Recent Department of Justice Action on Export Controls Emphasizes Potential Threats from China
In a significant move, semiconductor company Cadence Design Systems has agreed to a $140 million resolution with the Department of Justice (DOJ) and the Department of Commerce, following admissions of engaging in transactions with China's National University of Defense Technology (NUDT) between 2015 and 2020.
The case underscores the US government's focus on national security risks from sensitive technology transfers to adversary nations. The NUDT, which has been restricted under the BIS's Entity List since February 2015 due to its involvement in producing semiconductors that support China's nuclear weapons program and other military uses, was at the centre of the violations.
The plea agreement highlights aggravating factors such as the sensitive nature of the items and technologies at issue, and knowledge of the violative conduct by Cadence through its subsidiaries. However, it also identifies mitigating factors such as Cadence's implementation of remedial measures.
In light of the settlement, Cadence has agreed to several key elements of a strong risk-based export control compliance program. High-level commitment from directors and senior management to oversee the compliance program is essential. Clear and visible policies and procedures targeting specific areas such as customer onboarding, "know your customer" and due diligence, periodic customer reviews for export and sanctions risks are also crucial.
Periodic risk-based reviews of the compliance program, conducted at least annually to assess effectiveness and update practices, are necessary. Senior corporate executive oversight dedicated to the compliance program to ensure accountability is also important.
Regular training and certification requirements for employees on export controls, internal reporting mechanisms (whistleblowing) and investigations for potential compliance issues, and enforcement mechanisms and disciplinary measures for violations to maintain program integrity are all integral parts of the program.
Risk-based due diligence relating to mergers and acquisitions to prevent compliance breaches, periodic benchmarking and testing of compliance practices against evolving industry standards to maintain relevancy and effectiveness, and assigning senior corporate executives to oversee the compliance program are other key elements.
The plea agreement also specifies central compliance program elements and standards for Cadence's export compliance program. Furthermore, the agreement includes three years of ongoing reporting to DOJ regarding remediation steps and prospective compliance program implementation.
The resolution also requires two comprehensive independent internal audits aligned with BIS’s Export Compliance Program standards. Any violations found must be promptly disclosed, and ongoing compliance with these measures is tied to the validity of export licenses and privileges.
Preemptively addressing potentially violative conduct or engaging in an internal investigation to determine whether a violation has occurred before considering voluntary self-disclosure will be a key factor in mitigating any potential enforcement action. This program reflects a robust, dynamic, and proactive approach designed to monitor continuously the evolving regulatory landscape, ensure prompt remediation, cooperate with authorities, and prevent violations—vital given the sensitive technology and risk jurisdictions involved in the Cadence case.
The Trump Administration appears prepared to continue its efforts to limit Chinese access to sensitive technologies, such as semiconductors and advanced computing technologies suited for artificial intelligence. Contractual provisions that address export control risks through required due diligence or through representations of compliance with applicable law can help mitigate risk in business operations.
The burden of the "reasonable due diligence" standard is likely to continue shifting, making it increasingly important for companies to have a strong and effective export control compliance program.
- The sensitive nature of technology transactions, as seen in the Cadence case, underscores the need for companies to implement strong risk-based export control compliance programs, including high-level commitment from directors,clear policies, periodic reviews, training, internal reporting mechanisms, and ongoing monitoring of the evolving regulatory landscape.
- In light of increasing efforts to limit Chinese access to sensitive technologies, such as semiconductors and advanced computing technologies, companies must have a robust, dynamic, and proactive approach to export control compliance,; this involves preemptive addressing of potentially violative conduct, internal investigations, prompt remediation, cooperation with authorities, and contractual provisions that address export control risks.
