The three key elements of addressing sanctions risk in M&A are linked to each other in a
circular manner. The three elements are: due diligence, M&A transaction documentation
protections and defining a sanctions compliance framework. In each case, the presence of the
other two supports the successful development of the primary element. For example, when
initiating an M&A transaction, it is necessary for each party to carry out stringent due
diligence on the other. A pre-existing sanctions framework, including a system to assess
applicable sanctions, will make this due diligence easier. When negotiating the SPA, having
28 FATF: http://www.fatf-gafi.org/about/ [Last accessed: 2 July 2017].
29 FATF 40 Recommendations: Available at: http://www.fatf-
gafi.org/media/fatf/documents/recommendations/pdfs/FATF%20Recommendations%202012.pdf [Last accessed: 2 July
2017].
30 FATF 40 Recommendations, ibid. p. 15.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
36
knowledge of the existing sanctions framework and having completed due diligence
successfully will inform the parties what warranties are necessary and the extent to which the
SPA needs to go into detail around sanctions. Once acquired, it is more efficient to merge the
two sanction monitoring programmes together. This will be easier to achieve if strengths and
weaknesses in the original two systems have been identified, which should have been flagged
during due diligence. This section will now consider the three elements in turn.
A. Due Diligence
There are many facets to an M&A due diligence process. It would be naïve to assume that a
one line point that the target is compliant with sanctions legislation: yes/no, will suffice.
Sanctions compliance spreads into different elements throughout the process.
On a general level, the purchaser's letter of intent should include provisions for integrity due
diligence. This is important for all aspects of compliance rather than solely sanctions
compliance, but in relation to sanctions compliance, there is a heightened need to have
unlimited access to investigate the target's history.
The purchaser in an M&A transaction will want to know to what extent the target company is
subject to, and is in compliance with, regulatory requirements applicable to it. Naturally, this
includes compliance with sanctions and licensing requirements. Here the due diligence
question may centre on material permits and licences required to carry out the business or
operations of the target company or one of its subsidiaries. However, while the reference to
materiality may make practical sense from a due diligence efficiency perspective, it is a high
risk strategy for sanctions compliance. In certain jurisdictions, such as the US, a breach of
sanctions is subject to strict liability, meaning that there is no requirement for culpability or
materiality. In practical terms, this means that the purchaser should take additional care with
the due diligence of sanctions compliance. Finding a sanctions issue does not mean that the
transaction is over, of course, as some sanctions concerns can be corrected during the
negotiation stage. For example, a compliance director interviewed for this paper provided an
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
37
example of reaching an agreement with a target that the target would terminate actions with a
particular supplier or financial institution prior to closing.30F
31
Another indicator of sanctions compliance is the outcome of due diligence on outstanding
litigation. This should cover any pending or threatened government proceedings. If the target
itself has already self-reported a sanctions issue or is being investigated, then this should
certainly be flagged and the purchaser should consider whether to proceed with the
acquisition, delay until the outcome of the proceedings is known or withdraw from the
acquisition process.
A standard element of due diligence is the review of customers and sales, as well as material
contracts. While on a general level, the purchaser will want to fully understand the target's
customer base, sales pipeline and with whom the target has contractual obligations, from a
sanctions perspective, this review is vital to ensure that the target is not carrying on business
with sanctioned parties.
One of the key elements of the wider due diligence in M&A is a thorough examination of
financial matters. Here the buyer will be concerned with all elements of the target's historical
financial statements and related financial matrices. From a sanctions due diligence
perspective, the financials will show the revenue sources, meaning the geographical source of
the target's revenues. If the company is deriving income from a sanctioned country, this
should be shown in the financials and should initiate additional investigation.
General corporate matter due diligence will flag items such as the list of jurisdictions in which
the target and its subsidiaries are qualified to do business and the list of current officers and
directors. The names should be screened against the sanctions list as per sub-section D
(Sanctions Lists and Screening) below. If there are sanctions concerns around one of the
officers or directors, the purchaser should agree with the target to separate that individual
from the target's business prior to closing. The list of jurisdictions where the target and its
subsidiaries are qualified to do business should also be scrutinised for references to
31 Interview with compliance director for paper, 2017. Name confidential.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
38
sanctioned countries. As demonstrated in sub-section V.F.1 (UN Security Council), depending
on the industry, involvement with sanctioned countries is not necessarily a breach, but will
require further investigation.
As a practical matter, there is some discussion around whether D&O insurance covers
sanctions or not. The typical D&O insurance policy definition of 'loss' covered under the
policy expressly provides that loss does not include fines, penalties and matters deemed
uninsurable under applicable law, so a company cannot insure against sanctions risks in
respect of the actions of its own directors and officers. It also cannot insure against the risk
involved in due diligence missing a breach as part of an M&A transaction. Additionally,
sanctions can influence the scope of coverage an insurer can provide within the scope of
general business, either by suspending an underwriter's liability to perform a contract for the
period that sanctions are in effect or by fundamentally changing the underwriter's ability to
provide insurance at all. Therefore, general insurance policies include a sanctions provision to
protect the insurer by ensuring that it is not contractually required to perform an action that
would expose the insurer to sanctions.31F
32
B. Legal Drafting in the SPA
1. Warranties and Representations
Under Section V.D (Why are Sanctions Relevant in M&A?) above, the wording of a typical
regulatory representation for Compliance with Laws is given. This is both very wide and very
general. Of course, the general Compliance with Laws representation will give the seller
comfort that the purchaser will have recourse against the seller for a sanctions breach
identified after closing, however, there are still several points related to this approach, which
need to be considered. Firstly, there should not be a knowledge qualifier to any warranty
around sanctions compliance. As referenced in sub-section A (Due Diligence) above,
ignorance is not a defence. Secondly, there may be a time limitation on claims made under the
SPA for a breach of warranty. If the breach is not identified for some time, the purchaser may
32 Wragg, A., (2014), Lloyd's Sanctions Guidance – Sanctions Clauses (REF: Y4832), 17 October 2014.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
39
be outside the time-period for suing the seller, but at the same time, the purchaser will be
answerable to the regulator when the breach is reported. Thirdly, depending on the structure,
it may be difficult to identify who to seek recourse from. Additionally, if the transaction is
more a merger than an acquisition, then both parties may still be involved in the new merged
entity.
In order to give the purchaser further comfort around compliance issues, it may be appropriate
to include specific compliance warranties to cover matters such as anti-corruption controls,
export controls and sanctions. This is particularly suitable for transactions involving industries
that are highly regulated or commonly affected by sanction controls. The following is an
example of a sanctions warranty from a UK M&A transaction in the oil and gas industry: "the
Company has at all times complied, and is fully complying, with all applicable export control,
money laundering and anti-terrorism laws and regulations, and neither the Company nor any
persons connected with the Company is a party to a contract with or bid to, or has conducted
business with (directly or indirectly) a third party located in any country over which sanctions
are currently in force by the UK or with designated persons32F
33 designated by HM Treasury in
the UK or the UK Foreign and Commonwealth Office."33F
34
This wording references only sanctions imposed by the UK, which would encompass
international sanctions that the UK is required to implement at a national level. From a seller's
perspective, this provision provides clarity as to what sanctions the target has to confirm
compliance with, which is beneficial. However the wording 'a third party located in any
country over which sanctions are currently in force in the UK' remains quite broad and would
draw out dealing with sanctioned countries that were also lawful, therefore there would still
be a need for the target to have maintained adequate records of its dealings with those
sanctioned countries. Depending on the negotiation power of the seller and purchaser, these
words could be removed, however then the purchaser would be advised to obtain a separate
warranty around compliance with UK import and export licensing procedures to regain
33 In a US context, the term 'specially designated nationals' would be used instead of 'designated persons'.
34 Example SPA 2017: transaction parties not disclosed for confidentiality reasons.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
40
comfort. Additionally from the purchaser's perspective, there would be a need to examine
whether the targeted warranty is given in addition to the general Compliance with Laws
warranty or whether there is a carve-out from the general Compliance with Laws provision
for the laws covered by the compliance-specific warranties.
2. Material Adverse Effect
In the context of a private M&A transaction if there is a gap between the signing of the SPA
and the closing of the transaction, there is also some merit in reviewing the material adverse
change (MAC) / material adverse effect (MAE) provision to ensure that a breach of sanctions
could trigger a MAC event and allow the purchaser to exit the transaction. The following is an
edited version of a definition of MAE as used in a MAC clause, ""Material Adverse Effect”
means, with respect to the Company and the Subsidiaries, taken as a whole, any change,
event or effect that, individually or in the aggregate, (a) has had, or is reasonably likely to
have, a material adverse effect on the business, assets, financial condition, liabilities or
results of operations of the Company and the Subsidiaries taken as a whole, or (b) materially
impairs or delays the ability of the Company and the Subsidiaries to consummate the
transactions contemplated by this Agreement".34F
35 Then there follows a number of specific
events that are excluded from being a MAC should they occur. One of the exclusions from
part (a) of the definition is: "any adverse change in or effect on the business of the Companies
and its Subsidiaries that is cured prior to the Closing". In this particular example, even if a
breach of sanctions was identified, then the purchaser would not be able to trigger a MAC
event if the target could rectify the breach prior to closing, for example by obtaining the
correct export licence. However, this does not give the purchaser the clear ability to walk
away, thereby still placing the purchaser in the position where it is aware that a breach has
occurred and that it is inheriting it. At this point, it would be wise for the purchaser and its
counsel to specifically focus on sanctions compliance with additional due diligence to the
extent possible in the time available, and with the resources available, and in addition, to
contact the relevant regulator.
35 Example US SPA definition of Material Adverse Effect (2016). Transaction confidential.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
41
3. Public M&A
Generally, the extent of representations and warranties given in a public M&A transaction is
more limited in scope and these commonly refer to public disclosure requirements.
Additionally, indemnification is typically not available. With the ability to walk away from a
public M&A transaction usually very limited, for example in the case of a negative
shareholder vote, in a public transaction there is even more emphasis on completing thorough
due diligence prior to signing the SPA.
C. Defining a Sanctions Framework
In order to address an inadvertent breach of sanctions, the need for a sanctions framework is
vital. Every company should have a policy or procedure in place to ensure that it manages its
sanctions risks, even before its first foray into M&A.
Both parties to an SPA need to ensure compliance with sanctions regimes which are designed
to prevent terrorism and organised crime. In order to meet these requirements, companies
have to: define their internal risk appetite and apply it company-wide; develop and maintain
an internal framework for dealings with third parties such as clients, suppliers and customers;
and monitor regulatory changes to ensure that all systems are updated on a timely basis.
The monitoring of sanctions risk is not a task that management can take lightly. Typically, the
board of a company will have a designated officer who is responsible for the execution of the
company's sanctions compliance programme. Employees are also responsible for remaining
continually vigilant of sanctions-related threats. As referenced in V.F V.F.3.a) (Focus on the
US), there is increased risk for US Persons, who also have personal liability for sanctions
breaches. As the compliance officer of one global company for this paper said: "it is simpler
to comply with US sanctions even when such sanctions would not otherwise be applicable
rather than seek to exclude a US Person on the possibility that s/he may become involved in a
transaction for which s/he could be penalised in the US."35F
36
36 Compliance officer, Swiss global company (2017) interviewed for purposes of the paper. Name redacted.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
42
The need for a stringent pre-existing sanctions policy is necessary for the parties to an M&A
transaction for two reasons: firstly to ensure that due diligence on the target is thorough and
the purchaser knows what to look for; and secondly because after the transaction has closed,
the two frameworks will need to be merged, ideally taking the best elements from both
procedures, and this is more easily done when there is a strong understanding of the extent of
pre-existing compliance.
If a purchaser has a thorough knowledge of its own regulatory landscape and sanctions
obligations, it can proactively drive forward a successful compliance due diligence process.
While screening – as further examined in sub-section D (Sanctions Lists and Screening)
below – whether through use of internal or external systems, is a vital element of successful
sanctions compliance, screening is not a standalone solution. For example, specific licences
are regularly required for the import and export of dual-use goods. Having the correct licence
is reliant upon the company's knowledge of its product and ensuring that the good has been
correctly identified to the relevant regulator and is given the right classification for licensing
purposes. It is a very precise compliance requirement that requires knowledge of the Export
Control Programme36F
37, but one that is vital so as not to inadvertently breach sanctions. This
level of knowledge already within the purchaser will assist with the thorough due diligence of
the target.
The Export Control Programme itself is an important system for ensuring compliance with
sanctions. As stated on the programme's own website: "in line with the EU Security Strategy
and the EU Strategy against the Proliferation of Weapons of Mass Destruction, the EU P2P
Dual-Use Programme aims to enhance the effectiveness of export control systems of dual-use
items so as to combat the proliferation of weapons of mass destruction and related materials,
equipment and technologies."37F
38 For companies that are involved in the production, trade or
transportation of dual-use goods, a thorough knowledge of this programme is necessary, as
the programme seeks to reduce the risk of misuse by strengthening international cooperation
37 EU P2P Export Control Programme, Available at: https://export-control.jrc.ec.europa.eu/ [Last accessed 16 July 2017].
38 EU P2P, (2017), Export control programme for dual use goods, available at: https://export-
control.jrc.ec.europa.eu/Home/Dual-use-trade-control [Last accessed 16 July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
43
between states. There are two benefits within an M&A context: firstly increased cooperation
between participating states and strengthening of national and regional capacities will likely
lead to an equalisation of requirements, allowing two companies operating in different
jurisdictions to better understand the other's requirements, and secondly, as standards improve
and balance, the integration between companies' programmes shall become easier as each has
had to maintain similar standards.
Also, post-closing, the merger of the two compliance frameworks will be more efficient and
effective if both companies already have a culture of compliance, as culture is an integral part
of a company's defence against sanctions breaches. It is typically the most difficult aspect of
the corporate environment to change or correct.
Prior to entering into a business relationship with a new client, customer or supplier, it is vital
to carry out due diligence allow the company to establish controls that are effective for the
types of risks the company faces. Such checks should be re-run on a regular basis to ensure
continued compliance. While this is a general compliance requirement rather than one
specifically related to sanctions compliance, it is a necessary requirement to know that the
organisation is not breaching sanctions by having a business relationship with a particular
third party. Also, from an M&A perspective, while it is impossible to recheck the due
diligence information gathered for each business contact that the target has, having an
effective system in place allows the reviewer to check a sample and identify any potential
weaknesses.
Interestingly OFAC does not require US companies to have a compliance programme,
however, OFAC does consider persons who conduct even a moderate volume of business
with international or otherwise high-risk customers to be sophisticated38F
39 and sophisticated
39 US Economic Sanctions Enforcement Guidelines, (2016), Commercial Sophistication: the commercial sophistication and
experience of the Subject Person. Is the Subject Person an individual or an entity? If an individual, was the conduct
constituting the apparent violation for personal or business reasons? Available at: https://www.ecfr.gov/cgi-bin/text-
idx?SID=6796e37b78ede7e105e8fb288f461b9b&mc=true&node=ap31.3.501_1901.a&rgn=div9 [Last accessed: 16 July
2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
44
actors are held to a higher standard under the OFAC enforcement guidelines.39F
40 Therefore,
within an M&A context, there is increased risk to a target that operates in a higher risk area,
but which has no, or only limited, compliance procedures in place.
D. Sanctions Lists and Screening
A key element of ensuring compliance with sanction controls is sanctions lists and screening.
A review of the use of these lists should form part of the M&A due diligence process.
Sanctions are continually evolving, which places a lot of pressure upon the maintenance of
sanctions lists. National and international bodies, as well as private enterprises, maintain lists
of parties subject to sanctions, both organisations and individuals, including known terrorists,
repressive regimes and drug traffickers. The lists can be publically available, such as the lists
maintained by OFAC40F
41 and SECO41F
42, or private, such as the lists maintained by private
companies42F
43. If due diligence shows that the target does not utilise a private company to aid
with the screening of sanctions lists, it would be appropriate for the purchaser to seek further
clarification as to how the sanctions lists used by the target for screening are maintained, as
such lists can quickly become out-of-date.
The following should be screened by a company as a matter of process: customers; staff;
third-party service providers; connected persons; ultimate beneficial owners as well as certain
products and services. The minimum information that should be screened for individuals is
their full names, nationality and residential address, while for companies, this should be their
40 US Economic Sanctions Enforcement Guidelines, available at: https://www.ecfr.gov/cgi-bin/text-
idx?SID=6796e37b78ede7e105e8fb288f461b9b&mc=true&node=ap31.3.501_1901.a&rgn=div9 [Last accessed: 16 July
2017].
41 OFAC sanctions list search, available at: https://sanctionssearch.ofac.treas.gov/ [Last accessed: 16 July 2017].
42 SECO managed list of sanctioned individuals, entities and organisations, available at:
https://www.seco.admin.ch/seco/en/home/Aussenwirtschaftspolitik_Wirtschaftliche_Zusammenarbeit/Wirtschaftsbeziehunge
n/exportkontrollen-und-sanktionen/sanktionen-embargos.html?_organization=703&_pageIndex=0 [last accessed 16 July
2017].
43 Examples include SWIFT (https://www.swift.com/our-solutions/compliance-and-shared-services/financial-crime-
compliance/sanctions-screening#topic-tabs-menu) and Thomson Reuters World-Check
(https://risk.thomsonreuters.com/en/products/world-check-know-your-customer.html) [Last accessed: 16 July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
45
full name, all recorded trading names, city and country of registered office and incorporation
number, and the business address if it differs from the registered address. As part of the M&A
due diligence, the reviewer should confirm that regular screening encompasses each of these
groups of people and what information is screened for.
When there is a high amount of data to be screened, screening tends to be automated, rather
than carried out though a manual search using the public list search functions. Regardless of
how a search is carried out though, as part of the M&A due diligence, the reviewer should
determine what parameters the target has set for their screening process and should seek
access to records that have been maintained by the target pursuant to document retention
policies. The target ought to have kept a record of the rationale for each decision made and, if
there are no records detailing the rationale, then this should be a red flag to the reviewer,
which requires further investigation.
The US Department of the Treasury also maintains a list of Specially Designated Nationals
(SDNs) which contains: "a list of individuals and companies owned or controlled by, or
acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities,
such as terrorists and narcotics traffickers designated under programs that are not country-
specific."43F
44 A hit from the SDN List means that the person's assets are blocked and US
persons are generally prohibited from dealing with them. If M&A due diligence shows a hit
from the SDN List, then this requires additional investigation on the part of the reviewer.
OFAC recommends contacting them on their hotline if a company's alert shows many
similarities to an SDN and e-mailing if the SDN involves an in-process financial transaction.
It also recommends contacting OFAC prior to blocking any assets unless there is an exact
match to the SDN List. All of this data should be provided to the purchaser as part of the due
diligence process if the target has an historical SDN List hit. If the purchaser is aware of an
alert but is not provided with the rationale, documentation for the next steps taken and the
44 US Department of the Treasury: Specially Designated Nationals (SDNs) and the SDN List, available at:
(https://www.treasury.gov/resource-center/faqs/Sanctions/Pages/faq_lists.aspx) [Last accessed 16 July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
46
transaction proceeded, then the purchaser should seek advice from their counsel and alert
OFAC.
Of course, sanctions lists do not just contain the names of individuals who are suspected
terrorists or drug traffickers. There are a number of reasons why an individual's name may
appear upon a list and one such example is that the individual could be a politically exposed
person (PEP) as defined by FATF. PEPs are more exposed by virtue of their prominent public
function, where their position could be more readily abused to commit money laundering,
bribery or corruption offences. Therefore, the names of PEPs – both foreign and national – are
commonly stored on a sanctions list to ensure that appropriate risk mitigation steps are taken
when a PEP is involved in a transaction. FATF states that: "these requirements are
preventative (not criminal) in nature, and should not be interpreted as stigmatising PEPs as
such being involved in criminal activity."44F
45 Therefore the list of names flagged under
screening does not mean that business with those individuals should necessarily cease or have
ceased. Overall, PEPs should be subject to enhanced risk mitigation measures recommended
by FATF. From an M&A perspective, having PEPs as clients should not be a point of
concern, however the purchaser should ensure that the target has applied all the measures in
FATF's recommendation 12.45F
46
Depending on the industry that the purchaser and target operate in, the target may have an
internal watch list as well. This would be relevant if the target operates in a geographical or
industry environment, which is susceptible to increased sanctions risks. An example could be
a company with a subsidiary located in the United Arab Emirates (UAE). The UAE only
circulates its list of sanctioned individuals and entities within the UAE authorities46F
47, therefore
a target may create its own list of high risk individuals and entities that should be flagged
45 FATF Guidance: Politically Exposed Persons (Recommendations 12 and 22), available at: http://www.fatf-
gafi.org/media/fatf/documents/recommendations/Guidance-PEP-Rec12-22.pdf [Last accessed: 16 July 2017].
46 The FATF Recommendations, available at: http://www.fatf-
gafi.org/media/fatf/documents/recommendations/pdfs/FATF_Recommendations.pdf [Last accessed 16 July 2017].
47 Eversheds Sutherland, (2017), Global Sanctions Guide: UAE, available at:
http://sanctionsguide.eversheds.com/countries/uae/ [Last accessed 16 July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
47
within its screening process, yet business with such individuals or entities may not actually be
prohibited or restricted. As part of the due diligence process, the reviewer should seek to
clarify from the target which lists are being used for screening purposes.
In general, the purchaser should be able to review details of the target's sanctions monitoring
and screening policy, as well as the historical records available. A lack of data may be a cause
for concern.
E. Managing Alerts
Alerts operate by notifying a company that their compliance framework has identified a
possible 'hit'. Types of alerts can include customer and payment alerts. Such alerts need to be
calibrated sensitively to ensure that 'false hits' are not generated, but at the same time 'true
hits' are not missed. Employees tasked with investigating alerts must receive specialist
training in how to understand and manage sanctions risks.
In an M&A transaction, as part of the due diligence process, the purchaser should seek access
to the history of these alerts. This can provide another approach for the due diligence, helping
to target the reviewer's attention on possible issues the target itself has identified. Also, while
not flawless, it provides the raw data for an analysis of how robust the target's existing
compliance framework is. Where there are no alerts for possible sanctions breaches, this is not
in itself a red flag, however if the seller is in an industry such as oil and gas, it could highlight
that the target's framework is not hardy enough, rather than there being no possible sanctions
risks. The target's treatment of alerts is also relevant in M&A. Companies should utilise a
risk-based approach to assess alerts and determine next steps. It has become common practice
for companies to implement stringent escalation procedures when an alert shows business
with countries such as Iran, North Korea, Syria and Cuba. Some companies have developed
matrices to better illustrate complex sanction requirements using colour-coding to show
whether there are comprehensive or targeted sanctions in place. In M&A due diligence,
having access to the guidelines employees have for managing alerts is vital.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
48
VII. The Cost of Getting it Wrong
A. Examples of Breaches
Professor Noam Chomsky has stated that: "The number of people killed by the sanctions in
Iraq is greater than the total number of people killed by all weapons of mass destruction in all
of history."47F
48 This is a shocking statement, even though Professor Chomsky was not referring
to the outcome of one M&A transaction, but instead the combined force of all the
international sanctions imposed against Iraq between the start of the first Iraq war in 1990 and
the outbreak of the second Iraq war in 2003. So, while sanctions can bring a country to its
knees, the imposition of sanctions – and the fallout of non-compliance – can do the same to
companies.
In researching this paper, the author has contacted regulators, specialist lawyers in the fields
of M&A, sanctions and litigation, as well as international companies involved in M&A
transactions. In order to maintain confidence, information shared on a confidential basis has
been anonymised and not attributed to a specific source unless permission has been provided
to do so.48F
49
Research for this paper with regulators in the UK and Switzerland has not highlighted either
any investigation of breaches of international sanctions as a result of a completed M&A
transaction or any related litigation. The majority of sanctions-related enquiries that regulators
have confirmed receiving refer to specific export, import or financial transactions. Three
factors could have played a part in this: firstly, the companies involved in M&A transactions
in jurisdictions where sanctions are a factor are likely to be relatively sophisticated; secondly,
due diligence carried out in respect of transactions involving goods or services that are
impacted by sanctions regimes tend to be more conscious of international sanctions
obligations; and thirdly, where a sanctions issue has been identified during the due diligence
48 Noam Chomsky, MIT Professor, (n.d.), quotation from: https://www.goodreads.com/author/show/2476.Noam_Chomsky
[Last accessed: 8 July 2017].
49 See Appendix for additional information.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
49
process, the parties involved either seek to correct the sanctions issue prior to closing the
transaction, or walk away from it entirely. Additionally, given that regulators' resources are
limited and there are more than enough other sanctions queries to occupy their time, it is
perhaps not surprising that there are limited examples from this official source. The Swiss
regulator confirmed that it sees less than ten cases per year where a party to an M&A
transaction is concerned about a possible sanctions-related issue. Figures on the number of
M&A related enquiries from US and UK regulators were unavailable.
When it comes to enforcement actions regarding sanctions breaches, SECO confirmed that as
of June 2017, it had not initiated enforcement action for a sanctions breach following an
M&A transaction. It is also a matter of public record that generally there have been no UK
sanctions enforcement actions in recent years.49F
50 Of course, these findings do not indicate an
overall absence of breaches. Even with a thorough due diligence process, it is practically
impossible to investigate every business relationship and supply chain link that the
prospective partner has, meaning that additional information will come to light after a
transaction has closed. This is backed up by cases from the US, where the US Commerce
Department's Bureau of Industry and Security (US BIS), US State Department's Directorate of
Defense Trade Controls (DDTC) and OFAC have all relied upon the principle of successor
liability to impose penalties on acquiring companies for violations of US trade control laws
and regulations by acquired companies that were incurred prior to acquisition. These cases
highlight the importance of thorough due diligence as part of the M&A process. Despite time
pressure to close transactions, a light-touch here can be costly later.
The US BIS first successfully imposed successor liability following an M&A transaction in
2001, when US life science and high-technology company Sigma-Aldrich Corporation was
charged with several violations of the US Export Administration Regulations (EAR) that were
committed by Research Biochemicals Limited Partnership, which Sigma-Aldrich acquired
50 Burrell, P., Mortlock, D., Mitchell, R., & Feldberg, P., (2017) The European, Middle Eastern and African Investigations
Review 2017 Global Investigations Review, p. 1, available at:
http://www.willkie.com/~/media/Files/Publications/2017/06/Cross_border_overview_Sanctions_enforcement.pdf [last
accessed 7 July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
50
through an asset purchase in 1997, and directly by Sigma-Aldrich after the M&A transaction
had closed. The US BIS's case was that Research Biochemicals Limited Partnership had
exported EAR-controlled biological toxins to Europe and Asia from 1995 until its acquisition
without the appropriate licences, and that Sigma-Aldrich continued doing so for over a year
after the acquisition. Sigma-Aldrich argued that (i) there was no statutory provision for
successor liability under EAR, (ii) Research Biochemicals Limited Partnership still existed
and therefore should be targeted instead, and (iii) one entity acquired assets and Sigma-
Aldrich entities acquired partnership interests. Even if the asset acquirer was to be targeted by
the US BIS, the two Sigma-Aldrich entities that only acquired limited partnership interests
should not be targeted. The administrative law judge rejected all three arguments finding that
(i) the underlying statute did allow successor liability under EAR, (ii) successor liability can
be imposed on the acquirer only, and (iii) turning on the facts alone, the judge was not
convinced that only limited partnership interests had been passed to two Sigma-Aldrich
entities rather than also other assets.50F
51 Sigma-Aldrich reached a settlement with the US BIS
on the payment of a USD 1.76m civil fine. It is noteworthy that the Sigma-Aldrich case set
two relevant precedents: not only did it set the precedent for successor liability in trade
sanctions cases in the US, but as previously stated, Sigma-Aldrich acquired Research
Biochemicals Limited Partnerships through an asset purchase rather than a stock purchase,
thereby establishing that successor liability is not reserved for traditional acquisition formats
and cannot be avoided through transaction structuring.
Sigma-Aldrich is not the only case where the US has effectively utilised successor liability. In
2008, the DDTC united with the US BIS to charge Northrop Grumman Corporation, a US-
based aerospace and defence company listed on the New York Stock Exchange, with over one
hundred International Traffic in Arms Regulations (ITAR) and EAR violations around the
wrongful classification of technical data by Litton Industries, Inc., a defence contractor that
Northrop Grumman Corporation acquired in 2001, resulting in restricted data being sold
51 Rathbone, M., & Lentz, A.J., (2013) Export Compliance in the M&A Context, Chapter 10, Handbook of Export Controls
and Economic Sanctions, (June 2013), available at:
http://www.steptoe.com/assets/htmldocuments/Handbook%20of%20Export%20Controls%20and%20Economic%20Sanction
s.pdf [Last accessed 7 July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
51
outside the US without the appropriate licensing. This included computer guidance systems to
a number of different foreign non-allied countries and a portion of source code used by
guidance and navigation system interfaces in Air Force One to a Russian company in 1998.
Northrop Grumman Corporation had not identified the misclassification during its due
diligence process and so continued the unlawful action until 2003, when the error was
identified and Northrop Grumman Corporation self-declared the sanctions breach. This did
not save Northrop Grumman Corporation from receiving a sizable civil fine of USD 15m,
which was shared by the two government departments involved in the prosecution, and the
negative press attention that resulted from the DDTC posting its proposed charging letter
dated 14 March 2008 online, where it is still publically available.51F
52
Non-US headquartered companies have also been targeted, with the DDTC successfully
charging a US subsidiary of Meggitt PLC, a UK-headquartered engineering group
specialising in extreme environment components and sub-systems for the aerospace, defence
and energy markets, with ITAR violations by two companies it had acquired in 2006 and
2007. Following its acquisition of Meggitt Training Systems, Inc. and Engineered Fabrics
Corporation, Meggitt PLC identified that there had been ITAR violations in both acquired
companies and disclosed these violations. Meggitt subsequently paid a USD 25m fine to settle
the case. These three cases alone show the upward trajectory of the size of the fines and the
growing reach of the US regulatory authorities.
While these cases are all examples of successor liability for breaches of trade sanctions in an
M&A context, OFAC has also used successor liability in a more pure M&A context. Ellman
International, Inc. was fined USD 191,700 for violating sanctions against Iran for selling and
exporting medical equipment and hiring an Iranian doctor without an OFAC licence.52F
53 This
case differs as Ellman International, Inc. had since entered private equity ownership and the
52 DDTC website, (2008) Proposed charging letter for Northrop Grumman Corporation, available at:
http://pmddtc.state.gov/compliance/consent_agreements/pdf/NorthropGrummanCorp_ProposedChargingLetter.pdf [Last
accessed 8 July 2017].
53 OFAC, (2013), Enforcement Information for 2 January 2013, available at: https://www.treasury.gov/resource-
center/sanctions/civpen/documents/20130102_ellman.pdf [Last accessed 8 July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
52
management board had been replaced, with the breaches being identified by the new private
equity owner and reported. So a change in ownership and a change in management did not
protect the company from a fine, however the author believes that the fine levied did take this
into account and would have been higher had the owners and management not changed.
The next example highlights a number of sanctions concerns. Following Fidelity National
Information Services' acquisition of Certegy Card Services in 2006, Fidelity was required to
pay over USD 12m in fines after Certegy had processed payments of an individual on the
sanctions list for narcotics reasons under the Foreign Narcotics Kingpin Designation Act.
Like the previous examples, it involves successor liability; however, it will also resonate with
banks given that the case related to processing payments. It is not a big jump from a finance
company being fined under successor liability and banks being fined for processing the
transaction payments in an M&A transaction where the source of funds draws the authorities'
attention. This is because it is not solely the two companies that are transacting in the M&A
transaction that can fall foul of sanctions. Given that such transactions often have external
financing, the banks and third party financing sources funding the transaction will also need
to have keen attention to what sanctions apply and will seek to restrict their liability through
representations and covenants within the credit facility put in place. Commonly, as part of the
transaction on-boarding process, lenders request specific confirmations regarding exposure to
sanctioned countries. It is likely that banks in particular will continue to develop their client
sanctions compliance procedures in order to protect themselves further from civil or criminal
enforcement action around financings and cash transactions. Here, other third party financing
sources will likely be behind bank financial institutions with their awareness of this issue and
related compliance procedures.
From these cases, it is clear how important the due diligence process in an M&A transaction
is and how new owners can be still be held responsible for prior breaches of sanctions which
the acquirer was not a party to. This also highlights the importance of ensuring the inclusion
of adequate representations and warranties in the SPA with a long enough validity period to
allow any shortfalls in the due diligence process to be identified, the breach to be rectified and
legal recourse to be achieved.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
53
Despite the cases outlined, it is interesting to note that neither the Swiss regulator53F
54 nor law
firm sources54F
55 were able to identify M&A transaction sanction-related disputes that reached
court, suggesting that even when disputes arise, these are settled outside of the public arena, at
least as between the parties to the M&A transaction. Again, this would be logical, as neither
party would likely wish to increase the level of negative publicity concerned with the breach.
B. Weaknesses
One of the weaknesses of the sanctions regimes is that often regulators are dependent on
companies self-reporting breaches. This is highlighted in the case examples in the previous
sub-section. It is highly possible that, had the companies involved not self-reported, the
regulators would not have found out about the breaches. This should not be taken as an
argument for not reporting sanctions issues when identified, however it does place significant
pressure upon in-house compliance officers to not only identify breaches that have already
occurred and stop them continuing but to push internally for voluntary disclosure.
There is also a notable lack of enforcement cases involving M&A in the UK and Switzerland.
This is unlikely to be because of superior due diligence processes in Western Europe as
compared to the US. Rather, this could be due to a number of other factors such as lack of
resources, out-of-court settlements being reached instead of more public prosecutions, or a
high level of proof required for white collar crime. In the UK, HM Revenue and Customs,
which is responsible for enforcing trade sanctions and export control breaches, has preferred
to use civil penalties in the form of compound penalties as an alternative to prosecution. Of
course, there may be more European cases in the future and the author submits that this will
indeed be the case. As will be further discussed in sub-section D (The Challenges of a
Changing Enforcement Regime) below, the basis for the UK regulator to enforce changed in
2017, making it easier for the UK regulator to pursue the sort of fines only seen until now in
the US. Fines are an effective means for governments to raise substantial amounts of money
while generating positive press - from the regulator's perspective - showing the regulator
54 No confirmation either way from US or UK regulators.
55 US, UK and Swiss M&A and litigation lawyers.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
54
upholding international law against corporate entities. However, there could still be a
divergence in approaches between the US and Western Europe, as the US actively pursues
executives and individuals during their sanctions investigations and have applied jail terms. It
has yet to be seen to what extent non-US regulators will take the same approach. This could
become a political decision depending on press attention.
The case law itself can be seen as a weakness, as the cases identified during research are all
US-centric, as were the sanctions that were deemed to have been breached, given that many of
the cases centred on historic trading licence breaches. While arguably Certegy Card Services
also breached UN sanctions by transacting with Iran, even in that case, the regulator
concentrated on the US sanctions breaches. It is unclear whether this national law focus is
solely because the case law comes out of the US, or whether other regulators will also
concentrate on the national law, given that often national law enacts international law in
relation to sanctions. Alternatively the regulators may differentiate around the source of the
law for the breach, i.e. between a breach of national law that enacts UN Security Council
sanctions and a breach of a sanctions law that enacts national government policy. This could
also result in the same breach having different punishments in different jurisdictions. In turn,
this could mean companies try to forum shop in the future.
It will be interesting to see how the case law will develop as more regulators become
enforcement-focussed. US regulators have also issued penalties to EU-incorporated
companies, so there is scope for the relationship between regulators to increase with
regulators working together to target companies in breach in multiple jurisdictions within one
action. In the same way that New York and London have become choice-of-law centres for
transaction documentation and financing arrangements, potentially certain jurisdictions will
develop as knowledge centres for sanctions prosecutions.
Additionally, sanctions and their enforcement do not exist in a vacuum and the maintenance
of international norms will take precedence. Therefore international sanctions are limited by
economic, social and cultural rights arising from the Charter of the United Nations. There has
been some academic discussion around the need to raise alternatives and this will be likely
give rise to additional changes to the sanctions framework in the future.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
55
C. The Cost of Breaching Sanctions
Given that there are different sanctions regimes that operate in parallel, it stands to reason that
the enforcement procedures will also operate in parallel. As per the previous section, this
could result in regulators pooling resources and running investigations together rather than
having enforcement procedures also operate in parallel, which will result in addition resource
requirements from the regulators while the companies under investigation can instruct one
law firm to handle multiple investigations. As also referenced in the section above, one of the
weaknesses in the sanctions regime is that generally regulators depend upon companies self-
reporting breaches. While it seems improbable that the majority of breaches are intentional,
there could be companies that remain oblivious of the breaches that they are carrying out and
therefore do not self-report and are not held to account. However, regulators do take into
account whether the breach has been self-reported when applying penalties. So, while from a
layman's perspective, the fines imposed for the breaches highlighted in sub-section A
(Examples of Breaches) appear to be high, most of them being over one million US dollars in
size, in relation to the overall size of the companies involved, the fines are enough to make an
impact, but not enough to result in the companies becoming insolvent and needing to file for
bankruptcy. The companies in the examples are still trading and those that are publically
traded have stable stock prices. Additionally, when compared to the OFAC penalties against
banks for sanctions breaches, the penalty amounts are relatively small.
Taking the example of OFAC penalties in particular, OFAC utilises a 'penalty matrix' in
assessing the penalty to impose for a breach. Not only does OFAC take into account whether
the breach was 'egregious' or not but also as an array of additional facts, such as the
involvement of management, the sophistication of the company, and whether the company
acted recklessly but whether the breach was self-disclosed. As referenced in section VI.C
(Defining a Sanctions Framework), OFAC does not require companies to have a sanctions
policy, but its expectation is that companies will be able to identity internally when one is
required and put one in place. If a company has regular contact with foreign clients or
customers, then the expectation is that it requires, and will have, a sanctions policy. Even
without one, OFAC will consider that the company should be 'sophisticated' and will set the
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
56
penalties accordingly. Moving to the UK, newly introduced civil fines also take into account
of whether there was a voluntary disclosure or not. An 'informational offence', i.e. where there
is a failure to inform, could result in either a criminal prosecution or a further monetary
penalty.
A breach of sanctions can also generate bad publicity for the companies involved.
Government departments often publish their findings online and are also subject to freedom
of information laws. However, the impact of negative press in relation to an M&A transaction
breach has still to be fully determined. A simple Google search for the names of the
companies in the US case law together with the words 'sanctions' and 'penalty' resulted in
limited articles beyond the web pages of the regulators themselves. With the increased speed
of news and the mega-fines imposed on banks for other sanctions breaches seizing the
headlines instead, it is quite possible that companies will face fines in excess of a million US
dollars without it creating more than a blip on the collective consciousness of the general
public and that it will be forgotten within a few days by all other than the direct participants.
Consequently, it will not impact adversely upon the company's reputation and therefore act as
less of a deterrent than regulators intend.
As referenced in the previous subsection, while fines may be imposed, management and
individuals may also be targeted by regulators. So, not only could a company be subject to a
criminal or civil investigation, but so could individual management members and employees.
This places pressure on the people involved and also can result in a criminal record. It is
likely that the threat of a personal criminal conviction will add additional encouragement to
management to ensure compliance.
Naturally, sanctions investigations do not occur in a bubble. For those companies that are
listed, the stock price can be affected. A loss of investor confidence can have far reaching
consequences, with falling stock prices, increased difficulty in raising funds and the company
seen as a less attractive employer for new and existing employees.
There is also a need to correct internal procedures to ensure that the company – and its
subsidiaries – have an improved compliance procedure. Regulators may be even less tolerant
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
57
the second time around. Section VI (Addressing Sanctions Risk) above outlines the steps that
companies can use to mitigate sanctions risk and the implementation is likely to be time and
resource costly.
D. The Challenges of a Changing Enforcement Regime
The framework for imposing sanctions at an international level is relatively stable. But, while
it is unusual for the basic framework giving rise to the authority to impose sanctions to
change, a recent example of modifications to the framework of enforcement powers is the
enactment of the UK Policing and Crime Act 2017 which came into force on 1 April 2017.
The Policing and Crime Act 2017 (PCA) introduced three major changes to the enforcement
of sanctions breaches as well as supporting the work of the newly established Office of
Financial Sanctions Implementation (OFSI). The PCA specifically deals with financial
sanctions breaches. In 2016, over one hundred suspected financial sanctions breaches were
reported to OFSI, of which 95 were actual breaches, totalling approximately GBP 75m. The
PCA introduced monetary penalties for financial crime offences and prison sentences of up to
seven years, with details of cases to be published online as a deterrent and also to support
compliance best practices.
OFSI is able to impose a civil fine on a person (entity or individual) if it is satisfied that the
following statutory test from the PCA is satisfied: "on the balance of probabilities: (i) the
person breached a prohibition or failed to comply with an obligation under financial
sanctions legislation, and (ii) the person knew, or had reasonable cause to suspect, that they
were in breach."55F
56 This balance of probabilities threshold is lower than the existing criminal
threshold of 'beyond a reasonable doubt', meaning that regulators have a lower threshold to
satisfy prior to initiating civil proceedings. In addition to the statutory test, one of the
following factors must be identified: (i) the breach resulted in funds or economic resources
being provided to a sanctioned person, (ii) there is evidence of circumvention, (iii) the breach
must be 'serious' in nature, and/or (iv) the person has not cooperated with the investigation. At
56 Policing and Crime Act 2017, section 146 (Power to impose monetary penalties), available at:
http://www.legislation.gov.uk/ukpga/2017/3/pdfs/ukpga_20170003_en.pdf [Last accessed 8 July 2017].
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
58
least in relation to the last point, the person has the opportunity to help his/her position by
assisting and this will be taken into account if and when a fine is imposed.
Another general point to note is that there is no need for the regulator to choose whether to
pursue civil or criminal proceedings, as it can still refer the case to the Crown Prosecution
Service for a criminal prosecution as well as pursue civil remedies.
Like any new law, the practicalities of using the PCA have yet to be tested. It has also yet to
be demonstrated how the PCA will fit with the operational framework of OFSI. The PCA
does not include details on how the interactions between OFSI and the company or person
under investigation will work, which is an unnecessary gap. Additionally, OFSI is not a court,
therefore its decision-making process is not under the same scrutiny and there is no obligation
to publish detailed decisions in the same manner. Until or unless such provisions are put in
place, there is likely to be more uncertainly to the OFSI approach and the potential for
companies to seek to find a new appeal route.
The US BIS has already learnt the need for greater transparency and published updated
guidelines called the 'Guidance on Charging and Penalty Determinations in Settlement of
Administrative Enforcement Cases' (the BIS Guidelines) in June 2016 to promote greater
transparency and predictability to the administrative enforcement process. Under the BIS
Guidelines, the objective is to make civil penalty determinations more predictable to the
public and aligned with those of OFAC. What is also interesting to note is that the US BIS
stresses the focus of its enforcement activities is as a compliance tool to prevent breaches.
This approach is one that is missing from OFSI's guidelines and would be a useful addition to
demonstrate the prevention aspect of its role in addition to its role as the righter of wrongs.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
59
VIII. Summary and Conclusions
A. Closing Analysis
The paper opened with a statement: the development and maintenance of a robust approach
to sanctions implementation is vital for mergers and acquisitions because it improves
monitoring, prevents breaches of law and reduces reputational risk. It is necessary to break
down each element of the statement to examine how accurate it is in light of the findings of
this paper.
Over the last decade, the management of companies have woken up to the need for stringent
internal compliance procedures. While naturally the size of the company involved and its
industry type does influence how advanced such a procedure is, it is heartening to see that the
awareness of compliance in general has grown and is starting to gain greater traction. Carry
out a basic internet search for compliance procedure templates and there are multiple hits, so
there is no excuse for a company not having at least a rudimentary process to build upon.
Within section VI.D (Sanctions Lists and Screening), the continual changes to the list of
sanctioned parties is highlighted, showing the need to keep the sanctions policy well
maintained. It is not enough to have a list of sanctioned entities without keeping the list up-to-
date. As shown in the case of Sigma-Aldrich in section VII.A (Examples of Breaches), it is
vital to not only to continually review policies: a mistake in the past on which licence to apply
was not checked by Research Biochemicals Limited Partnership's original management; this
was not picked up during due diligence, resulting in the error not just being an issue for
Research Biochemicals Limited Partnership, but also for its new owners and management;
then Research Biochemicals Limited Partnership's policies were not reviewed by Sigma-
Aldrich's management or staff for a further year, resulting in Sigma-Aldrich breaching
sanctions in its own right and not solely as the successor owner of Research Biochemicals
Limited Partnership. It is clear that there were repeated failures in both businesses' monitoring
procedures, which resulted in breaches taking place and continuing unchecked.
While it is simple to say that compliance and monitoring needs to improve within companies
prior to an M&A transaction taking place to mitigate the risk of successor liability, section
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
60
V.F (Entities and Organisations that can Impose Sanctions) shows the multitude of sources
from which sanctions can come from. With international and national sources combined with
a complex web of laws, regulations and licences in place to ensure compliance, there is a need
to bring greater transparency to what companies need to do in order not to fall foul of the
system. With some jurisdictions not even publicising their sanctions, this is particularly
relevant and problematic for purchasers to manage their risk. Some regulators, like SECO in
Switzerland, are willing to respond to enquiries in writing giving a determination on the facts
presented whether a transaction is compatible with the Swiss sanctions regime. However, with
less than ten enquiries per year which are M&A related, either private practice lawyers are
very assured of their own advice, or the opportunity to gain input from the same entity that
would investigate a breach is being lost. The author submits that not approaching the
regulator is a lost opportunity. While not all regulatory bodies offer this helpful service, and
therefore this is not a failsafe approach, the benefits to be gained by confirming advice which
is not absolutely clear, rather than take the risk of investigation later, outweigh the risks of
potential investigation.
In section VII.A (Examples of Breaches), there is limited case law available, however, there is
still a visible trend towards higher penalties and greater publicity of regulators' success
stories. Interestingly the negative publicity from a successful investigation does not appear to
have affected the share prices of the public companies involved in the cases referenced in
section VII.A (Examples of Breaches); the author submits that this is unlikely to continue as
penalties increase. Government organisations have not, historically, been at the forefront of
building an online and social media presence, but with US government departments such as
the US Department of the Treasury and US Department of Justice having Twitter, Facebook
and Instagram accounts, it is only a matter of time before #OFAC starts trending when the
next multi-million dollar fine is announced. As companies also spend increasing amounts on
developing a sophisticated online and social media presence, it is not worth the risk of having
this threatened by a 140-character tweet tagging a company from a government department.
Looking at sanctions compliance within the wider compliance field also highlights how early
the enforcement process is in its development. In section VII.A (Examples of Breaches) it was
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
61
shown that there have been few prosecutions so far for sanctions breaches. Compare this to
prosecutions under anti-bribery legislation and in the US, for example; 50% of anti-bribery
prosecutions come from M&A transactions.56F
57 Interestingly, Transparency International, an
international movement operating in 120 countries and working towards stopping world
corruption, states that: "there can be a net benefit if a company with an anti-bribery culture
takes over a company with a less rigorous approach. The prospective purchaser may be able
to agree with the enforcement authorities on a grace period, following acquisition, during
which agreed mitigation steps are carried out."57F
58 Such an approach from regulators regarding
sanction breaches would be unexpected, given the case law previously highlighted. This is
surprising as the author submits that on balance, companies do not intentionally breach
sanctions, however, a breach of anti-bribery legislation is arguably less easy to achieve. One
has to wonder if this leeway on behalf of the state is due to a lack of tolerance for even the
inadvertent breach of international or national law that could be seen to support 'terrorism', or,
more cynically, partly to allow it to deal with its own employees who may be accepting
bribes. It is therefore interesting to see the difference in tolerance levels from regulators
concerning two difference types of compliance breach.
The author submits that the evidence shown in this paper leads to the conclusion that
companies can mitigate the risk of breaching sanctions by taking some relatively simple steps:
Firstly, the company should employ professionals to build and maintain its compliance
programmes. As with most professions, being a compliance professional does not mean that a
person is a sanctions compliance specialist. When a company makes the strategic decision to
carry on business outside its own national borders, then that company should begin to address
sanctions risks. Risks can come from the supply chain, clients, the goods being sold
themselves or financing arrangements. As the company grows and considers an M&A
transaction, the need to have such a framework in place becomes apparent, and the lack of a
framework should be a red flag to the other parties involved. Equally, having a functioning
57 Transparency International UK: Anti Bribery Due Diligence for Transactions, available at: (http://www.transparency.org.uk/publications/anti-bribery-due-diligence-for-transactions/) [Last accessed 16 July 2017] p 2. 58 Transparency International UK: Anti Bribery Due Diligence for Transactions, available at: (http://www.transparency.org.uk/publications/anti-bribery-due-diligence-for-transactions/) [Last accessed 16 July 2017] p 3.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
62
and entrenched compliance system and professionals who have the knowledge to operate the
system advising the company on its regulatory obligations and legal requirements, be they
internal or external professionals, gives comfort to both M&A parties and can smooth out the
due diligence process.
Secondly, companies should use the resources available to them to help them make correct
decisions. This could be the use of external monitoring companies to run targeted sanctions
checks, or approaching regulators for advice during the M&A due diligence process.
Thirdly, specific legal protections should be included in the transaction documents,
particularly the SPA, regulating what will happen if a sanctions breach is subsequently found.
Naturally, this is much more useful in a private M&A transaction than a public one, as there is
a clear counterparty to seek recourse from. In the public setting, the multitude of shareholders
makes recourse against a seller practically impossible. But, as shown in section VI.B (Legal
Drafting in the SPA), some clear drafting addressing sanctions in a private M&A setting
makes recourse more straightforward, rather than relying upon general, catch-all warranties.
As detailed in section VII.D (The Challenges of a Changing Enforcement Regime), while the
field of sanctions in M&A is still developing, this leaves room for regulators to take an
increased interest in further investigations and building new enforcement frameworks. The
author expects that legislative bodies will concentrate their attention on giving regulators
more powers of investigation, as well as sharper teeth to punish breaches. In the first instance,
this will likely follow along the path already started in the US, and begun with the PCA in the
UK, of lowering the threshold of proof for regulators and increasing civil penalties.
Investigating and penalising management for breaches is also likely to follow the US trend
and increase. Whether legally correct or not, the author expects that the interest of a regulator
in investigating an individual will increase when the breach is more politically sensitive or
draws more public attention. The public's desire to have Fred Goodwin punished for the near-
collapse of Royal Bank of Scotland after the ill-timed takeover of Dutch bank ABN Amro is a
prime example when regulators also become motivated by public opinion and political will.
The expectation is that a high-profile investigation into a breach which strikes a chord with
the public or is politically unsavoury could also lead to similar scrutiny of management.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
63
Given that the motivations for at least some sanctions are political, strong messages that the
breaches are supporting terrorism, particularly in certain countries, are likely to gain public
support for more serious punishment.
B. Implications of the Paper
The paper shows that the research area of international and national sanctions in M&A is still
in its infancy. There has been little academic research into this field; instead, research has
been largely centred upon sanctions specialists within private practice. This means that the
papers published have predominantly reacted to regulatory developments or the application of
new sanctions to a particular state or group.
The law and regulatory landscape develops in two ways: firstly by the adoption of new, or
repeal of old, statutes; and secondly by the wider application of case law to subsequent cases.
In the case of sanctions, it is in the reputational interests of the companies and individuals
involved to avoid the courts. Consequently, a body of legislation has been established which
applies far-reaching sanctions, yet remains essentially untested. Additionally, a decision-
making process has developed which largely exists without court scrutiny.
Theoretically, the area of sanctions in M&A could remain unscrutinised for another decade,
however this would be imprudent. The field needs true academic scrutiny so that the
regulatory framework can be guided by the transparent fundamental principles upon which
sanctions are based, rather than allowing regulators free rein and to utilise the system to raise
financial penalties rather than seeking a way of reducing the number of breaches from the
outset. The paper highlights the need for clear and improved compliance guidelines and
potentially greater standardisation of monitoring across industries. Additionally, section VI.A
(Due Diligence) shows the continued importance of thorough due diligence, as ignorance is
not a defence, meaning that while companies' need for speed to close a transaction should not
be ignored, greater importance should be placed on accuracy.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
64
C. Study Limitations
The reader is reminded of the limited scope of this paper as set out in the introduction: the
author has defined sanctions by reference to specific examples; the paper is geographically
focussed; and there is limited public information available in respect of M&A transactions in
general.
Firstly, while the paper touches on the wider topic of international sanctions, in particular in
section V (Understanding Sanctions), its central theme is sanctions in M&A transactions. The
terms of an M&A transaction are generally confidential between the parties and companies
are understandably reluctant to discuss specifics with outsiders. When the transaction is a
public merger or acquisition, then more details do become more readily available, however,
the terms of the majority of M&A transactions remain confidential. This was the most acute
of the limitations, as it severely restricted the author's ability to examine practical examples or
place academic theories into context.
The limitations on the availability of information and the breadth of the topic means that the
paper could have become caught up in purely seeking an all-encompassing definition of what
sanctions are. Due to this, the author chose to concentrate on specific examples, particularly
within sections VI (Addressing Sanctions Risk) and VII (The Cost of Getting it Wrong), to
illustrate what sanctions mean in an M&A context.
Thirdly, the paper centres on three jurisdictions: the US, the UK and Switzerland. While a
different choice of jurisdictions would likely result in the same fundamental sanction concerns
arising in a business context, it would also highlight different political relationships and
motives behind the placing of national sanctions. To a certain extent, the variety of angles that
could be taken and combinations of jurisdictions available is a luxury – for example the
author believes that a paper considering sanctions in M&A in China or Russia would have
provided another perspective – however, due to the quantitative limitations imposed on the
paper, the author has been required to select three jurisdictions only.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
65
D. Recommended Direction for Future Research
For further study into the topic of sanctions in M&A transactions, the author recommends
monitoring the development of civil penalties outside the US. The relaxing of the threshold of
proof in favour of the regulator under the PCA would be an interesting starting point in the
UK, as this legislation is likely to give rise to both more case law and academic analysis in the
next few years. The author anticipates that the lack of statutory guidance as to how the OFSI
shall operate could give rise to legal discussions around power, implementation and due
process.
A second additional area of research will likely be the link between breaches of sanctions in
companies within M&A transactions and the funding of those transactions. Given that
purchasers are being fined for the actions of companies that they acquire when breaches were
not identified during the due diligence process, it will be fascinating to see whether regulators
start pursing lenders for funding such transactions.
A final additional area of future research into this topic would be the examination of the
impact of sanctions legislation on M&A transactions in Russia and China, as well as in
sanctions hot-stops such as the Middle East.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
66
IX. Appendix
For the purposes of this paper, interviews were carried out with lawyers, regulators and
compliance professionals in business and industry. With the exception of regulators,
participants requested to remain anonymous for business confidentiality reasons. The initial
questions posed during the interviews are as follows:
1. In what context are you commonly approached about sanctions related questions?
2. What are the most common questions that you are asked about sanctions in an M&A
context? Are the sanctions issues raised more about comprehensive or targeted sanctions,
i.e. are the concerns more about the country in which the transaction is taking place, the
type of business, or a particular person involved?
3. Once an M&A transaction has closed, if the buyer subsequently finds a sanctions related
issue and approaches you for advice, what practical steps do you commonly recommend?
4. Have you ever had to litigate on a sanctions related issue from an M&A transaction?
5. Are you able to provide any examples of sanctions issues in an M&A context?
6. To what extent does the existence of sanctions influence [company's] business decisions?
[Company question only].
7. What due diligence steps does [company] take to ensure compliance with sanctions
regimes when involved in an M&A transaction? For example, does [company] use any
specific third party investigation services or seek input from government bodies?
[Company question only].
8. Does [company] actively monitor the existence of sanctions in high-risk locations?
[Company question only].
9. Approximately how many separate M&A transactions are you approached about each
year where the buyer – or other concerned parties – is concerned about a possible
sanctions related issue? [Regulator question only].
10. If a company approaches [regulator] regarding an M&A transaction which could be in
breach of existing sanctions, what role does [regulator] play in the transaction? E.g. does
[regulator] provide advice to companies or any form of confirmation that the transaction
would / would not be in breach of sanctions?
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
67
11. Once an M&A transaction has closed, if the buyer subsequently finds a sanctions related
issue and approaches [regulator], what role does [regulator] play? Does [regulator]
penalise the buyer, or does [regulator] give the buyer a grace period to solve the issue and
work with the buyer to ensure future compliance? [Regulator question only].
12. Is there any other information that you think would be helpful?
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
68
X. Abstract
The paper examines the relationship between international and national sanctions and M&A
with the aim of proving, or disproving, the statement that the development and maintenance
of a robust approach to sanctions implementation is vital for mergers and acquisitions because
it improves monitoring, prevents breaches of law and reduces reputational risk.
It outlines the various types of sanctions that can be applied to individuals, organisations,
companies, groups and countries. It also summarises the entities at an international and
national level that can apply sanctions.
This provides the setting for a discussion around how to address sanctions risk. The key
elements are identified as: due diligence; appropriate legal drafting in the SPA; and the need
to have an existing sanctions framework.
To demonstrate that there is a legal and regulatory consequence of non-compliance with
sanctions, the paper provides examples of prosecutions from the US and also considers the
regulatory position in the UK and Switzerland. It considers reasons why there have been no
M&A-related enforcement actions for sanctions breaches within these two latter jurisdictions.
There is a discussion on weaknesses in the current enforcement regime and the challenges that
are likely to be faced in the UK with the introduction of new civil prosecution powers.
The paper closes with an analysis of the previous sections and an examination of the
implications of the paper on sanctions within an M&A context.
The opening statement is ultimately proved.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
69
XI. Resume
Vicki Stewart
Born on 13 August 1979
Studies
• Law
• Business studies
• English literature
Degrees
• University of Oxford (Department of Continuing Education), UK
Certificate in Higher Education (CertHE), 2012-2015
Major: English literature, Minors: Philosophy & Economics
• University of Aberdeen, UK
Dip.LP – Post-Graduate Diploma in Legal Practice, 2002-2003
MA (Hons) – Master of Arts: Management Studies, 2000-2002
LL.B. – Bachelor of Laws with options in German Language, 1997-2000
Field of business activity
• Law
XXI / 2016-2017 Executive Master of European and International Business Law M.B.L. –
HSG at the University of St. Gallen.
Executive Master of European and
International Business Law of the University of St.Gallen M.B.L.-HSG
70
XII. Statement
I hereby declare
• that I have written this paper without any help from others and without the use of
documents and aids other than those stated above,
• that I have mentioned all the sources used and that I have cited them correctly according
to established academic citation rules,
• that I am aware that my work can be electronically checked for plagiarism and that I
hereby grant the University of St.Gallen copyright in accordance with the Examination
Regulations in so far as this is required for administrative action.
Zug, 18 July 2017
Signature: …………………….………