Yesterday afternoon, the U.S. Department of State issued the first of two mandatory reports under the Hong Kong Autonomy Act (HKAA), identifying 10 Hong Kong and mainland China officials as materially contributing to the erosion of Hong Kong’s autonomy (the “Section 5(a) Report”).[1]  Because the same individuals were already designated on the List of Specially Designated and Blocked Persons (“SDN List”) maintained by the U.S. Department of the Treasury, Office of Foreign Assets Control (“OFAC”) on August 7, 2020,[2] the practical effect of the report is limited to setting a deadline of 30 to 60 days for the U.S. administration to issue the second required report under the HKAA identifying foreign financial institutions that knowingly conduct a “significant” transaction with the 10 individuals listed in yesterday’s Section 5(a) Report (the “Section 5(b) Report”).[3]  We discussed the reports required under the HKAA and the potential impact of those reports in our earlier blog post.[4]
Continue Reading State Department Releases Hong Kong Autonomy Act Persons Report, Starts the Clock for Foreign Financial Institutions Report

In the wake of one of the largest reported medical ransomware attacks in U.S. history,[1] the U.S. Department of the Treasury, Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCEN) issued last week a pair of advisories to assist in efforts to combat the increasing threat of ransomware attacks and related sanctions and anti-money laundering (AML) compliance issues.[2]  Like our blog post last month on the same topic, the advisories highlight the importance of considering the legal risks relating to ransomware payments and confirm that OFAC may pursue enforcement actions against ransomware payments that violate U.S. sanctions.[3]
Continue Reading OFAC and FinCEN Issue Advisories on Cyber Ransom Payments

On September 18, 2020, the U.S. Department of Commerce (Commerce) released for public inspection substantively identical notices[1] specifying the transactions relating to mobile applications TikTok and WeChat to be prohibited pursuant to the executive orders related to both entities issued by President Trump on August 6, 2020 (the TikTok Notice and the WeChat Notice, respectively, and together, the Notices).[2]  Commerce withdrew both Notices before formal publication on September 22, presumably to address uncertainty regarding the effective dates in light of developments in both matters; the TikTok Notice has already been re-issued with revised timing, but negotiations over a possible partial sale of TikTok continue.[3]  The WeChat Notice has yet to be re-issued, possibly as a result of timing uncertainty regarding the preliminary injunction discussed below.[4]
Continue Reading Commerce Provides Clarity on the Potential Scope of the TikTok and WeChat Bans; All Else Remains Murky

Last month, reports surfaced that fitness technology company Garmin may have made a multimillion dollar payment in response to a ransomware attack with reported links to Evil Corp, a Russian hacking group subject to U.S. sanctions.  This incident and other recent reports of ransomware attacks against large companies highlights that companies should consider potential civil and criminal liability under U.S. sanctions laws when responding to ransomware attacks.
Continue Reading Ransomware and Sanctions Compliance: Considerations for Responses to Attacks

The Court of Appeal confirmed[1] that a borrower under a Tier 2 facility agreement was excused from making payments because of the risk of U.S. secondary sanctions.

The court made it explicitly clear that whether or not non-performance may be excused will depend on the specific words of the affected contract and the wider context.  However, whilst fact sensitive, the decision also makes clear that the English court is likely to consider U.S. secondary sanctions as “mandatory” provisions of law.  
Continue Reading UK Court of Appeal Says Risk of U.S. Secondary Sanctions is a “Mandatory Provision of Law” Excusing Non-Payment

On August 21, the Financial Crimes Enforcement Network, together with the federal banking agencies, released a statement to clarify banks’ customer due diligence obligations for politically exposed persons. The Statement affirms that (i) there is no regulatory requirement, and no supervisory expectation, for banks’ Bank Secrecy Act / anti-money laundering programs to include “unique, additional

Following the enactment of the Hong Kong Autonomy Act (HKAA), the issuance of Executive Order 13936, which implemented sanctions authorities under the HKAA and other statutes, and other recent U.S. sanctions designations and enforcement actions, many multinational entities based or operating in Hong Kong are concerned with how to navigate the new

On 6 July 2020, the UK Government announced the introduction of a “Global Human Rights” sanctions regime (the “GHR Sanctions”). The regime marks the first time the UK Government has imposed sanctions measures independently from the European Union and the first time it has exercised its ability to impose sanctions directly in response to human rights violations. However, the new measures do not necessarily indicate the UK’s future policy direction, and after Brexit the UK sanctions regime will look broadly similar to that of the EU.
Continue Reading New UK Sanctions Regime Introduced

Last night, President Trump issued two Executive Orders establishing a framework for prohibiting transactions involving popular Chinese-owned communications apps WeChat and TikTok.[1]  Contrary to some press reports, the Executive Orders do not prohibit all transactions with their respective parent companies; they do not in fact set out the scope of the restrictions.  Rather, they give the Commerce Department authority to prohibit any transaction involving a U.S. person or within the jurisdiction of the United States involving the two services; each of the Executive Orders clearly states “45 days after the date of this order, the Secretary shall identify the transactions subject to subsection (a) of this section [which contains the broad authority to prohibit].”[2]  Furthermore, the scope of Commerce’s authority is subtly (and no doubt intentionally) different in the two Executive Orders: with respect to TikTok, the authority covers any transaction with ByteDance, TikTok’s parent; with respect to WeChat, the authority covers any transaction relating to WeChat involving its parent, Tencent Holding.  Commerce will, within 45 days, take further action specifying exactly which transactions will be prohibited; it is even possible, particularly with respect to TikTok if the mooted divestiture of U.S. operations occurs, that no restrictions will be imposed.[3]  Unless and until Commerce implements the Executive Orders, no restrictions are in place and their precise future scope is unknown.
Continue Reading President Trump Authorizes Restrictions on WeChat and TikTok; Details to Come

Yesterday, updated guidance from the U.S. Department of State relating to Section 232 of the Countering America’s Adversaries Through Sanctions Act of 2017 (“CAATSA”) was published in the Federal Register.[1]  The updated guidance, which became effective on July 15, 2020, expands the potential applicability of secondary sanctions pursuant to Section 232 with respect to Nord Stream 2 and the second line of TurkStream.  Any work on or financial involvement in NordStream 2 or the second line of TurkStream will now be sanctionable, even if undertaken pursuant to an existing contract.  This could affect, among other things, lending and other financing to companies (including European companies) with any connection to either project.

Continue Reading Updated Guidance for Section 232 of CAATSA Published