The US Commerce, Justice, State, and Treasury Departments have issued a joint advisory to alert persons and businesses globally to the threat of Iran’s unmanned aerial vehicle (UAV)-related activities. The advisory also highlights the need to take appropriate steps to avoid or prevent any activities that would support the further development of Iran’s UAV program.
The statement notes that the US government is committed to countering Iran’s UAV programs, including through preventing abuse of the US financial system and disrupting the procurement of foreign-sourced components.
Legal obligations
It notes that private industry must be aware of its legal obligations vis-à-vis entities and items involved in such procurement efforts, given the potential applicability of US export controls and sanctions regulations.
This advisory is also designed to help prevent companies from contributing to Iran’s UAV programs, including via direct and indirect transfers to third-country suppliers, which may threaten broader national and international security interests of the United States and its allies.
“Industry should be aware of its compliance obligations due to the threat posed by the extensive overseas network of procurement agents, front companies, suppliers, and intermediaries Iran uses.”
Guidance from US Treasury, State, Commerce and Justice Departments
According to the statement, Iran’s development, procurement, and proliferation of UAVs destabilizes the Middle East region and beyond. The country relies on foreign procurement to obtain items it cannot produce domestically, the statements notes.
Over the past 10 years, Iran has reportedly increased its inventory of both armed and unarmed UAVs, whose low cost, simplicity of production, and ease of use make them appealing to entities and countries of concern to which Iran may transfer them.
Recovered Iranian-origin UAVs used by Russian forces in Ukraine reveal that Iran’s UAV program has used many components produced by third-country suppliers. Furthermore, Iran has continued its destabilizing activities in Yemen, including sending illicit shipments of UAVs and other weapons to the Houthis, who have used them to conduct strikes inside Yemen and on neighboring countries, the statement says.
Sanctions compliance
Compliance programs should reflect management commitment to compliance and include risk assessment, internal controls, testing, auditing, and training.
Effective programs will conduct risk-based due diligence on customers, intermediaries, and counterparties, plus empower staff to identify and report potential violations of US sanctions and export controls to compliance personnel so companies can cease violative conduct and determine whether to make timely voluntary disclosures to the US government.
Optimally, compliance programs should include controls tailored to the risks the business faces, such as diversion by third-party intermediaries, the statements says.
Best practices in the face of such risks may also include screening current and new customers, intermediaries, and counterparties through the Consolidated Screening List maintained by the Department of Commerce and the SDN List maintained by the Department of the Treasury, as well as conducting risk-based due diligence on customers, intermediaries, and counterparties.
They also include regularly consulting guidance and advisories from the Department of State, Department of the Treasury, and the Department of Commerce to inform and strengthen their compliance programs, the statements says.
Red flags
As the statements notes, certain “red flags” may indicate that a party to a transaction may be engaged in efforts to evade or otherwise violate sanctions or export controls. A shortened list of those red flags include:
- use of corporate vehicles (i.e., legal entities, such as shell companies, and legal arrangements) to obscure (i) ownership, (ii) source of funds, or (iii) countries/entities involved, particularly sanctioned jurisdictions or restricted entities;
- reluctance to share information about the end use of a product, including reluctance to complete an end-user form;
- declining customary installation, training, or maintenance of the purchased item(s);
- “cyber spoofing” of email or web addresses to give the appearance that an illegitimate inquiry is coming from a legitimate business. Often these attempts will leverage known business relationships to lend credibility to the spoofing attempt;
- internet or corporate website traffic originating from IP addresses that do not correspond to a customer’s reported location data;
- transactions involving entities with little or no web presence;
- use of personal rather than corporate email addresses;
- last-minute changes to shipping instructions that appear contrary to customer history or business practices; and
- payment coming from a third-party country or business not listed on the end-user statement or another applicable end-user form.
Penalties for violation
The statement ends by reminding businesses of the many export control and sanctions laws, government programs, and administrative and criminal enforcement mechanisms available to the federal government to detect, disrupt, and dismantle facilitation networks supporting Iran and mandate compliance from covered US businesses.
Stiff fines, imprisonment of culpable individuals, and a temporary denial of a domestic or foreign party’s export privileges are all possible consequences for not getting compliance in this arena right.