Photo courtesy of the author
Export controls have been around for decades, but the pace of change has accelerated dramatically in recent years propelled by powerful geopolitical and national security drivers. The US Department of Justice (“DOJ”) has made it clear that sanctions and export controls constitute a new top enforcement priority.[1] With twenty-five new dedicated prosecutors on the DOJ roster, increasingly it will not just be the Department of Commerce’s Bureau of Industry and Security (“BIS”) knocking on the door anymore.
The rapid pace of change has left many companies struggling to catch up with new risk management challenges. Certain assumptions and practices around export controls, which may have been widely accepted in the past, have become not only obsolete but increasingly landmines leading to disastrous potential criminal liability.
In addition to administrative penalties which are on the rise, the criminal penalties are steep, up to one million dollars and twenty years imprisonment per violation.[2] However, by adopting a white collar enforcement perspective to export controls compliance, companies and individuals may avoid creating unnecessary potential criminal liability pitfalls.
Inspur Inspired Events
A recent example involving China-based artificial intelligence (“AI”), cloud computing, and supercomputing company, Inspur Group (“Inspur”), highlights the risks. When BIS added Inspur to the Entity List in March 2023, news media reported a widely perceived loophole in the Export Administration Regulations (“EAR”): US companies could redirect transactions to Inspur’s subsidiaries which were not on the Entity List, thereby avoiding the requirement to apply for an export license.[3] This news prompted a letter from Congress to the Commerce Department.[4]
Here is a recap of events:
- On June 12, 2020, the US Department of Defense made public a list of Chinese companies operating in the US that are tied with China’s military; this list included Inspur.[5]
- On March 6, 2023, the Commerce Department added Inspur Group to the Entity List.[6]
- On March 10, 2023, Bloomberg published “US Races to Close Loophole in Ban on Chinese Server Maker Inspur,” which mentioned Inspur’s inclusion on the Entity List did not include all its subsidiaries which in turn left open a loophole for US companies to continue to sell to Inspur via its subsidiaries not on the Entity List.[7]
- On March 24, 2023, the House Select Committee on the CCP issued a letter to Commerce Secretary Gina Raimondo “to express its frustration” regarding enforcement of the EAR pertaining to Inspur. This letter noted: “Within days of the listing, reporting revealed U.S. technology firms bypassing the restrictions by shipping to Inspur subsidiaries,”[8]
Entity Shifting in the Context of “Knowledge” and “Catch All” Controls
Rather than serve as a loophole to avoid the export license application requirement, the very actions of redirecting transactions to Inspur subsidiaries may have opened the door to potential criminal liability instead. The reason for this is that such practices may demonstrate intent to circumvent the EAR, and intent is the critical element for criminal liability.
The perceived loophole that transactions may proceed with affiliates of companies on the Entity List may stem from a limited view of the following BIS guidance:
“Subsidiaries, parent companies, and sister companies are legally distinct from listed entities. Therefore, the licensing and other obligations imposed on a listed entity by virtue of its being listed do not per se apply to its subsidiaries, parent companies, sister companies, or other legally distinct affiliates that are not listed on the Entity List.”[9]
By just looking at the above excerpt, it may appear that a loophole of shifting from one entity to another (a practice referred to in this article as “entity shifting”) does exist. However, it is worth noting the second part of BIS’s paragraph that immediately follows:
“If, however, such a company, or even an unaffiliated company, acts as an agent, a front, or a shell company for the listed entity in order to facilitate transactions that would not otherwise be permissible with the listed entity, then the company is likely violating, inter alia, General Prohibition 10, EAR section 764.2(b) (causing, aiding, or abetting a violation) and possibly other subsections of 764.2 as well.”[10]
This is where looking at export controls from a white collar enforcement perspective proves critically important. If news media reporting was correct and certain US companies did engage in entity shifting when they learned that Inspur would be added to the Entity List, such acts risk being deemed by a trier of fact (i.e., a judge or jury) as evidence of intent to circumvent the law.
It may be helpful here to examine EAR section 764.2 to analyze this further. Section 764.2(e) “Acting with knowledge of a violation” states (with emphasis added):
“No person may order, buy, remove, conceal, store, use, sell, loan, dispose of, transfer, transport, finance, forward, or otherwise service, in whole or in part, or conduct negotiations, to facilitate such activities with respect to, any item that has been, is being, or is about to be exported, reexported, or transferred (in-country), or that is otherwise subject to the EAR, with knowledge that a violation of ECRA, the EAR, or any order, license, or authorization issued thereunder, has occurred, is about to occur, or is intended to occur in connection with the item.”
Taking this one step further, “knowledge” is defined in Section 772.1 (p. 21) below (with emphasis added):
“Knowledge of a circumstance (the term may be a variant, such as “know,” “reason to know,” or “reason to believe”) includes not only positive knowledge that the circumstance exists or is substantially certain to occur, but also an awareness of a high probability of its existence or future occurrence. Such awareness is inferred from evidence of the conscious disregard of facts known to a person and is also inferred from a person’s willful avoidance of facts.”
Herein lies the rub, and timing of actions is important. If entity shifting occurred once Inspur was added to the Entity List, then engaging in shifting shipments from Inspur Group to one or more of its subsidiaries or affiliates may be deemed to demonstrate “knowledge” and thus intent. In pursuing a perceived loophole one may open pitfalls into potential criminal liability instead.
In addition to the “knowledge” aspects described above, it also remains critically important to remember the “catch all” controls for military end use (including military intelligence and weapons of mass destruction). Here too lies another area where past assumptions become potential liability pitfalls. Many people still view export controls primarily from a technological perspective (i.e., item-based controls) or end-user controls (specifically and often exclusively on the Entity List) when determining whether to apply for a license. This thinking misses critical catch-all provisions. It is important to keep in mind that these provisions also trigger the requirement to apply for an export license. For AI applications in particular the risks are increasingly high.[11]
Furthermore, the definition of a military end user is broad and not limited to specifically listed entities:
The Military End User List is not exhaustive, and,…exporters, reexporters, or transferors must conduct their own due diligence for entities not identified in…the EAR.”[12]
Military end users do not consist only of traditional foreign military organizations, but also may include other foreign national government organizations, state-owned or controlled enterprises, and/or other entities that develop, produce, maintain, or use military items.[13] China’s military-civil fusion policy poses a significant risk in this regard.
Diffusing Potential Ticking Timebombs
Practical steps to avoid potential pitfalls in this new era of export enforcement include the following:
1) Re-Think Your Assumptions on Export Controls
Apply a fresh perspective – a white collar enforcement perspective – to your company’s operations and compliance program policies and procedures. The DOJ will. Pay attention to the strong signals coming out of Washington. Industry sweeps are coming.
2) Re-Evaluate Your Compliance Program
In addition to BIS guidance, The Elements of an Effective Export Compliance Program,[14] make sure your company’s compliance program addresses the “fundamental questions” and other principles delineated in the DOJ’s Evaluation of Corporate Compliance Programs.[15]
3) Re-Assess Your Business Partner Due Diligence
The broad nature of the catch-all controls makes know-your-business-partner screening and due diligence critically important. This is especially so in the context of China’s military-civil fusion policy. The DOJ has made it clear that use of intermediaries to evade sanctions and export controls constitutes a key area of enforcement focus.[16] Know-your-business-partner due diligence typically comprises the weakest link in compliance programs, and the issues go to the essence of the third fundamental question in the DOJ’s compliance guidelines noted above, “Does the corporation’s compliance program work in practice?”
Conclusion
The world has changed. Past assumptions on export controls and perceived loopholes now may create potential criminal liability landmines. Nevertheless, companies and their management teams can stay ahead of the game – and out of the penalty box – by applying a fresh perspective to export controls and taking action accordingly.
Footnotes
[1] Matthew S. Axelrod, “The New Era of Export Enforcement,” NYU Law’s Program on Compliance and Enforcement, (July 18, 2023). https://wp.nyu.edu/compliance_enforcement/2023/07/18/the-new-era-of-export-enforcement/; and US Dept. of Justice, “Deputy Attorney General Lisa Monaco Delivers Remarks at American Bar Association National Institute on White Collar Crime,” (March 2, 2023). https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-monaco-delivers-remarks-american-bar-association-national
[2] Export Control Reform Act of 2018 (50 U.S.C. §§ 4801-4852)
[3] Jenny Leonard and Ian King, “US Races to Close Loophole in Ban on China Tech Firm Inspur,” Bloomberg News, March 9, 2023, https://www.bloomberg.com/news/articles/2023-03-10/us-races-to-close-loophole-in-ban-on-chinese-server-maker-inspur#xj4y7vzkg
[4] US House of Representatives Select Committee on the Chinese Communist Party, “Letter on Inspur [to the US Department of Commerce],” (March 24, 2023). https://selectcommitteeontheccp.house.gov/sites/evo-subsites/selectcommitteeontheccp.house.gov/files/evo-media-document/inspur-letter-3.24-3.pdf
[5] Axios, “Defense Department produces list of Chinese military-linked companies,” June 24, 2020. https://www.axios.com/2020/06/24/defense-department-chinese-military-linked-companies
[6] Federal Register Notice 88 FR 13675. https://www.bis.doc.gov/index.php/documents/regulations-docs/federal-register-notices/federal-register-2023/3245-88-fr-13673/file
[7] Jenny Leonard and Ian King, “US Races to Close Loophole in Ban on China Tech Firm Inspur,” Bloomberg News, March 9, 2023, https://www.bloomberg.com/news/articles/2023-03-10/us-races-to-close-loophole-in-ban-on-chinese-server-maker-inspur#xj4y7vzkg
[8] US House of Representatives Select Committee on the Chinese Communist Party, “Letter on Inspur [to the US Department of Commerce],” (March 24, 2023). https://selectcommitteeontheccp.house.gov/sites/evo-subsites/selectcommitteeontheccp.house.gov/files/evo-media-document/inspur-letter-3.24-3.pdf
[9] US Dept. of Commerce Bureau of Industry and Commerce, Policy Guidance FAQ, “Do the license requirements and policies of the Entity List apply to separately incorporated subsidiaries, partially owned subsidiaries, or sister companies of a listed entity?” https://www.bis.doc.gov/index.php/policy-guidance/faqs#faq_134
[10] Ibid.
[11] Emily S. Weinstein and Kevin Wolf, “For Export Controls on AI, Don’t Forget the ‘Catch-All’ Basics,” Center for Security and Emerging Technology, (August 2, 2023). https://cset.georgetown.edu/article/dont-forget-the-catch-all-basics-ai-export-controls/
[12] US Dept. of Commerce Bureau of Industry and Commerce website: https://www.bis.doc.gov/index.php/policy-guidance/lists-of-parties-of-concern/1770
[13] US Dept. of Commerce Bureau of Industry and Commerce, “2021 MEU FAQ,” (June 26, 2020; Modified on December 8, 2021). https://www.bis.doc.gov/index.php/documents/pdfs/2566-2021-meu-faq
[14] A copy of which may be found at: https://www.bis.doc.gov/index.php/documents/pdfs/1641-ecp/file
[15] The latest update from March 2023 may be found at: https://www.justice.gov/criminal-fraud/page/file/937501/download
[16] US Departments of Justice, Commerce and Treasury Issue, “Tri-Seal Compliance Note: Cracking Down on Third-Party Intermediaries to Evade Russia-Related Sanctions and Export Controls,” (March 2, 2023). https://www.justice.gov/file/1571551/download; and US Department of Commerce, “Know Your Customer Guidance,” BIS website, “Know Your Customer Guidance,” (2020). https://www.bis.doc.gov/index.php?option=com_content&view=article&id=47&catid=23
Brent Carlson has over two decades of experience with China-related investigations and corporate compliance matters and is a director with Berkeley Research Group (brent.carlson@thinkbrg.com). The opinions expressed in this publication are those of the individual author(s). The information provided in the publication is not intended to and does not render legal, accounting, tax, or other professional advice or services.
The views, opinions and positions expressed within all posts are those of the author(s) alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of the New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity or any statements made on this site and will not be liable any errors, omissions or representations. The copyright or this content belongs to the author(s) and any liability with regards to infringement of intellectual property rights remains with the author(s).