The United States imposes economic and trade sanctions on individuals, entities, and jurisdictions throughout the world based on US foreign policy and national security goals.  Sanctions generally prohibit engaging in transactions with sanctioned individuals, entities, governments, or government entities.  Comprehensive sanctions, also called an embargo, generally prohibit all trade with a specific country or region.  Currently, the US maintains comprehensive sanctions against Cuba, Iran, North Korea, Syria, and the Crimea region of Ukraine.  The US also maintains significant sanctions programs against Russia and Venezuela.  Finally, the US maintains targeted sanctions programs against specific individuals and entities.

Sanctions can generally be divided into two categories:  so-called “primary” sanctions and “secondary” sanctions.  Primary sanctions apply to US persons or in situations where there is a US nexus, such as involvement by a US person, US-originating goods, or a transaction taking place within the US.  Secondary sanctions authorize OFAC or the State Department to threaten sanctions on a person, including a non-US person, for specified activity.  These sanctions are intended to discourage non-US persons from engaging in certain transactions even if the transaction has no US nexus (and is thus not subject to primary sanctions).

Sanctions are a strict liability regime.  While the fact of a violation (without proof of fault or intent) results in civil liability, OFAC does take fault and intent into consideration when deciding on the penalty to be imposed.  Persons and entities face criminal liability for “willful” violations, attempts to violate, conspiracies to violate, or causing a violation of, any license, order, regulation or prohibition under US law.  Potential penalties include imprisonment and monetary fines.

The SEC has taken a much more proactive role in examining and penalizing companies for potential sanctions violations, particularly as it relates to public companies’ disclosures to ensure adequate reporting on business risks.

Companies make disclosures when that information would be considered material for current and future investors.  Generally, financial materiality is the primary factor for disclosure, but it’s certainly not the only one.

In recent years, the SEC has been sending an increasing number of comment letters to companies with questions about sanctions and trade-related enquiries.  The Wall Street Journal has reported that such enquiries have more than tripled since 2014.

US Export control regulations apply to the export, reexport, and transfer of certain commodities, technology, and services. Items subject to the Export Administration Regulations (EAR) include items physically located within the United States, U.S.-origin items (wherever located), and certain foreign-origin items. Each item controlled under the EAR is assigned an Export Control Classification Number (ECCN), which is used to determine the reason for control—such as national security, regional stability, or anti-terrorism—and whether a license is required to export the item to a specific country. Controlled items are not subject to identical restrictions. For example, a controlled item may require a license to be exported to Russia, but not require a license to be exported to Canada.  The Export Control Reform Act (ECRA), signed into law in 2018, results in a significant expansion of the technologies subject to export restrictions.

Most importantly, it is critical to understand that U.S. export control laws have extraterritorial effect.  This means that transactions and transfers that occur outside the U.S. may nevertheless be subject to U.S. export control laws.  In fact, most of the most substantial enforcement actions taken by the U.S. government to-date involved violations that occurred outside the U.S. and even involved finished goods of non-U.S. origin.

Recent SEC enforcement has resulted in multi-million civil penalties for violations of corruption, sanctions and export controls.  Potential whistleblowers must have an attorney that understands these complex regulations and can present an actionable case to the US SEC for further investigation.

The Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), which overhauled the rules governing national security reviews undertaken by the Committee on Foreign Investment in the United States (CFIUS), was intended to protect the technological edge held by the United States by preventing companies from perceived geopolitical adversaries from gaining access to next-generation technologies.

FIRRMA and its implementing regulations establish mandatory CFIUS filings for certain foreign investments in three categories of U.S. businesses. One of these categories includes certain transactions involving a foreign investment in a U.S. business that produces, designs, tests, manufactures, fabricates or develops a U.S. critical technology, which is defined as certain items controlled for export under various authorities including the following:

• U.S. Department of State International Traffic in Arms Regulations (ITAR);
• U.S. Department of Commerce Export Administration Regulations (EAR);
• U.S. Department of Energy regulations regarding the export and import of nuclear equipment and material, as well as assistance to foreign atomic energy activities;
• U.S. Department of Agriculture regulations on the possession, use and transfer of select agent and toxins; and/or
• Emerging and foundational technologies designated under the Export Control Reform Act.

By defining critical technology this way, FIRRMA clearly links the responsibilities of CFIUS with those CFIUS member agencies that administer U.S. export control laws, especially the U.S. Department of Commerce.

Pursuant to FIRRMA, CFIUS implemented, among other things, a mandatory declaration process for foreign investments in a U.S. business that deals with critical technologies when an export license is required for transfer of those critical technologies to the country of the foreign investor, a definition that is linked to the export control laws and is always evolving.

Failure to make a mandatory filing can result in a civil penalty up to $250,000 or the value of the transaction, whichever is greater, in addition to potential unwinding of the investment.

The Foreign Corrupt Practices Act (FCPA) is the most effective anti-corruption law in the world.  There are two primary obligations for public companies under the FCPA:

A.      Anti-bribery

Individuals and businesses are prohibited from bribing foreign officials in order to retain or obtain business.

B.      Accounting

Public companies must create and keep books, records, and accounts to accurately reflect the transactions of corporations. Companies are prohibited from falsifying these records and must also devise and maintain an adequate system of internal accounting controls.

The Foreign Corrupt Practices Act is extremely broad in scope and is applicable worldwide. It extends to public companies and their subsidiaries and personnel, as well as foreign entities and agents.

There is no dispute that the Foreign Corrupt Practices Act grants the Department of Justice and the Securities and Exchange Commission broad jurisdiction to enforce the statute’s prohibition against bribery of foreign government officials. But in a recent FCPA action against Quad/Graphics Inc. (Quad), the SEC seems to have used the anti-corruption statute to penalize the public company not only for bribery, but also for violating U.S sanctions and export control laws.