17-1002 Monday “Daily Bugle”

17-1002 Monday “Daily Bugle”

Monday, 2 October 2017

The Daily Bugle is a free daily newsletter from Full Circle Compliance, containing changes to export/import regulations (ATF, Customs, NISPOM, EAR, FACR/OFAC, FTR/AES, HTSUS, and ITAR), plus news and events.  Subscribe 
here for free subscription.  Contact us
for advertising inquiries and rates.

[No items of interest noted today.]

  1. Ex/Im Items Scheduled for Publication in Future Federal Register Editions
  2. Commerce/BIS Denies Export Privileges to 6 Persons and 1 Related Person
  3. DHS/CBP Publishes Updated Draft Drawback CATAIR
  4. DHS/CBP Posts Update to AESTIR on CBP.gov
  5. DoD/DSCA Releases Policy Memo 17-29 (1-7 Oct)
  6. GAO: “Iran Sanctions: U.S. Agencies Continue to Implement Processes for Identifying Potentially Sanctionable Entities”
  7. State/DDTC: (No new postings.)
  8. EU Releases Corrigenda Concerning Ukraine-Related Sanctions
  9. Dutch Public Prosecution Service: “International Fight Against Corruption: Telia Company Pays $274 Million to The Netherlands”
  1. Breaking Defense: “Trump Reviews Arms Sales, Hopes to Speed Them”
  2. The Guardian: “British Company Made Arms Deal with South Sudan, Amnesty Claims”
  3. Reuters: “Special Report: HP Enterprise Let Russia Scrutinize Cyber Defense System Used by Pentagon”
  1. D. Long, C. Pommies & L. Tolley: “European Commission Proposes Common Approach to Foreign Direct Investment Screening”
  2. D. Kyle & J. Jensen: “Late EEI Filing: Is It Too Late to Mitigate?”
  3. L.K. Marion: “Cloud Computing Crash Course: Location, Location, Location”
  4. M. Volkov: “Where O’ Where Did Our Monitors Go? – The Telia Bribery Case”
  5. R.C Thomsen II, A.D. Paytas, M.M. Shomali: “Changes to Export Controls in September 2017”
  1. Monday List of Ex/Im Job Openings: 101 Jobs Posted This Week, Including 15 New Jobs
  1. Bartlett’s Unfamiliar Quotations 
  2. Are Your Copies of Regulations Up to Date? Latest Changes: ATF (15 Jan 2016), Customs (28 Sep 2017), DOD/NISPOM (18 May 2016), EAR (25 Sep 2017), FACR/OFAC (16 Jun 2017), FTR (20 Sep 2017), HTSUS (25 Jul 2017), ITAR (30 Aug 2017) 
  3. Weekly Highlights of the Daily Bugle Top Stories 



[No items of interest noted today.]

* * * * * * * * * * * * * * * * * * * *


OGS_a11. Ex/Im Items Scheduled for Publication in Future Federal Register Editions
(Source: Federal Register

* Commerce/BIS; RULES; Updated Statements of Legal Authority for the Export Administration Regulations [Publication Date: 3 Oct 2017.]

* * * * * * * * * * * * * * * * * * * *


Commerce/BIS Denies Export Privileges to 6 Persons and 1 Related Person

Commerce/BIS) [Excerpts.]
The orders are available here. Excerpts are included below.
* Respondent: John Francis Stribbling of Loretto, PA.
* Charges: On 6 July 2016, in the U.S. District Court for the Eastern District of Virginia, John Francis Stribbling (“Stribbling) was convicted of violating Section 38 of the Arms Export Control Act (22 U.S.C. Par. 2778 (2012)) (“AECA”). Specifically, Stribbling was convicted of knowingly and willfully exporting from the United States to Indonesia, two pistols and two rifles designated as defense articles on the U.S. Munitions List, without the required U.S. Department of State licenses. Stribbling was sentenced to two years in prison, three years of supervised release, and a $100 assessment.
* Debarred: Five (5) years from the date of Stribbling’s conviction, until 6 July 2021.
* Date of Order: 28 September 2017.
* Respondent: Mark Henry (a/k/a Weida Zheng, a/k/a Scott Russel, a/k/a/ Bob Wilson, a/k/a Joanna Zhong) of Minersville, PA.
* Related Person: Dahua Electronics Corporation (a/k/a Bao An Corporation of Flushing, NY.
* Charges: On 19 November 2015, in the U.S. District Court for the Eastern District of New York, Mark Henry, a/k/a Weida Zheng, a/k/a Scott Russel, a/k/a/ Bob Wilson, a/k/a Joanna Zhong (“Henry”), was convicted of violating Section 38 of the Arms Export Control Act (22 U.S.C. Par. 2778 (2012)) (“AECA”). Specifically, Henry was convicted of willfully and knowingly exporting, causing to be exported, and attempting to export from the United States to Taiwan defense articles listed on the U.S. Munitions List, specifically ablative materials for use, among other things, as a protective coating for rocket nozzles, without the required State Department license. Henry was sentenced to 78 months in prison for violating Sections 38(b)(2) and (c) of the AECA, along with three years of supervised release and a $200 assessment.
* Debarred: Ten (10) years from the date of Henry’s conviction, until 28 September 2017. … BIS decided to name Dahua as a Related Person and make this Denial Order applicable to Dahua as well.
* Date of Order: 19 November 2025.
* Respondent: Robert J. Shubert Sr. of Coleman, FL.
* Charges: On 15 October 2014, in the U.S. District Court for the Middle District of Georgia, Robert J. Shubert Sr. (“Shubert) was convicted of violating Section 38 of the Arms Export Control Act (22 U.S.C. Par. 2778 (2012)) (“AECA”). Specifically, Shubert was convicted of knowingly and willfully exporting, from the United States to Japan, Dual Sensor Night Vision Goggles designated as defense articles on the U.S. Munitions List, without the required U.S. Department of State licenses. Shubert was sentenced to 78 months in prison, 36 months of supervised release, a $15,000 fine, and a $300 assessment.
* Debarred: Ten (10) years from the date of Shubert’s conviction, until 15 October 2024.
* Date of Order: 28 September 2017.
* Respondent: Shantia Hassanshahi, a/k/a Shantia Hassan Shahi, a/k/a Shahi, a/k/a Shantia Haas, a/k/a Sean Haas of Lompoc, CA.
* Charges: On 12 December 2015, in the U.S. District Court for the District of Columbia, Shantia Hassanshahi, a/k/a Shantia Hassan Shahi, a/k/a Shahi, a/k/a Shantia Haas, a/k/a Sean Haas (“Hassanshahi”) was convicted of violating the International Emergency Economic Powers Act (50 U.S.C. Par. 1701, et seq. (2012)) (“IEEPA”). Specifically, Hassanshahi was convicted of willfully conspiring to export and cause the exportation of goods and technology from Canada to Iran, as well as services related thereto from the United States to Iran, without having first obtained the required license from the U.S. Department of Treasury’s Office of Foreign Assets Control. Hassanshahi was sentenced to 12 months in prison, one year of supervised release, 100 hours community service, and a $100 assessment.
* Debarred: Five (5) years from the date of Hassanshahi’s conviction, until 12 December 2022.
* Date of Order: 28 September 2017.
* Respondent: Shehzad John of Ashland, KY.
* Charges: On 1 August 2016, in the U.S. District Court for the Southern District of New York, Shehzad John was convicted of violating the International Emergency Economic Powers Act (50 U.S.C. Par. 1701, et seq. (2012)) (“IEEPA”). Specifically, Shehzad John was convicted of knowingly and willfully conspired exporting and attempting to export from the United States to Pakistan items on the U.S. Commerce Control List, namely, a Bushnell Optical Scope, a Monstrum Laser Aimer, an AR 15 30mm red dot sight, and a NcStar red laser sight, without the required Department of Commerce licenses. Shehzad John was sentenced to 71 months in prison, three years of supervised release, a fine of $10,000, and an assessment of $100.
* Debarred: Ten (10) years from the date of Shehzad John’s conviction, until 1 August 2026.
* Date of Order: 28 September 2017.
* Respondent: Tayabi Fazal Hussain of Dubai, UAE.
* Charges: On 3 October 2016, in the U.S. District Court for the Northern District of Illinois, Tayabi Fazal Hussain (“Hussain”) was convicted of violating the International Emergency Economic Powers Act (50 U.S.C. Par. 1701, et seq. (2012)) (“IEEPA”). Specifically, Hussain knowingly and willfully conspired to export and caused the exportation of numerous types of goods, including, inter alia, optical and telescopic equipment and several sets of gas turbine mobile generators, from the United States to Iran, without having obtained the required U.S. Government authorization. Hussain was convicted to 15 months in prison, with credit for time served, and a special assessment of $100.
* Debarred: Ten (10) years from the date of Hussain’s conviction, until 3 October 2026.

* Date of Order: 28 September 2017. 

* * * * * * * * * * * * * * * * * * * *


DHS/CBP Publishes Updated Draft Drawback CATAIR

CSMS# 17-000629, 2 Oct 2017.)
CBP has published an updated version of the Drawback DRAFT guidance referenced in CSMS#17-000626. The updated version is available here.
This most recently published version contains an updated Table of Changes.
This technical document is considered a DRAFT and is subject to revision before a final version is provided. Any actions a reader takes based on this draft document are taken voluntarily and with the understanding that the draft may be revised.
CBP advises the trade community to continue monitoring CSMS for additional updates to this draft CATAIR, anticipated in the near future.
  – Related CSMS No. 17-000626

* * * * * * * * * * * * * * * * * * * * 


U.S. Customs and Border Protection (CBP) has updated the Automated Export System Trade Interface Requirements (AESTIR) AES Direct Web link API. The updated document may be accessed at the link HERE.

* * * * * * * * * * * * * * * * * * * *

* * * * * * * * * * * * * * * * * * * *


GAO: “
Iran Sanctions: U.S. Agencies Continue to Implement Processes for Identifying Potentially Sanctionable Entities”

What GAO Found
The Departments of State (State) and the Treasury (Treasury) have continued to implement their pre-January 2016 process for identifying entities that are potentially sanctionable under two executive orders for engaging in certain activities related to Iran’s space launch and missile programs. This process involves reviewing evidence to identify targets for missile-related sanctions, ensuring that State and Treasury have adequate evidence to impose those sanctions, and imposing and publicizing the sanctions. According to the agencies, since January 2016 they have designated 33 entities and 25 individuals for Iran missile-related sanctions pursuant to one of the executive orders. 
Similarly, State has continued its process for identifying and sanctioning entities that are potentially sanctionable under the Iran, North Korea, and Syria Nonproliferation Act (INKSNA) for certain activities related to Iran’s space launch and missile programs. While the INKSNA process is similar to the executive order process, INKSNA also requires State to provide congressional committees with reports every 6 months that identify foreign persons for whom there is credible information indicating that they have transferred to, or acquired from, Iran, North Korea, or Syria certain items, including missile-related items. INKNSA does not allow State to impose INKSNA sanctions on entities until State has identified them in such a report. State informed GAO that it had provided reports in June 2016 and March 2017 that refer to or consider post-January 2016 information.  However, those reports cover calendar years 2013 and 2014, respectively, and State has yet to provide reports covering the post-January 2016 period.
GAO previously determined that State does not have a process that would allow it to comply with INKSNA’s 6-month deadlines, but State has not implemented GAO’s recommendations for correcting this deficiency. According to State officials, the June 2016 INKSNA report-which addressed calendar year 2013-included 11 individuals and entities sanctioned for their support to Iran’s ballistic missiles program. According to a March 2017 State press release, the 2017 INKSNA report-which addressed calendar year 2014-also included 11 individuals and entities sanctioned for their support to Iran’s ballistic missiles program.
Why GAO Did This Study
Multilateral talks with Iran culminated in a 2015 agreement through which Iran committed to limits on its nuclear program in exchange for relief from U.S. and international nuclear-related sanctions. On the agreement’s Implementation Day, January 16, 2016, the International Atomic Energy Agency verified that Iran had implemented certain commitments under the agreement, and the United States, the European Union, and the United Nations lifted nuclear-related sanctions on Iran as specified in the agreement. U.S. sanctions targeting Iran’s ballistic missile programs, such as those under EOs 12938 and 13382 and INKSNA, remain. State and Treasury implement EO sanctions while State implements INKSNA sanctions. In 2015, GAO reported on State’s and Treasury’s processes for imposing these sanctions.
GAO examined (1) the extent to which State and Treasury have continued to implement, since January 2016, the executive branch process for identifying (a) entities that are potentially sanctionable under the provisions of EOs 12938 and 13382 for engaging in activities with Iranian sectors connected to space launch vehicles and missiles capable of delivering nuclear weapons, and (b) entities sanctioned since January 2016 under these EOs for such activities; and (2) the extent to which State has continued to implement, since January 2016, the executive branch process for identifying (a) entities that are potentially sanctionable under the provisions of INKSNA for engaging in activities with Iranian sectors connected to space launch vehicles and missiles capable of delivering nuclear weapons, and (b) entities sanctioned since January 2016 under the provisions of INKSNA for such activities.
What GAO Recommends
GAO is not making any recommendations in this report. State has yet to implement GAO’s 2015 recommendations to help ensure State’s compliance with INKSNA’s 6-month reporting deadlines. For more information, contact Thomas Melito at (202) 512-9601 or melitot@gao.gov.

* * * * * * * * * * * * * * * * * * * *


State/DDTC: (No new postings.)

(Source: State/DDTC)

* * * * * * * * * * * * * * * * * * * *


EU Releases Corrigenda Concerning Ukraine-Related Sanctions


* Corrigendum to Council Implementing Regulation (EU) 2017/1549 of 14 September 2017 implementing Regulation (EU) No 269/2014 concerning restrictive measures in respect of actions undermining or threatening the territorial integrity, sovereignty and independence of Ukraine ( OJ L 237, 15.9.2017 )
* Corrigendum to Council Decision (CFSP) 2017/1561 of 14 September 2017 amending Decision 2014/145/CFSP concerning restrictive measures in respect of actions undermining or threatening the territorial integrity, sovereignty and independence of Ukraine ( OJ L 237, 15.9.2017 )

* * * * * * * * * * * * * * * * * * * *


Dutch Public Prosecution Service: “International Fight Against Corruption: Telia Company Agrees to $274 Million Fines to The Netherlands”

(Source: Openbaar Ministerie) [U.S. dollar amounts changed from EU to US notation style.]  
In the international fight against corruption, the Netherlands [Publication Prosecution Service (“Openbaar Ministerie”)] has punished three Rotterdam-based subsidiaries of the international telecom provider Telia Company AB. They have accepted a settlement offered by the Dutch Public Prosecution Service (DPPS) totaling $274,000,000 US dollars. The DPPS accuses these Dutch subsidiaries of the criminal offences of bribery of government officials and inaccurate books and records. It concerns the period around the time of gaining access to the Uzbek telecom market and thereafter, during which they paid bribes to the eldest daughter of the former president of Uzbekistan in the period from 2007 up to and including 2010.
Parallel to the Dutch out-of-court settlement, there are settlements with the United States Department of Justice (DoJ) and the United States Securities and Exchange Commission (SEC). Telia Company will pay a total of $965,000,000 US Dollars as a penalty and disgorgement in the U.S. and the Netherlands.
Telia Company AB (formerly TeliaSonera AB) is an international telecom provider, with its main office in Stockholm. TeliaSonera AB has arisen from a merger between the Swedish telecom company Telia and the Finnish telecom company Sonera. The company is listed on NASDAQ Stockholm and at NASDAQ Helsinki. The company is active in Europe and Asia.
Sonera Holding BV, TeliaSonera UTA Holding BV and TeliaSonera Uzbek Telecom Holding BV (hereinafter: ‘TeliaSonera’) are Dutch subsidiaries of Telia Company and are based in Rotterdam. TeliaSonera has been found to have paid bribes to operate in the Uzbek telecom market via its Dutch subsidiaries. In doing so, services from the Dutch financial sector were utilized.
Corruption distorts competition and constitutes a serious violation of the integrity of governments, with great moral and political consequences.  Corruption affects the free and open markets and constitutes a threat to international stability. Corruption is combatted internationally. This international approach signifies that corruption is not tolerated and that high penalties will be imposed.
The criminal investigation was initiated in 2013. The Dutch criminal investigation was carried out by the Fiscal Intelligence and Investigation Service (FIOD) under supervision of the National Prosecutor’s Office for Serious Fraud, Environmental Crime and Asset Confiscation (“Functioneel Parket”). Parallel to the Dutch investigation, the DOJ, the SEC, and the Swedish Prosecution Service conducted investigations into suspected bribe payments by TeliaSonera. This parallel action shows that corruption is not tolerated internationally. The proceeds of corruption are confiscated and companies are imposed with severe fines.
In March 2014, the Rotterdam offices of the three Dutch subsidiaries of TeliaSonera were searched by the FIOD. Administrative records were seized.
The FIOD investigation shows, via its Dutch subsidiaries TeliaSonera paid bribes to the eldest daughter of the former president of Uzbekistan in the period from 2007 up to and including 2010. The criminal investigation has revealed that the eldest daughter of the former president of Uzbekistan, exercised control over the Uzbek telecom market. Bribe payments were required to operate in this market and for the acquisition of licenses, frequencies and number blocks. The DPPS holds that these payments constitute the criminal offences of bribery of  government officials (corruption) and books and records violations. The criminal investigation shows that from 2007 up to and including 2010 TeliaSonera paid bribes in connection with its entry into the Uzbek telecom market and in connection with obtaining telecommunication licenses for 3G and LTE frequencies and number blocks. In total, TeliaSonera paid approximately $314,200,000 US dollars in bribes to the daughter of the President. These payments were made through the offshore company Takilant Limited, based in Gibraltar.  Also, 6% of the shares in the Rotterdam subsidiary TeliaSonera Uzbek Holding company was transferred to Takilant Ltd. In addition to these bribe payments, over $27,300,000 US Dollars in ‘sponsorship’ and ‘charitable contributions’ were paid in Uzbekistan in the period from 2007 – 2013.  Some of these appear to be linked to Uzbek government officials. The DPPS holds that these payments constitute the criminal offences of bribery of government officials (corruption) and books and records violations.
For a detailed account of the facts, please see the attachment here.
According to the DPPS, the bribery committed throughout the years resulted in a dominant position in the telecommunication market in Uzbekistan and significant profits as a consequence. By its conduct, TeliaSonera has contributed to corruption in Uzbekistan. The DPPS considers corruption and related criminal offenses serious because of their undermining nature and the consequences for society.
In 2016, TeliaSonera’s sales amounted to approximately USD $11.4 billion.  The Netherlands considers the fine and disgorgement totaling $965,000,000 US Dollars as appropriate. It is a punishment that hurts, and it does justice to the significance of the acts committed as well as to the disruption these acts caused to the legal order. The parallel government action against corruption demonstrates that corruption is tackled internationally.
By imposing penalties and confiscating criminal proceeds, committed offences are redressed. It clearly shows that a company does not get away with committing criminal offenses and that criminally earned profits will be confiscated. In addition, there is a deterrent effect of this punishment on other companies. In addition, a large number of compliance measures has been taken within Telia Company, decreasing the risk of recurrence in the future.
Penalty Imposed by the Dutch Prosecution
The Company pays a total fine of $274,000,000 US Dollars of which 40.000.000 US Dollars forfeiture to the DOJ and the company pays 274.000.000 US Dollars to the Netherlands. The punishment imposed by the DPPS on TeliaSonera includes a fine of $100,000,000 US Dollars and a payment of $174,000,000 US Dollars.  The latter amount is the estimated value of items (in this case shares in the Dutch subsidiaries) that are eligible for confiscation.
In determining the Dutch fine it was taken into account that the payments to the government officials took place during a long time period and that the bribe payments were significant. As is the case when a sentence is formulated in court, the defendant’s attitude was taken into account as well.  TeliaSonera has cooperated with the investigation and has made its internal findings available.
The DPPS holds that all earnings of TeliaSonera in Uzbekistan constitute illegally obtained profits. After all, access to Uzbekistan has been gained by paying bribes to (the company of) a government official. Without those payments, the entry to the Uzbek market would not have been successful.  Therefore, TeliaSonera’s gross earnings (profit before tax) in Uzbekistan from the time of entering the market until the beginning of 2014 constitute the starting point for calculating illegally obtained profits. The investigations in the Netherlands and the US have set the criminal proceeds at $457,000,000 US Dollars. This will be paid for disgorgement of criminal proceeds.
Telia pays 40.000.000 USDollars of this amount as forfeiture to the DoJ and $208,500,000 US Dollars will be paid to the SEC. The remaining disgorgement amount of $208,500,000 US Dollars will be paid to Sweden or the Netherlands at a later stage, depending on a legal disgorgement procedure against Telia Company AB in Sweden.
Telia Company has taken action to put its compliance in order.  Executives who participated in the bribery, directly or indirectly, have left the company.  A completely new (top) management has been appointed, including a new CEO and CFO. In addition, Telia Company has launched a very comprehensive compliance program, implemented through the entire company. Among other things, an internal whistleblower scheme has been put into operation. Furthermore, Telia Company  has indicated that it intends to divest the entire EURASIA division of the company, including the Uzbek branch.

* * * * * * * * * * * * * * * * * * * *


Breaking Defense: “Trump Reviews Arms Sales, Hopes to Speed Them”

(Source: Breaking Defense, 29 Sep 2017.)
As President Donald Trump discovered after he cobbled together all
those arms sales
when he visited
Saudi Arabia
, selling weapons to foreigners is a complex business, fraught with congressional oversight and an intricate interagency process.
As he has with so many other government issues, Trump appears eager to reduce interference from other branches of government, revoke the rules passed by previous administrations and please his former business colleagues. To that end I’ve confirmed he has launched a vigorous review of the entire process, following in the footsteps of the Obama, Clinton and Bush administrations, all of whom sought to make fundamental changes.
The Obama administration already culled many items from the
U.S. Munitions List
, allowing more weapons to be considered dual use or controlled commercial items so they could be reviewed by the Commerce Department. The interagency review process involves the Intelligence Community, the
Defense Security Cooperation Agency (DSCA)
and the Political-Military Bureau of the State Department.
Every arms sales is considered a foreign policy decision. “When we transfer a system or a capability to a foreign partner, we are affecting regional – or foreign internal – balances of power; we are sending a signal of support; and we are establishing or sustaining relationships that may last for generations and provide benefits for an extended period of time,”
Tina Kaidanow
, the acting head of the Pol-Mil shop, told the House Foreign Affairs terrorism, nonproliferation and trade subcommittee in mid-June.
Arms sales are also governed by the Arms Export Control Act (AECA), which gives Congress the power to, in theory, block any arms sales it believes is ill considered. Combine the administration reviews required to ensure arms sales don’t upset balances of power, harm our nonproliferation interests or otherwise harm our national interests with the prospect of Congressional review, and a sale can percolate for years.
As someone who’s covered this set of issues for more than 15 years, I’m not sure what the administration can do unilaterally, beyond further scrubbing the Munitions List, trying to speed the interagency review and, perhaps, simplifying the Commerce Department process. Of course, they could try to amend the Arms Export Control Act, but I think that’s highly unlikely to happen given how reluctant Congress historically has been to loosen its leverage over the system.

* * * * * * * * * * * * * * * * * * * * 

10. The Guardian: “British Company Made Arms Deal with South Sudan, Amnesty Claims”

(Source: The Guardian, 30 Sep 2017.) [Excerpts.]
[UK] Trade Department investigating whether deal allegedly brokered by S-Profit Ltd breaches arms export controls.
Weapons exported to South Sudan in a deal allegedly brokered by a British company could be used against UK troops who have been deployed to the war-torn country as part of a UN mission, Amnesty International has warned.
The Department for International Trade is investigating whether the deal, which has been brought to light by Amnesty International, constitutes a breach of British arms export controls.
An EU arms embargo has been in force against South Sudan since its independence in 2011, while Britain has been one of the leading proponents for the establishment of a UN arms embargo.
However, documents leaked to Amnesty name a British company registered to an address near Covent Garden in London, S-Profit Ltd, as being among the commercial players in what would constitute one of the largest single arms deals that South Sudan has entered into since the outbreak of major civil conflict in December 2013. …. 

* * * * * * * * * * * * * * * * * * * * 

12. Reuters: “Special Report: HP Enterprise let Russia Scrutinise Cyber Defense System Used by Pentagon”

(Source: Reuters, 2 Oct 2017.)
Hewlett Packard Enterprise allowed a Russian defense agency to review the inner workings of cyber defense software used by the Pentagon to guard its computer networks, according to Russian regulatory records and interviews with people with direct knowledge of the issue.
The HPE system, called ArcSight, serves as a cybersecurity nerve center for much of the U.S. military, alerting analysts when it detects that computer systems may have come under attack. ArcSight is also widely used in the private sector.
The Russian review of ArcSight’s source code, the closely guarded internal instructions of the software, was part of HPE’s effort to win the certification required to sell the product to Russia’s public sector, according to the regulatory records seen by Reuters and confirmed by a company spokeswoman.
Six former U.S. intelligence officials, as well as former ArcSight employees and independent security experts, said the source code review could help Moscow discover weaknesses in the software, potentially helping attackers to blind the U.S. military to a cyber attack.
  “It’s a huge security vulnerability,” said Greg Martin, a former security architect for ArcSight. “You are definitely giving inner access and potential exploits to an adversary.”
Despite the potential risks to the Pentagon, no one Reuters spoke with was aware of any hacks or cyber espionage that were made possible by the review process.
The ArcSight review took place last year, at a time when Washington was accusing Moscow of an increasing number of cyber attacks against American companies, U.S. politicians and government agencies, including the Pentagon. Russia has repeatedly denied the allegations.
The case highlights a growing tension for U.S. technology companies that must weigh their role as protectors of U.S. cybersecurity while continuing to pursue business with Washington’s adversaries such as Russia and China, say security experts.
The review was conducted by Echelon, a company with close ties to the Russian military, on behalf of Russia’s Federal Service for Technical and Export Control (FSTEC), a defense agency tasked with countering cyber espionage.
Echelon president and majority owner Alexey Markov said in an email to Reuters that he is required to report any vulnerabilities his team discovers to the Russian government.
But he said he does so only after alerting the software developer of the problem and getting its permission to disclose the vulnerability. Echelon did not provide details about HPE’s source code review, citing a non-disclosure agreement with the company.
FSTEC confirmed Markov’s account, saying in a statement that Russian testing laboratories immediately inform foreign developers if they discover vulnerabilities, before submitting a report to a government “database of information security threats.”
One reason Russia requests the reviews before allowing sales to government agencies and state-run companies is to ensure that U.S. intelligence services have not placed spy tools in the software.
HPE said no “backdoor vulnerabilities” were discovered in the Russian review. It declined to provide further details.
HPE said it allows Russian government-accredited testing companies to review source code in order to win the Russian defense certifications it needs to sell products to Russia’s public sector.
An HPE spokeswoman said source code reviews are conducted by the Russian testing company at an HPE research and development center outside of Russia, where the software maker closely supervises the process. No code is allowed to leave the premises, and HPE has allowed such reviews in Russia for years, she said.
Those measures ensure “our source code and products are in no way compromised,” she said.
Some security experts say that studying the source code of a product would make it far easier for a reviewer to spot vulnerabilities in the code, even if they did not leave the site with a copy of the code.
In a 2014 research paper, Echelon directors said the company discovered vulnerabilities in 50 percent of the foreign and Russian software it reviewed.
Still, security analysts said the source code review alone, even if it yielded information about vulnerabilities, would not give hackers easy entry into the military systems. To infiltrate military networks, hackers would need to first overcome a number of other security measures, such as firewalls, said Alan Paller, founder of the SANS Institute, which trains cybersecurity analysts
Paller also said HPE’s decision to allow the review was not surprising. If tech companies like HPE want to do business in Russia, “they don’t really have any choice,” he said.
HPE declined to disclose the size of its business in Russia, but Russian government tender records show ArcSight is now used by a number of state firms and companies close to the Kremlin, including VTB Bank and the Rossiya Segodnya media group.
Whether the customer is Russia or the United States, overlooked errors in software code can allow foreign governments and hackers to penetrate a user’s computer.
Exploiting vulnerabilities found in ArcSight’s source code could render it incapable of detecting that the military’s network was under attack, said Allen Pomeroy, a former ArcSight employee who helped customers build their cyber defense systems.
  “A response to the attack would then be frankly impossible,” Pomeroy said.
The HPE spokeswoman said Reuters’ questions about the potential vulnerabilities were “hypothetical and speculative in nature.”
HPE declined to say whether it told the Pentagon of the Russian review, but said the company “always ensures our clients are kept informed of any developments that may affect them.”
A spokeswoman for the Pentagon’s Defense Information Systems Agency, which maintains the military’s networks, said HPE did not disclose the review to the U.S. agency. Military contracts do not specifically require vendors to divulge whether foreign nations have reviewed source code, the spokeswoman said.
The U.S. military agency itself did not require a source code review before purchasing ArcSight and generally does not place such requirements on tech companies for off-the-shelf software like ArcSight, the Pentagon spokeswoman said. Instead, DISA evaluates the security standards used by the vendors, she said.
Echelon operates as an official laboratory and software tester of FSTEC and Russia’s FSB spy agency, according to Russian government registries of testing laboratories and software certifications reviewed by Reuters. U.S. intelligence has accused the FSB of helping mount cyberattacks against the United States and interfering in the 2016 presidential election.
Markov, Echelon’s president, defended the reviews, saying that “if a vulnerability is found, everyone is happy” because the detected flaw means laboratory experts are “able to demonstrate their qualifications” and “the developer is happy that a mistake was detected, since by fixing it the product will become better.”
Russia in recent years has stepped up demands for source code reviews as a requirement for doing business in the country, Reuters reported in June.
A number of international companies, including Cisco Systems Inc, the world’s largest networking gear maker, and German software giant SAP, have agreed to the reviews, though others, including cybersecurity firm Symantec, have refused because of security concerns.
U.S. government procurement records show ArcSight is used as a key cyberdefense bulwark across much of the U.S. military including the Army, Air Force and Navy. For example, ArcSight is used to guard the Pentagon’s Secret Internet Protocol Router Network (SIPRNet), which is used to exchange classified information, according to military procurement records.
The Pentagon spokeswoman declined to comment on risks posed by specific products to its network but said all software used by DISA is “extensively evaluated for security risks,” and continually monitored once deployed.
Created in 2000 as an independent company, ArcSight broke new ground by allowing large organizations to receive real-time alerts about potential cyber intrusions.
The software draws activity records from servers, firewalls, and individual computers across a network – up to hundreds of thousands per second. The system then searches for suspicious patterns, such as a high number of failed login attempts within a few seconds, and alerts analysts.
A decade later, ArcSight had become “the core” cyber network defense tool the Pentagon’s analysts “rely on to defend DoD networks,” DISA said in a 2011 ArcSight procurement request.
Today ArcSight is a virtually irreplaceable tool for many parts of the U.S. military, at least for the immediate future, Pentagon records show.
  “HP ArcSight software and hardware are so embedded,” the Pentagon’s logistics agency wrote in April, that it could not consider other competitors “absent an overhaul of the current IT infrastructure.” 
HPE agreed last year to sell ArcSight and other security products to British tech company Micro Focus International Plc in a transaction that was completed in September.
Jason Schmitt, the current head of the ArcSight division, said the product makes up a little less than half of the $800 million in annual revenue Micro Focus expects to get from the security software business purchased from HPE.
Schmitt said he could not comment on any source code review that took place before this year, when he took the job, but stressed such reviews do not currently take place. Micro Focus did not respond to requests for comment on whether it would allow Russia to do similar source code reviews in the future or whether Micro Focus executives knew of the review prior to the acquisition.

* * * * * * * * * * * * * * * * * * * * 


13. D. Long, C. Pommies & L. Tolley: “European Commission Proposes Common Approach to Foreign Direct Investment Screening”

(Source: Allen & Overy)
* Authors: Dominic Long, Esq., dominic.long@allenovery.com;
Charles Pommies, Esq., Charles.Pommies@allenovery.com; and Louise Tolley, Esq., louise.tolley@allenovery.com. All of Allen & Overy, Brussels and London, Beijing, and London, respectively.
European Commission (EC) President Juncker has outlined legislative measures on the screening by EU Member States of foreign takeovers and investments.
The new screening system aims to improve cooperation and coordination between Member States vetting transactions affecting security or public order. It also enables the EC to issue opinions and to screen investments targeting businesses supported by EU funding.
The legislative procedure should start soon and critical developments are expected in the coming months as Member States gear up for possibly controversial procedures.
FDI in the State of the Union speech
Rarely had the State of the Union speech by European Commission (EC) President Juncker been as anxiously awaited by the international business community as this year. Speaking in front of the European Parliament in Strasbourg on 13 September 2017, President Juncker responded to repeated calls from some European Union (EU) Member States (primarily France, Germany and Italy) to address growing concerns over what has been perceived as a recent surge in investment across Europe by non-EU investors with strong financial ties to their home governments. To date, this investment has often targeted businesses or infrastructure in sectors of the economy deemed to be of strategic significance (such as energy, telecommunications and technology).
As anticipated, President Juncker’s speech confirmed that the EU would remain open to foreign direct investment (FDI). It should, however, devise “vigorous and effective policies” pursuing two objectives:
  – to ensure a level-playing field with the rest of the world; and
  – to “protect critical European assets against investment that would be detrimental to legitimate interests of the Union or its Member States”.
President Juncker’s speech briefly outlined the EC’s initiative to tackle this, highlighting the “political responsibility” to ensure that FDI in certain industries “should only happen in transparency, with scrutiny and debate”.
In parallel, on 14 September 2017, the EC published a detailed proposal for a Regulation to be adopted by the European Parliament and the Council giving effect to the proposal outlined in President Juncker’s speech. The EC also published a staff working document and announced a Communication providing additional context on the proposal.
The Current Approach to FDI Screening in the EU: Responsibility at the EU Member State level
The EC has not been directly involved in FDI screening to date; instead FDI screening is the exclusive responsibility of individual EU Member States, albeit subject to certain EU-level restrictions.
First, Article 21 of the EU Merger Regulation (EUMR) recognises the right of Member States to take appropriate measures in relation to transactions requiring notification to the EC under the EUMR to protect legitimate interests other than maintaining competition in the relevant markets. These include, in particular, public security, plurality of the media and ‘prudential rules’ (in effect, financial stability). Article 21 also leaves open the possibility that other public interests may be recognised by the EC as ‘legitimate’, at the request of a Member State, after an assessment of their compatibility with general EU law principles. Individual EU Member States have used this provision to protect national interests in the context of acquisitions of businesses operating in the defence, media and financial services sectors that would otherwise fall within the exclusive jurisdiction of the EC under the EUMR. For instance, the UK has a well-established framework for public interest interventions under Article 21 in its national merger control rules (see below for more information on the UK position). Importantly, however, these provisions are not expressed as applying specifically or exclusively to acquisitions or investments by foreign entities (and indeed have been used to review domestic mergers in addition to takeovers by foreign entities).
Second, nearly half of all EU Member States already have in place some mechanism of formal FDI screening (which may apply to transactions that do not require notification under the EUMR). The most recent example of a Member State updating its FDI screening legislation is Germany where an amendment to the Foreign Trade Regulation (Aussenwirtschaftsverordnung) entered into force in July this year, establishing a list of sensitive industries and extended timelines for review by the German Federal Ministry of Economic Affairs and Energy.
There is, however, a wide variety of approaches and procedures to FDI screening across individual EU Member States. For example, the screening can be mandatory or voluntary, ex ante or ex post, applicable across all sectors or limited to specific sectors, applicable to investors coming from specific geographic areas or covering the entire world, etc…
There is also no formal mechanism to coordinate FDI screening between different Member States. This increases the risk of a burdensome process for foreign investors and their targets, inconsistent timelines, and potentially divergent outcomes.
Against that background, the EC has stated that its proposal aims to provide legal certainty by giving a firm legal foundation for national FDI screening mechanisms under EU law and by ensuring compliance with international trade laws (such as the World Trade Organisation rules). It is also designed to achieve EU-wide coordination and cooperation between EU Member States.
A European-Wide FDI Framework
The EC’s proposal creates an enabling framework for Member States to screen FDI on grounds of security and public order, even in cases where the EUMR does not apply. It confirms that Member States may continue to maintain and amend existing FDI screening measures, or adopt new ones, taking into account their national circumstances. Importantly, however, Member States are not required to adopt an FDI screening mechanism.
A key aspect of the proposal is the creation of channels for communication and collaboration between individual EU Member States and the EC, to facilitate the sharing of information about planned or completed FDI in the territory of one or several EU Member States. Through those channels Member States will also be able to comment on investments that may affect their security or public order. Moreover, the EC (presumably through its Directorate-General in charge of trade) may itself issue an opinion on an investment that may affect the security or public order of one or more Member States. However, the final decision on the appropriate response to any particular FDI rests exclusively with the specific EU Member State(s) in which the investment is planned or completed – they must give “due consideration” to the comments and/or opinion received, but are not bound by them.
However, the proposal is clear that every EU Member State which has an FDI screening mechanism will have to ensure that it complies with basic substantive and procedural requirements.
In terms of substance, the EC lays out a non-exhaustive list of effects that may be taken into consideration by EU Member States when screening FDI. These include effects on critical infrastructure, technologies, sensitive information, and inputs which are essential for security or the maintenance of public order. The EC has said that this list of factors is intended to provide clarity to investors considering making or having made FDI in the EU. Crucially, the proposal states that, when assessing these effects, Member States and the EC should also be able to take into account whether a foreign investor is controlled directly or indirectly by the government of a third country, including through significant funding.
The EC has also outlined the essential elements of a proposed procedural framework to allow investors, the EC and individual EU Member States to better understand how investments are likely to be screened across EU Member States and to ensure transparency and non-discrimination between third countries. In particular, the proposal stipulates that national FDI screening regimes should have clear timeframes, which allow them to take into account comments by other EU Member States and the opinion of the EC. The proposal also provides that individual investors should have the possibility to seek judicial redress.
More Scope for Intervention by the EC?
Importantly, the proposal also gives the EC the power to screen FDI affecting projects or programs “of Union interest” on grounds of security or public order – in particular those funded by the EU (the proposal cites by way of example the ‘Galileo’ satellite navigation system or the ‘Horizon 2020’ European framework program for research and innovation). Under the proposal, where the EC identifies concerns in this respect, it may address an opinion to the Member States in which the investment is planned or completed.
While Member States will have no obligation to follow such an opinion, the proposal makes clear that in cases where an investment is screened under national FDI rules, Member States have to “take utmost account” of the EC’s opinion in their analysis and provide an explanation to the EC in cases where that opinion is not followed (this requires a greater degree of consideration than FDI which does not have a “Union interest“). Perhaps more surprisingly, the EC considers in an explanatory memorandum (but not in the text of the proposal itself) that an individual EU Member State in receipt of an opinion from the EC – even if that Member State is not conducting a screening – should nonetheless consider ways of taking that opinion into account either through its national FDI screening mechanism or, in the absence of such a mechanism, its broader policy making.
In all cases, however, the final decision on the appropriate response will rest with the relevant EU Member State, and not the EC.
Next Steps and the Legislative Process
The EC’s proposal is now expected to follow the ordinary legislative procedure, the first step in which is its formal presentation to the European Parliament. Both the European Parliament and the Council (representing the governments of each EU Member State) will then have to agree the final version after a series of up to three readings by each of them.
However, given the sensitivities, we expect that the EC’s proposal will be subject to intense scrutiny throughout the legislative procedure. To that end, while it is still too early predict with confidence when the final text may be adopted (if at all), this is unlikely to be before the end of the year.
Curbing FDI or Controlling the Member States?
The key question for the international business community is whether the EC’s proposal will constitute an obstacle to investments in Europe. In that context, the EC strongly believes that openness to FDI is a key principle and a major source of economic growth. Yet, at first sight, it may appear that the EC is effectively putting in place – or at least facilitating – an FDI screening system comparable (albeit on a decentralised basis) to those existing in other jurisdictions such as the U.S., Canada, or Australia. There is no doubt that the EC is keen to ensure a level playing field in international business and that, in its eyes, the acquisition of European technologies or infrastructures (in particular if they were funded by the EU) by foreign companies is a potential concern.
At the same time, the proposal allows the EC to get a much better grasp on national FDI screening procedures. Through the proposed information exchange and coordination mechanisms, the EC is also expecting coordination gains in the assessment of risk related to security and public order. Further, it will be very interesting to see how the EC makes use of its powers to issue FDI-related opinions, which may eventually come to set a de facto benchmark for individual EU Member States screening FDI.
In practical terms for international investors and European businesses looking for new sources of capital, it is hoped that the proposed legislation will contribute to harmonising the various EU Member State national FDI screening procedures. As with any significant change to the EU legislative landscape, however, the devil will very much lie in the detail of the final text of the Regulation.
A Final Note: a Post-Brexit UK Set to Chart its Own Course?
As noted above, the UK has a well-established framework for public interest interventions in its national merger control rules (both in relation to transactions notifiable to the EC (i.e., under Article 21 EUMR) as well as transactions falling outside the EC’s jurisdiction). The current grounds for review are, broadly, national security, plurality of the media and maintaining the stability of the UK financial system. However, last year the UK Department for Business, Energy and Industrial Strategy (DBEIS) announced its intention to “impose a new legal framework for future foreign investment in Britain’s critical infrastructure“. Just before this statement, the Prime Minister signalled, referencing both the Kraft/Cadbury deal and the attempt by Pfizer to acquire AstraZeneca, that going forward the UK Government would be more inclined to intervene in cross-border takeovers to protect UK interests. 
As it stands, while the UK remains part of the EU, the ability of the UK Government to expand the scope of intervention to protect national interests is constrained by EU laws (including the EUMR and the EC’s FDI proposal (if adopted)). Post-Brexit, these restrictions are likely to fall away, leaving the UK free to chart its own course in respect of screening FDI. As yet though, no detail has been published on what form this screening may take. However, it is expected that even if the UK does introduce a new framework for FDI screening in respect of “critical infrastructure“, it will seek to remain, as acknowledged by DBEIS, “one of the most open economies in the world“.
Post-Brexit, if the EC’s proposal is adopted and the UK Government’s intentions to further scrutinise FDI are realised, the impact on UK-based companies will be twofold. On one hand, UK entities investing in EU businesses or assets may find their investments subject to FDI review by the remaining EU Member States and possibly also the EC. On the other, UK businesses active in “critical infrastructure” (and possibly also other sectors of the UK economy deemed to be of ‘strategic significance’) and seeking overseas capital may see an additional layer of Governmental scrutiny applied to their would-be investors.
For more information on the UK position and the impact of Brexit, see our
note. You can read the EC’s proposal here.

* * * * * * * * * * * * * * * * * * * * 

14. D. Kyle & J. Jensen: “Late EEI Filing: Is It Too Late to Mitigate?”

(Source: Torres Law PLLC)
* Authors, Derrick Kyle, Esq.; and Jordan Jensen, Esq.. Both of Torres Law PLLC. Contact information: 214-593-7120, info@torrestradelaw.com.
In 2009, the U.S. Customs and Border Protection (“CBP”) published guidelines that govern the enforcement and mitigation of civil penalties for companies and other entities that fail to comply with the Foreign Trade Regulations (“FTR”) in 15 C.F.R. § 30. [FN/1] These regulations require exporters to file Electronic Export Information (“EEI”), which is the electronic equivalent of the former Shipper’s Export Declaration (“SED”), and is filed through the Automated Export System or AESDirect (“AES”). [FN/2]
While Section 30 includes a list of violations that trigger civil penalties, it also lists mitigating factors for violations. According to the guidelines, proving that the “violation was an isolated occurrence,” submitting a voluntary self-disclosure (“VSD”), or offering evidence that the violating party has a compliance program in place may lessen penalties for exporters that take initiative and proactively remedy potential violations. [FN/3]
Following the release of the 2009 guidelines, exporters have repeatedly criticized the “upsurge in penalties” that CBP has imposed for violations of FTR requirements. Specifically, exporters complain that the stated $10,000 fine per violation is too steep, even though first-time violators have frequently received fines as low as $250. [FN/4] Over the last decade, the most common violations cited have been entry of the “wrong port of export on submission” and “failure to include the name of a carrier in the EEI.” [FN/5] Violations have also been heavy for filers that claim their goods are “sold en route or on the water,” but who fail to retroactively enter consignee names within the designated four-day period after the sale. [FN/6]
Despite the high penalties, VSDs have often served as a mitigating factor in CBP’s determination of the penalty amount, or whether to impose penalties at all. According to Section 30, VSDs can mitigate penalties only when the Census Bureau receives information for review “prior to the time that [it] . . . has learned the same or substantially similar information from another source and has commenced an investigation or inquiry.” [FN/7] Additionally, an exporter who files a VSD must thoroughly review “all export transactions for the past five years” and notify Census as soon as possible with all required corrections.
Importantly, Section 30 mentions nothing that allows for mitigation of a penalty when an exporter lacks the resources to retroactively amend previous export transactions that contain reporting errors. This is problematic for companies that, after the submission of VSDs, must correct the record but lack EEI records and are unable to obtain them from their freight forwarders. [FN/8] Another issue for exporters looking to mitigate penalties lies in the disclaimers of the guidelines, which assert that even the filing of a VSD “may be outweighed by aggravating factors” in a penalty determination. [FN/9]
As such, when considering whether to submit a Census VSD, exporters must weigh all the risks associated with submitting. To receive mitigation under a Census VSD, the exporter must correct the relevant elements in each of its EEIs for a period of five years. Thus, unlike the VSDs of other agencies, a Census VSD requires correction of each of the shipments that contain reporting errors. Depending on the company, these shipments may number in the thousands. This may be especially problematic for those exporters who do not possess copies of their EEIs and who will need to rely on their freight forwarders to provide records, which can be a time-consuming process. Unfortunately, in many cases, forwarders are also unable to provide the necessary records. Although both exporters and forwarders are required to maintain them, we see many cases where neither party possesses the records nor the internal mechanisms to retrieve or tie the EEIs to specific company records.
Thus, in order to avoid high penalties, exporters must exercise diligence by continuously monitoring its EEI filings and providing the Census Bureau with any and all new information concerning corrections to the record. Failure to maintain copies of EEI filings can increase an exporter’s chances of inadvertent errors, and will hurt its chances of being able to correct historic exports. In addition, failure to maintain copies of the EEIs filed is a violation of the FTR recordkeeping requirements. Exporters should closely monitor their EEI filings for potential reporting errors to ensure any required corrections are made promptly.
  [FN/1] 15 C.F.R. § 30.1.
  [FN/2] Id.
  [FN/3] Id.
  [FN/4] Id.
  [FN/5] Id.
  [FN/6] Id.
  [FN/7] 15 C.F.R. § 30.74(a)(2).
  [FN/8] 46 C.F.R. § 515.2(h)(1).
  [FN/9] Id.

* * * * * * * * * * * * * * * * * * * * 

15. L.K. Marion: “Cloud Computing Crash Course: Location, Location, Location”

* Author: Laura K. Marion, Esq., laura.marion@FaegreBD.com, Faegre Baker Daniels LLP, Minneapolis, MN.
Cloud computing is the practice of enlisting a “cloud provider” to deliver data, applications and storage to users through the internet, which allows each user to share the computing resource and forego some on-premise technology. Cloud computing is generally categorized into three buckets. The cloud provider may:
  (1) Host applications, thereby eliminating the need to install and run applications on users’ own computers or data centers (known as Software-as-a-Service, or SaaS).
  (2) Host the hardware and software on its own infrastructure, thereby eliminating the need to install in-house hardware and software needed to develop or run a new application (known as Platform-as-a-Service or PaaS).
  (3) Provide virtualized computing resources, thereby eliminating the need to install and run hardware, software, servers, storage or other infrastructure in the user’s own facility (known as Infrastructure-as-a-Service or IaaS).
Knowing Where Your Data is Stored is Mission-Critical
Don’t let the term “cloud” fool you into thinking that the information is not in a specific location. It is, and it’s important to know the exact geographic location of the server where your data will be stored, including any back-up locations.
First, your legal obligations relating to the information can completely change according to the geographic location of where your information is stored. For example, if the cloud provider sends your organization’s personally identifiable information (PII) to a server in the European Union, you will be subject to the ultra-strict privacy rules of the General Data Protection Regulation (GDPR), set to take effect in May 2018.
Second, your information may not be as secure if the privacy and security laws in the server’s location are not as protective as in the United States. Servers in India, for example, are subject to India’s Information Technology Act , which allows the Indian government to intercept and demand decryption of information with serious fines and/or imprisonment for non-compliance.
Third, with some countries’ data localization laws, you may be required to store certain information within a specific country, and you may be prevented from exporting it out of that country. Russia’s localization law, for example, requires a multinational organization to host data concerning Russian citizens only on a server in Russia, which may mean creating a new data center in Russia.
Depending on the type of information you are sharing, you may also have to comply with U.S. export control regulations. This is an especially important contract consideration for information relating to items classified as “dual use,” or technology with encryption functionalities that are subject to Export Administration Regulations. Storage of such information outside the United States may lead to serious sanctions if required licenses are not obtained.
Finally, in the event of a data breach, U.S. and foreign law enforcement agencies have broad rights to obtain subpoenas to information stored in the cloud. However, rules surrounding a data breach vary from country to country and even state to state – some states, for example, exempt organizations from disclosing a data breach if the data is encrypted, and the encryption key was not exposed.
While cloud computing offers many benefits to organizations, it also introduces its own legal obligations and risks, many of which are tied closely to the geographic location of the stored data. As such, organizations must work proactively to understand the particular data privacy regulations applicable to their cloud computing arrangement. This due diligence will help organizations determine if they should engage with a cloud vendor or continue to store their data on-site.

* * * * * * * * * * * * * * * * * * * * 

16. M. Volkov: “Where O’ Where Did Our Monitors Go? – The Telia Bribery Case”

(Source: Volkov Law Group Blog. Reprinted by permission.)
* Author: Michael Volkov, Esq., Volkov Law Group, mvolkov@volkovlaw.com, 240-505-1992.
Just when everyone was anticipating the beginning of an uptick in FCPA enforcement in 2017, the Justice Department and the SEC delivered a resounding message to remind everyone that FCPA enforcement is here to stay. However, the Telia decision may be the first indication of some changes in DOJ’s FCPA enforcement policies. It is hard to say from just one major DOJ enforcement action but this is something to watch.
In a follow on prosecution relating to the telecommunications industry in Uzbekistan involving the same corrupt daughter of the then-President as the VimpelCom case, the Justice Department and the SEC announced a multi-country, multi-party resolution totaling $965 million in penalties, forfeiture and disgorgement which is to be shared among the United States, Dutch and Swedish prosecutors: (1) Telia Company agreed to a deferred prosecution agreement (DPA) with the US DOJ and the filing of a one-count information charging conspiracy to violate the FCPA, and the payment of a $548 million criminal fine and $40 million forfeiture by its subsidiary Coscom, Inc., subject to offsets: $274 million paid to the Dutch prosecutors office, as well as a future amount to be paid to Swedish prosecutors; (2) Coscom’s agreement to plead guilty to a one-count information charging Coscom with violation of the FCPA and payment of a $500,000 fine and a $40 million forfeiture; and (3)Telia’s settlement with the SEC requiring Telia to pay $457 million disgorgement.
Shortly after the DOJ and SEC announcement, Swedish prosecutors criminally charged the former CEO and two other executives with bribery.
Like the VimpelCom case, Telia committed a large bribery scheme at the direction and knowledge of Telia’s then CEO, the board and senior executives. In total, Telia paid approximately $331 million to Uzbekistan’s President’s daughter, a notorious corrupt official, who was the owner of various shell companies in Uzbekistan. Telia profited from its bribery payments in the amount of $457 million (the disgorged profits paid to the SEC).
The bribery schemes consisted of typical arrangements – the corrupt daughter took an ownership interest in Telia’s partner operating cellular telephone service in Uzbekistan with the right to sell back the ownership shares at a substantial profit; Telia purchased additional mobile frequencies 3G for an $80 million payment along with an ownership shares in Telia’s subsidiary with the right to sell back the ownership share; Telia paid $9.2 million for additional network codes and frequencies; a $220 million payment for the corrupt daughter’s ownership share in a related company; a $15 million payment to a third party to assume a debt owed by the corrupt daughter to a Swiss company.
In its scope and breadth, Telia’s corruption was high-profile, including a televised interview with the CEO in which he acknowledged his role in the bribery scheme, and egregious. Interestingly, the Justice Department did not impose a corporate monitorship, neither the 18-month hybrid nor a full 3-year term. In fact, Telia is not required to prepare and report back to the DOJ or SEC about the status of its compliance program and remediation efforts.
To remediate the violations, Telia replaced its board, its CEO, and implemented a comprehensive compliance program. However, as noted by DOJ, Telia did not voluntarily disclose the offense, and only earned a 25 percent discount from the bottom of the applicable sentencing guideline range.
In light of these facts, it is difficult to argue that Telia’s cooperation was so extraordinary that it was excused from a future compliance report or the appointment of a monitor. This result may reflect a change in DOJ’s and the SEC’s policy concerning compliance reporting and appointment of monitors. Alternatively, Telia’s result may reflect its valuable cooperation and remediation efforts with changes in senior management and enhancement of its compliance program.

* * * * * * * * * * * * * * * * * * * * 

17. R.C Thomsen II, A.D. Paytas, M.M. Shomali: “Changes to Export Controls in September 2017”

(Source: Editor) [Excerpts.]
* Authors: Roszel C. Thomsen II, Esq.,
; Antoinette D. Paytas, Esq.,
; and Maher M. Shomali, Esq.,
.  All of Thomsen & Burke LLP.
This memo summarizes the regulatory, legislative, and enforcement developments with respect to U.S. and multilateral export controls during the month of September 2017. … 
North Korea Sanctions Update
The President issued a new
Executive Order this month, Executive Order 13810 of September 20, 2017
, imposing additional sanctions with respect to North Korea. The Executive Order blocks the property or interest in property of any person determined by OFAC:
   (i) to operate in the construction, energy, financial services, fishing, information technology, manufacturing, medical, mining, textiles, or transportation industries in North Korea;
  (ii) to own, control, or operate any port in North Korea, including any seaport, airport, or land port of entry;
  (iii) to have engaged in at least one significant importation from or exportation to North Korea of any goods, services, or technology;
  (iv) to be a North Korean person, including a North Korean person that has engaged in commercial activity that generates revenue for the Government of North Korea or the Workers’ Party of Korea;
  (v) to have materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, any person whose property and interests in property are blocked pursuant to this order; or
  (vi) to be owned or controlled by, or to have acted or purported to act for or on behalf of, directly or indirectly, any person whose property and interests in property are blocked pursuant to this order.
In response to the Executive Order, OFAC published
new and updated FAQs
along with a
new General License 10
and an updated
General License 3-A
The Executive Order should not have an impact on current exports to North Korea, since the country has been under a general embargo. This is noted in the OFAC FAQ:
459. What impact does the prohibition on the exportation or reexportation of goods, services, or technology under Executive Order (E.O.) 13722 have on the regulations of the Department of Commerce’s Bureau of Industry and Security (BIS)?
None. E.O. 13722 prohibits the exportation or reexportation, from the United States, or by a United States person, of any goods, services, or technology to North Korea. BIS maintains authority to license exports and reexports of goods and technology subject to the Export Administration Regulations to persons who are not Specially Designated National (SDNs) and involving the Government of North Korea and the Workers’ Party of Korea. In most instances, to export to designated individuals and entities, U.S. persons must obtain a license from both OFAC and BIS. Regulated financial entities processing a transaction in accordance with a BIS license may want to request a copy of the license to ensure the transaction meets the terms, conditions, and criteria of the BIS license.
According to OFAC, however, the new Executive Order changes the current sanctions program in the following way:
E.O. 13722 provides the Secretary of the Treasury, in consultation with the Secretary of State, additional tools to disrupt North Korea’s ability to fund its weapons of mass destruction (WMD) and ballistic missile programs. Specifically, the Executive order:
  (1) establishes several new designation criteria;
  (2) prohibits vessels and aircraft that have called or landed at a port or place in North Korea in the previous 180 days, and vessels that engaged in a ship-to-ship transfer with such a vessel in the previous 180 days, from entering the United States;
  (3) provides authority to block any funds transiting accounts linked to North Korea that come within the United States or possession of a United States person; and
  (4) provides authority to impose sanctions on a foreign financial institution that knowingly conducted or facilitated, on or after the date of the order (i) any significant transaction on behalf of certain blocked persons or (ii) any significant transaction in connection with trade with North Korea. The sanctions applicable to foreign financial institutions can be restrictions on correspondent or payable-through accounts or full blocking sanctions.
It does not, however, restrict NGOs from providing humanitarian assistance to the people of North Korea and other activities that have generally been approved through a BIS license.
Fuyi Sun, aka “Frank,” 53, a citizen of the People’s Republic of China (China), was sentenced this month to three years in prison for violating the International Emergency Economic Powers Act (IEEPA) in connection with a scheme to illegally export to China, without a license, high-grade carbon fiber, which is used primarily in aerospace and military applications. Sun pleaded guilty on April 21.
Since approximately 2011, Sun has attempted to acquire extremely high-grade carbon fiber, including Toray type M60JB-3000-50B carbon fiber (M60 Carbon Fiber). M60 Carbon Fiber has applications in aerospace technologies, unmanned aerial vehicles (commonly known as drones) and other government defense applications. Accordingly, M60 Carbon Fiber is strictly controlled for nuclear non-proliferation and anti-terrorism reasons. As part of these restrictions, the export of M60 Carbon Fiber to China without a license is prohibited.
In furtherance of his attempts to illegally export M60 Carbon Fiber from the U.S. to China without a license, Sun contacted what he believed was a distributor of carbon fiber – but which was, in fact, an undercover entity created by the Department of Homeland Security, Homeland Security Investigations (HSI) and “staffed” by HSI undercover special agents (the UC Company). Sun inquired about purchasing the M60 Carbon Fiber without the required license. In the course of his years-long communications with the undercover agents and UC Company, Sun suggested various security measures that he believed would protect them from “U.S. intelligence.” Among other such measures, at one point, Sun instructed the undercover agents to use the term “banana” instead of “carbon fiber” in their communications. Consequently, soon thereafter he inquired about purchasing 450 kilograms of “banana” for more than $62,000. In order to avoid detection, Sun also suggested removing the identifying barcodes for the M60 Carbon Fiber, prior to transshipment, and further suggested that they identify the M60 Carbon Fiber as “acrylic fiber” in customs documents.
On April 11, 2016, Sun traveled from China to New York for the purpose of purchasing M60 Carbon Fiber from the UC Company. During meetings with the undercover agents on April 11 and 12, among other things, Sun repeatedly suggested that the Chinese military was the ultimate end-user for the M60 Carbon Fiber he sought to acquire from the UC Company, and claimed to have personally worked in the Chinese missile program. Sun further asserted that he maintained a close relationship with the Chinese military, had a sophisticated understanding of the Chinese military’s need for carbon fiber, and suggested that he would be supplying the M60 Carbon Fiber to the Chinese military or to institutions closely associated with it.
On April 12, 2016, Sun agreed to purchase two cases of M60 Carbon Fiber from the UC Company. On that date, Sun paid the undercover agents purporting to represent the UC Company $23,000 in cash for the carbon fiber, as well as an additional $2,000 as compensation for the risk he believed the UC Company was taking to illegally export the carbon fiber to China without a license. Sun was arrested the next day.
Erdal Kuyumcu, the chief executive officer of Global Metallurgy, LLC, based in Woodside, New York, was sentenced to 57 months in prison following his June 14, 2016 guilty plea to conspiracy to violate the International Emergency Economic Powers Act by exporting specialty metals from the United States to Iran. According to court documents, Kuyumcu, a U.S. citizen, conspired to export from the United States to Iran a metallic powder primarily composed of cobalt and nickel, without having obtained the required license from the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC). As established during a two-day presentencing evidentiary hearing, the metallic powder has potential military and nuclear applications. Such specialized metals are regulated by the U.S. Department of Commerce to combat nuclear proliferation and terrorism, and exporting them without the required license is illegal.
In furtherance of the illegal scheme, Kuyumcu and others plotted to obtain more than 1,000 pounds of the metallic powder from a U.S.-based supplier. To hide the true destination of the goods from the supplier, Kuyumcu arranged for the metallic powder to be shipped first to Turkey and then to Iran. Kuyumcu used coded language when discussing shipment of the powder with a Turkey-based co-conspirator, such as referring to Iran as the “neighbor.” Shortly after one of the shipments was sent from Turkey to Iran, a steel company in Iran sent a letter-sized package to Kuyumcu’s Turkey-based co-conspirator. The Iranian steel company had the same address as an OFAC-designated Iranian entity under the Weapons of Mass Destruction proliferators sanctions program that was associated with Iran’s nuclear and ballistic missile programs.
Beginning no later than in or around May 2009, and continuing through in or around January 2012, Hydel/Sharma conspired and acted in concert with others, known and unknown, to violate the Regulations and to bring about an act or acts that constitutes a violation of the Regulations. The purpose of the conspiracy was to evade the long-standing and well-known U.S. embargo against Iran in order to sell and export U.S.-origin waterway barrier debris systems and related components to Iran via transshipment through third countries, including to Mahab Ghodss, an Iranian Government entity, without the required U.S. Government authorization.
The conspiracy led to the attempted export of a waterway barrier debris system, an item subject to the Regulations, designated EAR99,3 and valued at $420,256, from the United States to Mahab Ghodss in Iran, via transshipment through the United Arab Emirates (“UAE”). This item also was subject to the Iranian Transactions Regulations (“ITR”), administered by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”). … 

* * * * * * * * * * * * * * * * * * * * 


MS_a218. Monday List of Ex/Im Job Openings; 101 Jobs Posted This Week

(Source: Editor)  
Published every Monday or first business day of the week. Please send openings in the following format to jobs@fullcirclecompliance.eu.
” New or amended listing this week (
new jobs)
Aerojet Rocketdyne; Huntsville, AL, or Camden, AR; 
Senior International Trade and Compliance Analyst
; Requisition ID: 12620

Aerovironment; Simi Valley, CA; Trade Compliance Administrator

Aerovironment; Simi Valley, CA; Trade Compliance Manager
* Airbus; Barajas, Spain;
Export Control Officer
* Airbus; Sevilla, Spain;
Export Control Officer
* Airbus; Getafe, Spain;
Export Control Officer

* Amazon; Seattle WA; NA Compliance Analyst; Requisition ID: 256357 

* American Science & Engineering; Billerica, MA OR Andover, MA; 

Senior Trade Compliance Specialist; Requisition ID 12285

* American Showa, Inc.; Columbus, OH (Rickenbacker); 
Import/Export Clerk
; Please contact 
Mattie Robinson
 for details.

* Amscan; Elmsford, NY;
Customs Compliance Mananger; or apply

* Ansell; Iselin NJ;
Senior Specialist NA Trade Compliance; Requisition ID: IRC6513

* Autodesk; San Rafael CA; 
Export Compliance Manager
; Requisition ID: 17WD24183

BAE Systems; California, MD; Subcontracts Manager; Requisition ID 28240BR

BAE Systems; Nasua, NH; Contracts Summer Internship Program; Requisition ID: 30621BR

BAE Systems; Wayne, NJ; Contracts Summer Internship Program; Requisition ID: 30622BR

BAE Systems; Arlington, VA; Import Export Analyst II; Requisition ID: 29824BR

BAE Systems; Nashua, NH: Import Export Analyst II; Requisition ID: 26285BR

* Baylor University; Waco, TX;
Manager/Director of Export Compliance; Vacancy ID S030428

* Carpenter Technology Corporation; Reading, PA;
Senior Specialist, International Trade Compliance
* Columbia Helicopters; Aurora, Oregon;
Trade Compliance Specialist; 17-0080

* Elbit Systems of America; NH, TX, AL;
Licenses and Agreement Officer; 2017-5671

 Esterline Technologies Corporation;
Bellevue, WA;
Manager, Trade Compliance Investigations and Disclosures

* Expeditors; Sunnyvale CA;
Customs Compliance Specialist
* Export Solutions Inc.; Melbourne FL; Trade Compliance Specialist;
Wilsonville, OR; Billerica, MA
Director, Global Customs Compliance
Wilsonville, OR/Billerica, MA; 
Senior Director, Dual-Use Licensing
* FLIR; Multiple Locations;
Senior Director, Global Regulatory Affairs
* FLIR; Meer, Belgium;
Global Trade Compliance Administrator
* FLIR; Arlington, VA;
Manager of Defense Trade Licensing
* FLIR; Billerica, MA;
International Export/Import Analyst

* Fluke; Everett, WA; 
Trade Compliance Manager
; Requisition ID: FLU005544

General Atomics Aeronautical Systems, Inc.; San Diego, CA; Government Regulatory Compliance Specialist; Requisition ID: 13055BR

General Atomics Aeronautical Systems, Inc.; San Diego, CA; International Contracts Manager; Requistion ID: 13583BR

General Atomics; San Diego, CA; Sr. Director of Import/Export Compliance; Job ID: 13892BR

General Atomics; San Diego, CA; Contracts Compliance Specialist; Requistion ID: 12839BR

General Atomics; San Diego, CA; International (Import/Export) Trade Compliance Administrator; Requisition ID: 12690BR

General Dynamics Land Systems; Sterling Heights, MI; Compliance Officer
; Requisition ID: 

General Dynamics; Falls Church, VA;
 Manager, Trade Licensing and Compliance
General Dynamics Information Technology; Herndon, VA;
Subcontracts Administrator
; Requisition ID:

* George Washington University; Washington DC; 
Research Compliance Officer, Export Control
; Requisition ID: PI97906765

Harris Corporation; Clifton, New Jersey;
Trade Compliance Analyst
; Requisition ID: ES20171608-20394

* Harris Corporation; Melbourne, FL;
IT Compliance Analyst; Requisition ID: 


* Harris Corporation; Rochester, NY;
Technical Export Compliance Specialist; Job ID: 

* Henderson Group Unlimited, Inc.; Alexandria, VA;
Defense Controls Analyst – Office of Defense Trade Controls Licensing

* Indiana Mills & Manufacturing, Inc.; Westfield, IN;
International Trade Compliance Manager

Jet Propulsion Laboratory; Pasadena, CA;
Export Compliance Advisor III

* Johnson and Johnson; Skillman, NJ;
Export Trade Compliance Lead

* Lennox International; Richardson, TX; 
Manager, Trade Compliance; Requisition ID: 2017-11661

* Lockheed Martin; Fort Worth, TX;
International Trade Compliance Export Advisor; Requisition ID: 402827BR

* Lockheed Martin; Grand Prarie, TX; 
International Trade Compliance Senior Manager; Requisition ID: 405533BR
 Lockheed Martin; Littleton, CO; 
Senior International Licensing Analyst
; Requisition ID: 403051BR
* Lockheed Martin; Littleton, CO;
Senior International Licensing Analyst (Staff); Requisition ID: 403051BR
* Lockheed Martin; Fort Worth, TX;
Aeronautics International Trade Compliance Senior Manager; Requisition ID: 407329BR

* Lutron; Coopersburg, PA;
Trade Manager-Export
; Requisition ID: 2926
* Medtronic; Heerlen, The Netherlands;
Trade Compliance Analyst
; Requisition ID: 16000DYY

Medtronic; Minneapolis, MN; Global Trade Supply Chain Director; Requisition ID: 17000FU4
Medtronic; Minneapolis, MN; Global Trade Compliance Director; Requisition ID: 17000FC1

* Medtronic; Wash DC; Global Trade Lawyer
; Requisition ID: 170002ON

* Meggitt PLC; Simi Valley, CA;
Trade Compliance Officer
* National Institute of Standards and Technology (NIST); Gaithersburg, MD;
Operations Research Analyst; Vacancy Numbe
r: NISTLP-2017-0003

NetApp; Singapore; Trade Compliance Mananger – APAC; Requisition ID 43338BR

* Nissan/Kelly Services; Franklin, TN;
CONTRACT Position – Contract Customs Compliance Analyst;
frankie.bryson@nissan-usa.com; Requisition ID: 55224BR

* North Dakota State University; Fargo, ND;
Director for Research Integrity Compliance; Requisition ID: 1700372

* Northrop Grumman Sperry Marine; New Malden, UK;
Trade Compliance Coordinator
* Northrop Grumman; Herndon, VA;
Manager, International Trade Compliance 2; Requisition ID: 17017794
* Northrop Grumman; Herndon, VA;
Manager, International Trade Compliance 2; Requisition ID: 17014690
* Northrop Grumman; Rolling Meadows, IL;
International Trade Compliance Analyst 3; Requisition: 17015695
* Ohio State University; Columbus, OH;
Compliance Officer
OSI Optoelectronics; Hawthorne, CA; Manager, Global Trade Compliance; Requisition ID: 12235; or contact Kim Butcher, Senior Talent Acquisition Partner;
Raytheon; El Segundo, CA;
Global Trade Manager; Requisition ID: 
* Raytheon; El Segundo, CA;
Global Trade Authorization Owner; Requisition ID: 100859BR
* Raytheon; El Segundo, CA;
Principal Global Trade Licensing; Requisition ID: 102832BR

Raytheon; El Segundo, CA; 
Sr. Regulatory Compliance Analyst; Requisition ID: 101593BR

* Raytheon; Tucson, AZ;
Export Compliance – Agreements Authorization Owner; Requisition ID: 99909BR

* Raytheon; McKinney, TX;
Principal Global Trade Licensing; Requisition ID: 101234 BR

* SABIC; Houston, TX;
Senior Analyst, Import Compliance;
Danielle.Cannata@sabic.com, Requisition ID: 8241BR

* The Safariland Group; Jacksonville, FL; 
Import/Export Director
; Requisition ID: 2017-1855

* Silvus Technologies, Inc.; Los Angeles, CA;
Contract Manager

* Tesla Motors; Fremont, CA; 
Global Supply Manager – International Logistics
; Requisition ID: 49362

* Ultra Electronics; Loudwater, United Kingdom;
International Trade Manager

# United Technologies Corporation, UTC Aerospace Systems; Everett WA; 
International Trade Compliance (ITC) Specialist
 Requisition ID: 52787BR

# United Technologies Corporation, UTC Aerospace Systems; Troy OH; 
Director, International Trade Compliance
 Requisition ID: 53693BR
# United Technologies Corporation, UTC Aerospace Systems; Chula Vista CA; 
Supply Chain International Trade and Compliance Focal
 Requisition ID: 53794BR

# United Technologies Corporation, UTC Aerospace Systems; Pheonix AZ;
Senior Manager, International Trade Compliance
 Requisition ID: 48093BR

# United Technologies Corporation, UTC Aerospace Systems; Westford MA;
Senior International Trade Compliance Analyst
; Requisition ID: 54366BR
# United Technologies Corporation, UTC Aerospace Systems; Chula Vista CA; 
ITC Specialist
; Requisition ID: 51240BR
# United Technologies Corporation, UTC Aerospace Systems; Chula Vista CA; 
ITC Specialist
; Requisition ID: 51710BR
# United Technologies Corporation, UTC Aerospace Systems; Chula Vista CA; 
ITC Program Senior Manager
; Requisition ID: 52640BR
# United Technologies Corporation, UTC Aerospace Systems; Chula Vista CA; 
ITC Operational Excellence Manager
; Requisition ID: 49904BR
# United Technologies Corporation, UTC Aerospace Systems; Charlotte NC; 
Specialist, ITC IT Systems
; Requisition ID: 33792BR
# United Technologies Corporation, UTC Aerospace Systems; Charlotte NC; 
Authorization Manager, ITC
Requisition ID: 53243BR
# United Technologies Corporation, UTC Aerospace Systems; Fairfield CA; 
Senior Engineer, International Trade Compliance;
Requisition ID: 48780BR

# United Technologies Corporation, UTC Aerospace Systems; Westford MA;
Senior Analyst, ITC
; Requisition ID: 51450BR
* Vigilant; Remote Opportunity; 
Classification Specialist

Vigilant; Bhudapest, Hungary; Jr. Compliance Specialist;

* Vigilant; Negotiable Location, USA; Global Trade Compliance Analyst;
* Vista Outdoor; Overland Park, KS;
Import Specialist; Requisition ID: 
R0002750 or contact holly.greenwood@vistaoutdoor.com
* Wurth Logistics; Indianapolis, IN;
Customs Brokerage Manager; Requisition ID: 1248

# Wurth Industry of North America; Sanford, FL; 
International Trade Compliance Specialist; Requisition ID: 473-720

* * * * * * * * * * * * * * * * * * * *


* Vladimir Horowitz (Vladimir Samoylovich Horowitz; 1 Oct 1903 – 5 Nov 1989; was a Russian-born American classical pianist and composer. He was acclaimed for his virtuoso technique, his tone color, and the excitement engendered by his playing. He is recognized as one of the greatest pianists of all time.)
  – “Always there should be a little mistake here and there – I am for it. The people who don’t do mistakes are cold like ice. It takes risk to make a mistake. If you don’t take risk, you are boring.”
* Groucho Marx (Julius Henry Marx; 2 Oct 1890 – 19 Aug 1977; was an American writer, comedian, stage, film, radio, and television star. He was known as a master of quick wit, and is widely considered one of the best comedians of his era.  He made 13 feature films with his siblings, Harpo Marx, Chico Marx, and Zeppo Marx, of whom he was the third-born. He also had a successful solo career, most notably as the host of the radio and television game show You Bet Your Life.
  – “The secret of life is honesty and fair dealing. If you can fake that, you’ve got it made.”
* Mahatma Gandhi (Mohandas Karamchand Gandhi; 2 Oct 1869 – 20 Jan 1948), Indian lawyer, politician, social activist, and writer who became the leader of the nationalist movement against the British rule of India. Gandhi is internationally esteemed for his doctrine of nonviolent protest to achieve political and social progress.)
  – “The weak can never forgive. Forgiveness is the attribute of the strong.”
Monday is Pun Day:
A man and a woman were walking along a beach. The man noticed many shorebirds flying in pairs. “Why do they fly together like that?” he asked the woman. She looked at him thoughtfully and replied, “Well, you know what they say: One good tern deserves another.”
  – Ashleigh Boice, Jacksonville, FL

* * * * * * * * * * * * * * * * * * * *

. Are Your Copies of Regulations Up to Date?
(Source: Editor)

The official versions of the following regulations are published annually in the U.S. Code of Federal Regulations (C.F.R.), but are updated as amended in the Federal Register.  Changes to applicable regulations are listed below.
: 27 CFR Part 447-Importation of Arms, Ammunition, and Implements of War
  – Last Amendment: 15 Jan 2016: 81 FR 2657-2723: Machineguns, Destructive Devices and Certain Other Firearms; Background Checks for Responsible Persons of a Trust or Legal Entity With Respect To Making or Transferring a Firearm. 
: 19 CFR, Ch. 1, Pts. 0-199
  – Last Amendment: 28 Sep 2017: 82 FR 45366-45408: Changes to the In-Bond Process [Effective Date: 27 Nov 2017.]

  – Last Amendment: 18 May 2016: Change 2
: Implement an insider threat program; reporting requirements for Cleared Defense Contractors; alignment with Federal standards for classified information systems; incorporated and cancelled Supp. 1 to the NISPOM (Summary 

: 15 CFR Subtit. B, Ch. VII, Pts. 730-774

– Last Amendment: 25 Sep 2017: 82 FR 44514-44517: Removal of Certain Entities from the Entity List; and Revisions of Entries on the Entity List

: 31 CFR, Parts 500-599, Embargoes, Sanctions, Executive Orders
  – Last Amendment: 16 Jun 2017: 82 FR 27613-27614: Removal of Burmese Sanctions Regulations 
: 15 CFR Part 30
  – Last Amendment:
20 Sep 2017:
82 FR 43842-43844
: Foreign Trade Regulations (FTR): Clarification on Filing Requirements; Correction
  – HTS codes that are not valid for AES are available
  – The latest edition (20 Sep 2017) of Bartlett’s Annotated FTR (“BAFTR”), by James E. Bartlett III, is available for downloading in Word format. The BAFTR contains all FTR amendments, FTR Letters and Notices, a large Index, and footnotes containing case annotations, practice tips, Census/AES guidance, and to many errors contained in the official text. Subscribers receive revised copies every time the FTR is amended. The BAFTR is available by annual subscription from the Full Circle Compliance website.  BITAR subscribers are entitled to a 25% discount on subscriptions to the BAFTR.
, 1 Jan 2017: 19 USC 1202 Annex. (“HTS” and “HTSA” are often seen as abbreviations for the Harmonized Tariff Schedule of the United States Annotated, shortened versions of “HTSUSA”.)
  – Last Amendment: 25 Jul 2017: Harmonized System Update 1706, containing 834 ABI records and 157 harmonized tariff records.
  – HTS codes for AES are available
  – HTS codes that are not valid for AES are available
  – Last Amendment: 30 Aug 2017: 82 FR 41172-41173: Temporary Modification of Category XI of the United States Munitions List
  – The only available fully updated copy (latest edition: 12 Sep 2017) of the ITAR with all amendments is contained in Bartlett’s Annotated 

, by James E. Bartlett III. The BITAR contains all ITAR amendments to date, plus a large Index, over 800 footnotes containing amendment histories, case annotations, practice tips, DDTC guidance, and explanations of errors in the official ITAR text. Subscribers receive updated copies of the BITAR in Word by email, usually revised within 24 hours after every ITAR amendment.
 The BITAR is available by annual subscription from the Full Circle Compliance
. BAFTR subscribers receive a 25% discount on subscriptions to the BITAR, please
contact us
to receive your discount code.

* * * * * * * * * * * * * * * * * * * *

Weekly Highlights of the Daily Bugle Top Stories

(Source: Editor) 

Review last week’s top Ex/Im stories in “Weekly Highlights of the Daily Bugle Top Stories” published 

* * * * * * * * * * * * * * * * * * * *


* The Ex/Im Daily Update is a publication of FCC Advisory B.V., compiled by: Editor, James E. Bartlett III; Assistant Editors, Alexander P. Bosch and Vincent J.A. Goossen; and Events & Jobs Editor, John Bartlett. The Ex/Im Daily Update is emailed every business day to approximately 8,000 readers of changes to defense and high-tech trade laws and regulations. We check the following sources daily: Federal Register, Congressional Record, Commerce/AES, Commerce/BIS, DHS/CBP, DOJ/ATF, DoD/DSS, DoD/DTSA, State/DDTC, Treasury/OFAC, White House, and similar websites of Australia, Canada, U.K., and other countries and international organizations.  Due to space limitations, we do not post Arms Sales notifications, Denied Party listings, or Customs AD/CVD items.

* RIGHTS & RESTRICTIONS: This email contains no proprietary, classified, or export-controlled information. All items are obtained from public sources or are published with permission of private contributors, and may be freely circulated without further permission. Any further use of contributors’ material, however, must comply with applicable copyright laws.

* CAVEAT: The contents of this newsletter cannot be relied upon as legal or expert advice.  Consult your own legal counsel or compliance specialists before taking actions based upon news items or opinions from this or other unofficial sources.  If any U.S. federal tax issue is discussed in this communication, it was not intended or written by the author or sender for tax or legal advice, and cannot be used for the purpose of avoiding penalties under the Internal Revenue Code or promoting, marketing, or recommending to another party any transaction or tax-related matter.

* SUBSCRIPTIONS: Subscriptions are free.  Subscribe by completing the request form on the Full Circle Compliance website.

* TO UNSUBSCRIBE: Use the Safe Unsubscribe link below.

Scroll to Top