New BIS Guidance Recommends That Financial Institutions Implement Export Control Due Diligence

Enforcement Edge: Shining Light on Government Enforcement

By Bell Johnson Junghyun Baek Tal R. Machnes Michael A. Mancusi Soo-Mi Rhee Kevin M. Toomey

On October 9, 2024, the U.S. Commerce Department, Bureau of Industry and Security (BIS) issued new guidance to financial institutions on how to comply with and minimize the risk of violating the Export Administration Regulations (EAR). Through this new guidance, BIS is affirmatively recommending that financial institutions implement EAR-related due diligence procedures within their existing compliance programs.

The guidance includes best practices for financial institutions and focuses on General Prohibition 10 under the EAR, which prohibits, among other things, any person, regardless of location, from financing or servicing any item that is subject to the EAR with knowledge that a violation of the EAR has occurred, is about to occur, or is intended to occur. The EAR defines “knowledge” as not only positive knowledge that the circumstance exists or is substantially certain to occur, but also an awareness of a high probability of its existence or future occurrence.

To avoid implicating this EAR prohibition, BIS is now recommending several best practices for financial institutions, including:

Integrating BIS’ end user restrictions in existing screening procedures: While entities and individuals subject to these end user restrictions do not necessarily prevent such persons from receiving financial services from a financial institution, those restrictions are important to consider when evaluating the customer’s overall risk profile and due diligence procedures for that customer going forward. If a financial institution is engaging with a listed entity, BIS recommends that financial institutions ask their customers to certify to the health of their own EAR compliance programs and controls.
Update risk-based procedures to detect red flags post-transaction: BIS recommends that financial institutions review transactions on an ongoing basis for potential EAR violations, but cautions that this does not need to be done in real time. In other words, BIS recognizes that financial institutions might not have sufficient information before proceeding with each transaction but may acquire additional information post-transaction. These post-transaction red flags should then be considered before proceeding with any future transaction involving the same customer or counterparties, as these red flags may be sufficient to constitute “knowledge” under the EAR. BIS, together with the U.S. Department of the Treasury’s Financial Crimes Enforcement Network, has previously issued joint notices on red flags that may assist financial institutions in flagging transactions aimed at evading U.S. export controls.

BIS acknowledges that financial institutions may not always be in the best position to know the exact details about a specific transaction and often must rely on exporters to have this information. That said, BIS specifically highlighted that financial institutions should be aware and scrutinize transactions involving items on the Common High Priority List if destined to Russia. In addition, financial institutions should be aware that items shipped from the United States are generally subject to the EAR, with narrow exceptions, and under BIS’ foreign direct product rules, nearly all foreign-produced microelectronics and integrated circuits, including items bearing the brand name of a company headquartered in the United States, are subject to the EAR when destined for Russia, Belarus, or Iran, or a Russia/Belarus-Military End User or Procurement entity anywhere in the world, regardless of where such items are manufactured.

To best protect financial institutions from inadvertently violating the EAR, BIS recommends the actions described above, including real-time screening of all parties in each transaction against BIS’ end user lists. For example, if a party to the transaction is a match on one of the lists, the bank should decline to proceed with the transaction until it can determine that the underlying transaction is authorized under the EAR or alternatively not subject to the EAR. Furthermore, financial institutions should continue to report all suspicious activities using appropriate suspicious activity report terms.

The latest guidance highlights the U.S. government’s expectation that all parties to a transaction must be aware of potential attempts to evade U.S. export control restrictions, not just those entities involved in the actual shipment of goods. Financial institutions should review their internal compliance programs and ensure that relevant export control provisions are included.

For questions about U.S. export controls or sanctions, contact the authors or any of their colleagues in Arnold & Porter’s White Collar Defense & Investigations or Export Control & Sanctions practice groups.

© Arnold & Porter Kaye Scholer LLP 2024 All Rights Reserved. This Blog post is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.