Best Practices for Keeping on Top of Maritime Sanctions Compliance

By Simon Ring
October 22, 2021

The saying “you can never be too careful” has never been more applicable for those with regulatory exposure in maritime trade and its associated supply chains. A rigorous compliance program underpinned by detailed vessel tracking and screening is necessary for protection from illicit activity and subsequent regulatory action.

In May 2020, US regulators released an advisory aimed at the wider maritime industry, making it clear that all entities across the maritime sector and related supply chains must significantly improve their compliance programs to avoid breaching US sanctions.

OFAC’s stance – and that of other regulators who followed suit, such as the UK’s OFSI – has elevated the importance of end-to-end due diligence and monitoring right across the financial and organizational ecosystem that supports every transaction. Every organization, flag administration and ship registry with exposure to maritime trade is now in danger of investigations and penalties spurred by breaches of regulation for which it may not think itself responsible.

Sanctions Compliance Program (SCP) Checklist

Should your organization be investigated, having an established SCP process will be considered favorably. This can follow the guidance issued by regulators, such as OFAC’s framework for compliance commitments.

OFAC’s investigation into the Haverly Systems, Inc. violations of Ukraine-related sanctions is a case in point. Haverly did not have a sanctions compliance program. It did not recognize where it was non-compliant, nor did it seek guidance from OFAC. Haverley agreed to a settlement, part of which included a commitment to “a culture of compliance.”

An organization can take many steps to mitigate risk, among them:

1. Define Internal Risk Parameters

OFAC stresses the importance of taking a risk-based approach when designing or updating an SCP, including the routine identification of potential OFAC issues that the organization is likely to encounter. Such risks can arise internally and externally, through clients, products, services and supply chains, among other channels.

2. Ensure Management Commitment and Staff Training

The commitment by an organization’s senior management to support a risk-based SCP helps determine its success. Using a top-down approach underpinned by rigorous training is essential when fostering a culture of compliance.

3. Use Multiple Sources of High-Quality Data

As regulators crack down on the practice of automatic identification system (AIS) position disablement and manipulation, there has been a corresponding need for a system that offers persistent ship tracking, transparency, and dark ship detection.

A dark ship is one that has stopped reporting, which usually refers to AIS transmissions. The recurring problem of ships “going dark” is often well managed by persistent tracking using multi-source GPS data transmitted over secure satellite communications combined with AIS.

Specialist technology service providers have implemented these systems in numerous tier-one banks, dominant flags and major shipping companies. Such organizations have screened and tracked their fleets for at least 20 years to comply with UN Security Council and International Maritime Organization regulations.

4. Know What to Look for

• STS transfers: A ship-to-ship transfer moves cargo from one ship to another at sea, rather than in port. Most STS transfers are legal, but they can also conceal the origin or destination of the transferred cargo.
• AIS transmissions: Vessels conducting illicit ship-to-ship transfers will typically disable AIS to evade detection. Alternatively, vessels manipulate the data transmitted via AIS to conceal their next port of call or other information regarding their voyages.
• False documentation: Complete and accurate shipping documentation is necessary to ensure all those associated with a transaction understand the parties, goods and vessels involved in a given shipment. Documents such as bills of lading and certificates of origin can be falsified. These can conceal shipments and their original point of lading.
• Financial system abuse: This is one of the most common deceptive shipping practices. In such cases, bank accounts are established with the primary purpose of engaging in and concealing illicit activities. These can be used as fronts to conduct transactions in violation of sanctions and facilitate illicit shipping practices. Bad actors also often set up complex corporate ownership and management structures to hide the ultimate beneficiary.
• Concealment: Those seeking to evade sanctions will often employ tactics that physically conceal illicit cargo onboard a vessel.
• Flag-hopping: The act of repeatedly registering a vessel with new flag states to avoid detection.

1. An example of such deceptive shipping practices occurred earlier this year. Singaporean national Kwek Kee Seng was charged by the US Department of Justice for conspiring to evade economic sanctions on North Korea and money laundering. Reports and satellite imagery showed one of his tankers engaging in illicit deliveries of petroleum products via STS transfers with a designated North Korean vessel, during which the vessel’s location information had been disguised. The individual is now facing criminal charges for utilizing front companies and false documentation to send money through the US financial system. The vessel in question, M/T Courageous, has been seized.

Why Screening Once Isn’t Enough

As bad actors continue to use increasingly sophisticated obfuscation methods, persistent screening is more critical than ever. If, for example, a vessel is flag-hopping, this reinforces the need for regular screening to catch any changes that may have occurred. Conducting screening only at the point of onboarding KYC processes is a fatal flaw, as it leaves corporates and flag administrations open to the risk that ownership, or other facts, may have changed.

5. Lean on Technology to Ease Compliance

As manually conducting due diligence is time-consuming and highly vulnerable to human error, the development of technology has helped. The right kind of technology provides a tamper-proof audit trail to demonstrate to authorities that due diligence has been conducted.

Organizations should be alert to histories of infringement and also indicators of suspicious activity, such as complex ownership structures, activity in high-risk geographical areas and reporting gaps in a vessel’s compulsory AIS transmissions.

Screening needs to be comprehensive, covering activities such as the alteration of vessels’ names. Mitigating deceptive shipping practices like this, for example, requires the ability to identify a vessel from its unique IMO number.

Moreover, AIS and supplementary satellite systems must be used once a vessel has set sail to provide visibility to parties and regulators that the traveling shipment is compliant with sanctions rules. OFAC policy is to look back 24 months and find gaps in the AIS, but it offers little guidance about what it considers a suspicious gap.

For this reason, organizations should have access to hybrid monitoring technology that includes alternative satellite data, such as Inmarsat, in case AIS transceivers are switched off or malfunction. Hybrid monitoring will prove a vessel was where it claimed to be, even if its AIS is spoofed by another vessel undertaking nefarious activities. The draught of a vessel can also be monitored as an indicator of a cargo transfer during a dark period.

Simon Ring is the Global Head of Maritime Trade Technologies & ESG at Pole Star, which enables time-critical decisions and mitigates risk in maritime activities. The company’s regulatory technology, PurpleTRAC, provides sanctions screening and vessel tracking capability for compliance monitoring.