A Changed Regulatory Environment – Companies who think that U.S. export controls and sanctions do not apply to their products and channels of trade should reassess that position. As an example, approximately US$1.1 billion in fines levied during the last 15 months by the U.S. government against financial institutions, including national banks, online payment processors, cyber currency businesses, and foreign investors is a reminder to all industries that neglecting internal export controls and sanctions compliance can have severe consequences. No matter whether the transaction is an acquisition of a U.S. business, sale of products, or the performance of services, companies and foreign investors across all industries need to assess whether export controls or sanctions compliance is necessary. This means more due diligence of business partners and new procedures to ensure that products and services are not used by restricted recipients.
Multifactor Export Controls and Sanctions – Companies should be aware that U.S. export restrictions can be triggered in multiple ways, any one of which could result in a violation of U.S. law: 1) not safeguarding controlled technology, 2) allowing prohibited uses of products or services, 3) doing business with a restricted party, or 4) distributing products or offering services in prohibited destinations.
What are the New Export Risks?
- An Expanded Scope of Restricted Products: While cutting edge technologies embodied in products such as semiconductor chips, quantum computing devices, and AI development continue to be targets of restrictions under commercial and military regulations, thousands of other products and services are also restricted for export across diverse industries such as banking and financial services, 3D printing and materials manufacturing, clean tech, remote sensing, telecommunications, cyber security, and a myriad of other commercial industries.
- End use Restrictions: An enlarged scope of prohibited end uses, often involving products or services not subject to licensing requirements, now apply to business transactions involving Russia, Belarus and China in U.S. Department of Commerce regulations; in addition, many other end use restrictions pervade the approximately 40 country and industry sanctions programs administered by OFAC, the U.S. Office of Foreign Assets Control.
- Restricted Parties: The number of individuals and entities designated as restricted parties subject to U.S. sanctions has ballooned to over 20,000 entries contained in over 12 separate sanction lists maintained by various U.S. federal agencies.
- CFIUS Compliance for Direct Foreign Investment: Companies are often unaware that CFIUS, the U.S. Committee on Foreign Investment in the U.S., has the authority to review and approve or oppose a wide range of investment transactions in U.S. businesses and real estate in which a foreign investor is able to gain access or control of restricted U.S. technology, critical infrastructure, or the personal data of U.S. citizens.
Heightened Enforcement – The enforcement divisions of nine federal agencies are increasingly collaborating on export investigations and aggressively prosecuting violators in cases where companies or individuals knew or should have known that violations were occurring. The result is the highest number and severity of penalties for export violations in U.S. history – totaling billions of U.S. dollars annually.
What Should Companies Do to Mitigate Export Violation Risk?
- Implement internal compliance programs that identify trade risk by monitoring 1) the type of transaction, 2) whether a controlled U.S. technology is involved, 3) the involvement of restricted parties, 4) a possible prohibited end use, and 5) whether the destination is prohibited.
- Conduct a thorough due diligence of the products, services, and modes of operation of companies acquired to identify controlled technologies and sanctions risks.
- Prior to an acquisition, questionable business practices and compliance violations should be remedied, including those of subsidiaries and affiliates.
- If violations are found, the risks and benefits of a Voluntary Self-Disclosure should be evaluated.
- Be mindful that the look-back period for OFAC violations has recently changed to 10 years.
- The use of geolocation and blocking software, as well as conducting routine restricted parties screenings, greatly reduce the risk of doing business with restricted parties.
- A periodic export controls and sanctions audit should be conducted to identify changes in products, services, and operations that may require new compliance measures to mitigate risks.
