Every Monday we post the highlights out of last week’s FCC Export/Import Daily Update (“The Daily Bugle”). Send out every business day to approximately 9,500 readers of changes to defense and high-tech trade laws and regulations, The Daily Bugle is a free daily newsletter from Full Circle Compliance, edited by James E. Bartlett III and Elina Tsapouri.
We check the following sources daily: Federal Register, Congressional Record, Commerce/AES, Commerce/BIS, DHS/CBP, DOE/NRC, DOJ/ATF, DoD/DSS, DoD/DTSA, FAR/DFARS, State/DDTC, Treasury/OFAC, White House, and similar websites of Australia, Canada, U.K., and other countries and international organizations. Due to space limitations, we do not post Arms Sales notifications, Denied Party listings, or Customs AD/CVD items. To subscribe, click here.
Last week’s highlights of The Daily Bugle included in this edition are:
- State Dept: “Notice of Department of State Sanctions Actions Reimposing Certain Sanctions With Respect to Iran”; Monday, 26 Apr 2021; Item #2
- State/ PM & DDTC: “Notifications to the Congress of Proposed Commercial Export Licenses”; Monday, 26 Apr 2021; Item #3
- UK OFSI Updates Guidance; Tuesday, 27 Apr 2021; Item #6
- Treasury/OFAC: “Somalia Sanctions Regulations”; Wednesday, 28 Apr 2021; Item #4
- Justice: “SAP Admits to Thousands of Illegal Exports of Its Software Products to Iran and Enters Into Non-Prosecution Agreement with DOJ”; Friday, 30 Apr 2021; Item #5
State Dept: “Notice of Department of State Sanctions Actions Reimposing Certain Sanctions With Respect to Iran”
(Source: Federal Register, 26 Apr 2021) [Excerpts]
86 FR 22090: Notice
* SUMMARY:On January 23, 2020, Secretary of State Michael R. Pompeo imposed sanctions on three entities and two individuals pursuant to E.O. 13846, Reimposing Certain Sanctions With Respect to Iran.
* DATES:The Secretary of State’s determination and selection of certain sanctions to be imposed upon the three entities and two individuals identified in the SUPPLEMENTARY INFORMATION section were effective as of January 23, 2020.
State/ PM & DDTC: “Notifications to the Congress of Proposed Commercial Export Licenses”
(Source: Federal Register, 26 Apr 2021) [Excerpts]
86 FR 22085: Notice
* AGENCY: Department of State.
* ACTION: Notice.
* SUMMARY: The Directorate of Defense Trade Controls and the Department of State give notice that the attached Notifications of Proposed Commercial Export Licenses were submitted to the Congress on the dates indicated.
* DATES: As shown on each of the 29 letters.
UK OFSI Updates Guidance
(Source: UK OFSI, 27 Apr 2021)
The UK Office of Financial Sanctions Implementation (OFSI) has published the following update on its website:
Who is subject to financial sanctions in the UK? A guide to the current consolidated list of asset freeze targets, and a list of persons named in relation to financial and investment restrictions under the Russia regulations.
Treasury/OFAC: “Somalia Sanctions Regulations”
(Source: Federal Register, 28 Apr 2021) [Excerpts]
86 FR 22346: Final Rule
* AGENCY: Office of Foreign Assets Control, Treasury.
* ACTION: Final rule.
* SUMMARY: The Department of the Treasury’s Office of Foreign Assets Control (OFAC) is amending the Somalia Sanctions Regulations and reissuing them in their entirety to further implement an April 12, 2010 Somalia-related Executive order, and to implement a July 20, 2012 Somalia-related Executive order. This final rule replaces the regulations that were published in abbreviated form on May 5, 2010 and includes additional interpretive and definitional guidance, general licenses, statements of licensing policy, and other regulatory provisions that will provide further guidance to the public. Due to the number of regulatory sections being updated or added, OFAC is reissuing the Somalia Sanctions Regulations in their entirety.
* DATES: This rule is effective April 28, 2021.
Justice: “SAP Admits to Thousands of Illegal Exports of Its Software Products to Iran and Enters Into Non-Prosecution Agreement with DOJ”
(Source: US Attorney’s Office, 29 Apr 2021) [Excerpts]
BOSTON – SAP SE, a global software company headquartered in Waldorf, Germany, has agreed to pay combined penalties of more than $8 million as part of a global resolution with the Departments of Justice, Commerce, and the Treasury.
In voluntary disclosures the Company made to the three agencies, SAP acknowledged violations of the Export Administration Regulations and the Iranian Transactions and Sanctions Regulations. As a result of its voluntary disclosure to DOJ, extensive cooperation, and remediation costing more than $27 million, United States Attorney’s Office for the District of Massachusetts and DOJ’s National Security Division entered into a Non-Prosecution Agreement with SAP. Pursuant to that agreement, SAP will disgorge $5.14 million of ill-gotten gain.
Beginning in approximately January 2010 and continuing through approximately September 2017, SAP, without a license, willfully exported, or caused the export, of its products to Iranian users. SAP’s violations occurred in two principal ways.
First, between 2010 and 2017, SAP and its overseas partners released its U.S-origin software, including upgrades, and/or software patches more than 20,000 times to users located in Iran. SAP senior management was aware that neither the Company nor its U.S.-based Content Delivery Provider used geolocation filters to identify and block Iranian downloads, yet for years the Company did nothing to remedy the issue. The vast majority of the Iranian downloads went to 14 companies, which SAP Partners in Turkey, United Arab Emirates, Germany, and Malaysia knew were Iranian-controlled front companies. The remaining downloads went to several multinational companies with operations in Iran, which downloaded SAP’s software, updates, and/or patches from locations in Iran.
Second, from approximately 2011 to 2017, SAP’s Cloud Business Group companies (CBGs) permitted approximately 2,360 Iranian users to access U.S.-based cloud services from Iran. Beginning in 2011, SAP acquired various CBGs and became aware, through pre-acquisition due diligence as well as post-acquisition export control-specific audits, that these companies lacked adequate export control and sanctions compliance processes. Yet, SAP made the decision to allow these companies to continue to operate as standalone entities after acquiring them and failed to fully integrate them into SAP’s more robust export controls and sanctions compliance program.
While this conduct constituted serious violations of U.S. law involving the release of U.S. origin technology and software through cloud servers and online portals, this Non-Prosecution Agreement recognizes the importance of voluntary self-disclosure and cooperation with the government. DOJ and the District of Massachusetts reached this resolution with SAP based upon its voluntary self-disclosure as well as SAP’s extensive internal investigation and cooperation over a three-year period. During this time, SAP worked with prosecutors and investigators, producing thousands of translated documents, answering inquiries, and making foreign-based employees available for interviews in a mutually agreed upon overseas location. AP also timely remediated and implemented significant changes to its export compliance and sanctions program, spending more than $27 million on such changes, including, among other things detailed in the NPA: (1) implementing GeoIP blocking; (2) deactivating thousands of individuals users of SAP cloud based services based in Iran; (3) transitioning to automated sanctioned party screening of its CBGs; (4) auditing and suspending SAP partners that sold to Iran-affiliated customers; and (5) conducting more robust due diligence at the acquisition stage by requiring new acquisitions to adopt GeoIP blocking and requiring involvement of the Export Control Team before acquisition.
Concurrently with this agreement, SAP is entering into Administrative Agreements with the Department of Commerce, Bureau of Industry and Security (“BIS”) and the Department of the Treasury, Office of Foreign Assets Control (“OFAC”). Among other things, the BIS settlement agreement requires SAP to conduct internal audits of its compliance with U.S. export control laws and regulations, and produce audit reports to BIS for a period of three years. . . . .
“Today’s first-ever resolution pursuant to the Department’s Export Control and Sanctions Enforcement Policy for Business Organizations sends a strong message that businesses must abide by export control and sanctions laws, but that when they violate those laws, there is a clear benefit to coming to the Department before they get caught,” said Assistant Attorney General John C. Demers for the National Security Division. “SAP will suffer the penalties for its violations of the Iran sanctions, but these would have been far worse had they not disclosed, cooperated, and remediated. We hope that other businesses, software or otherwise, we heed this lesson.” . . . .