A Review of 2020's Key U.S. Sanctions Developments
This article was originally published by Law360 on Dec. 18, 2020.
Despite a global pandemic, throughout 2020, the U.S. continued to expand the use of economic sanctions in an aggressive and, in some cases, unconventional manner in pursuit of U.S. foreign policy objectives.
While new sanctions targeting China, with good reason, have commanded extensive domestic and international attention, the Trump administration also continued to leverage existing sanctions authorities to squeeze unfriendly regimes in Iran and Venezuela, with potential implications for an incoming Biden administration.
And although enforcement activity by the Office of Foreign Assets Control declined, published enforcement actions identify key risk areas as OFAC continues to focus its attention on sanctions compliance by nonfinancial institutions.
Over the past four years, escalating tensions between the U.S. and China have created various complications for multinational companies, including increased tariffs, new export controls, and heightened scrutiny of cross-border investments. In 2020, the U.S. government expanded its coordinated effort to curtail China's growing influence and deter perceived malfeasance through the introduction of new sanctions authorities.
In mid-2020, the U.S. passed bipartisan legislation authorizing OFAC to impose sanctions against Chinese and non-Chinese parties engaged in specified activities supported by the Chinese government:
- Enacted in June, the Uyghur Human Rights Policy Act authorizes the U.S. government to impose sanctions against any non-U.S. person determined to be contributing to mistreatment of Uighurs or other minority groups in the Xinjiang Uighur Autonomous Region.
- Enacted in July, the Hong Kong Autonomy Act authorizes the imposition of sanctions against (1) persons who materially contribute to China's efforts to undermine Hong Kong's autonomy; and (2) non-U.S. financial institutions that knowingly conduct significant transactions with parties sanctioned pursuant to the Autonomy Act.
In succeeding months, OFAC exercised these new authorities. For example, pursuant to the Uyghur Human Rights Policy Act, OFAC designated Xinjiang Production and Construction Corps, a state-owned economic and paramilitary organization, to the Specially Designated Nationals and Blocked Persons, or SDN, list.
Similarly, pursuant to the Autonomy Act, OFAC designated several key Chinese Communist Party members within the Hong Kong government, including Carrie Lam, the chief executive of the Hong Kong Special Administrative Region.
As a result, (1) U.S. persons are prohibited from engaging in transactions with the designated parties and their majority-owned subsidiaries; and (2) non-U.S. persons that engage in material transactions with the designated parties are at risk of being targeted by U.S. sanctions.
These designations have presented practical challenges for multinational businesses, including companies with long supply chain networks, as well as businesses that conduct business in Hong Kong.
More recently, in November, President Donald Trump issued the "Executive Order on Addressing the Threat from Securities Investments that Finance Communist Chinese Military Companies."
Beginning Jan. 11, 2021, this executive order will prohibit U.S. persons from engaging in any purchase for value of publicly traded securities of designated Communist Chinese military companies, as well as any securities that are derivative of — or designed to provide investment exposure to — targeted securities.1
On its face, the scope of the executive order appears to be significantly narrower than a traditional blocking designation — i.e., designation to the SDN list. In particular, the executive order (1) prohibits new purchases of targeted securities; and (2) requires divestment of targeted securities by U.S. persons, rather than prohibiting all transactions with Communist Chinese military companies.
There are several open questions regarding implementation of the executive order, including the consequences of holding targeted securities beyond expiration of the divestment period.
However, pending guidance from OFAC, the executive order appears to be a novel form of restriction — similar to the introduction of sectoral sanctions following Russia's 2014 annexation of Crimea — designed to address a situation in which broad-based comprehensive sanctions would be unviable.
Over the past year, the Trump administration expanded its efforts to disrupt the Iranian government's access to economic resources, in support of the administration's objective of curtailing Iran's regional influence.
In January, Trump issued an executive order that expanded the scope of Iranian industries subject to OFAC's secondary sanctions authority. As a result, non-U.S. persons who operate within, or knowingly engage in a significant transaction involving, a newly targeted industry — construction, mining, manufacturing, or textiles — are at risk of triggering U.S. sanctions.
In addition, in recent months, OFAC has accelerated the designation of Iranian individuals and entities to the SDN list, including pursuant to counterterrorism-related sanctions authorities, which impose additional restrictions as compared to other sanctions authorities and generally are perceived as difficult to reverse.
For example, on Dec. 16, OFAC designated Chinese and Emirati companies for engaging in Iran-related activities, signaling the Trump administration's continued efforts to place pressure on non-U.S., non-Iranian companies to comply with U.S. sanctions targeting Iran.
Throughout 2020, OFAC has continued to impose sanctions against non-U.S., non-Venezuelan parties that deal in prohibited sectors of the Venezuelan economy. These actions largely have focused on non-U.S. persons who trade with parties operating within Venezuela's oil sector, including state-owned oil company Petroleos de Venezuela SA.
In November, OFAC designated Chinese technology company China National Electronics Import & Export Corporation, or CEIEC, to the SDN list pursuant to Executive Order No. 13692, for supporting the efforts of President Nicolás Maduro's regime to undermine democracy in Venezuela.
According to a U.S. Department of the Treasury press release, CEIEC has provided software, training and technical expertise to the Venezuelan government, including software and hardware that restricts internet access. As a result of the designation, U.S. persons are prohibited from transacting with CEIEC or its majority-owned subsidiaries, which is a substantial restriction, given that CEIEC reportedly has over 200 subsidiaries and offices worldwide.
Concurrently, OFAC issued a 45-day general license authorizing the wind-down of transactions and activities involving CEIEC or its majority-owned affiliates. The CEIEC designation demonstrates the extent to which country-specific sanctions authorities — e.g., Venezuela — can be leveraged in pursuit of multiple policy objectives: in this case, curtailing third countries' use of Chinese-developed technologies to suppress political dissent.
In June, OFAC and the U.S. Department of State took initial steps to implement the Caesar Syria Civilian Protection Act, which authorizes the imposition of sanctions on non-U.S., non-Syrian parties for engaging in specified conduct involving Syria. While designations pursuant to the Caesar Act have been limited to date, the changes introduced by the Caesar Act are representative of a broader trend — the U.S. government's increased employment of sanctions with explicit extraterritorial application — that escalates sanctions risks for non-U.S. companies.
In October, OFAC published an advisory to alert companies to potential sanctions risks related to ransomware payments. Specifically, the advisory states that the payment of ransomware demands to sanctioned parties or jurisdictions may constitute a violation of U.S. sanctions, even if there is no identified sanctions nexus at the time of payment.
The advisory thereby clarifies that neither inability to verify the origin of an attack nor the consequences of nonpayment will provide a complete defense if a sanctions nexus is identified after payment. In determining the appropriate enforcement outcome, the advisory states that OFAC will consider as significant mitigating factors:
- The victim's self-initiated, timely and complete report of a ransomware attack to law enforcement; and
- The victim's full and timely cooperation with law enforcement both during and after a ransomware attack.
To date, OFAC has not publicly disclosed any enforcement actions against victims of ransomware attacks that have made payments to a sanctioned party or party located in a comprehensively sanctioned jurisdiction. Accordingly, it remains an uncertainty how OFAC will implement its ransomware guidance in practice.
To date, OFAC has announced 14 enforcement actions and settlements, which collectively have netted just under $23 million in civil penalties. This represents a significant decrease from the nearly $1.3 billion in penalties imposed in 2019.
The year-over-year decline in enforcement activity may be attributable to multiple factors, including COVID-19-related impediments and typical fluctuation in enforcement activity. The decline, however, is unlikely to be indicative of a material shift in enforcement priorities. By way of illustration, the last presidential election year — 2016 — saw a similar decline in enforcement on the heels of a strong enforcement year in 2015.
Despite a decrease in volume, the enforcement actions published in 2020 offer some insight into OFAC's enforcement priorities, particularly as the agency continues to ramp up scrutiny of nonfinancial institutions.
In July, OFAC entered into a settlement agreement with Amazon.com Inc., pursuant to which Amazon agreed to pay $134,523 to resolve its potential liability for violations of multiple sanctions programs.
According to OFAC, the apparent violations stemmed from gaps in Amazon's sanctions screening processes for orders conducted on Amazon's websites, which resulted in Amazon processing orders for customers who were included on the SDN list or located in sanctioned jurisdictions. Amazon also failed to comply with affirmative reporting obligations for 362 Crimea-related transactions that the company conducted pursuant to a wind-down general license.
The Amazon settlement signals that OFAC expects e-commerce businesses to implement sophisticated sanctioned party and embargoed country screening methods. For example, although Amazon had a screening system in place, OFAC faulted that system for failure to capture alternate spellings of sanctioned jurisdictions — e.g., Krimea — or cities located within sanctioned jurisdictions.
The Amazon settlement also demonstrates that companies that seek to rely upon general and specific licenses must carefully ensure that all conditions and provisos, including reporting and documentation requirements, are met.
While the civil penalty imposed against Amazon was modest — $134,523 — owing in part to extensive remedial measures implemented by Amazon, the maximum penalty amount exceeded $1 billion, against a total transaction value of approximately $269,000, meaning that OFAC could have taken a significantly tougher position.
In the wake of rapid growth accelerated by the COVID-19 pandemic, e-commerce businesses, as well as retail businesses with an online presence, would be well served to assess whether their existing sanctions compliance controls could expose them to similar vulnerabilities.
OFAC's May 2019 sanctions compliance guidance document, "A Framework for OFAC Compliance Commitments," identified 10 common sanctions program deficiencies that the agency had observed in recent enforcement actions, including "Misinterpreting, or Failing to Understand the Applicability of, OFAC's Regulations." Two enforcement actions published in 2020 illustrate this vulnerability:
- In May, BIOMIN America Inc. agreed to pay $257,862 to resolve 44 apparent violations of the Cuban Assets Control Regulations. OFAC alleged that BIOMIN devised a transaction structure whereby BIOMIN America processed purchase orders from a Cuban customer and arranged for the orders to be fulfilled by the company's non-U.S. affiliates. According to OFAC, BIOMIN managers incorrectly determined that this transaction structure would be consistent with OFAC sanctions.
- In July, Whitford Worldwide Company LLC agreed to pay $824,314 to resolve 74 apparent violations of the Iranian Transactions and Sanctions Regulations. OFAC alleged that Whitford subsidiaries in Italy and Turkey sold products to Iran via third-party distributors. According to OFAC, Whitford regulatory personnel incorrectly concluded that the company's foreign subsidiaries could legally sell products to Iran, provided the sales were conducted indirectly via non-U.S. third-party intermediaries.
Like the Amazon settlement, the penalties imposed on BIOMIN and Whitford were relatively modest as compared to the available statutory maximum penalties — $2 million and $19.9 million, respectively — owing to the companies' voluntary disclosure, cooperation and remediation. However, these cases underscore the importance of dedicating sufficient resources to sanctions compliance efforts, particularly for companies that previously considered themselves to be beyond the scope of U.S. jurisdiction.
Although the impending change in presidential administration ordinarily would open the door to a pivot in sanctions policy — as occurred between the Obama and Trump administrations — we anticipate near-term changes to be around the margins or focused on tone rather than substance.
With respect to China, the prevailing U.S. foreign policy challenge, there is broad bipartisan and international agreement regarding the need to address China's recent activity in Xinjiang and Hong Kong. President-elect Joe Biden has signaled a desire to curtail Chinese influence, particularly with respect to human rights- and democracy-related concerns.
As such, it is foreseeable that a Biden administration would continue to leverage the Uyghur Human Rights Policy Act and Autonomy Act in response to perceived malign activities in Xinjiang and Hong Kong.
In addition, there have been bipartisan efforts within the U.S. Congress to curtail Chinese companies' access to U.S. stock exchanges, indicating momentum in favor of addressing — at least some of — the concerns underlying the Executive Order on Addressing the Threat from Securities Investments that Finance Communist Chinese Military Companies. Likewise, existing sanctions targeting Venezuela and Syria continue to retain broad bipartisan support, and therefore are unlikely to shift fundamentally under a Biden administration.
The Obama administration, of which Biden was a leading member, significantly shifted U.S. policy toward Cuba — through amendments to the Cuban Assets Control Regulations to increase travel and commerce — and Iran — through relaxation of certain sanctions pursuant to the Joint Comprehensive Plan of Action, or JCPOA.
While Biden has expressed interest in returning to the JCPOA — and presumably would favor a return to Obama-era policy concerning Cuba — intervening events may foreclose the opportunity for meaningful policy changes. In particular, the U.S.' expansion of sanctions targeting Iran, coupled with Iran's enrichment of uranium beyond the restrictions set forth in the JCPOA, may render a return to the JCPOA unfeasible.
Given broad bipartisan support for existing U.S. sanctions initiatives, 2021 looks to be an active year for sanctions developments and enforcement.
- The term "Communist Chinese military company" includes any company that the U.S. Department of Defense has identified pursuant to Section 1237 of the National Defense Authorization Act for FY 1999. To date, 35 entities have been identified by DOD. back to top