At the heart of the BIS guidance lies the application of General Prohibition 10 (“GP 10”) under the EAR. This provision is critical for financial institutions because it prohibits any party—regardless of their location—from supporting or facilitating transactions involving items subject to the EAR if there is knowledge that a violation has occurred, is occurring, or is intended to occur. The concept of “knowledge” is construed broadly, encompassing both actual knowledge and instances where a party has reason to know of a violation based on the circumstances. Financial institutions, therefore, cannot claim ignorance where red flags are present or where there is a high probability that a violation is taking place. This principle of “willful blindness” ensures that institutions are held accountable for failing to recognize the risks associated with certain transactions.

Broadly speaking, the EAR regulates the export, reexport, and transfer of dual-use items—those with both commercial and military applications—as well as certain military-specific goods. These regulations cover not only physical goods within U.S. territory but also U.S.-origin items located abroad, foreign-manufactured products that contain U.S.-origin controlled content above a specified threshold, and items produced using U.S.-origin technology. The guidance makes clear that financial institutions must understand the implications of these rules even when they are not directly involved in the physical movement of goods. Financing and servicing transactions that involve such items, knowingly or otherwise, can expose institutions to significant regulatory liability.

BIS’s latest guidance highlights the need for financial institutions to embed EAR-related due diligence into their broader compliance frameworks. This is not a matter of conducting a one-time check during the initial onboarding of a client; rather, it requires ongoing scrutiny throughout the business relationship. BIS stresses that financial institutions must screen clients against the various restricted-party lists that it maintains, including the Denied Persons List, the Entity List, and the Military End-User List. Each of these lists identifies individuals or entities subject to specific restrictions or prohibitions on exports. Transactions involving parties on these lists can require licenses or may be entirely prohibited, depending on the nature of the transaction. Failure to account for these restrictions can result in violations of U.S. law, with severe legal and financial consequences for the financial institution.

Significantly, however, the guidance goes beyond mere screening, urging financial institutions to engage in a deeper examination of their clients’ activities and relationships. For instance, BIS recommends that financial institutions evaluate their clients’ involvement with items listed on the Commerce Control List (“CCL”). The CCL contains a specific enumeration of goods, software, and technology that are subject to higher levels of control due to their potential use in military or strategic applications. Clients involved in the export or transfer of these goods may be subject to heightened compliance requirements, and financial institutions must ensure that they are not inadvertently facilitating the export of such items to prohibited destinations or end-users.

BIS also underscores the importance of ongoing transaction monitoring. While the agency acknowledges that real-time screening of every transaction is impractical, financial institutions must nevertheless remain vigilant for red flags that could indicate a potential violation of the EAR. Red flags can include discrepancies in transaction details, unusual shipping routes, or the involvement of parties located in high-risk jurisdictions such as Russia, Belarus, or countries associated with military end-use concerns. BIS advises that when a financial institution identifies a red flag, it must investigate the matter thoroughly and take appropriate action, which may involve declining the transaction, obtaining additional documentation, or in extreme cases, terminating the client relationship.

Moreover, the guidance highlights the importance of financial institutions filing Suspicious Activity Reports (“SARs”) with the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”). BIS and FinCEN have jointly issued several alerts in recent years aimed at helping financial institutions identify red flags associated with the evasion of U.S. export controls, particularly in relation to Russia and Belarus. When a financial institution detects activity that may involve a violation of the EAR, it is required to file a SAR with FinCEN, providing detailed information about the parties involved and the nature of the suspicious activity. This reporting mechanism is essential for U.S. authorities to investigate and address potential violations and ensures that financial institutions are taking proactive steps to mitigate their risk.

BIS’s guidance goes even further by addressing the issue of “post-transaction knowledge.” Financial institutions may not always have complete information about a transaction at the time it is processed. However, if information comes to light after a transaction has occurred that suggests a violation of the EAR, the financial institution is considered to have acquired “knowledge” for the purposes of GP 10. In such cases, BIS expects financial institutions to take corrective action before processing any further transactions involving the same parties or goods. This could include enhanced due diligence measures, the implementation of additional compliance controls, or the cessation of business relationships that pose an unacceptable risk of future violations.

Finally, the guidance touches on the relevance of voluntary self-disclosures to financial institutions encountering potential violations of the EAR. Financial institutions that identify such violations within their own operational activities are strongly encouraged to submit a Voluntary Self-Disclosure (“VSD”) to BIS. While the submission of a VSD does not automatically absolve a financial institution of liability, it is considered a mitigating factor in any enforcement action. BIS takes a favorable view of institutions that proactively report and address compliance issues, particularly when those disclosures are timely and complete. Financial institutions that choose not to disclose violations, or that fail to take appropriate action to address known risks, face the prospect of significant penalties, including monetary fines and reputational damage.

BIS recognizes that the landscape of export control compliance is complex and continually evolving. The agency’s latest guidance reflects a growing expectation that financial institutions adopt a proactive and dynamic approach to compliance, ensuring that their risk management systems are robust, flexible, and capable of adapting to changing regulatory requirements. This includes staying abreast of updates to restricted-party lists, red flag indicators, and new developments in global trade data. Financial institutions must also be prepared to engage with their clients on compliance issues, obtaining certifications or other documentation where necessary to ensure that transactions comply with the EAR.