Imagine you have a business and as part of that business you have a Ford pick-up truck with your business and phone number on the side of the truck. Eventually, you need to upgrade the truck, so you go to the Ford dealership buy a new truck and trade in the old truck. The dealership tells you not to worry about the fact that your business information is on the truck it will take care of it. You execute the transaction and are on your way.
Your truck meanwhile – gets sold at an auction in the US, then gets exported to Turkey, then makes it way to Syria. In Syria, someone snaps a photo of your truck and tweets the photo around the globe – everyone is talking about it to include on the Colbert Report because your business’ name and phone number are still on it; a masked person is driving it; and someone is in the back manning an anti-aircraft weapon. As a result you get thousands of harassing and threatening phone calls, the FBI visits and interviews you; and you leave town for a period of time because of safety concerns. You get in touch with your lawyer who promptly sues the Ford dealership for invasion of your privacy. This all happened to a fella who owns a plumbing business in Texas. (See the Houston Chronicle for the story and the law suit paperwork)
When I read this story – my first thought was: “How does the Ford dealership and the auction house not know about the laws that mandate that they “know their customers” so this exact type of thing does not happen?” Clearly, they either: 1. don’t know; or 2. know but don’t care; or 3. know and care but the systems that assure their vehicles don’t end up in the wrong hands are not working. No matter why – all organizations need to get it together and follow the law on this.
The law itself is relatively simply – you cannot do business with any nation, organization or person that the US has blackballed from being able to do business with a US person or organization. The US, in conjunction with other nations and the United Nations put together a list of nations, business and individuals who are terrorists, narcotics traffickers, human traffickers, trafficking in weapons of mass destruction and generally are the world’s worst behaved most dangerous people and may threaten our foreign policy or national security interests. If a person, entity or nation is on the list – you can’t do business with them. Here in the US, the US Department of Treasury’s Office of Foreign Assets Control (OFAC) is charged with keeping the list. (Office of Foreign Asset Control Website). Failing to comply may result in civil fines and criminal penalties – not to mention the reputational hit you take as the fella mentioned above learned. (not that this was his fault)
What is a business to do? Strategically it is simple – set up compliance program that includes systems to make sure that you are not doing business with a prohibited nation, entity or person. That is identify who you do business with and make sure they are not on the list. Then, train your people on the law, how your business is going to follow the law, and what they should do if they have a question or concern about a transaction. However, as usual the devil is in the details – the compliance program should be based on how your organization identifies potential clients and customers; sells and distributes its products and services; and, what happens to the products and services once they enter the stream of commerce. For example, if you only sell your products and services to persons in your town and you know your buyers do not sell or transfer your product through the commerce stream – you don’t have much to worry about. But, if you are selling your product internationally, say trucks to Turkey…. You better make sure you know who you are selling to and where your truck goes when you sell it. Otherwise, you can end up being part of the ISIS propaganda machine and subject yourself to lawsuits and government investigations.