On August 20, 2021, President Biden signed a new Executive Order to further implement sanctions provided under the Protecting Europe’s Energy Security Act (“PEESA”) of 2019.  PEESA, which was enacted earlier this year, requires the State Department to issue a periodic report naming parties involved in the construction certain Russian energy export pipelines.  Last week’s E.O. authorizes sanctions on any person named in that report, subject to certain exceptions, and directs the Treasury and the State Departments to issue rules to implement those sanctions.

As background, PEESA directs the State Department, in consultation with the Treasury Department, to identify (1) vessels engaged in certain pipe-laying activities for the Nord Stream 2 and Turkstream pipeline projects, as well as any successor projects; and, (2) foreign persons that knowingly facilitated those projects who:

  • sold, leased, or provided, or facilitated selling, leasing, or providing, those vessels for the construction of such a project;
  • facilitated deceptive or structured transactions to provide those vessels for the construction of such a project;
  • provided for those vessels underwriting services or insurance or reinsurance necessary or essential for the completion of such a project;
  • provided services or facilities for technology upgrades or installation of welding equipment for, or retrofitting or tethering of, those vessels if the services or facilities are necessary or essential for the completion of such a project; or
  • provided services for the testing, inspection, or certification necessary or essential for the completion or operation of the Nord Stream 2 pipeline.

The State Department issued its first PEESA report in May and another report in tandem with the new E.O.  As a result, the Biden Administration sanctioned seven persons and identified 16 of their vessels as blocked property in connection with the Nord Stream 2 project.  However, the State Department identified but waived penalties on Nord Stream 2 AG and its chief executive for national security reasons.

Companies that service vessels and operate in the Russian energy sector should carefully review PEESA, the new E.O., and an OFAC general license that narrowly authorizes certain dealings with Russia’s Federal State Budgetary Institution Marine Rescue Service.  It is possible that the Biden Administration may take further action to oppose the construction of energy pipelines, like Nord Stream 2, and target entities and individuals that are involved in their construction.

Today, President Biden issued an Executive Order (E.O.) authorizing the imposition of additional sanctions on the Government of Belarus and a number of key sectors of the Belarusian economy in coordination with the United Kingdom and Canada, which also expanded sanctions on Belarus.  The E.O. authorizes the Office of Foreign Assets Control (OFAC) to impose sanctions on parties that are a part of the “Government of Belarus,” any entities owned or controlled by the government, and entities operating in the security, energy, potassium chloride (potash), tobacco, construction, or transportation sectors of the Belarusian economy, among others.

Pursuant to the new E.O. and existing authorities, OFAC added 23 individuals and 21 entities to its List of Specially Designated Nationals (SDN List) today, broadly prohibiting U.S. persons from conducting business with the newly sanctioned parties and freezing any sanctioned party property subject to U.S. jurisdiction.  Among others, OFAC targeted Belarusian oligarchs Mikalai Varabei and Aliaksey Aleksin and the Serbia-based Karic family and their holdings in Belarus.  Companies associated with these parties include significant players in the Belarusian energy, cargo, and tobacco industries.  OFAC also designated Belaruskali OAO, a major producer of potash, Grodno Tobacco Factory Neman, and several directors of other previously sanctioned state-owned enterprise.  Limited transactions necessary to wind down existing business with Belaruskali OAO are authorized until December 8, 2021, pursuant to a general license issued by OFAC.  Today’s action also includes sanctions on individuals and entities involved in human rights abuses, the suppression of peaceful protestors, and the diversion of Ryanair flight 4978.

Companies doing business in Belarus should closely review these developments and any dealings with the newly sanctioned parties or any entities majority owned by the new SDNs, which may now be prohibited.  Further sanctions targeting state-owned enterprises, the Belarusian government, and the other sectors identified in today’s E.O. are possible.

On July 23, 2021, the Office of Foreign Assets Control (“OFAC”) announced a settlement agreement with online money transmitter Payoneer Inc. (“Payoneer” or the “company”) for processing online transactions on behalf of persons in sanctioned jurisdictions and persons on OFAC’s  Specially Designated Nationals (“SDN”) List.  The case is the latest in a string of OFAC enforcement actions targeting online services and commerce, and once again highlights the agency’s compliance expectations for the sector.

The Facts

Over a five-year period, Payoneer processed 2,241 payments for parties located in sanctioned jurisdictions and 19 payments on behalf SDNs.  Although Payoneer’s written policies and procedures prohibited transactions with parties in sanctioned locations and SDNs, the company failed to implement controls to ensure compliance with those requirements.  Payonner’s auditing and testing systems also failed to identify the gap between compliance program requirements and how the company’s systems were actually operating.  OFAC called out Payoneer’s failure to “exercise a minimal degree of caution or care” in its compliance program and knowledge that its users were located in sanctioned jurisdictions as “aggravating factors.”  OFAC also determined that only 19 of the violations were voluntarily self-disclosed.  However, the company took substantial remedial measures that led OFAC to reduce the ultimate the penalty amount from a base penalty amount of $3.9 million to approximately $1.4 million.

Lessons Learned

The case highlights a number of compliance lessons for digital payments companies, online service providers, and others:

  • IP address screening (again): As with other recent enforcement actions targeting online commerce (including those involving BitGo and Amazon), OFAC cited Payoneer’s failure to use IP address geolocation data to identify users in sanctioned jurisdictions.  While IP address information is not always reliable, this and other cases make clear that OFAC expects companies to consider IP addresses when screening accounts for users in sanctioned jurisdictions.
  • The power of unique identifiers: OFAC cited Payoneer for failing to screen Business Identifier Codes (BICs) where those codes were collected from customers and were included in SDN entries.  Matches to BICs and other unique identifiers, like ID numbers, are strong indicators of a potential true match to a sanctioned party, and should be incorporated into sanctions screening algorithms.
  • Use the data you collect: Payoneer also failed to consider other “common indicators” of a person’s location, including billing and shipping addresses and copies of identification issued by sanctioned jurisdictions.  The lesson?  If you collect data about a user’s identity or location for business reasons, you need to be considering that data for sanctions compliance purposes too.
  • No de minimis exception: The average value of the transactions in this case was only about $355.  Even relatively small value transactions can generate substantial OFAC liability, particularly in cases like this one, where there were repeated potential violations over a long period of time.
  • Maintain holds: OFAC cited Payoneer for allowing transactions with sanctions alerts to be automatically released during “backlog periods.”  If you have a potential match to a sanctions list, it is important to implement and maintain a transaction hold on that account until that alert is properly reviewed and cleared.
  • Testing and auditing: Testing and auditing are important elements of any successful compliance program.  A robust testing and auditing program should examine whether procedures are sufficient to address compliance risks and whether those procedures are being implemented as intended in the real world.  OFAC noted the company’s enhancements to its testing and auditing programs as important remedial measures, including retraining all compliance employees and hiring positions focused on testing.  If Payoneer had those functions in place earlier, it’s possible the company could have avoided a costly enforcement proceeding.

Please contact our sanctions and export control team with any questions about designing, testing, or enhancing your sanctions compliance program.

On July 6, 2021, U.S. Customs and Border Protection (CBP) published a notice of proposed rulemaking (NPRM) that would change to the agency’s approach in determining the country of origin for goods imported from Canada and Mexico into the United States.

Currently, a product imported into the United States from Canada or Mexico can have two “countries of origin” for customs purposes.  Goods imported from Canada and Mexico have to be marked as a Product of Canada or Product of Mexico, pursuant to the application of the so-called NAFTA marking rules.  However, those same goods may be treated as a product of a different country for purposes of the application of supplemental tariffs (e.g., Section 301 tariffs on goods from China) or government procurement.  This can lead to some strange results—for example, in one case, goods imported from Mexico were marked “Product of Mexico” but subject to the Section 301 tariffs imposed on products of China.  See, e.g., Headquarters Ruling Letter HQ H301619 (Nov. 6, 2018).

Under CBP’s proposed amendment, the current NAFTA marking rules would apply for all non-preferential purposes for goods from Canada and Mexico (e.g., admissibility determinations, administering quotas, government procurement contracts, and Section 301 duty assessment).  This change would, in theory, reduce burdens on importers who previously were required to comply with two different sets of rules on the same merchandise, and would avoid the strange result of two different countries of origin applicable to the same goods.  The actual commercial impact on any given company or product may vary and will be highly fact dependent.  Companies reliant on imports from Canada and Mexico should carefully consider the impact of the proposed rule change on their import activity, and may wish to comment on the NPRM before the Thursday, August 5, 2021 deadline.

CBP’s Country of Origin Determinations

For U.S. imports from all jurisdictions other than Canada and Mexico, CBP uses the “substantial transformation” test to determine the country of origin for all non-preferential purposes (including marking the product and completing the customs declaration).  The substantial transformation test involves a fact-specific examination, influenced by judicial and administrative precedent, of where the imported article was last transformed into a new and different article of commerce with a different name, character and use distinct from its constituent components.

For goods from Canada and Mexico, the NAFTA marking rules prescribe an objective set of rules for determining country of origin by comparing the tariff classification of imported components used to produce the finished goods and the tariff classification of the finished goods.  When the final manufacturing operation accomplishes the specified “shift” in tariff classification, the marking rules are satisfied.

While the substantial transformation test is somewhat subjective, it has been historically favored by the trade.  The importing community strongly resisted a proposal by CBP in 2008 to replace the substantial transformation test with tariff-shift rules for all non-preferential purposes.  Importers expressed a preference for the subjective test that is flexible in its application.

CBP seems to be reasoning that, in the wake of the “strange result” rulings treating goods marked as a Product of Mexico as subject to the Section 301 tariffs on goods from China, the importing community’s appetite for the objective rules may have evolved.

Considerations for Companies Importing from Canada and Mexico

Unifying the country of origin test for all non-preferential purposes in North America could reduce administrative burdens, but the actual financial impact will vary depending on the facts.  Companies affected by the rule change should consider submitting comments.  The deadline is Thursday, August 5, 2021.

On July 13, 2021, the U.S. Departments of Commerce, State, Treasury, Commerce and Homeland Security and the Office of the U.S. Trade Representative issued an updated Advisory on supply-chain risks for U.S. businesses whose business activities may be implicated by human rights concerns related to forced labor in and outside of Xinjiang, China.

The updated Advisory, which echoes the State Department’s annual report on genocide, declares that the Chinese government is committing genocide and crimes against humanity.  Given the gravity and extent of these abuses, the updated Advisory notes that “businesses and individuals that do not exit supply chains, ventures, and/or investments connected to Xinjiang could run a high risk of violating U.S. law.”  This warning suggests that the U.S. government is likely to take further action against companies and products with ties to Xinjiang.

In the interim, the updated Advisory encourages business, including financial institutions to undertake heighted due diligence to identify potential supply chain or other linkages to Xinjiang and forced labor.  However, the updated Advisory, like the original, cautions against relying on third-party audits alone and encourages collaboration with industry groups to share information on risks in the region.

The updated Advisory particularly urges caution with respect to the following sectors that have been identified as using forced labor: Agriculture (including such products as raw cotton, hami melons, korla pears, tomato products, and garlic); Cell Phones; Cleaning Supplies; Construction; Cotton Yarn, Cotton Fabric, Ginning, Spinning Mills, and Cotton Products; Electronics Assembly; Extractives (including coal, copper, hydrocarbons, oil, uranium, and zinc); Fake Hair and Human Hair Wigs, Hair Accessories; Food Processing Factories; Footwear; Gloves; Hospitality Services; Metallurgical grade silicon; Noodles; Printing Products; Renewable Energy (polysilicon, ingots, wafers, crystalline silicon solar cells, crystalline silicon solar photovoltaic modules); Stevia; Sugar; Textiles (including such products as apparel, bedding, carpets, wool); and Toys.

Risks of doing business with companies implicated in Xinjiang-related human rights abuses is not limited to supply chains and inbound merchandise.  For example, the United States has imposed a variety of sanctions on Chinese companies involved in human rights abuses in Xinjiang, including technology companies that provide the digital infrastructure necessary for mass surveillance in the region.  These measures broadly prohibit U.S. and non-U.S. companies from exporting or transferring U.S.-origin goods, software, and technology to the sanctioned parties.

The updated Advisory is the latest indication that human right concerns will play a central role in the Biden Administration’s approach to China.  U.S. businesses should carefully review the updated Advisory in detail and consider their legal and reputational exposure to Xinjiang-related risks with respect to existing relationships and future transactions.

Yesterday, the Bureau of Industry and Security (BIS) of the U.S. Department of Commerce added 14 companies based in China and 20 companies located elsewhere to the U.S. Entity List.  According to BIS, the Chinese companies are involved in China’s “campaign of repression, mass detention and high-technology surveillance” against Uyghur and other minorities in Xinjiang.  Five other entities were added for directly supporting the Chinese military.  The remaining 15 entities were added to the list for facilitating shipments to Iran and Russia.  All 34 are involved in the technology sector.  The move escalates U.S. trade restrictions on China in response to human rights abuses and cracks down on companies violating export regulations on Iran and Russia.

Under the new rule, U.S and non-U.S. exporters are generally prohibited from transferring goods, software, or technology subject to the U.S. Export Administration Regulations (EAR) to listed entities without first obtaining a U.S. export license.  License applications involving exports or transfers to most listed companies will face a presumption of denial.

Companies doing business with the listed parties should carefully review whether these rules apply to their operations and implement controls to prevent exports, re-exports, or transfers of items to listed entities, unless licensed by BIS.

Yesterday, the U.S. Office of Foreign Assets Control (OFAC) sanctioned several Belarusian individuals and entities, including the State Security Committee of the Republic of Belarus (the Belarusian KGB), in response to the Lukashenka regime’s escalating violence and repression.  (The full list of changes to the Specially Designated Nationals (SDN) and Blocked Persons List is available here).

OFAC also issued Belarus General License 3 (GL 3) to ensure that U.S. persons engaging in legal business activities in Belarus are able to interact with the Belarusian KGB in its administrative capacity.  Specifically, GL 3 authorizes U.S. persons to engage in certain activities that are ordinarily incident and necessary to requesting, receiving, utilizing, paying for, or dealing in licenses, permits, certifications, or notifications issued or registered by the Belarusian KGB for the importation, distribution, or use of information technology products in Belarus, provided that any exports of items subject to U.S. export controls are properly licensed and payments of fees to the Belarusian KGB do not exceed 5,000 in any calendar year.  GL 3 also authorizes U.S. persons to comply with law enforcement, administrative actions, and investigations involving the Belarusian KGB and with rules and regulations administered by the Belarusian KGB.

Companies that do business in Belarus should carefully review the new additions to the SDN List and ensure that GL 3 covers any required dealings with the Belarusian KGB.  GL 3 does not authorize most exports of items to the Belarusian KGB or the transfer of blocked property.


Last week, the U.S. Department of Commerce removed the United Arab Emirates (“UAE”)  from its list of countries boycotting Israel in response to the formal termination of the UAE’s participation in the Arab League boycott of Israel.

Under Commerce’s updated rules, a request for information, action, or agreement from the UAE made after August 16, 2020 is no longer presumed to be boycott-related and, consequently, is not prohibited or reportable unless the request is facially boycott-related.  For example, if a UAE company requests that a U.S. company provide information on the nationality of its board members, that request is no longer presumed to be boycott-related – the U.S. company may respond to the request and does not need to report the receipt of the request to Commerce.  In contrast, if a request from the UAE (or any other country) references “blacklisted companies,” “Israel boycott list,” “non-Israeli goods,” or other phrases indicating a boycott purpose, compliance with that request generally remains prohibited and the request must be reported to the Commerce Department.  The updates to Commerce’s rules followed a similar change to the Treasury Department’s antiboycott regulations, which reduced reporting obligations related to the UAE for U.S. taxpayers.

While these updates represent a liberalization of U.S. antiboycott rules applicable to the UAE, U.S. companies and taxpayers must remain vigilant for requests that are facially boycott-related from the UAE and other countries, even if the countries do not officially participate in the Arab League boycott of Israel.

Please feel free to contact our Export Controls & Economic Sanctions team with any questions about compliance with U.S. antiboycott regulations.


Yesterday, President Biden signed an Executive Order (“E.O.”) that formally revokes and replaces three earlier E.O.s that aimed to restrict transactions with TikTok, WeChat, and other communications and Fintech applications and provides a new framework to address security concerns related to the information and communications technology and services (“ICTS”) supply chain.  The new E.O. was issued pursuant to the ongoing national emergency declared in the 2019 E.O. 13873 regarding ICTS in the United States that are controlled by persons within the jurisdiction of a “foreign adversary,” including China.

The new E.O. resets the U.S. government’s approach to ICTS by ordering a review of the national security threats posed by software applications that collect Americans’ sensitive personal and business data and by foreign adversaries’ access to large repositories of U.S. person data.  New restrictions are likely following that review, and companies that rely on software applications owned or managed by companies linked to China or other potential foreign adversaries, should closely watch developments in this space.

New reports on “unacceptable or undue risks” posed by foreign adversary-connected applications

The E.O. directs the Directors of National Intelligence and Homeland Security to provide threat and vulnerability assessments to the Secretary of Commerce.  In turn, the Commerce Department will draft two reports on foreign adversary-connected software, defined as software that has the ability to collect, process, or transmit data over the internet.  The reports will recommend actions to protect against harm from the sale of, transfer of, or access to U.S. persons’ sensitive data, including personally identifiable information, personal health information, and genetic information.  In addition, the Commerce Department will recommend additional actions to address risks associated with software applications that are designed, developed, manufactured, or supplied by persons owned or controlled by, or subject to the jurisdiction or direction of, a foreign adversary.

Several criteria indicate national security risk of ICTS applications

Building on the criteria to assess national security threats listed in E.O. 13873, the new E.O. lists several factors that will be considered when evaluating the risks posed by foreign adversary-connected software, including:

  • ownership, control, or management by persons that support a foreign adversary’s military, intelligence, or proliferation activities;
  • use of the connected software applications to conduct surveillance that enables espionage, including through a foreign adversary’s access to sensitive or confidential government or business information, or sensitive personal data;
  • ownership, control, or management of connected software applications by persons subject to coercion or cooption by a foreign adversary;
  • ownership, control, or management of connected software applications by persons involved in malicious cyber activities;
  • a lack of thorough and reliable third-party auditing of connected software applications;
  • the scope and sensitivity of the data collected; the number and sensitivity of the users of the connected software application; and
  • the extent to which identified risks have been or can be addressed by independently verifiable measures.

Consistent with other recent Biden Administration actions targeting China, the E.O. notes that the U.S. government may impose consequences on non-U.S. persons who own, control, or manage connected software applications that engage in serious human rights abuse or otherwise facilitate such abuse.

These criteria will inform the U.S. government’s decision-making framework to adopt a “rigorous, evidence-based” analysis to address risks posed by ICTS transactions involving foreign adversary-connected software.

Further action on ICTS applications likely

Although yesterday’s E.O. rescinds the previous E.O.s dealing with Chinese mobile applications, new restrictions on Chinese and other software that collect large amounts of sensitive U.S. person data are likely to flow from the Commerce Department’s forthcoming report and recommendations, which are expected within 180 days.  Furthermore, the E.O. provides the Commerce Department with authority to restrict transactions and business activities that may:

  • Pose a risk of sabotage or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of ICTS in the United States;
  • Pose a risk of catastrophic effects on the security or resiliency of the critical infrastructure or digital economy of the United States; or
  • Otherwise pose an unacceptable risk to the national security of the United States or the security and safety of United States persons.

Our Export Controls and Sanctions team will be actively monitoring for any developments.

Yesterday morning, June 8, 2021, the Biden-Harris administration released a report including factual findings and recommendations concerning four critical supply chains.  The full 250-page report is available here and a White House fact sheet summarizing key findings and recommendations is available here.

The report stems from President Biden’s Executive Order 14017 (“EO 14017”), which established a wide-ranging whole-government evaluation of America’s supply chains.  The report and recommendation released today concerns 100-day reviews involving four specific supply chains:

  • semiconductors and advanced packaging;
  • high-capacity batteries;
  • critical minerals and other identified strategic materials; and
  • active pharmaceutical ingredients.

A few major themes can be gleaned from the report:

Trade Enforcement: A recurring theme throughout the document relates to the use of the trade enforcement toolkit, including the establishment of a U.S. Trade Representative-led trade strike force, to identify unfair foreign trade practices that have eroded U.S. critical supply chains and to recommend trade actions to address such practices. The report also specifically recommends a potential Section 232 investigation of neodymium permanent magnets, suggesting that the Biden Administration may use Section 232 as a vehicle to address critical supply chain issues, albeit in a more traditional national security context.

Global Nature of Supply Chains: While many of the reports’ recommendations focus on expanding domestic production and labor, the report also acknowledges the need for global supply chains, and the need to work with partners and allies to achieve resilient supply chains.

Leveraging the Government’s Purchasing Power:  The report proposes a number of ways the government can leverage its position as a buyer of critical materials to address supply chain concerns.  This includes purchasing materials from domestic sources but also developing standards that foreign materials must meet.  The report also suggests a strengthening of the National Defense Stockpile and the use of the Defense Production Act program as additional ways of addressing supply chain deficiencies.

Financing/Investment: A systemic lack of financing and a long-term shortfall in investments are identified as a key themes throughout the report.  The report makes several financing recommendations that may present domestic and foreign producers with opportunities to expand production capabilities domestically and also abroad.

Sustainability: Sustainability is a key theme throughout the report, both from developing sustainable production in the U.S., sourcing materials produced sustainably abroad, and encouraging allies and partners and partners to develop sustainable supply chains.

Labor: The report identifies a shortage of skilled labor as a significant supply chain issue and recommends investing in training and development programs to ensure the U.S. labor market can meet manufacturing needs.

The administration is also conducting year-long based supply chain reviews of the following six sectors:

  • defense industrial base;
  • public health and biological preparedness industrial base;
  • information and communications technology (ICT) industrial base;
  • energy sector industrial base;
  • transportation industrial base; and
  • agricultural commodities and food products.

Industry participants should be aware of additional opportunities to engage in shaping the administration’s policies through these reviews in the coming months.