On March 1, 2024, the federal district court in the Northern District of Alabama declared in the case of National Small Business United v. Yellen that the Corporate Transparency Act (“CTA”) exceeds the Constitution’s limits on Congress’s power. The court enjoined the Department of the Treasury and Financial Crimes Enforcement Network (“FinCEN”) – the agency responsible for implementing the CTA – from enforcing the CTA against the plaintiffs in this case. While the ruling enjoins enforcement only against the plaintiffs in the specific case, the rationale used by the court is a broad rejection of the constitutionality of the statute, rather than a more tailored “as applied” rationale. Following the ruling, FinCEN issued a statement clarifying it will only cease enforcement with respect to the specific plaintiffs in the case, rather than with respect to all reporting companies. Those plaintiffs include Isaac Winkles, reporting companies for which Isaac Winkles is the beneficial owner or applicant, the National Small Business Association (“NSBA”), and members of the NSBA as of March 1, 2024 (collectively, the “Plaintiffs”). As of now, the CTA and its beneficial ownership information (“BOI”) reporting requirements remain in effect for all other entities that are required to report BOI to FinCEN under the CTA.

Continue Reading Federal Court Finds Corporate Transparency Act Unconstitutional: Navigating Implications for Reporting Companies

On February 28, 2024, the Biden administration announced the creation of a new national security regulatory regime that will prohibit or restrict certain transactions involving bulk sensitive US personal data or government-related data and specified “countries of concern.” The Biden administration announced the regime in a new executive order, Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern (EO 14117), which was accompanied by an advance notice of proposed rulemaking (ANPRM) issued by the National Security Division (NSD) of the Department of Justice (DOJ), the component and agency with primary responsibility for implementing and enforcing the forthcoming regulations. The White House and DOJ also published fact sheets regarding the new regime.

Executive branch officials and members of Congress have long been concerned about the lack of a national security regulatory regime covering the transfer of sensitive US personal data to countries of concern, particularly China. As explained in EO 14117, such data has the potential to be used for a variety of nefarious purposes, including surveillance, extortion, and influence campaigns targeting US government employees and members of the US military, among others. The order highlights that such risks have become more acute due to the rapid advancement of artificial intelligence (AI) and its ability to analyze and manipulate data sets. Bulk sensitive personal data can also be used in the creation and refinement of AI models and other advanced technologies.

According to the White House, the EO is “the most significant executive action any President has ever taken to protect Americans’ data security.”

The public may submit comments on the ANPRM through April 19, 2024 and will likely have an additional opportunity to comment on the language contained in a proposed rule, once issued.

Although intended to be tailored in its scope, our initial assessment is that the new regulatory scheme, once fully implemented, will likely have a profound impact on a number of industries and entities around the world. At a minimum, it seems certain that regulatory compliance costs could be substantial, particularly on entities that have not previously focused on building out a risk-based compliance program in this or other related areas.

Continue Reading Biden Administration to Implement New National Security Rules Targeting Personal Data

In a first of its kind action, the US Department of Commerce has begun a rulemaking process to prohibit or impose conditions on certain transactions involving foreign technology used in so-called “connected vehicles” or “CVs,” as defined below for automotive applications.

The measure, announced by Commerce on February 29, 2024 in a press release and an advanced notice of proposed rulemaking (ANPRM), is Commerce’s first attempt to cover a class of transactions under the Department’s Information and Communications Technology and Services (ICTS) rules.

The ICTS rules, contained at 15 CFR Part 7, were first issued in 2021, but Commerce has not yet implemented or used the rules to cover a particular class of transactions. However, Commerce recently created a new Office of Information and Communications Technology and Services (OICTS) within the Bureau of Industry and Security (BIS) and appointed the first ever director of that office (see additional detail here). Those measures, coupled with the ANPRM on CVs, suggest that Commerce has ramped up its efforts in this area and is becoming increasingly active in its use of the ICTS rules. It is all but certain that the ANPRM on CVs is just the first example of industries to be targeted, and we expect to see similar efforts in relation to other high-priority industries going forward.

Comments on the ANPRM are due by April 30, 2024. Commerce will likely publish a proposed rule after reviewing public comments on the ANPRM and provide an additional opportunity to comment on the proposed rule at that time.

Continue Reading In First of Its Kind Action, Commerce Moves to Regulate Foreign Tech in Vehicles

On February 27, 2024, HM Treasury’s Office of Financial Sanctions Implementation (“OFSI”) published a number of guidance documents on financial sanctions licensing addressing the process of applying for a licence, as well as the principles applied when making licensing decisions relating to designated individuals.  Publication of the guidance follows a recent court case in which OFSI’s decision to refuse certain licence applications in relation to a designated individual sanctioned under the UK’s Russia sanctions regime was unsuccessfully challenged.  The newly published guidance provides additional clarity regarding OFSI’s process for financial sanctions licensing, as well as the factors OFSI considers when exercising its decision-making powers in relation to certain specific licensing grounds.  OFSI does not intend for the new licensing guidance to replace any previous guidance on the financial sanctions licensing regime and it should be read alongside OFSI’s general financial sanctions guidance, regime-specific guidance, introduction to licensing, and reasonableness in licensing blog posts. 

Continue Reading OFSI Publishes Expanded Guidance on Financial Sanctions Licensing Process and Principles

On February 23, 2024, the United States issued a broad set of new Russia-related sanctions and export controls in response to the second anniversary of Russia’s invasion of Ukraine and the February 16, 2024, death of opposition leader, Aleksey Navalny, in Russian custody.

The Treasury Department’s Office of Foreign Assets Control (OFAC), the Commerce Department’s Bureau of Industry and Security (BIS), and the State Department all issued new designations.  The agencies also issued an inter-agency advisory warning non-Russian companies from doing business in or with Russia.

Continue Reading US Government Imposes New Russia Sanctions, Designating Over 500 Parties and Issuing Interagency Russia Business Advisory

The U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) has published major revisions to its humanitarian authorizations and other general licenses under the North Korean Sanctions Regulations (“NKSR”), which took effect on February 16, 2024.  These regulatory changes expand the scope of authorized activity in North Korea, which should lead to fewer specific license applications for NGOs engaged in humanitarian work relating to the DPRK.  In this regard, OFAC has narrowed the restriction on authorized activity arising from “partnerships” with the DPRK government.  OFAC has also established a new authorization for journalistic activities in North Korea.  These revisions to the NKSR, along with some improved guidance from OFAC regarding banks’ due diligence expectations, may result in less de-risking by financial institutions when it comes to customer activity involving North Korea.

At the same time, there remain important limitations and conditions to these authorizations that must be observed.  Moreover, OFAC has implemented a new advance reporting requirement if one intends to use the revised humanitarian general license, which may increase the compliance burden on NGOs as well as provide the State Department an opportunity to object to the use of the general license on a case-by-case basis. 

Continue Reading OFAC Issues Significantly Revised NGO Authorizations for North Korea

The UK government introduced new reporting requirements under The Russia (Sanctions) (EU Exit) Regulations 2019 (“Russia Regulations”) in December 2023, with the goal of strengthening transparency in relation to assets frozen under the regime and assisting HM Treasury’s Office of Financial Sanctions Implementation (“OFSI”) to monitor compliance with, and detect evasion of, financial sanctions administered under the Russia regime.  The two new reporting measures are the immobilized assets reporting measure and the designated persons asset reporting measure.  On February 12, 2024, OFSI’s Director, Giles Thomson, published a new blog explaining the practical implications of these new measures.  OFSI also has updated its Russia sanctions guidance to include new FAQs addressing the implementation of the second new reporting obligation.

Continue Reading OFSI Publishes Update on New Russia Sanctions Reporting Requirements

Asia Pacific (APAC) countries continue to “stagnate” in their rankings in 2023, only minimally above the global average, with most well below, according to two anti-corruption due diligence tools, TRACE’s 2023 Bribery Risk Matrix (TRACE Matrix) and Transparency International’s 2023 Corruption Perceptions Index (TI CPI). While the two ranking systems share the same view of the least and most risky countries, the TRACE Matrix presents a slightly more positive view overall, ranking most Asia Pacific counties as moderate risk. In contrast, the TI CPI ranks most as being high risk. When considered together, the two systems allow for a more complete and accurate view of the risks and opportunities offered in the APAC region based on their different methodologies and factors.  

TRACE considers just a quarter of the countries in the region to be high to very high risk, but two thirds are at least moderate risk. However, for the TI CPI, the average score of APAC countries was above the global average score (45 versus 43, as for the past four years), with more than half perceived as high to very high, hence TI’s description of the region’s scores as stagnating. The 2023 TRACE Matrix publication packet is available at https://www.traceinternational.org/trace-matrix, and the 2023 TI CPI is available at https://www.transparency.org/en/cpi/2023.

Although these tools offer a good starting point for assessing risk, they are not a substitute for adequate risk-based due diligence on counterparties in the region. Notably, many international bribery cases involve companies headquartered or conducting business operations in jurisdictions with very low-risk rankings. This is probably because their anti-corruption efforts support the investigation and prosecution of bribery. Countries with no track record of meaningful enforcement against their own companies for overseas bribery should be closely reviewed for bribery and corruption risks. These bribery risk tools should also be supplemented with other publicly available reports on money laundering and bank secrecy risks, as these are also indirect indicators of bribery and corruption risk.

Continue Reading Asia Pacific 2023 Anti-Corruption Rankings: Transparency International’s CPI and the TRACE Bribery Risk Matrix

The UK’s National Economic Crime Centre (“NECC”) recently issued an amber alert concerning the sanctions evasion, money laundering, and trafficking in cultural property risks presented to UK industries linked to artwork storage facilities and the art storage sector (the “Amber Alert”).  The Amber Alert highlights that criminals are finding ways to utilize the art market to conduct illicit activity and includes case studies and key indicators that those operating within the art storage sector can use to detect such activity.  This development underscores the UK government’s continued commitment to cracking down on the evasion of sanctions (particularly under the Russia sanctions regime), as well as an increased focus on identifying and targeting more avenues for sanctions evasion so that counter measures can be implemented to thwart those efforts.  It also highlights the increasingly interconnected approach the UK government and law enforcement are adopting to address activity with potential touchpoints to a range of financial and other crimes. 

Continue Reading UK NECC Publishes Amber Alert on Sanctions Evasion in the Art Storage Sector

On February 8, 2024, the U.S. Department of the Treasury, Financial Crimes Enforcement Network (FinCEN) published a notice of proposed rulemaking (2024 NPRM) about Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) regulations concerning persons involved in residential real estate closings and settlements. To promote U.S. AML/CFT objectives, the NPRM proposes a system of streamlined Suspicious Activity Reports (SARs) for certain U.S. real estate transactions. The NPRM does yet not have the force and effect of law, and FinCEN has requested public comments to be submitted until on or about April 16, 2024. A brief summary of the background and substantive provisions for the NPRM follows.

Continue Reading Potential new SAR-like Reporting Requirements for Certain U.S. Real Estate Transactions