This week, the U.S. Bureau of Industry and Security (BIS) released new guidance aimed at improving financial institutions' (FIs) compliance with export control regulations, particularly under the Export Administration Regulations (EAR).
This marks a shift in BIS's expectations from earlier guidance, which primarily focused on educating FIs about identifying and reporting evasion red flags. Now, the agency warns that FIs could face liability if they fail to incorporate export control-related red flags into their compliance programs.
The guidance emphasizes the heightened risks of export control violations for FIs and underscores their responsibility to actively ensure that their transactions do not facilitate evasion of U.S. export controls. This change highlights the critical role that FIs play in enforcing U.S. export controls, particularly concerning Russia, Iran, and other sanctioned countries.
Here are five key takeaways:
1. Increased Liability for Financial Institutions
BIS made it clear that FIs that do not integrate evasion red flags into their compliance programs could be held liable for violating General Prohibition 10 (GP 10) of the EAR. GP 10 forbids financing or servicing any transaction that violates or could violate export control laws. BIS’s new stance heightens the responsibility of FIs to actively screen transactions, ensuring they are not inadvertently facilitating export evasion.
2. New Customer Due Diligence Procedures
The new guidance emphasizes the importance of enhanced due diligence. BIS recommends that FIs screen their customer accounts against restricted party lists and commercially available lists of entities that have exported Common High Priority List (CHPL) items to Russia since 2023. If a customer appears on either list, the FI should "heavily weigh" the risk of potential EAR violations and “closely scrutinize” the customer’s activities.
3. Post-Facto Transactional Reviews
FIs are encouraged to conduct targeted post-transaction reviews, especially when red flags arise. BIS expects FIs to investigate any red flags in completed transactions and apply controls to prevent similar violations in the future. This recommendation aligns with previous guidance but carries more weight under the new compliance framework, where failure to act could now result in penalties.
4. Real-Time Screening for Higher-Risk Transactions
FIs are now expected to conduct real-time screening against additional government lists before processing high-risk transactions. This includes lists such as the Denied Persons List and entities subject to Military End-User or Military-Intelligence End-User restrictions. FIs should reject transactions unless they can confirm that the items involved do not violate the EAR, reflecting the agency's push for proactive measures to prevent export violations.
5. Heightened Focus on Red Flags
The updated guidance introduces specific red flags, such as transactions involving companies physically co-located with parties on the Entity List or the SDN List, or addresses that BIS has flagged as having a high diversion risk. When these red flags are identified, BIS expects FIs to halt transactions until they can confirm compliance or mitigate the risks.
This marks a shift in BIS's expectations from earlier guidance, which primarily focused on educating FIs about identifying and reporting evasion red flags. Now, the agency warns that FIs could face liability if they fail to incorporate export control-related red flags into their compliance programs.
The guidance emphasizes the heightened risks of export control violations for FIs and underscores their responsibility to actively ensure that their transactions do not facilitate evasion of U.S. export controls. This change highlights the critical role that FIs play in enforcing U.S. export controls, particularly concerning Russia, Iran, and other sanctioned countries.
Here are five key takeaways:
1. Increased Liability for Financial Institutions
BIS made it clear that FIs that do not integrate evasion red flags into their compliance programs could be held liable for violating General Prohibition 10 (GP 10) of the EAR. GP 10 forbids financing or servicing any transaction that violates or could violate export control laws. BIS’s new stance heightens the responsibility of FIs to actively screen transactions, ensuring they are not inadvertently facilitating export evasion.
2. New Customer Due Diligence Procedures
The new guidance emphasizes the importance of enhanced due diligence. BIS recommends that FIs screen their customer accounts against restricted party lists and commercially available lists of entities that have exported Common High Priority List (CHPL) items to Russia since 2023. If a customer appears on either list, the FI should "heavily weigh" the risk of potential EAR violations and “closely scrutinize” the customer’s activities.
3. Post-Facto Transactional Reviews
FIs are encouraged to conduct targeted post-transaction reviews, especially when red flags arise. BIS expects FIs to investigate any red flags in completed transactions and apply controls to prevent similar violations in the future. This recommendation aligns with previous guidance but carries more weight under the new compliance framework, where failure to act could now result in penalties.
4. Real-Time Screening for Higher-Risk Transactions
FIs are now expected to conduct real-time screening against additional government lists before processing high-risk transactions. This includes lists such as the Denied Persons List and entities subject to Military End-User or Military-Intelligence End-User restrictions. FIs should reject transactions unless they can confirm that the items involved do not violate the EAR, reflecting the agency's push for proactive measures to prevent export violations.
5. Heightened Focus on Red Flags
The updated guidance introduces specific red flags, such as transactions involving companies physically co-located with parties on the Entity List or the SDN List, or addresses that BIS has flagged as having a high diversion risk. When these red flags are identified, BIS expects FIs to halt transactions until they can confirm compliance or mitigate the risks.
