1. Electronics Company Hit With $6.6 Million Penalty for Unauthorized Software Exports
Keysight Technologies Inc., a California electronics company, has settled with the Department of State, agreeing to pay a $6.6 million penalty to resolve alleged unauthorized exports in violation of the Arms Export Control Act and the International Traffic in Arms Regulations. The company is required to have a monitor for two years and to conduct an external audit to assess and improve its compliance program. The violations were found as a result of Directorate of Defense Trade Controls asking the company to do a Commodity Jurisdiction request on its software to check its classification. Technology companies should be aware that government authorities are monitoring software exports for potential violations, so they should ensure proper classification to understand authorization requirements before exporting software or technical data, which can include providing access to online uses in another country.
2. Crypto Company Fined $100 Million for AML and Sanctions Compliance Deficiencies
BitMEX, a cryptocurrency derivatives exchange company, has agreed to pay $100 million to settle charges by the Treasury Department’s Financial Crimes Enforcement Network for willfully failing to maintain a compliant anti-money laundering program. Since its founding, BitMEX had no anti-money laundering program or know-your-customer procedures; it thus permitted thousands of transactions with suspicious counterparties, including numerous transactions with darknet markets and high-risk jurisdictions such as Iran, as well as with parties sanctioned by the Office of Foreign Assets Control (OFAC). This enforcement action highlights that sanctions compliance is a requirement for all, including those in the cryptocurrency space.
3. Defense Contractors Get Prison for $25 Million "Made in USA" Scam
The owner of Virginia-based defense contractor Iris Kim Inc. and four employees have received prison terms for relabeling Chinese-imported goods as American-made. From January 2012 to December 2018, Iris Kim Inc. allegedly defrauded the U.S. government by importing goods from China and relabeling them “Made in USA” in violation of their contracts, worth $24 million, with the U.S. Marine Corps, Army, Coast Guard, and National Guard, which had source-of-good requirements.
4. OFAC, Bank of China Strike $2.3 Million Deal Over Sudan Sanctions Violations
Bank of China (UK) Limited, located in London, has agreed to pay $2.3 million as part of a settlement agreement with OFAC. From 2014 to 2016, the company processed 111 commercial transactions worth $40.6 million through the U.S. financial system on behalf of parties in Sudan in violation of the now-repealed Sudan sanctions program. The highest potential penalty for this case was more than $99 million; however, as the bank voluntary self-disclosed the violations and agreed to take remedial actions, including establishing executive-level compliance obligations, OFAC settled for a significantly lower amount.
5. Government, Security Sectors Target of Broader Sanctions in Belarus
The August 9 Executive Order 14038 (EO 14038) expands the scope of the national emergency declared in Executive Order 13405 in response to the Belarusian regime’s suppression of democracy and human rights violations. The EO provides OFAC with the authority to sanction additional parties in Belarus, including those that are a part of the “Government of Belarus,” entities owned or controlled by the government, and entities operating in the security, energy, potassium chloride, tobacco, construction, or transportation sectors of the Belarusian economy. OFAC added 23 individuals and 21 entities from Belarus to the SDN list as a result of the EO. Companies doing business in Belarus should continue to monitor the evolving sanctions regulations impacting Belarus and conduct proper due diligence. Further sanctions targeting state-owned enterprises and others in those key sectors are likely in the future.
6. Chinese Data Security Law Restricting Cross-Border Data Transfer Goes Into Effect
China’s new Data Security Law went into effect September 1. The new law restricts certain data transfers from China, including those to foreign law enforcement, without prior approval from Chinese officials. Companies and individuals, including multinational companies, should assess their current procedures to ensure compliance with the new law; violators can be fined up to US$770,000 and be required to suspend the entity’s operations in China.
Trade tip of the month: In lieu of our usual trade tip, we asked our TerraLex partner firm in Mexico to provide an update related to the United States-Mexico-Canada Agreement (USMCA). Juan Carlos Machorro of Santamarina and Steta in Mexico City provided the following:
The USMCA has imposed new labor standards on companies doing business in Mexico, particularly those exporting goods throughout North America. It has set new rules for purposes of complying with the principles of freedom of association and the right to collective bargaining. U.S. companies with operations in Mexico must observe the new rules; otherwise, they can be made part of a Rapid Response Mechanism, which is a fast-track procedure intending to investigate violations and determine remedies to solve such violations. Affected facilities in Mexico can eventually be banned from exporting goods to the rest of North America or having their preferential tariffs reduced.