The Biden Administration’s recent expansion of sanctions and export controls to counter Russian aggression will impact non-U.S. financial institutions and increase compliance risks for the business software sector and other critical industries.

On June 12, 2024, in advance of the G7 Summit, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) and the Commerce Department’s Bureau of Industry and Security (BIS) each announced a series of new measures against the Russian Federation.

OFAC’s actions include expanding its authority to impose secondary sanctions on foreign financial institutions, imposing Specially Designated National (SDN) designations on over 300 individuals and entities in concert with the State Department, and implementing new restrictions on the provision of certain U.S. software and IT-related services to persons in Russia. BIS issued a final rule to expand and strengthen its existing export control restrictions under the Export Administration Regulations (EAR) against the Russian Federation and Belarus, including expanding the scope of items subject to the EAR’s Russian and Belarusian industry sector sanctions, imposing a license requirement for certain EAR99-designated software when destined to or within Russia or Belarus, and narrowing the scope of License Exception Consumer Communications Devices (CCD) with regard to Russia and Belarus. The OFAC actions and BIS’s final rule became effective on June 12, 2024 (except as otherwise noted below).

New U.S. Sanctions

New Restrictions on Foreign Financial Institutions:

• Treasury broadened the definition of Russia’s military-industrial base to include “all persons blocked pursuant to E.O. 14024.” As a result, OFAC is now authorized to impose “secondary sanctions” (e.g., designation as an SDN) on any foreign financial institution conducting or facilitating significant transactions or providing any service involving any person blocked pursuant to E.O. 14024. OFAC issued new FAQs 1181 and 1182 and an updated Compliance Advisory to help foreign financial institutions identify sanctions risks and implement corresponding controls. These changes are consistent with policies previously described in the Department of the Treasury, Department of Commerce, and Department of Justice’s Tri-Seal Compliance Note released on March 6, 2024.

New Sanctions Designations:

• OFAC imposed SDN designations on a wide range of persons deemed to be involved in the Russian war effort or assisting with sanctions evasion, including several of Russia’s most important financial institutions and energy producers not previously subject to sanctions – e.g., the Moscow Exchange, the National Clearing Center, the Non-Bank Credit Institution Joint Stock Company National Settlement Depository, the Gas Industry Insurance Company Sogaz, the Joint Stock Company Russian National Reinsurance Company – and a number of companies involved in Liquified Natural Gas (LNG) production in Russia.
• OFAC imposed SDN designations on a large number of China-based and other third country entities involved in the diversion of chips and electronics for use in Russia and by the Russian military and parties identified as engaged in sanctions evasion.

New Restrictions on the Russian Industrial Base’s Access to Specific U.S. Software and IT-Related Services:

• OFAC issued a new Determination Pursuant to Section 1 (a)(ii) of Executive Order 14071, “Prohibition on Certain Information Technology and Software Services,” which prohibits the provision of IT consultancy and design services, as well as IT support services or cloud-based services for enterprise management software and design and manufacturing software, to any person located in the Russian Federation. This prohibition will become effective on September 12, 2024.

General Licenses and FAQs:

• OFAC issued a series of General Licenses (GLs), which authorize the wind-down of certain transactions involving sanctioned parties (see GL nos. 98, 99 and 100) as well as extend or modify certain existing GLs (see GL nos. 6D, 8J, 25D).
• OFAC issued eight new Russia-related FAQs (1181 - 1188) and amended 10 existing Russia-related FAQs (976, 1040, 1068, 1122, 1128, 1146, 1147, 1148, 1151, 1152).

Another Round of U.S. Export Control Restrictions

Expansion of the Industry Sector Sanctions:

• The BIS rule expanded the scope of the EAR’s Russian and Belarusian Industry Sector Sanctions that apply to items identified in supplements no. 4 and no. 6 to part 746 of the EAR by Harmonized Tariff Schedule (HTS)-6 Codes. In particular, BIS added 522 additional HTS-6 Code entries to supplement no. 4, which now require a license for export or reexport to, or transfer within, Russia or Belarus. Notably, BIS explained that, the purpose of these amendments was primarily to combat export controls circumvention involving changing the classification of an item that requires a license to the classification of an item in a similar HTS code that does not require a license. In addition, the rule added certain riot control agents to supplement no. 6 to address Russia’s use of these items as a method of warfare against Ukrainian forces.

License Requirement for Certain EAR99 Software:

• The rule adds a new paragraph (a)(8) (“EAR99-designated software”) to Section 746.8 of the EAR. Consistent with OFAC’s new IT services restrictions, a license requirement now applies for EAR99 enterprise resource planning (ERP); customer relationship management (CRM); business intelligence (BI); supply chain management (SCM); enterprise data warehouse (EDW); computerized maintenance management system (CMMS); project management, product lifecycle management (PLM); building information modeling (BIM); computer-aided design (CAD); computer-aided manufacturing (CAM); and engineering to order (ETO) software destined for Russia or Belarus. The scope of this new licensing requirement includes software updates for these types of software but excludes entities exclusively operating in the medical or agricultural sectors. These changes will go into effect on September 16, 2024.

Narrowing License Exception CCD for Russia and Belarus:

• BIS revised paragraph (b) (Eligible commodities and software) in Section 740.19 (Consumer Communications Devices (CCD)) – which permits exports of certain communications devices to individuals and non-governmental organizations in Russia, Belarus, and Cuba – to limit the scope of eligible commodities and software that may be authorized for export, reexport, or transfer (in-country) under License Exception CCD to and within Russia and Belarus. For example, the following items are no longer authorized for Russia or Belarus under License Exception CCD: consumer disk drives and solid-state storage equipment classified under ECCN 5A992 or designated EAR99, graphics accelerators and graphics coprocessors designated EAR99; memory devices classified under ECCN 5A992.c or designated EAR99; and digital cameras (including webcams) and memory cards classified under ECCN 5A992 or designated EAR99.

Other EAR Amendments:

• BIS added five entities and eight addresses to the Entity List and made changes to the Entity List structure, including adding a new paragraph (f) (Addresses with High Diversion Risk) to Section 744.16 of the EAR, which enables BIS to identify by address an entity (or multiple entities) on the Entity List that presents a high risk of diversion without an associated entity name.
• The rule consolidated the EAR’s Russian and Belarus sanctions into a single section (i.e., a revised and expanded Section 746.8), while maintaining the existing related regulatory supplements identifying items that are subject to certain of those sanctions (i.e., supplement nos. 2, 4, and 6 to part 746 for industrial goods, and supplement no. 5 to part 746 for luxury goods).
• BIS amended Section 740.2 (Restrictions on all License Exceptions) to specify the standard under which BIS may revise, suspend, or revoke a license exception. Specifically, the rule clarifies that “BIS may make such revisions, suspensions, or revocations to protect U.S. national security or foreign policy interests, consistent with the policy considerations in Section 1752 of the Export Control Reform Act of 2018.”
• The rule added a sentence in supplement nos. 2, 4, 5, and 7 to clarify the scope of the exclusion for fasteners (e.g., screw, bolt, nut, nut plate, stud, insert, clip, rivet, pin) in the relevant supplements, as certain fasteners specifically described under HTS-6 Codes in supplement nos. 2, 4, 5, and 7 are subject to licensing requirements.

Key Takeaways

1. Enhanced Foreign Financial Institution Due Diligence: We expect foreign financial institutions with any substantial exposure to business involving the United States or U.S. dollar transactions to enhance their due diligence requirements when dealing with high-risk goods or transacting with entities in high-risk jurisdictions for sanctions evasion, such as the United Arab Emirates, China, and Turkey. Parties seeking to engage in these transactions will need to be prepared to provide such financial institutions with detailed documentation on the nature of the goods, end-users, and end-use.
2. IT Sector Risks: Parties operating in the software and IT-related space will need to engage in heightened due diligence regarding the end-users and end-uses of their products. For example, companies providing cloud-based applications (SaaS, IaaS, etc.) may need to engage in increased use of tools such as IP geofencing and geolocation to identify end-users in Russia in order to ensure compliance with new sanctions and export controls requirements.
3. Diversion and Evasion Red Flag Identification: A common theme among the recent OFAC and BIS measures is a continued focus on sanctions evasion, particularly against parties located outside of the United States. As such, companies operating in or selling to high-risk markets and/or involving high-risk products or services (e.g., IT, technology, etc.) should evaluate their risks, compliance mechanisms, and controls to ensure they are aligned with guidance on diversion and evasion schemes and red flags.

Zachary Roten, an International Trade Specialist at Wiley Rein LLP, contributed to this alert.

[View source.]