Bureau of Industry and Security Issues New Guidance to Financial Institutions on Best Practices for Export Administration Regulations Compliance Best Practices

In October 2024, the Bureau of Industry and Security (“BIS”) issued new guidance to financial institutions (“FIs”) on best practices for compliance with the Export Administration Regulations (“EAR”). This guidance outlines best practices for FIs to ensure comprehensive compliance with the EAR, managed by the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”). While EAR compliance has traditionally been a primary concern for exporters, FIs’ responsibilities have significantly expanded following Russia’s 2022 invasion of Ukraine and the strengthened national security measures aimed at curbing China’s military modernization and human rights violations. This document provides detailed strategies for FIs, covering due diligence protocols, ongoing transaction monitoring, and real-time screening practices to help mitigate the risk of inadvertent EAR violations, including General Prohibition 10 (“GP 10”).

EAR and GP 10 Background

The EAR regulate the export, reexport, and in-country transfer of dual-use items — products, software, and technology with both commercial and military applications — alongside specific military items. These regulations cover items “subject to the EAR,” including all items within the United States and U.S.-origin products abroad that meet defined criteria. Notably, foreign-made products containing a significant portion of U.S.-origin controlled content are also covered. Under GP 10, FIs and individuals, regardless of their location or nationality, are prohibited from financing or facilitating any item subject to the EAR if they have knowledge or reason to know of an actual or intended EAR violation.

Recommended Best Practices

• EAR-Related Due Diligence: Integrate EAR-specific due diligence into customer onboarding processes and regular risk assessments. This step should involve screening customers against BIS’ restricted-party lists, such as the Entity List, Military End-User List, Unverified List, and Denied Persons List. The Consolidated Screening List (“CSL”) should be utilized for thorough checks, as it aggregates data from multiple U.S. agencies, including the Office of Foreign Assets Control (“OFAC”) and the Directorate of Defense Trade Controls (“DDTC”).
• Enhanced Transaction Reviews: Maintain ongoing transaction surveillance to identify potential “red flags” that may signal EAR violations. Common red flags include customers’ refusal to provide critical details (e.g., end-user or intended end-use information), matches to restricted-party lists, involvement of addresses linked to high diversion risk, and last-minute changes in payment routes involving high-risk countries. If such red flags are detected, FIs should investigate and resolve them before proceeding with related transactions.
• Real-Time Screening Protocols: Although BIS does not require real-time screening for all transactions, it recommends FIs implement this practice for high-risk transactions, particularly those involving cross-border payments associated with U.S. exports or foreign reexports. This real-time screening should include checks against the BIS Denied Persons List, entries on the Entity List with specific designations (e.g., footnote 3 or 4 designations), and military-intelligence end-users from specific nations.

Reporting and Compliance

FIs are expected to report suspicious activities through Suspicious Activity Reports (“SARs”) using designated key terms related to potential EAR violations. For example, SARs related to export control evasion attempts should reference key terms like “FIN-2022-RUSSIABIS” or “FIN-2023-GLOBALEXPORT.” In cases where violations are suspected, BIS encourages FIs to submit Voluntary Self-Disclosures (“VSDs”), which can be sent electronically to BIS for review.

Ongoing Monitoring and Adaptation

EAR compliance is a dynamic process that requires continuous attention. BIS frequently updates its restricted-party lists and trade-related data. FIs should regularly check these updates to ensure current information informs their risk assessments. Furthermore, FIs should extend their due diligence to review customers’ downstream clients, particularly those involved in high-priority exports to restricted regions.

Investigating and Resolving Red Flags

If red flags emerge during a post-transaction review, FIs must take swift action. Examples of red flags that could constitute “knowledge” of a potential EAR violation include:

• A customer’s refusal to disclose essential end-use or end-user details.
• Transaction parties’ names matching restricted-party lists.
• Associations with addresses known for diversion risks.
• Unanticipated changes in transaction routing, especially involving countries of concern.

Resolution steps may include confirming that the item in question is not subject to the EAR, determining whether it falls within a permissible license exception, or verifying authorization through a BIS-issued license.

Proactive Measures and Real-Time Safeguards

While BIS acknowledges that real-time transaction screening may be challenging, it emphasizes the importance of proactive measures. For transactions flagged during reviews, FIs should ensure subsequent dealings are scrutinized and corrective actions are taken as needed. When BIS or FinCEN shares new information related to suspicious activity, FIs should integrate that intelligence promptly to refine their compliance strategies and avoid further exposure.

Conclusion

By adopting robust EAR-related due diligence, conducting thorough transaction reviews, and implementing real-time screening where appropriate, FIs can better navigate the complex regulatory landscape of EAR compliance. These practices help safeguard against potential violations, reduce liability risks, and ensure alignment with U.S. national security and foreign policy objectives.