Guest Commentary: Terrorizing you in ways you haven’t considered

Feb 4, 2002  •  Post A Comment

Media companies are accustomed to dealing with government regulations, whether involving mergers and acquisitions, ownership limitations or broadcast licenses. A series of new regulations-implemented after the Sept. 11 terrorist attacks-have not yet hit the radar screens of many media organizations, although the regulations are potentially far-reaching and will add a layer of oversight and compliance to existing business practices.
The regulations are aimed at cutting off the economic resources of terrorist organizations, and they restrict U.S. companies from engaging in “any transaction” with suspected terrorist organizations. The regulations apply with equal force to all U.S. corporations, their non-U.S. branches and to U.S. citizens. There are substantial civil and criminal penalties for violations. These regulations are contained in Executive Order 13224, signed by President Bush on Sept. 23, 2001. The executive order designates a category of “specially designated global terrorists,” or SDGTs, with whom U.S. companies are prohibited from doing business. The executive order also requires that the property of an SDGT be blocked and promptly reported to the Treasury Department.
In short, the regulations prohibit U.S. businesses-including those conducting business via the Internet-from engaging in business with any SDGT. It does not matter if the transaction appears to be completely innocuous. U.S. companies cannot do business with an SDGT, whether involving the sale of a business unit, the carriage of video programming or the rental of a remote-control device.
The Treasury Department’s Office of Foreign Assets Control (OFAC) is in charge of implementing the regulation and maintains a list, currently 63 pages in length, of SDGTs, aliases and related terrorist organizations. (The list is available online at the U.S. Treasury Department’s Web site www.ustreas.gov/ofac/t11ter.pdf.)
The scope of the regulations is potentially far-reaching, to say the least. Take a traditional media company with both distribution and production businesses. At every level, the regulations prohibit transactions with SDGTs. Taken literally, cable service, theater tickets, CDs, books or even newspapers cannot be sold to an SDGT. It does not matter if the transaction takes place after months of face-to-face negotiations or by a seemingly anonymous transaction over the Internet. The regulations do not contain an exception for smaller transactions.
Because the regulations are so new and the Treasury Department has not provided guidance on how broadly they will be applied or enforced, there is a high level of uncertainty in many industries-especially those as fast-changing as the media business-as to what steps should be taken to adopt a reasonable compliance program. What is clear, however, is that an effective control system must be put in place to minimize the risk of violating the order and to avoid exposure to significant civil and criminal penalties.
As compliance programs are crafted, the U.S. financial institutions sector will likely serve as a framework, if not a model. For years, financial institutions have used filtering or interdiction software to detect fraudulent banking transactions and to comply with government regulations ranging from money laundering to bank regulatory compliance. The interdiction software filters or compares transactional information, such as a customer’s name or other account information, against selected data fields to determine whether a particular transaction should be blocked or rejected, or requires more information or an additional inquiry. The software essentially automates the process of cross-checking a potential business partner or customer against the SDGT list.
Compliance methods will vary
Beyond a blanket mandate that no business be transacted with an SDGT, the regulations do not suggest what sort of compliance is required. Compliance protocol will obviously vary depending on the risk profile for each business, the resources of the business and the nature of its relationships. Sufficient controls for a small video production facility, for example, will not be adequate for a large diversified media conglomerate company with worldwide operations, relationships and customers.
The principal means of compliance will be comparing new transactions and business relationships or customer data against the current SDGT list before any transaction is completed. This might be done manually, although it would be time-consuming, inefficient and prone to error, except for the smallest organizations. Many companies will install interdiction software-which is commercially available from a number of private companies-or will outsource the work to vendors that have already established automated systems to detect potential SDGT transactions. This screening process is not, however, foolproof, since those listed on the SDGT list will not necessarily use their own identities when engaging in transactions, which means additional compliance measures will be needed.
Avoiding mistakes
Baseline compliance-beyond the interdiction or filtering process-should also include a validation process to confirm that a customer or business partner whose name matches the SDGT list is verified as an accurate match. This additional step, albeit not automated, will be necessary to avoid difficult and embarrassing situations.
Screening measures also should check for red flags such as fund transfers or payments from a foreign bank account or a foreign billing address on a credit card or shipment to a foreign destination.
Record keeping will also be an important component of compliance. Companies will want to be able to demonstrate to regulators that reasonable, good faith steps have been taken to comply with the regulations. Penalties for violation of the order can run as high as $100,000 per transaction. Because OFAC has the discretion to reduce the penalties depending on the level of internal control established by a company, complete records may help companies mitigate penalties.
It goes without saying that compliance with these new regulations will be challenging, especially because the regulations are new and there is minimal guidance on how broadly the regulations will be interpreted and how aggressively they will be enforced by the government. Will the regulations apply to over-the-counter sales of newspapers and videotapes or just to more significant transactions? The short answer is that it is unclear. All this notwithstanding, media organizations will need to act promptly to begin designing and implementing reasonable compliance procedures to minimize the risk of subjecting themselves to substantial penalties under the regulations.
Craig Newman is a partner at Arnold & Porter in the law firm’s New York office, where he practices in the field of media, entertainment and technology.