ExportLawBlog » 2013

Archive for January, 2013

Jan

15

Romanian Court OKs Extradition of Former Official on U.S. Export Charges

Posted by Clif Burns at 11:49 pm on January 15, 2013

ABOVE: Aurel Fratila and Bianca
Brad

According to this article, a Romanian court has approved the extradition to the United States of former Romanian Ministry of Defense official Aurel Fratila. Â He Â is accused by U.S. prosecutors of attempting to export military items from the United States to Iran through Romania. The indictment, which dates back to 2006, can be found here.

Because the export of the items violated U.N sanctions on arms shipments to Iran, they were also illegal under Romanian law, which explains why the Romanian court approved the extradition. Fratila’s Iranian conspirator, Jamshid Ghassemi, was arrested in Thailand in 2006 on a provisional warrant under the U.S. indictment but the local courts denied extradition.

Mr. Fratila is best known in Romania as the boyfriend of Romanian actress Bianca Brad. She, in turn, is best known in the United States for her acclaimed performance Â in the 1999 blockbuster film Teenage Space Vampires. According to this Romanian press account, she has posted on her Facebook page (where else would a Romanian starlet post anything?) a defense of her boyfriend, arguing that Fratila is innocent and the victim of a set-up.

Permalink

Comments (1)

Jan

10

Why Mom and Pop Don’t Export

Posted by Clif Burns at 5:50 pm on January 10, 2013

Category: Export Reform

Exports Common wisdom is that for the United States to increase its exports, it needs to increase the number of exporters. And since most current exports are made by the largest companies, the Department of Commerce has argued that we need to increase exports by small and medium companies.

A recent study presented at the World Bank, and reported yesterday by the Washington Post, suggests that this strategy may be doomed to failure. According to the study,

Big companies grow bigger and export because they are already successful; they donâ€™t become successful and large because they export.

Of course, seasoned exporters probably snicker at the concept of encouraging Mom and Pop companies to start exporting given the complexity of export regulations, the overwhelming costs of compliance, and the massive penalties imposed by State, Commerce and Treasury (not to mention criminal prosecutions) on companies that don’t get every last detail right. Part of the reason why exporting is principally a pastime of the big boys is that they are the only ones who can afford to pay the costs and run the risks involved. For those who can’t, better (and safer) to sell your widgets to people in Muncie and Peoria.

Permalink

Comments (1)

Jan

9

Cyber Attacks on U.S. Banks May Be Iranian Retaliation for Sanctions

Posted by Clif Burns at 11:53 pm on January 9, 2013

Category: Foreign Countermeasures • Iran Sanctions

According to this article in the New York Times, the recent DDOS attacks launched against U.S. financial institutions were likely the work of the Government of Iran and in retaliation for U.S. sanctions against Iran and its financial institutions. These attacks, which started in September, have targeted, and caused temporary disruptions to, sites of “Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC, Capital One, Fifth Third Bank, BB&T and HSBC.” Because of the nature of DDOS attacks, these disruptions caused inconveniences to the banks and their customers who were unable to access the websites, but did not result in the theft or compromise of financial data.

The chief evidence for this is indirect: the scope and sophistication of the attacks. Apparently, the attacks infected large data centers with malware and then used those data centers to barrage U.S. institutions web sites with requests in an effort to overwhelm them and take them down. The use of the data centers resulted in attacks that, in some instances, peaked at 70 gigabits.

Although no data was compromised in this instance, the use of data centers in these attack raises yet again the issue of cloud computing and export law given that the malware that turns the data centers into attack bots could, in theory, access customer information, including export-controlled technical data, which might be stored in those data centers. The article does not identify the data centers involved, or whether they were located in the United States or abroad, but if any of these were located in the United States, where U.S companies would be permitted, at least in theory, to store controlled technical data without export licenses, the possibility that a deemed export of that data to Iran has occurred is quite real.

Traditional thinking in the murky area of export law and cloud computing has been that storage of export-controlled technical data on clouds physically located in the United States raised no export control issues. But if these clouds are increasingly targeted by non-U.S. hackers, this assumption may no longer be valid.

Permalink

Comments Off

Jan

8

When a Voluntary Disclosure Isn’t a Voluntary Disclosure

Posted by Clif Burns at 9:14 pm on January 8, 2013

Category: OFAC

Ellman International HQ The new owners of Ellman International Inc., a New Jersey supplier of medical devices, agreed to pay the Office of Foreign Assets Control (“OFAC”) $191,700 to settle charges that the prior owners of the company exported medical devices to Iran and hired a physician in Iran without authorization from OFAC. Allegedly the medical devices were shipped to Iran through a middleman in Dubai with the knowledge and participation of senior management of the old owners. When the new owners of Ellman discovered the violations after the acquisition, they voluntarily disclosed the violations to OFAC.

Sadly, at least for the new owners, OFAC held that the voluntary disclosure wasn’t a voluntary disclosure under OFAC’s Enforcement Guidelines. In holding that the voluntary disclosure wasn’t a voluntary disclosure, OFAC had this to say:

[T]he submission was determined not to be a voluntary disclosure as defined by OFACâ€™s Economic Sanctions Enforcement Guidelines, 31 C.F.R. part 501, App. A (â€œthe Enforcement Guidelinesâ€). OFAC had previously been notified of a rejected transaction between Ellman and a customer located in Iran but did not at that time learn the full scope of the activity because Ellmanâ€™s prior owners failed to properly respond to OFACâ€™s inquiry.

Now, of course, there is a good argument that the one rejected transaction wasn’t eligible for treatment as a voluntary disclosure because OFAC had already been informed of it by the rejecting third party. But it seems more of a stretch to say that everything else in the new management disclosure wasn’t a voluntary disclosure simply because prior management did not respond to an earlier OFAC inquiry on the rejected transaction. Let’s look at the actual language of the Enforcement Guidelines which, shocking as that Â may sound, should control here:

Notification to OFAC of an apparent violation is not a voluntary self-disclosure if: a third party is required to and does notify OFAC of the apparent violation or a substantially similar apparent violation because a transaction was blocked or rejected by that third party (regardless of when OFAC receives such notice from the third party and regardless of whether the Subject Person was aware of the third party’s disclosure); the disclosure includes false or misleading information; the disclosure (when considered along with supplemental information provided by the Subject Person) is materially incomplete; the disclosure is not self-initiated (including when the disclosure results from a suggestion or order of a federal or state agency or official); or, when the Subject Person is an entity, the disclosure is made by an individual in a Subject Person entity without the authorization of the entity’s senior management.

Nope. Nothing there at all about failing to respond to an OFAC inquiry as forever barring any future disclosure from being given credit as a voluntary disclosure.

Of course, the moral here is not just that OFAC often doesn’t pay attention to its own regulations. The more important moral, because it’s something that you can do something about, is that acquiring parties need to conduct adequate due diligence and discover export violations before the deal closes, i.e., before it’s too late. Perhaps the new owners did conduct such due diligence, in which case it is likely that there is a hold-back on the purchase price that will be used to pay this fine. But if they didn’t, that was an expensive mistake.

Permalink

Comments Off

Jan

4

Washington Post Jumps On The “ITAR-Certified” Bandwagon

Posted by Clif Burns at 3:23 pm on January 4, 2013

Category: DDTC • Part 122

Buried among all the articles on the recent events on the Hill, the Washington Post snuck in an article on the White House’s export control reform initiative and on export controls in general. Unfortunately, but not surprisingly, the reporter gets tangled up in the complexities of the current export control regime and muffs a few things.

The worst of these errors was the simplest one to avoid. As regular readers of this blog know, we have spilled several million gallons of digital ink (or should I say illuminated millions of computer screen pixels?) decrying and ridiculing the concept that the required registration under the International Traffic in Arms Regulations (“ITAR”) for manufacturers of defense articles represents some kind of “certification” of the manufacturer. Â Instead, registration signifies nothing more than that the manufacturer filled out a Â brief form disclosing certain corporate information and paid the required fee. It is not, by any stretch, an “ITAR certification.”

But now this “certification” canard has wriggled its way into the august pages of Washington’s paper of record:

Building the boards in the United States costs Kincaid â€œ100 to 400 percentâ€ more, he says, but he did not hesitate to fill out the paperwork five years ago and pay the fee, which is now more than $2,000, to become an ITAR-certified manufacturer because he appreciated the made-in-the-United-States sentiment and thought that it might â€œbring some of the work back.â€

Sigh.

And then there’s this:

So a defense contractor sending equipment for U.S. military use on a battleÂfield abroad must obtain its authorization to â€œexportâ€ its product to a foreign country.

No. If the manufacturer sells the equipment to the U.S. military and they take it abroad, the manufacturer doesn’t need a license.

And this:

As Abrams sees it, the trouble for businesses like Kincaidâ€™s isnâ€™t compliance with export controls but the uneven application of the controls. For instance, her organization has seen identical bid requests â€œwith one stamped ITAR and one not stamped ITAR,â€ she says. So if one company complies and the other does not, then the noncompliant manufacturer seizes a significant competitive advantage, assuming no one comes calling from the departments of State, Commerce or Treasury â€” three agencies with different computer systems, missions and cultures, but all with responsibilities in export controls.

Again, no. Neither Commerce nor Treasury would have any responsibilities or jurisdiction over the unauthorized export of ITAR-controlled items.

I spent some time speaking with the reporter on this story and, apparently, did not do a good enough job communicating to him some export control basics, so I take part of the blame for these last two errors. But, I made a big deal with him about “certification” versus “registration,” so there was no excuse for that mistake.

Permalink

Comments (8)