On May 22, 2024, the US Department of Justice’s National Security Division (“NSD”) announced its first-ever corporate declination under the NSD’s Export Control and Sanctions Enforcement Policy for Business Organizations (the “Policy”) in connection with a voluntary self-disclosure by Massachusetts biochemical company Sigma-Aldrich, Inc., doing business as MilliporeSigma. The declination related to allegations of US export control violations that occurred when a former employee and his co-conspirators submitted falsified export documentation for hundreds of shipments of MilliporeSigma products to China. The former MilliporeSigma employee and one coconspirator pleaded guilty to wire fraud conspiracy for their roles in the scheme. 

The NSD’s Export Control and Sanctions Enforcement Policy creates a presumption that a company will receive a non-prosecution agreement (“NPA”), or, where appropriate under the provisions of the Justice Manual, a full declination of any action, including through an NPA, and no fine when it voluntarily self-discloses potentially criminal violations of US export controls and sanctions laws to the NSD’s Counterintelligence and Export Control Section (“CES”), fully cooperates, and timely and appropriately remediates. The presumption of an NPA or declination does not apply where aggravating factors are present. “Potentially” aggravating factors include egregious or pervasive criminal misconduct within the company, concealment or involvement by upper management, repeated administrative and/or criminal violations of national security laws, the export of items that are particularly sensitive or to end users of heightened concern, and a significant profit to the company from the misconduct. Where such aggravating factors are present, NSD has the discretion to seek a different resolution, such as a deferred prosecution agreement or guilty plea.

While NSD has touted the MilliporeSigma declination as an example of the clear benefits companies may receive under the Policy when they commit fully to voluntary self-disclosure of export controls and sanctions violations at the earliest sign of potential criminal wrongdoing, the facts and circumstances of the case, as set forth by the Justice Department, raise significant questions for companies who may uncover similar or more serious conduct within their own operations. Such questions, and the specific facts at issue here, should prompt companies to carefully assess whether the MilliporeSigma declination is a seminal moment representing the new normal under NSD’s VSD Policy or a potential outlier with somewhat limited precedential value.Continue Reading DOJ’s National Security Division’s First-Ever Declination Under Its Voluntary Self-Disclosure Policy Raises Critical Questions

On May 8, 2024, BIS published a correction to the interim final rule, further removing license requirements for certain items under ECCN 0x5zz.

Previously, the interim final rule stated that all 0x5zz ECCNs referenced in footnote 9 to the Commerce Country Chart in supplement no. 1 to part 738 that were previously controlled for NS1 or RS1 reasons for control would continue to require a license for export to Australia and the UK based on the license requirements specified in that footnote.  However, the correction clarifies that only portions of the referenced 0x5zz ECCNs will continue to require a license.

On April 19, 2024, the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) issued an interim final rule under the U.S. Export Administration Regulations (“EAR”) that significantly streamlines export controls on certain defense-related technology products to Australia and the United Kingdom (“UK”). Aimed at enhancing technological innovation among the three countries in furtherance of the Australia, United Kingdom, United States (“AUKUS”) Trilateral Security Partnership, the interim final rule removes license requirements, expands the availability of license exceptions, and reduces the scope of end-use and end-user-based license requirements for exports, reexports, and transfers (in-country) to or within Australia and the UK.

In a statement, BIS said that it “anticipates these changes will reduce licensing burdens for trade with Australia and the UK by over 1,800 total licenses valued at over $7.5 billion per year.” BIS also states that the cumulative effect of these export control revisions under the EAR will be to treat Australia and the UK as destinations equivalent to Canada. BIS is soliciting public comments on the impacts of these changes to ensure that the export control revisions implemented advance AUKUS objectives, as well as potential additional revisions to the EAR that would further enhance defense industrial base cooperation and technology innovation with Australia and the UK. Interested parties should consider submitting comments to BIS by the June 3, 2024, deadline.

Notwithstanding this important regulatory development, export control revisions under AUKUS related to the U.S. International Traffic in Arms Regulations (“ITAR”) administered by the U.S. Department of State, Directorate of Defense Trade Controls (“DDTC”), have not yet been promulgated. Until that action occurs, industry will not be able to assess the full extent of U.S. export control revisions and continued licensing requirements that will be implemented under AUKUS.Continue Reading BIS Removes Significant Export Control License Requirements for Australia and the UK under the Strategic AUKUS Partnership

On April 24, 2024, President Biden signed HR 815, “Making emergency supplemental appropriations for the fiscal year ending September 30, 2024, and for other purposes,” into law (the “National Security Supplemental” or the “NSS”). The National Security Supplemental appropriates funds to provide security assistance to Ukraine, Israel, and US partners in the Indo-Pacific and humanitarian aid for Gaza. Alongside the appropriations measures, the National Security Supplemental includes the “21st Century Peace through Strength Act”, a collection of fourteen sanctions, export controls, and related regulatory measures targeting Iran, Russia, and China, in addition to areas of concern including narcotics trafficking, terrorist financing, and misuse of information and communications technology and services (“ICTS”).

In this post, we assess these new developments and the areas where they will likely have the greatest impact.Continue Reading President Signs Expansive Sanctions Bill Into Law; Doubling of Limitations Period for IEEPA Violations Likely to Have Major Impact

On April 15, 2024, the U.S. Treasury Department (Treasury), as the Chair of the Committee on Foreign Investment in the United States (CFIUS or the Committee), published a notice of proposed rulemaking (NPRM) “to enhance certain CFIUS procedures and sharpen its penalty and enforcement authorities.”  In particular, the proposed new measures would expand the authority of CFIUS to gather information related to both notified and non-notified transactions, impose more significant civil penalties on transaction parties, and alter procedures related to the negotiation of mitigation agreements.  The proposed changes to CFIUS’s regulations are meant “to more effectively deter violations, promote compliance, and swiftly address national security risks in connection with CFIUS reviews,” Assistant Secretary for Investment Security Paul Rosen said in a statement on Thursday.  This represents the first significant update to the CFIUS regulations since the enactment and implementation of the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), which significantly expanded the scope of CFIUS’s jurisdiction. Continue Reading CFIUS Proposes Important Changes to Foreign Investment Rules with Focus on Enforcement

On March 21, 2024, the Department of Commerce’s Bureau of Industry and Security (“BIS”) issued a final rule under the U.S. Export Administration Regulations (“EAR”) that imposes new export controls on certain individuals and entities identified on the U.S. Department of the Treasury’s Office of Foreign Assets Control’s (“OFAC’s”) List of Specially Designated Nationals and Blocked Persons (“SDN List”).  More specifically, the final rule imposes a BIS licensing requirement on exports, reexports, or transfers (in-country) of all items “subject to the EAR” when certain categories of SDNs are parties to the transaction.  The covered types of SDNs are designated under 11 OFAC-administered sanctions programs (as noted by BIS), including those relating to Russia, Belarus, transnational criminal organizations, and narcotics traffickers (as well as making slight changes to similar preexisting controls on SDNs designated for activities related to terrorism or proliferation of weapons of mass destruction).

The U.S. government has described these broader EAR restrictions as a “force multiplier” to complement OFAC’s jurisdiction, by allowing these controls in Part 744 of the EAR to “act as a backstop for activities over which OFAC does not exercise jurisdiction.”  OFAC’s sanctions regulations generally prohibit U.S. persons from engaging in any transactions or dealings involving SDNs and blocked parties (i.e., entities owned 50 percent or more by one or more SDNs or blocked parties), and the property or interest in property of such parties in the United States or within the possession or control of a U.S. person must be blocked (i.e., frozen) and reported to OFAC.  Non-U.S. persons can violate U.S. sanctions programs by, among other things, “causing” a U.S. person to violate U.S. sanctions.  With limited exceptions such as under the Cuban Assets Control Regulations and the Iranian Transactions and Sanctions Regulations, OFAC’s sanctions regulations generally do not specify whether they apply to transactions taking place entirely outside the United States that do not involve U.S. persons simply because the transactions involve items subject to the EAR.  This new rule aims to close this gap by providing BIS with clear authority to take export controls enforcement action in such cases where U.S. products or technologies, but not U.S. persons, are involved.   

As a result of BIS’s rule, non-U.S. persons outside the United States, who may not clearly be prohibited (absent the involvement of U.S. persons) by U.S. sanctions regulations from dealing in the property or interests in property of an SDN or blocked party, will now generally be subject to licensing requirements under the EAR if reexporting or transferring (in-country) any item “subject to the EAR” when an SDN designated under at least one of these sanctions programs is a “party to the transaction,” including as purchaser, intermediate consignee, ultimate consignee, or end user.  This underscores the guidance in the Tri-Seal Compliance Note of March 6, 2024 that non-U.S. persons have export controls (and sanctions) licensing obligations under U.S. law, even if operating wholly offshore, and therefore, they should consider enhancing compliance screening protocols and controls to prevent violations of U.S. export controls and sanctions.Continue Reading Export Controls and Sanctions Converge: New BIS Restrictions on SDNs

On February 28, 2024, the Biden administration announced the creation of a new national security regulatory regime that will prohibit or restrict certain transactions involving bulk sensitive US personal data or government-related data and specified “countries of concern.” The Biden administration announced the regime in a new executive order, Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern (EO 14117), which was accompanied by an advance notice of proposed rulemaking (ANPRM) issued by the National Security Division (NSD) of the Department of Justice (DOJ), the component and agency with primary responsibility for implementing and enforcing the forthcoming regulations. The White House and DOJ also published fact sheets regarding the new regime.

Executive branch officials and members of Congress have long been concerned about the lack of a national security regulatory regime covering the transfer of sensitive US personal data to countries of concern, particularly China. As explained in EO 14117, such data has the potential to be used for a variety of nefarious purposes, including surveillance, extortion, and influence campaigns targeting US government employees and members of the US military, among others. The order highlights that such risks have become more acute due to the rapid advancement of artificial intelligence (AI) and its ability to analyze and manipulate data sets. Bulk sensitive personal data can also be used in the creation and refinement of AI models and other advanced technologies.

According to the White House, the EO is “the most significant executive action any President has ever taken to protect Americans’ data security.”

The public may submit comments on the ANPRM through April 19, 2024 and will likely have an additional opportunity to comment on the language contained in a proposed rule, once issued.

Although intended to be tailored in its scope, our initial assessment is that the new regulatory scheme, once fully implemented, will likely have a profound impact on a number of industries and entities around the world. At a minimum, it seems certain that regulatory compliance costs could be substantial, particularly on entities that have not previously focused on building out a risk-based compliance program in this or other related areas.Continue Reading Biden Administration to Implement New National Security Rules Targeting Personal Data

On January 16, 2024, the Assistant Secretary for Export Enforcement at the Department of Commerce’s Bureau of Industry and Security (BIS) issued a memorandum, announcing that:

  1. parties disclosing minor or technical violations that occurred close in time can submit a single Voluntary Self-Disclosure (VSD) on a quarterly basis, which may include an abbreviated narrative account of the suspected violations; and
  2. parties sending formal requests to BIS’s Office of Exporter Services to engage in otherwise prohibited activities with respect to items involved in violations of the Export Administration Regulations (EAR) should also send courtesy copies to the Office of Export Enforcement (OEE), which will help expedite BIS’s processing of such requests.

The memorandum builds upon previous changes to BIS’s administrative enforcement program, which were announced in memoranda dated June 30, 2022 and April 18, 2023.  These changes are intended to help OEE fast-track its review of “minor” or “technical” VSDs and to encourage additional disclosures of potentially significant violations of the EAR, but do not apply to VSDs relating to Part 760 of the EAR (antiboycott and restrictive trade practices).  For a detailed analysis of the previous memoranda, see our blog posts from July 6, 2022 and April 26, 2023.  Continue Reading BIS Makes Further Changes to Administrative Enforcement, But Questions Remain

On October 4, 2023, Deputy Attorney General Lisa O. Monaco, the second-ranking official in the US Department of Justice (“DOJ” or the “Department”), announced a new Safe Harbor Policy for Voluntary Self-Disclosures (“VSDs”) made in connection with mergers and acquisitions (“M&A”) (together, “M&A Safe Harbor Policy”).  The new policy encourages acquiring companies to timely disclose misconduct uncovered during M&A due diligence and harmonizes the DOJ-wide approach to VSDs for M&A transactions.  The implementation of the M&A Safe Harbor Policy is the most recent initiative in the Biden Administration’s efforts to combat corporate crime and has broad implications across DOJ’s Divisions.Continue Reading DOJ Announces “Safe Harbor” Policy for Mergers & Acquisitions

On July 31, 2023, the Committee on Foreign Investment in the United States (CFIUS) released its Annual Report to Congress for Calendar Year 2022.  CFIUS is the inter-agency body charged with conducting national security reviews for certain foreign investments in the United States.  The CFIUS process is generally confidential, but the annual report provides aggregate data on certain CFIUS activities and offers the private sector insight into current Committee trends.Continue Reading Key Takeaways from the 2022 CFIUS Annual Report

Overview

On August 9, 2023, the White House issued a long-awaited Executive Order, entitled Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern (“EO 14105”). The EO establishes a new national security regulatory regime, implemented principally by the US Department of the Treasury (“Treasury”), in consultation with other federal agencies including the US Department of Commerce, that will require the notification of, as well as prohibit, certain investment activity by US persons in named “countries of concern,” currently China.

EO 14105 does not restrict all US person investment activity regarding China, and is tailored to focus on specific products, technologies, and capabilities involving: (1) semiconductors and microelectronics (including advanced integrated circuits and supercomputers); (2) quantum information technologies (e.g., computers, sensors, networking, and systems); and (3) certain artificial intelligence systems (e.g., with certain military, intelligence, or surveillance end uses).Continue Reading Biden Administration Announces New Outbound Investment Regime Targeting China