On October 17, BIS issued a press release announcing that exporters may request a six-month extension for any licenses due to expire on or before December 31, 2020.

The press release states, “BIS will streamline the extension of the validity process by creating a central electronic mailbox for submission of requests: LicenseExtensionRequest@bis.doc.gov.” The original license will be reviewed and, in most cases, the validity period extended via the electronic system. Depending on the number of requests received, BIS estimates the majority of extension requests will be processed and approved within two to three business days.

Acting Under Secretary for Industry and Security, Cordell Hull said, “The streamlined process will help ensure that exporters with licenses due to expire on or before the end of 2020, who may not have been able to ship orders due to resource constraints during the pandemic, have the opportunity to benefit fully from the authorizations granted on their licenses.”

In ruling NY N315004 (October 13, 2020), Customs and Border Protection (CBP) discussed the classification of hard seltzer, identified as “White Claw Hard Seltzer.” The subject merchandise is provided in five different flavors (Lime, Raspberry, Ruby Grapefruit, Black Cherry and Mango) with the brand name “White Claw Hard Seltzer.” The products are composed of Beer Base (15%-17%), Natural Flavors (2%-3%), Water (81%-82%) and trace amounts of Juice Concentrate, Cane Sugar, Citric Acid and Sodium Citrate. The beer base is composed of Sugar (51%), Yeast & Nutrients (less than 4%), Water and trace amounts of Malted Gluten-Free Grains. The hard seltzer has an alcohol by volume content of 5 percent. Each flavor of the bulk finished product is packaged in 12-ounce, approximately 0.35 L, and 19.2-ounce, approximately 0.57 L, aluminum beverage cans.

The applicable subheading for the Hard Seltzer will be 2203.00.0060, Harmonized Tariff Schedule of the United States (HTSUS), which provides for Beer made from malt: In containers each holding not over 4 liters:: Other The duty rate will be Free.

Date: Thursday, October 15, 2020

Time: 9:00 AM Eastern Daylight Time

Duration: 1 hour

The second webinar in our Election 2020 series will focus on the candidates’ positions on International Trade issues and how the election results might impact businesses in 2021 and beyond. In this roundtable webinar, a team of lawyers and consultants from both Crowell & Moring and its international policy and regulatory affairs affiliate, C&M International, will discuss the two candidates’ trade priorities for the coming years, including:

  • How China’s growth and trade practices animate U.S. action and campaigns and whether the election will shift U.S.-China dynamics from the White House and Congress;
  • How companies are restructuring their organizations and supply chains to expand market share in China but not lose their competitive positions in lucrative markets like North America and Europe;
  • The new Section 301 investigation targeting Vietnam and what it means for companies diversifying away from China;
  • Evolving and divergent approaches to data governance, the Internet, and tech policy;
  • The impact of expanded national security trade protections; and
  • Multilateralism and trade agreements.

Speakers: Caroline E. Brown, Evan Y. Chuck, Ambassador Robert Holleyman, Clark Jennings, and Shelley Su

On September 14, 2020, China’s highest court, the Supreme People’s Court of the People’s Republic of China, released the “Opinions on Increasing Enforcement Against Intellectual Property Infringement According to Law” (关于依法加大知识产权侵权行为惩治力度的意见) (“Opinions”).

The Opinions cover four main areas: (1) Evidence Preservation, (2) Injunctions, (3) Monetary Relief, and (4) Criminal Enforcement

  • Evidence Preservation
    • Articles 1-4 cover evidence preservation.  Evidence preservation is a measure taken by Chinese courts to investigate, collect, and preserve evidence when it may be destroyed or difficult to collect in the future.  Article 2 directs courts to promptly review and decide an application for an injunction and an application for evidence preservation when a party applies for both.  Article 4 allows courts to make inferences in favor of an intellectual property rights holder when the alleged infringer damages or transfers evidence subject to an evidence preservation order.
  • Injunctions
    • Articles 5-6 cover injunctions.  Article 5 reaffirms the primacy of injunctions in Chinese intellectual property litigation and states courts should grant an injunction first when facts supporting infringement are clear and infringement has been established.
  • Increasing Monetary Relief
    • Articles 7-13 cover increasing monetary relief for intellectual property infringement. Notably, Article 10 permits punitive damages in the event of severe and intentional infringement to deter intentional infringement.  In terms of statutory damages, Article 11 permits courts to award statutory damages up to a maximum limit in situations where the infringement has caused a right holder severe damages or an infringer has obtained a substantial amount of profits through infringement and evaluates factors in assessing damages including whether the infringement was intentional; whether defendant has repeatedly infringed; duration of infringement; whether infringement involves a large area; and whether infringement endangers personal safety, exploits natural resources, or damages public interests.
  • Increasing Criminal Enforcement
    • Articles 15-16 cover increasing criminal enforcement of intellectual property rights and states courts should impose severe penalties for counterfeiting disaster relief items and epidemic prevention supplies. Notably, the Opinions removed a foreigner-targeted clause from the draft opinions, which would have imposed severe penalties for infringement of trade secrets by overseas institutions, organizations, and personnel.

As China becomes a viable venue for intellectual property enforcement, it is important to monitor the recent developments in Chinese intellectual property legal system.

On October 1, 2020, the Office of Foreign Assets Control (OFAC) and the Financial Crimes Enforcement Network (FinCEN) each released advisories (the OFAC Advisory and the FinCEN Advisory) addressing financial crime-related risks associated with ransomware and ransomware payments. The OFAC Advisory focuses on the risk that ransomware attacks or payments may involve sanctioned persons or jurisdictions, the risk that paying ransoms, or otherwise dealing with ransomware attackers may result in liability under OFAC sanctions authorities, and the possibility for victims of such attacks to earn credit against potential sanctions penalties by voluntarily disclosing such attacks to law enforcement. The FinCEN Advisory draws attention to the potential for financial institutions to be used in the processing of ransomware payments, the risk that intermediaries that facilitate such payments may be deemed money transmitters, red flags of potential ransomware-related activity, and the need to report technical details related to such attacks in suspicious activity reporting.

Ransomware

The advisories both discuss ransomware issues and trends in general terms before turning to sanctions- and AML-specific aspects of these crimes. The OFAC Advisory defines ransomware as “a form of malicious software … designed to block access to a computer system or data, often by encrypting data or programs on information technology systems to extort ransom payments from victims in exchange for decrypting the information and restoring victims’ access to their systems or data.” The perpetrators may also “threaten to publicly disclose victims’ sensitive files,” a tactic increasingly seen in ransomware attacks. The FinCEN Advisory defines ransomware in substantially similar terms, and also explains that perpetrators of ransomware attacks typically demand payment in convertible virtual currency (CVC), such as Bitcoin.

According to the OFAC Advisory, citing statistics from the Federal Bureau of Investigation, “there was a 37 percent annual increase in reported ransomware cases and a 147 percent annual increase in associated losses from 2018 to 2019.” The FinCEN Advisory highlights a number of trends related to the increasing sophistication and scope of ransomware attacks, including:

  • Big Game Hunting Schemes: Targeting of larger enterprises and significantly larger ransom demands.
  • Ransomware Criminals Sharing Resources: Increased sharing of ready-made ransomware kits as well as “advice, code, trends, techniques and illegally-obtained information over shared platforms.”
  • “Double Extortion” Schemes: Threatening both to withhold access to the victim’s systems and data along with threats to publish or sell the data to provide a “double” incentive to pay.
  • Use of Anonymity-Enhanced Cryptocurrencies (“AECs”): Requiring or incentivizing victims to pay in AECs that include anonymizing features, such as mixing and cryptographic enhancements.
  • Use of “Fileless” Ransomware: Fileless ransomware writes malicious code into the computer’s memory rather than into a file on a hard drive, which is more difficult to detect and can circumvent off-the-shelf antivirus and malware defenses.

Finally, the FinCEN Advisory illustrates the complex transactions that are involved in making ransomware payments with CVC, in part to highlight for financial institutions the different sorts of actors that may be involved in these payments. A ransomware payment involving CVC typically begins with the victim transmitting funds via wire transfer, ACH or credit card payment to a CVC exchange in order to obtain the demanded form of CVC. Next, the victim sends the CVC to the perpetrator’s designated account or CVC address. The perpetrator then launders the CVC using a variety of methods, including mixers and tumblers (mechanisms that obscure the link between sender and receiver), converting CVC into different CVCs, smurfing (breaking the funds into smaller amounts that move separately), and using many different accounts, exchanges, and peer-to-peer exchangers located in different jurisdictions.

Sanctions Risks and Issues in Ransomware Payments

The major sanctions-related risk in a ransomware attack is that a ransom payment will go to a sanctioned person or sanctioned jurisdiction. The OFAC Advisory emphasizes that OFAC “may impose civil penalties for sanctions violations based on strict liability, meaning that a person subject to U.S. jurisdiction may be held civilly liable even if it did not know or have reason to know it was engaging in a transaction with a person that is prohibited under sanctions laws and regulations.” In this manner, OFAC suggests that it may be willing to penalize dealings with sanctioned parties even in situations where, as with ransomware, it is often difficult or impossible to know who is responsible for the attack or where any payment may be sent (and indeed where the goal of the attacker receiving payment is to maintain anonymity).

OFAC does not comment on the difficulty of determining who is responsible for a ransomware attack but does identify factors that may mitigate any enforcement action in the event a payment goes to a sanctioned actor.

First, OFAC encourages companies to maintain a risk-based compliance program to mitigate exposure to sanctions-related violations, and notes its previous guidance that OFAC will consider the “existence, nature, and adequacy of a sanctions compliance program” when determining an appropriate enforcement response. Adopting a risk-based approach to compliance generally also may benefit companies in other regulatory settings and allow companies to have a more focused approach to security.

Second, for “companies that engage with victims of ransomware attacks, such as those involved in providing cyber insurance, digital forensics and incident response,” as well as “financial services” providers such as depository institutions and money services businesses, that may be involved in processing ransom payments, OFAC encourages such companies to maintain risk-based sanctions compliance programs that specifically “account for the risk that a ransomware payment may involve an SDN or blocked person, or a comprehensively embargoed jurisdiction.” At the same time, OFAC does not address the key problem of determining sanctions risks in such situations – the difficulty in identifying the involvement of a sanctioned person or jurisdiction in what typically are designed to be anonymous attacks.

Third, OFAC will consider a “self-initiated, timely, and complete report of a ransomware attack to law enforcement” as well as “full and timely cooperation with law enforcement both during and after a ransomware attack” to be “significant mitigating factor[s]” in determining the appropriate enforcement outcome. OFAC does not define “law enforcement” or prescribe any particular agency to whom such a report should be made.

By contrast, although OFAC says that it will consider license applications to pay a ransomware attacker despite the potential involvement of sanctioned parties “on a case-by-case basis,” it emphasizes that it approaches such applications with a “presumption of denial,” noting that such payments “benefit illicit actors and can undermine the national security and foreign policy of the United States,” may “embolden cyber actors to engage in future attacks,” and “do[] not guarantee that the victim will regain access to its stolen data.”

In addition to its general admonition to companies to alert “law enforcement” to ransomware demands, OFAC encourages them to notify OFAC in particular in situations where they believe that a demand for a ransomware payment may involve a sanctions nexus, and also separately to notify the U.S. Department of the Treasury’s Office of Critical Infrastructure Protection “if an attack involves a U.S. financial institution or may cause significant disruption to a firm’s ability to perform critical financial
services.”

AML Risks and Issues in Ransomware Payments

The FinCEN Advisory focuses on the role of financial institutions, including banks and money services businesses (MSBs), in making ransomware payments, observing that “[p]rocessing ransomware payments is typically a multi-step process that involves at least one depository institution and one or more [MSBs].”

The FinCEN Advisory also discusses the role of “companies that provide protection and mitigation services to victims of ransomware attacks,” including digital forensics and incident response companies (DFIRs) and cyber insurance companies (CICs). FinCEN warns that that activities by these companies to facilitate payments to perpetrators on behalf of victims, “[d]epending on the particular facts and circumstances,” could “constitute money transmission,” and thus subject such companies to regulation under the Bank Secrecy Act (BSA).

The FinCEN Advisory continues to identify “red flags” associated with ransomware activity. Financial institutions generally are expected to investigate such red flags in order to determine if there is a reasonable, non-suspicious explanation for the activity or whether, if not, the financial institution should report the activity to FinCEN in a suspicious activity report (SAR). With respect to ransomware payments, the FinCEN Advisory lists a number of red flags, including: (1) activity bearing certain technical indicators of a potential ransomware attack, which may be evident in system log files, network traffic, or file information; (2) any instance in which a customer indicates a payment is in response to a ransomware incident; (3) a customer transacts with CVC addresses that are linked in public or other reporting to ransomware activity; (4) any transaction between an organization and a DFIR or CIC – especially if the organization is in a sector at high-risk for ransomware attack (e.g., governmental, education, healthcare, financial); (5) the customer appears to be using the financial institution’s liquidity to execute “large numbers of offsetting transactions between various CVCs, which may indicate that the customer is acting as an unregistered MSB”; (6) a customer “uses a CVC exchanger or foreign-located MSB in a high-risk jurisdiction lacking, or known to have inadequate, AML/CFT regulations for CVC entities”; and (7) a “customer initiates multiple rapid trades between multiple CVCs, especially AECs, with no apparent related purpose, which may be indicative of attempts to break the chain of custody on the respective blockchains or further obfuscate the transaction.”

Essentially, FinCEN’s guidance suggests that any potential indication that a transaction is related to a ransomware payment or ransomware attack be treated as a red flag that a financial institution should investigate and determine whether a SAR is appropriate. FinCEN does not say that payments by victims automatically trigger an obligation to report, but strongly suggests that is the case, emphasizing that a financial institutions must file a SAR when it “knows, suspects, or has reason to suspect” that a transaction “involves the use of the financial institution to facilitate criminal activity,” and that “[r]eportable activity can involve transactions, including payments made by financial institutions, related to criminal activity like extortion and unauthorized electronic intrusions that damage, disable, or otherwise affect critical systems.”

Finally, FinCEN provides specific instructions for filing SARs regarding ransomware activity. The advisory notes that “financial institutions should provide all pertinent available information on the event and associated with the suspicious activity, including cyber-related information [a term of art FinCEN has defined in past guidance on filing SARs] and technical indicators, in the SAR form and narrative.” The advisory also identifies valuable information and indicators including: “relevant email addresses, Internet Protocol (IP) addresses with their respective timestamps, login information with location and timestamps, virtual currency wallet addresses, mobile device information (such as device International Mobile Equipment Identity (IMEI) numbers), malware hashes, malicious domains, and descriptions and timing of suspicious electronic communications.”

FinCEN requests that financial institutions filing SARs related to potential ransomware activity reference the advisory by including “CYBER-FIN-2020-A006” in SAR field 2 and the narrative, select SAR field 42 (Cyber event) as the associated suspicious activity type, and select SAR field 42z (Cyber event – Other) and include the keyword “ransomware” in SAR field 42z, to indicate a connection between the suspicious activity being reported and possible ransomware activity. Financial institutions “should include any relevant technical cyber indicators related to the ransomware activity and associated transactions within the available structured cyber event indicator SAR fields 44(a)- (j), (z).”

Practical Considerations

Although OFAC says that timely reporting of a ransomware attack to law enforcement will be a substantial mitigating factor for enforcement “if the situation later is found to have a sanctions nexus,” OFAC also confirms that there is a significant enforcement risk for anyone involved in a ransomware payment that goes to a sanctioned person or jurisdiction. Furthermore, OFAC suggests that it is not inclined to grant licenses that would allow ransom payments that involve sanctioned persons or jurisdictions. Accordingly, some companies may face difficult choices about whether to alert OFAC in situations where there is significant evidence that a sanctioned party is involved. Because OFAC has suggested that it will not license payments to such persons, alerting law enforcement or OFAC to a ransomware demand may give rise to situations where these agencies expect a victim company to refuse to pay the ransom, and the company will need to comply to avoid a sanctions violation while figuring out how to restore systems and manage potential data loss without making a payment. In the alternative, if it decides it must pay – despite the fact that paying ransomware demands does not necessarily result in system restoration and can leave lingering issues related to third-party access to the data and data loss – the company will have alerted OFAC to a potential violation, and must hope that its timely involvement of law enforcement will mitigate against any penalty.

Companies therefore may wish to develop a risk-based compliance plan or playbook that analyzes key decisions and factors that a company may face during a ransom attack. The same is true for financial institutions, DFIRs, and CICs that may find themselves in the position of facilitating ransomware payments or other related dealings. Such policies might address a company’s approach to attribution, and in particular attribution of attacks to sanctioned persons or jurisdictions, and the different ways that sanctioned persons or jurisdictions might arise in ransomware situations, including internal analysis and the use of third-party vendors in this process. This includes potentially not only the attackers themselves, but also negotiators, virtual currency exchangers and other financial institutions, and other third-party intermediaries or facilitators.

Separately, financial institutions should consider incorporating the red flags FinCEN has identified for potential ransomware activity into their AML programs, and more broadly addressing how they will detect and deal with ransomware-related transactions. The obligation of Bank Secrecy Act-regulated financial institutions to detect and report suspicious activity extends beyond dealings with sanctioned parties to include all transactions over the relevant reporting threshold where there is reason to suspect that the transaction lacks a legitimate business purpose or is not the kind in which the customer normally would engage. FinCEN’s advisory makes clear that financial institutions should ensure their transaction and suspicious activity monitoring is able to detect red flags associated with ransomware activity, as well as to investigate such red flags and make robust determinations on whether to file a SAR. The guidance suggests that any indication of ransomware activity should be treated as a red flag and any suspected ransomware activity that exceeds the relevant reporting threshold should be reported in a SAR. Financial institutions also should take steps to ensure that their AML compliance teams have access to any cyber-related information known to the financial institution that is associated with such incidents, and that they include such information in any SARs.

The FinCEN Advisory also provides a warning to entities such as DFIRs and CICs that FinCEN may treat them as money transmitters (a form of MSB and thus subject to regulation under the BSA) if they arrange or make ransomware-related payments on behalf of clients, and that the fact that these transactions are done as part of a broader client service may not exempt them from regulation.

In ruling N314212 (Sept. 17, 2020), Customs and Border Protection (CBP) discussed the classification of an Electrostatic Backpack Sprayer. The backpack sprayer consists of a trigger-activated spray gun, a 2.25-gallon fluid tank designed to be worn on the back of the user, two lithium-ion batteries, a battery charger, and a telescopic wand. The Electrostatic Backpack Sprayer is described as a disinfectant appliance designed for use in industries such as healthcare, facility management, education, etc. As described, the user will squeeze the hand-operated trigger, which draws disinfectant from the backpack fluid tank to the spray gun via a diaphragm pump. The disinfectant then sprays from the trigger sprayer nozzle onto a surface to be disinfected.

The ruling explains that the Electrostatic Backpack Sprayer, consists of at least two different articles that are classifiable in different headings and consists of articles put up together to carry out a specific activity (i.e., spraying disinfectant). The articles are put up in a manner suitable for sale directly to users without repacking, and thus is within the term “goods put up in sets for retail sale.” GRI 3(b) states in part that goods put up in sets for retail sale, which cannot be classified by reference to GRI 3(a), are to be classified as if they consisted of the component that gives them their essential character. CBP concluded that the Electrostatic Backpack Sprayers’ essential character is imparted by the trigger-activated spray gun.

CBP determined that the applicable subheading for the Electrostatic Backpack Sprayer is 8424.20.9000, HTSUS, which provides for “Mechanical appliances (whether or not hand operated) for projecting, dispersing or spraying liquids or powders; fire extinguishers, whether or not charged; spray guns and similar; steam or sand blasting machines and similar jet projecting machines; parts thereof: Spray guns and similar appliances: Other.” The rate of duty will be free.

Pursuant to U.S. Note 20 to Subchapter III, Chapter 99, HTSUS, products of China classified under subheading 8424.20.9000, HTSUS, unless specifically excluded, are subject to an additional 25 percent ad valorem rate of duty. At the time of importation, 9903.88.03, in addition to subheading 8424.20.9000, HTSUS, must be reported.

 

On Friday, October 2, 2020, the United States Trade Representative (USTR) announced that, at the direction of the President, a two-part investigation is being initiated into Vietnam under Section 301 of the Trade Act of 1974. USTR, in conjunction with the Department of the Treasury, will review policies related to the import and use of timber that may have been illegally harvested or traded. The two agencies will also review any practices that may have contributed to the undervaluation of Vietnam’s currency, the Dong (VND), resulting in harm to U.S. commerce.

In the announcement, United States Trade Representative Robert E. Lighthizer said, “President Trump is firmly committed to combatting unfair trade practices that harm America’s workers, businesses, farmers, and ranchers.  Using illegal timber in wood products exported to the U.S. market harms the environment and is unfair to U.S. workers and businesses who follow the rules by using legally harvested timber.  In addition, unfair currency practices can harm U.S. workers and businesses that compete with Vietnamese products that may be artificially lower-priced because of currency undervaluation.  We will carefully review the results of the investigation and determine what, if any, actions it may be appropriate to take.”

The announcement follows a 2019 decision by the Treasury Department to include Vietnam on a watch list for its currency practices and changes in federal regulations in February of this year that allows currency undervaluation to be considered as part of subsidy investigations conducted by the Department of Commerce. The change to federal regulations was prompted in part by a Treasury Department report in January outlining the scale and persistence of foreign exchange intervention among most major U.S. trading partners and in the context of a widening trade deficit with Vietnam and weakening VND against the dollar.

In August, for the first time, the Department of Commerce accepted evidence, under the new regulations, from a valuation assessment conducted by the Treasury Department in an ongoing countervailing duty (CVD) investigation of an alleged subsidy pertaining to currency undervaluation on passenger vehicle and light truck tires from Vietnam.

Friday’s announcement was met with mixed reactions but universal concern over the possible effects on domestic industry. USTR is expected to release two separate Federal Register notices next week that will provide details of the investigation and information on how members of the public can provide their views through written submissions.

In ruling NY N314519 (September 28, 2020), Customs and Border Protection (CBP) discussed the classification of a product identified as the HoHoHoH2o Automatic Christmas Tree Watering Device. The HoHoHoH2o is composed of a 2.5-gallon tank, water pump, water tube and water level sensors. The 2.5-gallon water tank houses the water pump, floating level sensor and a circuit board. The tank, which resembles a wrapped giftbox, measures 13.5 x 10.4 x 9.5 inches and is placed under the tree in use. As described in the ruling, the tank’s water tube is placed into the tree stand along with the tree stand sensor. The tree stand sensor monitors the water level by opening and closing a circuit via wires attached to the circuit board.  When the sensor detects the water is low, it opens a circuit that triggers the pump in the tank to deliver water to the stand through the attached water tube.  Once the proper water level is reached, the circuit closes and signals to turn off the water pump.  When the water tank itself is running low on water, a floater switch inside the tank sends a signal to trigger a sound and light alarm to notify the user to refill the tank with water.

The ruling states that CBP believes the HoHoHoH2o is a composite good within the meaning of GRI 3. Goods classifiable under GRI 3(b) shall be classified as if they consisted of a material or component which gives them their essential character. GRI 3(c) states that when the essential character of a composite good cannot be determined, classification is based on the heading that occurs last in numerical order among those which equally merit consideration. CBP believes that the pump in heading 8413, HTSUS, merits equal consideration to the sensors which measure and check the water level in heading 9026, HTSUS.

CBP determined that the applicable subheading for the HoHoHoH2o Automatic Christmas Tree Watering Device will be 9026.10.6000, HTSUS, which provides for “Instruments and apparatus for measuring or checking the flow, level, pressure or other variables of liquids or gases (for example, flow meters, level gauges, manometers, heat meters), excluding instruments and apparatus of heading 9014, 9015, 9028 or 9032; parts and accessories thereof: For measuring or checking the flow or level of liquids: Other: Other.”  The rate of duty will be free.

Pursuant to U.S. Note 20 to Subchapter III, Chapter 99, HTSUS, products of China classified under subheading 9026.10.6000, HTSUS, unless specifically excluded, are subject to an additional 7.5 percent ad valorem rate of duty.  At the time of importation, the Chapter 99 subheading, 9903.88.15, in addition to subheading 9026.10.6000, HTSUS, must be reported.

On September 16, 2020, the Financial Crimes Enforcement Network (“FinCEN”) issued an advanced notice of rulemaking (“ANPRM”) requesting comments on proposed regulatory changes under the Bank Secrecy Act (“BSA”) that aim to enhance the effectiveness of anti-money laundering (“AML”) programs.  The proposals reflect the recommendations of a working group within the Bank Secrecy Act Advisory Group (“BSAAG”), whose membership includes representatives from financial institutions, federal and state regulatory and law enforcement agencies, and trade groups and is chaired by the director of FinCEN, that was convened to develop recommendations to strengthen the national AML regime.  Comments are due by November 16, 2020.

Proposed Amendments

FinCEN is seeking comment on whether it is appropriate to clearly define a requirement for an “effective and reasonably designed” AML program in BSA regulations.  As proposed in the ANPRM, regulatory amendments would explicitly define an “effective and reasonably designed” AML program as one that:

  • Identifies, assesses, and reasonably mitigates the risks resulting from illicit financial activity—including terrorist financing, money laundering, and other related financial crimes—consistent with both the financial institution’s risk profile and the risks communicated by relevant government authorities as national AML priorities;
  • Assures and monitors compliance with the recordkeeping and reporting requirements of the BSA; and
  • Provides information with a high degree of usefulness to government authorities consistent with both the institution’s risk assessment and the risks communicated by relevant government authorities as national AML priorities.

The ANPRM also seeks comment on whether the AML program regulations should be amended to establish an explicit requirement for a risk-assessment process, as well as whether the Director of FinCEN should issue, every two years, a list of national AML priorities.

These amendments, which would allow financial institutions greater flexibility in the allocation of their resources to establish an effective AML program, are likely welcomed by industry.  The window to submit comments on the proposals allows industry the opportunity to provide the agency with additional insight into resource considerations and other decision-making that informs the effectiveness of an AML program, along with innovations in the financial sector.

The Court of International Trade (“CIT”) saw nearly 3,000 complaints filed over a period of four days from Friday, September 18, 2020 to Monday, September 22, 2020 challenging the United States Trade Representative’s (“USTR”) authority to levy Section 301 Tariffs on products found on List 3 (and frequently, also those also found on List 4A) (“List 3 Tariffs”).  These complaints dovetail from the lead case which first raised this issue, filed on September 10, 2020, HMTX Industries LLC et al. v. United States.

Plaintiffs have generally taken the position that, while initial retaliatory tariff action reflected in the implementation of Section 301 Tariffs on products found on List 1 and List 2 may have been lawful, the USTR’s subsequent round of actions (i.e., List 3 and List 4A) failed to comply with requirements under the Administrative Procedures Act.  These lawsuits, if successful, may ultimately eliminate List 3 (and where applicable, List 4A) tariffs and result in refunds.  It remains to be seen whether refunds would be applicable to all importers, or only those who filed complaints.  Further action could be warranted in the latter case for those parties which elected not to file lawsuits but subsequently wish to pursue action to receive refunds on duties paid. Importers may also still challenge exclusion denials, extension denials, and the shortening of granted List 3 exclusions.

There remain conflicting opinions as to when the deadline to file a complaint contesting List 3 Tariffs expires (or expired).  The statute of limitations to file a complaint at the CIT expires after two years – the outstanding question is when this deadline first began tolling. Some argue that the deadline expired on Friday, September 18, 2020, starting the timer from the USTR press release which first announced the finalized list of covered tariff numbers included in List 3.  Others point to Monday, September 21, 2020, which is two years from the date on which the finalized list of covered tariff numbers was first published in the Federal Register.  Still others take the position that the deadline is September 24, 2020 (the date the tariffs actually took effect), or, possibly a later date corresponding to when an importer was first assessed a duty on an imported List 3 product.  There is therefore still time as of the publication of this blog, arguably, for importers to “throw their hat in the ring” with respect to contesting List 3 Tariffs.  We can additionally expect another round of lawsuits contesting List 4, but the expiry of the statute of limitations for those products remains around a year in the future at the earliest.

Regardless of the outcome at the CIT, importers can expect there will be at least one appeal to the Court of Appeals, and possibly another appeal to the Supreme Court.  Importers should therefore not expect any resolution on this question in the near future.