Typically, the Bureau of Industry and Security (BIS) within the U.S. Department of Commerce administers export controls on end users by designating those persons on one of its public screening lists—e.g., the Unverified List, Entity List, Military End-User List, and Denied Persons List—each with its own compliance requirements. However, BIS also actively identifies and monitors other parties of national security concern that are not on these lists, and often provides individualized alerts to U.S. companies, organizations, and universities regarding higher-risk parties for export transactions and goods that are commonly at risk of being diverted to malign actors.
On July 10, 2024, BIS issued new guidance regarding the various types of notice mechanisms the agency is currently using to identify risks and inform U.S. companies and universities. In the notice, BIS further clarifies the mechanisms it uses to identify and provide individualized alerts to industry and academia of their individualized compliance obligations. In effect, if your organization receives a notice of specific export diversion risks, it is obligated to take action to avoid being involved in unauthorized export activities and associated enforcement actions.
For some of these notice types, if a recipient disregards the notice and proceeds with an export-controlled transaction without BIS authorization, BIS will consider this an “aggravating factor” supporting a more serious penalty in any enforcement action against the U.S. company. By the same token, BIS may count it as a “mitigating factor” when an organization voluntarily furnishes information to BIS after receipt of such notice. In other words, cooperation with the enforcing agency may result in a reduced penalty, even in the event of a finding of wrongdoing.
BIS’s four mechanisms for putting industry and academia specifically on notice of their compliance obligations, as outlined in the BIS guidance released this month, are summarized as follows:
- “Supplier List” Letters pertain to higher-risk foreign parties that are not named on one of BIS’s four public screening lists, but where BIS has received information that indicates that these parties have exported to, or facilitated transactions with, destinations or end users of national security or foreign policy concern. Your organization may receive such a letter whether or not you have previously engaged in transactions with one of the identified diversion-risk suppliers. Upon receipt of a “Supplier List” Letter, the recipient is responsible for screening for red flags within its own organization and resolving them before proceeding with any transaction with an identified supplier. Relevant red flags may be specified in the letter but in any event are outlined in Supplement No. 3 to Part 732 and in BIS’s “Know Your Customer” guidance (here and here).
- “Project Guardian” Requests by BIS are compiled by the agency’s review of industry, news reports, other open-source information, and government data to identify efforts by foreign adversaries seeking to illicitly acquire export-controlled items and associated parties acting on their behalf. The Project Guardian requests call on the recipient to monitor for transactions with a specific party or inquiries regarding a specific item for export, and to seek guidance from a BIS Export Enforcement Field Office before fulfilling such a transaction. There are 13 Office of Export Enforcement Resident and Field Offices located across the United States, in most major cities. We recommend consulting with experienced trade counsel prior to reaching out to BIS. In cases where an organization proceeds with a transaction without investigating and adequately addressing the request in coordination with BIS, the agency will consider this an aggravating factor in any subsequent administrative enforcement action.
- “Red Flag” Letters inform organizations of risks among their customer pool, identifying customer(s) who, per information available to BIS, may have engaged transactions in violation of export controls, involving the same type of item the organization has previously exported to that customer. The principle behind the “Red Flag” Letter is that the customer’s prior unauthorized actions create a higher probability of future violations. As with a “Project Guardian” Request, the recipient of a “Red Flag” Letter should “resolve and overcome” the red flags identified before proceeding with any exports to that customer. Insufficiently investigating and addressing a red flag after receiving a “Red Flag” Letter from BIS and proceeding with the export will be considered an aggravating factor in any subsequent administrative enforcement action.
- “Is Informed” Letters outline supplemental license requirements applicable to specific items going to specific entities or destinations, or pertaining to specific activities of U.S. organizations. The guidance in an “Is Informed” Letter is individualized and specifies the scope of items or activities subject to a license requirement and the relevant license review policy (which may range from a case-by-case evaluation to a presumption of denial). Importantly, a recipient of an “Is Informed” Letter who engages in a transaction covered by the letter without the required agency authorization violates the BIS Export Administration Regulations (EAR).
As noted, these mechanisms stand separate and apart from BIS’s four public screening lists, which we of course continue to recommend that companies screen against prior to making any exports.
Additional Best Practices and BIS Expectations
In addition to information on the above four notice types, BIS’s guidance also highlights a new “recommended best practice” for companies and universities involved with the export, reexport, or transfer (in-country) of Common High Priority List (CHPL) items: screening against the list published by the Trade Integrity Project (TIP), a UK-based open-source resource monitoring military and dual-use trade with Russia. Since Russia’s full-scale invasion of Ukraine in 2022, BIS and other U.S. government agencies have been ratcheting up their enforcement of various controls aimed to stem Russia’s war-waging capacity, and preventing the unlicensed and illegal diversion of EAR-controlled items to Russia is a major agency objective.
This guidance publication also makes clear that BIS uses all information available, including commercially available data sets, industry reports, news reports, and other available open-source information to identify risk. Leveraging such open-source and commercially available trade information is a powerful tool for identifying and mitigating risk, preferably before BIS gets involved, and safeguarding your organization’s supply and distribution chain. Last, BIS-acknowledged reliance on open-source and commercial information to identify potential risk indicates that organizations cannot discount any such information and rely solely on the published lists when evaluating their exports.
When it comes to the EAR and BIS’s ever-evolving compliance standards, Venable’s International Trade Group is available to answer your questions regarding your business’s legal obligations.