Companies Disclose Status of Potential Sanctions, Export Control Violations
Several companies this month disclosed potential export control or sanctions violations or updated the status of their current disclosures, including an information technology services company, an investment firm and a digital asset services company. The potential violations involve a business trying to exit the Russian market, a company potentially illegally sending export-controlled data and a firm waiting years for a response to two sanctions disclosures.
Virginia-based DXC Technology, which provides IT services, may have violated U.S. sanctions and export controls against Russia, the firm said in its SEC filing. The company said it submitted initial notifications of voluntary self-disclosures in August to both the Office of Foreign Assets Control and the Bureau of Industry and Security regarding its “exit from the Russian market last year” after Russia’s invasion of Ukraine.
DXC said its disclosure to OFAC involves its subsidiary, a software company called Luxoft, and the sale of Luxoft’s Russia business to brokerage firm IBS Holding in April 2022. The disclosure to BIS involves “potential export control violations in connection with” DXC’s exit from Russia. DXC said it’s still reviewing the potential violations and “may make further disclosures to relevant agencies as its review continues.”
Leo Holdings, a special acquisition company formed by British investment firm Lion Capital, said it's working on a final voluntary self-disclosure to BIS after submitting an initial notification in December 2021. The company said it may have “inadvertently” provided export-controlled third-party technical data to a U.K. consultant in “apparent violation of U.S. export control laws.”
Leo plans to submit its final disclosure “after completing review of the matter,” adding it's working to improve its policies and procedures relating to export control and sanctions compliance, including the implementation of a technology control plan for all export-controlled projects and personnel trainings.”
The company warned investors it “cannot assure” them that these procedures, “including following our planned enhancements, will prevent violations in the future.” If BIS determines the company violated export controls, it may face “reputational harm, as well as other negative consequences, including government investigations, substantial civil or criminal penalties and possible loss of export or import privileges.”
Exodus Movement, a digital assets company, said OFAC is still reviewing years-old disclosures and subpoena responses relating to the company’s potential sanctions violations involving countries subject to U.S. trade embargoes. Exodus said it first received a subpoena from OFAC in 2018 regarding potential Iranian sanction violations, and soon after submitted a disclosure involving free downloads of its “un-hosted and non-custodial software wallet for digital assets” in certain embargoed countries, which may have included Cuba, Iran and Syria. The company said it received a second OFAC subpoena in 2021 seeking information about its “potential transactions” with certain North Korean “cyber actors,” adding it gave OFAC “responsive documents.”
Since receiving the subpoenas, Exodus said it has introduced a range of new measures to improve compliance, including establishing sanctions compliance policies and procedures, providing compliance training to employees and “blacklisting addresses” on OFAC's Specially Designated Nationals List “from interacting with” third-party application programming interfaces. The company also said it introduced geo-blocking technology to block parties with internet protocol addresses linked to embargoed countries. “We are continuing to cooperate with OFAC’s review of our response to the Subpoena and our voluntary self-disclosure,” Exodus said, “which is ongoing.”