U.S. Sanctions Laws: Dangers Ahead For Foreign Companies (Part I)

Williams Mullen

Williams Mullen

Introduction.  International companies are signaling growing concern about the U.S. sanctions laws.  These laws impose restrictions on entering business transactions with certain targeted countries, companies and even individual persons anywhere in the world.  These apply, of course, to U.S. firms.  However they can also apply to non-U.S. parties in certain cases, even in activities that have no connection to the U.S.  Many foreign companies ask how the U.S. Government can extend the long arm of its jurisdiction around the world - yet the incidence of U.S. sanctions on non-U.S. parties is increasing.   In light of the significant recent penalties imposed on non-U.S. parties for U.S. sanctions violations, including $8.9 billion for financial institutions[i] and $1.19 billion for non-financial companies,[ii] every non-U.S. company should be aware of these laws.

The U.S. sanctions laws can apply to foreign parties in a number of ways - if foreign companies have certain requisite contacts with the U.S., under “secondary sanctions” and for providing material support and assistance to certain parties that have been targeted for sanctions.  In addition, foreign persons and entities can be individually designated for sanctions and placed on U.S. List of Specially Designated Nationals and Blocked Persons or other restricted party lists.  Problems can come out of nowhere – such as when Huawei Technologies CFO Meng Wanzhou was recently arrested in a Canadian airport lounge for extradition to the U.S. for U.S. sanctions violations.  

These laws create a growing legal risk for foreign companies and financial institutions – often without their even knowing it.  The following provides a more detailed discussion of the U.S. sanctions laws for non-U.S. companies and steps they can take to reduce these risks.

1.         Overview Of The U.S. Sanctions Laws.  The U.S. sanctions laws are a complex web of legal requirements designed to achieve the foreign policy goals of the United States.  They are administered by the Office of Foreign Assets Control (“OFAC”) within the U.S. Department of the Treasury in Washington, DC, in conjunction with the State Department and other U.S. agencies.  Sanctions are typically initiated by the President issuing an Executive Order declaring a national emergency under the International Emergency Economic Powers Act (“IEEPA”),  the National Emergencies Act or similar authority and designating parties who will be the target of the sanctions.

There are currently 30 separate sanctions programs administered by OFAC (a list of the current sanctions programs is set forth in Exhibit A and examples of sanctions requirements are set forth in Exhibit B.)  Certain of the sanctions programs are focused on individual countries (the “country-based programs”) and others target specific activities such as terrorist and proliferation activities (the “list-based programs”).  Under the country-based programs the U.S. maintains comprehensive sanctions programs for Iran, Syria, N. Korea, Cuba and the Crimea region of Ukraine - U.S. parties are prohibited from entering almost all business transactions with the targeted country, its government and its nationals.  Under other country-based programs, such as Russia and Venezuela, parties are prohibited from entering certain types of transactions with the targeted country but permitted to engage in others.

Under list-based programs, the U.S. identifies individuals and entities on a global basis who have engaged in activities that are contrary to U.S. policies such as terrorist attacks, nuclear proliferation, human rights abuses and corruption for individual sanctions.

An important component of the U.S. sanctions laws is that OFAC frequently targets individual persons and entities for the imposition of sanctions.  Targeted parties are typically placed on the OFAC List of Specially Designated Nationals and Blocked Persons (the “SDN List”) and all property and property interests of the targeted parties are blocked and may not be transferred, paid, exported, withdrawn or otherwise dealt in.  As a result, U.S. persons and other parties subject to U.S. jurisdiction are prohibited from entering most types of business transactions with the targeted party anywhere in the world, and it is cut off from the dollar-denominated U.S. financial system.  In addition, U.S. persons are required to block the assets of the targeted party that come within the U.S. person’s possession and not deal in them.  In addition to the SDN List, OFAC maintains eight other restricted party lists,[iii] which place different, sometimes less restrictive requirements related to listed parties.  OFAC also promulgates a Consolidated List which includes the identities of parties on the SDN List and a number of the other restricted party lists.[iv]

But it gets more interesting.  Under OFAC’s 50% Rule, if an entity such as a company or partnership is owned 50% or more by one or more parties on the SDN List, that entity is also treated as if it is on the SDN List and subject to blocking and asset freezes, even if it is not itself named on the SDN List.  OFAC attempts to block all property and property interests of SDN parties and considers stock in an entity that is owned by an SDN (and the entity itself and its assets if owned 50% or more by SDN’s) as subject to the blocking and asset freeze requirements.  This can create major complexities if a party is trying to enter a transaction with a foreign company but cannot determine if the foreign company is owned by SDNs and subject to sanctions designations.

Sanctions are often imposed in an incremental fashion.  For example, in 2014 President Obama imposed sanctions on a small number of Russian government officials in response to Russia’s military activity in Ukraine.  When Russia continued its military actions, the sanctions were expanded to cover a wider group of political and business leaders and Russian companies, and a total embargo on the Crimea region of Ukraine.  Eventually the U.S. placed ”sectoral sanctions” on entering certain transactions with targeted Russian companies in the energy, financial and defense sectors, although many other types of business activities in Russia were still permitted.  During this period, the Bureau of Industry and Security (“BIS”) also imposed restrictions prohibiting certain activities involving Russian deepwater, Arctic and shale energy production.[v]  More recently the United States has imposed additional sanctions on Russian parties for cybersecurity violations, meddling in U.S. elections, corruption and human rights abuses. 

The OFAC restricted party lists are not limited to parties from the countries subject to country-level sanctions programs such as Iran and North Korea -  OFAC frequently targets parties in other countries as well.  Thus sanctions requirements related to SDN’s and other listed parties may arise in effectively any country in the world.

OFAC has issued general license that provide certain exceptions to the sanctions restrictions such as involving information materials and the sale of agricultural products, medicines and medical devices.[vi]  In addition, OFAC can grant “specific” licenses in which it provides authority for a party to engage in a particular activity that is otherwise prohibited in response to a specific request.

If a party is placed on the SDN List, it is effectively cut off from a major portion of international business and financial transactions, access to most bank accounts and restrictions on international travel.  As a result, the restricted party lists have become a powerful tool for the United States to isolate foreign adversaries and advance its interests around the world short of taking military action. 

If a party is placed on the SDN List there is a procedure under which the party can file a delisting petition with OFAC to request to be removed from the list.[vii]  However, when a party is initially designated on the SDN List it is not subject to the same proceedings as in an OFAC enforcement case (see section 2 B below for further discussion of this issue)..    

Penalties for violations of the U.S. sanctions laws include civil and criminal penalties of up to twenty years imprisonment and $1,000,000 in fines per violation.[viii]  In addition, foreign parties that engage in activities that undermine or circumvent the U.S. sanctions laws may themselves be subject to sanctions liability.  (For additional information on penalties and steps for addressing trade violations see: Dealing With Violations In Export and Import Transactions).

2.         Application Of U.S. Sanctions Laws To Non-U.S. Parties.  The U.S. sanctions typically apply to “U.S. persons.”  However they can also apply to non-U.S. persons and companies in certain cases – and the incidence of and legal theories behind such applications are expanding. 

The term “U.S. person” is generally defined in the U.S. sanctions laws as: (i ) U.S. citizens and permanent resident aliens wherever located; (ii) entities organized under the laws of the U.S. or a jurisdiction within the U.S. (including foreign branches of such entities); and (iii) any individual or entity within the U.S.[ix]  Also property of foreign parties that is located in the U.S. or comes within the possession or control of any U.S. person anywhere in the world is subject to OFAC jurisdiction.

In addition, however, OFAC has applied the sanctions laws to foreign companies in many instances as well.  In fact, the incidence of this is increasing due to recent political events (such as in Iran and N. Korea), and recent legislative enactments such as the Countering America’s Adversaries Through Sanctions Act of 2017 (“CAATSA”).[x]  To date there are four principal categories in which non-U.S. parties have been subject to U.S. sanctions: (i) where the foreign party has a requisite level of contacts with the U.S.; (ii) where the foreign party has been designated itself for sanctions and listed on the SDN List or other restricted party lists; (iii) under “secondary sanctions” (ie., sanctions that specifically apply to non-U.S. persons); and (iv) for providing material support or assistance to or facilitating[xi] a significant transaction with certain parties that are subject to sanctions.  If a foreign company or individual violates a provision of the U.S. sanctions laws, they can be exposed to significant consequences for such actions.

A.     Contacts With the United States.  To start, if a non-U.S. company has a sufficient level of contacts with the United States, it can become subject to OFAC jurisdiction and the U.S sanctions laws.  Such jurisdiction can arise in a number of ways.  If a non-U.S. company engages in a transaction involving U.S. persons or U.S. - origin products, technology or services, or has a presence in the U.S., the transaction can become subject to OFAC jurisdiction. 

In addition foreign firms can be found to have “contacts” with the U.S. even if they only have a limited presence in the U.S. and there are no U.S. persons, products, technologies or services involved.  The question of what constitutes a sufficient nexus to U.S. jurisdiction is an evolving theory of law and is expanding over time as new OFAC enforcement cases are announced.  Examples of OFAC cases involving foreign companies include:

  • OFAC has long held that if a non-U.S. company engages in business transactions in U.S. dollars, the foreign party is availing itself of the U.S. financial system and hence becomes subject to the U.S. sanctions laws.  This is even if the company and the transactions are outside the U.S.  Some of the largest OFAC enforcement cases have involved foreign financial institutions and their operations involving countries subject to sanctions – see for example cases involving: BNP Paribas ($8.97 billion in combined forfeiture and penalties),[xii] Commerzbank ($1.45 billion in combined penalties)[xiii] and Standard Chartered that were alleged to have violated U.S. sanctions laws.
  • In an OFAC enforcement case involving a Singapore oilfield services company COSL Singapore Ltd. and its foreign affiliate companies (collectively “COSL”), the company operated oil rigs and crews for third party owners in Asia and the Arab Gulf region.  OFAC alleged that the company exported or attempted to export 55 orders of oil rig supplies from the U.S. to Singapore and the UAE, and then reexported such items to be used on oil rigs located in Iran.  OFAC initiated enforcement proceedings against COSL for alleged violation of the Iran sanctions regulations and the company agreed to pay a significant penalty to resolve the charges.
  • In a recent OFAC enforcement case involving the Taiwanese shipping company B Whale Corporation “B Whale”), B Whale engaged in transactions involving Iran that were wholly outside of the U.S. and involved no U.S. parties or products.  In such transactions, a vessel owned by B Whale conducted a ship-to-ship transfer of oil with a vessel owned by the National Iranian Tanker Company and identified on the SDN List.  Previously, B Whale had filed for bankruptcy in a U.S. bankruptcy court.  OFAC concluded that the Taiwanese company was subject to U.S. jurisdiction because the company had previously filed for bankruptcy in a U.S. bankruptcy court. 
  • In another OFAC enforcement case, a Singapore company CSE Global Limited and its wholly owned Singapore subsidiary were found to be subject to OFAC jurisdiction and $12,000,000 in penalties when it sold non-U.S. origin communications equipment to Iran.  OFAC concluded that the company was subject to U.S. jurisdiction since it originated a number of U.S. dollar wire transfers involving the Iranian project.[xiv]   OFAC claimed that by initiating such transfers CSE “caused” at least six financial institutions to engage in the unauthorized export or reexports of financial services from the U.S. involving Iran in violation of §560.204 of the Iran Transactions and Sanctions Regulations (“ ITSR”).    
  • In the well known case involving Chinese company ZTE Corporation (“ZTE”), the company was charged with selling telecommunications products to Iran in violation of U.S. sanctions laws.[xv]  The company became the subject of a well-publicized investigation by the U.S. Justice Department, OFAC and BIS for sanctions violations and agreed to settle the case and pay $1.19 billion in combined criminal and civil penalties.

Foreign companies with the requisite U.S. contacts that engage in sanctions violations face potential OFAC civil enforcement actions and criminal prosecution by the U.S. Justice Department, and are subject to the penalties discussed in Section 1 above.[xvi]  This is a different consequence than may arise for other types of sanctions violations by foreign companies as discussed in Sections 2.B, C, D and E below.

Thus even if a non-U.S. company has only tangential contacts with the U.S., it runs the risk of becoming viewed by OFAC as a “U.S. person” and/or otherwise subject to U.S. jurisdiction.  Whether a company’s contacts with the U.S. rise to the level of establishing U.S. jurisdiction will depend upon the facts of the situation and the most recent OFAC enforcement cases.  The question of what constitutes a sufficient nexus to U.S. jurisdiction is likely to continue to evolve as new OFAC cases are announced in the future. 

B.   Direct Designations For Sanctions.  At the core of the U.S. sanctions laws is the actual designation of a specific person or entity as a target for sanctions.  If a foreign party engages in activities that violate specific U.S. policy goals, the U.S. can designate the party on the SDN List or target it for other types of sanctions.  Since most parties designated under U.S. sanctions are non-U.S. parties, this can be a significant source of liability for foreign companies.  

The policy goals behind the 30 sanctions programs are set forth in various Executive Orders issued by the President under IEEPA and other legal authorities, and cover a wide array of activities including terrorist activity, weapons proliferation, human rights violations, election meddling, corruption and narcotics trafficking.[xvii]   For example, the U.S. recently listed 17 Saudi Arabian government officials on the SDN List for their participation in the alleged killing of journalist Jamal Khashoggi based upon human rights violations.[xviii]   Other examples of policy reasons for sanctions designations include:

  • Repressing Democracy – Designation of the President of Petroleos de Venezuela, SA for being aligned with Venezuelan President Nicolas Maduro.[xix]
  • Terrorist Support – Designation of two officials of Hizballah for engaging in operational, intelligence and financial activities for Hizballah;[xx]
  • Computer Hacking/Cybersecurity – Designation of two individuals for exchanging bitcoin related to the SamSam ransomware cyber-security scheme;[xxi]
  • Undermining Democratic Processes – Designation of Murillo De Ortega in Nicaragua for undermining democratic processes and threatening the peace in Nicaragua;[xxii]
  • Ethnic Cleansing – Designation of four Myanmar military officials for actions against the Rohingya Muslims in Rakhine State in Myanmar.[xxiii]

One dramatic example of SDN designations was the recent listing of 38 prominent Russian “oligarchs” and government officials.  On April 6, 2018 OFAC designated 38 Russian parties on the SDN List under the Russia/Ukraine sanctions program including seven Russian business executives, twelve companies that they owned or controlled, seventeen Russian government officials, a state-owned weapons company and a Russian bank.  The parties were listed for having close ties to Vladimir Putin and playing a key role in Russia’s “malign” activities involving Ukraine, Syria, subversion of western democracy and cyber-activities.[xxiv]

The designations included many of the most prominent and politically-connected businessmen in Russia.   In addition, since the sanctions also apply to companies that are 50% or more owned by these parties, the sanctions flowed down to many of the largest companies across the Russian economy that are owned by these parties including publicly traded United Company Rusal PLC, EN+, GAZ Group and Rosoboronoeksport.[xxv]  As a result, many companies around the world that conducted business with these companies quickly wound down their business dealings with these parties or risked being targeted for U.S. sanctions themselves.  Thus the sanctions designations cut off a large portion of Russia’s political and business elite from mainstream global commerce in a single stroke.[xxvi]

The designation of a party on the SDN List is a non-public process conducted by OFAC in conjunctions with other federal agencies.  According to OFAC guidance, information is collected from U.S. government sources, intelligence reports, foreign governments and open sources.  OFAC then reviews the information and prepares a formal evidentiary memorandum setting forth evidence supporting its conclusion that the party meets the criteria under the sanctions authority.  OFAC then seeks the concurrence of other federal agencies which may include the Departments of the Treasury, Justice, State and other agencies.

Designation of a party on the SDN List is not a civil or criminal enforcement proceeding or the imposition of a penalty thereunder.  Rather it is an extra-judicial process for violation of a U.S. policy.  Consequently SDN’s are not afforded the full procedural protections and due process rights normally provided in U.S. civil or criminal legal proceeding prior to the designation.  (However as discussed above parties on the SDN List are permitted to file a delisting petition with OFAC to request to be removed from the list.)  Notwithstanding, the “penalty” of being listed on the SDN List can be as bad or worse than the penalty in an enforcement case.

As referenced above, once a party is listed on the SDN List it is cut off from a large portion of international business and banking transactions, international travel and subject to a worldwide asset freeze.  Consequently these designations can have a truly devastating impact on individuals and business organizations.  Thus by designating parties on the SDN List, the U.S. extends its influence over foreign parties who have no contacts with the U.S. for simply having engaged in activity that is contrary to U.S. policy goals.

The remainder of this article is available in Part II (coming soon).



Balkans-Related Sanctions ​

​Belarus Sanctions ​

​Burundi Sanctions  ​

​Countering America's Adversaries Through Sanctions Act of 2017 (CAATSA)

​Central African Republic Sanctions  ​

​Counter Narcotics Trafficking Sanctions

​Counter Terrorism Sanctions

​Cuba Sanctions  ​

​Cyber-Related Sanctions ​

​Democratic Republic of the Congo-Related Sanctions  ​

​Foreign Interference in a United States Election Sanctions 

​Global Magnitsky Sanctions

​Iran Sanctions  ​

​Iraq-Related Sanctions  ​

​Lebanon-Related Sanctions ​

​Libya Sanctions   ​

Magnitsky Sanctions ​

​Nicaragua-Related Sanctions ​

​Non-Proliferation Sanctions ​

​North Korea Sanctions   ​

​Rough Diamond Trade Controls ​

​Somalia Sanctions ​

​Sudan and Darfur Sanctions  ​

​South Sudan-Related Sanctions ​

​Syria Sanctions ​

​Transnational Criminal Organizations  ​

​Ukraine-/Russia-Related Sanctions  ​

​Venezuela-Related Sanctions  ​

​Yemen-Related Sanctions ​

​Zimbabwe Sanctions



Examples of recent sanctions requirements include[xxvii]:

  • Iran – Restrictions on U.S. persons entering most types of business and financial transactions with Iran, the Government of Iran and persons in Iran with limited exceptions; certain secondary sanctions apply to non-U.S. parties;
  • Russia/Ukraine – Multiple restrictions on U.S. persons including (i) restrictions on entering transactions with designated Russian and Ukrainian government officials and private parties; (ii) a complete trade and investment ban for the Crimea region of Ukraine; (iii) restrictions on entering certain transactions with targeted Russian companies in specific industry sectors including energy, banking and defense;[xxviii] (iv) restrictions on entering transactions with certain Russian “oligarchs” and companies in which they have ownership interests of 50% or more; and (v) restrictions on entering transactions with Russian individuals and entities that have been designated for sanctions for cybersecurity violations, election meddling, corruption and other activities;  certain secondary sanctions apply to non-U.S. parties;
  • Syria, Cuba, N. Korea – For U.S. persons, comprehensive sanctions similar to Iran sanctions program; certain secondary sanctions may apply in certain instances to foreign parties;
  • Venezuela - Restrictions on entering certain transactions with  the Government of Venezuela, Petroleos de Venezuela, S.A., other designated Venezuelan parties and transactions involving cryptocurrency issued by the Government of Venezuela; 
  • Chinese Banks, Trading and Shipping Companies – In addition to restrictions on dealing with N. Korean parties, the N. Korean sanctions program imposes restrictions on U.S. and foreign parties in dealing with designated Chinese and other non-U.S. banks, industrial companies, trading companies and shipping companies that do business with N. Korea;
  • Cybersecurity – Restrictions on entering transactions with parties that have been sanctioned for involvement in cyber-security attacks against the U.S. including N. Korean parties in the  Sony Pictures cyber-attack and Russian  parties in connection with the 2016 U.S. Presidential elections;
  • Global Magnitsky Sanctions – Prohibition on entering transactions with parties designated by the U.S. for human rights and corruption violations;
  • Cryptocurrencies – The prohibition on entering transactions involving cryptocurrencies issued by the Government of Venezuela (including the newly established Venezuelan cryptocurrency the “Petro”);
  • Global Terrorist Sanctions – Restrictions on entering transactions with parties designated for sanctions for engaging in acts of terrorism, and with entities controlled 50% or more by such parties and parties that sponsor, provide financing or material or technological support for such parties;
  • Vessels - Restrictions on chartering certain vessels that have been designated by OFAC for participation in sanctions evasion under various sanctions programs;
  • Sanctions Evaders – Restrictions on U.S. and foreign parties providing material support, assistance, financing and other resources for certain parties that are listed on the OFAC List of Specially Designated Nationals and Blocked Persons.

See Part II here.

[i] On May 1, 2015 the U.S. Justice Department announced the conviction of BNP Paribas S.A. for conspiring to violate the U.S. sanctions laws with a total financial penalty (including forfeiture and criminal fine) of $8.9 billion.  See Justice Department release at: https://www.justice.gov/opa/pr/bnp-paribas-sentenced-conspiring-violate-international-emergency-economic-powers-act-and.

[ii] In March 2017 ZTE Corporation agreed to pay $1.19 billion in combined civil and criminal penalties for violations of U.S. sanctions laws regarding sales of products to Iran.  See:  https://www.justice.gov/opa/pr/zte-corporation-agrees-plead-guilty-and-pay-over-4304-million-violating-us-sanctions-sending.

[iii] These include the: Consolidated Sanctions List; ​​​​​​​​​​Sectoral Sanctions Identifications List; F​​oreign Sanctions Evaders List; Non-SDN Palestinian Legislative Council List; No​n-SDN Iranian Sanctions List; List of Foreign Financial Institutions Subject to Part 561 (the "Part 561 List"); 13599 List (see technical notice at: https://www.treasury.gov/resource-center/sanctions/SDN-List/Pages/20181105.aspx); and List of Foreign Financial Institutions Subject to Correspondent Account or Payable-Through Account Sanctions (CAPTA List).

[iv] The US government also maintains other restricted party lists such as the BIS Entity List, Denied Persons List and the Unverified List, and the State Department’s Statutory Debarred Parties List, Administrative Debarred Parties List, Nonproliferation Sanctions List, Countering America’s Adversaries Through Sanctions Act of 2017 (CAATSA) Section 231 List (or Section 231 Guidance) and the Cuba Restricted List. 

[v] In addition to the Ukraine/Russia sanctions administered by OFAC, the Bureau of Industry and Security within the Commerce Department maintains a number of sanctions involving Russia including the Russian Industry Sector Sanctions set forth at 15 CFR §746.5, restrictions on dealings with certain Russian parties under 15 CFR §744.10 and restrictions on dealing with military end use and military end users in Russia under 15 CFR §744.21. 

[vi] The scope of these general licenses may very under certain of the sanctions programs. 

[vii] In order for legal counsel to represent an SDN in filing a delisting petition and receiving payment therefor a specific or general OFAC license must be in effect.  Counsel are prohibited from receiving payment from the SDN as well as from family members and other representatives of the SDN unless such licenses are in effect.

[viii] Penalties for violations include civil and criminal penalties.  Criminal penalties are up to twenty years imprisonment, $1,000,000 in financial fines, or both per violation.  Civil penalties are up to the greater of $295,141 or twice the amount of the underlying transaction, per violation.  OFAC has a robust enforcement division which initiates civil enforcement cases.  In addition, the U.S. Justice Department in Washington, D.C. and individual U.S. Attorneys’ offices initiate criminal prosecutions of sanctions violations, sometimes in conjunction with OFAC or independent of the agency.  Judicial review of OFAC determinations is authorized under most of the sanctions programs, but cases are limited.  (See, eg., Epsilon Electronics Inc. v. U.S. Dept. of the Treasury Office of Foreign Assets Control, Et. Al., In the U.S. Court of Appeals for the  District of Columbia Circuit, No. 16-5118, May 26, 2017.). 

[ix] In addition, foreign subsidiaries of U.S. entities are subject to OFAC requirements in certain instances (See for example provisions under the Iran and Cuba sanctions programs). 

[x] Public Law 115-44.

[xi] The concept of “facilitation” by foreign parties in assisting others in sanctions violations is separate from OFAC’s well known doctrine of “facilitation” by U.S. persons in assisting foreign parties in sanctions violations.  See Section 2.D. below.

[xii] See Department of Justice release at: https://www.justice.gov/opa/pr/bnp-paribas-agrees-plead-guilty-and-pay-89-billion-illegally-processing-financial.

[xiii] See Department of Justice release at: https://www.justice.gov/opa/pr/commerzbank-ag-admits-sanctions-and-bank-secrecy-violations-agrees-forfeit-563-million-and

[xiv] In this case, CSE was contracted to supply telecommunications equipment for projects in Iran, and retained numerous non-U.S. vendors to assist on the project.  OFAC alleged that CSE made payments to such vendors through CSE’s U.S. dollar-denominated accounts in non-U.S. financial institutions.  OFAC charged that originating such wire transfers in U.S. dollars violated the Iran Transactions and Sanctions Regulations (“ITSR”).  Specifically, OFAC claimed that by initiating such transfers CSE “caused” at least six financial institutions to engage in unauthorized exports or reexports of financial services from the U.S. to Iran in violation of ITSR §560.204.

[xv] ZTE was alleged to have purchased certain U.S.-origin telecommunications components, incorporated such components into ZTE telecommunications equipment and sold the equipment to Iran.

[xvi] Parties subject to civil enforcement proceedings are entitled to the procedural protections under OFAC’s enforcement regulations and judicial review of adverse determinations, and for criminal prosecutions the constitutional protections for criminal prosecution. 

[xvii] Many of the list-based sanctions programs are focused around such policy goals such as the Counter Narcotics Trafficking Sanctions, Counter Terrorism Sanctions, Cyber-Related Sanctions, Foreign Interference In U.S. Elections Sanctions, Global Magnitsky Sanctions, Noon-Proliferation Sanctions, Rough Diamond Trade Sanctions and Transnational Crime Sanctions.

[xviii] The designations were for human rights violations under the Global Magnitsky Human Rights Accountability Act and Executive Order 13818. 

[xix] See OFAC SDN designation February 15, 2019.

[xx] See OFAC SDN designation November 27, 2018.

[xxi] See OFAC SDN designation November 28, 2018.

[xxii] See OFAC SDN designation November 27, 2018.

[xxiii] See OFAC SDN designation August 17, 2018.

[xxiv] The 38 parties were designated under Executive Orders 13661 and 13662 pursuant to CAATSA as well as Executive Order 13582, following the Treasury Department’s issuance of the CAATSA Section 241 Report regarding senior foreign political figures and oligarchs in the Russian Federation under CAATSA §231 in January 2018.

[xxv] On December 19, 2018 OFAC submitted its Notification to Congress of its intention to terminate sanctions imposed on United Company Rusal plc, EN+ Group plc and JSC EuroSibEnergo after thirty days as the individual party identified on the SDN List that owned 50% of such entities had restructured his ownership and reduced his holdings in such entities below 50%.  On January 27, 2019 OFAC removed United Company Rusal plc, EN+ Group plc and JSC EuroSibEnergo from the SDN List.

[xxvi] Technically, designation of a party as an SDN does not impose direct legal requirements on the targeted party, rather it imposes obligations on U.S. persons (and possibly other foreign parties) to not engage in transactions with such party and to block such party’s assets. 

[xxvii] This is not a complete list of the U.S. sanctions programs nor the requirements under such programs; a list of the OFAC sanctions programs in effect on the date of this article is in Exhibit A.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Williams Mullen | Attorney Advertising

Written by:

Williams Mullen

Williams Mullen on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide

JD Supra Privacy Policy

Updated: May 25, 2018:

JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.

This Privacy Policy describes how JD Supra, LLC ("JD Supra" or "we," "us," or "our") collects, uses and shares personal data collected from visitors to our website (located at www.jdsupra.com) (our "Website") who view only publicly-available content as well as subscribers to our services (such as our email digests or author tools)(our "Services"). By using our Website and registering for one of our Services, you are agreeing to the terms of this Privacy Policy.

Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the "My Account" dashboard (available if you are logged into your JD Supra account).

Collection of Information

Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account ("Registration Data"), such as your:

  • Email
  • First Name
  • Last Name
  • Company Name
  • Company Industry
  • Title
  • Country

Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.

Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.

Your interactions with our Website and Services: As is true of most websites, we gather certain information automatically. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information to analyze trends, to administer the Website and our Services, to improve the content and performance of our Website and Services, and to track users' movements around the site. We may also link this automatically-collected data to personal information, for example, to inform authors about who has read their articles. Some of this data is collected through information sent by your web browser. We also use cookies and other tracking technologies to collect this information. To learn more about cookies and other tracking technologies that JD Supra may use on our Website and Services please see our "Cookies Guide" page.

How do we use this information?

We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:

  • Operate our Website and Services and publish content;
  • Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
  • Measure readership and usage of the Website and Services;
  • Communicate with you regarding your questions and requests;
  • Authenticate users and to provide for the safety and security of our Website and Services;
  • Conduct research and similar activities to improve our Website and Services; and
  • Comply with our legal and regulatory responsibilities and to enforce our rights.

How is your information shared?

  • Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
  • If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
  • Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
  • Our Website may offer you the opportunity to share information through our Website, such as through Facebook's "Like" or Twitter's "Tweet" button. We offer this functionality to help generate interest in our Website and content and to permit you to recommend content to your contacts. You should be aware that sharing through such functionality may result in information being collected by the applicable social media network and possibly being made publicly available (for example, through a search engine). Any such information collection would be subject to such third party social media network's privacy policy.
  • Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
  • Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.

How We Protect Your Information

JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at privacy@jdsupra.com.

Children's Information

Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.

Information for EU and Swiss Residents

JD Supra's principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.

  • Our Legal Basis for Processing: Generally, we rely on our legitimate interests in order to process your personal information. For example, we rely on this legal ground if we use your personal information to manage your Registration Data and administer our relationship with you; to deliver our Website and Services; understand and improve our Website and Services; report reader analytics to our authors; to personalize your experience on our Website and Services; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. Please see Article 6(1)(f) of the E.U. General Data Protection Regulation ("GDPR") In addition, there may be other situations where other grounds for processing may exist, such as where processing is a result of legal requirements (GDPR Article 6(1)(c)) or for reasons of public interest (GDPR Article 6(1)(e)). Please see the "Your Rights" section of this Privacy Policy immediately below for more information about how you may request that we limit or refrain from processing your personal information.
  • Your Rights
    • Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
    • Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
    • Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.

You can make a request to exercise any of these rights by emailing us at privacy@jdsupra.com or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

You can also manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard.

We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use "automatic decision making" or "profiling" as those terms are defined in the GDPR.

  • Timeframe for retaining your personal information: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. For example, if you are an author, your personal information may continue to be published in connection with your article indefinitely. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • Onward Transfer to Third Parties: As noted in the "How We Share Your Data" Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can make a request for this information by emailing us at privacy@jdsupra.com or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.

Access/Correct/Update/Delete Personal Information

For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to privacy@jdsupra.com. We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to privacy@jdsupra.com.

Changes in Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our Privacy Policy will become effective upon posting of the revised policy on the Website. By continuing to use our Website and Services following such changes, you will be deemed to have agreed to such changes.

Contacting JD Supra

If you have any questions about this Privacy Policy, the practices of this site, your dealings with our Website or Services, or if you would like to change any of the information you have provided to us, please contact us at: privacy@jdsupra.com.

JD Supra Cookie Guide

As with many websites, JD Supra's website (located at www.jdsupra.com) (our "Website") and our services (such as our email article digests)(our "Services") use a standard technology called a "cookie" and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.

How We Use Cookies and Other Tracking Technologies

We use cookies and other tracking technologies to:

  1. Improve the user experience on our Website and Services;
  2. Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user's login session and requires a valid username and password to obtain. It is required to access the user's profile information, subscriptions, and analytics;
  3. Track anonymous site usage; and
  4. Permit connectivity with social media networks to permit content sharing.

There are different types of cookies and other technologies used our Website, notably:

  • "Session cookies" - These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
  • "Persistent cookies" - These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
  • "Web Beacons/Pixels" - Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.

JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:

  • HubSpot - For more information about HubSpot cookies, please visit legal.hubspot.com/privacy-policy.
  • New Relic - For more information on New Relic cookies, please visit www.newrelic.com/privacy.
  • Google Analytics - For more information on Google Analytics cookies, visit www.google.com/policies. To opt-out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout. This will allow you to download and install a Google Analytics cookie-free web browser.

Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the "Like," "Tweet," or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.

Controlling and Deleting Cookies

If you would like to change how a browser uses cookies, including blocking or deleting cookies from the JD Supra Website and Services you can do so by changing the settings in your web browser. To control cookies, most browsers allow you to either accept or reject all cookies, only accept certain types of cookies, or prompt you every time a site wishes to save a cookie. It's also easy to delete cookies that are already saved on your device by a browser.

The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser's "Help" function or alternatively, you can visit http://www.aboutcookies.org which explains, step-by-step, how to control and delete cookies in most browsers.

Updates to This Policy

We may update this cookie policy and our Privacy Policy from time-to-time, particularly as technology changes. You can always check this page for the latest version. We may also notify you of changes to our privacy policy by email.

Contacting JD Supra

If you have any questions about how we use cookies and other tracking technologies, please contact us at: privacy@jdsupra.com.

- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.