Photo of Evan Abrams

Evan Abrams counsels multinational corporations, financial institutions, and individuals on various international regulatory and compliance matters. He assists foreign and domestic companies in navigating national security reviews by the Committee on Foreign Investment in the United States (CFIUS). He has represented companies in industries including semiconductors, metals, and digital security. Evan’s anti-money laundering (AML) practice focuses on helping financial institutions comply with federal and state AML rules, particularly money transmitters and entities involved in creating, exchanging, or dealing in cryptocurrencies and tokens. Evan counsels clients in a variety of export controls and sanctions matters related to the Export Administration Regulations (EAR), International Traffic in Arms Regulations (ITAR), and various sanctions programs under US and international law. In addition, Evan routinely assists clients on anti-corruption investigations and enforcement actions.

Read Evan's full bio.

On October 14, 2020, the U.S. State Department issued a much-anticipated report pursuant to Section 5(a) of the Hong Kong Autonomy Act (HKAA), identifying ten individuals who were determined by the State Department to be “foreign persons” who “are materially contributing to, have materially contributed to, or attempt to materially contribute to the failure of the PRC to meet its obligations under” the Sino-British Joint Declaration of 1984 or Hong Kong’s Basic Law.

Under Section 5(b) of the HKAA, the U.S. Treasury Department is now given 30 to 60 days to release a report identifying any foreign financial institution (FFI) “that knowingly conducts a significant transaction with a foreign person identified” in the October 14 report. This report could be released by mid-November or December. Within one year of this Section 5(b) report, the Treasury Department could impose secondary sanctions on the FFIs identified therein, based on a menu of 10 sanctions laid out in Section 7 of the HKAA.

In conjunction with the State Department’s report, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued four Frequently Asked Questions (FAQs) providing additional guidance on how the agency intends to implement the secondary sanctions.

For additional background on this issue and a description of the secondary sanctions under the HKAA, see our blog post of July 15, 2020, “U.S. Executive Order Implements, Strengthens Hong Kong Sanctions.”


Continue Reading Update: Hong Kong Financial Institutions Face U.S. Secondary Sanctions after State Department Issues First Report under Hong Kong Autonomy Act

On October 1, 2020, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCEN) published advisories on the sanctions and anti-money laundering (AML) risks of facilitating ransomware payments.

Ransomware attacks have become increasingly common in recent years with malicious attacks targeting companies in a variety of industries, including healthcare, technology, and education, among others.  Ransomware attacks typically involve a hacker breaching a company’s information technology (IT) infrastructure and encrypting a company’s data or other systems. The attacker then typically demands the victim pay a ransom in exchange for a decryption key that allows the victim to unlock the IT systems or data.  Such attacks can have severe consequences for the victim, often preventing the victim from being able to conduct business operations in whole or in part, and, in the case of healthcare companies such as hospitals, can potentially lead to loss of life, as reportedly occurred recently with a ransomware attack on a hospital in Germany.  Such inability to conduct business can also have ripple effects on other companies or individuals whose data is affected.  In some instances, an attacker may also threaten to disclose private information or data unless the ransom is paid.

As a result, victims of ransomware attacks often choose to pay the ransom.  However, because ransomware attackers rarely, if ever, identify themselves, and often demand payment in cryptocurrency, victims making such payments are generally forced to do so without a clear understanding of the recipient.  Such conduct potentially exposes the victim, and third party service providers (including financial institutions and incident response consultants, among others), to violations of and obligations under US sanctions and/or AML laws.

The OFAC and FinCEN advisories provide information to the public regarding the sanctions and AML risks to victims and third party service providers, including US financial institutions, who assist victims in responding to ransomware attacks.  While in many respects the guidance does not break new regulatory ground, it is a stark reminder of the way that those trying to deal with the consequences of a ransomware attack can find themselves in trouble with the US government.  This puts victims and companies that assist them in a difficult conundrum: don’t pay the ransom and potentially watch the victim company’s business get destroyed, or pay the ransom and run the risk of violating US sanctions and AML laws.  It is therefore imperative that victim companies and those in the business of facilitating ransom payments carefully consider the legal risks and evaluate potential ways to avoid or minimize them.


Continue Reading Five Key Takeaways from OFAC and FinCEN’s Ransomware Advisories

On September 15, 2020, the Committee on Foreign Investment in the United States (CFIUS), the inter-agency U.S. government body responsible for reviewing certain forms of inbound investment for national security risks, published a final rule, effective October 15, making important changes to the rules defining “critical technology” transactions subject to mandatory filing requirements.

CFIUS has traditionally allowed, but not required, parties to “covered transactions” to submit a filing to CFIUS to seek approval of their transaction.  However, the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) authorized CFIUS to mandate filings for certain types of transactions.  Transactions subject to mandatory filings under FIRRMA fall into two categories: certain investments involving “critical technology” and certain investments involving foreign governments.  (See our prior International Law Advisory on FIRRMA’s implementing regulations here).

The final rule changes the circumstances in which a “critical technology” investment will trigger a mandatory filing requirement.  The rule ends the use of North American Industry Classification System (NAICS) codes to identify specific industries subject to mandatory “critical technology” filings, in favor of a filing requirement based on U.S. export controls.  A mandatory “critical technology” filing requirement is triggered under the final rule when a “U.S. regulatory authorization” would be required for the export, reexport, or transfer (in country) of the U.S. target company’s goods or technologies to the foreign investor or certain other foreign persons involved in the transaction.  The final rule also makes modest clarifications to the second category of transactions involving foreign government interests.  (See our prior blog post on the proposed version of the rule here).


Continue Reading New CFIUS “Critical Technology” Mandatory Filing Rules Increase Importance of Export Controls Analysis

In July 2020, the Committee on Foreign Investment in the United States (“CFIUS”) released its Annual Report to Congress for Calendar Year (“CY”) 2019.  The Annual Report, which fulfills certain statutory reporting requirements, provides information on covered transactions filed with CFIUS during 2019.  Among other things, the 2019 Annual Report provides some initial data and other insights into CFIUS’s administration of the Foreign Investment Risk Review Modernization Act (“FIRRMA”), which expanded the jurisdiction of CFIUS and included new reporting requirements.

Continue Reading Analysis of Annual Report of CFIUS to Congress for Calendar Year 2019

On August 18, 2020, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) published a statement outlining the agency’s approach to enforcement of the Bank Secrecy Act (“BSA”), including anti-money laundering (“AML”) regulations issued by FinCEN pursuant to the BSA.  As described in a press release accompanying the statement, the document “aims to provide clarity and transparency to [FinCEN’s] approach when contemplating compliance or enforcement actions against covered financial institutions that violate the BSA.”

This relatively brief statement apparently represents FinCEN’s first published guidance that comprehensibly identifies the agency’s enforcement priorities and policies, and it may reflect an effort by FinCEN to place more emphasis on its enforcement function.   The statement lacks the details of enforcement guidance published by other agencies on issues of trade and financial regulation, such as Treasury’s Office of Foreign Assets Control (“OFAC”).  While many of the topics covered by the FinCEN statement will be familiar to covered financial institutions, there are also a few noteworthy clarifications in the statement.


Continue Reading FinCEN Publishes Statement Setting Forth Agency’s Approach to BSA Enforcement

On August 7, 2020, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced the imposition of sanctions on 11 prominent Hong Kong and People’s Republic of China (PRC) officials for taking actions that, in the view of the US government, undermined Hong Kong’s autonomy and restricted fundamental freedoms of people in Hong Kong. The officials include Hong Kong’s Chief Executive Carrie Lam, Hong Kong’s Secretary for Justice, the Secretary for Security, the Commissioner of the Hong Kong Police Force, and Chinese officials responsible for Hong Kong affairs, among others.

OFAC named the officials as Specially Designated Nationals (SDNs) pursuant to Executive Order (EO) 13936, entitled The President’s Executive Order on Hong Kong Normalization. Section 4 of the EO authorizes sanctions called for by Congress in the Hong Kong Human Rights and Democracy Act of 2019 and the Hong Kong Autonomy Act (HKAA).

As a result of the designations, all property and interest in property of the SDNs must be blocked (frozen) when in the United States or within the possession or control of a US person. US citizens and green card holders and US-domiciled companies are generally prohibited from transactions or dealings, directly or indirectly, with SDNs as well as entities owned 50% or more by one or more SDNs. This includes financial transactions processed through US banks. Note that the general prohibitions and blocking requirements under EO 13936 do not apply to foreign subsidiaries of US companies, but would apply to foreign branches of such companies.

(For a detailed summary of the sanctions provisions of EO 13936 please see our recent client advisory here.)


Continue Reading Financial Institutions Watch and Wait as OFAC Sanctions Top Hong Kong Officials

On July 16, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) issued two new Ukraine-/Russia-related general licenses:  General License 15I, Authorizing Certain Activities Involving GAZ Group, which replaces General License 15H; and General License 13O, Authorizing Certain Transactions Necessary to Divest or Transfer Debt, Equity, or Other Holdings in GAZ Group, which replaces General License 13N.  OFAC also updated nine related FAQs – 570, 571, 586, 588, 589, 590, 591, 592, and 625 – on July 22.

Most notably, General License 15I expands the scope of the pre-existing authorization (covering only maintenance, wind-down and a very limited set of additional activities involving GAZ Group) to include new activities relating to the manufacture and sale of vehicles and related products.  Although many activities were able to continue under the prior GAZ Group general licenses (due to the expansive definition of “maintenance” in FAQ 625), this appears to be an important development for GAZ Group and for prospective or new business partners of GAZ Group.  OFAC has not disclosed any specific developments triggering this change, such as with respect to the ownership or control of Oleg Deripaska in GAZ Group, although the new license does provide for new reporting obligations related to ownership and control of GAZ Group.

General License 15I authorizes certain activities, subject to numerous limitations stated therein, for 190 days – from July 16, 2020 through 12:01 a.m. eastern standard time, January 22, 2021 – which is over a month longer than any of its predecessors.


Continue Reading OFAC Authorizes Additional Activities Involving GAZ Group

On June 18, 2020, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced the addition of three individuals and eight entities to its list of Specially Designated Nationals and Blocked Persons (SDN List), pursuant to Executive Order 13850, for “their activities in or associated with a network attempting to evade United States sanctions on Venezuela’s oil sector.”  OFAC also identified two vessels as blocked property belonging to the designated persons and issued a general license authorizing wind-down activities with certain of the designated persons, as well as an FAQ regarding the general license.  Finally, OFAC announced the delisting of two entities previously included on the SDN List for operating in the oil sector of the Venezuelan economy.

The actions are the latest in a string of recent designations targeting entities involved in the Venezuelan oil sector, which has been a particular focus for OFAC of late.  The latest actions offer a number of insights for companies doing business with Venezuela and operating in the oil and shipping industries more broadly.  We highlight three key takeaways below.


Continue Reading Three Key Takeaways from OFAC’s Latest Venezuela Sanctions Actions

A newly published proposed rule would make two important modifications to the mandatory filing requirements of the Committee on Foreign Investment in the United States (CFIUS), the US government interagency committee responsible for reviewing inbound foreign direct investments for national security risks. The proposed rule would change the scope of the mandatory filing requirement for covered transactions involving US critical technology companies, and would clarify how “substantial interest” is calculated for certain transactions involving foreign government investors.

Continue Reading Proposed CFIUS Rule Would Change and Clarify CFIUS Mandatory Filing Requirements

On February 26, 2020, the Office of Foreign Assets Control (OFAC) announced a $7,829,640 settlement with Switzerland-based Société Internationale de Télécommunications Aéronautiques (SITA) for 9,256 violations of the Global Terrorism Sanctions Regulations (GTSR). The settlement, which concerns SITA’s provision of computer services and software subject to U.S. jurisdiction for the benefit of sanctioned airlines, is the latest OFAC enforcement action to highlight the importance of sanctions compliance for software and digital service providers inside and outside the United States.

The takeaway: Non-U.S. providers of software and digital services should avoid the provision of U.S.-origin products or the involvement of U.S.-based infrastructure or subsidiaries in activities with U.S.-sanctioned customers and territories, unless licensed under, or exempted from, OFAC regulations.


Continue Reading Data Breach: OFAC Settles with Swiss Firm over Digital Services for Sanctioned Airlines