On May 22, 2024, the US Department of Justice’s National Security Division (“NSD”) announced its first-ever corporate declination under the NSD’s Export Control and Sanctions Enforcement Policy for Business Organizations (the “Policy”) in connection with a voluntary self-disclosure by Massachusetts biochemical company Sigma-Aldrich, Inc., doing business as MilliporeSigma. The declination related to allegations of US export control violations that occurred when a former employee and his co-conspirators submitted falsified export documentation for hundreds of shipments of MilliporeSigma products to China. The former MilliporeSigma employee and one coconspirator pleaded guilty to wire fraud conspiracy for their roles in the scheme. 

The NSD’s Export Control and Sanctions Enforcement Policy creates a presumption that a company will receive a non-prosecution agreement (“NPA”), or, where appropriate under the provisions of the Justice Manual, a full declination of any action, including through an NPA, and no fine when it voluntarily self-discloses potentially criminal violations of US export controls and sanctions laws to the NSD’s Counterintelligence and Export Control Section (“CES”), fully cooperates, and timely and appropriately remediates. The presumption of an NPA or declination does not apply where aggravating factors are present. “Potentially” aggravating factors include egregious or pervasive criminal misconduct within the company, concealment or involvement by upper management, repeated administrative and/or criminal violations of national security laws, the export of items that are particularly sensitive or to end users of heightened concern, and a significant profit to the company from the misconduct. Where such aggravating factors are present, NSD has the discretion to seek a different resolution, such as a deferred prosecution agreement or guilty plea.

While NSD has touted the MilliporeSigma declination as an example of the clear benefits companies may receive under the Policy when they commit fully to voluntary self-disclosure of export controls and sanctions violations at the earliest sign of potential criminal wrongdoing, the facts and circumstances of the case, as set forth by the Justice Department, raise significant questions for companies who may uncover similar or more serious conduct within their own operations. Such questions, and the specific facts at issue here, should prompt companies to carefully assess whether the MilliporeSigma declination is a seminal moment representing the new normal under NSD’s VSD Policy or a potential outlier with somewhat limited precedential value.Continue Reading DOJ’s National Security Division’s First-Ever Declination Under Its Voluntary Self-Disclosure Policy Raises Critical Questions

On May 10, 2024, the US Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) issued an Interim Final Rule, effective August 8, 2024 (the “IFR”), that clarifies the scope of OFAC’s rejected transaction reporting requirement, and introduces other amendments to the Reporting, Procedures and Penalties Regulations (“RPPR”) at 31 CFR Part 501.

While reported enforcement actions under the RPPR are not common, there are past examples, such as one that we reported on in 2016 and a 2022 enforcement action involving Nodus International Bank, Inc. (“Nodus”), an international financial entity located in Puerto Rico, for failure to maintain full and accurate records related to the handling of blocked property and inaccurate reporting of the blocked property to OFAC. Given OFAC’s increasing regulatory focus on the RPPR requirements, such as rejected transaction reporting, one can expect that the agency may increase its enforcement focus in this area as well. Therefore, parties subject to OFAC’s regulatory jurisdiction, including organizations that are not financial institutions, would be well advised to consider how to integrate these changing RPPR requirements into their compliance programs.Continue Reading OFAC Amends Reporting Requirements – Important Considerations for Compliance

On April 24, 2024, President Biden signed HR 815, “Making emergency supplemental appropriations for the fiscal year ending September 30, 2024, and for other purposes,” into law (the “National Security Supplemental” or the “NSS”). The National Security Supplemental appropriates funds to provide security assistance to Ukraine, Israel, and US partners in the Indo-Pacific and humanitarian aid for Gaza. Alongside the appropriations measures, the National Security Supplemental includes the “21st Century Peace through Strength Act”, a collection of fourteen sanctions, export controls, and related regulatory measures targeting Iran, Russia, and China, in addition to areas of concern including narcotics trafficking, terrorist financing, and misuse of information and communications technology and services (“ICTS”).

In this post, we assess these new developments and the areas where they will likely have the greatest impact.Continue Reading President Signs Expansive Sanctions Bill Into Law; Doubling of Limitations Period for IEEPA Violations Likely to Have Major Impact

On April 12, 2024, in a coordinated action the Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) in the United States and the Foreign, Commonwealth, and Development Office, HM Treasury, and Department for Business and Trade (“DBT”) in the United Kingdom announced expanded sanctions targeting certain Russian metals, including limiting the use of in-scope metals on the two largest global metal exchanges and in over-the-counter derivatives trading by imposing new regulations on the activities of U.S. persons and persons subject to UK sanctions jurisdiction. The United States also added restrictions related to the importation of certain Russian metals produced after a certain date (but not items made from those metals).Continue Reading United States and United Kingdom Take Coordinated Action Against Russian Federation Metals

On March 21, 2024, the Department of Commerce’s Bureau of Industry and Security (“BIS”) issued a final rule under the U.S. Export Administration Regulations (“EAR”) that imposes new export controls on certain individuals and entities identified on the U.S. Department of the Treasury’s Office of Foreign Assets Control’s (“OFAC’s”) List of Specially Designated Nationals and Blocked Persons (“SDN List”).  More specifically, the final rule imposes a BIS licensing requirement on exports, reexports, or transfers (in-country) of all items “subject to the EAR” when certain categories of SDNs are parties to the transaction.  The covered types of SDNs are designated under 11 OFAC-administered sanctions programs (as noted by BIS), including those relating to Russia, Belarus, transnational criminal organizations, and narcotics traffickers (as well as making slight changes to similar preexisting controls on SDNs designated for activities related to terrorism or proliferation of weapons of mass destruction).

The U.S. government has described these broader EAR restrictions as a “force multiplier” to complement OFAC’s jurisdiction, by allowing these controls in Part 744 of the EAR to “act as a backstop for activities over which OFAC does not exercise jurisdiction.”  OFAC’s sanctions regulations generally prohibit U.S. persons from engaging in any transactions or dealings involving SDNs and blocked parties (i.e., entities owned 50 percent or more by one or more SDNs or blocked parties), and the property or interest in property of such parties in the United States or within the possession or control of a U.S. person must be blocked (i.e., frozen) and reported to OFAC.  Non-U.S. persons can violate U.S. sanctions programs by, among other things, “causing” a U.S. person to violate U.S. sanctions.  With limited exceptions such as under the Cuban Assets Control Regulations and the Iranian Transactions and Sanctions Regulations, OFAC’s sanctions regulations generally do not specify whether they apply to transactions taking place entirely outside the United States that do not involve U.S. persons simply because the transactions involve items subject to the EAR.  This new rule aims to close this gap by providing BIS with clear authority to take export controls enforcement action in such cases where U.S. products or technologies, but not U.S. persons, are involved.   

As a result of BIS’s rule, non-U.S. persons outside the United States, who may not clearly be prohibited (absent the involvement of U.S. persons) by U.S. sanctions regulations from dealing in the property or interests in property of an SDN or blocked party, will now generally be subject to licensing requirements under the EAR if reexporting or transferring (in-country) any item “subject to the EAR” when an SDN designated under at least one of these sanctions programs is a “party to the transaction,” including as purchaser, intermediate consignee, ultimate consignee, or end user.  This underscores the guidance in the Tri-Seal Compliance Note of March 6, 2024 that non-U.S. persons have export controls (and sanctions) licensing obligations under U.S. law, even if operating wholly offshore, and therefore, they should consider enhancing compliance screening protocols and controls to prevent violations of U.S. export controls and sanctions.Continue Reading Export Controls and Sanctions Converge: New BIS Restrictions on SDNs

On February 23, 2024, the United States issued a broad set of new Russia-related sanctions and export controls in response to the second anniversary of Russia’s invasion of Ukraine and the February 16, 2024, death of opposition leader, Aleksey Navalny, in Russian custody.

The Treasury Department’s Office of Foreign Assets Control (OFAC), the Commerce Department’s Bureau of Industry and Security (BIS), and the State Department all issued new designations.  The agencies also issued an inter-agency advisory warning non-Russian companies from doing business in or with Russia.Continue Reading US Government Imposes New Russia Sanctions, Designating Over 500 Parties and Issuing Interagency Russia Business Advisory

On January 16, 2024, the Assistant Secretary for Export Enforcement at the Department of Commerce’s Bureau of Industry and Security (BIS) issued a memorandum, announcing that:

  1. parties disclosing minor or technical violations that occurred close in time can submit a single Voluntary Self-Disclosure (VSD) on a quarterly basis, which may include an abbreviated narrative account of the suspected violations; and
  2. parties sending formal requests to BIS’s Office of Exporter Services to engage in otherwise prohibited activities with respect to items involved in violations of the Export Administration Regulations (EAR) should also send courtesy copies to the Office of Export Enforcement (OEE), which will help expedite BIS’s processing of such requests.

The memorandum builds upon previous changes to BIS’s administrative enforcement program, which were announced in memoranda dated June 30, 2022 and April 18, 2023.  These changes are intended to help OEE fast-track its review of “minor” or “technical” VSDs and to encourage additional disclosures of potentially significant violations of the EAR, but do not apply to VSDs relating to Part 760 of the EAR (antiboycott and restrictive trade practices).  For a detailed analysis of the previous memoranda, see our blog posts from July 6, 2022 and April 26, 2023.  Continue Reading BIS Makes Further Changes to Administrative Enforcement, But Questions Remain

On August 10, 2023, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), in coordination in the United Kingdom and Canada, designated the former governor of Lebanon’s central bank, Riad Salameh (“Salameh”) and four close associates, pursuant to Executive Order (“E.O.”) 13441.  According to OFAC’s press release, Salameh was designated for alleged “corrupt and unlawful actions [that] have contributed to the breakdown of the rule of law in Lebanon” and his close associates were designated for “having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, Salameh.”  The designations are noteworthy in that they were undertaken pursuant to OFAC’s determinations under sections 1(a)(i)(A) and (B) of E.O. 13441 – which provide authority for OFAC designations in response to actions “contribut[ing] to the deliberate breakdown in the rule of law in Lebanon”, among other sanctionable activities – rather than E.O. 13818 (the “Global Magnitsky Act E.O.”), which authorizes the imposition of sanctions against individuals and entities involved in serious human rights abuses, corruption, or other malign activities, including any person determined to “degrade the rule of law,” on a worldwide basis. Continue Reading OFAC Sanctions Former Governor of Lebanon Central Bank and Associates

On July 31, 2023, the Committee on Foreign Investment in the United States (CFIUS) released its Annual Report to Congress for Calendar Year 2022.  CFIUS is the inter-agency body charged with conducting national security reviews for certain foreign investments in the United States.  The CFIUS process is generally confidential, but the annual report provides aggregate data on certain CFIUS activities and offers the private sector insight into current Committee trends.Continue Reading Key Takeaways from the 2022 CFIUS Annual Report

On June 16, 2023, the US Department of Commerce published a final rule (the “June 16 rule”) to implement Executive Order (EO) 14034, Protecting Americans’ Sensitive Data From Foreign Adversaries, by amending Commerce’s previously-issued Securing the Information and Communications Technology Supply Chain regulations (the “ICTS rule”).   Among other requirements, EO 14034 directed the Secretary of Commerce to consider the risks posed by “connected software applications” and take “appropriate action” in accordance with the previously issued ICTS rule and EO 13873, Securing the Information and Communications Technology and Services Supply Chain, pursuant to which the ICTS rule was issued. 

The ICTS rule authorizes Commerce to prohibit or otherwise regulate certain transactions involving information and communications technology or services (“ICTS”) with a nexus to “foreign adversaries” that pose an “undue or unacceptable risk” to US national security.  (For additional detail on the ICTS rule, see our prior blog post.)  The June 16 rule amends the ICTS rule to clarify Commerce’s ability to regulate transactions involving software, including so-called “connected software applications,” and to further enumerate the criteria that Commerce will consider when reviewing such transactions.   The changes are effective July 17, 2023.Continue Reading Commerce Issues Final Rule Targeting Connected Software Applications