Photo of Jack Hayes

Jack Hayes has extensive experience providing clients with advice and assistance under ITAR and EAR, as well as US economic sanctions and anti-boycott regulations. Jack frequently handles complex export control matters, including voluntary disclosures, internal investigations of apparent export control violations, pre-closing and post-closing acquisition export compliance due diligence, export control audits, and assessments of compliance obligations and risks in accordance with relevant international trade regulations. He also provides guidance on brokering requirements and reporting obligations for certain fees, commissions, and political contributions related to sales of defense articles and defense services, prepares export and reexport license and agreement applications for submission, undertakes commodity jurisdiction and export classification analyses of items and services under the ITAR and EAR, drafts registration material change notifications, and develops compliance policies, programs, and training materials.

Read Jack's full bio.

On May 21, 2024, the Securities and Exchange Commission (SEC) and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) jointly published a notice of proposed rulemaking (NPRM) that would require investment advisers registered under the Investment Advisers Act of 1940 (RIAs) and exempt reporting advisers (ERAs) (collectively, “investment advisers”) to maintain customer identification programs (CIPs). Many types of U.S. financial institutions are required to maintain CIPs as part of their anti-money laundering (AML) compliance program and must, as part of the CIP rules, collect, verify, and retain certain identifying information about customers. Importantly, the NPRM does not yet have the force and effect of law, but indicates how FinCEN and the SEC intend to implement more specific AML requirements for investment advisers, subject to written comments from the public before a final rule is promulgated.

The NPRM follows a February 2024 FinCEN proposal to designate RIAs and ERAs as “financial institutions” under the so-called Bank Secrecy Act (BSA), subjecting them to AML and countering the financing of terrorism (CFT) program requirements that are similar to those imposed on other types of U.S. financial institutions, including broker-dealers of securities. Although the February 2024 proposed rule was issued solely by FinCEN, as required by the USA PATRIOT Act of 2001 and the BSA, as amended, for CIPs, FinCEN is publishing this NPRM jointly with the SEC, the federal functional regulator for investment advisers.

These proposals follow a Treasury risk assessment finding that the investment adviser industry has served as an entry point into the U.S. market for illicit proceeds associated with foreign corruption, fraud, tax evasion, and other criminal activities. They are also part of a broader U.S. agenda to patch up potential gaps in regulations designed to counter illicit finance.Continue Reading FinCEN Proposes Expansion of CIP Requirements to Investment Advisers

On May 8, 2024, BIS published a correction to the interim final rule, further removing license requirements for certain items under ECCN 0x5zz.

Previously, the interim final rule stated that all 0x5zz ECCNs referenced in footnote 9 to the Commerce Country Chart in supplement no. 1 to part 738 that were previously controlled for NS1 or RS1 reasons for control would continue to require a license for export to Australia and the UK based on the license requirements specified in that footnote.  However, the correction clarifies that only portions of the referenced 0x5zz ECCNs will continue to require a license.

On April 19, 2024, the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) issued an interim final rule under the U.S. Export Administration Regulations (“EAR”) that significantly streamlines export controls on certain defense-related technology products to Australia and the United Kingdom (“UK”). Aimed at enhancing technological innovation among the three countries in furtherance of the Australia, United Kingdom, United States (“AUKUS”) Trilateral Security Partnership, the interim final rule removes license requirements, expands the availability of license exceptions, and reduces the scope of end-use and end-user-based license requirements for exports, reexports, and transfers (in-country) to or within Australia and the UK.

In a statement, BIS said that it “anticipates these changes will reduce licensing burdens for trade with Australia and the UK by over 1,800 total licenses valued at over $7.5 billion per year.” BIS also states that the cumulative effect of these export control revisions under the EAR will be to treat Australia and the UK as destinations equivalent to Canada. BIS is soliciting public comments on the impacts of these changes to ensure that the export control revisions implemented advance AUKUS objectives, as well as potential additional revisions to the EAR that would further enhance defense industrial base cooperation and technology innovation with Australia and the UK. Interested parties should consider submitting comments to BIS by the June 3, 2024, deadline.

Notwithstanding this important regulatory development, export control revisions under AUKUS related to the U.S. International Traffic in Arms Regulations (“ITAR”) administered by the U.S. Department of State, Directorate of Defense Trade Controls (“DDTC”), have not yet been promulgated. Until that action occurs, industry will not be able to assess the full extent of U.S. export control revisions and continued licensing requirements that will be implemented under AUKUS.Continue Reading BIS Removes Significant Export Control License Requirements for Australia and the UK under the Strategic AUKUS Partnership

May 1, 2024, saw two major developments under the Australia, United Kingdom, and United States (“AUKUS”) Trilateral Security Partnership.

First, the U.S. Department of State (the “Department”) issued a notice of proposed rulemaking (“NPRM”) that would amend the International Traffic in Arms Regulations (“ITAR”) to create an exemption for certain exports, reexports, retransfers, or temporary imports of defense articles or defense services, or certain brokering activities between or among authorized users within Australia, the United Kingdom, and the United States.

Second, the UK Department for Business and Trade (“DBT”) issued Notice to Exporters 2024/09: update on AUKUS, which was accompanied by publication of a draft Open General Licence to permit the export, transfer, and supply or delivery, of dual-use goods, military goods or technology to, between, and among the AUKUS partners (“Draft AUKUS OGL”).

These developments signal clearly to industry that the AUKUS partners are committed to fostering greater cooperation across defense and critical technologies through reforms of their export controls and licensing regimes. Interested parties may wish to consider submitting comments on one or both proposals. The deadline for comments on the proposed United States ITAR rule is May 31, 2024. The deadline for comments on the UK Draft AUKUS OGL is July 1, 2024. Importantly, the NPRM for the ITAR does not yet have the force and effect of law until a final or interim final rule is promulgated. Similarly, the Draft AUKUS OGL cannot currently be relied upon and will not come into effect until a final version is issued.

United States: ITAR Exemptions

The Department’s proposed exemption would be available for all defense articles or defense services, except for those contained within a limited excluded list. The proposed rule would also introduce a provision to allow for certain transfers of classified defense articles to certain dual nationals (subject to certain requirements described below) and would codify an expedited license review process for Australia, the UK, and Canada.Continue Reading Trilateral AUKUS Partnership Further Strengthened with Proposed New U.S. ITAR Exemptions and UK Open General Licenses

On March 21, 2024, the Department of Commerce’s Bureau of Industry and Security (“BIS”) issued a final rule under the U.S. Export Administration Regulations (“EAR”) that imposes new export controls on certain individuals and entities identified on the U.S. Department of the Treasury’s Office of Foreign Assets Control’s (“OFAC’s”) List of Specially Designated Nationals and Blocked Persons (“SDN List”).  More specifically, the final rule imposes a BIS licensing requirement on exports, reexports, or transfers (in-country) of all items “subject to the EAR” when certain categories of SDNs are parties to the transaction.  The covered types of SDNs are designated under 11 OFAC-administered sanctions programs (as noted by BIS), including those relating to Russia, Belarus, transnational criminal organizations, and narcotics traffickers (as well as making slight changes to similar preexisting controls on SDNs designated for activities related to terrorism or proliferation of weapons of mass destruction).

The U.S. government has described these broader EAR restrictions as a “force multiplier” to complement OFAC’s jurisdiction, by allowing these controls in Part 744 of the EAR to “act as a backstop for activities over which OFAC does not exercise jurisdiction.”  OFAC’s sanctions regulations generally prohibit U.S. persons from engaging in any transactions or dealings involving SDNs and blocked parties (i.e., entities owned 50 percent or more by one or more SDNs or blocked parties), and the property or interest in property of such parties in the United States or within the possession or control of a U.S. person must be blocked (i.e., frozen) and reported to OFAC.  Non-U.S. persons can violate U.S. sanctions programs by, among other things, “causing” a U.S. person to violate U.S. sanctions.  With limited exceptions such as under the Cuban Assets Control Regulations and the Iranian Transactions and Sanctions Regulations, OFAC’s sanctions regulations generally do not specify whether they apply to transactions taking place entirely outside the United States that do not involve U.S. persons simply because the transactions involve items subject to the EAR.  This new rule aims to close this gap by providing BIS with clear authority to take export controls enforcement action in such cases where U.S. products or technologies, but not U.S. persons, are involved.   

As a result of BIS’s rule, non-U.S. persons outside the United States, who may not clearly be prohibited (absent the involvement of U.S. persons) by U.S. sanctions regulations from dealing in the property or interests in property of an SDN or blocked party, will now generally be subject to licensing requirements under the EAR if reexporting or transferring (in-country) any item “subject to the EAR” when an SDN designated under at least one of these sanctions programs is a “party to the transaction,” including as purchaser, intermediate consignee, ultimate consignee, or end user.  This underscores the guidance in the Tri-Seal Compliance Note of March 6, 2024 that non-U.S. persons have export controls (and sanctions) licensing obligations under U.S. law, even if operating wholly offshore, and therefore, they should consider enhancing compliance screening protocols and controls to prevent violations of U.S. export controls and sanctions.Continue Reading Export Controls and Sanctions Converge: New BIS Restrictions on SDNs

On March 1, 2024, the federal district court in the Northern District of Alabama declared in the case of National Small Business United v. Yellen that the Corporate Transparency Act (“CTA”) exceeds the Constitution’s limits on Congress’s power. The court enjoined the Department of the Treasury and Financial Crimes Enforcement Network (“FinCEN”) – the agency responsible for implementing the CTA – from enforcing the CTA against the plaintiffs in this case. While the ruling enjoins enforcement only against the plaintiffs in the specific case, the rationale used by the court is a broad rejection of the constitutionality of the statute, rather than a more tailored “as applied” rationale. Following the ruling, FinCEN issued a statement clarifying it will only cease enforcement with respect to the specific plaintiffs in the case, rather than with respect to all reporting companies. Those plaintiffs include Isaac Winkles, reporting companies for which Isaac Winkles is the beneficial owner or applicant, the National Small Business Association (“NSBA”), and members of the NSBA as of March 1, 2024 (collectively, the “Plaintiffs”). As of now, the CTA and its beneficial ownership information (“BOI”) reporting requirements remain in effect for all other entities that are required to report BOI to FinCEN under the CTA.Continue Reading Federal Court Finds Corporate Transparency Act Unconstitutional: Navigating Implications for Reporting Companies

In a first of its kind action, the US Department of Commerce has begun a rulemaking process to prohibit or impose conditions on certain transactions involving foreign technology used in so-called “connected vehicles” or “CVs,” as defined below for automotive applications.

The measure, announced by Commerce on February 29, 2024 in a press release and an advanced notice of proposed rulemaking (ANPRM), is Commerce’s first attempt to cover a class of transactions under the Department’s Information and Communications Technology and Services (ICTS) rules.

The ICTS rules, contained at 15 CFR Part 7, were first issued in 2021, but Commerce has not yet implemented or used the rules to cover a particular class of transactions. However, Commerce recently created a new Office of Information and Communications Technology and Services (OICTS) within the Bureau of Industry and Security (BIS) and appointed the first ever director of that office (see additional detail here). Those measures, coupled with the ANPRM on CVs, suggest that Commerce has ramped up its efforts in this area and is becoming increasingly active in its use of the ICTS rules. It is all but certain that the ANPRM on CVs is just the first example of industries to be targeted, and we expect to see similar efforts in relation to other high-priority industries going forward.

Comments on the ANPRM are due by April 30, 2024. Commerce will likely publish a proposed rule after reviewing public comments on the ANPRM and provide an additional opportunity to comment on the proposed rule at that time.Continue Reading In First of Its Kind Action, Commerce Moves to Regulate Foreign Tech in Vehicles

On February 23, 2024, the United States issued a broad set of new Russia-related sanctions and export controls in response to the second anniversary of Russia’s invasion of Ukraine and the February 16, 2024, death of opposition leader, Aleksey Navalny, in Russian custody.

The Treasury Department’s Office of Foreign Assets Control (OFAC), the Commerce Department’s Bureau of Industry and Security (BIS), and the State Department all issued new designations.  The agencies also issued an inter-agency advisory warning non-Russian companies from doing business in or with Russia.Continue Reading US Government Imposes New Russia Sanctions, Designating Over 500 Parties and Issuing Interagency Russia Business Advisory

On February 8, 2024, the U.S. Department of the Treasury, Financial Crimes Enforcement Network (FinCEN) published a notice of proposed rulemaking (2024 NPRM) about Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) regulations concerning persons involved in residential real estate closings and settlements. To promote U.S. AML/CFT objectives, the NPRM proposes a system of streamlined Suspicious Activity Reports (SARs) for certain U.S. real estate transactions. The NPRM does yet not have the force and effect of law, and FinCEN has requested public comments to be submitted until on or about April 16, 2024. A brief summary of the background and substantive provisions for the NPRM follows.Continue Reading Potential new SAR-like Reporting Requirements for Certain U.S. Real Estate Transactions

In a recent proposed rule, the Department of Commerce has taken additional steps toward imposing significant regulations on infrastructure as a service (IaaS) providers, including providers engaged in training certain large AI models. The notice of proposed rulemaking (NPRM) is published by Commerce’s Bureau of Industry and Security (BIS) and, in particular, its newly-created Office of Information and Communications Technology and Services (OICTS). The NPRM does not impose any immediate obligations on industry. Rather it requests comments on the proposed rules, which Commerce will consider before issuing a final rule. Comments are due by April 29, 2024.

The NPRM is OICTS’s first step toward implementing the Biden Administration’s executive order on AI (discussed in Steptoe’s alert here) and further implements a prior executive order on IaaS providers (discussed in Steptoe’s alert here).

The NPRM would require providers of IaaS products to implement customer identification programs (CIPs) to verify the identity of foreign customers. The CIP requirement is similar, in many respects, to the CIPs that certain US financial institutions must implement as part of their anti-money laundering (AML) compliance programs. The NPRM also delineates the ability of Commerce to identify foreign jurisdictions and persons posing a heightened threat to US national security and to prohibit or require conditions on the provision of IaaS products to such jurisdictions or persons. IaaS providers would be obligated to identify and report to Commerce when a foreign person uses their products to train a large AI model with potential capabilities that could be used in malicious cyber-enabled activity. Furthermore, IaaS providers would be required to ensure their resellers comply with the same set of rules.Continue Reading Commerce Proposes Significant New Regulations on AI Training and IaaS Providers

On January 16, 2024, the Assistant Secretary for Export Enforcement at the Department of Commerce’s Bureau of Industry and Security (BIS) issued a memorandum, announcing that:

  1. parties disclosing minor or technical violations that occurred close in time can submit a single Voluntary Self-Disclosure (VSD) on a quarterly basis, which may include an abbreviated narrative account of the suspected violations; and
  2. parties sending formal requests to BIS’s Office of Exporter Services to engage in otherwise prohibited activities with respect to items involved in violations of the Export Administration Regulations (EAR) should also send courtesy copies to the Office of Export Enforcement (OEE), which will help expedite BIS’s processing of such requests.

The memorandum builds upon previous changes to BIS’s administrative enforcement program, which were announced in memoranda dated June 30, 2022 and April 18, 2023.  These changes are intended to help OEE fast-track its review of “minor” or “technical” VSDs and to encourage additional disclosures of potentially significant violations of the EAR, but do not apply to VSDs relating to Part 760 of the EAR (antiboycott and restrictive trade practices).  For a detailed analysis of the previous memoranda, see our blog posts from July 6, 2022 and April 26, 2023.  Continue Reading BIS Makes Further Changes to Administrative Enforcement, But Questions Remain