Washington, D.C. (October 30, 2024) - On October 9, 2024, the Department of Commerce's Bureau of Industry and Security (BIS) published best practice recommendations (Guidance) for complying with the Export Administration Regulations (EAR). Noting that every "export – every single one – has a related financial transaction," BIS is providing direction to financial institutions on how best to comply with its regulations so banks can spot red flags and avoid being used to facilitate sanctions violations.
The Guidance focuses on General Prohibition 10 (GP 10), which prohibits financial institutions (or any person) from financing or servicing any item that is subject to the EAR with knowledge that a "violation... has occurred, is about to occur, or is intended to occur in connection with the item" (emphasis added). An "item" that is subject to the EAR includes commodities, software and technology in the U.S., including in a U.S. Foreign Trade Zone, moving in-transit through the U.S. from one foreign country to another and U.S.-origin items wherever located.
A strong bank compliance program can detect a past sanctions violation and even a potential violation and trigger actions to prevent one from occurring.
However, can a strong compliance program decipher intentions? Can it predict a potential sanctions compliance violation? The Guidance provides best practices for financial institutions and other persons to utilize in order to enable them to become aware of at least a high probability of a potential sanctions violation or the existence of a future violation of the EAR.
WHAT SHOULD A BANK DO TO MINIMIZE SANCTIONS VIOLATIONS?
All banks should have a sanctions compliance program that includes reviewing customers against lists of persons subject to BIS's end-user restrictions, such as the Unverified List, the Entity List, the Military End-User List and the Denied Persons List. But the Guidance asks banks to do more than just compare customers against the lists of parties of concern. To bolster their compliance programs, BIS recommends that financial institutions ask their customers to take an additional step and certify whether they have sufficient controls in place to comply with the EAR. Additionally, it asks financial institutions to continuously monitor the lists, as they are frequently updated.
Another proactive step to take to minimize the potential for violations of GP 10 is to review transactions on an ongoing basis for red flags. See our previous Alert relating to red flags and an issuance by BIS further identifying such flags.
BIS acknowledges that while no single red flag necessarily indicates an illicit activity, certain red flags might be sufficient to constitute "knowledge" under the EAR. The Guidance states that knowledge of a circumstance includes "an awareness of a high probability" that a violation will occur or has occurred. If one of the below red flags exists during a post-transaction review, BIS recommends that no further transactions with the parties should occur, or the financial institution risks liability for a violation of the EAR under GP 10:
- A customer refuses to provide details to banks, shippers, or
third parties, including details about end-users, intended
end-use(s), or company ownership.
- The name of one of the parties to the transaction is a
"match" or similar to one of the parties on a
restricted-party list.
- Transactions involving companies that are physically co-located
with a party on the Entity List or the SDN List or involve an
address BIS has identified as an address with high diversion
risk.
- Transactions involving a last-minute change in payment routing that was previously scheduled from a country of concern but is now routed through a different country or company.
Additionally, BIS states that it does not generally authorize
transactions that would otherwise be prohibited by GP 10 and it
does not confirm the existence of licenses to third parties.
Therefore, BIS recommends that financial institutions "should
seek confirmation from their customers regarding BIS-issued
licenses, including by obtaining a copy of the export
license."
BIS understands the difficulty for financial institutions in
determining the intent of a party to violate the EAR. However, BIS
does "recommend real-time screening against certain
BIS-administered restricted-party lists in certain circumstances to
avoid potential violations of GP 10." Specifically, it
recommends real-time screening against the names and addresses on
the following lists:
- The BIS Denied Persons List as found in 15 C.F.R. part
764;
- Restrictions on exports, reexports, and transfers (in-country)
to certain military-intelligence end uses or end users as found in
16 C.F.R. § 744.22(f)(2); and,
- Certain persons described in the BIS Entity List at supplement no. 4 to 15 C.F.R. part 744.
The Guidance clearly states that failure to do this real-time screening "risks liability for a knowing violation of the EAR under GP 10."
TAKEAWAY
BIS has upped the ante for financial institutions to avoid being subject to potential violations of the EAR. In addition to identifying red flags that could result in sanctions if not properly identified and resolved, additional compliance efforts are necessary to avoid inferences of adverse intent. Financial institutions should take note of these recommendations in updating their Sanctions Compliance programs.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
