In late December 2016 and early January 2017, the U.S. government took action to sanction Russian individuals and intelligence agencies determined to be involved in hacking activities related to the November U.S. presidential election.
Specifically, on Dec. 29, 2016, President Obama amended and expanded an existing executive order to authorize targeted sanctions against Russian individuals and entities involved in hacking Democratic Party political organizations for the purpose of affecting November’s presidential election. The previous executive order of April 1, 2015, authorized the imposition of sanctions on persons engaged in malicious cyber-enabled activities that caused harm to U.S. national security, foreign policy, or the economic health or financial stability of the United States. The amendment allows the U.S. government to sanction individuals or entities that interfere with a U.S. election. Pursuant to the amended executive order, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) imposed targeted sanctions against several Russian individuals and entities involved in the Russian intelligence sector.
In addition, on Jan. 4, 2017, the U.S. Department of Commerce, Bureau of Industry and Security (BIS) added the same entities to its Entity List.
Finally, as part of the actions taken in response to the election hacking, the U.S. government announced the expulsion of 35 Russian diplomats from the United States. The new measures come on the eve of the change in presidential administration, which is injecting uncertainty into the future of the United States’ sanctions against Russia.
Amended Executive Order 13694
The amended Executive Order 13694 (E.O. 13694), “Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities,” targets individuals and entities that threaten U.S. interests by tampering with, altering, or causing a misappropriation of information with the purpose or effect of interfering with or undermining election processes or institutions, or that have materially assisted, sponsored, or provided support to those that have engaged or attempted to engage in malicious hacking activities. U.S. persons are prohibited from engaging, directly or indirectly, in most transactions with individuals and entities sanctioned pursuant to the E.O., and U.S. persons are further required to block property and interests in property of designated individuals and entities.
OFAC Targeted Sanctions
The amended E.O. 13694 identified five entities and four individuals involved in hacking activities related to the U.S. presidential election. OFAC imposed targeted sanctions upon them as well as two additional individuals by adding them to the list of Specially Designated Nationals (SDN List). Notably, the sanctioned entities include the main Russian intelligence entities, the GRU and the FSB, as well as two entities engaged in intelligence-related activities. Also sanctioned were the current chief, deputy chief, and two first deputy chiefs of the GRU.
BIS Export Restrictions
Besides their addition to the SDN List, all five entities identified in the amended E.O. 13694, including the GRU and the FSB, were also added to the BIS Entity List. Designation to the Entity List imposes a license requirement for exports, reexports, or in-country transfers to these entities of all items subject to the Export Administration Regulations (EAR). All BIS export license applications involving any of the newly-listed entities are subject to a licensing policy of denial.
Compliance with the New Measures
The status of U.S. sanctions against Russia appear unsettled at this time, given President-Elect Trump’s apparent relationship with Russia on the one hand, and the recent congressional hearing on Russian hacking along with the seemingly broad consensus of the U.S. intelligence community on the other. Any person or entity subject to U.S. law should consult with counsel to carefully review its relationships in Russia and assess the potential risk for interactions or transactions with designated individuals or entities.
U.S. persons are prohibited from dealings with individuals and entities that are named on OFAC’s SDN List. In addition, a license is required to export items subject to the EAR to any of the entities named to the Entity List. A violation of U.S. sanctions can result in both criminal and civil enforcement in the United States. Accordingly, companies should continue to screen all parties to international transactions against all of the most up-to-date U.S. government lists of designated and sanctioned individuals, entities, and prohibited transactions. Perhaps even more challenging from a compliance standpoint, U.S. persons are likewise prohibited from dealings with entities that are not specifically enumerated on the SDN List, but are owned 50 percent or more in the aggregate by any designated entities or individuals. As such, it is imperative to implement risk-based compliance programs to minimize the chances of even inadvertent activities with these entities.