1. Commerce Issues Final Rule Targeting Connected Software Applications

On June 16, the U.S. Department of Commerce published a final rule, to be effective July 17, implementing the Protecting Americans’ Sensitive Data From Foreign Adversaries and amending the Securing the Information and Communications Supply Chain (ICTS) regulations, which will have potential impacts on transactions involving certain technology and software. The ICTS rule gives Commerce the authority to prohibit certain transactions involving a foreign adversary that pose an undue risk to national security. Under this final rule, Commerce has expanded and institutionalized its review process with eight new criteria to determine whether ICTS transactions pose undue risk. The rule also clarifies several definitions, including “end-point computing device” and “connected software applications.” Companies should ensure they prepare in advance to mitigate any concerns that Commerce may raise when companies are involved in ICTS transactions that are within the ICTS rule’s jurisdiction.

2. Bill Proposes Reward for Reporting Sanction Evaders

Congress is considering a bipartisan bill to reward reporters of economic sanctions evasion. Proposed in late June, the Sanctions Evasion Whistleblower Rewards Act would expand the U.S. Department of State’s existing Rewards for Justice program and authorize the department to pay rewards to informants who provide details leading to the arrest or conviction of evaders of U.S. or United Nations sanctions. The proposed legislation is yet another signal that the government is serious about pursuing anyone who attempts to evade U.S. sanctions.

3. Disruptive Technology Strike Force Brings First Enforcement Actions

On May 16, the Department of Justice (DOJ) announced the first enforcement actions since the launch of the Disruptive Technology Strike Force in February. The strike force is a joint effort between the DOJ and the Department of Commerce’s Bureau of Industry and Security (BIS) to protect critical technologies from foreign adversaries, including China, Iran, Russia, and North Korea. Two of the recent enforcement actions involved software engineers stealing U.S. source code used in “smart” automotive manufacturing equipment to market to Chinese competitors. Two other cases targeted a procurement network created to help Russian military and intelligence services obtain sensitive technology. The final case involved a Chinese procurement network established to provide Iran with materials used in weapons of mass destruction, which conducted transactions with a U.S. financial institution. Organizations in advanced technology fields should assess whether and to what extent export controls apply to their technologies and ensure they have the proper procedures and internal operations in place to prevent unauthorized releases of any controlled goods or technology.

4. US Government Warns UAV Parts Industry of Increased Risk of Diversion to Iran

The Justice, Commerce, State, and Treasury departments issued a joint advisory on June 9 providing guidance to the unmanned aerial vehicles (UAV) industry on the threat of Iran’s procurement, development, and proliferation of UAVs and appropriate steps to ensure compliance with applicable legal requirements across the supply chain. Iran relies on several key commodities for its development of UAVs: electronics; guidance, navigation, and control equipment; components such as aircraft spark-ignition and compression-ignition internal combustion piston engines and associated spare parts; and modules such as flight computers. Many of these items may be commercial-grade components. The private sector must be vigilant in meeting its compliance obligations due to the threat posed by the extensive overseas network of procurement agents, front companies, suppliers, and intermediaries Iran uses to obtain UAV components–all of which employ a variety of methods to evade export controls and sanctions.

TRADE TIP OF THE MONTH:

Several recent Office of Foreign Assets Control (OFAC) settlements demonstrate the importance of an effective, risk-based compliance program and the consequences of violating sanctions laws. Microsoft paid nearly $3 million and Poloniex LLC paid $7.5 million. One key takeaway from these and other recent OFAC enforcement actions is OFAC’s expectation that companies collect and screen customer geolocation data and formalize that process in their compliance programs. Regularly auditing and implementing improvements to risk-based due diligence procedures demonstrates to OFAC a commitment to compliance.