Pull quote: “Every export—every single one—has a related financial transaction”

You are a banker. You do bankery things. You look at the ledgers, you tot up the numbers, you manage the accounts. Maybe you make loans, maybe investments but, broadly, you move money around to the places it should be (and out of the places it should not be).[1] The one thing you do not do is pack up a box of widgets and ship them to a customer in another country.

However, the U.S. Department of Commerce, Bureau of Industry and Security (BIS), has issued a warning that you—a banker—should be maintaining “ongoing” export due diligence. This news may liven up your routine. You are now a banker and (sort of) an exporter.

We understand that modern banks maintain robust and sophisticated diligence infrastructure to detect and prevent fraud, money-laundering, terrorist financing, sanctions violations, and a host of other potential financial crimes. Now, those who have not already, will need to add export compliance to that list. You will be responsible for exports that are not your exports, but that are now your responsibility (and, critically, part of your liability risk exposure).

Overview of the Guidance

The guidance issued by BIS underscores the expanded role of Financial Institutions (FIs) in preventing violations of export controls. It highlights the need for “ongoing” due diligence by those Fis, including transaction reviews for red flags and, in certain circumstances, real-time screening of transactions.

1. The Scope of EAR for Financial Institutions: BIS understands that exports are in a better position to understand whether an item is “subject to the EAR,” but BIS expects FIs to understand that, generally, most items shipped from the United States will be subject to the EAR. Additionally, nearly all foreign-made semiconductors, particularly those that bear the name of a company headquartered in the United States, are subject to the EAR when destined to Russia, Belarus, Iran, or a Russia/Belarus-Military End User or Procurement entity. That scope appears particularly broad when considered in light of General Prohibition 10, prohibiting financing or otherwise servicing an item subject to the EAR with knowledge a violation has occurred. Further, that “knowledge” may be inferred from conscious disregard or willful avoidance (e.g., not conducting proper due diligence).
2. EAR-Related Due Diligence: FIs are advised to incorporate an EAR component into their existing risk management and compliance processes, which includes screening customers against restricted-party lists maintained by BIS and other U.S. agencies. For instance, BIS recommends reviewing customers against its end-user restriction lists (e.g., through the Consolidated Screening List), as well as incorporating list of entities that have shipped Common High Priority List item to Russia since 2023 (e.g., from commercial service providers). While these lists to not automatically prohibit an FI from dealing the customer, BIS recommends that these should carry weight in the customer’s risk profile.
3. Ongoing Reviews of Transactions for Red Flags: Beyond initial due diligence, FIs are expected to monitor transactions on an ongoing basis for potential red flags indicative of export control evasion. This involves a post-transaction review process, where FIs assess transactions against known red flags and take necessary actions to prevent future violations.
4. Real-Time Screening: In specific scenarios likely to be associated with exports from the United States, FIs are encouraged to conduct real-time screening of transactions against BIS-administered restricted-party lists. Those lists include the BIS Denied Persons Lists, certain Military-intelligence end-users, and the Entity List. BIS recommends screening all listed customers on an interbank financial message against those lists.

Implications for Financial Institutions

This shift in the FIs’ role in export control compliance reflects an understanding that, as assistant secretary of BIS Matthew Axelrod stated, “every export—every single one—has a related financial transaction.”That places FIs at a pivotal point in the enforcement of export controls. FIs must now ensure they have the necessary systems in place to conduct both ongoing and real-time screening of transactions, a task that may require substantial investment in compliance infrastructure.

Furthermore, the guidance emphasizes the concept of “knowledge” in the context of export controls, indicating that FIs may not ignore red flags that suggest a high probability of export control evasion. That position on what constitutes “knowledge” by an FI places a greater onus on FIs to investigate and resolve any red flags encountered during the course of their business activities.

How Financial Institutions Approach the New Risks

The expanded responsibilities of FIs outlined in BIS’s new guidance create a new risk vector for many banks. Penalties for export violation can stack up where each item exported is considered a separate violation, and the knowledge standard of the EAR means that penalties can accrue before they are a blip on your radar—only because they should have blipped on your radar. That means if BIS thinks a FI should have known about export violation, that FI could—at the very least—receive an administrative subpoena regarding the underlying export transaction.

FIs must now quickly assess and respond to the expanded compliance obligations, ensuring they have the necessary processes and technologies in place to meet the heightened due diligence expectations. That work will likely entail certain operational adjustments and, potentially, investments in increased compliance infrastructure. We will continue to monitor developments in the regulation and enforcement and report them here.

FOOTNOTES

[1] I must confess that, though I serve as sanctions counsel to a dozen or so major global financial institutions, the term “banker” still calls to mind an Edwardian Mr.-Banks-from-Mary Poppins character. So, this vignette of the life of a banker may be somewhat off the mark.