DXC Technology Company Settles Sanctions and Export Control Violations
On May 17, 2024, Nevada-based DXC Technology Company (“DXC”)—a global IT services provider—officially filed its required annual 10-K Form with the U.S. Securities and Exchange Commission (“SEC”) indicating that previously-disclosed proceedings involving both the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) and U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) had been resolved. According to the SEC filing, DXC officially submitted its final voluntary self-disclosures to OFAC in August 2023 and to BIS in November 2023. Thereafter, both OFAC and BIS issued warning/cautionary letters to DXC in lieu of the assessment of any administrative penalties. The underlying violations purportedly stem from the sale of DXC subsidiary Luxoft’s Russian Federation-based operations to IBS Holding LLC (“IBS Holding”) in April 2022, following the Putin regime’s invasion of Ukraine.
While DXC’s Form 10-K provides little additional detail about the precise nature of the underlying sanctions and export control violations, independent research reveals that IBS Holding was formerly associated with Anatoly Karachinsky, an individual that OFAC had previously included on its List of Specially Designated Nationals and Blocked Persons (“SDN List”) for his association with Otkritie Bank. Until approximately June 2022, Karachinsky—the founder of IBS Group—held a majority interest of approximately seventy-five percent (75%) in IBS Holding itself. Notably, OFAC’s SDN List designation took effect on April 20, 2022, and lapsed with the delisting of Karachinsky as an SDN on May 19, 2023. During the time that Karachinsky appeared on the SDN List, OFAC’s ubiquitous Fifty Percent Rule would have operated to bar any U.S. Person from transacting business with an entity owned fifty percent (50%) or more by Karachinsky without explicit authorization, including IBS Holding. Given the timing of the misconduct in question, it is entirely reasonable to infer that the sanctions violation thus resulted from the sale of Luxoft’s Russian operation to an individual that was actively designated as an SDN.
The potential nature of the Export Administration Regulation (“EAR”) violations are more difficult to discern, although it stands to reason that Luxoft’s Russian Federation operation likely had access to EAR-controlled commodities that were marketed and sold to DXC customers in Russian Federation territory in connection with its provision of IT services. On April 8, 2022, BIS announced the adoption of a blanket prohibition on the unlicensed export, reexport, and transfer (in country) of any items contained on the Commerce Control List (“CCL”) when destined for the Russian Federation and Belarus. Given the immediate effect of the rule—and a barebones Savings Clause that exempted only certain shipments en route aboard a carrier to a port of export on April 8, 2022—DXC’s disclosed violations may well be related to the unauthorized export and re-export of controlled commodities and technology to Russian Federation entities having a distinctly U.S.-origin.
In the end, DXC’s resolution of the underlying sanctions and export control violations should serve as a prescient reminder to organizations engaged in any commercial activity with the Russian Federation of the necessity of adhering to the letter of rapidly changing regulations. Such organizations must be equipped with the ability to account not only for recent SDN and other sanctions list designations on a near-contemporaneous basis, but also frequent modifications to existing export restrictions that might frustrate altogether the capacity of the organization to meet current commitments. This underscores the need for the utilization of reliable automated screening solutions as part of an organization’s overall commitment to effective third party risk management practices. It also illustrates the importance of devoting adequate resources to monitoring critical regulatory developments in any areas that affect the organization’s commercial operations.