Last month, German software behemoth SAP SE (“SAP”) agreed to pay more than $8 million to settle “thousands of export violations spanning six years” with three different U.S. Government agencies. Here are two key learnings that have broad applications for many organizations in the United States and abroad.

FLIR Systems, Inc., agreed to a settlement with the Department of Commerce. The settlement alleges FLIR made inaccurate or incomplete representations, statements, or certifications to BIS and other U.S. Government agencies regarding a certain anti-tamper mechanism while seeking an official determination from the Department of Commerce on a newly developed product.

On April 27, 2021, the Directorate of Defense Trade Control (DDTC) released the contents of the latest Consent Agreement imposed on Honeywell International, Inc., who agreed to the settlement of the civil penalty of $13M for thirty-four violations of the ITAR specific to the unauthorized export or retransfer of technical data related to USML Categories VIII(i), XI(d) and XIX(g).

Fans of the movie “Office Space” are familiar with the dreaded TPS Report.  Recently, the U.S. Bureau of Industry and Security (BIS) finalized its plans to reduce reporting requirements for certain encryption items.

As the whole world is seemingly swept-up in the “crypto craze,” the Treasury Department’s Office of Foreign Assets Control (OFAC) just issued a stark warning to those companies whose businesses involve digital currency.

There have been many changes over the last few months when it comes to China. When doing business with China, exporters and businesses must be diligent in knowing their customer, understanding what they do, who they are owned by, who they own, and what their products will be used in or with, as well as conducting robust Restricted Party Screening.

There is an unprecedented rise of ransomware attacks against companies. As a result, many companies are finding themselves victims to cyber-attackers demanding payments to avoid shutting down their business. OFAC concerns must be addressed before any company decides to facilitate payment to cyber-attackers.