Photo of Jack Hayes

Jack Hayes

Subscribe to Jack Hayes's Posts

Jack Hayes has extensive experience providing clients with advice and assistance under ITAR and EAR, as well as US economic sanctions and anti-boycott regulations. Jack frequently handles complex export control matters, including voluntary disclosures, internal investigations of apparent export control violations, pre-closing and post-closing acquisition export compliance due diligence, export control audits, and assessments of compliance obligations and risks in accordance with relevant international trade regulations. He also provides guidance on brokering requirements and reporting obligations for certain fees, commissions, and political contributions related to sales of defense articles and defense services, prepares export and reexport license and agreement applications for submission, undertakes commodity jurisdiction and export classification analyses of items and services under the ITAR and EAR, drafts registration material change notifications, and develops compliance policies, programs, and training materials.

Read Jack's full bio.

Contact:Read more about Jack Hayes

On March 21, 2024, the Department of Commerce’s Bureau of Industry and Security (“BIS”) issued a final rule under the U.S. Export Administration Regulations (“EAR”) that imposes new export controls on certain individuals and entities identified on the U.S. Department of the Treasury’s Office of Foreign Assets Control’s (“OFAC’s”) List of Specially Designated Nationals and Blocked Persons (“SDN List”).  More specifically, the final rule imposes a BIS licensing requirement on exports, reexports, or transfers (in-country) of all items “subject to the EAR” when certain categories of SDNs are parties to the transaction.  The covered types of SDNs are designated under 11 OFAC-administered sanctions programs (as noted by BIS), including those relating to Russia, Belarus, transnational criminal organizations, and narcotics traffickers (as well as making slight changes to similar preexisting controls on SDNs designated for activities related to terrorism or proliferation of weapons of mass destruction).

The U.S. government has described these broader EAR restrictions as a “force multiplier” to complement OFAC’s jurisdiction, by allowing these controls in Part 744 of the EAR to “act as a backstop for activities over which OFAC does not exercise jurisdiction.”  OFAC’s sanctions regulations generally prohibit U.S. persons from engaging in any transactions or dealings involving SDNs and blocked parties (i.e., entities owned 50 percent or more by one or more SDNs or blocked parties), and the property or interest in property of such parties in the United States or within the possession or control of a U.S. person must be blocked (i.e., frozen) and reported to OFAC.  Non-U.S. persons can violate U.S. sanctions programs by, among other things, “causing” a U.S. person to violate U.S. sanctions.  With limited exceptions such as under the Cuban Assets Control Regulations and the Iranian Transactions and Sanctions Regulations, OFAC’s sanctions regulations generally do not specify whether they apply to transactions taking place entirely outside the United States that do not involve U.S. persons simply because the transactions involve items subject to the EAR.  This new rule aims to close this gap by providing BIS with clear authority to take export controls enforcement action in such cases where U.S. products or technologies, but not U.S. persons, are involved.   

As a result of BIS’s rule, non-U.S. persons outside the United States, who may not clearly be prohibited (absent the involvement of U.S. persons) by U.S. sanctions regulations from dealing in the property or interests in property of an SDN or blocked party, will now generally be subject to licensing requirements under the EAR if reexporting or transferring (in-country) any item “subject to the EAR” when an SDN designated under at least one of these sanctions programs is a “party to the transaction,” including as purchaser, intermediate consignee, ultimate consignee, or end user.  This underscores the guidance in the Tri-Seal Compliance Note of March 6, 2024 that non-U.S. persons have export controls (and sanctions) licensing obligations under U.S. law, even if operating wholly offshore, and therefore, they should consider enhancing compliance screening protocols and controls to prevent violations of U.S. export controls and sanctions.Continue Reading Export Controls and Sanctions Converge: New BIS Restrictions on SDNs

On March 1, 2024, the federal district court in the Northern District of Alabama declared in the case of National Small Business United v. Yellen that the Corporate Transparency Act (“CTA”) exceeds the Constitution’s limits on Congress’s power. The court enjoined the Department of the Treasury and Financial Crimes Enforcement Network (“FinCEN”) – the agency responsible for implementing the CTA – from enforcing the CTA against the plaintiffs in this case. While the ruling enjoins enforcement only against the plaintiffs in the specific case, the rationale used by the court is a broad rejection of the constitutionality of the statute, rather than a more tailored “as applied” rationale. Following the ruling, FinCEN issued a statement clarifying it will only cease enforcement with respect to the specific plaintiffs in the case, rather than with respect to all reporting companies. Those plaintiffs include Isaac Winkles, reporting companies for which Isaac Winkles is the beneficial owner or applicant, the National Small Business Association (“NSBA”), and members of the NSBA as of March 1, 2024 (collectively, the “Plaintiffs”). As of now, the CTA and its beneficial ownership information (“BOI”) reporting requirements remain in effect for all other entities that are required to report BOI to FinCEN under the CTA.Continue Reading Federal Court Finds Corporate Transparency Act Unconstitutional: Navigating Implications for Reporting Companies

In a first of its kind action, the US Department of Commerce has begun a rulemaking process to prohibit or impose conditions on certain transactions involving foreign technology used in so-called “connected vehicles” or “CVs,” as defined below for automotive applications.

The measure, announced by Commerce on February 29, 2024 in a press release and an advanced notice of proposed rulemaking (ANPRM), is Commerce’s first attempt to cover a class of transactions under the Department’s Information and Communications Technology and Services (ICTS) rules.

The ICTS rules, contained at 15 CFR Part 7, were first issued in 2021, but Commerce has not yet implemented or used the rules to cover a particular class of transactions. However, Commerce recently created a new Office of Information and Communications Technology and Services (OICTS) within the Bureau of Industry and Security (BIS) and appointed the first ever director of that office (see additional detail here). Those measures, coupled with the ANPRM on CVs, suggest that Commerce has ramped up its efforts in this area and is becoming increasingly active in its use of the ICTS rules. It is all but certain that the ANPRM on CVs is just the first example of industries to be targeted, and we expect to see similar efforts in relation to other high-priority industries going forward.

Comments on the ANPRM are due by April 30, 2024. Commerce will likely publish a proposed rule after reviewing public comments on the ANPRM and provide an additional opportunity to comment on the proposed rule at that time.Continue Reading In First of Its Kind Action, Commerce Moves to Regulate Foreign Tech in Vehicles

On February 23, 2024, the United States issued a broad set of new Russia-related sanctions and export controls in response to the second anniversary of Russia’s invasion of Ukraine and the February 16, 2024, death of opposition leader, Aleksey Navalny, in Russian custody.

The Treasury Department’s Office of Foreign Assets Control (OFAC), the Commerce Department’s Bureau of Industry and Security (BIS), and the State Department all issued new designations.  The agencies also issued an inter-agency advisory warning non-Russian companies from doing business in or with Russia.Continue Reading US Government Imposes New Russia Sanctions, Designating Over 500 Parties and Issuing Interagency Russia Business Advisory

On February 8, 2024, the U.S. Department of the Treasury, Financial Crimes Enforcement Network (FinCEN) published a notice of proposed rulemaking (2024 NPRM) about Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) regulations concerning persons involved in residential real estate closings and settlements. To promote U.S. AML/CFT objectives, the NPRM proposes a system of streamlined Suspicious Activity Reports (SARs) for certain U.S. real estate transactions. The NPRM does yet not have the force and effect of law, and FinCEN has requested public comments to be submitted until on or about April 16, 2024. A brief summary of the background and substantive provisions for the NPRM follows.Continue Reading Potential new SAR-like Reporting Requirements for Certain U.S. Real Estate Transactions

In a recent proposed rule, the Department of Commerce has taken additional steps toward imposing significant regulations on infrastructure as a service (IaaS) providers, including providers engaged in training certain large AI models. The notice of proposed rulemaking (NPRM) is published by Commerce’s Bureau of Industry and Security (BIS) and, in particular, its newly-created Office of Information and Communications Technology and Services (OICTS). The NPRM does not impose any immediate obligations on industry. Rather it requests comments on the proposed rules, which Commerce will consider before issuing a final rule. Comments are due by April 29, 2024.

The NPRM is OICTS’s first step toward implementing the Biden Administration’s executive order on AI (discussed in Steptoe’s alert here) and further implements a prior executive order on IaaS providers (discussed in Steptoe’s alert here).

The NPRM would require providers of IaaS products to implement customer identification programs (CIPs) to verify the identity of foreign customers. The CIP requirement is similar, in many respects, to the CIPs that certain US financial institutions must implement as part of their anti-money laundering (AML) compliance programs. The NPRM also delineates the ability of Commerce to identify foreign jurisdictions and persons posing a heightened threat to US national security and to prohibit or require conditions on the provision of IaaS products to such jurisdictions or persons. IaaS providers would be obligated to identify and report to Commerce when a foreign person uses their products to train a large AI model with potential capabilities that could be used in malicious cyber-enabled activity. Furthermore, IaaS providers would be required to ensure their resellers comply with the same set of rules.Continue Reading Commerce Proposes Significant New Regulations on AI Training and IaaS Providers

On January 16, 2024, the Assistant Secretary for Export Enforcement at the Department of Commerce’s Bureau of Industry and Security (BIS) issued a memorandum, announcing that:

  1. parties disclosing minor or technical violations that occurred close in time can submit a single Voluntary Self-Disclosure (VSD) on a quarterly basis, which may include an abbreviated narrative account of the suspected violations; and
  2. parties sending formal requests to BIS’s Office of Exporter Services to engage in otherwise prohibited activities with respect to items involved in violations of the Export Administration Regulations (EAR) should also send courtesy copies to the Office of Export Enforcement (OEE), which will help expedite BIS’s processing of such requests.

The memorandum builds upon previous changes to BIS’s administrative enforcement program, which were announced in memoranda dated June 30, 2022 and April 18, 2023.  These changes are intended to help OEE fast-track its review of “minor” or “technical” VSDs and to encourage additional disclosures of potentially significant violations of the EAR, but do not apply to VSDs relating to Part 760 of the EAR (antiboycott and restrictive trade practices).  For a detailed analysis of the previous memoranda, see our blog posts from July 6, 2022 and April 26, 2023.  Continue Reading BIS Makes Further Changes to Administrative Enforcement, But Questions Remain

On September 14, 2023, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), the Department of State, and the Department of Commerce’s Bureau of Industry and Security (“BIS”) announced new sanctions designations and export control guidance related to Russia.  These developments are the latest updates in the U.S. government’s ever-evolving response to Russia’s war in Ukraine through economic sanctions and export controls.Continue Reading U.S. Government Issues New Russia-related Sanctions Designations and Export Controls Guidance

After months of anticipation, a federal judge has finally ruled in the closely watched case of Joseph Van Loon, et al. v. Department of Treasury, et al.  This important case addressed challenges to the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) decision to impose sanctions on Tornado Cash as a Specially Designated National and Blocked Person (SDN).  The judge granted summary judgement in favor of OFAC, finding it had sufficient legal authority to designate Tornado Cash, and denied summary judgement on the plaintiffs’ claims.  Shortly after that ruling, OFAC announced the SDN designation of Roman Semenov, one of three alleged co-founders of Tornado Cash, and the Department of Justice (DOJ) charged Semenov and Roman Storm, another Tornado Cash founder, with multiple alleged criminal violations related to anti-money laundering (AML) and economic sanctions laws. 

All three actions are critical developments that contain key insights on how the US government views the AML and sanctions obligations of decentralized protocols and individuals associated with those protocols.  The developments make clear that, at least in certain scenarios, individuals involved in the creation of a DeFi platform can be held responsible for the activities conducted on that platform where such conduct violates US economic sanctions or AML laws, or constitutes sanctionable activity under applicable executive orders. Continue Reading Critical Tornado Cash Developments Have Significant Implications for DeFi AML and Sanctions Compliance

Effective August 18, 2023, the U.S. Department of Commerce, Bureau of Industry and Security (BIS) issued amendments to the Commerce Control List (CCL) (15 CFR Part 774) of the Export Administration Regulations (EAR) to formalize changes based on Nuclear Supplier Group (NSG) commitments to prevent nuclear proliferation and the development of nuclear-related weapons of mass destruction.Continue Reading BIS Promulgates CCL Changes Based on Nuclear Supplier Group Commitments