Learn about Legal and Regulatory Compliance

Learn about legal and regulatory compliance for Columbia University's international operations.


This brief overview of U.S. laws and regulations that typically apply to our international projects and activities is intended to help identify possible issues that should be referred to Columbia's Office of the General Counsel (OGC) for analysis and assistance. Our international programs and activities are also subject to the laws and regulations of each host country – these must be reviewed on a country-by-country basis with guidance from the OGC.

Columbia University’s international activities must comply with applicable laws and regulations of both the United States and the host country. Many of these laws apply not only to the University, but also to any entity established by Columbia overseas and also to individual faculty, employees, and students.

The OGC should be consulted during the initial planning stage of an overseas project and as issues or questions arise. Only the OGC is authorized to engage counsel in the United States and other countries to provide guidance on the impact of local laws on the University’s international activities. 

Since laws can differ significantly from country-to-country, it is important that guidance be provided on an individualized basis. Under certain circumstances, the laws of a host country may allow or even require actions that would violate U.S. or New York laws, such as honoring boycotts not sanctioned by the U.S. Where the laws of a host country conflict with the policies of the University or with the laws of the United States or New York, the OGC will work with you and others in the University to develop an appropriate way forward.   

This page provides brief overviews of certain key U.S. laws and regulations that are relevant to international activities.

The U.S. Foreign Corrupt Practices Act (FCPA) makes it unlawful to bribe foreign government officials to obtain or retain business. There are five elements for a violation under the FCPA:


The FCPA applies to Columbia University and any individual faculty or employee who is a citizen, national, or resident of the United States. U.S. citizens, nationals, and residents are covered by the FCPA wherever they travel and live throughout the world. In addition, the University and individual faculty and employees may be liable for the acts of foreign subsidiaries where they authorized, directed, or controlled the activity in question. 

Corrupt Intent

The person making or authorizing the payment must have a corrupt intent, and the payment must be intended to induce the recipient to misuse his or her official position. The offer or promise of a corrupt payment can constitute a violation of the statute, even if the official fails to take the desired action.


The FCPA prohibits paying, offering, promising to pay (or authorizing to pay or offer) money or anything of value. “Anything of value” can include meals, theatre tickets, discounts, and services, particularly if extravagant and not customary for the University. In addition, the business does not need to be with a foreign government or foreign government instrumentality - a payment to a foreign official to obtain business with  a private person would also be prohibited.  


The FCPA prohibits payments to a foreign official, a foreign political party or official, or any candidate for foreign political office. A "foreign official" means any officer or employee (regardless of rank or position) of a foreign government, a public international organization, or any department or agency, or any person acting in an official capacity. This can include a member of a royal family or an official of a state-owned enterprise. Individuals employed by foreign universities may be deemed to be foreign officials, depending on the relationship between the university and the government.

Business Purpose Test

The FCPA prohibits payments made to help obtain or retain business or direct business to any person. The Department of Justice interprets "obtaining or retaining business" broadly, such that the term encompasses more than the mere award or renewal of a grant, gift, or contract. In addition, the business does not need to be with a foreign government or foreign government instrumentality, but can be with a private person.  

The FCPA also prohibits corrupt payments through intermediaries. It is unlawful to make a payment to a third party, while knowing that all or a portion of the payment will go directly or indirectly to a foreign official. The term "knowing" includes conscious disregard and deliberate ignorance.

When working with potential collaborators, vendors, and others, we should be mindful of any  so-called "red flags." A red flag includes an unusual payment pattern or financial arrangement, a history of corruption in the country, a refusal by the foreign party to agree with a written provision that it will not take any action in violation of the FCPA, lack of transparency in expenses and accounting records, apparent lack of qualifications to perform the services offered, and whether the party has been recommended by a governmental official. 

It is also important that, where appropriate, the compliance obligations outlined in this section be “flowed down” to contractors, collaborators, and other third parties acting on the University’s behalf.

Many other countries have their own anti-bribery laws, sometimes with broader application.  For example, while the FCPA covers foreign officials, other regimes prohibit bribes against private, non-governmental persons.

The application of the FCPA can be complex. Columbia’s Central Administration is equipped to advise on appropriate anti-bribery provisions and measures for memoranda of understanding, procurement contracts, leases, and other agreements with third parties. The OGC should be consulted as issues and questions arise.

Various countries are subject to U.S. economic and trade sanctions. The sanctions can be either “limited” or “comprehensive”, and for certain countries (such as Iran and Cuba) can be extremely restrictive.

These sanctions may require obtaining governmental approval before conducting research with, buying materials from, or engaging in other activities involving the sanctioned country.

Countries or regions subject to the most restrictive sanction programs are:

  • Cuba
  • Iran
  • North Korea
  • Syria
  • Republic of the Sudan (also known as North Sudan; not South Sudan)
  • the Crimea Region of Ukraine

More limited  restrictions apply to Balkans, Belarus, Burma, Burundi, Central African Republic, Democratic Republic of the Congo, Iraq, Lebanon, Libya, Somalia, South Sudan, Ukraine/Russia, Venezuela, Yemen and Zimbabwe.

For a complete list of sanctioned countries, visit the Sanctions Programs and Country Information page on the U.S. Department of Treasury's website. It is updated periodically and has the most recent information.

Any proposed transaction, contract, collaboration, purchase, or other transaction in, or involving, a sanctioned country or an entity (whether governmental, non-profit, or commercial), or individual based in a sanctioned country, should be discussed in advance with the University's Office of the General Counsel or the Office of Research Compliance and Training.

For assistance regarding U.S. sanctioned countries, email [email protected].

The U.S. Department of Treasury also designates certain persons and entities as “Specially Designated Nationals” or “SDNs” for narcotics trafficking, weapons proliferation, terrorism, and other reasons. Columbia faculty and staff should not engage in any transactions or dealings with SDNs unless cleared in advance with the Office of the General Counsel (OGC).

Refer to the Specially Designated Nationals List in the U.S. Department of Treasury's website, which is updated periodically.

Under U.S. criminal laws targeting terrorism, as amended by the U.S.A. Patriot Act, it is also violation of U.S. law to provide “material support” to an organization engaged in terrorist activity. Material support is broadly defined and includes training and other services. Organizations and individuals appearing on this list are also included on the SDN list.

When entering into discussions regarding a possible transaction with a proposed collaborator, vendor, contractor, employee, service provider, or other third party, it is critical to check the SDN list for the name of the person or entity with whom the program is dealing. In addition, it is important to check, also periodically, other U.S. restricted party lists known as:

Many of these searches can be done through a single commercially-available software application that is licensed to Columbia. Columbia’s central administration has the tools to assist you with the appropriate screenings. Should you require assistance with this, contact Global Support.

U.S. regulations also prohibit any agreement to participate in an international boycott not supported by the U.S. government, such as the Arab League boycott of Israel. 

Boycott-related requests may be oral or written, and may appear as provisions in a proposed bid invitation, contract, purchase order, letter of credit, research or other agreement that calls for boycott-related information or action. The boycott regulations are broad and complex, regulating for example: (a) agreeing not to do business with an entity that has Jewish employees; (b) agreeing to stamp an invoice with the statement “We certify that goods are not of Israeli origin;” and (c) approving a letter of credit with the notation that “the goods cannot be shipped on a vessel that calls at Israeli ports.” Columbia University programs abroad cannot select one vendor or candidate over another for boycott reasons, and cannot furnish information about business relationships with Israel or with companies identified as having dealings with Israel. 

The law can be triggered through a seemingly informal discussion, never put in writing, such as an inquiry during negotiations about whether the program has any activities in Israel. Any such questions or discussions should not take place unless they plainly do not relate to the boycott.  (For example, an inquiry about whether we have activities in Israel because of an interest to hold a conference there would not be trigger boycott concerns). Often the receipt of a request to cooperate in a boycott must be reported to the U.S. government – even when the offer is immediately refused. 

There actually are two sets of U.S. regulations: one issued by the United States Department of Commerce and the other by the United States Department of Treasury.  Both regulations impose consequences for refusing to do business with or in Israel or blacklisted companies. In addition, under the Treasury rules, U.S. taxpayers with “operations in or related to” a boycotting country must report these operations in an annual income tax form. The term “operations” means all forms of transactions, whether or not producing income, including performing services.

The most recent list of countries and examples of boycott requests that have been reported to the Office of Antiboycott Compliance can be found through the Bureau of Industry and Securityin the U.S. Department of Commerce website.

In addition, programs abroad must not discriminate against employees or applicants for employment on the basis of race, color, sex, gender, religion, creed, national and ethnic origin, age, citizenship, status as a perceived or actual victim of domestic violence, disability, marital status, sexual orientation, status as a veteran, or any other legally protected status. Where conflicts exist between the laws, regulations, and customs of the host country and the program’s anti-discrimination policies, the matter should be referred to the Office of the General Counsel for guidance.

U.S. export control regulations control whether certain commodities, software and information can be transmitted outside the U.S. Before arranging for items to be shipped or conveyed (electronically or otherwise) outside the U.S., these laws and regulations should be reviewed. 

In brief, the U.S. International Traffic in Arms Regulations (“ITAR”) of the Department of State regulates military, space, or defense-related items, which can include information (i.e., “technical data”).  The U.S. Export Administration Regulations (“EAR”) of the Department of Commerce covers equipment, materials, software and related information (i.e., “technology”) with commercial or both commercial and military applications. The controlled items are found in lists published by the U.S. Government. 

U.S. export laws are triggered even if a controlled item leaves the U.S. temporarily and is being transferred to a wholly-owned subsidiary of Columbia University in a foreign country. An export includes not only shipment of physical items outside the U.S., but also electronic transfers of software or information outside the U.S. An export also includes applying controlled information abroad, such as by providing training or services regarding the controlled items. 

In addition, U.S. export laws are triggered if an export-controlled item is exported from one country outside the U.S. to another country. The export of an item to a particular host country may be permissible, but the export of the item to another country triggers the need for another round of review.  The United States extends its export laws to items that originated or were produced in the U.S., or that are based on or contain U.S. technology, regardless of where the item is located.  

In fact, under the doctrine of “deemed export”, disclosure of controlled information or software to a national of another country even within the United States would trigger the need for export review. Transfer or disclosure of controlled information or software to a “foreign person” (from the standpoint of the U.S.) anywhere in the world is considered an export to that person’s country. 

Citizens and permanent residents of the United States who travel abroad should also be aware that their laptops, mobile phones, and other electronic devices brought with them are subject to U.S. export controls.  In general, individuals traveling abroad with personal electronic devices will not require a license, so long as the devices are routinely available from commercial vendors, are kept in the traveler’s immediate control while outside the U.S.,  and are brought back to the U.S. within one year of the initial departure. 

However, licenses are more likely to be required for a device that holds encryption software or contains software, components, or information that are themselves controlled under U.S. export controls and not exempt as “fundamental research”.  “Fundamental research” is research in science, engineering, or mathematics, the results of which ordinarily are published and shared broadly within the scientific community, and for which the researchers have not accepted restrictions for proprietary or national security reasons.  

In addition to U.S. export laws, other countries may also have their own export and import laws. As a result, outside the U.S., the laws of the host country may include additional requirements.

This can be a complex area to navigate. For assistance for research activities, please confer with the Office of Research Training and Compliance, and for other activities, with Global Support.

For guidance when traveling temporarily outside the U.S. with laptops, tablets, mobile phones and other similar electronic devices, please review Data Technology  and for additional international travel information, visit the Global Travel website.

Within the United States, privacy laws and regulations are targeted to protect certain types of personally identifiable information, such as health records, financial information, and student records. Many other countries have enacted laws with much broader scopes of protected information, extending even to names and telephone numbers.  

Privacy laws can be triggered:

  • within each country, with respect to records and information collected, maintained, and stored in the country; and
  • when information is conveyed from one country to another. A country with relatively strict privacy laws might not permit the transfer of information to a country deemed less protective (including the United States) unless specific permissions are obtained or other approved measures are taken.

In addition, the loss or unauthorized access to protected information may compel disclosure, governmental filings, and other measures within the country.

Other Laws

There are a variety of U.S. laws and regulations related to the export and shipment of specific regulated materials, such as chemicals, biologics, genetic elements, and radioactive materials.  For example, the export of many biologics, toxins, and agricultural products require a permit from the U.S. Department of Agriculture or the U.S. programs for Disease Control and Prevention.   

New York and U.S. law requires colleges and universities to report annually gifts, grants, contracts, awards, endowments, and property of any kind that is received from non-U.S. sources and exceed certain thresholds. Under New York law, the reporting is triggered if a single source provides a gift, grant, or another arrangement whose value equals $100,000 (considered alone or in combination with other gifts or arrangements from that same source within a fiscal year). Under Federal law, U.S. institutions that receive a gift or enter into an arrangement with a “foreign source,” the value of which is $250,000 or more (also considered alone or in combination with other gifts or arrangements from the same source within a calendar year) must file a disclosure report.

Litigation, Proceedings and Governmental Inquiries

As soon as an overseas program becomes aware of any circumstances that could lead to litigation, threatened litigation, proceedings, or government inquiries that involve in any way the program or Columbia University, Columbia University’s Office of the General Counsel should be alerted.  In general, no action should be taken in response to any such litigation, proceeding, or inquiry without first obtaining guidance from the University’s Office of General Counsel.

In addition, if a crime is committed in any offices or facilities rented or otherwise under the University’s control outside the U.S., you should contact Columbia University’s Department of Public Safety.

Again, our goal for this guidance is to help you identify those circumstances when it is important to seek assistance from OGC and other central administration resources. The central university is ready and able to assist you with compliance issues, both in the U.S. and internationally, so that the burden of compliance is mitigated as much as practical, and faculty and staff can keep their focus on academic, research and service programs and not the minutiae of laws.

The use of Columbia University’s name or brand (or those of its schools, colleges, centers, or programs) in other countries warrants important considerations, including potential legal and tax implications.

Please consult with the Office of the General Counsel and the Office of Communications and Public Affairs prior to using any Columbia University name and/or logo in association with an overseas project. Examples of such uses include promotional materials, stationery with a foreign address, identification of local office space, and the granting of use to a third party.

  • Official logos and style guidelines for Columbia University’s communications are available at CU’s Web & Identity Guidelines
  • Columbia’s name and reputation are assets of both academic and economic value. The University, therefore, has a compelling interest in ensuring that its name; insignias, such as the Columbia Crown and Columbia Shield; and the emblems of individual schools are used in a manner that furthers its mission and is consistent with its institutional interests.
  • No officer should use the official title of the University, or any of its parts, except in connection with legitimate University purposes.
  • The name of the University, its insignias, and the emblems of its schools may not be used to advertise or recommend commercial products and services, to promote the activities of outside organizations, or to further social or political causes.

Exceptions require the prior approval of the Provost. These policies also apply to the use of the University name and insignias in any electronic media, including Internet addresses, web sites, and domain names. In connection with their outside activities, faculty and other officers may identify themselves as holding appointments at Columbia by listing their University titles. They should, however, be careful not to imply that the University supports, sponsors, or endorses those activities.

Still have questions?

Visit our Service Center.