On August 10, 2023, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), in coordination in the United Kingdom and Canada, designated the former governor of Lebanon’s central bank, Riad Salameh (“Salameh”) and four close associates, pursuant to Executive Order (“E.O.”) 13441.  According to OFAC’s press release, Salameh was designated for alleged “corrupt and unlawful actions [that] have contributed to the breakdown of the rule of law in Lebanon” and his close associates were designated for “having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, Salameh.”  The designations are noteworthy in that they were undertaken pursuant to OFAC’s determinations under sections 1(a)(i)(A) and (B) of E.O. 13441 – which provide authority for OFAC designations in response to actions “contribut[ing] to the deliberate breakdown in the rule of law in Lebanon”, among other sanctionable activities – rather than E.O. 13818 (the “Global Magnitsky Act E.O.”), which authorizes the imposition of sanctions against individuals and entities involved in serious human rights abuses, corruption, or other malign activities, including any person determined to “degrade the rule of law,” on a worldwide basis. 

Continue Reading OFAC Sanctions Former Governor of Lebanon Central Bank and Associates

On July 31, 2023, the Committee on Foreign Investment in the United States (CFIUS) released its Annual Report to Congress for Calendar Year 2022.  CFIUS is the inter-agency body charged with conducting national security reviews for certain foreign investments in the United States.  The CFIUS process is generally confidential, but the annual report provides aggregate data on certain CFIUS activities and offers the private sector insight into current Committee trends.

Continue Reading Key Takeaways from the 2022 CFIUS Annual Report

On June 16, 2023, the US Department of Commerce published a final rule (the “June 16 rule”) to implement Executive Order (EO) 14034, Protecting Americans’ Sensitive Data From Foreign Adversaries, by amending Commerce’s previously-issued Securing the Information and Communications Technology Supply Chain regulations (the “ICTS rule”).   Among other requirements, EO 14034 directed the Secretary of Commerce to consider the risks posed by “connected software applications” and take “appropriate action” in accordance with the previously issued ICTS rule and EO 13873, Securing the Information and Communications Technology and Services Supply Chain, pursuant to which the ICTS rule was issued. 

The ICTS rule authorizes Commerce to prohibit or otherwise regulate certain transactions involving information and communications technology or services (“ICTS”) with a nexus to “foreign adversaries” that pose an “undue or unacceptable risk” to US national security.  (For additional detail on the ICTS rule, see our prior blog post.)  The June 16 rule amends the ICTS rule to clarify Commerce’s ability to regulate transactions involving software, including so-called “connected software applications,” and to further enumerate the criteria that Commerce will consider when reviewing such transactions.   The changes are effective July 17, 2023.

Continue Reading Commerce Issues Final Rule Targeting Connected Software Applications

On May 19, 2023, in conjunction with the G7, Australia, and other international partners, the US government announced a range of new export controls and sanctions and added 71 entities to the Entity list, primarily for supporting Russia’s military and defense sectors.  The new export controls – and new sanctions, which are the subject of a separate blog post – reflect the continued efforts of the US (in coordination with international allies) to target those attempting to circumvent or evade sanctions or export controls against Russia and Belarus.  The new measures are intended to further undermine the Russian and Belarusian industrial bases and counteract their ability to continue to support the war in Ukraine and to further limit Russia’s energy revenue and future extractive capabilities.  

Also on May 19, 2023, the Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) and the Department of Commerce’s Bureau of Industry and Security (“BIS”) issued a Joint Supplemental Alert entitled “FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security Urge Continued Vigilance for Potential Russian Export Control Evasion Attempts” (the “Supplemental Alert”), which is intended to assist financial institutions in the risk-based screening of export-related financial transactions in order to determine whether customers and transactions may be connected to export controls evasion.

Continue Reading BIS Expands Export Controls on Russia and Belarus and Issues New Joint Alert with FinCEN

On May 19, 2023, the US Treasury Department’s Office of Foreign Assets Control (“OFAC”) and the US Department of State announced a new round of multifaceted sanctions against Russia.  These sanctions actions were announced alongside additional export controls imposed by the US Commerce Department’s Bureau of Industry and Security (“BIS”) and the publication of a new joint alert by BIS and the Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”), which are the subject of a separate blog post.

The new sanctions include expanded secondary sanctions authorities targeting additional sectors of the Russian economy; designations of more individuals and entities on the List of Specially Designated Nationals and Blocked Persons (“SDN List”); the inclusion of additional services among those that are prohibited for export to Russia; and new reporting requirements for US holders of property in which Russia’s Central Bank, Finance Ministry, or National Wealth Fund have an interest.

US persons, and others doing business that involves US jurisdiction, should continue to be vigilant against transacting with SDNs or entities that are owned by 50% or more by SDNs.  US and non-US persons alike should also carefully consider whether any of their business could constitute operations in one of the newly sanctioned sectors of Russia’s economy.

Continue Reading OFAC and State Department Significantly Expand Russia-Related Sanctions

On April 18, 2023, Matthew Axelrod, Assistant Secretary for Export Enforcement at the Department of Commerce’s Bureau of Industry and Security (BIS), issued a memorandum outlining two important changes to BIS’s settlement guidelines when significant potential violations of the Export Administration Regulations (EAR) are identified. Specifically, BIS announced that (1) the deliberate non-disclosure of a significant potential violation will now be treated as an aggravating factor in civil enforcement cases, and (2) whistleblowing of significant potential violations by another party that ultimately results in a BIS enforcement action will be considered a mitigating factor in any future enforcement action involving the whistleblower, even for unrelated conduct. The policy changes are intended to incentivize the submission of disclosures to BIS when industry or academia uncovers significant EAR violations (i.e., those reflecting possible national security harm, as opposed to minor, technical violations).

BIS’s new policy of treating non-disclosure of significant potential violations of the EAR as an aggravating factor marks a potential sea change in the voluntary self-disclosure (VSD) risk calculus for exporters and reexporters. By reorienting the purpose of the VSD to serve as both carrot and stick, BIS has now interjected more complexity into the voluntary disclosure decision making process. Companies that may have been inclined, previously, to remediate significant potential violations but not disclose may now face a more difficult choice. While it may take years for the civil penalty data to demonstrate the concrete costs of non-disclosure of significant potential violations of the EAR, consideration of that factor is likely to weigh heavily in any future BIS VSD decisions.

Continue Reading A Carrot and a Stick: BIS Clarifies Policy on Self-Disclosures and Whistleblowing

On February 16, 2023, the Department of Justice (DOJ) and Commerce Department announced the creation of the Disruptive Technology Strike Force with a mission to prevent nation-state “adversaries” from acquiring “disruptive” technologies.  The strike force will be co-led by Assistant Attorney General Matthew Olsen of the DOJ’s National Security Division (NSD) and Assistant Secretary for Export Enforcement at the Commerce Department’s Bureau of Industry and Security (BIS) Matthew Axelrod, and will bring together the DOJ’s NSD, BIS, the Federal Bureau of Investigation, Homeland Security Investigations, and 14 US Attorneys’ Offices in 12 metropolitan regions. 

The strike force’s mandate, and remarks by Deputy Attorney General Lisa Monaco announcing the new initiative, illustrate the US government’s continuing focus on protecting sensitive data and “disruptive” technologies, as well as the regulatory and enforcement tools that the US government has used and will continue to use to prevent the acquisition, use, and “abuse” of “disruptive” technologies by autocratic governments to commit human rights abuses and seek strategic advantage vis-à-vis the United States.

Continue Reading Justice and Commerce Departments Announce Creation of Disruptive Technology Strike Force

In this blog post, we provide an overview of the updates to the Criminal Division’s Corporate Enforcement Policy (CEP) and discuss the impact of these changes on the corporate enforcement policies for criminal violations of sanctions and export controls, criminal violations of antitrust laws, and civil violations of the False Claim Act.

On January 17, 2023, Assistant Attorney General Kenneth A. Polite, Jr. announced changes to the Department of Justice’s (“DOJ”) Corporate Enforcement Policy (“CEP”), including applying the most recent FCPA Corporate Enforcement Policy to all corporate criminal cases handled by the DOJ’s Criminal Division. The FCPA Corporate Enforcement Policy, codified in § 9-47.120 of the Justice Manual, provides that if a company voluntarily self-discloses, fully cooperates, and timely and appropriately remediates, there is a presumption of declination absent certain “aggravating circumstances involving the seriousness of the offense or the nature of the offender.” The clear goal of this and other recent pronouncements from senior DOJ leadership is to tip the scales in favor of early disclosure by setting forth concrete incentives for corporations that discover potential criminal violations. 

Importantly, the CEP now explicitly states that a company presenting “aggravating circumstances,”1 while not eligible for a presumption of declination, may still obtain a declination if (1) the company had an effective compliance program and system of internal accounting controls at the time of the alleged misconduct, (2) the voluntary self-disclosure was made “immediately” upon the company becoming aware of the allegation of misconduct, and (3) the company provided “extraordinary cooperation” to DOJ investigators. For companies that do not receive a declination but do receive credit, the CEP also increases the available discounts from fines under the U.S. Sentencing Guidelines (“USSG”), both for companies that voluntarily self-disclose and those that do not.

Although the updated CEP heavily emphasizes the benefits of voluntary self-disclosure and cooperation, its implications for companies will largely depend upon the Criminal Division’s application of the policy, including through DOJ prosecutors’ interpretation of important, undefined terms such as “immediate” disclosure and “extraordinary” cooperation.

Moreover, although the CEP applies to the entire Criminal Division, it could potentially have ripple effects on the corporate enforcement policies in place in other DOJ components. For example, the CEP does not revoke or alter the DOJ National Security Division’s (“NSD”) Export Control and Sanctions Enforcement Policy for Business Organizations (the “Export Control and Sanctions Enforcement Policy”). That NSD policy is generally consistent with the CEP, but it does not spell out affirmatively, as the new Criminal Division policy does, the circumstances that a company must demonstrate to be considered for a non-prosecution agreement (“NPA”) rather than a criminal resolution in the face of aggravating factors. Similarly, the Antitrust Division and Civil Division have their own corporate enforcement policies in place, each of which has aspects uniquely tailored to those respective regimes. It therefore remains to be seen whether these other Divisions within DOJ will adjust their corporate enforcement policies to align more precisely with the CEP.  

Continue Reading DOJ’s New Corporate Enforcement Policy for the Criminal Division and its Impact on Cases handled by other Divisions

On October 7, 2022, in a move that was hailed by senior U.S. government officials as a paradigm shift in U.S. export controls policy toward China, the Department of Commerce’s Bureau of Industry and Security (BIS) issued an interim final rule that amends the Export Administration Regulations (EAR) to impose new and expanded controls on advanced computing integrated circuits (ICs), computer commodities that contain such ICs, and certain semiconductor manufacturing items. Transactions for supercomputer end-uses and transactions involving certain entities on the Entity List are now subject to additional export controls, as are certain semiconductor manufacturing items and transactions for certain IC end uses. U.S. person activities as they relate to certain semiconductor activities in China are also now restricted.

Certain aspects of the rule, specified below, including the availability of license exceptions, became effective immediately on October 7, 2022. The new restrictions on U.S. person activities under § 744.6 became effective on October 12, 2022. The remainder of the provisions with a delayed effective date are specified below and will become effective on October 21, 2022. BIS is also accepting public comments on the interim final rule through December 12, 2022.

Separately, also on October 7, 2022, BIS issued a final rule, which revised the Unverified List (UVL) and clarified the activities and criteria that may lead to the addition of an entity to the Entity List. BIS stated that a sustained lack of cooperation by the host government in a country where an end-use check is to be conducted, such as China, that effectively prevents BIS from determining compliance with the EAR, will be grounds for adding an entity to the Entity List.

The U.S. policy goals behind the new rules are ambitious and seek to degrade China’s advanced computing capabilities in an unprecedented manner. As summarized recently by National Security Advisor Jake Sullivan: “On export controls, we have to revisit the longstanding premise of maintaining ‘relative’ advantages over competitors in certain key technologies.  We previously maintained a ‘sliding scale’ approach that said we need to stay only a couple of generations ahead. That is not the strategic environment we are in today. Given the foundational nature of certain technologies, such as advanced logic and memory chips, we must maintain as large of a lead as possible.”

The broad implications of these new rules, along with their efficacy from a policy standpoint, may take some time to come fully in to focus. For now, it is clear that any U.S. or non-U.S. individuals or entities that play any role in the global semiconductor supply chain—whether as manufacturers, producers, consumers, or otherwise—need to carefully review the new rules to determine what is required to comply and, if necessary, seek guidance or a license from BIS.

Continue Reading BIS Issues Expansive New Rules Targeting China

On August 1, Robinhood Crypto, LLC (RHC) entered a consent order with the New York State Department of Financial Services (DFS) requiring RHC to pay a $30 million fine for violating (1) New York’s virtual currency regulatory regime known as the BitLicense, (2) a Supervisory Agreement entered with DFS as a condition of its BitLicense, (3) anti-money laundering (AML) requirements applicable to money transmitters, and (4) other requirements related to transaction monitoring, filtering, and cybersecurity.  The consent order, which is DFS’s first enforcement action under the BitLicense regime or against a digital currency business, offers several important takeaways for blockchain companies operating or seeking to operate in the state, including (1) the importance of scaling up compliance processes commensurate with business growth, (2) the risks of relying on compliance programs of affiliated entities, (3) the importance of well-developed reporting lines in compliance programs, and (4) the consequences of filing “improper” certifications under DFS’s transaction monitoring and cybersecurity rules.

Continue Reading DFS’s First Enforcement Action Against a Blockchain Company: Lessons Learned