U.S. Department of Commerce Provides More Prescriptive Guidance for Financial Institutions Seeking to Comply with Export Controls

Client Alert  |  October 21, 2024


The advisory is another indication of the U.S. government’s increasing focus on financial institutions in the implementation and enforcement of export controls.

On October 9, 2024, the U.S. Department of Commerce, Bureau of Industry and Security (“BIS” or the “Bureau”) issued the latest in a series of advisories to financial institutions (“FIs”) regarding the evolving regulatory expectations for FIs and their compliance obligations with U.S. export controls that regulate the transfer of U.S. commodities, software and technology (“goods”) around the world.[1] 

This advisory is another indication of the U.S. government’s increasing focus on financial institutions in the implementation and enforcement of export controls.  While banks have long been viewed as on the frontlines of sanctions implementation and enforcement, they have traditionally not been a principal tool of export controls implementation.  This has been so in large part given the fundamental challenge of FIs providing trade finance and other products to definitively know what its customers are importing and exporting using bank financing.  This is no longer the case. 

This latest issuance is the most prescriptive and detailed advisory BIS has released regarding the specific types of controls that the Bureau expects FIs to employ in order to mitigate the risk that their financial services support violations of U.S. export controls.  It does so, even as it acknowledges the continued challenges and limitations for FIs when it comes to identifying export controls risks in the ordinary course of business acting as a financial services intermediary.  The guidance, for the first time, provides the Bureau’s strong suggestions as to the controls and legal standards it expects.  Importantly, the Bureau has tried to appropriately tailor these expectations to the limitations stemming from how FIs operate. 

Despite is strides towards clarity with respect to regulatory expectations for FIs, ambiguities remain, and this will continue to be an area of uncertainty and risk as banks and other FIs work to operationalize the controls called for in the guidance. 

Below we discuss some of the key elements and takeaways.

“Prohibition 10” and Evolving BIS Expectations for Financial Institutions

Historically, export controls compliance and related risk has been a concern primarily for the commercial parties who export or reexport the items subject to these controls.  However, in recent years, as restrictions mounted and export controls began to play a much more central role in U.S. efforts to confront major geopolitical challenges (including, but no limited to, China and Russia), BIS has increasingly signaled that intermediaries who provide services related to the movement of these items are also in the crosshairs.  Initially focused on freight forwarders and distributors of controlled goods and technologies, BIS also began to focus on the FIs who finance or otherwise facilitate underlying trade transactions.

As laid out in the October 9th guidance, the primary regulatory risk for financial institutions acting as intermediaries stems from General Prohibition No. 10 (“GP 10”) of the Export Administration Regulations (“EAR”).  This extremely broad and temporally and geographically unbounded regulation prohibits the financing or servicing of an item subject to the EAR “with knowledge that a violation of the EAR has occurred, is about to occur, or is intended to occur in connection with the item.” 

BIS exercises very far reaching jurisdiction under the EAR.  As the guidance notes, items “subject to the EAR” include all items in the United States, including in a U.S. Foreign Trade Zone or moving in-transit through the United States from one foreign country to another (with certain exceptions); U.S.-origin items wherever located; certain foreign-made items that incorporate more than a de minimis amount of U.S.-origin controlled content; and even completely foreign-produced items if they are produced using certain controlled U.S. software, technology, or tools.   

Thus, parties to an export, reexport or even an in-country transfer of items anywhere in the world can potentially find themselves subject to the EAR, even where there may not appear to be any U.S. nexus to the transaction.  As the guidance indicates, BIS jurisdiction is not dependent on the involvement of U.S. persons or U.S. FIs, although there are provisions in the EAR which do apply specifically to U.S. persons (including U.S. FIs) anywhere in the world, prohibiting them from financing or otherwise supporting certain specified activities (and as we noted in a previous Gibson Dunn alert, these latter U.S. person support rules are poised to expand).[2] 

Accordingly, under GP 10, BIS  jurisdiction can reach the activities of FIs around the world.  This jurisdiction exists regardless of whether U.S. or non-U.S. institutions are involved or if institutions are engaging in transactions in the United States or using the U.S. Dollar.  Jurisdiction is based solely on the product in question. 

The standard of “knowledge” within GP 10 concerns not only positive knowledge that a specific circumstance exists or is substantially certain to occur, but also an awareness of a high probability of its existence or future occurrence.  On an enforcement basis, this can be inferred from a FI’s conscious disregard or willful avoidance of certain facts.

The challenge for banks and other FIs who act as intermediaries or service providers to customers involved in trade has been how to identify circumstances where a FI would be deemed by BIS to be acting with such requisite knowledge.  FIs are typically given limited information regarding such trade – often lacking the full list of parties, the nature of the items being exported, how items are to be used, and the types of services involved in an underlying trade transaction.  Each of these considerations speaks to whether U.S. export control authorizations would be required – and thus whether an underlying transaction could give risk to an EAR violation if such authorizations were not received.

Over the past several years, BIS, working with other U.S. agencies and U.S.-allied governments, has taken a number of steps to increase awareness of export controls risks.  This has included, among other things, providing industry with a list of potential red flags which indicate possible export control issues as well as more detailed information about goods that are of heightened concern (to provide some notice that particular transactions deserve greater diligence).[3]  These actions have effectively lowered the bar in terms of what BIS may need to do to establish that an intermediary acted with “knowledge,” and consequently inconsistent with GP 10.

This recent BIS guidance, acknowledging the challenges that remain for FIs, offers further, more concrete recommendations, cautions and prescriptions to address the GP 10 risks and BIS diligence expectations regarding the evolving knowledge standard.

Recommended Controls for FIs

The October 9th guidance recommends FIs implement controls around customer due diligence and screening, post-transaction reviews for potential red flags and, in certain circumstances, real-time transaction screening, to avoid violations of GP 10.

Specifically, BIS advises:

  • screening customers against the Consolidated Screening List, which includes against various BIS restricted party lists (which indicate various, often highly technical and nuanced, transfer restrictions for goods subject to the EAR) before onboarding and as part of a periodic due diligence refresh;
  • screening customers – “and, where appropriate, customers’ customers” – against a list maintained by the non-governmental organization Trade Integrity Project (“TIP”) of entities which have allegedly shipped items on the “Common High Priority List” to Russia;
  • where a customer is identified on a BIS restricted or TIP list, and the FI determines the customer is involved in transactions involving U.S. exports, seeking a certification from the customer that it complies with the EAR, as well as employing enhanced due diligence controls on that customer’s trade transactions;
  • employing post-transaction, risk-based assessments to identify possible export controls-related red flags;
  • where a red flag is uncovered post-transaction and cannot be resolved satisfactorily through requests for further information from the customer, refraining from processing future transactions related to the parties associated with the red flags; and,
  • in certain circumstances involving “cross-border payments and other transactions that are likely to be associated with exports from the United States (or re-exports or in-country transfers outside the United States),” conducting real-time screening against a subset of BIS restricted persons and addresses and halting processing of the transaction until and unless the FI can obtain comfort the transaction is not prohibited under the EAR.

FIs are also reminded that they are required to report any suspicious activities related to potential EAR violations to the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) via the filing of Suspicious Activity Reports (SARs).  FIs are also encouraged to submit Voluntary Self-Disclosures to BIS if deemed necessary.  Following an FI’s filing of a SAR with FinCEN, BIS may, under certain circumstances, provide the FI with additional information that would establish “knowledge” under GP 10, which then obliges the FI to take further steps in ensuring compliance (e.g., by termination of the customer relationship). 

Key Takeaways and Open Questions

The October 9th guidance moves the needle in terms of providing FIs with concrete steps they can take to begin addressing their evolving export compliance risks, and it provides some comfort concerning BIS’s expectations about compliance standards and expectations.  However, there remains ambiguity, and some of the recommended controls will be operationally challenging for most FIs to implement.  We address a few of the key takeaways and potential issues below.

Reasonable Reliance

BIS explicitly recognizes the relative disparity in information which FIs have about goods underlying a trade transaction compared with the commercial parties to the transaction, and the guidance notes that FIs may “generally rely on their customers’ representations regarding compliance…unless such reliance would be unreasonable – for example, when the FI has reason to know that such representations may be false.” 

This is a welcome further ratification of the principle that most FIs have long followed – namely that they should be able to reasonably rely on a customer’s attestations and representations regarding the nature of any items it is exporting using the FI’s services.  Moreover, this confirms that the FI itself is, in most circumstances, not expected to conduct its own independent investigation of the goods being transacted by their customers.  In order to be complete such an analysis would require not just a technical assessment of the types of goods being traded (and an assessment of their sensitivity), but also the end users and end uses for such goods.   

Focus on Customer Due Diligence and Post Transaction Review, Not Real-time Screening

FIs may also take some comfort that, as a general matter, BIS is not expecting them to engage in real time screening of transactions as a preventative measure.  BIS recognizes the challenges that would arise from requiring a real-time ‘catch-and-release’-type control to triage export controls risks in transaction processing similar to the way FIs are expected to triage risks associated with economic sanctions. Instead, the October 9th guidance explicitly states that, generally, “BIS does not expect FIs to engage in real-time screening of parties to a transaction to prevent violations of GP 10.” 

This is welcome acknowledgement that the U.S. Government understands the difficulties (and likely significant challenges to the ready flow of global commerce) that FI’s would face in attempting to screen underlying goods at the point of transaction processing.    

But…Some Real-Time Screening?

However, the BIS guidance does recommend real time screening in certain situations – namely  “cross-border payments and other transactions that are likely to be associated with exports from the United States (or re-exports or in-country transfers outside the United States),” where those transactions involve a subset of parties or addresses restricted under various BIS rules and lists.  The identified lists are generally those that are the most restrictive and apply to transactions that involve items that are “subject to the EAR,” even if such items are not particularly sensitive (e.g., those that do not have a dual civilian and military use).

In those circumstances, BIS “recommends that FIs decline to proceed with a transaction until the FI can determine that the underlying export, reexport, or transfer (in-country) is authorized under the EAR (or alternatively not subject to the EAR).  Failure to do so risks liability for a knowing violation of the EAR under GP 10.” 

Absent further guidance from BIS, this recommendation to real-time screen in limited situations creates ambiguity and some operational and enforcement risk for FIs.  

It will be challenging to determine which cross-border payments or transactions are “likely” to be associated with exports, reexports or in-country transfers of such items.  In addition, for most FIs, it is technically and/or operationally challenging to employ real time screening against only a specific subset of BIS restricted persons.  Address screening, as a general matter, may also present difficulties when trying to employ an effective and efficient screening program.

Conclusion

The October 9th guidance from BIS is a welcome addition to the U.S. Government’s guidance to FIs working to understand their export control compliance obligations in a rapidly evolving regulatory and enforcement environment.  It provides some clarity concerning specific expectations and regulatory standards in an area of compliance that is new and largely untested for the financial sector.  It is also new and untested for regulators – as such it is not surprising that ambiguities and challenges remain.  

In the interim we assess that it would be a best practice for those FIs involved in international trade to develop a protocol to map out what criteria they will use to assess where within their portfolio of services exists a “likelihood” of GP 10 or other export controls issues.  The challenge will be to do so while staying true to the BIS guidance, being neither under-inclusive and missing risky transactions, or over-inclusive and potentially imperiling the free flow of the significant majority of trade that is without export control issues.   

We will continue to work closely with our clients, with industry and the U.S. Government to share our understandings and to align market practice with regulatory expectations in this space.

[1] “Bureau of Industry and Security Issues New Guidance to Financial Institutions on Best Practices for Compliance with the Export Administration  Regulations,” Oct. 9, 2024.

[2] Proposed Rule, “End-Use and End-User Based Export Controls, Including U.S. Persons Activities Controls: Military and Intelligence End Uses and End Users,” Jul. 29, 2024; Gibson Dunn Client Alert “Proposed Rules Call for Significant Restrictions on Facial Recognition Technologies, Defense Services, U.S. Persons Activities, and New Classes of Foreign End-Users,” Aug. 13, 2024.    

[3] See, e.g.publication of the “Comon High Priority List,” Feb. 23, 2024; “Department of Commerce, Department of the Treasury, and Department of Justice Tri-Seal Compliance Note: Cracking Down on Third-Party Intermediaries Used to Evade Russia-Related Sanctions and Export Controls,” Mar. 2, 2023; “Department of Commerce, Department of the Treasury, Department of Justice, Department of State, and Department of Homeland Security Quint-Seal Compliance Note: Know Your Cargo: Reinforcing Best Practices to Ensure the Safe and Compliant Transport of Goods in Maritime and Other Forms of Transportation,” Dec. 11, 2023; “FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security Urge Increased Vigilance for Potential Russian and Belarusian Export Control Evasion Attempts,” June 28, 2022; publication of a list of private and commercial aircraft who violated GP 10 by flying into Russia, Mar. 18, 2022.  


The following Gibson Dunn lawyers prepared this update: David Wolber, Adam M. Smith, Christopher Timura, and Samantha Sewall.

Gibson Dunn lawyers are monitoring the proposed changes to U.S. export control laws closely and are available to counsel clients regarding potential or ongoing transactions and other compliance or public policy concerns.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. For additional information about how we may assist you, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or the following leaders and members of the firm’s International Trade or Financial Institutions practice groups:

Financial Institutions:
Stephanie Brooker – Co-Chair, Washington, D.C. (+1 202.887.3502, [email protected])
M. Kendall Day – Co-Chair, Washington, D.C. (+1 202.955.8220, [email protected])

International Trade:

United States:
Ronald Kirk – Co-Chair, Dallas (+1 214.698.3295, [email protected])
Adam M. Smith – Co-Chair, Washington, D.C. (+1 202.887.3547, [email protected])
Stephenie Gosnell Handler – Washington, D.C. (+1 202.955.8510, [email protected])
Christopher T. Timura – Washington, D.C. (+1 202.887.3690, [email protected])
David P. Burns – Washington, D.C. (+1 202.887.3786, [email protected])
Nicola T. Hanna – Los Angeles (+1 213.229.7269, [email protected])
Courtney M. Brown – Washington, D.C. (+1 202.955.8685, [email protected])
Samantha Sewall – Washington, D.C. (+1 202.887.3509, [email protected])
Michelle A. Weinbaum – Washington, D.C. (+1 202.955.8274, [email protected])
Mason Gauch – Houston (+1 346.718.6723, [email protected])
Chris R. Mullen – Washington, D.C. (+1 202.955.8250, [email protected])
Sarah L. Pongrace – New York (+1 212.351.3972, [email protected])
Anna Searcey – Washington, D.C. (+1 202.887.3655, [email protected])
Audi K. Syarief – Washington, D.C. (+1 202.955.8266, [email protected])
Scott R. Toussaint – Washington, D.C. (+1 202.887.3588, [email protected])
Claire Yi – New York (+1 212.351.2603, [email protected])
Shuo (Josh) Zhang – Washington, D.C. (+1 202.955.8270, [email protected])

Asia:
Kelly Austin – Hong Kong/Denver (+1 303.298.5980, [email protected])
David A. Wolber – Hong Kong (+852 2214 3764, [email protected])
Fang Xue – Beijing (+86 10 6502 8687, [email protected])
Qi Yue – Beijing (+86 10 6502 8534, [email protected])
Dharak Bhavsar – Hong Kong (+852 2214 3755, [email protected])
Arnold Pun – Hong Kong (+852 2214 3838, [email protected])

Europe:
Attila Borsos – Brussels (+32 2 554 72 10, [email protected])
Patrick Doris – London (+44 207 071 4276, [email protected])
Michelle M. Kirschner – London (+44 20 7071 4212, [email protected])
Penny Madden KC – London (+44 20 7071 4226, [email protected])
Irene Polieri – London (+44 20 7071 4199, [email protected])
Benno Schwarz – Munich (+49 89 189 33 110, [email protected])
Nikita Malevanny – Munich (+49 89 189 33 224, [email protected])
Melina Kronester – Munich (+49 89 189 33 225, [email protected])
Vanessa Ludwig – Frankfurt (+49 69 247 411 531, [email protected])

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.