Ian Cohen

C-suite officials need to be more involved in their companies’ export compliance programs, the Bureau of Industry and Security’s top export enforcement official said this week. He also urged businesses to review -- and potentially expand -- their current programs to keep pace with export controls risks, especially as various government agencies work more closely together on investigations, indictments and sanctions.

The Bureau of Industry and Security is seeing fewer unintended impacts from its most recent October 2023 chip controls compared with the initial set of rules released in 2022, a BIS official said this week. The official also said BIS is working to identify certain companies, including potentially Chinese chip making facilities, that are restricted from receiving sensitive U.S. chip manufacturing equipment, which could help exporters more easily do due diligence on their customers and supply chain partners.

The Bureau of Industry and Security reached a $153,175 settlement with Wabtec, a U.S. rail technology manufacturer and supplier, after the company violated BIS’ antiboycott regulations. The agency said Wabtec committed 43 violations when it failed to report to BIS that it received requests from a Pakistani customer to boycott goods from Israel.

The Commerce Department is proposing new rules that could require U.S. cloud service providers and their foreign resellers to follow know-your-customer (KYC) requirements, a step the agency said would prevent those services from being used to aid cyberattacks and to train artificial intelligence models that threaten U.S. national security. The proposed regulations are specifically aimed at preventing “foreign malicious cyber actors” from using U.S. infrastructure-as-a-service products to steal American intellectual property and sensitive data, commit espionage, and train large AI models for cyberattacks on U.S. critical infrastructure.

The U.S. and the EU are making progress on more closely aligning their encryption-related export controls, a senior Bureau of Industry and Security official said last week, along with differences in export licensing and classification.

The Bureau of Industry and Security has been experiencing delays in semiconductor-related export license applications due to a higher number of disagreements with the other agencies that also review those licenses, a senior BIS official said this week.

The Bureau of Industry and Security is preparing to announce more “significant” export penalties and corporate resolutions this year, said Matthew Axelrod, the agency’s top export enforcement official. He also said exporters should see more export-related indictments as part of a joint effort with DOJ, and he continued to pitch a BIS funding boost, which would help it hire more export enforcement agents.

Dutch chip equipment maker ASML isn’t expecting to receive export licenses this year to ship several of its deep ultraviolet immersion lithography systems to China, along with one older DUV tool not previously disclosed by the company.

The Bureau of Industry and Security will likely issue more penalty announcements this year for export control violations, a former senior BIS enforcement official said, suggesting the current state of enforcement is unprecedented.

Companies should avoid internal policies that require them to disclose all potential sanctions and export control violations to the government, lawyers with Foley Hoag said this week. Although it may seem like a sound compliance policy, the lawyers said that language can backfire, including in cases where a voluntary disclosure may not be the best option.