1. FinCEN and BIS Target Financial Institutions for Export Compliance
On June 28, the Financial Crimes Enforcement Network (FinCEN) and the Bureau of Industry and Security (BIS) issued their first joint alert urging financial institutions to be vigilant against efforts to evade BIS export controls related to Russia’s invasion of Ukraine. The alert provides an overview of the current export restrictions implemented by BIS to date, a list of commodities of concern, and select transactional and behavioral red flags to assist financial institutions in identifying suspicious transactions. The commodities of concern include aircraft parts and equipment, antennas, GPS devices, vacuum pumps, and sonar systems. While U.S. financial institutions likely have focused on U.S. economic sanctions and financial restrictions directed at Russia and Belarus and made the appropriate changes to their compliance programs, policies, and procedures, the joint alert underscores the importance of also taking into consideration U.S. export and reexport controls that may underlie financial transfers and may require export licenses.
2. Bank’s Screening Process Insufficient and Caused OFAC Sanctions Violations
On July 21, the Office of Foreign Assets Control (OFAC) issued a Finding of Violation with no fine to MidFirst Bank for its violation of a sanctions program. The bank inadvertently processed payments for two sanctioned individuals. The violations occurred because the bank conducts daily screenings only on new customers and on changes related to existing customers, and rescreens its entire customer base just once a month. This process left the bank exposed and unaware of the blocked accounts for days.
3. Sanctions Compliance Is Still All About the Human Touch
OFAC announced a $430,500 settlement with American Express National Bank for 214 apparent violations of OFAC’s Kingpin sanctions. For over two months, Amex processed transactions for an account whose supplemental cardholder was sanctioned. The settlement highlights the importance of properly training employees, ensuring that procedures are followed, and consistently applying enterprisewide compliance measures. Internal accountability is needed to ensure compliance.
4. OFAC Investigating Crypto Exchange for Sanctions Violations
OFAC has been investigating Kraken, one of the world’s largest crypto exchanges, for alleged violations of U.S. sanctions laws, according to a report by The New York Times. As of June 2022, Kraken had 1,522 users residing in Iran, 149 in Syria, and 83 in Cuba, all of which are sanctioned jurisdictions under U.S. law. While OFAC has not yet published an enforcement action against Kraken, one is likely forthcoming. Such a case would highlight the crackdown on crypto companies by the federal government.
5. Ransomware Payments Can Involve Sanctions Violations and Penalties
The U.S. government has urged companies to be cognizant of the increased risk of cyberattacks, such as ransomware. As companies bolster their cybersecurity and monitor against attacks, they should be aware of the sanctions risks that can occur when facilitating ransomware payments. Under OFAC’s strict liability regime, if the attacker is subject to sanctions, a U.S. person risks a potential penalty from OFAC if a ransomware payment is made to that sanctioned party. Since the updated advisory on ransomware issued by OFAC last year, there haven’t been any enforcement actions. However, OFAC is proactively encouraging reporting and collaboration before payment to avoid a penalty. See related video below.
6. USTR Explains Section 301 Duties on Lists 3 and 4A
On August 1, the U.S. Trade Representative (USTR) filed its Remand Determination in the Section 301 challenge with the U.S. Court of International Trade (CIT). The USTR’s filing responded to the CIT’s decision in April, which held that the USTR failed to adequately explain its decisions to (1) impose tariffs under List 3 and List 4A, and (2) include certain products on those lists. In a five-part ruling, the USTR explained its reasoning for selecting certain products and duty rates. The plaintiffs will have the opportunity to file briefs challenging the ruling before the CIT issues its final determination.
7. BIS Adds Enforcement Measures on Foreign Aircraft With U.S.-Origin Content
On August 2, the U.S. Department of Commerce’s BIS added foreign-produced commercial aircraft to its restricted aircraft list. The foreign planes had U.S. content, giving BIS jurisdiction to control the foreign parties even when operating in foreign jurisdictions. All the aircraft added to the list were owned or controlled by, or under charter or lease to, Belarus, Russia, or Russian or Belarusian nationals. BIS also suspended the export privileges of a Venezuelan airline for obtaining a U.S.-origin Boeing aircraft from sanctioned entity Mahan Air and flying it between Venezuela, Iran, and Russia. These cases serve as a reminder that foreign exporters must be aware of whether any U.S.-origin materials are incorporated into their exports, and if so, the companies must comply with any applicable U.S. export law.
8. New General Licenses Facilitate Defense Trade With the UK, Canada, and Australia
On July 13, the State Department’s Directorate of Defense Trade Controls published two open general licenses authorizing reexport and retransfer of certain defense items and services to Australia, Canada, and UK governments and certain other parties. Companies still must comply with the International Trade in Arms Regulations end-destination and record-keeping requirements. Both licenses also contain limitations, including on items exported pursuant to certain Foreign Military Sales programs, certain missile-related defense articles, technical data, and certain major defense equipment and high-value defense articles or services. This pilot program is in effect for one year, August 1, 2022, to July 31, 2023.
9. OFAC Updates Russia Licenses Allowing for Exportation of Agricultural Equipment, Medical Items, and Internet Communications Technology to Russia
OFAC issued one new and three updated general licenses related to Russia. The updated general licenses are for transactions related to agricultural commodities and equipment, medicine and medical devices, technology related to internet communications, and SEFE Securing Energy for Europe GmbH. The July 14 update also included a new general license related to tax preparation, stating that U.S. financial institutions are allowed to process transactions related to the exportation of these items to Russia, as well as a food security fact sheet.
TRADE TIP OF THE MONTH: U.S. and China Legal Obligations on the Rise
In recent years there has been an uptick in the passage of trade-related laws and regulations intended to directly oppose or contradict other countries’ trade laws. The European Union’s “blocking regulations” have sought to “shelter” EU entities from U.S. sanctions on Iran that have extraterritorial reach. Most recently, in response to the Forced Labor Prevention Act, which prohibits imports into the United States that include any inputs from the Xinjiang region of China, China passed its own “China Anti-Boycott Laws.” These laws protect Chinese manufacturers by giving them a right of action in Chinese courts against foreign partners that refuse to do business with them based on non-Chinese laws and make it a crime for Chinese manufacturers to decide against pursuing such actions. Multinational companies can successfully navigate this increasingly complex regulatory space by considering these issues at the onset of a business relationship and reconsidering the issues periodically to ensure existing contractual relationships and supply chains conform to the evolving legal landscape. As a first step, updating sanctions compliance policies and manuals will send a clear message to employees and partners that these issues must be identified and addressed.
- Video: "Understanding the Additional Risks When Making a Ransomware Payment"
July 25, 2022
Cybersecurity Awareness Video
Doreen M. Edelman, Christian C. Contardo
- Article: "Protecting Your Business from Managed Service Provider Cyberthreats"
July 28, 2022
Risk Management Magazine
Kathleen A. McGee