United States: New US Interagency Guidance Targets Iranian UAVs And Compliance Risks

On June 9, 2023, the US Departments of Commerce, Justice, State, and the Treasury published a joint advisory and guidance (the "Guidance") related to Iran's procurement, development, and proliferation of unmanned aerial vehicles ("UAVs"). Notably, the agencies warned industry participants that key components of Iranian UAVs are US-origin technologies, some of which are "low-technology items" that are designated as EAR99, i.e., not included on the Commerce Control List ("CCL"), Supplement No. 1 to part 774 of the EAR. The Guidance provides specific Harmonized System (HS) codes that exporters/reexporters may use to identify items that are of diversion/transshipment concern.

Further, the agencies provided clear guidance on the US government's expectations for private industry compliance programs, identified numerous red flags for industry participants, and highlighted several best practices for how to address a red flag.

This Guidance is the most recent activity in a series of measures implemented by US government agencies to disrupt Iran's UAV program. The Guidance may signal an increased focus on both US and non-US manufacturers and suppliers of commodities that can be used in the production of UAVs.

Recent US Government Actions Aimed at Limiting Iran's UAV Activities

According to the Guidance, Iran has transferred hundreds of Shahed- and Mohajer-series UAVs to Russia since August 2022. These UAVs have been used by Russia in its invasion of Ukraine. The Department of Commerce's Bureau of Industry and Security ("BIS") and the Department of the Treasury's Office of Foreign Assets Control ("OFAC") have recently taken actions to curtail Iran's development and transfer of UAVs.

For example, on February 24, 2023, BIS announced that it was taking several steps to target Iran's UAV activities, including the imposition of a license requirements for certain items designated EAR99 that are destined for Iran and the creation of a new Foreign Direct Product (FDP) Rule specific to Iran. On January 31, 2023 and April 12, 2023, BIS added numerous entities to the Entity List for their involvement in either the production of Iranian UAVs or the transfer of UAVs from Iran to Russia. In September 2022, OFAC designated several Iranian companies for engaging in activities related to the development, procurement, and proliferation of UAVs and UAV components, and in multiple designation actions in March and April 2023 OFAC designated third-country companies in China, Hong Kong, Turkey, and Malaysia for supporting Iran's UAV procurement efforts.

Key Commodities of Concern

In the Guidance, the agencies stressed that Iran relies on third-country items, including US-origin items, to support its UAV program. The agencies warned members of the industry that they should "exercise extra vigilance due to the ubiquitous nature of many of the items" and noted that Iran utilizes "commercial-grade components" in its weapons. The agencies highlighted the following key commodities sought by Iran for its development of UAVs:

• Electronics, such as transceiver modules, processors and controllers, memories, amplifiers, and other electronic integrated circuits. Most notably, Iran relies on certain U.S.-branded items such as field programmable gate arrays (FPGAs), RF transceivers, microcontrollers, and capacitors.
• Guidance, Navigation and Control Equipment, such as accelerometers, gyroscopes, inertial measurement units (IMUs), and other navigational sensors.
• Components, such as aircraft spark-ignition and compression-ignition internal combustion piston engines and associated spare parts, and modules such as flight computers.

Some of these commodities are considered to be "low-technology items" that may be designated as EAR99. However, these EAR99 items are generally controlled for export to Iran under US sanctions or export control laws. In the Guidance, the agencies state that exporters, manufacturers, and distributors of these items should conduct customer due diligence and should track to whom they are selling or shipping their items. Notably, the Guidance also urges "manufacturers that supply UAV-relevant items" to "establish multiple methods to track such items due to the observed prevalence of methods used to obscure the sources" of UAV components, such as the lasering off of serial numbers and other identifying information.

Enforcement Risks and Penalties

Industry participants should be aware that US agencies may impose sanctions or pursue substantial penalties against parties that assist in the procurement or proliferation of UAVs and related components, technology, and materials by, to, and from Iran. The Guidance highlights at least seven secondary sanctions authorities that could be used to sanction foreign persons for engaging in activities supporting Iran's UAV program. Potential sanctions against foreign persons include: a US Government procurement ban, an import ban, a ban on receiving the export or reexport of dual-use items and munitions from the US, and blocking sanctions. For US persons, the failure to comply with US sanctions regulations and export controls may result in civil and criminal penalties. BIS may also deny export privileges of parties convicted of certain crimes for up to 10 years. Further, UN Security Council Resolution 2231 prohibits the sale, supply, or transfer to or from Iran (absent UNSC permission) of certain controlled items, including the Shahed- and Mohajer-series UAVs.

Highlighting the US focus on prosecuting non-US persons in particular, the Guidance highlights two US Department of Justice prosecutions for willful violation of sanctions and export controls laws arising from the efforts to supply UAV-related goods to Iran. In August 2018, a Canadian national was sentenced to 42 months in prison for illegally exporting and conspiring to export various items to Iran, including thermal imaging cameras that can be used in UAVs. In January 2022, a UK national pled guilty for attempting to export a high-powered microwave system that can be used to disrupt or take control of a UAV.

US Government's Expectations for Compliance Programs

In the Guidance, the agencies state a clear expectation that companies have "effective and comprehensive compliance programs that detect efforts by individuals or entities to evade or otherwise violate sanctions and export controls." The agencies identify the following as important attributes of an effective and comprehensive compliance program:

• it employs a risk-based approach to sanctions and export controls by developing, implementing, and routinely updating compliance measures;
• it exercises heightened caution and conducts additional due diligence if it detects warning signs;
• it reflects management's commitment to compliance and includes risk assessment, internal controls, testing, auditing, and training;
• it empowers and equips staff to identify and report potential violations of US sanctions and export controls to compliance personnel; and
• optimally, it includes controls tailored to the risks the business faces, such as diversion by third-party intermediaries.

Companies should also be aware of numerous "red flags" that may indicate when a party to a transaction is engaged in efforts to evade or otherwise violate sanctions or export controls. Several notable red flags are listed below, but companies may wish to review the full list as provided in the Guidance.

• Use of corporate vehicles (i.e., legal entities, such as shell companies, and legal arrangements) to obscure (i) ownership, (ii) source of funds, or (iii) countries/entities involved, particularly sanctioned jurisdictions or restricted entities;
• Reluctance to share information about the end use of a product, including reluctance to complete an end-user form;
• Declining customary installation, training, or maintenance of the purchased item(s);
• Transactions involving entities with little or no web presence;
• Payment coming from a third-party country or business not listed on the End-User Statement or another applicable end-user form; and
• Transactions involving the use of freight-forwarding firms or other mail forwarding addresses listed as the product's ultimate customer address.

The Guidance notes that best practices for companies encountering these red flags may include: (i) screening current and new customers, intermediaries, and counterparties through the Consolidated Screening List maintained by the Department of Commerce and the Specially Designated Nationals List maintained by the Department of the Treasury; (ii) conducting risk-based due diligence on customers, intermediaries, and counterparties; and (iii) consultation of guidance and advisories from the Departments of State, Commerce, and the Treasury.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.