On February 24, 2022, the United States, in coordination with the European Union, the United Kingdom, Canada, Australia, Japan, and other allies, took further action against Russia and Belarus in response to Russia's invasion of Ukraine. President Biden announced a second wave of sanctions aimed at preventing Russia from importing critical U.S.-origin products, software, and technology and cutting the country off from much of the global financial system. The measures imposed severe export restrictions on a wide range of items produced in the United States and abroad, including commercial electronics, lasers, computers, semiconductors, and aircraft parts—all items critical to Russia's defense, aerospace, and maritime industries. The rule adds new Russia-specific provisions to both the foreign direct product rule and the de minimis rule, subjecting additional foreign-made products to these restrictions. The United States expects these export controls to restrict half of Russia's technology imports in the long term. President Biden's sanctions also include a second set of financial sanctions targeting five Russian banks, including state-backed Sberbank and VTB, Russia's largest banks. Both have significant retail operations, which will disrupt Russia's economic stability. Sberbank, Russia's largest lender, will no longer be able to transfer money with the assistance of U.S. banks.

Export Controls Imposed on All Items in Categories 3 Through 9

On Thursday, February 24, the U.S. Department of Commerce's Bureau of Industry and Security (BIS) issued a sweeping set of export controls in a final rule, "Implementation of Sanctions Against Russia Under the Export Administration Regulations (EAR)," scheduled for publication to the Federal Register on March 3. The rule became effective yesterday. The export control measures are intended to restrict Russia's access to items it needs to further invade and occupy neighboring territories. The final rule states, "Russia's invasion of Ukraine flagrantly violates international law, is contrary to U.S. national security and foreign policy interests, and undermines global order, peace, and security, and therefore necessitates these stringent and expansive sanctions." The controls specifically target Russian supply chain access to products and technology, imposing new license requirements for exports, reexports, and in-country transfers of all items in Categories 3 through 9 of the EAR's Commerce Control List (CCL) (covering items such as microelectronics, telecommunications items, sensors, navigation equipment, avionics, marine equipment, and aircraft components). The new requirements apply to items that are currently controlled only for anti-terrorism (AT) reasons and exportable to almost all countries with no license required (NLR). These additional restrictions do not include deemed exports and reexports.

Review Policy of Denial for New License Applications

The new export control regulations specify a licensing review policy of denial. This means that, unless the regulations specifically permit a case-by-case review, any new license applications to export, reexport, or transfer (in-country) items will be denied. The regulations permit case-by-case review for limited types of exports, reexports, and transfers. Case-by-case review is available for transactions focused on listed end-uses, including maritime and aviation safety, humanitarian needs, government space cooperation, and in some circumstances civil telecommunications and government-to-government activities. In addition, exports destined for specified Western subsidiaries and joint ventures, as well as aligned countries including wholly owned subsidiaries of and joint ventures involving companies headquartered in the United States and these similarly aligned countries (countries in country group A:5 and A:6), can be considered on a case-by-case basis.

Limitation on the Use of License Exceptions

BIS also significantly limited the use of license exceptions for exports to Russia. As a general rule, license exceptions are not available unless the regulations specifically authorize them. The following license exceptions are available for certain exports, reexports, or transfers that may involve Russia:

1. ENC – available unless the item is going to Russian government end-users or Russian state-owned enterprises (SoEs)
2. CCD – consumer communications products including computers, printers, monitors, and other communication devices and related software
3. TMP – items for journalistic use by the news media
4. TSU – software updates for civil end-users with ties to entities headquartered in the U.S. or certain allied countries
5. GOV – items for use by personnel and agencies of the U.S. government, including all civilian and military departments
6. BAG – personal baggage of individuals leaving the U.S. for their own use or that of their immediate family also traveling or moving with them, excluding firearms and ammunition
7. AVS – certain equipment and spare parts for use on aircraft and vessels

Expanded U.S. Controls, Including Two New Foreign Direct Product Rules and Changes to the De Minimis Rule

The new measures against Russia add two new foreign direct product rules (FDPR), significantly expanding the scope of controls on foreign-made items. One rule covers exports to Russia broadly and the other covers exports to Russian military end-users. Additionally, BIS expanded the de minimis rule to include as "controlled content" all U.S.-origin and U.S.-controlled items in Categories 3 through 9, including items controlled only for anti-terrorism (AT) reasons.

First Rule: Russia FDP Rule

The EAR's FDPRs subject items to U.S. export controls if the foreign-produced items are the "direct product" of certain U.S.-origin software or technologies, or are manufactured in a plant using certain U.S.-origin software or technologies. The "Russia FDP Rule" broadens the scope of the EAR's previously existing "foreign direct product rules" by extending its application to all foreign-produced items, except those classified as EAR99, when: (1) those foreign-produced items are the direct product of U.S.-origin technology or software classified in Categories 3 through 9 of the CCL; and (2) there is knowledge that the foreign-produced item either is destined for Russia or will be incorporated into or used in the "production" or "development" of any "part," "component,'' or "equipment" produced in or destined to Russia. Please refer to the below flow chart.

Second Rule: Russia-MEU FDP Rule

The second rule, termed the "Russia-MEU FDP Rule," targets foreign-produced items going to certain Russian Military End-Users that are designated in the Entity List as a footnote 3 entity. The Russia-MEU FDP Rule covers all items subject to the EAR when: (1) those foreign-produced items are the direct product of ANY U.S.-origin technology or software; and (2) there is knowledge that the foreign-produced item will be incorporated into or used in the "production" or "development" of any "part," "component," or "equipment" produced, purchased, or ordered by any entity with a footnote 3 designation in the license requirement column of the Entity List (footnote 3 entity), or the footnote 3 entity is a party to the transaction involving the foreign-produced item as a purchaser intermediate consignee, ultimate consignee, or end-user. Please refer to the below flow chart.

De Minimis

The new regulations also have significantly expanded the de minimis rule for products destined for Russia. The revised de minimis rule requires that all U.S.-controlled content classified in Categories 3 through 9 (including items controlled only for AT reasons and items in other Categories that require licensing for export to Russia) be included in the de minimis calculation.

Exceptions for Certain Countries

There are exceptions to both the new FDPRs and the de minimis requirements for items developed or manufactured in a specified list of countries friendly to the United States that the United States expects will impose similar licensing requirements. When a product is being reexported or exported abroad from a location on the list of excluded countries, items controlled for AT reasons only or classified in ECCN 9A991 are not considered for the FDPR analysis or in the de minimis calculation.

Expanded Military End-Use/End-User Rule

BIS's regulations expand the military end-use/end-user rule to prohibit the export of all items subject to the EAR except for food and medicine classified as EAR99 and ECCN 5D992 (mass market) software intended for internet-based communications (unless being sent to the Russian government or a SoE). License exceptions are not available for export to these end-users or for these end-uses.

Significant Controls on New Regions of Ukraine

As discussed in our alert published on Wednesday, February 23, President Biden imposed sanctions targeting Russia's activities in two regions of Ukraine, the Donetsk People's Republic (DNR) and Luhansk People's Republic (LNR) regions. In response to sanctions imposed earlier this week by OFAC, BIS imposed sweeping license requirements for all items subject to the EAR (again, with the exception of food or medicine falling under EAR99, or mass market items unless destined for a Russian government end-user or SoE). Crimea is defined as "land territory in that region as well as any maritime area over which sovereignty, sovereign rights, or jurisdiction is claimed based on occupation of that land territory." The DNR and LNR regions were defined as "the land territory in the DNR and LNR regions, as well as any maritime areas over which sovereignty, sovereign rights, or jurisdiction is claimed based on occupation… or purported sovereignty." Therefore, the region controls currently cover the Crimea, DNR, and LNR regions, with the definition leaving room for expansion.

OFAC Designates Additional SDNs

Following the designation of VEB and PSB this week, OFAC added additional Russian financial institutions to the SDN list, including: VTB, Otkritie, Sovcombank, and Novikombank. Via General License 11, OFAC authorized activities "ordinarily incident and necessary to the wind down of transactions" with some key banks until March 26, 2022. Under General License 10, transactions ordinarily incident and necessary to the wind down of contracts where one of these entities is listed as a counterparty or that involves debt or equity of one of these entities are authorized until May 25, 2022. General License 9 permits transactions dealing in the debt or equity of one of these newly listed banks as long as it is being transferred to a non-U.S. person until May 25, 2022. Finally, transactions with these entities "related to energy" are authorized under General License 8 until June 24, 2022.

OFAC also added additional Russian oligarchs to the SDN list.

General Licenses

Concurrent with these designations, OFAC published a series of general licenses to authorize certain transactions that would otherwise be prohibited.

1. General License 5: Transactions for official business of certain international organizations and entities.
2. General License 6: Transactions necessary to provide food, medicine, and COVID-19 assistance to Russia.
3. General License 7: Transactions necessary for Russian overflights by U.S. aircraft or medical evacuations from Russia.
4. General License 12: Authorizes U.S. persons to reject—as opposed to block—all transactions involving Otkritie, Sovcombank, and VTB Bank and entities 50 percent or more owned by such entities through March 25, 2022.

As part of the U.S. response to Russia's activities in Ukraine, OFAC also added 24 Belarusian individuals and entities to the SDN list. The sanctions target two state-backed banks, Belinvestbank and Bank Dabrabyt, as well as Belarus' defense and security industries and defense officials.

Unprecedented Sanctions Against Russia's Largest Financial Institutions

OFAC has issued Directive 2 (pursuant to Executive Order (EO) 14024) to impose correspondent and payable-through account sanctions on Russian financial institutions. The Directive takes effect on March 26, 2022, and only applies to "U.S. financial institutions'' (including their foreign branches). To date, the only institution listed under this directive is Public Joint Stock Company Sberbank of Russia (Sberbank) and its subsidiaries. This directive prohibits "U.S. financial institutions" (including their foreign branches) from:

1. Opening or maintaining a correspondent account or payable-through account on Sberbank or its subsidiaries; and
2. Processing a transaction involving Sberbank and its subsidiaries.

Additionally, OFAC issued Directive 3, which prohibits U.S. persons from dealing in new equity and new debt from targeted entities with a maturity of longer than 14 days after March 25, 2022. These institutions are now heavily restricted from raising capital or generating revenue through the U.S. market, which limits the Kremlin's ability to raise money for its malign activity, including support for the further invasion of Ukraine. The impacted entities are large, Russian state-owned entities critical to the Russian economy, including Gazprombank, Gazprom, Gazprom Neft, and Sberbank.

Key Takeaways

• U.S.-origin encryption items can still be exported or reexported to Russia using License Exception ENC as long as they are not destined for a Russian government end-user or SoE.
• Online services may be provided to users in Russia who are not subject to sanctions, as long as there are no related software downloads and payment issues do not run afoul of the banking restrictions.
• Online services may NOT be provided to users in Crimea, the DNR region, or the LNR region. Appropriate geo IP blocking and address/city checks should be implemented to ensure that users are not in these prohibited regions.
• Deemed exports and reexports are not covered by the new licensing requirements on items in Categories 3 through 9.

We recommend that companies take various internal measures to ensure compliance with the new controls on Russia programs as relevant to their business.

• Companies should review all items being exported, reexported, or transferred in-country to Russia to ensure that they do not require licensing.
• Companies that conduct research and development or manufacturing in Russia must check to see if there are controls on the technology that is being provided to Russia for these activities.
• Companies need to ensure that they have measures in place to screen for the new breadth of sanctioned persons.
• We recommend that companies implement geo IP blocking and address/city checks to ensure that software and services are not inadvertently provided to the Crimea, the LNR region, or the DNR region.

President Biden vowed that these ongoing sanctions will have painful ramifications for Russia in the long term. We are continuing to monitor developments closely and will be in touch as additional restrictions are announced.