Amie Rooney, Director Counsel of Ethics & Compliance, Marvell

On April 28, 2020, the United States Commerce Department, Bureau of Industry & Security (BIS) issued an expanded rule under the Export Administration Regulations (EAR) that imposed new requirements for exports to China, Russia, and Venezuela. The expanded rule under EAR Section 744.21, which went into effect June 29, 2020, imposes an affirmative duty on companies in the technology space, and others, to engage in increased diligence about where and with whom their products will end up when exporting certain controlled items and technology to China, Russia and Venezuela. The intent of the rule is to guard against the sale of these items to, or in support of, military end users and military end uses in those countries. These changes are intended to address the rise of “civil-military integration” in countries of national security concern to the United States, but unfortunately, are broadly worded and suffer from a lack of guidance on the metes and bounds.

BIS included in the revised rule an expanded list of covered items trackable by enumerated Export Control Classification Numbers (ECCNs), notable in that it includes categories of common electronics, telecommunications equipment, navigational equipment, and information security products that are not otherwise subject to stringent export controls.  Due diligence is required to understand the nature of the ultimate usage of the product in these countries. Any military end user or end use will require an export license.

Unlike prior incarnations of the rule, the new revision also includes an expanded definition of “military end user” and “military end use.”  But the expansion is less than clear.  The broadened definition purports to include any item that “supports or contributes to the operation, installation, maintenance, repair, overhaul, refurbishing, development or production of military items.” The broadened scope also identifies each element of the definition of “use” as independently determinative, such that meeting any one of the six elements on its own is sufficient to qualify as “military end use” under the rule.  Finally, once the military end use or user of the product is established, an export license is required prior to shipment, and the rule cautions applicants for these licenses that there will be a “presumption of denial.”

The logical and pressing question from the business executives in companies like ours is, what do technology companies engaged in the business of selling hardware have to do to comply with this revised rule?  The reality we are facing in these jurisdictions is that it is very difficult to discern whether a company in need of American-led technology is a military end user or providing support for a military end use. For example, Chinese companies typically have diverse commercial and military business interests and are required by their law to provide the products the Chinese government may request without question and without advertising these sales. The risk of proceeding with certain exports to China without a license from BIS may be elevated substantially, considering the U.S. State Department’s official statements about the efforts in China for “civil-military fusion.”  Therefore, expanded due diligence efforts are imperative in the tech context where hardware or software with basic “mass market” applications are now squarely implicated by the rule.

One thing is certain, companies cannot just take the foreign entity’s naked word for it that there is no military end use or user for these products. Foreign companies and governments also monitor these rule changes by the U.S. government and are highly unlikely to be forthcoming to American-driven questions about their support of military use.  So, here are some additional strategies to consider helping break through the silence:

  • Press for additional clarification in a supplemental request to the entity – ask, ask, and ask again.
  • Engage with all levels of personnel in the business and have your business and salespeople bring it up regularly, throughout the life cycle of both the initial business approach and the on-going relationship.
  • Propose and hold out for robust contractual terms and certifications to confirm the end use and end user are not military-related.
  • Do your own research or engage a third-party expert. While the internet is a strong tool to exam what public sources may be available about an entity’s key personnel, related companies, and large contracts, there are inherent challenges to an open source review of available information (language and available time are two obvious obstacles) and a company may need to engage a third-party with expertise (or the ability to build and scale this expertise) in public information review for company ownership and relationships.

A smart company will also offer training for personnel involved in both developing products and selling to these jurisdictions, with a focus on relevant items in a company’s product line and research and development activities in those areas. To that end, design and implement “Red Flag training,” or more specifically, military end user training with a focus on how to identify key red flags in dealing with customers in these jurisdictions, and also includes a defined escalation path to various teams and stakeholders within your organization (direct sales teams, indirect & corporate sales teams, sales operations) when a military end user or end use is encountered or suspected. Importantly, all these diligence efforts will be wasted unless you carefully and consistently document your company’s efforts to clarify the end use and research the buyer or consignee’s ownership and relationships:

  • Design and Implement “Military End User Certification”
  • Obtain MEU Certifications from distribution partners
  • Obtain MEU Certifications from impacted customers in China/Russia/Venezuela
  • Implement and track quarterly internal MEU certifications from your sales team in each jurisdiction

In the very short term, companies should make an action plan, if they haven’t already, for how to address impacted transactions already in the pipeline or on backlog now that the rule has gone into effect.

  • Review the product classifications in the rule for possible re-classification opportunities.
  • Conduct enhanced screening (retroactively, and to the greatest extent possible) to determine whether the end user of the product should be considered a MEU or the product has potential military end use.
  • When an end use or end-user in a particular transaction is considered a MEU, consider applying for an export license – thereby testing the stated concept of “presumption of denial.”

Having informed employees who are paying close attention to the red flags is likely to be the best strategy of all. For example: Marvell is not unique in that it sells many of its products through a distributor model, particularly in the Asian market. If a distributor received an order for impacted products from an end user that didn’t appear to be military end user, but follow-up emails from the customer included other parties with email domains of military end users, that might indicate that the real customer would be implicated by the rule and is attempting to obscure its participation through the use of intermediaries. Or maybe a customer orders an unusual quantity of Marvell products. The largest sale that distributor ever had was for 25 items, but the customer now wants to buy a thousand, again potentially indicating a straw purchaser.  Another red flag might be when a customer declines routine software or firmware downloads, or other technical support necessary for the long-term use of the products as designed.  It might be that in each of these cases, the distributor or customer may have a reasonable, non-prohibited explanation for these anomalies, but it also might indicate a problem.  In this way, it is incumbent on companies to stay alert to any such subterfuge in the export process to these markets.

For good and for bad, this is not a static issue. As recently as June 25, 2020, BIS issued some additional guidance in the form of “FAQs” as an attempt to help companies navigate these new requirements.  For example, one FAQ response clarified that companies who sell certain mass-market products such as laptops, mobile phones, and other standard electronic devices through distributors who may, in turn, provide those products to both military end users and non-military end users are only required to seek a license if they have “knowledge that the distributor intends to re-export or transfer those products for a ‘military end use.’” Further, the definition of “knowledge” has been clarified to include not just certainty but also a “high probability of its existence or future occurrence,” and this awareness can be “inferred” from both conscious disregard of facts and willful avoidance of them.  Thus, BIS seems to be counseling companies to make every effort to engage in a very fact-specific analysis of whether an end use or end user would trigger the license requirement, and ensuring its diligence is robust and complete rather than taking a naïve hear no-evil, see no-evil approach.  Not even a change of executive administration is likely to affect the trajectory of the U.S. government’s continuing to tighten restrictions on exports to these jurisdictions, and technology companies may only be a small piece of that strategy. Only time will tell.

Because they have stated they are open to issuing “Advisory Opinions” on specific facts, companies across all affected industries should continue to press BIS to provide further clarification on the scope of the rule to help reduce confusion before too many have to expend significant efforts and resources that might not meet BIS’s amorphous standard of higher, deeper “diligence.”  We would all benefit from that clarification to narrow what, on first glance, seem to be extremely unrealistic expectations.


About the Expert:

Amie Rooney is Marvell Semiconductor’s Director Counsel of Ethics & Compliance, having recently completed almost 12 years of service to the United States Department of Justice as an Assistant United States Attorney in California, prosecuting individuals for crimes ranging from theft of trade secrets and wire fraud to computer hacking and human trafficking.  Before entering public service, Amie spent seven years in “big law,” representing technology companies and investors in all stages of business growth and litigation, with a particular emphasis on cross-border internal investigations.  Recognized by the Department of Justice, judges, opposing counsel, and various public interest groups for her honor and integrity, her favorite accolade was being named an “Unsung Hero” by California Victim’s Support Network.  Amie is enjoying the new challenges of joining such an exciting and innovative business leader as Marvell, lending her unique skills to supporting Marvell’s commitment to its core behaviors and Code of Ethics.