Intensifying Focus on Export Control Compliance by Banks

Actions Financial Institutions Can Take to Achieve Compliance

📅 April 16, 2025

The U.S. Commerce Department’s Bureau of Industry and Security (BIS) has intensified its focus on the responsibility of financial institutions not to finance trade that violates the Export Administration Regulations. Most notably, in October of last year, BIS issued detailed New Guidance for financial institutions.

Export controls also continue to be a priority for the new administration: on January 20, 2025, the President issued the America First Trade Policy highlighting the need to “maintain, obtain, and enhance” the United States’ technological edge by making recommendations on the export controls policies, practices, and enforcement mechanisms.

What does this signal for banks and export controls in 2025?

2025: Enforcement Action Against a Bank?

With BIS’ intensifying focus on financial institutions, we may see the first enforcement action against a bank. If this occurs, what are the indicators of what BIS may target first?

U.S. financial institution: While BIS has jurisdiction beyond the United States, it may decide to avoid jurisdictional complexity by taking action against a U.S. financial institution, where jurisdiction is well-established and less likely to be challenged.
On the “Entity List”: Several recent enforcement actions for sectors other than banking have highlighted that trades were with or ultimately destined for entities on the BIS Entity List. Against this backdrop, and taking into consideration that screening against the Entity List was specifically mentioned in the New Guidance to Financial Institutions, the first enforcement actions may focus on financing trade involving entities on the Entity List. These provide the most clear evidence that due diligence and screening were insufficient to meet BIS’ expectations.
Institutions with weak counter illicit finance controls: Export controls represent only one type of illicit activity that financial institutions must guard against. An institution with weak AML/CFT or sanctions controls is less likely to have adequate controls in place to detect and prevent export control evasion. These institutions are more likely be non-compliant and are therefore more likely to be subject to enforcement action.

What is the BIS Entity List?

The BIS Entity List specifies foreign entities and individuals prohibited from receiving some or all items subject to the Export Administration Regulations. Entities and individuals are added to the list due to the increased risk of diversion of items to weapons of mass destruction (WMD) programs, sanctioned activities, or actions contrary to U.S. national security or foreign policy.

The Entity List is different from OFAC’s Specially Designated Nationals and Blocked Persons (SDN) list, which is used to administer economic sanctions. The individuals and entities on the BIS Entity List are subject to specific license requirements for the export, reexport, or transfer of specified items, whereas the persons on the SDN List are subject to asset freezes.

The Backstory: How did we get here?

Let’s step through some of the key points on the timeline of BIS’s directions for financial institutions and then consider the implications for financial institutions.

June 2022: FinCEN and BIS Joint Alert 003 on Increased Vigilance for Potential Russian and Belarusian Export Control Evasion Attempts

On June 28, 2022, a joint alert was issued by FinCEN and BIS. The alert was issued in response to Russia’s further invasion of Ukraine and the export controls imposed to restrict its access to “specific technologies and other items it needs to sustain its military activity”.

The alert contained:

A list of commodities of concern
Detail on how financial institutions might have visibility of export-related financial activity
Red flags for export control evasion

March 2023 Tri-Seal on “Cracking Down on Third-Party Intermediaries Used to Evade Russia-Related Sanctions and Export Controls”

On March 2, 2023, a Joint Compliance Note was issued by the Department of Commerce, Department of the Treasury, and Department of Justice. The note focused on the use of third-party intermediaries and transshipment points to obscure the involvement of Russian end users.

The note contained:

Red flags to detect sanctions and export control evasion
Examples of civil enforcement actions and designations
Examples of criminal enforcement actions

May 2023: FinCEN and BIS Joint Alert 004 Supplemental Alert

On May 19, 2023 a Supplemental Alert was issued to add to and extend the guidance from June 2022 and to “urge continued vigilance for potential Russian export control evasion attempts.”

The alert contained:

Examples of enforcement actions
Updates on export control restrictions imposed since the June 2022 alert
A reference to the March 2023 Tri-Seal Note and a summary of its content
A list of high priority items
Risk factors and red flags

November 2023: FinCEN and BIS Alert NTC2 on Red Flags Relating to Global Evasion of U.S. Export Controls

On November 6, 2023, another joint alert was issued by FinCEN and BIS, adding and updating their earlier alerts. This alert contained:

A reminder on how financial institutions might have visibility of export-related financial activity
Additional red flags
Announcement of the creation of the Disruptive Technology Strike Force, which was established to protect U.S. advanced technologies from illegal use and acquisition
A reminder of bank’s reporting obligations, such as filing Suspicious Activity Reports (SARs) or Suspicious Transaction Reports (STRs)

February 2024: Common High Priority List

On February 23, 2024, BIS issued the Common High Priority List. This was developed jointly with the European Union, Japan, and the United Kingdom. The list specifies items at heightened risk of diversion to Russia because of their importance to Russia’s war efforts. The list has been updated several times since.

October 2024: New Guidance to Financial Institutions on Best Practices for Compliance with the Export Administration Regulations

On October 9, 2024, BIS issued new guidance for financial institutions. This represents the most extensive and focused guidance yet for financial institutions. The guidance includes:

Detail on the Export Administration Regulations (EAR), BIS’ jurisdiction, and the regulatory responsibilities of financial institutions.
A list of four “critical red flags” which BIS considers could constitute “knowledge” of a violation sufficient to contravene the EAR
Prescriptive descriptions of the controls banks should have in place to identify export control evasions including due diligence, ongoing transaction reviews, and real-time screening including against the BIS Entity List

What action can Chief Compliance Officers take?

An export control compliance program should not require a financial institution to build a new framework from the start. However, it would be prudent to take a structured approach to the requirements articulated by BIS and FinCEN to minimize risks of non-compliance.

As part of an institution’s compliance program, a Chief Compliance Officer should:

Evaluate the BIS New Guidance to Financial Institutions as well as other guidance and alerts already issued
Identify the export control risks specific to their financial institution taking into consideration geographies, clients, products/services, and channels
Identify the controls required to manage these export control financing risks. Not all the required controls will be new. Some may be adaptations of existing controls and processes since the typologies used by illicit procurement networks are also used for other financial crimes. For example, financial institutions should already have a process to evaluate and implement red flags and to identify shell companies, which may be used in AML/CFT and sanctions evasion, as well as export control violations.
Provide training on export controls to equip staff to identify export control specific risks and red flags. For example, staff undertaking client due diligence may be familiar with AML/CFT, and proliferation financing red flags but may need training on indicators of export control violations.
Establish and document a roadmap for control enhancement. Where controls are still work-in-progress, a roadmap should be documented and the required implementation actions should be tracked to completion.
Ensure senior management has visibility and signs off on current controls, future controls, risk, and mitigations. Export-related risks should be documented in the organization’s risk register, in the same way as AML/CFT, sanctions evasion, and other illicit finance risks.
Monitor for regulatory changes, guidance, enforcement actions, emerging typologies and red flags to identify where the export control compliance program may need further enhancement or adaptation.
Perform ongoing evaluation of the effectiveness of the export control compliance program and remediate as necessary.

Author

Catherine Woods is an Associate Managing Director at the Institute for Financial Integrity where she leads content development on emerging technologies, export controls, and other counter-illicit finance domains. For more information about our courses and services, please contact info@finintegrity.org.

Want to learn more about strategic trade controls?

Our course Foundations of Strategic Trade Controls offers a comprehensive overview of how to understand and apply strategic trade control requirements, with a particular focus on those applicable to financial institutions.

Learn more and strengthen your compliance skills today.

Recommended Blogs

AI vs. Human Judgment

April 9, 2025

AI is helping financial institutions stay on top of their game while making processes faster and more efficient. But with recent advancements, one question keeps coming up: Will AI replace compliance professionals? In this article, we explore where AI excels versus human judgment.

Syndicates of Terror

April 4, 2025

Eight Latin American drug cartels were recently designated by the United States as Foreign Terrorist Organizations and Specially Designated Global Terrorists. The U.S. designation enhances compliance risks for financial institutions and other companies transacting in Latin America.

Export Controls, Ethics & Human Rights in Global Trade

April 1, 2025

International trade is vital for economic growth and global relations, but it involves complex ethical and legal issues, especially regarding human rights. Explore dual use goods, human rights considerations, international regulatory frameworks, and actions for businesses further in this article.

Advancement in Digital Asset Markets

March 24, 2025

Review policies and regulation on crypto in the U.S., UK, EU, and globally, how this influences adoption, and measures to capitalize on rewards while managing illicit finance risks.

False Flags, Fake Docs, and Fraudulent Routes

March 19, 2025

Russia continues to evade the $60 per-barrel price cap on its seaborne oil shipments. What can financial institutions engaged in documentary trade in the energy sector and other industry stakeholders do to mitigate their risks?

Untangling the Threads of Global Economic Tools

March 13, 2025

Ever wonder how export controls, sanctions, and proliferation finance differ—and why it matters? This article breaks down these essential tools, explains their unique purposes, and highlights how they often overlap in the real world.

Navigating the Convergence of Sanctions & AML Regimes

March 11, 2025

In our recent webinar, the director of compliance and enforcement at OFAC and three financial integrity industry leaders discussed the importance of breaking down silos and shared other advice for AML/CFT and sanctions professionals.

Interlocking Action

February 27, 2025

Transnational crime requires a coordinated response. Examine the characteristics of transnational crime, breakdowns in internal cooperation within financial institutions that resulted in enforcement action, and the actions Chief Compliance Officers must take to ensure an effective and coordinated response within their institution.

Lighting Up the Darknet

February 20, 2025

The validity of blockchain analytics technology was assessed in the Bitcoin Fog money laundering trial. What lessons does the Court’s reasoning have for Chief Compliance Officer using blockchain analytics and other decision support technologies?