What Every Multinational Should Know About … How to Cope with New Court Decisions Expanding Supply Chain Integrity Risks: Six Steps for Enhancing Supply Chain Compliance

For many years, corporate human rights litigation in U.S. courts centered on a single statute: the Alien Tort Statute (ATS). Plaintiffs seeking to hold companies liable for alleged violations of international law frequently relied on the ATS as the primary jurisdictional vehicle for bringing those claims.

Beginning in 2013, however, a series of U.S. Supreme Court decisions significantly narrowed the statute’s reach, particularly in cases involving foreign conduct or foreign corporate defendants. Those decisions led many observers to conclude that large-scale corporate human rights litigation in U.S. courts would decline sharply.

Recent developments suggest a more complicated reality. In particular, two recent jury verdicts, In re Chiquita Brands Int’l, Inc. Alien Tort Statute & Shareholder Derivative Litig., No. 08-MD-01916 (S.D. Fla.) (2024 jury verdict) and Kashef v. BNP Paribas S.A., No. 16-cv-3228 (GBD) (S.D.N.Y.) (2025 jury verdict), illustrate how plaintiffs are developing new pathways for pursuing corporate liability tied to international human rights harms. In both cases, sanctions-related conduct played a central role in establishing civil liability, even though U.S. sanctions laws themselves do not provide a private right of action.

These decisions matter for multinational companies for a simple reason: supply chain integrity and economic sanctions compliance failures may now carry risks that extend far beyond traditional regulatory enforcement. In certain circumstances, they may serve as the evidentiary foundation for large-scale civil litigation tied to supply-chain integrity, terrorism financing, or human rights abuses.

This article examines the implications of this emerging litigation trend. First, it explains why economic sanctions violations — even though they do not create private causes of action — can still play a central role in civil liability claims. Second, it reviews the recent Chiquita and BNP Paribas verdicts, which illustrate how plaintiffs are using economic sanctions-related conduct to support human rights claims in U.S. courts. Finally, it discusses the broader compliance implications for multinational companies, particularly the growing importance of integrating economic sanctions compliance into supply-chain integrity and human rights risk management frameworks.

Economic Sanctions Violations and Civil Liability

As a general matter, U.S. sanctions laws do not allow private parties to sue for damages. Economic sanctions regimes administered by the Office of Foreign Assets Control (OFAC), including those authorized under the International Emergency Economic Powers Act (IEEPA), are enforced by the U.S. government through civil penalties and criminal prosecutions. Courts have consistently held that these statutes do not create a private right of action for victims seeking damages.

The absence of a statutory cause of action, however, does not eliminate civil exposure. Instead, plaintiffs may pursue claims under other legal theories, including negligence or foreign tort law, while using sanctions violations as evidence that the defendant’s conduct created a foreseeable risk of harm. The Chiquita and BNP Paribas cases demonstrate how that strategy can succeed.

The Chiquita Verdict

The Chiquita litigation arose from payments made by Chiquita Brands International to the Autodefensas Unidas de Colombia (AUC), a paramilitary organization operating in Colombia. Between 1997 and 2004, Chiquita, through its Colombian subsidiary Banadex, paid the group more than $1.7 million. In 2001, the AUC was designated by the United States as both a Foreign Terrorist Organization and a Specially Designated Global Terrorist entity. Payments nevertheless continued for several years.

In 2007, Chiquita pleaded guilty to criminal charges related to the payments and paid a $25 million fine. Families of individuals murdered by the AUC later brought civil claims in U.S. court. After several legal theories were dismissed, the case ultimately proceeded under Colombian tort law. In June 2024, a federal jury in the Southern District of Florida found Chiquita liable for wrongful deaths connected to the paramilitary violence and awarded approximately $38 million in damages. The case is currently on appeal.

Importantly, the sanctions violation itself did not create a civil claim. Instead, the payments to the designated terrorist organization served as critical evidence that the company knowingly contributed to a foreseeable risk of harm.

The BNP Paribas Verdict

A second major case arose from litigation involving the French financial institution BNP Paribas. In 2014, the U.S. Department of Justice concluded a major sanctions enforcement action involving the bank’s processing of transactions linked to Sudan and other sanctioned jurisdictions. BNP Paribas pleaded guilty and agreed to pay more than $8.9 billion in penalties.

Sudanese refugees subsequently filed civil claims alleging that the bank’s conduct helped enable atrocities committed during the Darfur conflict. After several procedural disputes, including issues involving timeliness and the act-of-state doctrine, the case proceeded to trial in the Southern District of New York.

In October 2025, a jury awarded approximately $20.75 million to three bellwether plaintiffs. The broader litigation involves a certified class of more than 20,000 Sudanese refugees and asylum seekers, meaning the ultimate exposure could be far larger if the verdict survives appeal.

Why These Cases Matter

Although both verdicts remain subject to appellate review, they highlight several developments that multinational companies should consider when assessing sanctions compliance and supply-chain integrity risks.

Civil Liability May Be Based on Foreign Law. In both cases, the operative legal claims arose under foreign law rather than U.S. statutes. The Chiquita claims proceeded under Colombian tort law, while the BNP Paribas litigation applied Swiss law. U.S. courts applied those legal regimes through traditional conflict-of-law principles. This dynamic creates a potentially powerful litigation pathway. Even when U.S. statutory claims are unavailable, plaintiffs may rely on the law of the place where the harm occurred or where key conduct took place. As a result, multinational companies may face liability in U.S. courts based on foreign legal standards tied to overseas operations.
Economic Sanctions Violations Can Establish Foreseeability. In both cases, sanctions violations played a central evidentiary role. In Chiquita, the payments to a designated terrorist organization supported the conclusion that the resulting violence was a foreseeable consequence of the company’s conduct. In BNP Paribas, the bank’s admitted knowledge of sanctions targeting Sudan reinforced the argument that the risks associated with its transactions were foreseeable. In this way, sanctions compliance failures can significantly strengthen civil claims, even when they do not independently create liability.
Foreign Companies Are Not Necessarily Shielded. The BNP Paribas litigation also illustrates that foreign corporations are not necessarily insulated from these claims. Although the Supreme Court has limited the ability to bring ATS claims against foreign companies, plaintiffs may rely on alternative legal theories. Where U.S. courts have personal jurisdiction, foreign companies with meaningful U.S. contacts may still face civil litigation tied to overseas human rights harms.
Enforcement Resolutions Can Shape Civil Litigation. Finally, the BNP Paribas case underscores the potential downstream consequences of sanctions enforcement resolutions. The court prevented the bank from contradicting factual admissions contained in its prior criminal plea agreement with the U.S. Department of Justice. As a result, key facts established during the enforcement action carried significant weight in the subsequent civil litigation. This dynamic means that statements made in criminal resolutions or regulatory settlements may later become powerful evidence in private civil proceedings.

What Companies Should Be Doing Now

The broader lesson from these cases is that sanctions compliance failures may create risks that extend well beyond traditional regulatory enforcement. Companies should therefore treat sanctions compliance as a core component of supply-chain integrity and human rights risk management.

In practical terms, multinational companies should consider the following six steps:

1. Strengthen Counterparty Due Diligence in High-Risk Jurisdictions. Transactions involving politically exposed entities, armed groups, state-controlled enterprises, or actors operating in conflict zones present heightened legal and reputational risks. Companies should ensure that counterparty due diligence is not limited to list-based screening but instead incorporates a more robust, multi-layered assessment of the broader risk environment in which the counterparty operates.

That assessment should include, among other things:

beneficial ownership and control structures, including indirect links to sanctioned actors, armed groups, or state security apparatuses;
operational context, including whether the counterparty operates in regions associated with terrorism financing, militia activity, armed conflict, or systemic human rights abuses; and
revenue flow and end-use risk, particularly where payments, goods, or services could be diverted to sanctioned or violent actors.

From a litigation perspective, the key question will not simply be whether screening occurred but whether the company identified and evaluated reasonably foreseeable risks. Due diligence frameworks should therefore be calibrated to demonstrate that the company took meaningful steps to identify and mitigate those risks before transactions occurred.

2. Integrate Sanctions Compliance with Broader Human Rights and Conflict-Risk Assessments. In many cases, litigation exposure arises not simply from the sanctioned activity itself but from the broader context in which it occurs. Compliance programs should therefore move beyond a siloed sanctions analysis and incorporate conflict-risk indicators and human rights considerations into their broader risk management processes. This may include:

developing jurisdiction- and sector-specific risk matrices for regions or industries where sanctions, conflict, and human rights concerns intersect;
identifying red flags associated with conflict-affected or politically unstable areas, including unusual payment arrangements, the use of intermediaries, or dealings with quasi-governmental actors; and
implementing trigger-based escalation protocols requiring enhanced review where specified contextual risks are present.

A well-integrated framework allows companies to demonstrate that they actively assessed and responded to the surrounding risk environment rather than treating sanctions compliance as a technical screening exercise divorced from real-world conditions on the ground.

3. Ensure That Escalation and Decision-Making Protocols Function Effectively. Several recent cases involved situations where companies continued high-risk transactions despite internal warnings. Companies should therefore review escalation frameworks to ensure that transactions involving sanctioned actors or conflict-affected regions receive appropriate legal and compliance review at a sufficiently senior level. In particular, companies should assess whether their escalation protocols:

route high-risk matters to decision-makers with sufficient authority to pause or terminate the transaction;
require documented analysis of legal, reputational, operational, and human rights-related risks; and
incorporate clear stop/go criteria, rather than leaving decisions entirely to ad hoc business judgment.

The critical issue is not merely whether an issue was escalated but what happened after escalation occurred. Decision-making processes should be structured, disciplined, and reviewable, with the expectation that they may later need to be explained to regulators, counterparties, or a court.

4. Maintain Clear Documentation of Risk-Based Compliance Decisions. In civil litigation, the evidentiary record often becomes central. Companies should maintain documentation demonstrating that sanctions screening, diligence, and risk assessments were conducted in a structured and good-faith manner and that identified risks were considered through an appropriate internal process. That documentation should ideally reflect:

the diligence performed and the sources reviewed;
the specific risks identified and how those risks were evaluated;
the personnel involved in the review and decision-making process; and
the mitigation measures adopted, such as contractual protections, enhanced monitoring, restructuring of the transaction, or a decision not to proceed.

Importantly, documentation should reflect contemporaneous reasoning rather than post hoc justification. Companies should also assume that compliance records, internal communications, and materials developed during regulatory inquiries may later become important evidence in civil litigation.

5. Carefully Evaluate the Long-Term Implications of Sanctions Enforcement Resolutions. Statements made in criminal plea agreements, settlement documents, or regulatory resolutions may later become powerful evidence in civil litigation. Companies should therefore consider potential downstream litigation exposure when negotiating sanctions-related enforcement outcomes. This should include evaluating:

whether factual admissions could later be used to establish knowledge, intent, or foreseeability;
whether those admissions may restrict the company’s ability to contest key facts in later proceedings; and
how the overall narrative of the resolution may be framed by private plaintiffs in follow-up civil litigation.

In this respect, enforcement resolutions should not be viewed as the end of the matter. They should also be assessed as part of a broader litigation strategy, particularly where the underlying facts may later be invoked in negligence, foreign-law tort, or other civil claims.

6. Reassess Supply-Chain Oversight in Conflict-Affected or High-Risk Regions. Companies operating in areas associated with armed conflict, terrorism financing, or systemic human rights abuses should periodically review supplier controls, monitoring systems, and governance frameworks to ensure that risks are identified and addressed early. That review should include consideration of whether the company has:

sufficient supply-chain mapping and traceability to understand not only direct suppliers but also relevant sub-suppliers, intermediaries, and financial channels;
risk-based monitoring mechanisms, such as audits, transaction testing, compliance certifications, or third-party verification processes; and
contractual controls, including audit rights, termination provisions, and representations relating to sanctions, sourcing, and compliance practices.

Where full visibility is not feasible, companies should be able to demonstrate that they adopted reasonable, risk-based measures to identify and mitigate exposure. From a litigation standpoint, the question will often be whether the company exercised appropriate oversight given the known risk profile of its operations and sourcing model.

Taken together, these steps can help companies strengthen supply-chain integrity while reducing the potential for economic sanctions compliance failures to become the foundation for civil litigation exposure.

The Bottom Line

The significance of the Chiquita and BNP Paribas verdicts extends beyond the specific facts of those cases. They reflect a broader shift in how courts, regulators, and policymakers are approaching supply-chain integrity and corporate accountability for overseas conduct.

Around the world, governments are increasingly adopting legal frameworks designed to force greater transparency into global supply chains. In the United States alone, measures such as the Uyghur Forced Labor Prevention Act (UFLPA), Customs and Border Protection forced labor Withhold Release Orders (WROs), and state-level supply-chain transparency laws already require companies to understand where their products come from and how they are produced. Similar initiatives are emerging in Europe and other jurisdictions.

Taken together, these developments send a consistent message: companies that source, manufacture, or transact internationally are expected to understand their supply chains in meaningful detail. That expectation increasingly extends beyond direct suppliers to include sub-suppliers, intermediaries, and financial channels that support commercial activity.

The recent sanctions-related litigation described above should therefore be viewed as part of this broader trend. Alongside forced labor enforcement, supply-chain transparency laws, and expanding due diligence obligations, civil litigation may become another mechanism through which companies are held accountable for failures to understand and manage risks within their global operations.

For multinational companies, the implication is clear. Effective compliance today requires more than just conducting economic sanctions screening. It increasingly requires robust supply-chain mapping, traceability, and risk-based oversight that reaches deep into the supplier network. Companies that invest in those capabilities will be far better positioned to navigate a regulatory and enforcement environment that is steadily moving toward greater transparency and accountability across global supply chains.

Disclaimer

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.