CFIUS reviews “certain transactions involving foreign investment into businesses in the United States and certain transactions by foreign persons involving real estate in the United States” to understand the effect of such transactions on the United States’ national security. CFIUS enforces compliance with statutes, regulations, and negotiated agreements, using its ability to impose civil monetary penalties and other remedies.

The proposed rule has three key components. First it expands the subpoena authority to acquire information from “third persons not party to a transaction notified to CFIUS and in connection with assessing national security risk associated with non-notified transactions.” This will allow CFIUS to obtain more information for non-notified transactions, which CFIUS indicated would help it better assess which non-notified transactions require further review. Second, CFIUS would have increased authority to impose harsher penalties on those that provide incomplete or misleading information or otherwise violation CFIUS rules and regulations. The base maximum would be raised from $250,000 to $5,000,000. Lastly, the rule would institute an extendable timeline for parties to respond to risk mitigation proposals to allow CFIUS to conclude reviews or investigations within “the statutory time frame.” Importantly, parties will only have three business days to respond to risk mitigation proposals, which could create time crunches for negotiating with CFIUS.

Other items in the proposed rule include:

• Expanding the scope of information CFIUS can require of transaction parties and other persons on transactions not filed with CFIUS.
• Extending the deadline for submissions for reconsiderations of penalties.

Parties affected by the rule have until May 11th to submit comments to Treasury. Those who frequently engage in the CFIUS review process may wish to submit comments during this time.

Please contact our CFIUS, export controls, and sanctions team if you need assistance navigating these latest developments.

On April 16, 2024, USTR requested composition of an RRM panel, only the second such panel requested under the USMCA. This case centers on labor issues at two Atento Services call centers in Hidalgo, Mexico, which the U.S. asserts provide services to BBVA Mexico, a subsidiary of the Spanish multinational financial services company BBVA Group.

As explained in greater detail below, the Atento case is highly significant for the RRM, for services companies in Mexico, and for U.S. trade policy writ large.

What is the RRM?

The RRM requires individual companies operating in Mexico to comply with certain Mexican labor laws as designated by the USMCA. The RRM applies to all companies operating in a priority sector in Mexico – defined broadly to include all manufactured goods, mining, and services – that produce a good or supply a service traded between the U.S. and Mexico, or that compete with a U.S. good or service within Mexico. Petitioners can initiate a proceeding by requesting that the U.S. government review a matter, or the government can self-initiate a review.

The U.S. government has brought 22 RRM cases since the USMCA entered into force in July 2020, with 15 of these occurring in the last 11 months. USTR reports that 17 cases have resulted in comprehensive remediation plans or were otherwise successfully resolved to the satisfaction of the U.S. government. Also according to USTR, these cases have resulted in US $5 million in backpay and benefits to workers, reinstatements of dozens of terminated workers, and elections in which workers selected independent unions to represent them at nine facilities. Sixteen cases have focused on auto or auto parts facilities, two on mines, one on garments, and one on processed foods. Atento is the second case focused on a service provider.

Companies targeted in an RRM enforcement action and found in violation by the Parties (the U.S. and Mexican governments) or an RRM panel – a finding called a “denial of rights” – are subject to trade sanctions on a “three strike” basis, whereby the remedies become more severe for repeat violations, including:

1. Strike 1 – suspension of preferential tariff treatment for goods manufactured at the facility (loss of USMCA tariff preferences for goods from a facility and reversion to the MFN tariff rate) or the imposition of penalties on goods manufactured at, or services provided by, the facility;
2. Strike 2 – application of a remedy available for Strike 1 against all same or related goods or services, from all facilities in Mexico owned or controlled by the same person; and
3. Strike 3 – denial of entry into the U.S. of such goods.

Upon initiating a case, the U.S. government also issues a press release naming the company, and, for goods cases, usually suspends settlement of customs accounts from the facility.

As a key enforcement piece of the Trump Administration’s USMCA trade package and a priority for Congressional Democrats and the Biden Administration’s “worker-centered trade policy,” the RRM has achieved unique bipartisan support in Washington and is widely considered to be a model – or at least a jumping-off point – for future trade agreements.

Why is the Atento case significant?

Much of the RRM caseload to-date – 20 of 22 cases – has focused on trade in goods. This makes sense, as the remedies specifically spelled out in the USMCA focus on approaches that create significant penalties for non-compliant facilities engaged in goods trade, like increasing tariff rates or prohibiting importation of goods. It seems that service providers in Mexico and RRM petitioners have viewed potential RRM services cases as a bit of an afterthought. However, by requesting composition of an RRM panel in the Atento case, the U.S. government is clearly signaling that it disagrees. The U.S. government could have taken an off-ramp before it issued this panel request – it could have agreed to a settlement, for example, or taken the Mexican government’s announced actions to purportedly remediate the issue as sufficient to close out the matter – but instead it elevated the case in a way that has happened only once previously. This tells me two things about the government’s views of this case: (1) the U.S. government thinks its case is strong enough to win at panel; and (2) the U.S. government has a plan for the services-related remedies it will impose if it does.

Much of the attention on Atento has focused on the first point, and that makes sense. As the U.S. and Mexico both approach Presidential elections this year that re-emphasize political touchpoints around economic protectionism and sovereignty, and with the expiration of Mexico’s legitimation vote deadline that makes remediating RRM cases harder than just re-running a vote, and with the influx of Chinese electric vehicle investments in Mexico that has been called “an extinction level event” for the U.S. auto industry, the second RRM panel is a big deal.

But an analysis that stops with that first point misses the forest for the trees, because the implications of the second point are profound and could have ramifications for much of the Biden Administration’s trade policy, not just the RRM. The Biden Administration has sought to frame its trade policy as distinguishable from past approaches in a number of ways, but one notable distinction comes from its decision not to pursue negotiation of traditional market access, tariff-lowering, trade agreements. Since typical trade agreement enforcement in cases of non-compliance is conducted by taking away the market access that the agreement conferred, critics of the Biden Administration’s trade policy question whether the reportedly ambitious commitments it seeks in negotiations with Taiwan, Kenya, the EU, the UK, and 13 Indo-Pacific countries are actually enforceable. Without lowering tariffs, the critique goes, how will the U.S. make sure that its “worker-centered” trade policy is more than just words on paper?

It may be that the Atento RRM case is about to give us the U.S. government’s answer to that question. If the panel agrees with the U.S. government in Atento and permits the U.S. to impose remedies against the call centers involved in the case, we could gain concrete insight into what sorts of trade enforcement remedies it may be contemplating in each of the other trade agreements it is negotiating.

What are the next steps in the case?

The immediate next step in the case is that the USMCA Secretariat (the Mexican section, as the respondent Party) has until April 19 to select by lot the three panelists that will make up the RRM panel. One panelist is selected from Mexico’s list of panelists, one from the U.S. list, and one from the joint list. The three lists were established when the USMCA entered into force in July 2020, so it’s worth noting that the U.S. chose its own panelists and agreed to the joint list during the Trump Administration.

Once constituted, the panel has five business days to confirm that the petition meets basic threshold requirements and then will issue to Mexico a request for verification. Unless Mexico objects to the verification request (in which case the U.S. would ask the panel to find a denial of rights), the panel is to conduct the verification within 30 days of Mexico’s receipt of the request. The panel then has an additional 30 days from the verification to determine if there has been a denial of rights.

However, these timelines should be taken with a grain of salt. In the first case to go to an RRM panel – concerning labor issues at a Grupo Mexico lead, zinc, and copper mine in Zacatecas, Mexico – the panel proceedings have taken much longer than provided for in the USMCA. In that case, the U.S. requested composition of an RRM panel on August 22, 2023. The panel reportedly did not conduct its verification until February 26, 2024, and heard oral arguments from the parties from February 28-29, 2024. The delays in the case have been ascribed to additional time needed by the Mexican secretariat to translate documents. The Grupo Mexico panel’s decision is expected soon, but the panel process has evinced some operational delays in the panel process that the Parties may want to address in their 2026 review of the USMCA.

The Department is expanding its authority to review transactions relating to communications and telecommunications, after a significant period of relative inactivity. This marks one of the first major uses of this authority to flag items of risk coming into the United States.

The ANPRM outlines the risks of such technology from foreign adversaries used within CVs. The Department determined that ICTS can provide a direct entry point to “sensitive U.S. technology and data,” or that may be able to bypass certain safety and security measures within the CV. Thus, the Department determined that ICTS provided under the jurisdiction or direction of certain foreign countries or persons could be used to harm the United States’ critical infrastructure and national security. In a press release, the Department also named China as a threat in this context.

The Department is seeking feedback on a range of issues, providing an opportunity for industry players to help shape the scope and direction of the Department’s rulemaking process. Although in its very early stages, the ANPRM signifies an unprecedented use of authority under the ICTS Executive Order. Companies should be attentive to these developments, and consider consulting with counsel and submitting questions or concerns to the Department, as requested in the ANPRM.

Companies that manufacture, supply, or are otherwise involved with CVs should strongly consider submitting comments, especially those in the telecommunications industry.

Comments are due on April 30, 2024. Companies may email their comments directly to [email protected] with “RIN 0694-AJ56” in the subject line. Below are some additional details on submitting comments.

Please contact our export controls and sanctions team if you need assistance navigating these latest developments.

* * *

Instructions: Comments sent by any other method, to any other address or individual, or received after the end of the comment period, may not be considered. For those seeking to submit confidential business information (CBI), please clearly mark such submissions as CBI and submit by email, as instructed above. Each CBI submission must also contain a summary of the CBI, clearly marked as public, in sufficient detail to permit a reasonable understanding of the substance of the information for public consumption. Such summary information will be posted on regulations.gov.

For further information, companies may contact: Marc Coldiron, U.S. Department of Commerce, telephone: 202-482-3678.

Companies should carefully review the lists of newly restricted parties to ensure that they do not engage in transactions with these parties without a license. Any ongoing dealings with Russia should be reviewed anew to see if the additional sanctions apply. The sanctioned entities cross many different sectors and countries, and include:

• Russian companies making machine tools and other manufacturing and metalworking equipment
• Russian entities supporting electronics manufacturing and the information technology sector
• Russia’s aerospace sector
• Third-country manufacturers of metalworking equipment, aircraft and truck parts, and dual-use electronics, including in China, the UAE, Serbia, and Liechtenstein
• Logistics and cargo transportation entities

Of note, entities owned 50% or more by the entities and individuals added to the SDN List are also subject to the sanctions. While OFAC issued a handful of general licenses to allow winddown of transactions with some of the newly sanctioned entities, these general licenses are limited in time and scope. Additional restrictions may be forthcoming as the U.S. and its allies seek to put further pressure on Russia and any third-country entities that are diverting products to Russia or otherwise circumventing sanctions.

Please contact our export and sanctions team for help analyzing the new sanctions and how to navigate them.

The Commerce Department is soliciting comment on the proposed rules for 90 days, with submissions due to the agency by April 29, 2024. Key features of the NPRM and areas for comment are summarized below.

Customer Identification Program

The new rule would require that U.S. providers of IaaS products (including U.S. resellers) implement and maintain a written, risked-based Customer Identification Program (CIP). The CIP is a Know-Your-Customer (KYC) program that would consist of data collection procedures for ascertaining and verifying the identities of current and prospective customers. Importantly, the requirement extends to confirming beneficial owners. For many companies, the requirements extend beyond the identification information currently collected from customers. Moreover, U.S. IaaS providers would need to ensure that foreign resellers of their IaaS products maintain and implement adequate CIP programs. U.S. IaaS provider would need to terminate their relationship with foreign resellers who do not adequately comply. To reduce compliance burdens, the Department proposes to allow foreign resellers, by agreement, to adopt or reference CIP programs created by U.S. IaaS providers. Providers would need to report to Commerce that they and their foreign resellers have a CIP, and annually certify information about the CIP thereafter. Although the Department is considering an adjustment period, compliance with any final rule would be required within one year of publication.

In response to comment, the Department has clarified that foreign subsidiaries of U.S. IaaS providers would not be covered under the current interpretation of the rules.

Additionally, the NPRM envisions a mechanism for requesting exemption from CIP requirements, and requests comment on proposed standards and procedures for adjudicating the same. The Department also welcomes information regarding (1) security best practices to deter abuse of U.S. IaaS products and (2) safe harbor activities that may form the basis of an exemption.

Special Measures

The NPRM proposes a procedure for imposing restrictions on certain foreign persons opening or maintaining IaaS accounts. Notably, the Department would be empowered to impose restrictions on specific foreign actors and all customers and potential customers within a specified foreign jurisdiction. If the Department exercises this authority, companies would need procedures in place to make sure prohibited foreign parties cannot open or maintain accounts. The Department would undergo a thorough investigation, based on its own accord or upon referral from other executive agencies or providers, to determine whether the following reasonable grounds exist that warrant special intervention:

• For foreign actors, the Department would need to find reasonable grounds that the person has established a pattern of conduct of offering U.S. IaaS products that are used for malicious cyber-enabled activities or directly obtaining U.S. IaaS products for use in malicious cyber-enabled activities; and
• For foreign jurisdictions, the Department would need to find a significant number of foreign persons offering U.S. IaaS products that are, in turn, used for malicious cyber-enabled activities, or a significant number of foreign persons directly obtaining U.S. IaaS products and using them in malicious cyber-enabled activities.

AI Training

In accordance with Executive Order, the proposed rule would require reports to the Department on instances of “training runs” by foreign persons for “large AI models with the potential for malicious cyber-enabled activity.” The requirement would cover transactions that result or could result in AI training meeting certain technical conditions. Providers would need to build in procedures to identify potential transactions for reporting.

By way of example, the Department notes that a foreign corporation proposing to train a large AI model on the computing infrastructure of a U.S. IaaS provider—and signs an agreement to provide such training—would be covered by the proposed requirement so long as the AI model’s specifications meet certain technical conditions. At this point, the Department’s standard for determining what technical conditions trigger the AI reporting requirement would reference interpretive rules published in the Federal Register and be updated based on technological advancements.

Nonetheless, the Department seeks comment on (1) the definition of “large AI models with the potential for malicious cyber-enabled activity” and (2) what red flags the Department should adopt that would create a presumption that a foreign person is training an AI model meeting the requisite technical conditions.

Outlined in the NPRM are several other elements of and considerations relating to the proposal, including data collection requirements and a discussion of cost burdens associated with implementing a CIP program. And the Department is soliciting comment on several other areas of the rule, including challenges that U.S. IaaS providers may face in investigating and remediating malicious cyber activity, the potential impact of the rule on small businesses, and more. Again, any such comments must be received by the Department by April 29, 2024.

Please contact our trade and national security team if you require any assistance navigating this development.

BIS indicated that Wabtec violated Section 760.5 of the EAR, which requires U.S. persons to report the receipt of a request to engage in a restrictive trade practice or foreign boycott against a country friendly to the United States. Specifically, Wabtec received and failed to report 43 separate requests from a customer in Pakistan to withhold Israeli-origin goods, which were included as part of their orders, coming into Pakistan.

What is unique about this civil penalty is its size compared to other recent antiboycott penalties, especially given that Wabtec filed a voluntary self-disclosure on the boycotting activity. Given other recent heightened enforcement of antiboycott laws, this may be indicative of a new pattern of antiboycott enforcement by BIS, with more frequent and harsher penalties than before.

As has frequently been the case in antiboycott matters, the customer request involves refraining from use of Israeli-origin goods. Such requests may become more frequent due to rising geopolitical tensions in the Middle East. Any similar requests, relating to Israel or otherwise, must be rejected and reported to OAC. Companies identifying potential violations should consider a voluntary self-disclosure to mitigate damages.

Under part 760 of the EAR, U.S. persons are prohibited from taking certain actions that support or further an unsanctioned foreign boycott, especially towards countries friendly to the United States. This penalty serves as a reminder that U.S. persons must also report to OAC any boycott-related requests. Just rejecting the provisions, but failing to report, can result in significant penalties. Companies should ensure internal compliance procedures include procedures to identifying and reporting boycott requests.

Please contact our sanctions and export controls team if you require any assistance navigating this development.

Among many specific requests for expanded enforcement, the letter makes an unprecedented call expanding the UFLPA Entity List to include companies outside of China (without proposing any revision to the statutory language).

As of January 26, 2024, the UFLPA Entity List is populated by 37 entities,[1] 25 of which are located within the Xinjiang Uyghur Autonomous Region (“XUAR”), and 12 of which are located elsewhere in China. The letter cites an “urgent need to expand the UFLPA Entity List to include numerous companies and entities located outside the XUAR,” which could be justified for Chinese companies that have participated in social programs that the U.S. regards as constituting forced labor.

But the letter also calls for “adding companies outside the PRC that profit from the use of Uyghur forced labor to the UFLPA Entity List.” (Letter at 4, emphasis added.) Later, the letter asks: “Despite nearly two billion dollars’ worth of shipments from third countries being detained for UFLPA violations, why has DHS not listed a single company outside the PRC on the UFLPA Entity List?” (Letter at 7, emphasis added.)

This request is made in the context of a call for U.S. Customs and Border Protection (CBP) to “aggressively step up enforcement of potential UFLPA violations by goods shipped from the PRC and indirectly through third countries.” As the letter notes, a significant volume of UFLPA detentions to date have been directed at goods of Vietnam and Malaysia. Accordingly, the continued aggressive enforcement by CBP of the UFLPA against third country goods would not be new; adding non-Chinese companies to the UFLPA Entity List, on the other hand, would represent a dramatic escalation of UFLPA enforcement.

The text of the UFLPA provides specific criteria for inclusion of an entity on the UFLPA Entity Lists. These include:

• entities within the XUAR that “mine, produce, or manufacture” goods, wholly or in part with forced labor;
• entities that work with the government of the XUAR to “recruit, transport, transfer, harbor or receive” “forced labor, Uyghurs, Kazakhs, Kyrgyz or members of other persecuted groups out of the XUAR”;
• entities that export products from the foregoing entities “from the People’s Republic of China into the United States”; and
• “a list of facilities and entities, including the Xinjiang Production and Construction Corps, that source material from the Xinjiang Uyghur Autonomous Region or from persons working with the government of the Xinjiang Uyghur Autonomous Region or the Xinjiang Production and Construction Corps for purposes of the ‘‘poverty alleviation’ program or the ‘pairing-assistance’ program or any other government labor scheme that uses forced labor.”

While potentially amenable to different interpretations, these categories do not obviously encompass “companies outside the PRC that profit from the use of Uyghur forced labor,” as proposed in the China Select Committee letter. The letter does not cite statutory text to justify this request.

In addition to the foregoing demand, the letter makes numerous additional requests including:

• identifying 29 companies for proposed inclusion on the UFLPA Entity List, all located within China;

• Expanding UFLPA enforcement against de minimis shipments (valued under $800 per person per day);

• expanding product & sectoral focus for UFLPA enforcement to include gold, seafood and critical minerals; and

• increasing site inspections for compliance with the UFLPA and other trade laws in Dominican Republic-Central America Free Trade Agreement (“CAFTA-DR”) and United States-Mexico-Canada Agreement (“USMCA”) countries, echoing a request from the Senate Committee on Finance in November 2023.

This letter is the latest in a long line of congressional correspondence to the Executive Branch calling for different manner of increased enforcement for the UFLPA. Kelley Drye is tracking all congressional correspondence related to the UFLPA and is happy to provide this information to clients upon request.

Should you have any further questions about the trends and developments in UFLPA enforcement, please do not hesitate to contact us.

[1] The letter mistakenly states that there are 41 entities listed. Four entities are listed twice under different categories of the UFLPA Entity List.

BIS added 95 new HTS codes at the 6-digit level to the list of items requiring a license for export, reexport, or transfer (in-country) to Russia or Belarus. The expanded list of items includes certain chemicals, lubricants, and metals, and it covers the entirety of Chapter 88 of the HTS (aircraft, spacecraft, and parts thereof), further restricting Russia’s access to inputs for its defense industrial base. Other new HTS codes include 281830 (aluminum hydroxide), 283324 (nickel sulfate), and 284330 (gold compounds). The goal of the new HTS controls is to prevent additional related items not enumerated on the Commerce Control List from being exported to Russia and Belarus.

Additionally, BIS removed the lowest-level military and spacecraft-related items from being eligible for de minimis treatment when incorporated into foreign-made items for export from abroad or reexport to Russia or Belarus. This action brings additional foreign-made military and spacecraft items within the scope of the EAR if they include certain U.S. components, putting more pressure on Russia’s defense industrial base and making it more challenging for foreign suppliers to provide low-level military and spacecraft items to Russia and Belarus.

Finally, BIS made several clarifying and harmonizing changes, including by adding an exclusion from BIS license requirements in situations involving transactions that are related to deployments by the Armed Forces of Ukraine to or within the temporarily occupied Crimea region of Ukraine and covered regions of Ukraine.

Please contact our export controls and sanctions team if you need assistance navigating these latest developments.

Notably, these FAQs curb any assumption that transactions eligible for the Notified Advanced Computing (NAC) license exception will enjoy routine authorization at the end of the 25-day review period. BIS intends to review notified transactions for national security concerns, and, where such concerns arise, will still require a specific license even if the advanced computing item under review satisfies the parameters set out under NAC eligibility requirements. BIS’s national security assessment may be based on a number of factors “including the type of item, quantity, and the end user/end use.” Thus, BIS also does not have any current plans to publish a list of advanced computing chips that are eligible for the exception. Parties seeking to avail themselves of the NACs license exception should plan accordingly.

The FAQs feature several other important clarifications, including the following:

• License Exception NAC also applies to Export Control Classification Number (ECCN) 4A090 items not enumerated under 4A090.a., notwithstanding the fact that 4A090.b is currently being reserved (BIS will revise 4A090.b to reflect this);
• A list of information required for NAC submissions submitted via SNAP-R;
• Technical guidance on calculating/measuring performance parameters;
• The requirement that items with an ECCN falling under the new paragraph “.z” submit an Electronic Export Information filing through the Automated Export System includes transactions below $2,500;
• A “z.” paragraph item authorized under License Exception NAC may still need to meet other requirements of the Export Administration Regulations, e.g., License Exception ENC; and
• BIS’s exclusion from certain chip-related export controls on the activities of “U.S. Persons” is limited to natural U.S. persons (i.e., not entities) employed or working on behalf of a U.S. (or other allied) entity.

Please contact our export controls and sanctions team if you need assistance navigating these latest developments.

EO 14114 authorizes OFAC to impose U.S. sanctions on FFI’s that are either (1) facilitating significant transactions on behalf of persons designated for operating in certain key sectors of the Russian economy that support the country’s military-industrial base; or (2) facilitating significant transactions or providing services involving Russia’s military-industrial base, including those relating to specific manufacturing inputs and technological materials that Russia is seeking to obtain from foreign sources. If OFAC determines that an FFI is engaging in these restricted activities, then OFAC may prohibit the FFI from maintaining correspondent accounts or payable-through accounts in the United States. OFAC could also subject the FFI to full blocking sanctions through addition to the List of Specially Designated Nationals and Blocked Persons.

Separately, OFAC issued a Determination pursuant to EO 14024 listing certain items contributing to Russia’s military-industrial base that may trigger U.S. sanctions on FFIs who facilitate significant transactions involving such items. 29 items were identified across eight categories, which include:

1. Certain machine tools and manufacturing equipment;
2. Certain manufacturing materials for semiconductors and related electronics;
3. Certain electronic test equipment;
4. Certain propellants, chemical precursors for propellants, and explosives;
5. Certain lubricants and lubricant additives;
6. Certain bearings;
7. Certain advanced optical systems; and
8. Certain navigation instruments.

OFAC issued FAQs 1148 – 1153 addressing the FFI sanctions developments.

Additionally, EO 14114 amends EO 14068 of March 11, 2022 (“Prohibiting Certain Imports, Exports, and New Investment With Respect to Continued Russian Federation Aggression”) by expanding the U.S. import ban on Russian-origin fish, seafood (and preparations thereof), alcoholic beverages, and non-industrial diamonds. Of note, the EO covers products, as determined by OFAC, that include any of the above Russian-origin products that were (1) mined, extracted, produced, or manufactured wholly or in part in the Russian Federation, or harvested in waters under the jurisdiction of Russia or by Russia-flagged vessels, even if such products have been incorporated or substantially transformed into other products outside of the Russian Federation; (2) products containing any of the products subject to the prohibitions; and (3) products subject to the prohibition that transited through or were exported from or by Russia. As a result, products coming from third countries must be scrutinized to see if they contain Russian-origin seafood, alcohol or diamonds, in order to determine if the import ban may apply. Separately, OFAC issued a Determination pursuant to EO 14068 specifying the type of seafood subject to the expanded import prohibition: salmon, cod, pollock, and crab.

OFAC issued FAQs 1154 – 1157 addressing the expanded import ban.

Finally, OFAC published a Sanctions Advisory to provide guidance to importers and financial institutions on how to identify and mitigate sanctions risks. The advisory contains examples of activities that could expose an FFI to sanctions risk, such as facilitating the sale, supply, or transfer of certain items to Russian importers or companies shipping the items to Russia. The advisory also outlines best practices that FFI’s can incorporate into their compliance programs to mitigate exposure to sanctions, and contains helpful links to previous guidance issued by OFAC on Russia sanctions. Companies that bank with FFIs who have high Russia exposure should be prepared for the possibility that the FFI itself is sanctioned.

Please contact our sanctions and export controls team if you require any assistance navigating these developments.

The STA license exception authorizes a broad array of export activity that would otherwise require an export license, if certain notice and recordkeeping procedures are followed. However, historically, exporters have frequently sought an export license rather than relying on the STA exception. To increase usage of STA and decrease export license requests when STA is available, the proposed rule seeks to:

• Clarify that STA is a transaction-based license exception and exporters do not need to review the Commerce Control List to determine if STA is available for a particular Export Control Classification Number (“ECCN”).
• Add text to make it more explicit that STA is eligible for deemed exports and deemed reexports.
• Exclude deemed exports and deemed reexports from the requirement to have been listed on an approved license or other approval for “600 series” technology.
• Adopt a simpler and consistent approach to identify ECCNs eligible for STA.
• Remove the limitation on the use of License Exception Additional Permissive Reexports for reexports between and among certain partner and ally countries to reflect their close coordination with the United States on export controls.

In addition to the proposed STA changes, BIS published two final rules also designed to ease certain categories of export licensing requirements and expand the availability of export license exceptions for key allied and partner countries.

The first rule changes licensing requirements for certain Australia Group (AG)-controlled pathogens and toxins (and their related technologies) so that no license is required to AG countries, unless the item is also subject to Chemical Weapons Convention controls. The rule also loosens licensing requirements on crime controls for certain countries.

The second rule expands license exception eligibility to additional countries for certain missile technology items excluding any countries of concern for missile technology reasons or that are subject to a U.S. arms embargo (i.e., countries specified in Country Groups D:4 or D:5). The rule also updates list-based controls to align with recent Missile Technology Control Regime control list changes.

Please contact our sanctions and export controls team if you require any assistance navigating these changes

The Report and its findings herald a notable shift away from a “free trade” oriented U.S. export policy toward more hardline oversight and regulation of U.S. exports to the PRC and adversaries. According to the House Committee, the Chinese Communist Party’s (CCP) Military-Civil fusion strategy blurs the line between commercial and military items in such a way that requires the United States to abandon the “post-Cold War” distinction between economic and national security. In doing so, the Report calls on licensing officials to act less as the “voice of business” and more as U.S. regulators that are more “willing to deny licenses to export technology” to U.S. adversaries. It remains to be seen whether Congress or BIS will implement any of the recommendations, but it is clear the House Committee has serious concerns about the current state of play.

The Report makes several recommendations to address key areas of weakness in the United States’ approach to U.S. export controls, including the following:

1. Implement a majority vote system for the BIS’s Operating Committee, especially for exports to China. For the fiscal years of 2017–2019, there has been a 60 percent increase in non-consensus decisions of the Operating Committee, which adjudicates escalations from licensing decisions where reviewing agencies are not in agreement. According to the House Committee, these statistics raise concerns that the Operating Committee too often overrides the objections of other agencies by abusing Commerce’s role as both a Chair and a member. Implementation of this recommendation from the House Committee would likely make it more difficult for U.S. industry to obtain favorable licensing decisions through the escalation process.
2. BIS should impose a policy of denial for all exports of national security-controlled items to China to reduce the rate of approval. In 2020, nearly all exports to China of items listed on the Commerce Control List (CCL) were unlicensed. Even where required, BIS granted an overwhelming majority of requests to export or release U.S. software or technology to the PRC. The House Committee concluded that denying the value of these exports, which in 2021 reflected around 1 percent of U.S. exports to China, would hardly effect U.S.-China trade relations, while blunting CCP military ambitions. If implemented, U.S.-regulated firms involved in dual-use transactions with China would face stronger headwinds in obtaining licenses that historically have been granted.
3. BIS (or Congress) should apply a “presumption of denial” for all items subject to the EAR for companies on the Entity List and clearly define the term to mean that a license, no matter the item, will be denied in essentially every instance. BIS’s licensing regime is not strict enough in preventing the proliferation of U.S. technology to prohibited end users and end uses, according to the Report. The Report submits that too many license applications for companies appearing on the Entity List are approved despite being subject to a “presumption of denial,” with BIS approving $60 billion worth of licenses to Huawei during a six-month period between November 2020 and April 2021. Defining the term to limit BIS’s discretion, while also expanding the scope of items subject to the “presumption of denial” standard, would make it much more difficult if not impossible to engage in controlled transactions with Entity Listed PRC companies.
4. BIS should broaden the scope of Entity List requirements to subsidiaries and affiliates, and invest in enhanced, commercially-available mapping tools. The Report cites the effectiveness of the “50 percent rule,” a mechanism that the Treasury Department’s Office of Foreign Assets Control employs when administering economic sanctions against Specially Designated Nationals (SDNs) to “flow-down” U.S. sanctions requirements to certain entities majority owned by SDNs. The Report recommends that BIS similarly adopt, at the very least, a mechanism that would automatically apply Entity List licensing requirements to related PRC-entities in order to mitigate circumvention of U.S. export controls. In addition, the House Committee calls for investment in enhanced tools for screening and identifying linkages of PRC companies to CCP military. This measure, if implemented, could result in more entities being subject to Entity List restrictions, cutting off sales to unlisted subsidiaries.
5. The Department of Commerce must renegotiate its end-use agreement with the PRC or impose greater restrictions on exports to China considering the inability to conduct meaningful end-use checks. Unlike other countries, where U.S. export control officers have a good deal of discretion to conduct end-use checks for up to 5 years after shipment, end-use checks involving PRC shipments must occur within 180 days. Moreover, end-use checks on PRC shipments require PRC approval. According to the Report, this severely hinders BIS’s ability to monitor and ensure compliance with license terms. Should the Department of Commerce successfully re-negotiate these terms, U.S. exporters can expect greater and longer lasting U.S. official involvement in commercial relationships with PRC firms overseas, including more auditing of end users and end uses.

In addition to the above, the Report makes numerous other recommendations, including limitations on standard-setting loopholes, fees for certain export licensing requests, requirements to refer certain licensing decisions or CCL determinations to interested U.S. agencies, intensive review and transfer of EAR99 technologies to the CCL, and a continued push for bilateral and plurilateral export control agreements covering, at a minimum, AI, quantum, and biotechnology.

Key Takeaways:

In the run up to the election, neither Party will want to be regarded as “weak on China” or U.S. national security issues. And it is unlikely that the Commerce Department and BIS will push back against these recommendations in any public way.

So, while the administration and BIS may not implement every recommendation, the Report marks for the new year a movement toward a stricter policy position with respect to China, if not additional “tough on China” measures and rulemaking. As pressure on U.S. regulatory bodies continues to mount, U.S. industry should anticipate increased regulation and greater difficulty in obtaining licenses for export transactions involving China, even where those transactions involve EAR99 designated items.

Please contact our sanctions and export controls team if you require any assistance navigating this development.

The senators ask CBP to increase enforcement of rules of origin requirements and to look for potential violations of the Uyghur Forced Labor Prevention Act (“UFLPA”) in member countries. The letter requests that CBP consider:

• Increasing “on-site and surprise verifications” in CAFTA-DR and USMCA regions;
• Conducting a “comprehensive review” of existing enforcement authorities and penalties for textiles and apparel, and creating a “strategic plan that outlines how CBP will maximize its existing tools and resources to ensure full compliance with CAFTA-DR, USMCA, and other relevant trade tools”; and
• Creating a Spanish language version of CBP’s e-Allegation service, allowing individuals to report anomalies, and communicating with local governments, companies, and NGOs to spread access.

The letter notes that metrics of enforcement for CBP, including the number of site visits conducted by CBP in CAFTA-DR, as well as the number of audits and special enforcement operations conducted, have decreased over the past five years.

Any company that is reliant on trade benefits for textile and apparel imports from CAFTA-DR or USMCA countries should use this as an opportunity to proactively evaluate their compliance (and their suppliers’ compliance) with the requirements of these agreements. If you have any questions, please do not hesitate to contact us.

[1]The letter was signed by chair of the Committee on Finance Ron Wyden (D - OR), Bill Cassidy (R - LA), Mark Warner (D - VA), Thom Tillis (R - NC), Tim Kaine (D - VA), Lindsey Graham (R - SC), Sherrod Brown (D - OH), and Tim Scott (R - SC).

Never in the history of the U.S. Treasury have such massive sums been assessed against an institution. The combined, multi-billion dollar settlement—imposed alongside other terms and in tandem with the resolution of related criminal and civil matters before the Department of Justice and Commodity Futures Trading Commission— reflect the enormity and aggravated nature of the 1,667,153 apparent AML and sanctions violations Binance accrued while conducting its global affairs.

This development showcases the Treasury Department’s willingness to take aggressive enforcement action within the virtual currency industry. Wherever located, those that rely on the U.S. financial system must ensure compliance with AML, sanctions, and other U.S. national security obligations. This is particularly the case for money services businesses (MSB) that are required to adhere, for example, to special reporting requirements.

Violations

In matching and executing virtual currency trades on its online exchange platform, Binance apparently violated multiple sanctions programs by providing prohibited goods and services or otherwise facilitating prohibited transactions involving blocked users or embargoed destinations. Specifically, Binance’s conduct is alleged to have violated sanctions programs that target Iran, Syria, North Korea, Cuba, the Crimea region of Ukraine, and the Donetsk and Luhansk People’s Republics.

Binance also appears to have violated FinCEN requirements by operating as an unregistered MSB and failing to report over 100,000 suspicious transactions to FinCEN through suspicious activity reports. These transactions related to terrorist financing, ransomware, child sexual abuse materials, dark net markets, scams, and other illicit activity.

OFAC found the apparent violations were egregious because Binance demonstrated awareness of and willful disregard for U.S. requirements. The penalties were further increased because these apparent violations were not voluntarily disclosed.

Settlement Terms

In addition to the hefty monetary sum, the settlement agreements impose a panoply of monitoring and compliance commitments. Binance agreed to engage an independent monitor for the next five years and implement a sanctions compliance program designed to minimize the risk of further violations, including by conducting a risk assessment, implementing internal controls, undergoing testing and auditing, providing training, ensuring Binance’s full exit from the United States, and more. Binance’s Chief Executive Officer also resigned on the day the penalties were announced.

Takeaways (Dos and Don’ts)

There are several takeaways underscored by the Binance settlement, with both general applicability and specific applicability to those operating in financial services, including:

• Do secure buy-in and commitment from senior management, hire appropriate compliance personnel, and establish a corporate culture of compliance;
• Do not allow messaging from senior officials that encourages circumvention of U.S. rules and internal controls by, for example, suggesting use of Virtual Private Networks to mask sanctioned activity, or, permitting a comingling of foreign and domestic business activity;
• Do employ guardrails on use of and access to online services platforms, through use of tools such as geofencing, geolocation, and IP blocking;
• Do not allow automated processes, such as “location-agnostic” algorithms, to operate unchecked by AML and sanctions compliance considerations;
• Do ensure that your AML and sanctions compliance program is tailored and commensurate with the nature, sophistication, and scale of your operations;
• Do not delay in designing and implementing an AML and sanctions compliance program, registering as an MSB where required, and voluntarily disclosing likely AML and sanctions violations.

* * *

Please contact our sanctions and export controls team if you require any assistance navigating this development.

To the extent the recommendations are accepted, industry could see even further restrictions on dealings with China. In particular, the proposals could result in more export controls enforcement and the granting of fewer licenses. Industry could also see additional scrutiny for Chinese investment into the United States.

A select summary of the report’s key findings and recommendations is below.

Export Controls. The Commission found that, even where coordinated with allies, current U.S. export controls are “insufficient” to stem the flow of knowhow and capital into China’s defense sector. The effectiveness of export controls is diluted by China’s MCF strategy, which combines the capabilities and innovation of civilian sectors “to drive military development through . . . policies and government-supported mechanisms.” This MCF strategy necessitates a “renewed focus on dual-use technologies, particularly in current multilateral regimes, which focus mainly on preventing the spread of military technologies that currently exist rather than preventing the development of new ones.”

The Commission recommended that Congress evaluate the possibility of establishing a single export licensing system. This system would integrate the Commerce Control List and the U.S. Munitions List, which refer to dual-use technology and armament licensing systems managed by the Commerce Department’s Bureau of Industry and Security (BIS) and the State Department’s Directorate of Defense Trade Controls, respectively. In evaluating the feasibility of a single export licensing system, the Commission advised that Congress evaluate, among other factors, (1) the commercial impact of combining the licensing systems, (2) which technologies to include in a combined system, and (3) which U.S. government agency should be in charge of the new system.

Additionally, the Commission recommended that Congress direct the General Accountability Office to evaluate the effectiveness of the recently imposed semiconductor export controls. These controls are designed to prevent China from acquiring or developing the capacity to manufacture certain advanced semiconductors. Last month BIS published interim final rules seeking to address certain gaps BIS found in its existing controls on advanced computing items, semiconductor manufacturing equipment, and items that support supercomputing applications and end-uses.

The Commission found that, following the implementation of BIS’s controls on the semiconductors that go into artificial intelligence (AI), MCF allowed China to expand its circumvention of U.S. restrictions by “scaling up thousands of intermediaries to [procure high]-end chips, including from U.S.-based NVIDIA.” This allowed the Chinese military to make rapid advances in AI for defense applications through its partnerships with civilian entities, and that “investment and procurement patterns suggest the [China] aims to use AI-enabled weapons systems to counter specific U.S. advantages and target U.S. vulnerabilities.”

Committee on Foreign Investment in the United States (CFIUS). The Commission recommended that CFIUS, an inter-agency committee that screens U.S.-bound investments, be granted the authority to “review investments in U.S. companies that could support foreign acquisition of capabilities to attain technological self-sufficiency or otherwise impair the economic competitiveness of the United States.” These “capabilities” would include investments in technology that are prioritized in the industrial policies of adversarial countries and investments in U.S. firms that have received funding from the U.S. government for projects critical to national security.

This recommendation from the Commission, if enacted, would complement an Executive Order issued by the Biden Administration last year directing CFIUS to consider additional national security risks in its evaluations of transactions. Importantly, the U.S. Treasury Department, which chairs CFIUS, is also in the process of drafting regulations to restrict U.S. outbound investment to countries that pose a risk to U.S. national security. CFIUS itself, as well as this forthcoming outbound investment screening mechanism, would have the effect of limiting China’s ability to procure technology that could go into the development of AI.

China’s Influence Over Foreign Militaries. China is keen to advance its technological prowess, partly through the acquisition of U.S. technologies. Because of this, there is a risk that U.S.-controlled technology could be supplied to the foreign militaries that China partners with. The Commission found that China seeks to deepen its influence over foreign militaries to undermine U.S. interests and “pursue relevant combat support capabilities in communications, logistics, survival skills, military medicine, and other basic military skills. Further, in addition to being a major exporter of small arms, “China has both improved the quality of its exports and expanded the range of equipment it provides, with the most notable advances in aircraft and ships.”

To that end, the Commission recommended that the U.S. Department of Defense (DOD) submit a report to Congress “detailing measures DOD is taking to mitigate the risk of the [Chinese military] gaining indirect knowledge of U.S. Armed Forces’ equipment and operational tactics, techniques, and procedures through interactions with the militaries of U.S. allies and partners.” The Commission also recommended that the report identify the steps necessary for end-use monitoring to ensure compliance.

In summary, U.S.-based firms should take the above issues raised by the Commission into account when considering sales to China or investments involving Chinese entities. Opportunities being pursued with China now may come under additional scrutiny or restrictions later as the Commission’s proposals are reviewed and potentially implemented.

Please contact our sanctions and export team if you need assistance navigating these developments in the course of certain sales to China.

The entities located within these countries of concern show just how expansive Russia’s wartime procurement and sanctions evasion efforts can go. The UAE makes up the bulk of the newly-designated entities located outside of Russia with 21 individuals and firms singled out. These UAE-based entities were found to provide Russia with logistical services for the delivery of satellite technology, industrial equipment, aircraft parts, and other technology and equipment critical to Russia’s ability to wage war. Turkey-based entities that were designated assisted Russia in procuring microelectronics, batteries, and metal processing instruments, among other things. One Turkish firm was also designated for working with Russian intelligence services to arrange payment and shipping details to overcome sanctions barriers to move goods from Turkey to Russia. In China, three firms were designated for supplying optical, telecommunications, and radar equipment to Russia.

Importantly, many of these newly-sanctioned entities operate in technology-adjacent sectors that supply parts and components for finished items such as vehicles or communication devices. Because of this, it may not be obvious to U.S. companies that their components’ end use could be for the benefit of an SDN that is supplying Russia’s war effort via circumvention of U.S. sanctions. U.S. companies that manufacture or supply the items linked above should look for warning signs that indicate potential circumvention when approving purchase and shipping orders, including complex corporate structures, entities in multiple different countries, and entities increasing their orders from countries of concern.

Please contact our sanctions and export team with any questions regarding these latest developments, or if you require assistance with preparing end user certifications and related risk reduction strategies for your supply chains.

Oil & Gas Sector

For six-months, General License No. 44 authorizes all transactions, including those involving Petróleos de Venezuela, S.A. (PdVSA) and PdVSA-owned entities, that are related to oil or gas sector operations in Venezuela, such as:

• Production, lifting, sale, and exportation of oil or gas from Venezuela, and provision of related goods and services;
• Payment of invoices;
• New investment; and
• Delivery of oil and gas from Venezuela to creditors of the Government of Venezuela (GoV), including PdVSA entities, for purposes of debt repayment.

While transactions with blocked financial institutions remain prohibited, new OFAC guidance indicates GL No. 44 extends to “ordinarily incident and necessary financial transactions” with Banco Central de Venezuela or Banco de Venezuela SA Banco Universal that are related to the oil and gas sector. Although GL No. 44 offers broad relief, OFAC has emphasized that other prohibitions remain in place, including but not limited to:

• New debt transactions, such as the provision of loans to PdVSA, that are not for the payment of invoices or repayment of debt through delivery of oil or gas;
• Transactions related to GoV virtual assets or debt owed by GoV and GoV-owned entities; and
• Transactions involving property blocked under the Venezuela sanctions regulations, or persons and entities that are blocked pursuant to another sanctions program.

GL No. 44 is set to expire on April 18, 2024 at 12:01 a.m. eastern daylight time, with OFAC indicating that the license will only be renewed if Venezuela meets its commitments and takes continued concrete steps toward a democratic election in 2024.

Gold Sector, Secondary Bond Market, Repatriation, and Other Actions

In addition to easing sanctions on Venezuela oil and gas, OFAC took several other actions, including the issuance of new, or broadening of existing, authorizations relating to Venezuelan gold, debt, and other transactions, as follows:

• OFAC’s General License No. 43 authorizes all transactions involving CVG Compania General de Mineria de Venezuela CA (Minerven) and Minerven-owned entities, with OFAC also temporarily suspending its policy of targeting for designation those operating in the gold sector of Venezuela’s economy.
• OFAC’s General License Nos. 3I and 9H amend prior licenses to remove restrictions on U.S. purchases or investments relating to certain Venezuelan sovereign bonds and pre-2017 bonds or equity issued by PdVSA.
• OFAC’s General License No. 45 authorizes transactions exclusively for the purpose of repatriation of certain Venezuelan nationals that involve Consorcio Venezolano de Industrias Aeronauticas y Servicios Aereos, S.A.
• OFAC delayed until January 18, 2024 the effective date of General License No. 5, which would authorize transactions relating to PdVSA’s 2020 8.5 percent bond.

Please contact our sanctions and export team if you have any questions regarding this latest development.

The new rules focus on deterring China’s ability to both purchase and manufacture certain high-end chips critical for military use by updating previous controls implemented by BIS in October 2022. The prior rules will remain in effect until superseded by the IFR’s on November 17, 2023. Public comments on the IFR’s are due no later than December 18, 2023. Although the rules contain a significant number of changes to the EAR and should be closely reviewed, a brief summary of key provisions is below.

Semiconductor Manufacturing Items Interim Final Rule

The new semiconductor manufacturing IFR implements the following:

• Adds new controls on additional types of semiconductor manufacturing equipment by removing Export Control Classification Number (“ECCN”) 3B090 and replacing and expanding the items controlled in ECCNs 3B001 and 3B002;
• Refines restrictions on U.S. persons to ensure U.S. companies cannot provide support to advanced Chinese semiconductor manufacturing, which includes codifying previously existing BIS guidance; and
• Expands license requirements for semiconductor manufacturing equipment to apply to additional countries beyond China and Macau to 21 other countries where the U.S. maintains arms embargoes (countries located in Country Group D:5).

The full text of the semiconductor manufacturing IFR can be found here.

Advanced Computing Interim Final Rule

In addition to retaining the stringent China-wide licensing requirements imposed in the October 2022 rule, the advanced computing IFR adjusts the parameters that determine whether an advanced computing chip requires a license and imposes new measures to address risks of circumvention of the controls, including by expanding controls to additional countries.

Specifically, this IFR removes “interconnect bandwidth” as a parameter for identifying restricted chips and restricts the export of chips if they exceed either (1) the performance threshold set in the October 7 rule; or (2) the new “performance density threshold,” which is designed to preempt future workarounds. It also replaces prior catch-all language with new ECCNs in “.z paragraphs” throughout the Commerce Control List to provide more clarity on covered items.

Additionally, this IFR contains provisions to combat the circumvention of U.S. export controls by issuing new “red flags” for exporters to reference, creating worldwide licensing requirements for any company that is headquartered in Macau or a destination subject to the U.S. arms embargo (including China), and adding additional license requirements to countries that present a heightened risk for diversion to China. This includes countries in Country Groups D:1, D:4, and D:5 of supplement no. 1 to part 740 of the EAR, if not also specific in Groups A:5 or A:6. As an example, the United Arab Emirates (“UAE”) is contained on Country Group D:4 and is not listed in Country Groups A:5 or A:6. Exporters should exercise greater scrutiny when contemplating transactions involving countries that fit into this new criteria. Lastly, in addition to expanding the export controls, the IFR issued a new Temporary General License and a new license exception (License Exception NAC) that exporters may be able to use for specific transactions.

The full text of the advanced computing IFR can be found here.

As with the October 2022 regulations, the two new IFRs are highly complex and contain many changes that are not fully summarized above. Please contact our sanctions and export team if you need assistance navigating these latest developments.