Exiger’s watchlist shows that the five banned companies connect to over 1,300 subsidiaries
On Friday, November 25, 2022, the U.S. Federal Communications Commission (FCC) unanimously voted on new rules banning the import and sale of certain Chinese technology equipment provided by Huawei, ZTE, Hikvision, Hytera, and Dahua based on national security concerns. All four FCC commissioners, including two Democrat and two Republican appointees, supported the decision, demonstrating that concern for this threat rises above ideology. Organizations should aim to limit exposure to adversarial foreign control through continuous monitoring, especially since FCC commissioners are signaling a continued desire to escalate compliance measures.
Even at surface level, the impact is significant. Exiger’s Supply Chain Explorer shows there are over 1,200 US companies that have received over 14,000 pieces of equipment directly from these five companies (not including the subsidiaries that Exiger has mapped for these entities) in the last five years alone. Over 33% of the shipments were to ICT or electronics companies.
Industry Breakdown of Direct Product Shipments from Huawei, ZTE, Hikvision, Hytera, and Dahua
Number of Consignees
Number of Shipped Goods
What are the national security concerns and how do they affect U.S. businesses?
The latest ban is part of the ongoing federal campaign to mitigate national security risks posed by technology that raises foreign ownership and control risk from countries with adversarial inclinations to the United States. Two Huawei incidents have proven the risk is already a reality:
- FBI investigation uncovered Huawei equipment on cell towers in the rural Midwest located near U.S. military bases
- Huawei reportedly helped African governments spy on encrypted communications of their political opponents
Businesses in the U.S. should recognize the risk associated with the companies and associated products identified by the FCC. Movement by the U.S. government to limit availability of products will have a downstream impact on supply chains. This also makes clear that U.S. senior officials believe the security risk associated with doing business are sufficiently high to demand restrictions. That should send a clear message to all companies concerned with protecting secure information and maintaining operations.
Background on U.S. legislation targeting Chinese manufacturers
The latest ban is part of the ongoing federal campaign to mitigate national security risks posed by technology that raises foreign ownership and control risk from countries with adversarial inclinations to the United States. The recent FCC decision ban expands the scope of previous legislation and regulation aimed at Chinese enterprises by preventing the import and sale of these companies’ products and equipment “for the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes.” More specifically, the NDAA Section 889 prohibits U.S. government agencies and contractors from using goods and services of select Chinese entities and their subsidiaries. Exiger has built an 889 Watchlist, which clients can use to screen their vendor lists against the full set of ever-changing subsidiaries that could be considered covered companies.
Another recent U.S. regulatory action is the Uyghur Forced Labor Prevention Act, which includes the rebuttable presumption that any Chinese goods made of cotton, refined metals, circuits, and polysilicon are made by convict labor and are subject to U.S. Customs and Border Protection inspection and due diligence.
How many Chinese companies are impacted by the FCC ban?
Including the subset of companies named by the FCC last week, there are ten Chinese companies on the FCC’s Covered List. But the reach of technology deployed by the list can extend to include subsidiaries and affiliates. Exiger’s support to the U.S. government in eliminating some of the same companies on the FCC Covered list provide insight into exposure from Chinese technology companies: Exiger’s watchlist shows there are more than 1,300 subsidiaries that stem from the Covered List companies. While not all these companies are explicitly banned, they present risk to government and critical infrastructure entities. Exiger clients that want to avoid doing business with the covered entities can illuminate their supply chains to minimize FOCI risk and/or adapt to vendors expunged because of this ruling.
It is unclear if the FCC will require a “rip and replace” of all banned equipment, but telecommunications and other entities impacted by the FCC rulings should examine their inventories and prepare for that possibility. Although the agency has authority to revoke prior authorizations for these companies, it declined to do so at this stage. The order also has certain limitations and subsequent circumventions. For example, the obfuscated manufacturing of products (a practice known as “white labeling”) will make complete elimination of goods supplied from these Chinese entities difficult. Clients can leverage Exiger’s newly acquired capability to identify parts, items, and materials that go into products and equipment.
The actions taken by the FCC will not be the last actions taken by the U.S. and like-minded allies to limit digital exposure. All organizations, especially those providing critical services and technologies to Western democracies, should develop or enhance their risk management programs to minimize their exposure.
How Exiger Can Help
You can get ahead of risk in an ever-changing world with the latest SCRM technology.
Exiger’s Supply Chain Explorer platform brings transparency to supply chain relationships and provides risk data at your fingertips – across sanctions, trade embargoes, enforcement, state-owned flags, cyber risk, modern slavery, adverse media and more.
The DDIQ platform provides AI-driven due diligence using thousands of data sources to surface, filter and categorize risk. The Section 889 list was purpose-built to support our government agency clients and is now available for commercial use.
Navigate new regulations and monitor constantly changing ownership in three easy steps:
- Share the companies you’re working with
- Exiger’s platform monitors those companies and their subsidiaries
- Receive an alert when potential risk is detected
For impacted companies and others that want to reduce their risk exposure, Exiger has a suite of supply chain and third-party risk management solutions.
Our technology can screen your vendor lists against the full set of subsidiaries that could be considered covered companies. We also provide monitoring support should covered companies try to elude restrictions by setting up new subsidiaries intended to hide ownership. In addition, if you want to avoid doing business with these entities because of reputational risks associated with their human rights issues, then we can flag them for you. If you’re worried about how this could affect products you’re acquiring for your business needs, then this can also identify those manufacturers whose products may disappear from your supply chain.
Our extensive investment in illuminating and characterizing foreign ownership, control or influence (FOCI) risk, as well as our support to the U.S. government in eliminating some of the same companies on the FCC Covered list give us great data and insight into exposure from Chinese technology companies linked to Beijing’s aims to undermine U.S. national and economic security.
Contact us today.