1. 24 FRAUD MAGAZINE SEPTEMBER/OCTOBER 2015 FRAUD-MAGAZINE.COM
PREVENT DIVERSIONS TO
FORBIDDEN NATIONS
Avoid export controls
and sanctions violations
BY ROBERT J. WARD JR., ESQ., CFE, CUSECO
Unprepared U.S.-based companies can find them-
selves in hot water if they don’t prevent personnel
or customers from diverting their products to em-
bargoed countries. Here’s how to protect against
substantial civil and criminal penalties. -->

2. FRAUD-MAGAZINE.COM SEPTEMBER/OCTOBER 2015 FRAUD MAGAZINE 25
ohn Carrington, a former
North Carolina state sen-
ator, and president and
chief executive officer of
Sirchie Fingerprints — a
policeandforensicsequip-
ment supply company —
wanted to sell some prod-
ucts to Hong Kong and China. However, he
had no intention of U.S. export control licens-
ing requirements holding him up. He simply
shipped the goods to an Italian associate who
wasquitehappy—foraprice—tosendthemto
Carrington’s customers in China. The U.S. gov-
ernmenteventuallycaughtCarrington,slapped
him in 2005 with a criminal fine of $850,000,
a year of supervised release and barred him
from exporting anything for five years. Sirchie
Fingerprintsalsowasbarredfromexportingfor
five years and was required to pay a $400,000
civilpenalty.Undaunted,Carringtoncontinued
illegally exporting through a successor com-
pany he created. The feds caught him again. In
2010, Carrington’s successor company had to
pay $2.5 million for 10 violations plus another
$10.1 million in criminal fines and had to stop
exporting for another five years.
[ThiscasehistoryisfromtheJuly2014U.S.
Bureau of Industry and Security (BIS) publica-
tion,“Don’tLetThisHappenToYou!”Seehttp://
tinyurl.com/nstvwxz.]
Increasing enforcement -->
Scores of U.S.-based companies either unwit-
tingly or knowingly illegally divert products by
sellingthemtocustomersinfederallyaccepted
nations only to have those customers resell the
items to companies or individuals in embar-
goed countries — such as Syria — or nations
that require rigorous government oversight
throughexportcontrollicensingandassociated
conditions and requirements — such as China.
The U.S. federal government is increas-
inglyenforcingsanctionsandexportcontrolsin
pursuit of national security and foreign policy
goals. As a result, U.S.-based companies must
implement more effective internal controls to
prevent fraudulent shipment diversions. The
penalties—bothcriminalandcivil—aresevere
for failing to take adequate preventive steps.
The U.S. Department of Treasury’s Office of
Foreign Asset Control (OFAC) alone has issued
recent penalties rivaling those for violations of
the Foreign Corrupt Practices Act. (See http://
tinyurl.com/3c8ld8q.)
Othercountriesarealsocrackingdownon
fraudulent shipment diversions. Witness the
joint European Union and U.S. imposition of
sanctions against Russia related to the Ukraine
crisis. And the Wassenaar Arrangement on Ex-
port Controls — implemented among 42 coun-
tries to this point — requires implementation
of adequate transaction screening procedures
to prevent diversion of the export/transfer to
unauthorizedendusersorenduses.(Seehttp://
tinyurl.com/ouc2qr7.)
Inthisarticle,I’llreviewU.S.requirements
for preventing diversion, which are similar
to other Wassenaar Arrangement signatory
countries. I’ll provide some case studies and
then discuss best practices for 1) balancing in-
centives for sales personnel, 2) empowering
international trade compliance personnel to
impose transaction holds when necessary and
3)conductingproperandadequatetransaction
due diligence on end users and end uses.
U.S. requirements for
preventing diversion -->
As of the publication of this article, the OFAC
imposes almost total embargoes on such coun-
tries as Cuba, Crimea, Iran, North Korea, Syria
and Sudan. (See http://tinyurl.com/pumqgll.)
(The embargo on Iran might change because
of the July 14 announcement of the Nuclear
Containment Agreement.)
Meanwhile, the Obama administration is
pushingtohavetheCubanembargolifted.And
Congresshasbeguntotakeactioninthatdirec-
tion through the July 23rd Senate Committee
J

3. 26 FRAUD MAGAZINE SEPTEMBER/OCTOBER 2015 FRAUD-MAGAZINE.COM
Prevent diversions to forbidden nations
amendments to the Senate Financial
Services appropriations bill. (See the Re-
utersarticleonMSN,“Senatepanelpasses
amendment to end restrictions on travel
to Cuba,” http://tinyurl.com/o4wju6e.)
The U.S. also imposes limited sanc-
tions against many other countries, spe-
cially designated nationals and denied
parties.(See:http://tinyurl.com/398fb4p.)
Companies, of course, must ensure they
aren’t conducting business with any of
these and other blacklisted entities.
Meanwhile, the U.S. Department of
Commerce’s Bureau of Industry and Se-
curity enforces export and embargo con-
trols. (See 15 CFR Parts 744 and 746, http://
tinyurl.com/o9uhv2g.)Amongthesecon-
trols is the prohibition against end-users
who are proliferators of nuclear, biologi-
cal and chemical weaponry and missile
delivery systems. (See 15 CFR Part 744.)
Thelawrequiresinclusionofadestination
control statement on all relevant export
documentation stating at a minimum:
“These commodities, technology, or
software were exported from the United
States in accordance with the Export Ad-
ministrationRegulations(EAR).Diversion
contrary to U.S. law is prohibited.” [See 15
CFR §758.6(a).]
Under the Export Administration
Regulations, the government can impose
criminal penalties up to $1 million and 20
years imprisonment per violation while
administrative penalties can reach the
greater of $250,000 per violation or twice
the amount of the transaction that is the
basis of the violation. (See http://tinyurl.
com/p3b7w3g.)
Criminal penalties for willful viola-
tions of OFAC sanctions can include fines
ranging up to $20 million and imprison-
ment of up to 30 years. Civil penalties for
violations of the U.S. Trading with the
Enemy Act can range up to $65,000 for
each violation. Meanwhile, civil penalties
for violations of the International Emer-
gency Economic Powers Act can range up
to $250,000 or twice the amount of the
underlyingtransactionforeachviolation.
(See http://tinyurl.com/ooysbzs.)
More case studies of
company failures -->
Computerlinks FZCO
Computerlinks FZCO, the United Arab
Emirates subsidiary of the German firm
ComputerlinksAG,committedthreeviola-
tions of the EAR for transferring devices
manufactured by Blue Coat Systems Inc.
(USA) for monitoring and controlling In-
ternet traffic to Syria.
Computerlinks — at the time an au-
thorized reseller for Blue Coat of Sunny-
vale,California—orderedequipmentval-
ued at approximately $1.4 million, which
the U.S. government controls for national
security and anti-terrorism reasons and
as encryption items.
Computerlinks falsely stated to Blue
Coat, the U.S. manufacturer and exporter,
that the ultimate destination and end us-
ers for the items was the Iraq Ministry
of Telecom or the Afghan Internet ser-
vice provider Liwalnet and not the actual
Syrian end users. Blue Coat subsequently
shippedtheitemstoComputerlinksinthe
UAE. Computerlinks UAE then shipped
the items to Syria without obtaining the
required licenses.
On April 24, 2013, Computerlinks
agreed to pay a $2.8 million civil pen-
alty — the statutory maximum — and
complete three external audits of its ex-
port control compliance program. “It is
vital that we keep technology that can be
used to further the repression of the Syr-
ian people out of the hands of the Syrian
government,” said Under Secretary for
Industry and Security Eric L. Hirschhorn.
Criminal penalties for willful violations of
OFACsanctionscanincludefinesrangingupto
$20millionandimprisonmentofupto30years.

4. FRAUD-MAGAZINE.COM SEPTEMBER/OCTOBER 2015 FRAUD MAGAZINE 27
[The preceding case history is from
the July 2014 U.S. Bureau of Industry and
Security (BIS) publication, “Don’t Let This
Happen To You!” See http://tinyurl.com/
nstvwxz.]
Rental diversion on the sly
I once worked as chief compliance officer
at a U.S.-based company — we’ll call it
GlobalRentz — that rented satellite com-
munications equipment to international
firms. The company provided VSAT sat-
ellite communications equipment to a
ChinesecustomerinSingapore.However,
the Chinese customer later said it was
planning to take the equipment to Iran
to use on its projects there. GlobalRentz
was unable to retrieve the equipment.
Meanwhile, a high-level engineer for Glo-
balRentz based in Singapore, took it upon
himselftocontinuetoprovidetheChinese
company managed technical services as
a subcontractor to a Singapore vendor
of the Singapore GlobalRentz company.
Remarkably, the general manager of the
Singapore GlobalRentz office at the time
approved this arrangement without con-
sulting headquarters in the U.S.
That general manager left Global-
Rentz Singapore to help manage a differ-
ent regional office. His successor in the
Singaporeofficediscoveredtheengineer’s
abnormalarrangementwhenhereviewed
managementaccountingreports.Hehap-
pened to notice the Singapore vendor’s
payments to GlobalRentz Singapore for
services rendered rather than the Glob-
alRentz Singapore company paying the
vendor. (It was a vendor after all and not
a customer.) GlobalRentz hired outside
counseltoconductaninvestigationtopur-
suethisredflag,whichledtothediscovery
of the fraudulent diversion of managed
technical services to support the Chinese
customer’s project in Iran.
The diversion violated OFAC regula-
tions and potentially violated U.S. export
control laws — because the components
in the equipment originated in the U.S.
— and broke the U.S. company’s code of
conduct, which forbids activities that
amount to a conflict of interest. Put an-
other way, the former Singapore office
general manager evidently attempted to
sustain sales revenue by joining with a
vendor and permitting his chief engineer
to undertake contract services work for
the vendor to serve a customer operating
in a forbidden, sanctioned jurisdiction.
After an investigation, GlobalRentz
dismissed the former general manager
and the high-level engineer for violating
U.S. laws applicable to its U.S.-controlled
subsidiary and for the unreported con-
flict of interest. As part of the company’s
self-disclosure to the U.S. government,
outsidecounseladvisedthecompanythat
it had to be able to demonstrate disciplin-
ary action against those responsible and
showremedialmeasurestopreventfuture
occurrences.
I spearheaded GlobalRentz’ creation
of an operations manual to alert person-
nel to be on the lookout for customers
that might be at risk for operating in
sanctioned countries. Also, company
personnel are now requiring customers
to return any rented equipment to Glob-
alRentz if they’re contemplating work in
a sanctioned country.
Traps illustrated in these case studies
Traps can arise from fraudulent represen-
tationsofunscrupulousforeignintermedi-
aries,overzealouscustomerserviceactivi-
ties of foreign-based employees trying to
keep their numbers up and even former
statesenators(likeCarrington)whomight
believe they’re above the law and who
make fraudulent conveyance of company
assets to evade their own denial orders.
It’s clear that companies need to conduct
risk assessments on vulnerabilities and
trainallpersonnelinvulnerablepositions.
Best practices for avoiding
fraudulent diversions -->
Fortunately, BIS has developed principles
the government considers components
of the cornerstone of best practices for
avoidingfraudulentdiversions(Seehttp://
tinyurl.com/olrjy8t.)
Here are those BIS principles verba-
tim with my comments in italics:
Best practice No. 1: Companies
should pay heightened attention to the
Red Flag Indicators on the BIS Website
and communicate any red flags to all divi-
sions,branches,etc.,particularlywhenan
exporterdeniesabuyer’sorderorafreight
forwarder declines to provide export ser-
vices for dual-use items.
15 CFR Part 732, Supp. 3 lists red flags,
whichindicateafraudulentdiversionislikely.
The key red flags are:
1. The customer or purchasing agent is
reluctant to offer information about
the end use of a product.
2. The product’s capabilities don’t fit the
buyer’s line of business; for example,
a small bakery places an order for
several sophisticated lasers.
3. The product ordered is incompatible
with the technical level of the country
to which the product is being shipped.
For example, semiconductor manu-
facturing equipment would be of little
use in a country without an electronics
industry.
4. The customer has little or no business
background.
5. The customer is willing to pay cash for
a very expensive item when the terms
of the sale call for financing.

5. 28 FRAUD MAGAZINE SEPTEMBER/OCTOBER 2015 FRAUD-MAGAZINE.COM
Prevent diversions to forbidden nations
6. The customer is unfamiliar with the
product’s performance characteristics
but still wants the product.
7. The customer declines routine installa-
tion, training or maintenance services.
8. Delivery dates are vague, or deliver-
ies are planned for out-of-the-way
destinations.
9. A freight forwarding firm is listed as
the product’s final destination.
10. The shipping route is abnormal for the
product and destination.
11. Packaging is inconsistent with the stat-
ed method of shipment or destination.
12. When questioned, the buyer is evasive
or unclear about whether the pur-
chased product is for domestic use,
export or re-export.
Best practice No. 2: Exporters/Re-
exportersshouldseektoutilizeonlythose
TradeFacilitators/FreightForwardersthat
administer sound export management
and compliance programs which include
best practices for transshipment.
This will require proper due diligence
on a company’s freight-forwarding agents.
Best practice No. 3: Companies
should “know” their foreign customers
by obtaining detailed information on the
bona fides (credentials) of their customer
to measure the risk of diversion. Specifi-
cally, companies should obtain informa-
tion about their customers that enables
themtoprotectdual-useitemsfromdiver-
sion,especiallywhentheforeigncustomer
is a broker, trading company or distribu-
tion center.
Undertakingscreeningagainstthevari-
ous black lists is just the start of such due
diligence efforts.
Best practice No. 4: Companies
should avoid routed export transactions
whenexportingandfacilitatingthemove-
ment of dual-use items unless a long
standing and trustworthy relationship
has been built among the exporter, the
foreign principal party in interest (FPPI),
and the FPPI’s U.S. agent.
Theseareinstancesinwhichforeignpar-
ties certify, as the freight-forwarding agent
principal, that the exports from the U.S. are
legal.
Best practice No. 5: When the Des-
tination Control Statement (DCS) is re-
quired, the Exporter should provide the
appropriate Export Control Classification
Number (ECCN) and the final destination
where the item(s) are intended to be used,
foreachexporttotheend-userand,where
relevant, to the ultimate consignee. For
exports that do not require the DCS, other
classification information (EAR99) and
the final destination should be communi-
catedonbillsoflading,airwaybills,buyer/
seller contracts and other commercial
documentation. For re-exports of con-
trolled and uncontrolled items, the same
classification and destination specific in-
formation should be communicated on
export documentation as well.
This best practice goes beyond what’s
required by law, but it will go a long way in
helping the exporter demonstrate due care
and good faith for the mitigation of any
penalties.
BestpracticeNo.6:AnExporter/Re-
exporter should provide the ECCN or the
EAR99classificationtofreightforwarders,
and should report in the Automated Ex-
port System (AES) the ECCN or the EAR99
classifications for all export transactions,
including “No License Required” designa-
tion certifying that no license is required.
This is an attestation that the exporter
has knowingly checked all the requirements
for a license exception and that it has and
will meet these requirements.
Best practice No. 7: Companies
should use information technology to
the maximum extent feasible to augment
“know your customer” and other due-dil-
igencemeasuresincombatingthethreats
of diversion and increase confidence that
shipmentswillreachauthorizedend-users
for authorized end-uses.
Thenewstate-of-the-artmethodforen-
suring compliance is integrating with the
web portal of a company’s freight forwarder
to track shipments. Radio frequency identi-
fication technology is making this tracking
morefoolproof.Inourrentedequipmentcase
on page 27, we even potentially discussed in-
cluding a GPS tracking device on U.S. origin
Companies should
“know” their for-
eign customers by
obtaining detailed
information on
the bona fides
(credentials) of
their customer to
measure the risk
of diversion.

6. equipmentsothatwecouldmonitorpotentialunlawful
diversions in real time.
Further considerations -->
Companies can use additional strategies to help
prevent fraudulent diversions. Be sure to train all
personnel on global sanctions and export controls,
including foreign-born employees — particularly
those not living in the U.S. (The BIS itself conducts
regular training. See http://tinyurl.com/pkndet5.)
Certaincountriesareknownforhighincidences
ofimpropertransshipments:HongKong,Singapore
and the United Arab Emirates. The BIS has assigned
seven export control officers to those countries plus
China, India and Russia. (See the “Keynote Speech
of David W. Mills, Assistant Secretary for Export
Enforcement UPDATE Conference, July 30, 2014,”
http://tinyurl.com/qabj4ed.) Companies should
conduct in-person training for personnel in branch,
subsidiaryandsalesagentofficesinthesecountries.
Salespersonnels’bonusandcommissionstructures
should include the key performance indicator of
meeting export control compliance requirements.
Finally,similartotheconceptofan“empowered
official” under U.S. International Traffic in Arms
Regulations(see:22CFR§120.25,http://tinyurl.com/
njj6d89), exporting companies should appoint in-
ternational trade compliance officers who have the
authority to issue stop orders on any transactions in
whichredflagsarepresent.Companiesshouldman-
datethatcomplianceofficersperformduediligence
onproposedshipmentswithpersonnelincountries
known for a high incidence of transshipments.
If U.S.-based companies don’t work to prevent
fraudulent diversions of their products, they can
expect prosecution, potential substantial criminal
and civil penalties, denial orders against exporting
privileges and certain reputational damage. n FM
The views expressed by the author are his own and
don’tnecessarilyexpresstheviewsofHewlett-Packard.
Robert J. Ward Jr., Esq., CFE, CUSECO, is the
global customs and export controls compliance
manager at Hewlett-Packard. Ward is a Certified
U.S. Export Compliance Officer. His email address
is: robertjwardjr@gmail.com.
Visit ACFE.com/OBAI to learn more.
When bias enters an individual’s work, the results can be very
harmful. Allowing bias to impact audits and investigations can
lead to the wrong person being punished and the real perpetrator
getting away.
This course explores bias and its effects on investigations and
audits. You will examine conscious and unconscious bias, how
bias affects work and how you can counter its effects.
NEW! Self-Study CPE Course
Overcoming Bias in
Audit Investigations
CPE Credit: 2
Course Level: Overview
Prerequisite: None
You Will Learn How To:
• Recognize bias and the ways it can manifest
• Distinguish conscious from unconscious bias
• Recognize the way bias affects auditors and investigators
• Relate bias to professional skepticism
• Determine ways to mitigate the effects of bias
$59 Members / $79 Non-Members