On July 23, 2021, the Office of Foreign Assets Control (“OFAC”) announced a settlement agreement with online money transmitter Payoneer Inc. (“Payoneer” or the “company”) for processing online transactions on behalf of persons in sanctioned jurisdictions and persons on OFAC’s  Specially Designated Nationals (“SDN”) List.  The case is the latest in a string of OFAC enforcement actions targeting online services and commerce, and once again highlights the agency’s compliance expectations for the sector.

The Facts

Over a five-year period, Payoneer processed 2,241 payments for parties located in sanctioned jurisdictions and 19 payments on behalf SDNs.  Although Payoneer’s written policies and procedures prohibited transactions with parties in sanctioned locations and SDNs, the company failed to implement controls to ensure compliance with those requirements.  Payonner’s auditing and testing systems also failed to identify the gap between compliance program requirements and how the company’s systems were actually operating.  OFAC called out Payoneer’s failure to “exercise a minimal degree of caution or care” in its compliance program and knowledge that its users were located in sanctioned jurisdictions as “aggravating factors.”  OFAC also determined that only 19 of the violations were voluntarily self-disclosed.  However, the company took substantial remedial measures that led OFAC to reduce the ultimate the penalty amount from a base penalty amount of $3.9 million to approximately $1.4 million.

Lessons Learned

The case highlights a number of compliance lessons for digital payments companies, online service providers, and others:

  • IP address screening (again): As with other recent enforcement actions targeting online commerce (including those involving BitGo and Amazon), OFAC cited Payoneer’s failure to use IP address geolocation data to identify users in sanctioned jurisdictions.  While IP address information is not always reliable, this and other cases make clear that OFAC expects companies to consider IP addresses when screening accounts for users in sanctioned jurisdictions.
  • The power of unique identifiers: OFAC cited Payoneer for failing to screen Business Identifier Codes (BICs) where those codes were collected from customers and were included in SDN entries.  Matches to BICs and other unique identifiers, like ID numbers, are strong indicators of a potential true match to a sanctioned party, and should be incorporated into sanctions screening algorithms.
  • Use the data you collect: Payoneer also failed to consider other “common indicators” of a person’s location, including billing and shipping addresses and copies of identification issued by sanctioned jurisdictions.  The lesson?  If you collect data about a user’s identity or location for business reasons, you need to be considering that data for sanctions compliance purposes too.
  • No de minimis exception: The average value of the transactions in this case was only about $355.  Even relatively small value transactions can generate substantial OFAC liability, particularly in cases like this one, where there were repeated potential violations over a long period of time.
  • Maintain holds: OFAC cited Payoneer for allowing transactions with sanctions alerts to be automatically released during “backlog periods.”  If you have a potential match to a sanctions list, it is important to implement and maintain a transaction hold on that account until that alert is properly reviewed and cleared.
  • Testing and auditing: Testing and auditing are important elements of any successful compliance program.  A robust testing and auditing program should examine whether procedures are sufficient to address compliance risks and whether those procedures are being implemented as intended in the real world.  OFAC noted the company’s enhancements to its testing and auditing programs as important remedial measures, including retraining all compliance employees and hiring positions focused on testing.  If Payoneer had those functions in place earlier, it’s possible the company could have avoided a costly enforcement proceeding.

Please contact our sanctions and export control team with any questions about designing, testing, or enhancing your sanctions compliance program.

On July 6, 2021, U.S. Customs and Border Protection (CBP) published a notice of proposed rulemaking (NPRM) that would change to the agency’s approach in determining the country of origin for goods imported from Canada and Mexico into the United States.

Currently, a product imported into the United States from Canada or Mexico can have two “countries of origin” for customs purposes.  Goods imported from Canada and Mexico have to be marked as a Product of Canada or Product of Mexico, pursuant to the application of the so-called NAFTA marking rules.  However, those same goods may be treated as a product of a different country for purposes of the application of supplemental tariffs (e.g., Section 301 tariffs on goods from China) or government procurement.  This can lead to some strange results—for example, in one case, goods imported from Mexico were marked “Product of Mexico” but subject to the Section 301 tariffs imposed on products of China.  See, e.g., Headquarters Ruling Letter HQ H301619 (Nov. 6, 2018).

Under CBP’s proposed amendment, the current NAFTA marking rules would apply for all non-preferential purposes for goods from Canada and Mexico (e.g., admissibility determinations, administering quotas, government procurement contracts, and Section 301 duty assessment).  This change would, in theory, reduce burdens on importers who previously were required to comply with two different sets of rules on the same merchandise, and would avoid the strange result of two different countries of origin applicable to the same goods.  The actual commercial impact on any given company or product may vary and will be highly fact dependent.  Companies reliant on imports from Canada and Mexico should carefully consider the impact of the proposed rule change on their import activity, and may wish to comment on the NPRM before the Thursday, August 5, 2021 deadline.

CBP’s Country of Origin Determinations

For U.S. imports from all jurisdictions other than Canada and Mexico, CBP uses the “substantial transformation” test to determine the country of origin for all non-preferential purposes (including marking the product and completing the customs declaration).  The substantial transformation test involves a fact-specific examination, influenced by judicial and administrative precedent, of where the imported article was last transformed into a new and different article of commerce with a different name, character and use distinct from its constituent components.

For goods from Canada and Mexico, the NAFTA marking rules prescribe an objective set of rules for determining country of origin by comparing the tariff classification of imported components used to produce the finished goods and the tariff classification of the finished goods.  When the final manufacturing operation accomplishes the specified “shift” in tariff classification, the marking rules are satisfied.

While the substantial transformation test is somewhat subjective, it has been historically favored by the trade.  The importing community strongly resisted a proposal by CBP in 2008 to replace the substantial transformation test with tariff-shift rules for all non-preferential purposes.  Importers expressed a preference for the subjective test that is flexible in its application.

CBP seems to be reasoning that, in the wake of the “strange result” rulings treating goods marked as a Product of Mexico as subject to the Section 301 tariffs on goods from China, the importing community’s appetite for the objective rules may have evolved.

Considerations for Companies Importing from Canada and Mexico

Unifying the country of origin test for all non-preferential purposes in North America could reduce administrative burdens, but the actual financial impact will vary depending on the facts.  Companies affected by the rule change should consider submitting comments.  The deadline is Thursday, August 5, 2021.

On July 13, 2021, the U.S. Departments of Commerce, State, Treasury, Commerce and Homeland Security and the Office of the U.S. Trade Representative issued an updated Advisory on supply-chain risks for U.S. businesses whose business activities may be implicated by human rights concerns related to forced labor in and outside of Xinjiang, China.

The updated Advisory, which echoes the State Department’s annual report on genocide, declares that the Chinese government is committing genocide and crimes against humanity.  Given the gravity and extent of these abuses, the updated Advisory notes that “businesses and individuals that do not exit supply chains, ventures, and/or investments connected to Xinjiang could run a high risk of violating U.S. law.”  This warning suggests that the U.S. government is likely to take further action against companies and products with ties to Xinjiang.

In the interim, the updated Advisory encourages business, including financial institutions to undertake heighted due diligence to identify potential supply chain or other linkages to Xinjiang and forced labor.  However, the updated Advisory, like the original, cautions against relying on third-party audits alone and encourages collaboration with industry groups to share information on risks in the region.

The updated Advisory particularly urges caution with respect to the following sectors that have been identified as using forced labor: Agriculture (including such products as raw cotton, hami melons, korla pears, tomato products, and garlic); Cell Phones; Cleaning Supplies; Construction; Cotton Yarn, Cotton Fabric, Ginning, Spinning Mills, and Cotton Products; Electronics Assembly; Extractives (including coal, copper, hydrocarbons, oil, uranium, and zinc); Fake Hair and Human Hair Wigs, Hair Accessories; Food Processing Factories; Footwear; Gloves; Hospitality Services; Metallurgical grade silicon; Noodles; Printing Products; Renewable Energy (polysilicon, ingots, wafers, crystalline silicon solar cells, crystalline silicon solar photovoltaic modules); Stevia; Sugar; Textiles (including such products as apparel, bedding, carpets, wool); and Toys.

Risks of doing business with companies implicated in Xinjiang-related human rights abuses is not limited to supply chains and inbound merchandise.  For example, the United States has imposed a variety of sanctions on Chinese companies involved in human rights abuses in Xinjiang, including technology companies that provide the digital infrastructure necessary for mass surveillance in the region.  These measures broadly prohibit U.S. and non-U.S. companies from exporting or transferring U.S.-origin goods, software, and technology to the sanctioned parties.

The updated Advisory is the latest indication that human right concerns will play a central role in the Biden Administration’s approach to China.  U.S. businesses should carefully review the updated Advisory in detail and consider their legal and reputational exposure to Xinjiang-related risks with respect to existing relationships and future transactions.

Yesterday, the Bureau of Industry and Security (BIS) of the U.S. Department of Commerce added 14 companies based in China and 20 companies located elsewhere to the U.S. Entity List.  According to BIS, the Chinese companies are involved in China’s “campaign of repression, mass detention and high-technology surveillance” against Uyghur and other minorities in Xinjiang.  Five other entities were added for directly supporting the Chinese military.  The remaining 15 entities were added to the list for facilitating shipments to Iran and Russia.  All 34 are involved in the technology sector.  The move escalates U.S. trade restrictions on China in response to human rights abuses and cracks down on companies violating export regulations on Iran and Russia.

Under the new rule, U.S and non-U.S. exporters are generally prohibited from transferring goods, software, or technology subject to the U.S. Export Administration Regulations (EAR) to listed entities without first obtaining a U.S. export license.  License applications involving exports or transfers to most listed companies will face a presumption of denial.

Companies doing business with the listed parties should carefully review whether these rules apply to their operations and implement controls to prevent exports, re-exports, or transfers of items to listed entities, unless licensed by BIS.

Yesterday, the U.S. Office of Foreign Assets Control (OFAC) sanctioned several Belarusian individuals and entities, including the State Security Committee of the Republic of Belarus (the Belarusian KGB), in response to the Lukashenka regime’s escalating violence and repression.  (The full list of changes to the Specially Designated Nationals (SDN) and Blocked Persons List is available here).

OFAC also issued Belarus General License 3 (GL 3) to ensure that U.S. persons engaging in legal business activities in Belarus are able to interact with the Belarusian KGB in its administrative capacity.  Specifically, GL 3 authorizes U.S. persons to engage in certain activities that are ordinarily incident and necessary to requesting, receiving, utilizing, paying for, or dealing in licenses, permits, certifications, or notifications issued or registered by the Belarusian KGB for the importation, distribution, or use of information technology products in Belarus, provided that any exports of items subject to U.S. export controls are properly licensed and payments of fees to the Belarusian KGB do not exceed 5,000 in any calendar year.  GL 3 also authorizes U.S. persons to comply with law enforcement, administrative actions, and investigations involving the Belarusian KGB and with rules and regulations administered by the Belarusian KGB.

Companies that do business in Belarus should carefully review the new additions to the SDN List and ensure that GL 3 covers any required dealings with the Belarusian KGB.  GL 3 does not authorize most exports of items to the Belarusian KGB or the transfer of blocked property.

 

Last week, the U.S. Department of Commerce removed the United Arab Emirates (“UAE”)  from its list of countries boycotting Israel in response to the formal termination of the UAE’s participation in the Arab League boycott of Israel.

Under Commerce’s updated rules, a request for information, action, or agreement from the UAE made after August 16, 2020 is no longer presumed to be boycott-related and, consequently, is not prohibited or reportable unless the request is facially boycott-related.  For example, if a UAE company requests that a U.S. company provide information on the nationality of its board members, that request is no longer presumed to be boycott-related – the U.S. company may respond to the request and does not need to report the receipt of the request to Commerce.  In contrast, if a request from the UAE (or any other country) references “blacklisted companies,” “Israel boycott list,” “non-Israeli goods,” or other phrases indicating a boycott purpose, compliance with that request generally remains prohibited and the request must be reported to the Commerce Department.  The updates to Commerce’s rules followed a similar change to the Treasury Department’s antiboycott regulations, which reduced reporting obligations related to the UAE for U.S. taxpayers.

While these updates represent a liberalization of U.S. antiboycott rules applicable to the UAE, U.S. companies and taxpayers must remain vigilant for requests that are facially boycott-related from the UAE and other countries, even if the countries do not officially participate in the Arab League boycott of Israel.

Please feel free to contact our Export Controls & Economic Sanctions team with any questions about compliance with U.S. antiboycott regulations.

 

Yesterday, President Biden signed an Executive Order (“E.O.”) that formally revokes and replaces three earlier E.O.s that aimed to restrict transactions with TikTok, WeChat, and other communications and Fintech applications and provides a new framework to address security concerns related to the information and communications technology and services (“ICTS”) supply chain.  The new E.O. was issued pursuant to the ongoing national emergency declared in the 2019 E.O. 13873 regarding ICTS in the United States that are controlled by persons within the jurisdiction of a “foreign adversary,” including China.

The new E.O. resets the U.S. government’s approach to ICTS by ordering a review of the national security threats posed by software applications that collect Americans’ sensitive personal and business data and by foreign adversaries’ access to large repositories of U.S. person data.  New restrictions are likely following that review, and companies that rely on software applications owned or managed by companies linked to China or other potential foreign adversaries, should closely watch developments in this space.

New reports on “unacceptable or undue risks” posed by foreign adversary-connected applications

The E.O. directs the Directors of National Intelligence and Homeland Security to provide threat and vulnerability assessments to the Secretary of Commerce.  In turn, the Commerce Department will draft two reports on foreign adversary-connected software, defined as software that has the ability to collect, process, or transmit data over the internet.  The reports will recommend actions to protect against harm from the sale of, transfer of, or access to U.S. persons’ sensitive data, including personally identifiable information, personal health information, and genetic information.  In addition, the Commerce Department will recommend additional actions to address risks associated with software applications that are designed, developed, manufactured, or supplied by persons owned or controlled by, or subject to the jurisdiction or direction of, a foreign adversary.

Several criteria indicate national security risk of ICTS applications

Building on the criteria to assess national security threats listed in E.O. 13873, the new E.O. lists several factors that will be considered when evaluating the risks posed by foreign adversary-connected software, including:

  • ownership, control, or management by persons that support a foreign adversary’s military, intelligence, or proliferation activities;
  • use of the connected software applications to conduct surveillance that enables espionage, including through a foreign adversary’s access to sensitive or confidential government or business information, or sensitive personal data;
  • ownership, control, or management of connected software applications by persons subject to coercion or cooption by a foreign adversary;
  • ownership, control, or management of connected software applications by persons involved in malicious cyber activities;
  • a lack of thorough and reliable third-party auditing of connected software applications;
  • the scope and sensitivity of the data collected; the number and sensitivity of the users of the connected software application; and
  • the extent to which identified risks have been or can be addressed by independently verifiable measures.

Consistent with other recent Biden Administration actions targeting China, the E.O. notes that the U.S. government may impose consequences on non-U.S. persons who own, control, or manage connected software applications that engage in serious human rights abuse or otherwise facilitate such abuse.

These criteria will inform the U.S. government’s decision-making framework to adopt a “rigorous, evidence-based” analysis to address risks posed by ICTS transactions involving foreign adversary-connected software.

Further action on ICTS applications likely

Although yesterday’s E.O. rescinds the previous E.O.s dealing with Chinese mobile applications, new restrictions on Chinese and other software that collect large amounts of sensitive U.S. person data are likely to flow from the Commerce Department’s forthcoming report and recommendations, which are expected within 180 days.  Furthermore, the E.O. provides the Commerce Department with authority to restrict transactions and business activities that may:

  • Pose a risk of sabotage or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of ICTS in the United States;
  • Pose a risk of catastrophic effects on the security or resiliency of the critical infrastructure or digital economy of the United States; or
  • Otherwise pose an unacceptable risk to the national security of the United States or the security and safety of United States persons.

Our Export Controls and Sanctions team will be actively monitoring for any developments.

Yesterday morning, June 8, 2021, the Biden-Harris administration released a report including factual findings and recommendations concerning four critical supply chains.  The full 250-page report is available here and a White House fact sheet summarizing key findings and recommendations is available here.

The report stems from President Biden’s Executive Order 14017 (“EO 14017”), which established a wide-ranging whole-government evaluation of America’s supply chains.  The report and recommendation released today concerns 100-day reviews involving four specific supply chains:

  • semiconductors and advanced packaging;
  • high-capacity batteries;
  • critical minerals and other identified strategic materials; and
  • active pharmaceutical ingredients.

A few major themes can be gleaned from the report:

Trade Enforcement: A recurring theme throughout the document relates to the use of the trade enforcement toolkit, including the establishment of a U.S. Trade Representative-led trade strike force, to identify unfair foreign trade practices that have eroded U.S. critical supply chains and to recommend trade actions to address such practices. The report also specifically recommends a potential Section 232 investigation of neodymium permanent magnets, suggesting that the Biden Administration may use Section 232 as a vehicle to address critical supply chain issues, albeit in a more traditional national security context.

Global Nature of Supply Chains: While many of the reports’ recommendations focus on expanding domestic production and labor, the report also acknowledges the need for global supply chains, and the need to work with partners and allies to achieve resilient supply chains.

Leveraging the Government’s Purchasing Power:  The report proposes a number of ways the government can leverage its position as a buyer of critical materials to address supply chain concerns.  This includes purchasing materials from domestic sources but also developing standards that foreign materials must meet.  The report also suggests a strengthening of the National Defense Stockpile and the use of the Defense Production Act program as additional ways of addressing supply chain deficiencies.

Financing/Investment: A systemic lack of financing and a long-term shortfall in investments are identified as a key themes throughout the report.  The report makes several financing recommendations that may present domestic and foreign producers with opportunities to expand production capabilities domestically and also abroad.

Sustainability: Sustainability is a key theme throughout the report, both from developing sustainable production in the U.S., sourcing materials produced sustainably abroad, and encouraging allies and partners and partners to develop sustainable supply chains.

Labor: The report identifies a shortage of skilled labor as a significant supply chain issue and recommends investing in training and development programs to ensure the U.S. labor market can meet manufacturing needs.

The administration is also conducting year-long based supply chain reviews of the following six sectors:

  • defense industrial base;
  • public health and biological preparedness industrial base;
  • information and communications technology (ICT) industrial base;
  • energy sector industrial base;
  • transportation industrial base; and
  • agricultural commodities and food products.

Industry participants should be aware of additional opportunities to engage in shaping the administration’s policies through these reviews in the coming months.

 

Today, President Biden issued an Executive Order expanding U.S. restrictions on dealings in the publicly traded securities of Chinese companies.  Today’s move amends Executive Order 13959 to prohibit U.S. persons from buying or selling the publicly traded securities of listed companies operating in (1) the surveillance technology sector or (2) the defense and related material sector of the Chinese economy.  E.O. 13959 was previously limited to companies affiliated with the Chinese military.

The amended order reflects a growing emphasis on human rights and “democratic values” in U.S. sanctions policy related to China.  The White House fact sheet announcing today’s amendment indicated that the Order is intended to prevent the flow of U.S. capital to companies that develop or use surveillance technology to facilitate repression or serious human rights abuse in and outside of China, including technology used to surveil religious or ethnic minorities.  Other recent moves, including those in response to Chinese government policies in the Xinjiang region and Hong Kong, have similar human rights policy motivations.  The administration may cite to security and adherence to democratic values in imposing future sanctions.

Below, we summarize the key features of the new restrictions and guidance issued by the Office of Foreign Assets Control (“OFAC”).

Companies targeted

The amended E.O. initially applies to the 59 Chinese companies listed in the annex to the E.O.  The companies are also included on OFAC’s new “Non-SDN Chinese Military-Industrial Complex Companies List” (“NS-CMIC List”), which replaces the previous “Communist Chinese Military Company” (“CCMC”) list.  The NS-CMIC List includes a number of new Chinese companies that did not appear in the prior CCMC list and excludes a handful of companies that were on the prior list. (A table summarizing the list changes is below the break.)  Notably, the NS-CMIC List captures companies operating in the defense sector, subsidiaries and affiliates of companies on the CCMC list, and two companies operating in the surveillance technology sector.

The Biden administration indicated that it expects to add additional parties to the NS-CIMC List in the future.

Relevant securities

As in the original E.O. 13959, the prohibition on purchasing and selling publicly traded securities also applies to derivatives and securities designed to provide investment exposure to such securities, including ADRs, GDRs, ETFs, index funds, and mutual funds.  Restrictions apply regardless of the CMIC securities’ share of the underlying index fund, ETF, or derivative.  The amended E.O. defines “securities” as those specified in Section 3(a)(10) of the Securities Exchange Act of 1934.

Wind-down period

The amended E.O.’s prohibitions come into effect on August 2, 2021 for the 59 companies currently on the NS-CMIC List, and U.S. persons are permitted to divest holdings in those securities until June 3, 2022.  The amended E.O. also provides for a 365-day divestment period for CMICs that are designated in the future.

Guidance for U.S. financial service companies and investors

OFAC guidance issued today explains how the agency will apply the new E.O. to broker-dealers, market intermediates, and other market participants.  In particular:

  • U.S. financial service companies that provide clearing, execution, settlement, and related services can continue to deal in CMIC securities so long as they do not facilitate prohibited transactions by U.S. persons.
  • Securities exchanges operated by U.S. persons, along with market makers, market intermediaries and other participants, are not prohibited from effecting U.S. persons’ divesture of publicly traded securities in the listed CMICs during the wind-down period.
  • U.S. persons employed by non-U.S. entities are not prohibited from facilitating purchases or sales related to a CMIC security on behalf of their non-U.S. employer or providing investment management or similar services to a non-U.S. person.
  • U.S. financial service companies can rely on “information available to them in the ordinary course of business” in conducting due diligence on whether an underlying purchase or sale is prohibited under the amended E.O

*             *             *             *             *

Our team is actively monitoring developments in this area, please contact us with questions on how the new rules may apply to your business.

Continue Reading New Executive Order Targets Investments in Chinese Surveillance and Military Companies

Yesterday, the Office of Foreign Assets Control (“OFAC”) announced sanctions against three prominent Bulgarian individuals and 64 related companies for corruption.  The designations are the largest action in the history of Executive Order 13818, which implements the Global Magnitsky Human Rights Accountability Act and authorizes sanctions on parties that engage in significant corruption or human rights abuses overseas.  According to OFAC, the newly designated individuals and entities abused public institutions and government for personal profit.

The addition of Vassil Kroumov Bojk, Delyan Slavchev Peevski, Ilko Dimitrov Zhelyazkov and their companies to the List of Specially Designated Nationals (“SDN List”) effectively cuts the sanctioned parties off from the U.S. financial system and U.S. market.  U.S. persons are broadly prohibited from conducting business with the sanctioned parties and with any entities owned 50 percent or more, directly or indirectly, by the SDNs.  Further, any property or interests in property within the possession or control of U.S. persons must be formally “blocked” (or frozen) and reported to OFAC.

Companies that do business in Bulgaria should carefully review the new additions to the SDN List, as many of the sanctioned entities are prominent in the local media and entertainment sectors.  Further developments are possible with upcoming elections in Bulgaria.