Publications
Article

Export Controls Are a New National Security Focus — What That Means for Banks

BAI

For years, U.S. authorities have focused on sanctions and anti-money laundering requirements as the main regulatory tools by which to disrupt adversarial countries, terrorist organizations, and other malign actors presenting national security risk, but 2024 will see the ascendancy of export controls, a different tool focused on flow of sensitive goods. This new focus will usher in novel compliance obligations for banks.

Through the issuance of Financial Crimes Enforcement Network (FinCEN) notices focused on export controls, and recently issued sanctions focused on financial institutions that support the supply to Russia of certain equipment, it is clear that U.S. authorities are looking to banks to play an active role in stemming the flow of sensitive technologies around the world.  This enforcement priority will require banks to integrate export controls into their due diligence framework, which will present challenges for banks unused to monitoring in this area.

U.S. Export Controls

The U.S. maintains two sets of export control regulations: the Export Administration Regulations (EAR), which focus on “dual-use” items (i.e., items that can be used for a civilian or military purpose), and the International Traffic in Arms Regulations (ITAR), which focus on defense articles and defense services. EAR, which is administered by the Department of Commerce’s Bureau of Industry and Security (BIS), is the subject of the FinCEN notices.

EAR control the export, re-export and transfer of goods, software and technology that are:

  • in the United States;
  • U.S.-origin, wherever located;
  • non-U.S.-origin, but incorporating more than a “de minimis” level of “controlled” U.S. content; or
  • non-U.S.-origin, but the “direct product” of certain U.S. technology or software.

Any person in the world seeking to export, re-export or transfer an item subject to the EAR may need to obtain an export license from BIS prior to engaging in a transaction, based on the intended destination, end-use and end-user of the item.

Export controls have figured prominently in the U.S. policy response to Russia’s invasion of Ukraine and in the U.S.-China strategic competition, and arguably now are the tip of the spear of U.S. national security policy, particularly regarding emerging technologies.

For example, U.S. export controls restrict the supply to Russia of a range of electronics, industrial equipment, aircraft and aircraft parts, maritime items and luxury goods, among many other items.

Regarding China, U.S. export controls restrict the supply of (among other items) advanced-node semiconductors and high-end semiconductor manufacturing equipment and computing items, as well as transactions involving restricted parties and a large number of military-linked entities involved in China’s “civil-military fusion” program.

The China-related export controls, in particular, are at the heart of the great power competition dominating geopolitics today, setting in motion a “chip war” with far-reaching implications for artificial intelligence development and other emerging technology applications.

The stakes of EAR compliance are high, with violations punishable by civil penalties of up to the greater of about $365,000 (annually adjusted for inflation) or twice the value of the transaction, and criminal penalties of up to $1 million and/or 20 years’ imprisonment.

Notably, this includes penalties not only for the party that engages in the export, re-export, or transfer transaction, but also any individual or entity (“person”) that knowingly provides support (including financing) with respect to an unlawful export or an item already unlawfully exported, as well as persons that aid and abet EAR violations.

What’s more, export control enforcement is now a U.S. government priority, with the U.S. Department of Justice and the U.S. Department of Commerce forming a Disruptive Technology Strike Force to identify and punish violations of export control laws.

Banks’ Compliance Obligations

There are three notable areas of export control-related compliance that are relevant to financial institutions: (1) substantive obligations under export control laws, (2) sanctions directed at foreign financial institutions (FFIs), and (3) FinCEN notices regarding reporting of suspicious transactions involving potential export control violations.

Substantive Export Control Law Requirements

As noted above, a person can face liability under the EAR not only for engaging in an unauthorized export, re-export, or transfer of an item, but also aiding or abetting such activity or providing other types of support.  This gives rise to a significant compliance obligation for banks, which can be penalized for providing financing with respect to an unlawful transaction or related to an item already unlawfully exported.

FFI Sanctions

FFIs can be subject to sanctions imposed by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) for supporting financial transactions contrary to U.S. policy, such as business involving sanctioned countries or persons, an aspect of sanctions law which more recently has focused on exports in support of Russia’s defense industrial base.  Specifically, in December 2023, President Biden issued an executive order authorizing the imposition of sanctions against FFIs conducting or facilitating transactions, inter alia, involving Russia’s military-industrial base, including the supply to Russia (directly or indirectly) of certain listed items.

Concurrently, OFAC issued a determination identifying items triggering sanctions for FFIs, including certain:

  • machine tools and manufacturing equipment;
  • manufacturing materials for semiconductors and related electronics;
  • electronic test equipment;
  • propellants, chemical precursors for propellants, and explosives;
  • lubricants and lubricant additives;
  • bearings;
  • advanced optical systems; and
  • navigation instruments.

Where an FFI engages in the above activity, OFAC is authorized to:

  • Prohibit the opening of U.S. correspondent or payable-through accounts for the FFI or impose “strict conditions” on the maintenance of such accounts; or
  • Block the property and interests in property of the FFI, e., designate the FFI as an SDN, impose an asset freeze, and prohibit U.S. persons from engaging in all transactions and dealings with the FFI.

FinCEN / BIS Joint Notices

FinCEN and BIS have issued three joint notices alerting financial institutions to red flags related to unlawful export transactions and directing them to file suspicious activity reports (SARs) under the Bank Secrecy Act (BSA) if they suspect that a financial transaction relates to such a violation. Specifically, FinCEN has issued the following notices:

  • FIN-2022-Alert003, issued in June 2022, describing export controls applicable to Russia and identifying particularly sensitive items;
  • FIN-2023-Alert004, issued in May 2023, supplementing the prior Russia alert and describing additional export controls imposed on Russia; and
  • FIN-2023-NTC2, issued in November 2023, focusing on export control evasion globally.

All of the notices call on banks to apply a risk-based approach to identify suspicious transactions, consistent with their compliance obligations under the BSA, and identify red flags and evasion typologies. Such red flags include purchases that are consigned to the issuing bank under a letter of credit rather than the end-user, transactions with entities that have little or no online presence, and customers refusing to provide relevant transaction details, among others.

Notably, regarding Russia-related restrictions, FinCEN issued a report in September 2023 indicating that since issuance of the joint notices on Russia, banks had submitted 333 reports detailing nearly $1 billion in suspicious activity.

Key Takeaways for Banks

U.S. authorities continue to ramp up the focus on export controls as a strategic priority for national security, which impacts not only companies engaged in cross-border trade, but financial institutions that support such trade.

As described above, banks can face liability for providing services in support of unlawful exports. Furthermore, FinCEN and BIS have called on financial institutions to file SARs regarding potential export control violations, in accordance with their obligations under the BSA.

This new focus calls for a recalibration of banks’ diligence processes to account for the novel risks presented by export controls, which can be more complex and far-ranging than anti-money laundering and sanctions risks. 

To address this, it would be prudent to take a risk-based approach accounting for relevant export control threat vectors, such as:

  • the nature and sensitivity of the items exported;
  • the industry of the underlying transaction;
  • the involvement of parties restricted under export control lists, such as the BIS Entity List;
  • destination-based risk, e., the involvement of countries known as diversion hubs (e.g., CIS countries acting as a diversion hub for Russia), or countries that are restricted for certain sensitive technology (e.g., China and semiconductors); and
  • the presence of red flags, as identified in the FinCEN / BIS joint notices.

"Export Controls Are a New National Security Focus — What That Means for Banks," by Anthony Rapa was published in BAI on March 19, 2024.