WHAT ARE EXPORT CONTROLS AND ECONOMIC SANCTIONS?
Export controls are laws and regulations that may restrict, prohibit, and require reporting of transactions involving the movement of tangible and intangible items across borders, or in some cases, amongst individuals of different citizenship. Export controls are typically designed to promote national security, foreign policy, and multilateral non-proliferation.
Economic sanctions typically regulate U.S. persons activities wherever located (broader than just regulating export of U.S.-origin controlled products).
WHICH U.S. GOVERNMENT AGENCIES REGULATE EXPORTS?
United States Department of Commerce, Bureau of Industry and Security (BIS)
BIS regulates and enforces U.S. export controls under the Export Administration Regulations (EAR) primarily related to "dual-use" items (items with both potential civil and military/intelligence application) and those items subject to multilateral non-proliferation controls (items that can contribute to chemical, biological, or nuclear weapons or missile proliferation), as well as certain items specially designed to be used in conjunction with "defense articles" or "defense services."
United States Department of State, Directorate of Defense Trade Controls (DDTC)
DDTC regulates and enforces U.S. export controls (which may include restrictions on both exports AND temporary imports) under the International Traffic in Arms Regulations (ITAR) related to "defense articles" and "defense services" – items that have been identified as designed to certain military or intelligence specifications.
United States Department of the Treasury, Office of Foreign Assets Control (OFAC)
OFAC regulates and enforces U.S. economic sanctions restrictions against designated parties (individuals, organizations, groups, etc.) and geographies (regions, countries). These may include restrictions on U.S. person activities in proscribed destinations or involving restricted individuals, exports to designated parties or geographies, as well as restrictions on other transactions, including imports, financial dealings, or travel.
Other U.S. government agencies regulate specific aspects of exports (such as the U.S. Census Bureau – responsible for collecting statistical information from exporters) or items involved in specific industries (such as the Department of Energy or Nuclear Regulatory Commission, who regulate certain exports of items involved in the civil nuclear industry).
OVERVIEW OF U.S. EXPORT AND ECONOMIC SANCTIONS REGULATIONS
EAR Regulations and the Commerce Control List (CCL)
The EAR control commercial and dual-use items, information, and technology. The EAR does control certain types of munitions and "military hardware," including some types of firearms, aircraft, military vehicles, materials, chemicals and more. This also covers items controlled by the international export control lists.
As described below, the EAR regulate items "subject to the EAR," meaning 1) items exported from the U.S., 2) re-exports from 3rd countries of U.S.-origin items, and 3) certain foreign produced items incorporating U.S.-origin content or direct products of U.S.-origin technology.
The EAR regulate both exports involving items listed on the Commerce Control List (CCL) as well as items exported to specified end-users (e.g. those designated on the Entities List or Unverified List) or specified end-uses (e.g. military end-use, use in UAVs, etc.).
Note that the EAR regulate both physical exports and transfers of technology (e.g., drawings, specifications or the like), which can include exports from a U.S. person to a non-U.S. person within the United States (known as "deemed export").
ITAR Regulations and the U.S. Munitions List (USML)
As noted above, the ITAR regulates export (and temporary imports) of defense articles and defense services. This can include everything from body armor and electronics, to spacecraft, satellites, imaging systems and much, much more. Note that the ITAR controls technical data and services, including a range of assistance or training, such as design, development, production, testing, operation, maintenance, and repair services.
Like the EAR, the ITAR controls exports that occur where a U.S. person provides controlled information to a non-U.S. Person (i.e., technical data) – even if that transfer of information occurs within the same company located in the United States.
The list of items controlled by the ITAR is referred to as the United States Munitions List (USML), consisting of categories of products and technical data, including spare parts, components, sub-assemblies and accessories.
Economic sanctions administered by OFAC typically have the purpose of prohibiting U.S. persons (wherever located, including foreign affiliates of U.S. companies, U.S. branches of foreign companies, and individual U.S. citizens wherever located) from conducting transactions with identified individuals, entities, or geographies without an OFAC license (either a specific or general license, as discussed below). These prohibitions may take the form of "blocking sanctions" that freeze or target the assets of sanctioned parties and prohibit U.S. persons from conducting transactions involving such assets or prohibitions on various business activities, including exports or imports, involving sanctioned parties.
1. Targeted Sanctions
These sanctions are designed to target specifically designated individuals, businesses, groups, or organizations identified as participating in activities that OFAC has determined are against the foreign policy, national security, or criminal law enforcement goals of the United States. Parties designated under targeted sanctions are listed by OFAC as either "Specially Designated Nationals" (SDNs), or non-SDNs under the specific sanctions program or programs they have been targeted under (e.g. terrorism, weapons of mass destruction, etc.).
Note that, with respect to targeted sanctions (and Sectoral Sanctions, described below), individuals and entities subject to sanction include both those specifically identified in OFAC listings AND entities where one or more individuals or entities subject to OFAC designation have a 50% or greater ownership stake (the so-called "50% Rule").
2. Sectoral Sanctions
Parties identified as subject to sectoral sanctions may not be subject to the blanket prohibitions applied to targeted sanctioned parties, but rather specific categories of transactions or those involving specific economic sectors.
For example, the OFAC Ukraine-related sanctions program specifically targets parties engaged in Russia's financial and energy sectors, focused on prohibitions involving dealing in specific types of debt transactions or oil/gas business activities.
3. Geographic Sanctions
Geographic sanctions programs are those that comprehensively restrict transactions with any parties in or owned by parties identified with countries or regions (e.g. Cuba, Iran, North Korea, Syria). Note that the Crimea Region has also been identified as subject to such comprehensive sanctions, albeit on a regional/city level.
4. Secondary Sanctions
Secondary sanctions are a relatively new kind of sanction targeting non-U.S. persons who do business with sanctioned individuals, countries, regimes, and organizations. These sanctions permit the U.S. government to designate non-U.S. persons (e.g. financial institutions, logistics companies, etc.) determined to be engaged in material transactions with or assisting sanctions evasion by sanctioned parties. Once designated, such non-U.S. person may also be subject to SDN listing or other targeted sanctions as well.
U.S. antiboycott laws and regulations are designed to prohibit or penalize U.S. companies (and their foreign subsidiaries) cooperation with international economic boycotts in which the United States does not participate. The primary (but not the only) target of U.S. antiboycott programs is the Arab League boycott of Israel.
U.S. antiboycott laws and regulations prohibit refusing to conduct business with or in a boycotted country or with "blacklisted" individuals, companies, nationalities, and vessels/aircraft; furnishing information in further of such boycotts; or implementing letters of credit involving such boycott requirements. Companies receiving such requests are required to report on a quarterly basis to the U.S. Department of Commerce and must report such requests (and any conduct of business in identified boycotting countries) to the U.S. Department of Treasury on an annual basis.
Export Controls Jurisdiction and Classification
1. Jurisdiction (ITAR vs. EAR) and Classification
To determine whether items are subject to EAR or ITAR export controls and identify which export controls classification (and licensing requirements) may apply, companies should follow an "order of review" analysis per below:
- Gather information about the item/technology's function, components, and capabilities.
- Next, look for an item meeting the description, function, capabilities on the USML.
- If not specifically enumerated in USML, complete "specially designed" analysis to determine if item is ITAR controlled as "specially designed" or move to EAR classification review.
- If not ITAR controlled, identify potentially applicable export control classification numbers (ECCNs) on the CCL and look for an item meeting the description, function, capabilities on the CCL.
- If not specifically enumerated, complete "specially designed" analysis to determine if item is EAR controlled as "specially designed" and determine ECCN.
Note that in some cases, where a jurisdiction or classification determination is unclear or there is a high risk / potential liability associated with a proposed export or specific items, exporters are encouraged to submit a "Commodity Jurisdiction" (for ITAR vs. EAR determinations), or "Commodity Classification" (CCATS) to BIS (to confirm applicable CCL classification).
2. License Determinations
Once you have identified the correct jurisdiction and classification, then you must determine potentially applicable controls. Under the ITAR, this generally means a license is required for any export or import of the item, unless a license exemption applies. Under the EAR, you must identify, for the applicable ECCN: the reason that the item is controlled (listed in the CCL, for example "NS – for National Security; CB – for Chemical / Biological Weapons); any "related controls" listed under that ECCN (including end-user or end-use controls); and consult the "Commerce Country Chart." After these steps and performance of appropriate end-user and end-use due diligence, you can determine export licensing requirements for your export.
1. License Exceptions and Exemptions
Under both the ITAR and EAR, some items that would otherwise require a license may be exported under an EAR "license exception" or ITAR "license exemption," depending upon the item, end-user, or end-use. Use of such exceptions or exemptions is strictly controlled and often subject to documentation, certification, or reporting requirements. Exporters seeking to use either EAR license exceptions or ITAR license exemptions should be familiar with and have procedures in place to comply with such requirements before seeking to use license exceptions or exemptions.
Likewise, to determine which activities are authorized or prohibited under the OFAC sanctions programs and regulations, parties can conduct an analysis to determine which activities are exempt from sanctions prohibitions (e.g., food donations to Cuba) or covered under "general licenses." A general license (discussed below) may apply to certain transactions depending on the sanctions program and permit the activity without a specific OFAC license.
When a transaction is subject to U.S. sanctions, you must determine whether a specific license (issued by OFAC) is required, or a "General License," essentially an exception, is available under the applicable sanctions regulations. General Licenses may be found either directly in regulations (e.g., Exports of Medicines and Medical Devices to Iran) or issued as administrative actions (e.g., Transactions with Certain PDVSA Entities in Venezuela).
Specific licenses, on the other hand, require a written application to OFAC, detailing the transaction involved, including information about quantities, values, all transaction parties, and end-use or purpose. Specific licenses can be submitted via the OFAC license application page.
BIS generally grants export and reexport licenses on a case-by-case basis depending on the transaction end-users, classification of the items or technology, and ultimate destination reasons for control. These licenses are submitted via the agency's Simplified Network Application Processing Redesign (SNAP-R). From time to time BIS also publishes "Temporary General Licenses" applicable to entities on the Entity List (e.g., Temporary General License for Certain Transactions Involving Huawei). In these cases, the Temporary General Licenses restore, or partially restore, the normal licensing requirements and policies under the EAR for exports, reexports, and transfers (in-country) to the Entity Listed entities.
DDTC grants temporary import, temporary export, and permanent export licenses for temporary imports or exports of products and technical data. This agency currently has various forms that must be prepared and submitted via the agency's online system Defense Export Control and Compliance System (DECCS). For ongoing exchanges of defense services/technical data, parties may also submit a different type of license or "agreements" for approval to DDTC.
DDTC requires "agreements" (e.g. Technical Assistance Agreements (TAAs)) to allow for ongoing and repeated exchange of ITAR controlled technical data and defense services (as well as certain associated tangible exports). Note that the process for applying for and complying with agreements is substantially different and more complex than that for individual export licenses.
Best Practices for Compliance
Guidelines and policies issued by the key regulators and law enforcement agencies (BIS, DDTC, OFAC, DOJ) counsel organizations that an effective compliance program (i.e. one that may be identified as providing credit to the company when under investigation) must include adequate resources (including personnel and systems) to address the specific risks of the organization.
2. Risk Assessment
Organizations should develop and use risk assessments to identify and evaluate the specific export controls and economic sanctions risks that they are subject to, including periodic reevaluations to determine if such risks have changed.
3. Management Commitment and Oversight
Organizations should demonstrate a commitment by senior management to provide resources, implement policies and procedures, require training, and communicate these requirements across the organization, including appropriate oversight and independence of resources and ability of organization personnel to report potential violations.
4. Policy and Procedures
Organizations should put in place written policies and procedures that address the specific export controls and economic sanctions risks that the organization is subject to and revise such policies and procedures to the extent that the organizations' risk profile changes.
Organizations should provide appropriate, targeted training and guidance (including both officers and employees) on export controls and economic sanctions to ensure both new and current officers and employees (as well as appropriate 3rd parties) are aware of applicable laws and regulations and organizational policies. Such training and guidance should be delivered periodically and reevaluated and revised from time-to-time as organizational risks change.
6. Monitoring and Audit
Organizations should identify available means of conducting periodic, risk-based, monitoring and auditing of transactions or business processes where export controls or economic sanctions risks may be present. Such monitoring or auditing may require internal or external parties' assistance (ensuring appropriate independent review) and could include monitoring or auditing third parties (such as suppliers or customers) where appropriate.
Each of the noted export control and sanctions regulatory agencies (BIS, DDTC, and OFAC) have independent enforcement roles, regulations, procedures, and mechanisms. Note that in cases where regulatory agencies identify persistent or egregious cases (e.g. those where company personnel had "knowledge" or "intent" to violate export controls or sanctions laws), the DOJ may engage in criminal investigation or prosecution.
With respect to civil enforcement, each of these regulatory agencies can impose civil and administrative penalties against U.S. persons and organizations, including monetary fines and restrictions on the ability to conduct business involving export transactions. In addition, the U.S. has increasingly sought to extend enforcement jurisdiction against non-U.S. companies through export controls (via the Department of Commerce Entity List and Unverified List) or economic sanctions (so-called "secondary sanctions").
1. Emerging and Foundational Technology
Recent passage of the Export Control Reform Act of 2018 (ECRA) and Foreign Investment Risk Review Modernization Act (FIRRMA) has the potential to significantly impact the scope of U.S. export controls by developing a framework for controls on exports of "emerging" and "foundational" technology. Although the scope of "foundational" technologies has not yet been announced, BIS has issued a public notice indicating that "emerging" technologies that could be subject to control may include (a) AI and machine learning; (b) Position, Navigation, and Timing technology; (c) logistics technology; (d) quantum computing and sensing; (e) robotics; (f) hypersonics; (g) advanced surveillance, such as face/voice recognition; and (h) advanced materials, like functional textiles.
Clients with products or services that involve any of the general categories of emerging technology under review should evaluate their current regulatory exposure, including any current commercial, research, or employment relationships involving non-U.S. persons or entities, particularly with respect to China (which is the primary target of the likely export control and licensing requirements). It is likely that any identified "emerging" or "foundational" technologies will have additional export licensing and reporting requirements attached to any transfer of products, software, or technology to non-U.S. parties (including individuals located in the U.S. who are not U.S. citizens or permanent residents).
2. Focus on China
During 2019 and 2020, the U.S. government has continued to focus export control regulations and policy on restricting access to and enforcement against violations involving China. These include enforcement actions involving Huawei and revisions to the so-called "foreign direct product rule" (which will impose U.S. export controls on certain electronic components that utilize U.S. technology manufactured by Huawei and other Chinese manufacturers on the U.S. entities list).
In addition, recent enforcement actions by OFAC, as well as policy statements regarding the potential change in U.S. policy towards Hong Kong, indicate an ongoing effort by the current U.S. administration to seek multiple avenues of pressure against the Chinese government involving export controls and sanctions.