Yesterday, the U.S. Department of Commerce, Bureau of Industry and Security (BIS) published a final rule (the Final Rule) imposing export controls on additional emerging technologies pursuant to the Export Control Reform Act of 2018 (ECRA).[1]  We previously wrote about the process to identify and impose export controls on emerging and foundational technologies under the ECRA, as well as the steps taken in furtherance of that process to date, here. Continue Reading BIS Imposes Export Controls on Additional Emerging Technologies; Further Defines Scope of CFIUS Mandatory Notification Requirement

In the wake of one of the largest reported medical ransomware attacks in U.S. history,[1] the U.S. Department of the Treasury, Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCEN) issued last week a pair of advisories to assist in efforts to combat the increasing threat of ransomware attacks and related sanctions and anti-money laundering (AML) compliance issues.[2]  Like our blog post last month on the same topic, the advisories highlight the importance of considering the legal risks relating to ransomware payments and confirm that OFAC may pursue enforcement actions against ransomware payments that violate U.S. sanctions.[3] Continue Reading OFAC and FinCEN Issue Advisories on Cyber Ransom Payments

On September 18, 2020, the U.S. Department of Commerce (Commerce) released for public inspection substantively identical notices[1] specifying the transactions relating to mobile applications TikTok and WeChat to be prohibited pursuant to the executive orders related to both entities issued by President Trump on August 6, 2020 (the TikTok Notice and the WeChat Notice, respectively, and together, the Notices).[2]  Commerce withdrew both Notices before formal publication on September 22, presumably to address uncertainty regarding the effective dates in light of developments in both matters; the TikTok Notice has already been re-issued with revised timing, but negotiations over a possible partial sale of TikTok continue.[3]  The WeChat Notice has yet to be re-issued, possibly as a result of timing uncertainty regarding the preliminary injunction discussed below.[4] Continue Reading Commerce Provides Clarity on the Potential Scope of the TikTok and WeChat Bans; All Else Remains Murky

On September 15, 2020, the U.S. Department of the Treasury published a final rule (the “Final Rule”) significantly changing the scope of the Committee on Foreign Investment in the United States (“CFIUS”) mandatory notification requirements for foreign investments in U.S. critical technology businesses and expanding it to investments in all industries.  The Final Rule, which is basically the same as (but does resolve some ambiguities in) the May 2020 proposed rule, eliminates the current limitation of mandatory critical technology notifications to targets active in specified industries and instead focuses on whether the target develops, tests, or manufactures technologies that would require a license for export—whether or not the technologies are in fact exported or sold to third parties (e.g., proprietary manufacturing technologies)—to the jurisdiction of the investor and any entity in its chain of ownership, effectively creating different mandatory notification requirements for different countries.  The Final Rule also clarifies the ownership rules used to determine when an investor linked to a foreign government is required to file with CFIUS for an investment in a sensitive U.S. technology, infrastructure, or data business.  The Final Rule applies to all transactions entered into (i.e., binding agreement signed, public offer launched, proxies solicited, or options exercised) after October 15, 2020.

Please click here to read the full alert memorandum.

On 5 September 2020, the UK Government accepted undertakings from Gardner Aerospace not to proceed with its proposed acquisition of Impcross, a UK-based manufacturer of components for the aerospace industry (including for military aircraft). Gardner is owned by Shenzhen-listed Ligeance Aerospace Technology. This is a rare case of the UK Government effectively prohibiting a transaction on national security grounds. The decision is consistent with a more interventionist approach that has been signalled by the UK Government over the last three years.

Please click here to read the full alert memorandum.

Last month, reports surfaced that fitness technology company Garmin may have made a multimillion dollar payment in response to a ransomware attack with reported links to Evil Corp, a Russian hacking group subject to U.S. sanctions.  This incident and other recent reports of ransomware attacks against large companies highlights that companies should consider potential civil and criminal liability under U.S. sanctions laws when responding to ransomware attacks. Continue Reading Ransomware and Sanctions Compliance: Considerations for Responses to Attacks

The Court of Appeal confirmed[1] that a borrower under a Tier 2 facility agreement was excused from making payments because of the risk of U.S. secondary sanctions.

The court made it explicitly clear that whether or not non-performance may be excused will depend on the specific words of the affected contract and the wider context.  However, whilst fact sensitive, the decision also makes clear that the English court is likely to consider U.S. secondary sanctions as “mandatory” provisions of law.   Continue Reading UK Court of Appeal Says Risk of U.S. Secondary Sanctions is a “Mandatory Provision of Law” Excusing Non-Payment

On August 27, 2020, the U.S. Department of Commerce, Bureau of Industry and Security (BIS) issued an advance notice of proposed rulemaking (the ANPRM) requesting public comment on the definition of, and criteria for identifying, “foundational” technologies[1] that are essential to U.S. national security and should be subject to more stringent export controls.[2]  The ANPRM marks another step toward implementing the long-delayed “emerging and foundational technology” provisions of the Export Control Reform Act of 2018 (ECRA).[3]  Like the earlier ANPRM regarding emerging technologies, the rulemaking is still at a conceptual stage. Continue Reading BIS Issues Long-Awaited Request for Public Comment on Foundational Technologies

On August 21, the Financial Crimes Enforcement Network, together with the federal banking agencies, released a statement to clarify banks’ customer due diligence obligations for politically exposed persons. The Statement affirms that (i) there is no regulatory requirement, and no supervisory expectation, for banks’ Bank Secrecy Act / anti-money laundering programs to include “unique, additional due diligence steps” for customers who are PEPs and (ii) there is no regulatory requirement for banks to screen customers and their beneficial owners for PEPs.  Instead, the Statement confirms that PEP customers should be subject to the same risk-based approach to CDD that applies to any other customer, but that PEP status (and screening for PEPs) may be a factor in developing a customer risk profile and assessing money laundering risk.  It also reminds banks of the continued U.S. national security and law enforcement interest in detecting and combatting public corruption and other criminality involving PEPs.

Please click here to read the full alert memorandum.

On August 20, 2020, the U.S. Department of Commerce, Bureau of Industry and Security (“BIS”) published a final rule[1] that further tightens restrictions under the Export Administration Regulations (“EAR”) on Huawei Technologies Co., Ltd. and its affiliates designated on the Entity List administered by BIS (“Huawei”) (the “Final Rule”).  The Final Rule: (i) expands the prohibition on providing items manufactured with controlled U.S. technology or software to Huawei to include all items transferred to Huawei or for a Huawei device, whether or not specifically designed by or for Huawei ; (ii) removes most of the Temporary General License (“TGL”) that permitted some transactions involving Huawei, including activities that support existing networks and equipment; and (iii) added 38 non-U.S. affiliates of Huawei to the Entity List.  The Final Rule was published in the Federal Register on August 20, but became effective upon being made available for public inspection on August 17.

In a contemporaneous final rule,[2] BIS clarified that license requirements for entities included on the Entity List apply regardless of the role that the listed entity has in the transaction (i.e., purchaser, intermediate consignee, ultimate consignee or end-user) (the “Entity List Final Rule”).  This clarification applies to all entities on the Entity List, not just Huawei. Continue Reading BIS Further Tightens Export Restrictions on Huawei