The United States Imposes New Sanctions and Export Control Restrictions to Further Constrain Russia’s War Efforts, Including by Targeting Supply Chains and Expanding Secondary Sanctions Authorities

Morrison & Foerster LLP


On June 12, 2024, the United States took several hard-hitting sanctions- and export control-related actions intended to intensify pressure on the Russian government and hamper Russia’s ability to continue to support its war in Ukraine.[1] The U.S. government designated over 300 individuals and entities (persons) deemed to be contributing to the Russian war effort, including the Moscow Exchange (MoEx) and related financial infrastructure players critical to the Russian economy, as well as supply chain and evasion networks in Russia and third countries. In addition, the United States issued new sanctions prohibitions to restrict the provision of certain U.S. information technology (IT) and software services to Russia. The United States also significantly expanded its criteria for imposing secondary sanctions on foreign financial institutions (FFIs) that continue to conduct or facilitate significant transactions or provide any service involving Russia’s military-industrial base. Finally, the U.S. Department of Commerce made additions to the Entity List and imposed new export controls designed to limit the items that can be transferred to Russia and Belarus without a license.

Driven by commitments made amongst the United States and its G7 partners, these measures demonstrate the United States’ continued resolve to punish Russia for its unjustified war on Ukraine, cut off the Russian war machine’s sources of support, and increase the secondary risks for third-country actors that continue to support Russia. Below we unpack these new restrictions, including where the U.S. government has issued authorizations and exceptions.

I. New Sanctions Targets

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) and the U.S. State Department imposed new blocking sanctions on hundreds of persons for providing support to Russia’s military-industrial base, including persons deemed to have operated in the defense and related materiel, manufacturing, technology, transportation, and financial services sectors of the Russian economy. Critically, the sanctions further attack Russia’s financial infrastructure through the imposition of blocking sanctions on MoEx, the National Clearing Center (NCC), and Non-Bank Credit Institution Joint Stock Company National Settlement Depository (NSD), key players in Russia’s securities and broader financial sectors. The United States also imposed sanctions on Russian entities involved in the development of liquified natural gas projects to further limit Russia’s ability to generate future energy-related revenues. Further, in line with current U.S. government priorities to aggressively target sanctions evasion, the United States targeted nearly 100 individuals and entities involved in sanctions evasion, circumvention, and backfill that contribute support to Russia’s war efforts, including numerous non-Russian persons—located in Belarus, the British Virgin Islands, Bulgaria, China, Kazakhstan, the Kyrgyz Republic, Serbia, South Africa, Thailand, Turkey, and the United Arab Emirates—that are involved in supplying Russia with the funds and items it needs to advance its position on the battlefield in Ukraine (e.g., electronics, high-priority technology, machine tools and equipment, drone parts, and weapons).

As a result of these sanctions, where a U.S. nexus or touchpoint is present, all direct and indirect dealings involving these newly targeted persons, as well as their property and their interests in property (including entities owned, directly or indirectly, 50 percent or more by one or more such persons), are prohibited unless authorized by OFAC or covered by a regulatory exemption. Relevant here, also on June 12, OFAC issued three new time-limited general licenses (GLs) authorizing, among other activities, certain wind-down and other securities and currency conversion transactions involving one or more of the newly sanctioned persons, including MoEx, NCC, and NSD, and issued related guidance.[2] OFAC also amended an existing GL—GL 8—which authorizes specific energy transactions to add NCC to the scope of such GL.[3]

II. Expanded Secondary Sanctions Risk for Foreign Financial Institutions

OFAC expanded the basis upon which the U.S. government can impose so-called “secondary sanctions” on FFIs engaged in transactions outside U.S. jurisdiction involving Russia’s military-industrial base. As explained in our client alert from earlier this year, on December 22, 2023, President Biden issued Executive Order (E.O.) 14114, which amended E.O. 14024—a core authority for the U.S. sanctions imposed after Russia invaded Ukraine in February 2022—by adding an authorization for the imposition of sanctions on FFIs determined to have:

      1. conducted or facilitated any significant transaction or transactions involving persons designated pursuant to E.O. 14024 for operating or having operated in specified sectors of the Russian economy determined to support Russia’s military-industrial base; or
      2. conducted or facilitated any significant transaction or transactions, or provided any service, involving Russia’s military-industrial base, including the sale, supply, or transfer, directly or indirectly, to Russia of certain identified military-related items.

In the June 12 action, OFAC broadened the term “Russia’s military-industrial base”—which is defined in OFAC’s Frequently Asked Questions (FAQs)—to include any person designated under E.O. 14024, regardless of the basis for designation, and notably including the numerous major Russian financial institutions that have been targeted with sanctions to date.[4] More broadly, thousands of persons have been designated under E.O. 14024, and that number will continue to grow as the U.S. government continues to impose costs on Russia in connection with its war in Ukraine.

OFAC issued updated guidance for FFIs to account for the significantly expanded definition of “Russia’s military-industrial base” and to provide new and updated guidance to FFIs seeking to mitigate the risk of being targeted for Russia-related activities under E.O. 14114. The revised guidance provides additional examples of controls that may help FFIs to mitigate risks under E.O. 14114, as well as examples of hypothetical customers and banks that OFAC would view as “higher” and “lower” risk. Notably, and potentially in response to feedback from the non-U.S. financial sector after the issuance of E.O. 14114, the updated guidance also underscores in numerous places that there is no “one-size-fits-all” approach to mitigating E.O. 14114 sanctions risk, and that the approach for each FFI will differ and should be “risk-based.” In line with this approach, OFAC made clear throughout the advisory that while some controls may be warranted for some FFIs and customers, which controls may be appropriate for a given FFI will depend substantially on the FFI’s risk profile and exposure to Russia.

Finally, consistent with its longstanding approach, OFAC clarified in guidance that FFIs do not risk secondary sanctions for conducting or facilitating transactions or providing services where those transactions would be authorized or exempt if conducted by U.S. persons, such as certain transactions related to food, agriculture, medicine, energy, and telecommunications.[5]

III. IT and Software Service-Related Sanctions Prohibitions

Pursuant to E.O. 14071—another Russia-related E.O.—OFAC issued a determination (the IT Determination) prohibiting, effective September 12, 2024, the exportation, reexportation, sale, or supply, directly or indirectly, from the United States, or by a United States person, wherever located, of:

  1. IT consultancy and design services; and
  2. IT support and cloud-based services for enterprise management software and design and manufacturing software (Covered Software).

OFAC issued several FAQs regarding the scope of the IT Determination, including how it intends to interpret key terms in the IT Determination such as “IT consultancy and design services,” “information technology support services,” “cloud-based services,” and more.[6]

Similar to prior U.S. service ban determinations, the IT Determination contains key exceptions. Specifically, the IT Determination does not prohibit the provision of:

  1. any service to an entity located in Russia that is directly or indirectly owned or controlled by a United States person;
  2. any service in connection with the wind down or divestiture of an entity located in Russia that is not directly or indirectly owned or controlled by a Russian person;
  3. any service for software that is subject to the Export Administration Regulations (EAR) and for which the exportation, reexportation, or transfer (in-country) to Russia is licensed or otherwise authorized by the Department of Commerce; or
  4. any service for software that is not subject to the EAR and for which the exportation, reexportation, or transfer (in-country) to Russia would be eligible for a license exception or otherwise authorized by the Department of Commerce if it were subject to the EAR.

OFAC clarified that the IT Determination is not intended to inhibit internet access or internet-based communication services, as evidenced by its amendment of GL 25 (through the issuance of GL 25D), which authorizes certain transactions ordinarily incident and necessary to the receipt or transmission of telecommunications involving Russia and the provision of certain services incident to the exchange of communications over the internet. GL 25D does, however, newly limit the categories of software, hardware, and technology authorized for export to Russia based on the export control status of the particular software, hardware, and technology at issue.[7]

Separately, OFAC also amended GL 6 (through the issuance of GL 6D) to expand the authorized humanitarian-related transactions to include humanitarian-related IT and software service transactions that would otherwise be prohibited under the IT Determination once it takes effect.[8]

The issuance of the IT Determination underscores the U.S. government’s resolve to continue to target critical services needed within Russia’s economy in coordination with its allies. Notably, the provision of IT and software services had previously been barred by the European Union (EU) and United Kingdom (UK). It remains to be seen whether the U.S. government will additionally target other categories of services (e.g., legal services or market research services) that have already been targeted in the EU, UK, or other allied jurisdictions.

IV. Export Control Measures

Also on June 12, 2024, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) issued a new rule imposing extensive export control measures on Russia and Belarus.[9] Notable new measures include:

  • Software Export Restrictions: Effective September 16, 2024, the export, reexport, or in-country transfer of a wide range of EAR99-designated software, including software updates, to Russia and Belarus will require a BIS license. Exceptions include civil end-users wholly owned by U.S.- or Group A:5/A:6-headquartered companies (i.e., countries with favorable U.S. export license treatment) or engaged exclusively in the agriculture or medical industries. Prior to this rule, U.S. origin EAR99 software did not require a license for export, reexport, or in-country transfer to or within Russia or Belarus except for a very limited set of software included in paragraph (g)(9) to Supplement 6 to Part 746 of the EAR. The following types of software are impacted: enterprise resource planning, customer relationship management, business intelligence, supply chain management, computerized maintenance management system, project management software, product lifecycle management, building information modeling, computer-aided design, computer-aided manufacturing, and engineering to order.
  • Expanded HTS Codes: BIS revised supplements No. 4 and No. 6 to Part 746, adding 522 HTS code entries, including oil and gas equipment, aerospace and defense products, and chemicals; the export, re-export, and in-country transfer of items that fall within these categories to Russia and Belarus now require a BIS license.
  • License Exception CCD Narrowed: Certain items are no longer eligible for License Exception Consumer Communications Devices (CCD), such that exports, re-exports, and in-country transfers of these items to Russia and Belarus now require a BIS license. License exception CCD, when applicable, exempts certain consumer communication devices from licensing requirements.
  • Additions to the Entity List/Listing of Addresses on the Entity List: BIS added five new entities to the Entity List and, for the first time, identified eight prohibited addresses (currently, all eight addresses are in Hong Kong). BIS determined that, regardless of the party’s name at any of the identified addresses, these locations are associated with significant transshipment of sensitive goods to Russia. Companies will need to incorporate measures to screen for these “high risk diversion addresses” into their compliance processes.
  • Temporary Denial Orders (TDOs): BIS issued TDOs against two Russian procurement networks (nine entities and six individuals) for exporting aircraft parts to Russia via third countries. TDOs cut off not only the right to export items subject to the EAR from the United States, but also the ability to receive or participate in exports from the United States or reexports of items subject to the EAR.

V. Conclusion

The latest Russia-related U.S. sanctions and export controls described above are yet another step in the United States’ escalating response to Russia’s war on Ukraine. The June 12 actions illustrate that the U.S. government remains able and willing to identify new ways of targeting Russia, cutting off its access to necessary funds and resources, and identifying and targeting those who help Russia to evade or circumvent sanctions imposed by the United States and its allies. We expect the United States to continue to identify additional targets (both in and outside of Russia) and to continually evaluate ways in which the U.S. government and its allies can increase their pressure on Russia and those who enable and support its activities in Ukraine.

While it remains to be seen whether and how OFAC may leverage E.O. 14114 to target FFIs for activities supporting Russia’s military-industrial base, FFIs will need to re-calibrate their E.O. 14114 controls in light of the expanded authority and should carefully review the updated guidance to ensure any controls put in place are adequately tailored to address these secondary sanctions risks.

Finally, in a world increasingly reliant on the internet and computers, the U.S. government’s actions to restrict the provision of certain IT and software products and services to Russia and Belarus are likely to have a far-reaching impact, even for companies that may not operate primarily in the IT and software space. The related new export control restrictions may pose significant due diligence challenges in particular. Exporters, including companies that provide software to Russia and Belarus, should review their transactions, contracts, and relationships with potentially affected persons to ensure compliance. Companies impacted by the new software restrictions should adjust their deployment platforms to prevent unauthorized software updates to entities in Russia and Belarus. Additionally, companies should ensure and update as necessary their recordkeeping processes to track export transactions accurately.

[1] See generally Dep’t of Treasury, As Russia Completes Transition to a Full War Economy, Treasury Takes Sweeping Aim at Foundational Financial Infrastructure and Access to Third Country Support (Jun. 12, 2024).

[2] See OFAC, GL 98 (Jun. 12, 2024)OFAC, GL 99 (Jun. 12, 2024)OFAC, GL 100 (Jun. 12, 2024)See also OFAC, Frequently Asked Question 1183 (Jun. 12, 2024), (providing details regarding the scope of transactions covered under the MoEx, NCC, and NSD GLs, among other topics).

[3] See OFAC, GL 8J (Jun. 12, 2024).

[4] See OFAC, FAQs 1147 and 1151 (Jun. 12, 2024), and (respectively).

[5] See OFAC, FAQ 1182 (Jun. 12, 2024)see also OFAC, GL 6D (Jun. 12, 2024).

[6] See OFAC, FAQ 1184 (Jun. 12, 2024), (clarifying what activities are considered prohibited “information technology (IT) consultancy and design services”); OFAC, FAQ 1186 (Jun. 12, 2024), (clarifying what activities are considered prohibited “IT support services” and “cloud-based services” for enterprise management software and design and manufacturing software); OFAC, FAQ 1187 (Jun. 12, 2024), (clarifying how OFAC intends to interpret “enterprise management software,” “design and manufacturing software,” “cloud-based services,” “information technology support services,” and “information technology consultancy and design services” in the IT Determination); OFAC, FAQ 1188 (Jun. 12, 2024).

[7] OFAC, GL 25D (Jun. 12, 2024)See also OFAC, FAQ 1184 (Jun. 12, 2024).

[8] See GL 6D, supra n. 5.

[9] BIS, Implementation of Additional Sanctions Against Russia and Belarus Under the Export Administration Regulations and Refinements to Existing Controls (Jun. 12, 2024).

[View source.]