1.   Enforcement Roundup: FCPA, Crypto, and Anti-Boycott Actions

• Crypto Asset Company Settles Sanctions Violations for $7.5 million
  On May 1, the U.S. Department of Foreign Assets Control (OFAC) announced a $7.5 million settlement with crypto asset company Poloniex LLC for 65,942 apparent violations of the Crimea, Cuba, Iran, Sudan, and Syria sanctions programs. Between the company’s inception in January 2014 and November 2019, Poloniex allowed customers located in sanctioned jurisdictions to use its platform to trade, deposit, and withdraw funds. The value of the combined transactions totaled $15,335,349. While Poloniex developed a sanctions compliance program in 2015 that implemented a know-your-customer (KYC) review for new customers, the company did not screen existing customers, so customers located in a sanctioned jurisdiction were able to continue to use the platform. This enforcement action demonstrates the importance of implementing sanctions compliance in the business at the outset, especially for companies involved in emerging technologies or financial services.
• Dutch Medical Device Company Settles for $62.1 Million FCPA Violations Related to Chinese Sales
  On May 11, the Securities and Exchange Commission (SEC) charged and imposed $62.1 million in civil fines and penalties on Dutch medical device company Koninklijke Philips N.V. (Philips) for violating the Foreign Corrupt Practices Act’s (FCPA) books and records and internal accounting controls provisions. From 2014 to 2019, two Philips subsidiaries in China used “special price discounts” to create large profit margins for its distributors. The funds were used to corrupt public tender processes for the sale of diagnostic imaging equipment to Chinese state-owned hospitals through distributors and other sales channel partners. Philips’ Chinese subsidiaries did not properly account for the special price discounts in their books and records, discrepancies that were further consolidated in the parent company’s books and records.
• U.S. Consulting Firm Settles for $2.45 Million FCPA Violations Related to South African Consulting Subcontracts
  On May 26, the SEC charged Gartner Inc., a U.S.-based consulting company, with violating the FCPA’s books and records and internal accounting controls provisions and imposed $2.45 million in civil fines and penalties. In 2015, a Gartner public contracting manager authorized a subcontract with a South African consulting company knowing (or consciously disregarding the high likelihood) that the fees paid to the subcontractor would be passed to government decision-makers at the South Africa Revenue Service, which was considering whether to award consulting contracts to Gartner. The purported justification for subcontracting with the South African company was to comply with South Africa’s Broad-Based Black Economic Empowerment Act. However, this purported justification was false. In fact, Gartner, through its local subagents, already satisfied the relevant legal requirements. The SEC further found that Gartner’s policies relating to third-party consultants did not adequately address anti-corruption risk because the company lacked risk-based screening procedures, anti-corruption onboarding procedures, and adequate monitoring procedures for such third parties.
• Crypto Developer Gets 10-Year Export Bar and Prison Time for Aiding North Korea
  In April 2022, Virgil Griffith was convicted of two counts of violating the International Emergency Economic Powers Act, and this month, pursuant to the Export Control Reform Act, the Bureau of Industry and Security (BIS) has denied his export privileges for 10 years. Griffith was sentenced to five years in prison and fined $100,000, in addition to the decade-long export privilege ban, for helping North Korea develop blockchain technology to dodge U.S. sanctions.
• UAE Company Fined $283,500 for Failing To Report Boycott Requests
  On May 18, BIS announced a $283,500 penalty against Regal Beloit FZE, a subsidiary of Regal Beloit America Inc., to resolve its 84 violations of the anti-boycott provisions of the Export Administration Regulations. This is the first major administration action following a new policy to increase anti-boycott enforcement that was implemented in October 2022.

2.  DDTC Issues Guidance on USML Category XXI AES Reporting

On May 3, a proposed rule was published in the Federal Register regarding the Automated Export System (AES) reporting requirements for U.S. Munitions List (USML) Category XXI exports. Simultaneously, the Directorate of Defense Trade Controls (DDTC) published associated FAQs on its website. The new proposed rule requires the exporter to provide evidence of a DDTC classification, since self-classification is not allowed for Category XXI. USML Category XXI includes articles, technical data, and defense services “not otherwise enumerated” under the USML, but it is not to be used as “a catchall for a wide range of miscellaneous items.” Parties may provide comments on the proposed rule and its impact on their business through the Federal eRulemaking Portal or by direct email to gtmd.ftrnotices@census.gov, referencing RIN 0607–AA61 in the subject line.

3.  Recent CFIUS FAQs Clarify Requirements Involving ‘Springing Rights’ and the Committee’s Right to Request Information on Indirect Foreign Investors and Limited Partners in CFIUS Reviews

For companies making a mandatory Committee on Foreign Investment of the United States (CFIUS) filing, CFIUS has clarified the definition of “completion date” of a transaction, stating that parties must submit mandatory filings 30 days prior to the date on which an ownership interest is conveyed. The clarification effectively prohibits the use of “springing rights” in which an investor acquires equity upon closing but delays the investor’s governance and information rights so as not to be the trigger of a mandatory CFIUS declaration. This may complicate venture capital (VC) investments where a company needs immediate capital. In addition, CFIUS clarified that it may review any and all indirect foreign investors involved in a transaction, including limited partners in an investment fund. While this is not a new policy, it indicates that private equity and VC firms must carefully consider CFIUS issues.

4.  DOJ Fact Sheet on How To Avoid Discrimination While Complying With U.S. Export Laws

The Department of Justice (DOJ) recently published a fact sheet to help companies avoid immigration-related discrimination while complying with U.S. export control laws. Key takeaways from the DOJ fact sheet, recent investigations, and settlements are that employers should create a process to ensure there are clear guidelines for identifying roles that would be affected by export control regulations; review current protocols with regard to how jobs are posted to ensure that export control concerns are addressed in compliance with anti-discrimination laws before posting; train human resources (HR) personnel and ensure job listings do not limit positions to candidates with certain citizenships, immigration statuses, or national origins; ensure that all documents reflect, and HR employees understand, that U.S. persons include more than U.S. citizens; do not use I-9 forms to collect export control information, and keep documentation on HR and export control matters separate; and when there is a job with export control compliance requirements that necessitate the collection of citizenship or immigration status, always explain to candidates that you are asking for documentation solely for export control compliance purposes.

5.  USTR Extends Exclusions of COVID-19-Related Products From China Section 301 Tariffs

On May 12, the Office of the United States Trade Representative (USTR) announced an additional 138-day extension for 77 of the 81 COVID-19-related product exclusions in the China Section 301 investigation; the exclusions now expire on Sept. 30. The USTR’s review of comments submitted by companies in January as part of the legally mandated four-year review of the Section 301 tariffs on China is still pending but could result in further relief.

6.  Deadline for Mandatory Commerce Dept. BEA Filing

The Bureau of Economic Analysis’ (BEA) BE-12 benchmark survey was due May 31, but it may still be submitted via e-File until June 30. U.S. entities in which a foreign investor directly or indirectly owns or controls a 10 percent or greater voting interest in the company must file. The benchmark survey is conducted every five years, replaces the annual BE-13 filing requirement for the relevant year, and is mandatory. Failure to file or provide accurate data can result in civil or criminal penalties. The filing is confidential. The BEA uses these surveys to track foreign investment activities in the United States and publishes only anonymized results.

TRADE TIP OF THE MONTH: Enhanced Requirements for Software Sales to the U.S. Government

Technology companies providing software to the federal government will soon be required to comply with the new Secure Software Design Framework (SSDF), attesting that their software was designed with security in mind. In 2021, the Biden administration issued Executive Order 14028, related to enhancing cybersecurity and leading to the development of the SSDF. The initial deadline for complying with the SSDF requirements is June 11 for critical software and Sept. 23 for noncritical software. While this deadline may be extended as the government seeks comments on the implementation of the SSDF, software developers should review and implement necessary steps in preparation for the SSDF requirements.