In the wake of one of the largest reported medical ransomware attacks in U.S. history,[1] the U.S. Department of the Treasury, Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCEN) issued last week a pair of advisories to assist in efforts to combat the increasing threat of ransomware attacks and related sanctions and anti-money laundering (AML) compliance issues.[2] Like our blog post last month on the same topic, the advisories highlight the importance of considering the legal risks relating to ransomware payments and confirm that OFAC may pursue enforcement actions against ransomware payments that violate U.S. sanctions.[3]
Continue Reading OFAC and FinCEN Issue Advisories on Cyber Ransom Payments
Commerce Provides Clarity on the Potential Scope of the TikTok and WeChat Bans; All Else Remains Murky
By Paul Marquardt, Chase D. Kaniecki & Nathanael Kurcab on
On September 18, 2020, the U.S. Department of Commerce (Commerce) released for public inspection substantively identical notices[1] specifying the transactions relating to mobile applications TikTok and WeChat to be prohibited pursuant to the executive orders related to both entities issued by President Trump on August 6, 2020 (the TikTok Notice and the WeChat Notice, respectively, and together, the Notices).[2] Commerce withdrew both Notices before formal publication on September 22, presumably to address uncertainty regarding the effective dates in light of developments in both matters; the TikTok Notice has already been re-issued with revised timing, but negotiations over a possible partial sale of TikTok continue.[3] The WeChat Notice has yet to be re-issued, possibly as a result of timing uncertainty regarding the preliminary injunction discussed below.[4]
Continue Reading Commerce Provides Clarity on the Potential Scope of the TikTok and WeChat Bans; All Else Remains Murky
CFIUS Shifts Focus of “Critical Technology” Mandatory Notifications to Export Controls
By Paul Marquardt, Chase D. Kaniecki & Nathanael Kurcab on
On September 15, 2020, the U.S. Department of the Treasury published a final rule (the “Final Rule”) significantly changing the scope of the Committee on Foreign Investment in the United States (“CFIUS”) mandatory notification requirements for foreign investments in U.S. critical technology businesses and expanding it to investments in all industries. The Final Rule, which…
Ransomware and Sanctions Compliance: Considerations for Responses to Attacks
By Alexis Collins, Chase D. Kaniecki & Samuel H. Chang on
Last month, reports surfaced that fitness technology company Garmin may have made a multimillion dollar payment in response to a ransomware attack with reported links to Evil Corp, a Russian hacking group subject to U.S. sanctions. This incident and other recent reports of ransomware attacks against large companies highlights that companies should consider potential civil and criminal liability under U.S. sanctions laws when responding to ransomware attacks.
Continue Reading Ransomware and Sanctions Compliance: Considerations for Responses to Attacks
UK Court of Appeal Says Risk of U.S. Secondary Sanctions is a “Mandatory Provision of Law” Excusing Non-Payment
By Paul Marquardt, Polina Lyadnova & Marina Zarubin on
The Court of Appeal confirmed[1] that a borrower under a Tier 2 facility agreement was excused from making payments because of the risk of U.S. secondary sanctions.
The court made it explicitly clear that whether or not non-performance may be excused will depend on the specific words of the affected contract and the wider context. However, whilst fact sensitive, the decision also makes clear that the English court is likely to consider U.S. secondary sanctions as “mandatory” provisions of law.
Continue Reading UK Court of Appeal Says Risk of U.S. Secondary Sanctions is a “Mandatory Provision of Law” Excusing Non-Payment
BIS Further Tightens Export Restrictions on Huawei
By Paul Marquardt & Chase D. Kaniecki on
On August 20, 2020, the U.S. Department of Commerce, Bureau of Industry and Security (“BIS”) published a final rule[1] that further tightens restrictions under the Export Administration Regulations (“EAR”) on Huawei Technologies Co., Ltd. and its affiliates designated on the Entity List administered by BIS (“Huawei”) (the “Final Rule”). The Final Rule: (i) expands the prohibition on providing items manufactured with controlled U.S. technology or software to Huawei to include all items transferred to Huawei or for a Huawei device, whether or not specifically designed by or for Huawei ; (ii) removes most of the Temporary General License (“TGL”) that permitted some transactions involving Huawei, including activities that support existing networks and equipment; and (iii) added 38 non-U.S. affiliates of Huawei to the Entity List. The Final Rule was published in the Federal Register on August 20, but became effective upon being made available for public inspection on August 17.
In a contemporaneous final rule,[2] BIS clarified that license requirements for entities included on the Entity List apply regardless of the role that the listed entity has in the transaction (i.e., purchaser, intermediate consignee, ultimate consignee or end-user) (the “Entity List Final Rule”). This clarification applies to all entities on the Entity List, not just Huawei.
Continue Reading BIS Further Tightens Export Restrictions on Huawei
President Trump Orders TikTok Divestment; Sweeping Order Appears to Indicate a Broadening of CFIUS’s Jurisdiction
By Paul Marquardt & Chase D. Kaniecki on
Following completion of a review by the Committee on Foreign Investment in the United States (“CFIUS”), President Trump recently issued an Executive Order requiring ByteDance to, among other things, divest itself of assets and property that enable or support operation of the TikTok application in the United States within 90 days (the “CFIUS Order”). This was not an unexpected outcome. We previously reported on the unusual nature of CFIUS’s review here. The week before, President Trump issued a different Executive Order authorizing the Commerce Department to prohibit transactions involving a U.S. person or within the jurisdiction of the United States with ByteDance (the “Commerce Order”), with details of the restrictions to come in 45 days. We previously reported on the Commerce Order here. According to press reports, negotiations for a possible acquisition of TikTok continue, and it remains to be seen whether those restrictions will come to fruition and on what timetable.
Continue Reading President Trump Orders TikTok Divestment; Sweeping Order Appears to Indicate a Broadening of CFIUS’s Jurisdiction
President Trump Authorizes Restrictions on WeChat and TikTok; Details to Come
By Paul Marquardt & Chase D. Kaniecki on
Last night, President Trump issued two Executive Orders establishing a framework for prohibiting transactions involving popular Chinese-owned communications apps WeChat and TikTok.[1] Contrary to some press reports, the Executive Orders do not prohibit all transactions with their respective parent companies; they do not in fact set out the scope of the restrictions. Rather, they give the Commerce Department authority to prohibit any transaction involving a U.S. person or within the jurisdiction of the United States involving the two services; each of the Executive Orders clearly states “45 days after the date of this order, the Secretary shall identify the transactions subject to subsection (a) of this section [which contains the broad authority to prohibit].”[2] Furthermore, the scope of Commerce’s authority is subtly (and no doubt intentionally) different in the two Executive Orders: with respect to TikTok, the authority covers any transaction with ByteDance, TikTok’s parent; with respect to WeChat, the authority covers any transaction relating to WeChat involving its parent, Tencent Holding. Commerce will, within 45 days, take further action specifying exactly which transactions will be prohibited; it is even possible, particularly with respect to TikTok if the mooted divestiture of U.S. operations occurs, that no restrictions will be imposed.[3] Unless and until Commerce implements the Executive Orders, no restrictions are in place and their precise future scope is unknown.
Continue Reading President Trump Authorizes Restrictions on WeChat and TikTok; Details to Come
TikTok: Familiar Issues, Unfamiliar Responses
By Paul Marquardt on
Posted in Foreign Investment, U.S.
Initial press reports last November that the Committee on Foreign Investment in the United States (CFIUS) had commenced a review of ByteDance’s acquisition of Musical.ly, the service that was merged into ByteDance’s video-sharing site TikTok and helped fuel its expansion, were not particularly surprising to those familiar with CFIUS and its concerns. However, recent departures from established CFIUS processes in the TikTok matter are striking and concerning for persons engaging in cross-border transactions involving the United States, calling into question the scope, apolitical nature, confidentiality, and security focus of the CFIUS process.
Continue Reading TikTok: Familiar Issues, Unfamiliar Responses
Updated Guidance for Section 232 of CAATSA Published
By Paul Marquardt & Chase D. Kaniecki on
Yesterday, updated guidance from the U.S. Department of State relating to Section 232 of the Countering America’s Adversaries Through Sanctions Act of 2017 (“CAATSA”) was published in the Federal Register.[1] The updated guidance, which became effective on July 15, 2020, expands the potential applicability of secondary sanctions pursuant to Section 232 with respect to Nord Stream 2 and the second line of TurkStream. Any work on or financial involvement in NordStream 2 or the second line of TurkStream will now be sanctionable, even if undertaken pursuant to an existing contract. This could affect, among other things, lending and other financing to companies (including European companies) with any connection to either project.
Continue Reading Updated Guidance for Section 232 of CAATSA Published