The world of international compliance: what transactional lawyers need to know to perform ethically and responsibly.

Exports of dual-use items may require a license depending on the item itself, the country of destination, the identity of the end-user, and the end-use. (34) Most dual-use items controlled for export are those having potential for use in information security, high level telecommunications, navigation, power generation, aeronautics, satellite control, missiles, weapons of mass destruction, and military applications. (35) Exports to U.S. designated state-sponsors of terrorism (36) are generally prohibited, (37) as are exports to certain individuals and organizations on the BIS Entity List, (38) Specially Designated Nationals (SDN) list published by OFAC (39) and the BIS Denied Persons List. (40) Exports to certain countries, such as China, are also potentially problematic because of pervasive military involvement in many organizations. (41)

OFAC implements and enforces U.S. trade sanctions, which generally prohibit U.S. persons from doing business with certain designated persons, entities, or countries, such as the well known prohibitions on trade with Cuba and Iran. (42) The U.S. trade sanction laws apply to all U.S. persons. (43) U.S. persons include all individuals and companies in the United States, U.S. citizens or permanent residents, companies organized under U.S. law (including their non-U.S. branches), and the U.S. offices or branches of non-U.S. companies. (44)

One commonly imposed sanction is asset blocking, which has the effect of prohibiting all transactions involving a specified company or entity. (45) Asset blocking is broadly defined to include any property in which the target, a foreign government or national, has an interest. (46)

C. Overview of Alien Tort Statute

An alien tort statute claim has three elements: (1) an alien; (2) a tort; and (3) a violation of the law of nations. (47) Courts have held that a private actor, such as an individual or a corporation, can violate the law of nations by acting under color of state authority. (48) Thus, a company that closely coordinates on issues of security and protection with a foreign host government can be accused of liability for violations of the law of nations, such as human rights claims. The key question for the purpose of potential corporate liability under the ATS is determining the circumstances under which a corporation can be deemed potentially liable for the actions of a government.

Courts may consider two potential tests for corporate liability under the statute. The first is a "joint action" test, under which state action exists if a private party acts as a "willful participant in joint action with the State or its agents." (49) Courts evaluate whether the state officials and private parties acted in concert to violate a particular rule of customary international law, and whether the public and private actors shared a "specific goal to violate [the law of nations] by engaging in a particular course of action." (50) The second test for state action is whether the U.S. company "proximately caused" the violation. (51) To establish proximate cause, a plaintiff must prove that the private individuals exercised some form of control over the government official's decision to commit the violation. (52) Examples of proximate cause include some combination of control or power, as well as an express direction to take action, (53) or control over decisionmaking. (54)

There are exceptions to the state action requirement, however, for acts of piracy, slave trading, genocide, war crimes, and forced labor. (55) In 2004, the United States Supreme Court significantly limited the types of international norms that may give rise to an actionable claim under the ATS. (56) In Sosa v. Alvarez-Machain, the Court adopted the fairly strict standard that "courts should require any claim based on the present-day law of nations to rest on a norm of international character accepted by the civilized world and defined with a specificity comparable to the features of the 18th-century paradigms [of violations of safe conduct, offenses against ambassadors, and piracy]." (57) In Sosa, the plaintiffs arbitrary arrest claim did not meet the Court's standard. (58)

The Court specifically rejected the notion that actionable rights under the ATS could be created by international declarations or covenants, such as the Universal Declaration of Human Rights or International Covenant on Civil and Political Rights. (59) Similarly, the Court rejected the claim that treaty provisions that were not self-executing could give rise to an ATS claim. (60) In a concurring opinion, Justice Breyer suggested that potentially cognizable present-day violations may include torture, genocide, crimes against humanity, and war crimes. (61) In such cases, a company may be held liable both for its own direct violations of international human rights standards, or for "aiding and abetting" a foreign state's violations.

However, the Sosa court noted that federal courts should act cautiously "when considering the kinds of individual claims that might implement the jurisdiction conferred by [the ATS]." (62) A determination whether to craft a remedy for the violation of a new norm of international law involves considerations based on modern conceptions of common law, the role of the federal courts in making common law, appropriate deference to the legislative branch, and potential interference with U.S. foreign relations. Such considerations may impact whether individual corporations can be held liable for direct violations of international law or for "aiding and abetting' a foreign state's violations, as such claims may "impermissibly [interfere] with [a nation's] sovereignty and U.S. foreign policy." (63)

III. COMPLIANCE RISK DUE DILIGENCE

Any lawyer considering a transaction abroad, or an acquisition involving substantial international operations, particularly in a country with a reputation for corruption, potential for export controls violations, trade sanctions violations, or human rights abuses, should follow the following three steps in conducting pretransaction due diligence: (1) Determine Risk Factors; (2) Conduct a Tailored Review; and (3) Determine Post-Review Steps. We discuss each of these in more detail below in the context of the compliance risks presented by the FCPA, Export Controls, and ATS regulations.

A. Risk Assessment

1. FCPA: Look for Red Flags

The first step in conducting FCPA due diligence is assessing the risk of foreign bribery issues by examining potential red flags and the target's FCPA compliance program. Potential red flags include a country's rank on Transparency International's Corruption Perception Index, which can assist attorneys in evaluating perceived FCPA risks for a potential transaction. (64) Transparency International's Corruption Perceptions Index (CPI) ranks countries on a scale of 1 to 10, in which 10 signifies least corrupt and 1 most corrupt. (65)

Second, the company should assess the nature of the target's business in each of the countries in which it operates. Such an assessment could include determining whether (1) the target employs a direct sales force or uses agents, distributors, or other dealers; or (2) by evaluating the degree of reliance the target places on consultants or other third parties. The use of agents or consultants may signify an increased opportunity for corruption since these third parties are outside of the target's direct control.

Third, the assessment should consider the degree to which the target sells to, or otherwise conducts business with, foreign governments. The company should investigate the level of interaction between the target's employees and government officials. If the target has government or government-owned customers or otherwise substantially interacts with government officials, the risk of an FCPA violation may be high. Additionally, if the target's business requires government licenses or approvals, or interaction with customs, police, or military officials, the FCPA risk may be significant.

Fourth, the risk assessment should examine the target company's compliance program and evaluate the strength of that program. This entails a thorough review of the policies, procedures, and controls that the target has implemented to ensure FCPA-compliant behavior.

2. Export Compliance Assessment: Who is Doing What?

BIS expects U.S. companies to have an established export compliance program. (66) An Export Management System should provide an organized, integrated operating system that: (1) ensures compliance with U.S. export control laws and regulations; (2) manages export-related questions, decisions, and transactions; (3) provides a streamlined management structure for processing export transactions in a transparent and accountable manner; and (4) protects the company from penalties.

An assessment of a target's export compliance program should involve identifying the target's exported products, including the software required to operate such products, the technology related to such products, and the total annual sales value of the identified products over recent years. Once the export products have been identified, the next step is to determine whether the items exported are subject to the EAR and identify the applicable Export Control Classification Number on the Commerce Control List. (67) The export destinations should be located on the Commerce Country chart, which will assist a lawyer in determining whether a license is or was required for the export. (68)