On October 9, 2024, the U.S. Department of the Commerce's Bureau of Industry and Security ("BIS") published guidance to financial institutions ("FIs") on best practices for compliance with the Export Administration Regulations ("EAR"). The guidance reflects BIS's increasing focus on EAR compliance by FIs and follows several joint alerts published by BIS and the U.S. Department of Treasury's Financial Crimes Enforcement Network ("FinCEN") in May, June, and November 2023 that provided FIs with "red flag" indicators for export control evasion and key terms to use in export control evasion-related Suspicious Activity Reports ("SARs"). In light of BIS's recent guidance, both U.S. and non-U.S. FIs should review their EAR-related due diligence and risk-management and compliance processes.
Key Takeaways
In the updated guidance, BIS stressed that FIs can face liability under the EAR's General Prohibition 10 ("GP 10"), which prohibits all persons worldwide from proceeding with a transaction – including through financing – with "knowledge" that a violation of the EAR has occurred, is about to occur, or is intended to occur. Importantly, "knowledge" under the EAR includes not only positive knowledge that a circumstance exists or is substantially certain to occur, but also an awareness of a high probability of its existence or future occurrence, which may be inferred from evidence of willful avoidance of facts. Items "subject to the EAR" include all items in the United States, including items moving in-transit through the United States; U.S.-origin items wherever located; and certain foreign-made items that incorporate more than a de minimis amount of U.S.-origin controlled content or that are produced abroad using controlled U.S. software, technology or equipment.
BIS explains that there is an expectation for FIs to conduct screening, not only of customers, but also of customers' customers in some instances, and not only against official government lists, but also most notably against unofficial "lists of entities that have shipped Common High Priority List ("CHPL") items to Russia since 2023," such as that published by the Trade Integrity Project ("TIP"). BIS expects FIs to closely scrutinize addresses and entities identified as shipping CHPL items to Russia to determine whether any red flags indicating export control evasion are present. When there are positive findings, FIs may be expected to ask the customer "to certify whether it has sufficient controls in place to comply with" U.S. export controls.
In addition to engaging in EAR-related due diligence when onboarding and retaining customers, BIS recommends that, in order to minimize the risk of violations of GP 10, FIs review transactions on an ongoing basis for red flags. Furthermore, BIS explains that screening and red flag reviews should also be conducted post-transaction in some circumstances, and any concerns should be resolved prior to allowing another similar transaction to occur. BIS has explained that proceeding with a subsequent transaction before resolving red flags could form the basis of "knowledge" and result in a GP 10 violation.
Notably, BIS has explained that certain red flags are so significant that even one such finding may be sufficient to constitute "knowledge" and a potential violation of EAR if a FI proceeds with a transaction without resolving such red flags. Those red flags include:
- A customer refuses to provide details to banks, shippers, or third parties, including details about end-users, intended end-use(s), or company ownership.
- The name of one of the parties to the transaction is a "match" or similar to one of the parties on a restricted-party list.
- Transactions involving companies that are physically co-located with a party on the Entity List or the SDN List or involve an address BIS has identified as an address with high diversion risk.
- Transactions involving a last-minute change in payment routing that was previously scheduled from a country of concern but is now routed through a different country or company.
FIs can resolve these red flags by, among other things, confirming that the item exported, reexported, or transferred (in country) is not subject to the EAR, is outside the scope of the license requirement triggered by a party's inclusion on a restricted party list, or is otherwise authorized by a BIS license exception or license.
Conclusion
BIS's guidance reflects the agency's expectation that U.S. and non-U.S. FIs should incorporate EAR-related due diligence into their risk compliance processes and be aware of red flags indicating evasion of US export controls. It also makes clear that BIS views General Prohibition 10 as a solid basis for export controls enforcement in the context of an EAR violation, even if no U.S. persons are involved in the transaction. In light of this recent guidance, FIs should carefully review and, if necessary, recalibrate their approach to export controls compliance.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
