Photo of Jack Hayes

Jack Hayes has extensive experience providing clients with advice and assistance under ITAR and EAR, as well as US economic sanctions and anti-boycott regulations. Jack frequently handles complex export control matters, including voluntary disclosures, internal investigations of apparent export control violations, pre-closing and post-closing acquisition export compliance due diligence, export control audits, and assessments of compliance obligations and risks in accordance with relevant international trade regulations. He also provides guidance on brokering requirements and reporting obligations for certain fees, commissions, and political contributions related to sales of defense articles and defense services, prepares export and reexport license and agreement applications for submission, undertakes commodity jurisdiction and export classification analyses of items and services under the ITAR and EAR, drafts registration material change notifications, and develops compliance policies, programs, and training materials.

Read Jack's full bio.

On October 18, 2021, the US Treasury Department published a report of its 2021 Sanctions Review of economic and financial sanctions implemented by the Office of Foreign Assets Control (OFAC) since September 11, 2001. The next day, Deputy Secretary of the Treasury Wally Adeyemo delivered a summary of the report in testimony before the US Senate Committee on Banking, Housing, and Urban Affairs.

The review, which incorporates feedback from public and private stakeholders, together with Adeyemo’s testimony underscores the Treasury Department’s concern that the effectiveness of US sanctions could erode over time as non-US actors seek alternatives to the US financial system, including digital currencies and alternative payment platforms outside of US jurisdiction.  The report observes that not only adversaries but also “some allies” are reducing their use of the US dollar in cross-border transactions, implying that unilateral US actions are contributing to the risk that US sanctions could become less effective.  To counter this trend, the report lays out a five-point plan to “modernize sanctions” by enhancing the Treasury Department’s policy framework and processes for imposing, enforcing, and revising US sanctions.

Continue Reading Changes Ahead? US Treasury Publishes Outcomes of Sanctions Policy Review

On October 15, 2021, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued anticipated Sanctions Compliance Guidance for the Virtual Currency Industry and updated two related Frequently Asked Questions (FAQs 559 and 646).  OFAC has published industry-specific guidance for only a handful of other industries in the past two decades; the new guidance demonstrates the agency’s increasing focus on the virtual currency (VC) sector.  It also clarifies US sanctions compliance practices in ways that could lay a foundation for future OFAC enforcement actions.

OFAC’s guidance was announced as part of broader US government enforcement priorities to combat ransomware, money laundering, and other financial crimes in the virtual currency sector, as noted in the Department of Justice’s recent announcement of a National Cryptocurrency Enforcement Team.  The OFAC guidance was published in tandem with a Financial Crimes Enforcement Network (FinCEN) analysis of ransomware trends in suspicious activity reporting, but the guidance is directed at the VC industry in general and is not specific to ransomware.  A ransomware actor who demands VC may or may not be a target of OFAC sanctions, and sanctioned actors may engage in a wide variety of VC transactions that do not involve ransomware.  The recommended compliance practices in OFAC’s new guidance are focused on the full range of sanctions risks that arise from virtual currencies.

Continue Reading OFAC Issues Compliance Guidance for the Virtual Currency Industry

On September 21, 2021, the US Department of the Treasury’s Office of Foreign Asset Control (OFAC) issued an updated advisory on the sanctions risks of facilitating ransomware payments.  OFAC issued a prior version of its advisory on October 1, 2020. In the months since, attacks have continued and target entities in the United States, including many in sensitive industries, generating increased concern over the scale of the problem. OFAC’s updated advisory is part of the Biden administration’s ongoing efforts to address the national security and economic risks posed by such attacks. The updated advisory emphasizes that OFAC “strongly discourages” victims from making ransom payments and reemphasizes the sanctions risks of doing so, but also seeks to provide victims with greater clarity about the steps that can be taken to reduce the likelihood of a public enforcement response if a company inadvertently makes or facilitates ransom payments that may have a sanctions nexus.

Continue Reading OFAC Issues Revised Ransomware Advisory

On September 24, 2021, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued General License 14 (GL-14) and General License 15 (GL-15), authorizing certain types of humanitarian transactions involving Afghanistan that could relate to the Taliban or the Haqqani Network that would otherwise be prohibited by the Global Terrorism Sanctions Regulations (GTSR), the Foreign Terrorist Organizations Sanctions Regulations (FTOSR), or Executive Order (EO) 13224.

Both the Taliban and the Haqqani Network are designated by OFAC as Specially Designated Global Terrorists (SDGTs) pursuant to EO 13224. The Haqqani Network is also designated by the US Department of State as a Foreign Terrorist Organization (FTO) under section 219 of the Immigration and Nationality Act.  Furthermore, several of the individual members of the Taliban and the Haqqani Network are designated by OFAC as SDGTs.

These groups have recently taken control of, and appointed officials (including at least one individual designated as an SDGT) to administer, the Government of Afghanistan and its associated agencies and organizations.  As a result, there are concerns that interactions with the Government of Afghanistan could be prohibited to the extent they involve a person subject to US sanctions or expose parties to broader risks under US counter-terrorism financing laws.

Continue Reading OFAC’s New Afghanistan-Related Humanitarian Licenses: Opportunities and Challenges

On June 9, 2021, the US Department of Commerce (Commerce), Bureau of Industry and Security (BIS), published a notice in the Federal Register amending the Export Administration Regulations (EAR), 15 CFR Part 760, to provide a new interpretation regarding the US antiboycott regime applicable to the United Arab Emirates (UAE).  This Commerce action follows the US Department of the Treasury’s (Treasury) similar action earlier this year to remove the UAE from Treasury’s list of countries that require or may require participation in or cooperation with an international boycott not sanctioned by the United States.  As a result of Commerce’s action, the UAE is no longer presumed to be a country engaging in an unsanctioned boycott, and the risk of violating the prohibitions and reporting obligations under Part 760 of the EAR have been substantially curtailed, but not wholly eliminated.

Continue Reading United Arab Emirates Has Terminated its Boycott Against Israel, but Certain US Antiboycott Risks May Remain

On May 18, 2021, the US Treasury Department’s Office of Foreign Assets Control (OFAC) issued an updated general license under Executive Order (EO) 13959 authorizing US persons to transact in publicly traded securities of entities whose names “closely match” the name of any company previously identified as a Communist Chinese military company (CCMC). The general license (now called General License No. 1B), which was due to expire on May 27, 2021, now expires on June 11, 2021.

For the time being, the restrictions under EO 13959 apply only to entities whose names appear on OFAC’s Non-SDN CCMC List as well as seven entities who are yet to be formally added to OFAC’s Non-SDN CCMC List but were identified by the Department of Defense on January 14, 2021.

Continue Reading OFAC Extends General License for “Close Name Matches” under Executive Order 13959 as Biden Administration Reviews Communist Chinese Military Company Sanctions

The Treasury Department has removed the United Arab Emirates (“UAE”) from its current list of countries which require or may require participation in, or cooperation with, an international boycott (within the meaning of section 999(b)(3) of the Internal Revenue Code).  Iraq, Kuwait, Lebanon, Libya, Qatar, Saudi Arabia, Syria, and Yemen remain on the Treasury list.

According to the Treasury Department, the UAE has been removed from the list due to the issuance of Federal Decree-Law No. 4 of 2020, which repealed its law mandating a boycott of Israel, and the subsequent actions that the UAE government has taken to implement the new policy.  The change in law followed the 2020 normalization agreement between Israel and the United Arab Emirates.

Continue Reading Treasury Removes UAE From Boycott List: Possible Implications

On February 18, 2021, the US Department of the Treasury’s Office of Foreign Assets control (OFAC) announced a $507,375 settlement with BitPay, Inc. (BitPay).  This civil settlement resolved apparent violations of multiple sanctions programs related to digital currency transactions, and is the second OFAC enforcement case brought against a business in the blockchain industry.  This case follows OFAC’s December 2020 civil enforcement action against another blockchain industry company, BitGo, Inc. (BitGo), for alleged violations of multiple US sanctions programs related to digital currency transactions.  See our prior blog post on the BitGo action here.

BitPay, based in Atlanta, Georgia, offers a payment processing solution for merchants to accept digital currency as payment for goods and services.  The apparent sanctions violations relate to digital currency transactions on the BitPay platform between individuals located in Cuba, North Korea, Iran, Sudan, Syria, and the Crimea region of Ukraine (annexed by Russia) and merchants in the United States and elsewhere.  OFAC acknowledged that BitPay screened its customers, the merchants, against US sanctions lists, but stated that BitPay had reason to know that purchasers dealing with the merchants were located in comprehensively sanctioned jurisdictions because the company had location information, including Internet Protocol (IP) address data, about those persons.  This case was not voluntarily disclosed, but OFAC found that the violations were not egregious.

According to OFAC, BitPay allowed persons in comprehensively sanctioned jurisdictions to conduct approximately $129,000 worth of digital currency transactions with BitPay’s merchant customers.  As described in OFAC’s enforcement release, between approximately June 10, 2013, and September 16, 2018, BitPay processed 2,102 transactions from individuals with IP addresses located in the sanctioned jurisdictions.  The transactions related to BitPay’s payment processing service.  BitPay allegedly received digital currency payments on behalf of its merchant customers from those merchants’ buyers, who were located in sanctioned jurisdictions.  BitPay then converted the digital currency into fiat, and then relayed that currency to its merchant customers.

Continue Reading OFAC Announces Second Enforcement Action Targeting a Digital Asset Company

In a Federal Register notice dated February 5, 2021, the US Department of State provided notice that the Secretary of State has determined that six individuals sanctioned by the US Treasury Department’s Office of Foreign Assets Control (“OFAC”) on January 15, 2021 fulfilled the criteria for being designated as Specially Designated Nationals (SDNs) under Section 4(a)(iii) of Executive Order (EO) 13936, which authorizes the Treasury and State Departments to impose blocking sanctions in relation to certain events in Hong Kong.

The State Department issued similar notifications on January 22, 2021 (here and here) with respect to a total of 18 individuals designated as SDNs under EO 13936 on December 7 and November 9, 2020. No such determination appears in the Federal Register for 11 individuals designated under EO 13936 on August 7, 2020.

The Secretary of State’s recently issued determinations do not alter OFAC’s SDN designations, which took effect on January 15, 2021, December 7, 2020, and November 9, 2020, respectively, nor has the State Department added the individuals to its report under Section 5(a) of the Hong Kong Autonomy Act.

Continue Reading US State Department Issues Notices on Prior Hong Kong Sanctions Designations

On January 19, 2021, President Trump issued Executive Order (EO) 13984, “Taking Additional Steps To Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities” (86 Fed. Reg. 6,837 (Jan. 25, 2021)), taking further action under the national emergency declared by President Obama in Executive Order 13694 of April 1, 2015.  EO 13984 directs the US Department of Commerce (Commerce) to: (1) promulgate know-your-customer (KYC)-type identification and recordkeeping obligations on US “Infrastructure as a Service” (IaaS) providers engaging in foreign transactions, and (2) consult with other US government agencies to impose “special measures,” i.e., restrictions, on foreign jurisdictions and persons, i.e., actors, determined to be using US IaaS to engage in significant malicious cyber activities.

The EO describes IaaS as “products to provide persons the ability to run software and store data on servers offered for rent or lease without responsibility for the maintenance and operating costs of those servers,” and includes a lengthy definition of different types of IaaS products that are covered by the EO. Although some reports have focused on the impact that EO 13984 may have on cloud service providers, the EO’s broad definition for IaaS could sweep in other information technology service providers operating in the US.

The EO is not effective immediately, and may not go into effect for several months or longer.  The EO directs Commerce “to propose for notice and comment” regulations within 180 days implementing the KYC and “special measures” directives described above.  In addition, EO 13984 was issued by President Trump at the very end of his administration, and it is possible that the Biden Administration will delay implementation for a longer period of time as it reviews the legal and policy implications of the EO.

Continue Reading US Infrastructure as a Service Providers (IaaS) – New Know-Your-Customer Requirements?