LenzoBlogBuilding a Defense Against Transshipment and Diversion Risks
Last updated:
December 15, 2025

Building a Defense Against Transshipment and Diversion Risks

Lenzo Compliance Team
Re-Export Controls
Export Compliance
Restricted Party Screening
Export Documentation
Sanctions Compliance

BIS imposed $47M in civil penalties for diversion-related export compliance violations in 2025 (BIS.doc.gov). Enforcement heading into 2026 treats transshipment through UAE, Turkey, and Malaysia as a primary target. For SMB exporters running 30–200 shipments monthly, the operational question isn't whether diversion screening matters. It's which red flags predict regulatory action and which ones waste your team's time.

Key Takeaways

  • BIS identified 23 "countries of diversion concern" in 2025 guidance; UAE, Turkey, and Kazakhstan appeared in 67% of enforcement citations (BIS.doc.gov)
  • Red flag screening adds 15–40 minutes per complex shipment manually; automation cuts this to under 2 minutes
  • End-use documentation errors appear in 78% of denial order summaries from January–November 2025 (Federal Register analysis)

What triggers liability under export control rules

Transshipment routes goods through an intermediate country before final destination. Diversion means goods reach an unauthorized destination or end-user. Liability under EAR §764.2 attaches when an exporter "knew or had reason to know" diversion would occur (15 CFR 764.2).

The "reason to know" standard creates the problem. BIS doesn't need proof of intent. Red flags existed, you missed them—that's enough. The December 2024 Seagate settlement ($300M for shipping drives to Huawei through intermediaries) established that screening failures at volume trigger maximum penalties.

This hits SMB exporters asymmetrically. The math is brutal for smaller companies.

Red flags that actually predict enforcement

BIS published "Know Your Customer" guidance in 1996, updated June 2024. The indicators haven't changed much. Enforcement intensity around specific patterns has.

Three categories trigger immediate scrutiny in 2026 enforcement:

Geographic mismatches. Customer in Germany, delivery to Dubai free trade zone, ultimate consignee in a country with no demand for your product. This pattern appeared in 41 of 63 BIS enforcement actions in 2025.

Payment anomalies. Third-party payment from a jurisdiction unrelated to buyer or destination. Letters of credit routed through Hong Kong for Central Asia shipments. Crypto payments for dual-use items.

Customer behavior. Declining installation or training. Unfamiliar with product specs. Vague on end-use. Paying premium without negotiation.

Catching these in isolation is easy. Catching combinations across shipment data you don't review together—that's where teams fail. One Dubai delivery is normal. Fifteen Dubai deliveries from the same intermediary to different end-users over six months? That's a pattern your restricted party screening probably misses because it operates shipment-by-shipment.

The intermediaries know this too. The sophisticated ones rotate company names every 8–12 months.

Documentation failures that show up in enforcement

Screening records alone don't survive audits. "We ran it through compliance" means nothing to BIS investigators reviewing your files two years later. Not useful as evidence. Documentation that protects you requires contemporaneous proof that screening informed the shipping decision.

Three documentation failures appear repeatedly in enforcement actions:

End-user statements that specify the intermediate consignee instead of actual final destination. Generic statements like "general industrial use" fail under current standards. The document needs to state where the product physically goes and what it does there.

Intermediate consignee "verification" consisting of a Google search showing the company exists. Due diligence screening means evidence of prior transactions, verifying business licenses, and you need to get trade references. A website doesn't establish legitimacy.

Red flag resolution memos created after an inquiry arrives instead of before shipment. The resolution memo documents what triggered review, what steps you took, why you proceeded or terminated. Create it before the goods move or it doesn't count.

Most SMB export compliance programs fail here. They screen. They clear shipments. They don't create paper trails showing the screening informed decisions.

Detection that scales past 50 monthly shipments

Manual transshipment screening breaks at volume. Around 50 shipments monthly, per-shipment time becomes unsustainable. Teams start cutting corners when the screening hits pile up. Corner-cutting is exactly what enforcement actions target.

Scalable detection requires three layers:

Automated restricted party screening. Every shipment screens against OFAC SDN, Entity List, country controls before release. Catches obvious blocks. Misses pattern-based diversion indicators. One edge case worth noting: Hong Kong entities don't trigger China destination flags in most screening tools, but post-2024 BIS guidance treats certain Hong Kong transshipments as China-adjacent for licensing purposes. Your screening tool probably doesn't know this.

Transaction pattern analysis. Aggregate shipment data to flag customers with unusual destination patterns, product mix inconsistencies, payment routing anomalies. Requires either periodic manual review or automated flagging against defined parameters.

Escalation protocols. Clear criteria for senior review, additional documentation, or termination. Without thresholds, every marginal case consumes management time. With thresholds, teams know when to escalate.

Descartes Visual Compliance handles the denied party piece well, though their diversion pattern detection is weaker than their core screening. SAP GTS covers more ground but implementation takes 4–6 months minimum. Lenzo sits in the middle for SMB workflows—the screening hit tells you one transaction has issues, the historical view tells you whether the customer's overall behavior suggests systematic diversion.

Where SMB programs fall short: screening at shipment level without aggregating customer behavior over time. Individual transaction looks clean. Customer portfolio shows diversion indicators across twelve months. This gap is where 2026 enforcement will hit hardest.

FAQ

What's the penalty exposure for transshipment violations?

Civil penalties under EAR reach $364,992 per violation or twice transaction value, whichever is greater (15 CFR 764.3). Criminal penalties for willful violations include up to $1M and 20 years imprisonment. BIS 2025 settlements averaged $2.8M for diversion violations involving SMB exporters.

Do I need to verify every intermediate consignee?

Verification depth depends on risk indicators. For shipments to countries of diversion concern involving controlled items (ECCN other than EAR99), independent verification is expected. For EAR99 items to low-risk destinations, standard due diligence suffices.

How far back should transshipment documentation be retained?

EAR requires 5-year retention from export date (15 CFR 762.6). Practically, retain longer for industries with extended enforcement timelines—aerospace, semiconductors, and telecom see investigations spanning 7–10 years.

Sources

More to explore

View all
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

Trade Compliance FAQ: 25 Questions Every SMB Exporter Gets Wrong

OFAC's maximum civil penalty hit $377,700 per violation in January 2025. BIS bumped its ECRA penalty cap to $374,474 the same month. The questions compliance teams ask haven't changed much over the years. They've just gotten a lot more expensive to answer wrong.
Last updated:
November 27, 2025
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

Trade Compliance Glossary: Terms Every Exporter Needs

Your customs broker just emailed about an ECCN classification conflict with the freight forwarder's HTS determination. Legal wants to know if the end-user triggers EAR99 or needs a BIS license review. And someone in accounting keeps confusing OFAC with OFCCP. Again.
Last updated:
November 28, 2025
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

Best Trade Compliance Software for SMB Exporters (2026)

OFAC civil penalties blew past $254M by mid-2025. BIS piled on with over 170 Entity List additions across 6 separate rulings between January and October. And the part that keeps compliance teams awake: none of those penalties landed because someone forgot to screen a counterparty.
Last updated:
February 12, 2026
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

License Exception Eligibility: Quick Reference

BIS published 2,847 updates to the Export Administration Regulations in 2025. Seventeen directly affected license exception eligibility for at least one ECCN category. For compliance teams processing 50–200 shipments monthly, tracking which exceptions apply to which items has turned into a puzzle that resets every few weeks.
Last updated:
February 11, 2026
TOOLS
Tariff CalculatorCompliance ServiceCanada TariffsHS CodeUS Tariffs on ChinaOFAC SearchMexico TariffsHSN Code List
Legal
Acceptable Use PolicyAI Data Usage PolicyBilling & Refund PolicyCookies PolicyData Processing AddendumPrivacy PolicyTerms of Service
Lenzo - Trade Compliance © 2026 All rights reserved
Secure read-only integrations
AES-256 encrypted data
OAuth 2.0 access