Article Bloomberg Law

INSIGHT: Economic Sanctions and Export Controls Update Q4 2019

The fourth quarter of 2019 included significant regulatory and policy developments related to economic sanctions and export controls. Kirkland & Ellis attorneys discuss these actions and what they may indicate about trends and takeaways in 2020.

The View From Washington: Key Takeaways

  • Legislative and regulatory developments reflect a continued focus on China, in particular with regard to human rights abuses and the U.S. information and communications technology supply chain.
  • The U.S. Department of Justice updated and clarified its policy regarding corporate voluntary self-disclosures for “willful” violations of sanctions and export controls.The U.S. Department of
  • State Directorate of Defense Trade Controls (DDTC) issued a long-awaited rule regarding the treatment of export-controlled technical data stored in the cloud.

BIS Proposed Rules—Information and Communications Technology and Services Supply Chain

On Nov. 27, the U.S. Department of Commerce Bureau of Industry and Security (BIS) published a proposed rule on securing the information and communications technology and services supply chain, pursuant to President Donald Trump’s May 15, 2019, corresponding executive order.

The proposed rule focuses on information and communications technology and services (ICTS) transactions “that pose an undue risk to critical infrastructure or the digital economy in the United States.” To address these risks, it proposes a review process that bears structural resemblance to the Committee on Foreign Investment in the United States (CFIUS) process.

The proposed rule subjects specific transactions initiated, ongoing, or finished after May 15, 2019, that involve persons or property subject to the jurisdiction of the United States, a contractual or other property interest of a foreign person, and ICTS developed by a “foreign adversary” to Commerce’s review on a transaction-by-transaction basis. Though no specific “foreign adversary” has been named, its focus is generally understood to be China or individually named Chinese companies.

China-Related Legislation

On Nov. 27, President Trump signed into law legislation including the Hong Kong Human Rights and Democracy Act of 2019 that, absent a presidential waiver, requires the president to impose sanctions on persons involved in human rights abuses in Hong Kong. The legislation also urges, though it does not require, that the Commerce Department take steps, including consideration of adjustments to U.S. export controls, “to prevent the supply of crowd control and surveillance equipment that could be used inappropriately in Hong Kong.”

On Dec. 3, the House of Representatives passed the UIGHUR Act of 2019. The bill calls for sanctions against “senior Chinese officials” responsible for the repression of Uighurs, as well as significant export controls restricting the flow to China of technology that can be used for human rights abuses, including items for use in

  • facial, voice, and biometric recognition;
  • monitoring of the internet and social media;
  • surveillance and restriction of communications; and
  • monitoring of individual location or movement.

 It remains to be seen whether the bill will become law.

DOJ National Security Division Voluntary Self-Disclosure Policy

On Dec. 13, the DOJ’s National Security Division (NSD) Counterintelligence and Export Control Section announced an updated policy for companies to submit voluntary self-disclosures to the NSD of potentially willful export controls and sanctions violations (the VSD Policy).

The VSD Policy clarifies that, if a company voluntarily discloses, cooperates with the NSD, and timely and appropriately remediates the issue, then absent aggravating factors there will be a presumption of a nonprosecution agreement without a fine.

If aggravating factors warrant a fine, the NSD will recommend a fine at least 50% lower than it would recommend absent a VSD. The VSD Policy likewise clarifies that a disclosure of willful conduct to other agencies (such as the Office of Foreign Assets Control, BIS, and DDTC) will not qualify for the benefits described therein, unless that conduct is also independently disclosed to the NSD.

Nord Stream 2 and TurkStream Sanctions

On Dec. 20, President Trump signed into law the National Defense Authorization Act for 2020 (the NDAA), which included sanctions concerning the Nord Stream 2 pipeline and the offshore section of the TurkStream pipeline. The NDAA authorizes sanctions on certain “vessels engaged in pipe-laying” for the pipelines. The sanctions also apply to any corporate officer or controlling shareholder who has knowingly “sold, leased, or provided those vessels,” or “facilitated deceptive or structured transactions” for the construction of these pipelines, as well as any foreign person who knowingly provides underwriting services, insurance, or reinsurance for such vessels.

The Trump administration has 60 days to identify sanctioned companies and individuals, who will then have 30 days to wind down operations. Though Nord Stream 2 is nearly completed, Allseas, a Swiss-Dutch company retained by Gazprom to lay pipe on the project, has announced that it is ceasing work on the project, which could cause delays.

DDTC ‘Cloud Computing’ Rule

On Dec. 26, DDTC issued a long-anticipated interim final rule which confirms that certain storage of unclassified technical data in the cloud is not subject to restrictions under the International Traffic in Arms Regulations. The rule, which builds upon a 2015 proposed rule and mirrors a similar rule implemented in 2016 under the Export Administration Regulations, confirms that “the electronic transmission and storage of properly secured unclassified technical data via foreign communications infrastructure does not constitute an export.”

The rule clarifies that the security criteria are satisfied if the data is secured using end-to-end encryption that meets National Institute for Standards and Technology certification standards for FIPS 140-2 compliance, or meets or exceeds the 128-bit security strength achieved by the Advanced Encryption Standard (known as AES-128).

This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.

Author Information

Mario Mancuso is a partner at Kirkland & Ellis and leads the firm’s International Trade and National Security practice. A former member of the president’s national security team, he specializes in counselling clients on international trade and national security matters, guiding clients through the CFIUS process, and resolving crises involving economic sanctions and export control-related investigations by the U.S. government.

Sanjay Mullick, a partner in Kirkland’s Washington, D.C., office, regularly represents clients on investigative, regulatory and transactional matters related to economic sanctions, export and import controls, anti-money laundering, and anticorruption.

Anthony Rapa, a partner in Kirkland’s Washington, D.C., office, counsels companies, financial institutions, and private equity sponsors worldwide regarding U.S., UK, and EU economic sanctions and export control issues.

Abigail Cotterill, of counsel in Kirkland’s Washington, D.C. office, regularly provides legal advice to companies, financial institutions, and private equity sponsors on the regulatory and other risks of operating or investing across international borders, with a focus on economic sanctions, export controls, and anticorruption.

Reproduced with permission. Published February 3, 2020. Copyright 2020 The Bureau of National Affairs, Inc. 800- 372-1033. For further use, please visit