On October 9, 2024, the US Commerce Department’s Bureau of Industry and Security (“BIS”) issued guidance to financial institutions on best practices for compliance with the US Export Administrations Regulations (“EAR”). The guidance aims to help financial institutions minimize the inadvertent EAR violations, especially under General Prohibition 10 (“GP 10”), which prohibits financing or servicing items subject to the EAR with knowledge that a violation of the EAR has occurred, is about to occur, or is intended to occur in connection with the item. This guidance builds on prior joint notices issued by BIS and the Treasury Department’s Financial Crimes Enforcement Network that identify red flags related to export control evasion relevant for financial institutions, which we covered on our blog here.
Recommended Best Practices for Export Control Compliance
- Restricted Party Screening: BIS recommends that financial institutions screen customers against BIS restricted party lists, such as the Unverified List, Entity List, Military End-User List, and Denied Persons List. Financial institutions may use the Consolidated Screening List, which includes persons listed by BIS, the Treasury Department’s Office of Foreign Assets Control, and the State Department’s Directorate of Defense Trade Controls. BIS recommends that financial institutions heavily weigh a customer’s presence on a BIS restricted party list when determining the customer’s overall risk profile for potential EAR violations, even when the particular end-user restrictions do not alone prevent a party from receiving services from financial institutions.
- Common High Priority List Screening: BIS recommends that financial institutions screen customers (and customers’ customers, where appropriate) against lists of entities that have shipped Common High Priority List (“CHPL”) items to Russia since 2023. Financial institutions may obtain lists from commercial service providers or the Trade Integrity Project, an Open-Source Centre initiative.
- Certification of Sufficient Controls: BIS recommends that financial institutions ask customers to certify whether they have sufficient controls in place to comply with the EAR with respect to parties that appear on a restricted party list or list of entities that have shipped CHPL items to Russia. Customers’ controls should include (i) restricted party screenings, (ii) heightened due diligence for export, reexports, or transfers to sanctioned countries, such as Russia, and (iii) enhanced due diligence for items on the EAR’s Commerce Control List or the CHPL.
- Ongoing Reviews of Transactions for Red Flags: BIS recommends that financial institutions conduct ongoing reviews of transactions for red flags to minimize GP 10 violations. To the extent financial institutions learn of red flags after processing payments for specific transactions, financial institutions should take action as necessary to prevent EAR violations before proceeding with transactions involving the same customer or counterparties. Financial institutions should use a risk-based procedure to detect and investigate red flags as the presence of certain individual red flags may be sufficient to constitute “knowledge” under the EAR. BIS specifically suggests that a financial institution refrain from future transactions with relevant parties if it encounters certain red flags (e.g., customers refusing to provide details about end-user(s), intended end-use(s), or company ownership; parties matching names on restricted party lists; transactions involving companies at high-risk addresses; or last-minute changes in payment routing from countries of concern through a different country or company).
- Real-Time Screening: BIS recommends that, to the extent they are not already, financial institutions implement real-time screening against certain BIS-administered restricted party lists for cross-border payments and transactions likely associated with exports from the United States or reexports and in-country transfers outside of the United States. BIS advises that real-time screening include all transaction parties known to the financial institution in the ordinary course of business, but it does not expect financial institutions to request additional names of parties for the sole purpose of conducting real-time screening.
Many financial institutions already use these types of compliance procedures to identify potentially problematic transactions and BIS is encouraging them to leverage them to focus on export-control risks. BIS expects financial institutions to report suspicious activity related to EAR violations using the appropriate Suspicious Activity Reports-related terms (e.g., “FIN-2022-RUSSIABIS” for potential Russian and Belarusian export control evasion attempts) and encourages parties to submit voluntary self-disclosures for potential EAR violations.