Category Archives: Sanctions

FinCEN and SEC Move Closer to New AML Requirements for Investment Advisers & ERAs

by Joel M. Cohen, Claudette Druehl, Marietou Diouf, Tami Stark, Prat Vallabhaneni, and Robert DeNault

Photos of the authors

Top: Joel M. Cohen, Claudette Druehl, and Marietou Diouf
Bottom: Tami Stark, Prat Vallabhaneni, and Robert DeNault
(Photos courtesy of White & Case LLP)

On May 13, 2024, FinCEN and the SEC jointly proposed a new rule that would require SEC-registered investment advisers and exempt reporting advisers to maintain written customer identification programs (CIPs).  The new rule supplements a proposal in February to impose requirements on investment advisers similar to those that have existed for broker-dealers since 2001, as a means to address illicit finance and national security threats in the asset management industry.

For investment advisers who do not currently have an AML/CFT program, this compliance obligation will create a large shift in the way they operate.  This will require significant legal time and attention, but it will be time well spent considering potential regulatory exposure and likely indemnification obligations which flow through commercial agreements in favor of counterparties.

Continue reading

New U.S. Law Extends Statute of Limitations for Sanctions Violations and Enhances Regulatory and Enforcement Focus on National Security Priorities

by Anthony Lewis, Eric Kadel Jr., Sharon Cohen Levin, Craig Jones, Adam Szubin, Amanda Houle, and Bailey Springer

Photos of the authors

Top: Anthony Lewis, Eric Kadel Jr., and Sharon Cohen Levin
Bottom: Craig Jones, Adam Szubin, and Amanda Houle
(Photos courtesy of Sullivan & Cromwell LLP)

Statute Doubles the Statute of Limitations for Sanctions Violations, Expands the Scope of Sanctions Programs, and Focuses on China’s Technology Procurement, Iranian Petroleum Trafficking, and Fentanyl Production

Summary

On April 24, President Biden signed into law H.R. 815, a sweeping national security legislative package that—in addition to providing foreign aid funding for Ukraine, Israel, and Taiwan—includes the 21st Century Peace Through Strength Act, which contains a number of provisions implementing the Biden administration’s national security priorities. As summarized below, provisions of the Act align with U.S. authorities’ continued focus on China and emphasis on sanctions enforcement. In particular, the Act:

  • Doubles the statute of limitations for civil and criminal violations of U.S. sanctions programs from five to 10 years—raising questions about retroactive application of the statute and whether authorities will amend current rules on corporate record-keeping practices;
  • Requires additional agency reports to Congress, reflecting a focus on U.S. investments in, and supply-chain contributions to, the development of sensitive technologies used by China—a topic that has likewise been the recent focus of the Department of Justice and the Department of Commerce;
  • Targets the Chinese government’s alleged evasion of U.S. sanctions on Iranian petroleum products and involvement in related financial transactions by directing the imposition of sanctions; and
  • Directs the President to impose sanctions aimed at curbing China’s alleged involvement in fentanyl trafficking and calls for forthcoming guidance for financial institutions in filing related SARs.

Continue reading

A Whole New National Security Ballgame: Key Practical Takeaways for Export Control Compliance from the 2024 BIS Update Conference

by Brent Carlson and Michael Huneke

Photos of the authors.

From left to right: Brent Carlson and Michael Huneke (Photos courtesy of authors)

On March 27–29, 2024, the U.S. Department of Commerce’s Bureau of Industry & Security (“BIS”) hosted an Update Conference on Export Controls & Policy. The event was a major outreach effort by the U.S. government. Nearly 100 BIS and other U.S. agency officials engaged with 1,200 attendees over three days.

As was appropriate for an event coinciding with Opening Day of the U.S. Major League Baseball season, BIS officials emphasized that they—and those they regulate—are playing a whole new national security ballgame. This theme ran through every topic. It also drives the key practical takeaways that we highlight below for in-house compliance professionals assessing evasion and diversion risks and responding to reports of the same—particularly reports that some U.S. companies recently received directly from the U.S. government. Continue reading

Executive Order Prohibits Transfer of Sensitive Personal Data to “Countries of Concern”

by Patrick J. Austin and John Pilch

Photos of authors

From the left to right: Patrick J. Austin and John Pilch

On February 28, 2024, U.S. President Joe Biden issued Executive Order on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern (EO), which authorizes the U.S. Attorney General to restrict large-scale transfers of personal data to “countries of concern.” The “countries of concern” identified in the EO include China (along with Hong Kong and Macau), Russia, Iran, North Korea, Cuba and Venezuela, according to a summary issued by the White House.

Continue reading

Monitoring What Matters: A Fresh Look Proposal to Government and Industry for How Post-Resolution Oversight Can Best Deny Hostile Actors the Means to Cause Deadly Harm

by Brent Carlson and Michael Huneke

Photos of the authors.

From left to right: Brent Carlson and Michael Huneke (Photos courtesy of authors)

U.S. economic sanctions and export controls serve a wide range of national security interests. When hostile actors rely on U.S.-designed or -manufactured components in weapons used in fatal attacks on U.S. and coalition military personnel and civilian populations, there is an acute need to quickly identify the illicit trade flows and stop those components from reaching the battlefield. Continue reading

EU AI Act Will Be World’s First Comprehensive AI Law

by Beth Burgin Waller, Patrick J. Austin, and Ross Broudy

Photos of authors

Left to right: Beth Burgin Waller, Patrick J. Austin, and Ross Broudy (photos courtesy of Woods Rogers Vandeventer Black PLC)

On March 13, 2024, the European Union’s parliament formally approved the EU AI Act, making it the world’s first major set of regulatory ground rules to govern generative artificial intelligence (AI) technology. The EU AI Act, after passing final checks and receiving endorsement from the European Council, is expected to become law in spring 2024, likely May or June.

The EU AI Act will have a phased-in approach. For example, regulations governing providers of generative AI systems are expected to go into effect one year after the regulation becomes law, while prohibitions on AI systems posing an “unacceptable risk” to the health, safety, or fundamental rights of the public will go into effect six months after the implementation date. The complete set of regulations in the EU AI Act are expected to be in force by mid-2026.

Continue reading

Department of Commerce, Department of the Treasury, and Department of Justice Tri-Seal Compliance Note: Obligations of foreign-based persons to comply with U.S. sanctions and export control laws

by the Department of Commerce, Department of the Treasury, and Department of Justice

Photos of authors

OVERVIEW

Today’s increasingly interconnected global marketplace offers unprecedented opportunities for companies around the world to trade with the United States and one another, contributing to economic growth. At the same time, malign regimes and other bad actors may attempt to misuse the commercial and financial channels that facilitate foreign trade to acquire goods, technology, and services that risk undermining U.S. national security and foreign policy and that challenge global peace and prosperity. In response to such risks, the United States has put in place robust sanctions and export controls to restrict the ability of sanctioned actors to misuse the U.S. financial and commercial system in advance of malign activities.

These measures can create legal exposure not only for U.S. persons, but also for non-U.S. companies who continue to engage with sanctioned jurisdictions or persons in violation of applicable laws. To mitigate the risks of non-compliance, companies outside of the United States should be aware of how their activities may implicate U.S. sanctions and export control laws. This Note highlights the applicability of U.S. sanctions and export control laws to persons and entities located abroad, as well as the enforcement mechanisms that are available for the U.S. government to hold non-U.S. persons accountable for violations of such laws, including criminal prosecution. It further provides an overview of compliance considerations for non-U.S. companies and compliance measures to help mitigate their risk.

Continue reading

“Expect Some Illumination”: A Fresh Look at U.S. Congressional Hearings in the Era of Sanctions and Export Controls as the New FCPA

by Brent Carlson and Michael Huneke

Photos of the authors.

From left to right: Brent Carlson and Michael Huneke (Photos courtesy of authors)

The 118th U.S. Congress has taken an active and bipartisan interest in U.S. sanctions and export controls. With reports that U.S. executives have been asked to testify before the U.S. House Select Committee on the Chinese Communist Party[1] and recent hearings before a U.S. Senate subcommittee previewing further questions for both companies and regulators,[2] U.S. companies whose products might require a license for export to China or that might be found in Russian or Iranian weapons should prepare for congressional scrutiny—and congressional pressure on the U.S. Executive Branch departments to deliver enforcement results. Continue reading

President Biden Issues Executive Order Granting Authorities to Regulate the Transfer of Sensitive U.S. Data to Countries of National Security Concern

by Eric J. Kadel Jr., Sharon Cohen Levin, Nicole Friedlander, Anthony J. Lewis, Andrew J. DeFilippis, Joshua Spiegel, and George L. McMillan

photos of authors

Top left to right: Eric J. Kadel Jr., Sharon Cohen Levin, Nicole Friedlander, Anthony J. Lewis.
Bottom left to right: Andrew J. DeFilippis, Joshua Spiegel and George L. McMillan. (Photos courtesy of Sullivan & Cromwell LLP).

SUMMARY

On February 28, 2024, President Biden issued Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (the “Executive Order”), delegating new authorities to the U.S. Department of Justice (“DOJ”) and other agencies to regulate the transfer of sensitive U.S. data to countries of national security concern. The Executive Order focuses primarily on personal and other sensitive information, such as U.S. persons’ financial information, biometric data, personal health data, geolocation data, and information relating to government personnel and facilities.[1]

Continue reading

Commerce Department Proposes Cybersecurity/AI Reporting and “KYC” Requirements for Certain Cloud Providers

by Robert Stankey, K.C. Halm, Michael T. Borgia, Andrew M. Lewis, and Assaf Ariely

Photos of authors

Left to right: Robert Stankey, K.C. Halm, Michael T. Borgia, Andrew M. Lewis, and Assaf Ariely (photos courtesy of Davis Wright Tremaine LLP)

IaaS providers would need to verify foreign users’ identities (aka “know your customer”) and report certain AI model training activities under the proposed rules

The U.S. Department of Commerce’s (“Commerce”) Bureau of Industry and Security (“BIS”) has issued a proposed rule (the “Proposed Rule”) that would impose significant diligence, reporting, and recordkeeping requirements on U.S. providers of Infrastructure as a Service (IaaS) and their foreign resellers. IaaS is generally considered to be a cloud computing model that provides users with remote access to servers, storage, networking, and virtualization.

The Proposed Rule would require U.S. IaaS providers to:

  • Implement and maintain a “Customer Identification Program” (CIP), which must include detailed know-your-customer (KYC) procedures for identifying and reporting foreign customers to Commerce; and
  • Report transactions involving foreign persons that “could result in the training of a large AI model with potential capabilities that could be used in malicious cyber-enabled activity.”

Continue reading