Enforcement of US export controls is at an important crossroads, particularly after the Department of Commerce’s Bureau of Industry and Security released guidance and announced a significant settlement this summer.
US export controls, like any regulation of large-scale economic activity, by necessity rely on information self-reported by market participants. Exporters routinely require counterparties, such as customers, distributors, or resellers, to provide information related to an exported item’s destination, end user, and end use, as a necessary first step in determining whether a transaction appears facially compliant.
The effectiveness of such form-based due diligence is limited, however, by the truthfulness and completeness of the data received. Accordingly, form-based diligence programs on their own aren’t sufficient to deter and catch bad actors—especially when there are substantial economic incentives to evade or circumvent the regulations.
Recent media reports have highlighted brazen diversion schemes that illustrate the severe limitations of form-based diligence programs in ensuring compliance with US export controls, specifically those regarding semiconductors and advanced computing.
These reports have included everything from overt, “barely concealed” smuggling networks with characters straight out of central casting (a broker in Singapore known as “Brother Jiang,” for example), to open-air diversion markets in Shenzhen where thousands of chips worth more than $100 million were reportedly purchased in a single transaction. These schemes relied, in part, on misleading actions such as falsely labeling shipments as “tea or toys,” or setting up a fake company (with its own website and email domain).
Yet bad actors’ use of such schemes doesn’t fully insulate participants on the receiving end of these deceptive practices from enforcement risk. US export controls require more of exporters than mere form-based diligence efforts.
Like other regulations of large-scale economic activity, US export controls include several provisions that require deeper, substantive analysis. They include several broad catch-all provisions that require a license for US exports for specific end uses, such as ballistic missiles and unmanned aerial vehicles, or weapons of mass destruction, or end users.
They include restrictions on certain conduct of US persons—regardless if the underlying product or service would itself otherwise be subject to US export controls. They also include a fallback catch-all, General Prohibition 10, which prohibits certain types of involvement—including financing—in transactions with knowledge that a violation of US export controls has occurred or is about to occur.
These catch-all provisions are effective tools for countering form-based abuses because they turn on the “knowledge” of an involved party and aren’t restricted to circumstances where a party knows with absolute certainty that there is or will be illegal diversion. Here is where understanding the full definition of “knowledge” becomes important.
Our experience with white collar corporate enforcement has shown that where awareness—“knowledge”—of certain conduct, circumstances, or results is an element of the offense, narrowly defining or interpreting such “knowledge” as an absolute certainty or “actual” awareness invites abuse through deliberate efforts to create plausible deniability.
This includes what criminologist Edwin Sutherland described as “differential association” by people willing to take comfort, for example, in perceived loopholes or technicalities as a normal, acceptable aspect of getting ahead in business.
US export control regulations accordingly define “knowledge” to include an “awareness of a high probability” of diversion. This isn’t a new development: “Knowledge” has been expressly defined to include this alternative since 1996. This is the same standard that has driven both enforcement and corporate compliance efforts for the past two decades in another context—the Foreign Corrupt Practices Act.
In the FCPA context, the same “high probability” standard has allowed US authorities to punish those who ignore or fail to mitigate the risk that payments to third parties could be used to bribe foreign officials, even when the underlying bribery isn’t a known certainty.
This “high probability” standard also invites companies subject to the FCPA to design and defend methodologies for directing finite compliance resources at the greatest perceived risks, freeing compliance teams from the impossible task of doing maximum due diligence across all third parties.
This enforcement playbook is now being applied to US export controls. On July 10, the Bureau of Industry and Security highlighted the “high probability” standard in guidance for responding to “red flag” letters and other evidence suggesting diversion of goods to prohibited recipients or for prohibited uses.
BIS then applied this standard. It announced on Aug. 15 a $5.8 million settlement with a US company, in which BIS both highlighted the “high probability” standard of knowledge and relied upon the broad catch-all provision requiring a license for the export of any item. This included “EAR99” dual-use items not specifically listed on the Commerce Control List of the Export Administration Regulations—with an awareness of a high probability or actual awareness of end-uses related to UAVs.
This settlement is a clear warning that a dual-use item designated as EAR99 with multiple other benign uses still can fall under many of the catch-all provisions that call for substantive analysis of the risks, especially considering the “high probability” definition of knowledge.
In this context, continued reliance by counterparties on perceived loopholes or technicalities carries increasing enforcement risks for both companies and individuals. It’s time for US manufacturers, design companies, and exporters to design and implement risk-based methodologies for evaluating two important criteria that will drive enforcement risks going forward.
First, are aspects of their current compliance program overly reliant on uncorroborated information provided by others who present a high probability of diversion? And second, how should they triage those risks so that compliance time and resources focus on mitigating or resolving the greatest risks?
The July 10 guidance and Aug. 15 settlement from BIS are stark reminders that export controls elevate substance over form and aren’t mere geopolitical window dressing.
This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law and Bloomberg Tax, or its owners.
Author Information
Michael H. Huneke is partner in the global investigations, enforcement and compliance and sanctions, export controls, and anti-money laundering practice groups at Hughes Hubbard & Reed.
Write for Us: Author Guidelines
To contact the editors responsible for this story:
Learn more about Bloomberg Law or Log In to keep reading:
Learn About Bloomberg Law
AI-powered legal analytics, workflow tools and premium legal & business news.
Already a subscriber?
Log in to keep reading or access research tools.