Skip to main content

Navigating choppy waters

Addressing the risks of illicit shipping and sanctions evasion practices

On 14 May 2020, the US Department of State, the US Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) and the US Coast Guard jointly issued a 35-page advisory called “Guidance to Address Illicit Shipping and Sanctions Evasion Practices” (the “guidance”).1

The guidance has significant and far-reaching implications for businesses conducting any transportation or trade involving the maritime industry, as well as similar activities relevant to the energy and metals sectors. It provides industry specific recommendations for ten different sectors including financial institutions, shipping companies, freight forwarders, maritime insurance companies and commodity traders and suppliers.

The guidance states that 90% of global supply chains move goods by sea and that certain “malign actors” have learned new ways to avoid sanctions. Companies operating in this sector therefore need to be increasingly diligent in assessing and mitigating sanctions risk.

The sanctions-avoidance strategies employed by these malign actors include:

  1. Disabling or manipulating the Automatic Identification System (“AIS”) on vessels;
  2. Physically altering vessel identification (e.g. painting over vessels’ IMO numbers);
  3. Falsifying cargo and vessel documents;
  4. Ship-to-ship transfers, especially at night;
  5. Voyage irregularities (e.g. indirect routing or unscheduled detours);
  6. Vessel false flags and flag-hopping (using a country’s flag after it has been removed from the registry or without proper authorisation; repeatedly registering a vessel in different jurisdictions to avoid detection); and
  7. Complex ownership or management (e.g. the use of shell companies or multiple levels of ownership to disguise the ultimate beneficial owner of the cargo and frequent changes in ownership or management of companies).

In response to these avoidance tactics, the guidance sets out the following seven general practices to help companies enhance their due diligence and sanctions compliance policies and procedures.

  1. Institutionalise sanctions compliance programmes;
  2. Establish AIS best practices and contractual requirements;
  3. Monitor ships throughout the entire transaction lifecycle;
  4. Know your customer and counterparty;
  5. Exercise supply chain due diligence;
  6. Incorporate these best practices in contracts; and
  7. Industry information sharing.

As part of our sanctions blog series, we will explore these different areas of the guidance.

What does the guidance mean for compliance leaders?

In short, it means there continues to be an increasing focus on sanctions compliance – with a particular spotlight on the sectors and activities mentioned above. The practices outlined in the guidance indicate the direction of travel regarding where the US government is focusing on sanctions risk. They also indicate the likely criteria the US regulators will apply when determining the adequacy of a company’s compliance programme and to inform enforcement actions.

One of the key recommendations for companies from the guidance is to “institutionalise [their] sanctions compliance programs”. This means assessing their sanctions risk and, as necessary, implementing controls to address any identified gaps in their sanctions compliance programmes (“SCPs”). This also means properly embedding the SCP across the end-to-end business so that it blends seamlessly into everyday business practices, responsibilities and the overall company culture.

As mentioned in our previous article, OFAC offers a great deal of information on the essential components of a risk-based SCP in guidance issued in May 2019,2 centred on the following five essential principles of sanctions compliance:

  • Senior management commitment;
  • Risk assessment;
  • Internal controls;
  • Testing and auditing; and
  • Training.

It is also clear that anyone conducting transportation or trade involving the maritime sector – or any of the related sectors – should limit the risk of involvement with sanctioned or illicit activity, and conduct heightened due diligence on shipments that transit to or from high risk areas.

Some practical takeaways

What are the implications of the guidance?

The guidance is not legally binding and mentions this some 12 times. However, its recommendations are explicit and companies operating in the shipping sector continue to be actively investigated. It seems likely that US authorities will expect these recommendations to be implemented and that they may soon be considered standard practices for an effective SCP. No doubt the first enforcement actions will show how failure to implement these recommendations will be dealt with by US authorities.

Does it apply to my business?

The answer is not always straightforward. Businesses will need to work out whether they are a ‘US person’ or otherwise fall within US jurisdiction. The answer can also sometimes be surprising.

In a recent OFAC settlement, a Singaporean subsidiary of a US shipping company engaged with a sanctioned entity to ship sea sand to Burma in apparent violation of US sanctions laws. Although the shipping was undertaken by the Singaporean subsidiary, the transaction was reviewed and approved by management in the US. OFAC took the view that this brought the matter into its jurisdiction. To settle the apparent violations, the US parent agreed to pay OFAC $1.125m – reduced from base penalty $4m in recognition of a number of mitigating factors, including the development and implementation of a formal SCP.

The guidance is very detailed and quite overwhelming! Where to start?

Here are some helpful tips to consider as you digest the guidance and contemplate next steps:

  • Start with the parts of the guidance that are relevant to your business model.
  • Consider implementing a phased approach to address the points raised.
  • Ensure your sanctions risk assessment is effective and comprehensive as this will drive your control requirements and next steps. Remember that sanctions risk assessments should be conducted on a regular basis and should be refreshed when relevant regulations or corresponding guidance have been updated so that any risks identified – and corresponding internal controls on which such risks are based – reflect the current regulatory landscape.
  • Focus on some ‘easy wins’ to comply with the guidance that are the least burdensome from a time, resource and cost-perspective. This should include reviewing existing Customer Due Diligence (“CDD”) and Know Your Customer (“KYC”) processes, as well as addressing the high priority and high risk areas that are identified in your sanctions risk assessment.
  • As a next step, think about categorising short, medium and long term action items, allowing time to properly consider and operationalise those changes that will ultimately require more investment and research in order to implement a meaningful response.

As US authorities continue to scrutinise sanctions risk in global trade and the role the maritime sector can play to identify and mitigate sanctions risk, we expect there will be further guidance for this sector.

Stay tuned for our next blog post, where we explore some of OFAC’s suggested practices that are recommended in the guidance, as well as a discussion on industry leading practices.



If you would like to discuss any of the issues raised in this blog, or find out more about our Forensic services, please contact Stacey Toder Feldman.

Meet the authors

Stacey Toder Feldman

UK Mining & Metals Leader | EMEA Forensic ER&I Lead

An international lawyer by background, Stacey Toder Feldman leads our Forensic practice for the Energy, Resources and Industrials industry across EMEA and is also the UK Mining & Metals Sector Lead. Stacey has over 20 years’ experience advising clients on all aspects of the economic crime compliance lifecycle, in particular on global export controls, trade and economic sanctions, customs fraud, anti-bribery and corruption, fraud and related workplace misconduct. She provides a range of advisory and reactive services including: complex, multi-jurisdictional investigations; regulatory driven enquiries and related settlement agreements; risk assessments; target operating model design; gap analyses; forensic SME audit support; M&A due diligence; internal investigations and workplace misconduct matters; voluntary self-disclosures and related corrective actions. Stacey also specialises in designing bespoke global outsourced and co-sourced managed investigations services. Stacey works with clients from a wide range of industries, with a particular focus on energy, resources and industrials, and especially mining and metals, oil and gas, chemicals, manufacturing, trading, shipping, and industrial products. Stacey co-leads our firm’s critical minerals strategy campaign and recently authored an article series looking at the supply chain challenges of critical minerals. A strong supporter of the diversity agenda and promoting inclusion in the workplace, Stacey is co-partner sponsor for Deloitte’s Gender Balance Network and supports a range of people and purpose-related initiatives across the firm.

Olly Peggram


Olly is a Manager in the Firm’s Forensic practice with over 7 years’ experience in accounting and finance. He is a qualified Chartered Accountant and has over 3 years’ forensic experience working predominantly on investigations into sanctions breaches, bribery and fraud. Olly has experience working alongside legal teams and supporting clients in responding to requests from regulators. He also has experience advising clients on their sanctions policies and procedures.

Sign up for the latest updates