Financial Institutions Face Greater Export Controls Compliance Risk Under New BIS Guidance

6 minute read | November.11.2024

Financial institutions face significant new compliance obligations under export control guidance issued by the Commerce Department’s Bureau of Industry and Security (BIS) last month. With a focus on exports to Russia and China, BIS has:

Prioritized enforcement against financial institutions that provide services if they have reason to know an underlying transaction violates export controls.
Established that BIS will consider financial institutions to have had reason to know the unlicensed supply of any semiconductors to Russia violates export controls.

Given the broad reach of U.S. export controls, both U.S. and non-U.S. financial institutions should evaluate and consider bolstering their transaction screening and other compliance procedures.

A Departure From Traditional Practice

The law has always required financial institutions to comply with applicable U.S. export controls. That includes General Prohibition 10 (GP 10), which prohibits:

Financing or servicing any item subject to U.S. export controls with knowledge or reason to know a violation of export controls has occurred or will occur.
Financing or facilitating certain activities with knowledge or reason to know they involve weapons of mass destruction or military-intelligence programs.

A Key Change

BIS expects financial institutions to detect and report potential export control violations. However, it has not traditionally sought to hold financial institutions liable under GP 10.

Past practice: Financial institutions typically have relied on information from exporters to comply with export controls. The rationale was that exporters generally have more information about whether an item is subject to export controls.

Within the past several years, BIS and the Treasury Department’s Financial Crimes Enforcement Network have issued a series of guidance about “red flags” that may signal export control evasion.
Such guidance emphasized the importance of detecting and reporting suspicious activity, including through a financial institution’s trade finance activities, as part of an institution’s Bank Secrecy Act (BSA)/anti-money laundering compliance program.

Future focus: BIS is shifting its approach. It now expects financial institutions to perform export-related due diligence, screen against BIS restricted party lists and monitor transactions rather than generally relying on information from an exporter.

Key Components of a Robust Export Compliance Program for Financial Institutions

BIS recommends that financial institutions take steps to identify customers, counterparties and transactions that pose higher risks. It encourages them to focus on the following areas:

1. Due Diligence

BIS urges financial institutions to:

Screen all known parties to the transaction.
- BIS urges real-time screening against BIS-administered restricted party lists, such as the Unverified List, Entity List, Military End-User List and Denied Persons List, for cross-border payments and other transactions likely associated with exports from the United States.
- If a financial institution identifies a match in real-time, it should stop to investigate and proceed only if the export is authorized.
Review customers and, where appropriate, customers’ customers, against lists of entities that have shipped Common High Priority List (CHPL) items to Russia since 2023 to detect any export control evasion red flags.

Resolving screening matches and investigating red flags may require financial institutions to train and possibly add employees.

Financial institutions generally may provide services unrelated to export transactions to persons included on BIS restricted party lists. However, BIS recommends that financial institutions:

Heavily weigh a party’s inclusion on one of such lists in determining a customer’s risk profile.
Determine whether such customers are engaged in the export, reexport or transfer of items subject to U.S. export controls, and if so, ask them to certify as to sufficient controls in place to ensure export control compliance measures, such as screening against BIS restricted party lists and conducting heightened due diligence for destinations such as Russia and for CHPL items.

2. Ongoing Transaction Review for Red Flags

With the exception of screening against restricted party lists, BIS generally does not expect financial institutions to review transactions for export controls red flags in real time. However, BIS recommends risk-based procedures to help institutions detect and resolve red flags discovered post-transaction.

BIS expects that financial institutions act to prevent U.S. export control violations before engaging in future transactions involving the same customer or counterparty that was involved in a prior transaction that raised red flags, including, if appropriate, by terminating a customer relationship. If a financial institution engages in transactions with a customer or counterparty that has unresolved red flags, BIS will impute knowledge of a violation to an institution.

The BIS guidance includes red flags that indicate a “high probability” of export control evasion, including:

A refusal to provide details about end-users, end-use or company ownership.
A match or close match with a name on a restricted party list.
An address match with parties on the Entity List or OFAC’s SDN List.
Last-minute changes in payment routing from a country of concern to a different country or company.

Financial institutions may resolve red flags by confirming a given item is not subject to U.S. export controls or that the transaction is authorized, including by requesting a copy of a license. Financial institutions can rely on a customer’s representation unless they have reason to know it may be false.

Practical Considerations: 9 Things Financial Institutions Should Consider

BIS provides little detail on how institutions should implement the guidance, although it will require significant cost, time and effort for most. U.S. financial institutions should consider the following steps:

Assess the institution’s exposure to cross-border payments and trade activity, particularly with respect to Russia and China. Calibrate compliance measures.

For example, a retail-focused community bank is much less likely to face exposure to export control risks than a bank with a significant trade finance operation.
Given BIS’s focus on Russia and China, risk-based compliance measures should adequately cover those geographies.

Identify customers or customer segments active in international exports and trade, particularly those involving Russia and China, as well as customers more likely to deal in items subject to U.S. export controls.
Identify whether the institution uses BIS-administered restricted party lists to screen customers and transactions. If not, commence using them as appropriate.
Adopt or amend policies and procedures that reflect a commitment to export control compliance. Raise awareness among employees of export control requirements.
Assess the expertise of employees to analyze flagged transactions. Supplement as necessary.
Consider how red flags mentioned in past regulatory communications may apply. Document conclusions and rationale.
Consider using or adjusting algorithms for transaction monitoring tools to monitor for red flags.
Verify the effectiveness of internal escalation mechanisms.
Identify customers and transactions to screen against the additional lists on a risk basis.

Next Steps

What we know: The guidance notes repeatedly that failing to implement effective compliance controls increases the risk of violating GP 10.

The guidance follows a recent BIS final rule that increased penalty caps. The rule also provided BIS more discretion in resolving enforcement matters.
Taken together, the pronouncements signal an intent to step up enforcement.

What we don’t know: It is unclear how assertively federal and state prudential regulators will examine financial institutions for compliance with the BIS guidance.

Perhaps more than any other factor, this will impact the level of attention and resources institutions must devote to the BIS guidance.
Notably, the guidance borrows from concepts associated with BSA compliance.
- It incorporates BSA monitoring and reporting requirements.
- Regulatory scrutiny of export control compliance likely will lead to scrutiny under the BSA.
- If that happens, financial institutions can expect more pressure to strengthen export controls compliance.

If you have questions regarding the matters discussed above, please reach out to any of the Orrick lawyers listed in this publication or another Orrick contact.

Authors

Harry Clark Partner, International Trade and Investment, Mergers & Acquisitions

Washington, D.C.

See my bio

D:+1 202 339 8499
E: [email protected]

Practice:

Technology & Innovation Sector
International Trade and Investment
Mergers & Acquisitions
Responsible Business
Strategic Advisory & Government Enforcement (SAGE)

vCard

See full bio

Harry Clark Partner

Washington, D.C.

Harry is experienced in areas such as CFIUS/Exon-Florio examinations of foreign investment, military and “dual use” export control regulations (ITAR/EAR), economic sanctions administered by the U.S. Treasury Department (OFAC), customs regulations, the Foreign Corrupt Practices Act, anti-money laundering rules, anti-boycott requirements and defense industrial security requirements. He executes internal corporate investigations regarding trade and investment rules and advises on such rules in the context of corporate transactions.

Additionally, Harry has extensive experience with government contracting matters. His government contracting work has included, for example, design and implementation of U.S. Defense Department renewable energy projects. He also represents broad industry coalitions on major trade litigations and international negotiations. His experience in these areas includes a leading role in what is often considered the largest-ever international trade dispute: the controversy regarding unfair softwood lumber imports from Canada. It has involved myriad administrative proceedings before federal agencies, NAFTA panel appeals, WTO dispute proceedings, judicial proceedings and international settlement agreements.

Harry has represented a coalition of major U.S. oil companies in antidumping and countervailing duty litigation. As a related matter, he pursues policy issues with congressional and executive branch officials and advises on international trade rules (e.g., GATT, WTO agreements and NAFTA).

Chambers 2022 recognizes Harry as a leader in the field of export controls and economic sanctions (Chambers Global and Chambers USA), as well as CFIUS (Chambers USA). Previous editions have also recognized Harry’s achievements regarding his work related to the Foreign Corrupt Practices Act. Clients note that Harry provides “accurate, straightforward guidance incredibly efficiently” and “he has an ability to translate complex legal requirements and rules into business-friendly jargon.”

Jeanine P. McGuinness Partner, International Trade and Investment, FCPA & Anti–Corruption

Washington, D.C.

See my bio

D:+1 202 339 8543
E: [email protected]

Practice:

International Trade and Investment
FCPA & Anti–Corruption
Anti‐Money Laundering and Bank Secrecy Act
Mergers & Acquisitions
Responsible Business
Strategic Advisory & Government Enforcement (SAGE)

vCard

See full bio

Jeanine P. McGuinness Partner

Washington, D.C.

Jeanine’s clients include major U.S. and foreign financial institutions, and pharmaceutical, technology, telecommunications, energy, and natural resources companies.

Examples of Jeanine’s experience include:

Represents clients in preparing voluntary self-disclosures, administrative subpoena responses and license applications, and represents companies in connection with enforcement actions by the Treasury Department’s Office of Foreign Assets Control (OFAC)
Provides policy and compliance advice to clients affected by frequent changes in U.S. sanctions, including sanctions targeting Iran, Cuba, and Russia/Ukraine
Assists foreign purchasers of U.S. companies in national security reviews, including navigating the CFIUS process, through preparation of notices, meetings with CFIUS member agencies, advising on follow-on investigations, and negotiating and implementing mitigation agreements
Assists clients in developing and updating economic sanctions, anti-money laundering, and anti-corruption compliance policies and procedures
Represents financial institutions in connection with U.S. federal and state enforcement actions regarding compliance with U.S. anti-money laundering laws and regulations
Represents lenders, underwriters, borrowers, and issuers in international lending and capital markets transactions regarding sanctions, anti-corruption, and anti-money laundering issues
Advises a U.S. trade association and its member banks regarding U.S. sanctions, anti-corruption, and anti-money laundering issues in lending transactions, and prepares guidance for the industry on these matters
Advises financial institutions on the application of U.S. anti-money laundering regulations, with specific emphasis on customer identification program (CIP)/know your customer (KYC)/customer due diligence (CDD) requirements and suspicious activity reporting requirements
Regularly advises private equity and hedge funds regarding compliance with U.S. anti-money laundering and sanctions laws and regulations, including with respect to appropriate provisions in subscription materials and enhanced due diligence on high-risk investors
Advises clients regarding sanctions-related inquiries from the Securities and Exchange Commission (SEC) and state agencies implementing divestment laws and assists clients in preparing sanctions-related disclosure for inclusion in annual reports to the SEC

Jeanine is ranked in both the CFIUS Experts and Export Controls & Economic Sanctions categories by Chambers USA in 2019, 2020, 2021, and 2022. An interviewee had this to say of their experience working with Jeanine, “I am continuously impressed by her extensive knowledge, excellent communication skills and her ability to wrap her subject matter expertise around the details of the matter and then drive conclusions or recommendations for next steps."

Elizabeth Zane Partner, International Trade and Investment, Mergers & Acquisitions

Washington, D.C.

See my bio

D:+1 202 339 8532
E: [email protected]

Practice:

International Trade and Investment
Mergers & Acquisitions
Strategic Advisory & Government Enforcement (SAGE)

vCard

See full bio

Elizabeth Zane Partner

Washington, D.C.

Elizabeth's experience includes work on internal investigations, voluntary disclosures, commodity jurisdiction requests and developing and implementing compliance programs. She also advises clients on government contracting matters.

Benjamin Hutten Partner, Anti‐Money Laundering and Bank Secrecy Act, Financial & Fintech Advisory

New York

See my bio

D:+1 212 600 2333
E: [email protected]

Practice:

Anti‐Money Laundering and Bank Secrecy Act
Financial & Fintech Advisory
Strategic Advisory & Government Enforcement (SAGE)
White Collar, Investigations, Securities Litigation & Compliance
Fintech

vCard

See full bio

Benjamin Hutten Partner

New York

Ben has a deep understanding of sanctions and AML regulations and enforcement. In addition to his client work, he has participated in numerous financial industry group regulatory initiatives related to sanctions and AML issues, including The Clearing House Guiding Principles for Anti-Money Laundering Policies and Procedures in Correspondent Banking, initiatives to address “de-risking” and related to BSA information sharing. Ben also conducts international trainings in AML and sanctions issues for the Financial Services Volunteer Corps.

He has been recognized by Best Lawyers in America as "One to Watch" and by Super Lawyers as a "Rising Star." Prior to joining Orrick, Ben was counsel at Buckley LLP and an associate at Sullivan & Cromwell LLP.

Maria Sergeyeva Senior Associate, International Trade and Investment, Strategic Advisory & Government Enforcement (SAGE)

Washington, D.C.

See my bio

D:+1 202 339 8482
E: [email protected]

Practice:

International Trade and Investment
Strategic Advisory & Government Enforcement (SAGE)

vCard

See full bio

Maria Sergeyeva Senior Associate

Washington, D.C.

Maria's previous experience as a member of the Mergers and Acquisitions group is instrumental in her reviews of the trade aspects of various M&A and other cross-border transactions.

Maria draws upon her experience in Washington, D.C., Moscow (Russia) and Almaty (Kazakhstan) to approach her work with a broad perspective on international trade-related and other matters. Prior to joining Orrick, Maria worked at the Office of the General Counsel of a multilateral development bank, handled tax and legal matters at one of the Big Four accounting firms, and oversaw the design and implementation of an export compliance program for an international development firm and a U.S. government contractor.

Related Areas

Markets

Washington, D.C.