You are reading the October 2024 Update of the Bass, Berry & Sims Enforcement Roundup, where we bring notable enforcement actions, policy changes, interesting news articles, and a bit of our insight to your inbox.
To stay up to date, subscribe to our GovCon & Trade blog. If you have questions about any actions addressed in the Roundup, please contact the international trade team. We welcome your feedback and encourage you to share this newsletter. Let's dive in!
Overview
- Vietnam Beverage Company Limited agreed to pay $860,000 to settle potential civil liabilities for violations of the North Korea Sanctions Regulations (NKSR).
- The U.S. Department of State, Directorate of Defense Trade Controls (DDTC) announced an administrative settlement with Precision Castparts Corp. to resolve violations of the International Traffic in Arms Regulations (ITAR).
- The Department of Treasury issued a final rule implementing its new outbound investment program.
- The Department of Justice (DOJ) issued a Notice of Proposed Rulemaking (NPRM) to prohibit or restrict certain transactions involving sensitive personal data.
Vietnam Beverage Company Limited Settles for $860,000 for Violations of the North Korea Sanctions Regulations (Office of Foreign Assets Control (OFAC) Action)
Those involved. Vietnam Beverage Company Limited (VBCL), a Vietnam beer and spirits company
Charges and penalties. 43 apparent violations of the North Korea Sanctions Regulations (NKSR).
What happened? On October 17, OFAC announced that VBCL agreed to pay $860,000 to settle potential civil liabilities for violations of the NKSR. According to OFAC, between April 2016 and October 2018, two VBCL subsidiaries processed approximately $1.14 million in payments through U.S. financial institutions for the export of alcoholic beverages to North Korea. The violations were not voluntarily disclosed.
In determining the penalty amount, OFAC considered VBCL's failure to exercise due care, the involvement of senior management, and the harm to U.S. foreign policy objectives to be aggravating factors. However, OFAC did not consider the violations to be egregious. OFAC also considered several mitigating factors, including VBCL's lack of prior misconduct, substantial cooperation during the investigation, and implementation of significant compliance measures after discovering the violations.
The press release can be found here.
Notably. This case highlights the risks faced by non-U.S. entities, even those involved in business that does not touch U.S. territory or directly involve U.S. persons, or who use the U.S. financial system. U.S. sanctions extend to the conduct of non-U.S. persons that "cause" U.S. persons to violate a sanctions program. Any non-U.S. entity conducting a transaction in U.S. dollars needs to understand that U.S. sanctions likely apply to that transaction.
DDTC Concludes $3 Million Settlement Resolving Export Violations by Precision Castparts Corp. (DOS Action)
Those involved. Precision Castparts Corp. (Precision), a manufacturer of castings, forged components, and airfoil castings for the aerospace and defense industry.
Charges and penalties. 24 violations of the Arms Export Control Act (AECA) and ITAR ($3 million fine).
What happened? On October 7, DOS announced it had concluded an administrative settlement with Precision to resolve 24 violations of the AECA and ITAR related to the unlawful export of technical data to 46 foreignperson employees (FPEs). More specifically, Mold Masters, a subsidiary of Precision, exported technical data pertaining to certain tools (specifically, wax pattern and core dies) and wax patterns consumed in the production of casting blades used in gas turbine engines of fighter aircraft. While the FPEs were lawfully permitted to work in the United States, Mold Masters' inadequate internal controls failed to validate their status upon their hiring for roles that implicate the ITAR.
Even after Mold Masters was acquired by Precision in 2018, the FPEs continued to work through 2019. In addition, Mold Masters lacked adequate record keeping procedures as it failed to capture information such as specific dates, work assignments, or information on specific technical data. Precision agreed to a 36-month consent agreement and a $3 million fine, though DDTC agreed to suspend $1 million to be used for the implementation of remedial compliance measures.
The press release can be found here. The charging letter, settlement agreement, and order can be found here.
Notably. The action highlights that ITAR-controlled technical data need not leave the country to be "exported" in violation of export control laws. While the ITAR and Export Administration Regulations (EAR) both impose restrictions on who can access covered technologies, under each regime "U.S. persons" generally may access export-controlled items without an export license.
Importantly the term "U.S. person" includes any person "who is a protected individual as defined by 8 U.S.C. 1324b(a)(3)," which includes both refugees and asylees. However, if the employee falls outside this definition of "U.S. person," their access to export-controlled information should be restricted. Here, the FPEs were improperly screened prior to accessing the technical data. Internal controls should be implemented to ensure FPEs do not have access to controlled technical data.
Treasury Department Issues Final Rule on Outbound Investment Security Program (Treasury Action)
Outbound Final Rule. On October 28, the Department of Treasury issued a final rule implementing Executive Order 14105, "Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern," that formally establishes the U.S. outbound investment security program. The rule prohibits or requires notification of certain investments made by U.S. persons into "covered foreign persons" who are engaged in designated activities and technologies.
The rule defines "covered foreign person" as a "person of a country of concern" engaging in a covered activity; or a person who holds a voting or equity interest, board seat, or has the contractual power to direct, one or more covered foreign person(s) and either i) derives more than 50 percent of the person's revenue or net income from the "person of a country of concern" or incurs more than 50 percent of its capital expenditures or operating expenses from the "person of a country of concern." In his Executive Order, the president identified China, along with the Special Administrative Region of Hong Kong and the Special Administrative Region of Macau, as a country of concern.
In particular, U.S. persons are prohibited from investing in, or are required to notify Treasury within 30 days of the closing of, a transaction involving persons associated with China that are engaged in activities related to 1) semiconductors; 2) quantum information technologies; and/or 3) certain artificial intelligence systems.
Additionally, several classes of investments are excepted from the final rule including publicly traded securities, equity compensation, intracompany transactions, binding commitments consummated before the Final Rule takes effect, third party measures, certain limited partner investments, non-U.S. transactions from which a U.S. person is recused, full buyouts of Chinese ownership, certain syndicated debt financings, derivative transactions, and national interest transactions.
The rule also imposes further obligations on U.S. persons associated with non-U.S. entities or persons. For example, a U.S. person must take "all reasonable steps" to prevent its "controlled foreign entity" from participating in a covered transaction that would be viewed as a prohibited transaction if performed by a U.S. person. Similarly, the rule prohibits U.S. persons from "knowingly directing" a covered transaction by a non-U.S. person entity. The final rule will go into effect January 2, 2025.
The final rule can be found here. The Treasury Department press release can be found here.
Notably. This outbound investment program will necessitate changes to internal compliance programs, especially in terms of diligence on prospective business partners, for any entity considering transactions or investments in designated activities and technologies.
DOJ Moving Forward with Proposed Rule to Protect Americans' Sensitive Personal Data from Countries of Concern (DOJ Action)
Proposed Rule. On October 21, the DOJ issued an NPRM aimed at mitigating national security-related threats from countries of concern seeking access to Americans' sensitive personal data. The NPRM established a program that would prohibit or restrict U.S. persons from certain data transactions with designated countries—at present, China, Cuba, Iran, North Korea, Russia and Venezuela. The NPRM regulates U.S. persons' data transactions with "covered persons," a term defined as any 1) foreign entity that is 50% or more owned by a country of concern, organized under the laws of a country of concern, or has its principal place of business in a country of concern; 2) foreign entity that is 50% or more owned by a covered person; 3) foreign employee or contractor of a country of concern or entity that is a covered person; and 4) foreign individual primarily resident in a country of concern. DOJ also intends to supplement these "covered persons" categories through a public list of designated individuals and entities.
The NPRM specifically regulates six categories of sensitive personal data:
- Certain covered personal identifiers
- Precise geolocation data
- Biometric identifiers
- Human genomic data
- Personal health data
- Personal financial data
The NPRM would generally only apply to sensitive personal data which exceeds a bulk volume threshold as outlined in the NPRM and varies depending on the type of data. The NPRM also categorizes transactions as either prohibited or restricted. Interested parties have until November 29, 2024, to submit comments on the NPRM.
The proposed rule can be found here. The DOJ fact sheet can be found here.
Notably. While the DOJ does not dictate compliance requirements for U.S. companies engaging in data transactions, companies are expected to develop risk-based compliance systems to mitigate potential violations. In its fact sheet, the DOJ indicates that the adequacy of a compliance program will be considered in any enforcement action. Companies therefore need to consider compliance program modifications to ensure they can comport with these new requirements.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.