On November 1, 2024, the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) imposed a $500,000 monetary penalty on GlobalFoundries U.S. 2 LLC and its parent, GlobalFoundries U.S. Inc., for a series of unauthorized exports to SJ Semiconductor (“SJS”), a restricted party contained on BIS’s ubiquitous Entity List. This recent enforcement action reflects BIS’s steadfast commitment to enforcing U.S. export controls, especially in cases where transactions present elevated risks to U.S. national security due to associations with foreign military-aligned industries.

BIS’s investigation revealed that between February 2021 and October 2022, GlobalFoundries exported approximately 5,700 semiconductor wafers to SJS without obtaining the necessary license from BIS, with the total shipments valued at approximately $17 million. These exports contravened U.S. export control regulations, as SJS’s addition to the Entity List in December 2020 mandated that any exports, reexports, or in-country transfers of U.S.-origin items to SJS be authorized through an explicit BIS license. The addition of SJS to the Entity List was based on its affiliation with entities integral to China’s military-industrial complex, thereby rendering SJS a restricted party under U.S. export laws. GlobalFoundries’ actions led to 74 documented violations of the Export Administration Regulations (“EAR”), underscoring both the scale of the breach and the critical importance of vigilant compliance practices in regulated industries.

At the center of the compliance lapse was GlobalFoundries’ longstanding business arrangement with a Chinese customer, referred to in BIS’s findings as “Company 1.” Under this arrangement, GlobalFoundries manufactured semiconductor wafers for Company 1, which in turn directed that the wafers be sent to its outsourced assembly and testing provider, SJS. Although this practice of shipping items to third-party service providers is commonplace within the semiconductor industry, the designation of SJS on the Entity List imposed specific legal obligations upon GlobalFoundries to obtain export authorization for any transactions directed to SJS. Despite these requirements, the company continued its exports without obtaining the appropriate BIS licenses, leading to significant compliance implications.

The failures within GlobalFoundries’ export control measures arose from a procedural deficiency in its internal data management systems, specifically within its Oracle Global Trade Management (“GTM”) module, which the company employed to screen export transactions for restricted parties. A data entry error resulted in Company 1 being incorrectly listed as the primary recipient of the shipments, bypassing the GTM module’s screening protocols that would have otherwise flagged SJS as a restricted recipient. Due to this error in the “ship-to” field, SJS’s Entity List designation was effectively obscured within GlobalFoundries’ system, and the automated compliance controls designed to prevent unauthorized exports were rendered ineffective. As a result, the shipments proceeded unimpeded, circumventing the regulatory scrutiny that would have identified these exports as prohibited under the EAR.

BIS’s investigation into the company’s compliance practices revealed further complexities through a comparison of GlobalFoundries’ handling of a second customer, known as “Company 2,” which also directed the company to ship semiconductor wafers to SJS. In Company 2’s case, the GTM module accurately recorded SJS as the “ship-to” recipient, thereby triggering the module’s compliance alerts and automatically suspending exports to SJS until the necessary BIS license was obtained. Recognizing the regulatory restrictions, Company 2 applied for and successfully received an export license from BIS in August 2021, authorizing shipments to SJS on a legally compliant basis. However, despite this successful intervention in Company 2’s transactions, the misclassification in the Company 1 records remained unaddressed, resulting in a continued flow of unlicensed exports to SJS over a period of nearly two years. This uncorrected oversight led to repeated, documented breaches of U.S. export regulations, exposing GlobalFoundries to considerable compliance risk.

Following the identification of these compliance deficiencies, GlobalFoundries submitted voluntary disclosures to BIS in April and November 2023, acknowledging the data management issues within its GTM module and outlining the procedural weaknesses that had contributed to the violations. BIS’s investigation subsequently underscored the vital role of data integrity and accuracy within export control frameworks, as compliance screening measures are critically dependent on the accuracy of data entries in regulated transactions. BIS noted that GlobalFoundries’ reliance on manual data inputs within the GTM system without sufficient verification controls posed substantial compliance vulnerabilities. The investigation further emphasized that the effectiveness of GlobalFoundries’ export control measures was significantly compromised by the lack of rigorous oversight over its data management processes, which ultimately enabled the unauthorized exports to SJS.

In response to BIS’s concerns, GlobalFoundries took corrective measures to enhance its compliance infrastructure, implementing strengthened data validation protocols and comprehensive oversight mechanisms within its GTM module to ensure the accurate identification and screening of restricted entities. The enhancements reflect GlobalFoundries’ commitment to addressing the procedural deficiencies identified during the investigation and to achieving full compliance with U.S. export control standards. Nonetheless, BIS’s penalty in this case highlights the critical responsibilities borne by U.S. exporters in safeguarding national security through strict adherence to export control regulations, and it reinforces BIS’s commitment to the rigorous enforcement of these standards as a fundamental aspect of U.S. national security policy.