National Security at the Forefront

As we’ve highlighted in earlier Round-Ups, the Trump Administration has ramped up enforcement of export and other controls related to national security.

That includes a new set of regulations that came into effect in April regulating transfers of sensitive personal data. The regulations may look like new data protection requirements, but they are part of the Administration’s national security framework and include civil and criminal penalties.

New Regulations Restrict the Transfer of Americans’ Bulk Sensitive Personal Data

On January 8, 2025 the Department of Justice (DOJ) issued rules, required by Biden’s February 2024 Executive Order 14117, to establish a regulatory framework aimed at “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.”

The final rules took effect on April 8, 2025 and aim to restrict transfers of data that the U.S. government has deemed sensitive, including geolocation data and health data, and U.S. government-related data. The restrictions are meant to prevent exploitation by countries with an established record of collecting and using such data to enable hacking, surveillance, scams, blackmail, and other malicious activities. China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela are the current countries of concern under the regulations.

Sensitive data includes biometric, human ‘omic, personal financial, geolocation, personal health, and certain personal identifiers that exceed the bulk thresholds set by the new rules. Transfers of bulk sensitive personal data to enhance the artificial intelligence capabilities also fall within the scope.

The new rules involve a complex regulatory process broadly applicable to data sales or other commercial transactions involving transfers of bulk sensitive data. These include joint ventures, mergers, and acquisitions that involve countries of concern. Pre-existing agreements or arrangements that involve sensitive data are not grandfathered under the rules.

These regulations are timely in light of Treasury’s sanctioning on May 30 of Funnell Technology, a Philippines company that bought IP addresses in bulk from major cloud providers for scamming purposes.

Syria Sanctions Loosened, Other Sanctions Tightened

Syria

On May 25, 2025, the US Treasury and State Departments as well as FinCen effectively suspended the comprehensive sanctions that have been in effect on Syria for decades, opening the country for trade and investment. Three days later on May 28th, the EU similarly began lifting sanctions on Syria except for those related to security.

Restrictions on specific persons and entities related to the previous regime remain and the U.S. suspension is conditional on the Syrian government protecting religious and ethnic minorities and not providing safe harbor for terrorist groups.

Russia & China

In March, the U.S. Treasury Department let a 60-day exemption lapse for a number of Russian banks that was put in place by the Biden Administration in early January. As a result, the banks may no longer access U.S. payment systems to conduct major energy transactions, restricting access to American banking systems and making it harder for other countries to buy Russian oil.

China continues as a major target of increased sanctions. In early April, the administration sanctioned six high-level Chinese and Hong Kong officials for eroding Hong Kong’s independence, adding to the considerable number of Chinese entities and individuals on various prohibited parties lists.

Enforcement of National Security Regulations Continues

Export Controls

In February 2025, an Ohio aircraft parts manufacturer and three employees were charged with violating U.S. export control and sanctions laws by shipping controlled aircraft parts to sanctioned airlines in Russia.

Later that month, an Israeli freight forwarding company CEO was sentenced to prison and fined. According to the federal indictment, he operated as a freight forwarder of choice for individuals and entities seeking to illegally export goods to Russia in violation of U.S. export control laws.

Other countries, notably the EU and Japan, have recently tightened their controls on dual-use and munitions and cracked down on diversions.

Anti-Money Laundering & Sanctions

In April, New York’s top financial regulator fined fintech company Block $40 million for AML inadequacies related to its Cash App payment platform. Block failed to adequately screen customers and enforce its transaction limits effectively.

In early June, UK authorities jailed a well-known London art dealer for providing terrorist financing by knowingly selling artwork to a Hezbollah financier. The dealer will serve a 2.5-year sentence.

Ethena Tip: Ensure relevant policies and training such as Export Controls and Anti-Money Laundering, cover scenarios such as these.
 

Sample Training: Export Controls

 

Department of Justice New Corporate and White Collar Enforcement Policies

On May 12, 2025, the head of the Department of Justice’s (“DOJ”) Criminal Division, Matthew R. Galeotti, announced significant changes to the Division’s corporate and white-collar enforcement policies and priorities, declinations, limits on monitors, and updates to the whistleblower policy.

The changes were summarized in a Memorandum published the same day. Some of the key points included:

  • Prosecutors must “avoid overreach that punishes risk-taking and hinders innovation,” and abide by three core tenets: focus, fairness, and efficiency in alignment with the Administration's America First agenda.
  • New priorities for white collar enforcement including traditional areas such as fraud, waste and abuse in the defense and healthcare sectors, Ponzi schemes and investment fraud but also sanctions, customs fraud, and money-laundering, particularly if cartels or transnational criminal organizations are involved.
  • Bribery is listed as a priority if it impacts U.S. national interests, undermines U.S. national security, harms the competitiveness of U.S. business, and enriches foreign corrupt officials.

The DOJ corporate whistleblower program is expanded to include:

  • Violations by corporations related to international cartels or TCOs, including money laundering, narcotics, controlled substances violations, and others
  • Violations by corporations of federal immigration law
  • Violations by corporations involving material support of terrorism
  • Corporate sanctions offenses
  • Trade, tariff, and customs fraud by corporations
  • Corporate procurement fraud

Despite rhetoric on prosecutorial “overreach,” the Memorandum includes continued DOJ focus on seeking cooperation from corporations, voluntary disclosures and the prosecution of individual wrongdoers.

FCPA Enforcement Resumes

Our previous updates have covered the Administration's pause, redirection and review of Foreign Corrupt Practices Act (FCPA) enforcement. On June 10th, the Deputy Attorney General issued guidance on investigations and enforcement of the FCPA (“Guidelines”) as a follow up to the Administration’s pause and review initiated in February. The Guidelines spell out how the Administration will pursue FCPA cases.

  • The Guidelines, consistent with other Administration regulatory approaches, stipulate that FCPA investigations and enforcement actions must serve U.S. priorities, such as prosecuting cartels, terrorists and transnational cartel operations.
  • The Guidelines also prioritize misconduct depriving “specific and identifiable” U.S. entities of fair access to compete or that resulted in economic injury to “specific and identifiable” American companies or individuals.
  • Another priority is alleged misconduct that presents a threat to U.S. national security due to the involvement of key infrastructure or assets or because the corruption occurs in the defense or intelligence sectors.
  • Cases involving substantial bribe payments, sophisticated concealment, fraud, and where the alleged misconduct bears strong indicia of corrupt intent will also be a priority.
  • The Guidelines make explicit that enforcement actions “shall not” focus on low-dollar amounts or generally accepted business courtesies and make reference to exceptions for facilitation payments and other affirmative defenses under the FCPA for payments lawful under local law and reasonable, bona fide payments related to business activities.

In addition, the Guidelines make various changes to FCPA investigation procedures and suggest that enforcers may focus more strictly on individual knowledge and participation in bribery schemes rather than more general approaches to corporate culpability.

Finally, during the past months, a number of ongoing DOJ investigations have been closed without penalties. Those include Stryker, Bombardier, Leidos and Digicel as well as two former executives of Cognizant Technology Solutions. The DOJ has also terminated at least two non-prosecution agreements early since January, those with Albemarle and Stericycle.

Ethena Tip: This is a clear signal that while FCPA enforcement may be reduced from where it has been in years past, there will be future enforcements and investigations. Thus organizations should take measures such as internal controls and training that minimize risk of FCPA violations, especially as it relates to this guidance.