All Things Investigations: Episode 24 – The Information and Communications Technology and Services Rule with Tyler Grove and John Hannon

In this episode of All Things Investigations, we’re tackling a rule that every business executive and compliance officer needs to be aware of. It’s the IT Supply Chain Security Rule, and it authorizes the US Department of Commerce to review transactions involving property or services subject to US jurisdiction that come from foreign countries deemed as foreign adversaries, such as China and Russia. Joining host Tom Fox are Tyler Grove and John Hannon, who co-wrote a paper on this rule. They discuss the implications of the rule, its impact on trade with China and other countries, and what businesses need to know to stay compliant.

Tyler Grove is a partner at Hughes, Hubbard and Reed, specializing in sanctions, export controls, and foreign direct investment review. John Hannon is an associate at the same firm and works with Tyler in the International Trade Group, focusing on export controls and sanctions, as well as commercial litigation.

 

Some of the ideas discussed in this episode include:

  • The IT Supply Chain Security Rule gives the US Department of Commerce powers similar to those of CFIUS to review transactions and require mitigating action up to and including unwinding certain transactions if national security concerns are identified.
  • The rule applies to a broad range of products, including internet-connected software, data hosting and cloud services, networking equipment, internet-connected cameras, and potentially drones.
  • While it’s still early in the enforcement process, there could be indirect impacts on trade with China and other countries due to third-party partners refusing to engage in transactions for reputational reasons or otherwise.
  • Commerce has requested approximately $36 million to hire 114 positions dedicated to ICTS administration and enforcement, indicating that there will be more reviews and enforcement in the near future.
  • The ICTS rule targets companies that are headquartered or sending products from foreign adversary jurisdictions and aims to prevent these companies from acquiring US technology that could be used for national security purposes.
  • Companies that fall within the scope of the ICTS rule should conduct a risk assessment to identify any potential national security concerns that Commerce may have and form a response plan for internal stakeholders in the event of an enforcement matter.

 

KEY QUOTES

“There are some significant differences between the ICTS and CFIUS regimes. First, CFIUS regime allows at-risk companies to proactively seek review and clear their transactions. Although there is a proposed licensing procedure for this ICTS regime, it has not become effective yet.” – John Hannon

 

 “I think the clientele and types of target companies may dictate the regulatory attitude.” – John Hannon

 

“I think at this point we really are advising companies that are at risk to try to be proactive, think about ways that they could get ahead of potential ICTS enforcement action. Probably the very first place to start there is to conduct a risk assessment where a company would look at their products at the supply chain.” – Tyler Grove

 

“As we’ve mentioned a couple of times already, this rule is very much in the early stages right now, and so it’s almost certain that additional guidance will be forthcoming in the near future.” – Tyler Grove

 

Resources:

Hughes Hubbard & Reed website

Tyler Grove on LinkedIn

John Hannon on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

What are you looking for?