According to a January 19 press release, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) “designated three individuals, fourteen entities, and six vessels for their ties to a network attempting to evade United States sanctions on Venezuela’s oil sector.” According to OFAC, the  Maduro regime is continuing to use “Petroleos de Venezuela, S.A. (PdVSA) as its primary conduit for corruption to exploit and profit from Venezuela’s natural resources.”

This action builds on “OFAC’s June 18, 2020 designations targeting Libre Abordo, S.A. de C.V. (Libre Abordo) and a wider Mexico-based network involved in the illicit sale of Venezuelan oil. Today’s action targets additional orchestrators and facilitators with ties to the Mexico network who have conspired with Maduro’s oil minister, Tareck El Aissami Maddah (El Aissami), and indicted money launderer Alex Nain Saab Moran (Saab) to broker the sale of hundreds of millions of dollars of Venezuelan oil.”

In ruling NY N316541 (January 13, 2021), Customs and Broker Protection (CBP) discussed the classification of the . The ruling indicates that the system consists of a wristband, satellite, and hub, which are used/installed in a user’s home. Together, they gather user activity/movement data and user location data. The data generated/gathered is forwarded via the satellite and hub to the Nectarine cloud/Nectarine SmartApp. The three components are all sold as individual products. Communication between all three components is via Bluetooth.

The wristband is an electronic wearable device, worn on a person’s wrist. As described in the ruling, its primary function is to gather data about the movement of the wearer, and transmit it over Bluetooth via the Nectarine hub and satellite to the cloud. The satellite is an electrical radio network device that plugs into a wall power socket. The satellite’s primary function is to increase the Bluetooth coverage of the Nectarine Remote – Tracking network. It receives data from the wristband and relays the data to the Hub. It also enables positioning of the wristband. The ruling goes on to explain that the hub is an electrical radio network device that plugs into a wall power socket. It receives data from the wristband or the satellite and relays the data to a Wi-Fi router. Both the satellite and the hub have call capability via inbuilt microphone and speaker.

CBP determined that the applicable subheading for the wristband is 9031.80.8085, HTSUS, which provides for “Measuring or checking instruments, appliances and machines, not specified or included elsewhere in this chapter; profile projectors; parts and accessories thereof: Other instruments, appliances and machines: Other: Other.” The general rate of duty is Free.

Furthermore, CBP determined that the applicable subheading for the satellite unit and the hub unit is 8517.62.0090, HTSUS, which provides for “Telephone sets, including telephones for cellular networks or for other wireless networks; other apparatus for the transmission or reception of voice, images or other data…: Other apparatus for transmission or reception of voice, images or other data, including apparatus for communication in a wired or wireless network (such as a local or wide area network): Machines for the reception, conversion and transmission or regeneration of voice, images or other data, including switching and routing apparatus: Other.”  The general rate of duty is Free.

 

On October 23, 2020, the Federal Reserve Board and the Financial Crimes Enforcement Network (FinCEN) issued a joint notice of proposed rulemaking that would amend the Bank Secrecy Act’s Recordkeeping Rule and Travel Rule regulations. The proposed changes would: (a) lower the threshold for covered cross-border transactions from $3,000 to $250, and (b) extend the applicability of the rules to convertible virtual currency and digital assets. Caroline Brown moderates this panel discussion hosted by KPMG and Carlton Greene provides insight into what the changes mean for virtual currency companies and payments companies.

Listen on KPMG’s site

On January 1, 2021, the Senate followed the House and voted to override President Trump’s veto of the National Defense Authorization Act for Fiscal Year 2021 (NDAA). As is typical, the NDAA touched on a wide range of legal areas, including numerous new government contracts requirements, as well as a number of sanctions and export control related features, which will be summarized separately. One of the core features of the NDAA, however, is Division F, The Anti-Money Laundering Act of 2020 (AMLA or the Act), which makes sweeping reforms to the Bank Secrecy Act (BSA) and other anti-money laundering rules. The following is a summary of the most significant changes to the AML legal landscape, including:

  • New beneficial ownership requirements and the creation of a registry
  • Establishment of national AML and counter-terrorism priorities
  • Creation of a new Office of Domestic Liaison within the Financial Crimes Enforcement Network (FinCEN)
  • Broader Department of Justice (DOJ) and Department of the Treasury (Treasury) subpoena authority for non-U.S. bank records
  • Expanded definition of “financial institution” to include “dealers in antiquities” and “virtual currencies”
  • Review by FinCEN of whether to implement a “no-action letter” program
  • Increased BSA/AML penalties
  • Mandatory U.S. Treasury Department review of currency transaction report (CTR) and suspicious transaction report (SAR) requirements
  • New SAR pilot program to allow regulated financial institutions to share SARs with their foreign branches, subsidiaries, and affiliates
  • Safe harbor for compliance with “keep open” letters
  • New whistleblower program

New Beneficial Ownership Requirements and the Creation of a Registry

The Corporate Transparency Act, which is part of the AMLA, will require new and existing state and tribal corporations, limited liability companies, and other similar entities, as well as similar non-U.S. entities that register or are registered to conduct business in the United States (Reporting Companies), to report personal identifying information to FinCEN for their natural-person beneficial owners and for the applicants who establish or register the entities. This change is designed to expand the information available to the government about the natural persons that own U.S. corporate entities, and to discourage the use of shell companies by money launderers and other illicit actors. The information will be maintained by FinCEN in a non-public national registry made accessible to law enforcement, and to certain financial institutions with the consent of their customers (the Registry). Beneficial owners are individuals who: (1) own or control 25 percent or more of the ownership interests of a Reporting Company; or (2) exercise “substantial control” over a Reporting Company. This definition is similar to the definition of beneficial owners used in FinCEN’s 2016 customer due diligence rule (CDD Rule), but appears not to limit the number of control parties that must be identified (the CDD Rule requires only one control party to be identified). The Act does not define “substantial control,” but instead delegates authority to do so to FinCEN.

The current CDD rule requires covered financial institutions to obtain beneficial ownership information on legal entity customers that open accounts with those institutions. The new registry has the potential to substantially increase the beneficial ownership information available to law enforcement, because it requires such information from U.S. companies generally. At the same, time, the Act excludes a long list of entities from this reporting requirement, with exclusions that are broader than the many that already appear in the CDD Rule. Among other things, they exclude any entity that: (1) employs more than 20 people on a full-time basis, (2) filed federal taxes in the previous year demonstrating more than $5,000,000 in gross receipts or sales in the aggregate, and (3) has an operating presence at a physical office in the U.S.

The Secretary of the Treasury (the Secretary) has one year to promulgate regulations implementing the new requirements, after which they become effective. Existing companies will have two years after the effective date of these regulations to provide the required information to FinCEN. Reporting Companies formed or which register in the U.S. after the date of the regulations will be required to report beneficial ownership information at the time of formation or registration. Reporting Companies also will be required to report changes to previously reported information within one year of the change.

Establishment of National AML and Counter-Terrorism Priorities

The Act requires the Secretary to establish, in consultation with DOJ, federal and state financial regulators, and relevant national security agencies, national priorities for AML and countering the financing of terrorism (CFT) by June 30, 2021. FinCEN and prudential regulators then will expect financial institutions subject to an AML program requirement to ensure that their AML programs and risk assessments address these priorities, and that financial regulators include an assessment of compliance with this requirement in their regular examinations of affected institutions.

Creation of a New Office of Domestic Liaison within FinCEN

The Act establishes a new Office of Domestic Liaison within FinCEN intended to promote the coordination and consistency of supervisory guidance from FinCEN, federal functional regulators, state bank supervisors, and state credit union supervisors regarding the BSA. Among other things, the office will receive feedback from BSA officers at financial institutions about the issues they encounter with the implementation of the BSA, and feedback from BSA officers and their examiners at federal functional regulators about specific BSA examinations of their institutions.

Broader DOJ and Treasury Subpoena Authority for Non-U.S. Bank Records

The Act broadens pre-existing authority under the BSA at 31 U.S.C. § 5318(k) to allow Treasury or DOJ to subpoena the financial records of non-U.S. (or foreign) banks that hold correspondent accounts with U.S. financial institutions. Under the new authority, these agencies will be able to demand not only information from the foreign bank about its use of the U.S. correspondent account, but about any account of the foreign bank, including records maintained outside the United States. While Treasury and DOJ have historically used the pre-existing authorities judiciously, recent use is more aggressive. Most notably, it was used to demand records from three Chinese banks about the use of their correspondent accounts by alleged North Korean agents, which was upheld by the D.C. Circuit in a 2019 landmark decision.

Expanded Definition of “Financial Institution” to Include “Dealers in Antiquities” and “Virtual Currencies”

The Act expands various definitions throughout the BSA to include virtual currency, described as “value that substitutes for currency.” These definitions include: (1) defining a “financial agency” subject to regulation under the Act to include foreign persons that provide services relating to virtual currency; (2) defining “currency exchangers” to include entities that exchange virtual currency for fiat currency or funds; (3) defining money transmitters to include transmitters of virtual currency; (4) allowing the Secretary to provide by regulation that “monetary instruments” include value that substitutes for more traditional monetary instruments such as checks or money orders; and (5) revising the definition of money transmitters that must register with FinCEN to include those who transmit virtual currency. These changes appear to codify FinCEN’s 2013 and 2019 virtual currency guidance that companies that exchange or transmit virtual currency qualify as money transmitters and must register with FinCEN.

The Act also broadens the BSA definition of “financial institution” to include “dealers in antiquities,” (“a person engaged in the trade of antiquities, including an advisor, consultant, or any other person who engages as a business in the solicitation or the sale of antiquities,”). The Act requires the Secretary, through FinCEN, to issue proposed rules implementing this provision by January 1, 2022. The Act also requires FinCEN, before the issuance of these rules, to consult with the FBI, DOJ, and other relevant agencies on the appropriate scope of the rules, including: (1) the size, type of business, and geographic location of persons who should be subject to the rules; (2) the degree to which the regulations should focus on high-value trade in antiquities and on the need to identify the actual purchasers of such antiquities and their agents or intermediaries; (3) the need to generally identify persons who are dealers, advisors, consultants, or others who engage in antiquities trading; and (4) whether any thresholds or exemptions should apply in determining whom to regulate.

Review by FinCEN of Whether to Implement a “No-Action Letter” Program

The Act requires FinCEN, in consultation with DOJ, federal functional regulators, state banking supervisors, and other relevant agencies, to submit a report to Congress within six months that analyzes whether the implementation of no-action letters by FinCEN in response to inquiries from financial institutions on the application of AML laws or regulations to specific conduct, could enhance BSA compliance by financial institutions. The report must also include proposed rulemaking to implement any recommendations. FinCEN also is required to consider whether to establish a timeline for the review of requests for no-action letters, which could help to accelerate the pace of interpretive guidance from the agency.

Increased BSA/AML Penalties

The Act provides additional civil penalties for persons who violate the BSA after having done so previously. For each additional violation, effective immediately, repeat offenders now are subject to additional penalties of three times the profit gained or loss avoided as a result of the violation, or two times the maximum allowable penalty for the violation, whichever is greater. The underlying previous violation must have occurred after the Act became effective on January 1, 2021.

The Act also provides that individuals who commit “egregious” violations of the BSA will be barred from serving on the board of directors of a U.S. financial institution for a 10-year period. An “egregious” violation is defined as a criminal violation that results in conviction and for which the maximum term of imprisonment is one year, or a civil violation that is willful and where the violation facilitated money laundering or the financing of terrorism.

The Act further provides that, in addition to any other criminal fines, a person convicted of violating the BSA may be fined an amount equal to the profit gained from the violation and, for employees of financial institutions, be required to repay any bonus they received during the year in which the violation occurred or the succeeding one.

Mandatory Treasury Review of CTR and SAR Requirements

The Act requires the Secretary, in consultation with federal law enforcement and federal and state banking regulators, to conduct a formal review of the financial institution reporting requirements relating to CTRs and SARs and to propose changes to reduce unnecessarily burdensome regulatory requirements and ensure the continued usefulness of such reports against statutory requirements. This includes a review of rules and guidance issued to implement CTR and SAR provisions, a consideration of whether the dollar thresholds for the reports require adjustment, a review of which fields should be designated as critical on the SAR form, and whether additional exemptions to CTR reporting should be allowed to avoid reports that have little or no value to law enforcement. The Secretary must submit a report of her findings to Congress by January 1, 2022, and propose rulemaking to implement the report’s findings.

New SAR Pilot Program to Allow Regulated Financial Institutions to Share SARs with Their Foreign Branches, Subsidiaries, and Affiliates

The Act requires the Secretary to promulgate rules by January 1, 2022, establishing a pilot program that will permit participating financial institutions to share information related to SARs with their foreign branches, subsidiaries, and affiliates for the purposes “of combating illicit finance risks.” No sharing will be allowed with branches, subsidiaries, or affiliates located in China, Russia, state sponsors of terrorism, federally-sanctioned jurisdictions, and other jurisdictions as determined by the Secretary.

Safe Harbor for Compliance with “Keep Open” Letters

The Act establishes a safe harbor from BSA liability and from adverse supervisory action for maintaining accounts on the basis of law enforcement “keep open” letters. Law enforcement agencies historically have issued such letters to ask that financial institutions not close an account, despite potential suspicious activity, because doing so might affect a law enforcement investigation. In order for the safe harbor to apply, the relevant law enforcement agency first must provide notice to FinCEN of the “keep open” request, and the request must state a termination date.

New Whistleblower Program

To provide additional incentives for reporting BSA/AML violations, the Act enhances existing BSA whistleblower provisions (which have never been implemented) to allow larger rewards for reporting violations that lead to civil penalties or criminal fines exceeding $1,000,000. The violation must be reported to the whistleblower’s employer, Treasury, or DOJ and lead to a successful administrative or judicial enforcement action. The whistleblower may then receive an award worth up to 30% of the monetary penalty or fine assessed against the violating party.

The Act also creates a private right of action for those retaliated against for disclosing BSA violations, which may be pursued by filing a complaint with the Secretary of Labor and, if that is not acted upon within 180 days, by filing a complaint in an appropriate U.S. District Court.

Practical Considerations

  • Beneficial Ownership Registry. Although the Registry will take some time to set up, banks and other financial institutions subject to due diligence requirements should plan whether and how they will use the information about beneficial owners and control persons that will be available through the Registry in cases where customers consent to sharing it. On the one hand, because this information is not limited to a single control person, and also includes information about applicants who establish or register corporations, it may provide additional relevant information about customer risk, and regulators may expect financial institutions to obtain and make use of such information where possible. On the other hand, using the Registry to obtain beneficial ownership information is not likely to relieve financial institutions from updating such information on a risk basis or when new accounts are opened, or from other diligence activities. It will be important to understand how the new Registry and the provisions for use of its information interact with other requirements, in particular, with FinCEN’s CDD Rule. Separately, companies generally may wish to start considering whether they fit within the many exemptions to the requirement to provide identifying information on beneficial ownership and applicants (i.e., the person or persons who establishes or registers the corporation).
  • Virtual Currencies. Virtual currency businesses that may have previously assessed their business model as not captured by FinCEN’s virtual currency guidance, should make sure that their analysis on this issue is air tight. FinCEN’s efforts to codify the application of the BSA to virtual currency, along with recent enforcement and remarks throughout 2020, indicate an increased focus on virtual currency business enforcement in 2021 and beyond.
  • Dealers in Antiquities. Depending on the scope of any final rules FinCEN may issue, dealers in antiquities that become subject to BSA rules should not underestimate the amount of time and investment required to develop and implement an effective AML program. A careful assessment of a dealer’s AML risk is the recommended first step. Without a thorough risk assessment, a dealer can waste significant time and money building an AML program that does not fit its risk profile, fails to meet regulatory expectations, and in the long run may cost the organization more in monetary terms and reputational damage.
  • New CTR and SAR Rules. Any change to the CTR and SAR reporting rules will impact financial institutions significantly. If, for example, CTR and SAR transaction amount reporting thresholds are adjusted downward, resulting in more transactions subject to reporting, this could have significant operational impacts on financial institutions in terms of resources and procedures. An adjustment upward could also have an operational impact, as such a change may come with greater expectations on the type of information filed on transactions that do remain in scope. The Act does require FinCEN to consider streamlining these reporting processes, and therefore offers some hope that any decision on thresholds is accompanied by other process improvements, but this remains to be seen.
  • National Priorities. Financial institutions may wish to begin considering how they will amend their risk assessments and AML programs to incorporate national priorities established by FinCEN, and separately to add procedures to deal with the new standards that apply to “keep open letters.”

On January 15, 2021, The U.S. Trade Representative (USTR) released a Section 301 report on Vietnam’s currency valuation practices. The report follows the conclusion of public hearings and submission of rebuttal comments in late December of 2020 and early January of 2021.

Notably, USTR’s press release states that “ USTR is not taking any specific actions in connection with the findings at this time but will continue to evaluate all available options.

Vietnam Currency Investigation Conclusions

  1. Vietnam’s acts, policies, and practices that contribute to undervaluation of its currency, including excessive FX market interventions and other related actions, taken in their totality, are unreasonable; and
  2. Vietnam’s acts, policies, and practices that contribute to undervaluation of its currency, including excessive FX market interventions and other related actions, taken in their totality, burden or restrict U.S. commerce.

The report is available here.

The Federal Register Notice is available here

For more information on the investigation, including hearing transcripts and analysis please refer to our October 7, 2020, and January 6, 2021, posts below or contact    Evan Chuck, Robert L. LaFrankie,, Frances P. Hadfield, & Clayton Kaier

Vietnam Section 301 Hearing Transcripts

USTR Launches Section 301 Investigation Targeting Imports from Vietnam

 

 

On January 13, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated “two organizations, along with their leaders and subsidiaries, controlled by the Supreme Leader of Iran, the Execution of Imam Khomeini’s Order (EIKO), and Astan Quds Razavi (AQR).”

Although both purported to be charitable organizations (bonyads), Treasury states, “EIKO and AQR control large swaths of the Iranian economy, including assets expropriated from political dissidents and religious minorities, to the benefit of Supreme Leader Ali Khamenei and senior Iranian government officials. Alongside the previously designated Bonyad Mostazafan, itself controlled by the Supreme Leader, and the IRGC-owned Khatam al-Anbiya, AQR and EIKO are said to control more than half of the Iranian economy.”  The designation targeted EIKO and AQR as well as a number of their affiliates.

These persons are being designated pursuant to Executive Order (E.O.) 13876, which targets the Supreme Leader of the Islamic Republic of Iran and the Iranian Supreme Leader’s Office (SLO), as well as their affiliates.  EIKO was previously designated in November 2018 pursuant to the U.S. re-imposition of Iran-related sanctions resulting from its withdrawal from the JCPOA.

 

On January 13, 2020, U.S. Customs and Border Protection (CBP) issued a Withhold Release Order (WRO) for cotton and tomato products from Xinjiang, an autonomous territory in northwest China. This is the fourth WRO that CBP has issued since the beginning of Fiscal Year 2021, and the second on products originating in Xinjiang. Eight of the 13 WRO that CBP issued in Fiscal Year 2020 were on goods made by forced labor in China.

Notably, while previous actions have targeted specific items and firms originating from and having a presence in Xinjiang, this is the first WRO to target entire product types. Compliance concerns raised by the apparel industry have been met with guidance from CBP.

 The Agency’s Press Release included 6 out of the 11 possible forced labor indicators:

  • Debt bondage
  • Restriction of movement
  • Isolation
  • Intimidation and threats
  • Withholding of wages
  • Abusive living and working conditions

Additional forced labor indicators include: Abuse of vulnerability, deception, physical and sexual violence, intimidation and threats, and excessive overtime.

WROs are issued by the U.S. government when information reasonably but not conclusively indicates goods were made in whole or in part using Forced Labor. Merchandise detained under a WRO order must be exported immediately or a substantial submission made that provides specific information showing that the goods were not made with forced labor. To obtain a release of any shipment that has been subjected to a WRO, a certificate of origin along with this detailed statement regarding the merchandise’s production and supply chain origin must be submitted to CBP. CBP makes a determination on a case-by-case basis.

The Press Release is available here

The order is the latest U.S. action addressing rising global concerns over reports of forced labor in Xinjiang. For more information on actions addressing human rights and forced labor abuses, please see our January 12 post or contact John Brew, Jeffrey Snyder, Frances Hadfield, or Clayton Kaier.

 

 

In ruling NY N316505 (Jan. 4, 2021), Customs and Border Protection (CBP) discussed the classification of the “Sea Scooter,” a children’s pool toy capable of pulling/propelling the rider at a safe speed of 2 miles per hour and at a safe maximum depth of 10 feet underwater. As stated in the ruling, the item, powered by a 12V rechargeable battery, contains a shrouded propeller housing and equipped with two handles for the user to hold onto, each containing a handle-mounted push button control to activate the propellers.

Although it contains a camera mount, a camera is not included. The ruling states that the “Sea Scooter” is principally designed for the entertainment of children ages 8 years and older and the marketing and advertisement literature depict young children.

CBP determined that the applicable subheading for the “Sea Scooter” is 9503.00.0073, HTSUS, which provides for “Tricycles, scooters, pedal cars and similar wheeled toys…dolls, other toys…puzzles of all kinds; parts and accessories thereof… ‘Children’s products’ as defined in 15 U.S.C. § 2052: Other: Labeled or determined by importer as intended for use by persons: 3 to 12 years of age.”  The rate of duty is Free.

On January 12, 2021, the United Kingdom’s Foreign Secretary, as well as Canada’s Minister of Foreign Affairs and Minister of Small Business, Export Promotion, and International Trade, made parallel announcements outlining new measures to combat forced labor and human rights violations. The announcements come in the context of rising global concerns over reports of forced labor in Xinjiang, an autonomous territory in northwest China.

The United Kingdom’s measures to combat forced labor include: 

  • A review of export controls as they apply to Xinjiang. The review will determine which additional products will be subject to export controls in the future.
  • The introduction of financial penalties for organizations, with revenue of at least 36 million pounds ($49 million), who fail to meet their statutory obligations to publish annual modern slavery statements, under the Modern Slavery Act.
  • Detailed guidance to UK business setting out the specific risks faced by companies with links to Xinjiang and underlining the challenges of effective due diligence there.
  • Guidance and support for all UK public bodies to use public procurement rules to exclude suppliers where there is sufficient evidence of human rights violations in supply chains. Compliance will be mandatory for central government, non-departmental bodies, and executive agencies.
  • A Minister led campaign of business engagement to reinforce the need for UK businesses to take action to address the risk.

Canada’s measures to combat forced labor include:

  • The Prohibition of imports of goods produced wholly or in part by forced labor as prescribed under the Customs Tariff Act.
  • Requiring Canadian companies that are 1) sourcing directly or indirectly from Xinjiang or from entities relying on Uyghur labor, 2) established in Xinjiang, or 3) seeking to engage in the market, to sign an Integrity Declaration on Doing Business with Xinjiang Entities prior to receiving services and support from the Trade Commissioner Service (TCS)A Business Advisory on Xinjiang-related entities.
  • Enhanced advice to Canadian businesses (See Global Affairs Canada business advisory).
  • Export controls including the denial of export licenses if there is a substantial risk that the export would result in a serious violation of human rights or international human rights law under the Export and Import Permit Act (EIPA).
  • Increasing awareness for Responsible Business Conduct linked to Xinjiang.
  • A Study on forced labor and supply chain risks.

The announced measures continue a global trend of new policies targeting forced labor and human rights abuses.

The Press Releases are available here:

UK Press Release

Canadian Press Release

For more information on the United Kingdom and Canada’s announcements, as well as similar actions under the U.S. Magnitsky Act, please contact Michelle Linderman or Dj Wolff.

On January 5, 2021, President Trump issued an Executive Order prohibiting transactions “with persons that develop or control” eight “Chinese connected software applications”, including Alipay, CamScanner, QQ Wallet, SHAREit, Tencent QQ, VMate, WeChat Pay, and WPS Office (the “order” or the “EO”). The prohibitions, which also apply to subsidiaries of the software developers, would go into effect 45 days from the date of the order, February 19, at the earliest. The order directs the Secretary of Commerce to identify the transactions and targets of the prohibitions not earlier than 45 days after the date of the order. Notably, these dates will fall in the Biden Administration, and it’s unclear whether the new Administration will elect to implement the order, extend the date of implementation, or revoke the order entirely. There are no current restrictions on dealing with the listed applications or their developers or owners.

A provision in the order suggests that additional software applications may become subject to the prohibitions as the order directs the Commerce Secretary “to continue to evaluate Chinese connected software applications that may pose an unacceptable risk to the national security, foreign policy, or economy of the United States, and to take appropriate action . . . ”. The order defines “connected software application” to mean “software, a software program, or group of software programs, designed to be used by an end user on an end-point computing device and designed to collect, process, or transmit data via the Internet as an integral part of its functionality.”

Further, the order directs the Commerce Secretary, in consultation with the Attorney General and the Director of National Intelligence, to provide a report to the Assistant to the President for National Security Affairs with recommendations to prevent the sale or transfer of United States user data to, or access of such data by, foreign adversaries, including through the establishment of regulations and policies to identify, control, and license the export of such data. This report is to be provided no later than 45 days from the date of the order, so could be completed prior to conclusion of the Trump Administration.

The order, which is strikingly similar to the executive orders issued last August prohibiting transactions with the Chinese-owned parent companies of the mobile applications WeChat and TikTok, cites the same national emergency first set forth in Executive Order 13873 (Securing the Information and Communications Technology and Services Supply Chain). Specifically, the order describes the threat posed by the use of these apps: the collection of sensitive personally identifiable information (PII) made accessible to the government of the People’s Republic of China (PRC) and the Chinese Communist Party (CCP). According to the order, the concern – similar to that set forth in the WeChat and TikTok executive orders – extends beyond the ability of the apps to track Federal employees and contractors to the millions of users in the United States, whose use of the apps “would allow the PRC and CCP access to Americans’ personal and proprietary information.”

The order also cites the PRC’s and CCP’s “intent to use bulk data collection to advance China’s economic and national security agenda”, as demonstrated through the 2014 cyber intrusions of the Office of Personnel Management, the 2015 breach of the health insurance company Anthem, and the Department of Justice’s indictment of members of the Chinese military for the 2017 Equifax cyber intrusion.

The Commerce Secretary, in consultation with the Secretary of the Treasury and the Attorney General, shall adopt rules and regulations necessary to implement the order under the International Emergency Economic Powers Act (IEEPA).

Commentary

Depending on how the EO is interpreted and implemented, it could, based on the language of the order itself, apply domestically and extraterritorially to prohibit any person from using these software applications while in the United States and prohibit the use of the applications by U.S. persons outside the United States. Similar to the WeChat and TikTok orders, this order leaves ambiguity as to its scope, and its remains for the Commerce Secretary to define the “transactions” subject to the prohibitions and the persons to which it applies. For example, as was an initial question upon the issuance of the WeChat order, Tencent has ownership stakes in several U.S. companies other than Tencent QQ, especially in the video gaming industry. Accordingly, using the EO as grounds for prohibiting transactions with other companies or apps backed by Tencent could have far-reaching effects.

Also of note is the provision requiring a report with recommendations to prevent the sale or transfer of United States user data to, or access of such data by, foreign adversaries. This provision could be used as the basis for an entirely different set of policies and regulations designed to halt the transfer of U.S. person user data, whether done intentionally through a sale, business transfer, or as a result of inadequate safeguards (while “personally identifiable information” is defined in the order, “user data” is not). The term “foreign adversaries” is not defined in the EO, and the report could therefore touch broader group of nations than the China-specific elements of the current order.  Given that almost every consumer facing business today collects personal data and accumulates that data rather readily, such regulations could disrupt existing business models that include the sale or transfer of user data or require more stringent security protocols.

Despite the litigation that has resulted in court orders preliminarily enjoining the WeChat and TikTok bans from taking effect, this order largely mirrors those August 2020 executive orders, and perhaps answers the lingering question of whether those orders would serve as a template for future ones targeting additional Chinese software applications. Concerns over the collection of sensitive information and subsequent access by the PRC government has also been part of the rhetoric surrounding the Clean Network program, which includes in its five lines of effort the goal of removing trusted apps from untrusted PRC smartphones and their app stores.

This order is the latest in a series of actions that have targeted Chinese-owned companies over the past several months. This includes, but is not limited to: (1) an Executive Order issued in November 2020 that prohibits certain investments in designated Chinese companies with military ties; (2) expanded export controls (e.g., Entity List designations) of several of the entities on the list; (3) the Clean Network initiative’s targeting of Huawei; (4) recent restrictions by the Federal Communications Commission (FCC) that prohibit the use of universal service funds to purchase Huawei and ZTE equipment; (5) additional action by the FCC regarding several Chinese-owned telecoms, including China Mobile and China Telecom, both of which were named as Communist Chinese military companies by the Department of Defense and subject to Executive Order 13959; (6) a set of executive orders in August that targeted the mobile applications TikTok and WeChat (the Department of Commerce’s implementing rules have been temporarily enjoined by court order); and (7) the Committee on Foreign Investment in the United States’ (CFIUS) rejection of several transactions involving Chinese-owned companies as part of a stricter approach towards Chinese investment in the United States.

U.S. businesses, persons and institutions potentially affected by the new EO should, at a minimum, assess the degree to which their current or planned operations may be affected by the order, monitor developments and where appropriate provide input to the Executive Branch about further definition, implementation and impact of the order.