Trade Compliance Glossary: Terms Every Exporter Needs

Your customs broker just emailed about an ECCN classification conflict with the freight forwarder's HTS determination. Legal wants to know if the end-user triggers EAR99 or needs a BIS license review. And someone in accounting keeps confusing OFAC with OFCCP. Again.

Trade compliance runs on abbreviations that regulators assume you already know. Miss one, confuse an SDN hit with an SSI match, mix up a deemed export with a re-export, and you're looking at anything from a stuck shipment to a seven-figure penalty. OFAC collected over $1.5 billion in settlements through 2025 alone (Treasury.gov).

This glossary covers what compliance officers, freight teams, and executives encounter in daily export operations. Not textbook definitions. Operational ones: what each term actually means when it lands in your workflow on a Tuesday morning and somebody needs an answer before the shipment clears.

Quick Reference:

• OFAC SDN list: over 12,000 entries across 38 sanctions programs as of late 2025 (Treasury.gov)
• BIS Entity List: roughly 800+ entities added in 2025 across multiple Federal Register actions (BIS.gov)
• EU Consolidated List: 11 sanctions regimes running on separate update cycles from OFAC
• Penalties: $356,579 per OFAC violation; up to $250,000 or 2x transaction value per EAR violation (31 CFR 501.701, 15 CFR 764.3)

Sanctions and Screening Terms

OFAC — Office of Foreign Assets Control. The enforcement arm sitting inside the U.S. Treasury Department, responsible for administering economic and trade sanctions. Here's what catches people off guard: OFAC maintains multiple lists, not just the SDN. When somebody says "OFAC screening," they almost always mean SDN screening, which misses the SSI list, the FSE list, the CAPTA list, and a handful of others. That gap has cost companies real money.

SDN List — Specially Designated Nationals and Blocked Persons List. The big one. OFAC's primary sanctions list. Assets of every listed party must be blocked, and U.S. persons cannot transact with them. Full stop. The list updates 3-4 times per week on average, with a well-known Friday afternoon designation pattern that creates weekend screening gaps if you're running batch checks (Treasury.gov, 2025). We've watched compliance teams get burned by this timing repeatedly.

CSL — Consolidated Screening List. A single download maintained by the International Trade Administration that merges 13 separate U.S. government screening lists into one file. Handy as a starting point. But it lags behind individual list updates by 24-72 hours, sometimes longer after a major designation wave. Don't treat it as your sole screening source. A mistake plenty of smaller exporters still make.

SSI List — Sectoral Sanctions Identifications List. OFAC's list covering entities in specific Russian economy sectors: energy, finance, defense. Different from SDN because the restrictions aren't full blocking; they prohibit certain transaction types. The catch? Screening tools configured only for SDN matches blow right past SSI hits. Seen it happen at companies that should have known better.

Sanctions Screening — Checking every counterparty (buyers, suppliers, intermediaries, freight forwarders, even banks) against government watchlists before you transact. The word "every" matters. Real-time screening catches mid-transaction designations. Batch processing, running your list overnight or weekly, creates blind spots that widen every time OFAC drops a Friday afternoon update.

False Positive — A screening hit that looks like a watchlist match but isn't the designated party. OFAC's alias-heavy database throws off roughly 3x more false positives than comparable EU entries. Scale that up to 200 screenings daily and your analyst burns 2-3 hours just investigating hits that turn out to be nothing.

Fuzzy Matching — The algorithm behind spelling-variation detection during screening. Without it, "Mohammed" won't match "Muhammad" and you've got a gap. But the threshold calibration gets tricky: too tight, you miss genuine hits; too loose, your team drowns.

UBO — Ultimate Beneficial Owner. The actual human being who owns or controls 25%+ of an entity (exact threshold shifts by jurisdiction). Since BIS finalized the Affiliate Rule in September 2025, Entity List restrictions extend to any entity 50%+ owned by a listed party, which turned UBO screening from a best practice into a hard operational requirement overnight (Federal Register, September 29, 2025).

PEP — Politically Exposed Person. Public officials, their families, close associates. Technically an AML/KYC concept, but it bleeds into export compliance because PEP status can flag elevated diversion risk on dual-use deals. The crossover trips up teams that keep sanctions screening and AML screening in separate silos.

Designation — When a government formally adds a person, entity, or vessel to a sanctions list. Coordinated U.S.-EU designations tend to sync within 4-24 hours. Independent ones? Fourteen days or more before they surface across jurisdictions. That lag creates real exposure if you only screen one regime.

Export Control Terms

EAR — Export Administration Regulations. The U.S. rules (15 CFR Parts 730-774) governing commercial and dual-use exports, administered by BIS. If your product isn't on the U.S. Munitions List, it almost certainly falls under EAR jurisdiction. And that includes technology transfers and software, not just boxes on pallets.

ITAR — International Traffic in Arms Regulations (22 CFR Parts 120-130). Covers defense articles and services under the State Department's DDTC. Entirely separate classification system (USML), separate licensing process, heavier penalties. Getting the jurisdictional call wrong between EAR and ITAR produced several of the largest export enforcement settlements in recent years, including penalties north of $200M.

BIS — Bureau of Industry and Security, Commerce Department. Administers EAR. Maintains the Entity List, the Unverified List, the Denied Persons List. Also handles deemed export licenses and encryption classification requests. The kind of mundane but critical paperwork that keeps trade moving.

Entity List — BIS's restricted parties list (Supplement No. 4 to Part 744, EAR). BIS published over a dozen Federal Register rules adding entities throughout 2025, covering China, Iran, Turkey, UAE, and others. License required for virtually all EAR-controlled items going to a listed entity, with a presumption of denial on the application.

ECCN — Export Control Classification Number. Five characters, like 3A001 or 5A002, that pin a product to a specific spot on the Commerce Control List. Your ECCN determines which destinations need a license and which exceptions you can use. Manual classification takes 15-45 minutes per SKU if the person doing it actually knows the CCL. Longer if they don't.

EAR99 — The catch-all bucket for items under EAR that don't appear on the Commerce Control List. Most commercial products land here. Generally no license required. But "generally" does a lot of heavy lifting in that sentence: a prohibited end-user, end-use, or destination can still trigger restrictions on EAR99 goods. The number of companies that equate EAR99 with "no controls at all," and pay for that assumption, would surprise you.

CCL — Commerce Control List (Supplement No. 1 to Part 774, EAR). Ten categories numbered 0 through 9, everything from nuclear materials to marine equipment. The structure looks clean on paper. In practice, figuring out which category your product belongs in can burn a whole afternoon.

Dual-Use — Civilian items with military applications. A CNC machine cutting aircraft parts, an encryption chip inside a commercial router, thermal imaging cameras for building inspections that also work perfectly for targeting systems. The EU runs its own dual-use regulation (updated through 2025) with thresholds that don't always match U.S. controls.

Deemed Export — Sharing controlled technology or source code with a foreign national inside the United States. That R&D walkthrough with a visiting engineer from a restricted country? Could constitute an export under EAR even though nothing crossed a border. One of the most misunderstood concepts in the entire compliance space, and one that engineering teams routinely push back on until someone explains the penalty math.

Re-Export — Shipping a U.S.-origin item (or a foreign-made item containing controlled U.S. components) from one foreign country to another. The de minimis rule governs when U.S.-origin content triggers these controls: 25% for most destinations, 0% for certain countries and items.

License Exception — EAR authorization to export without getting a specific license. Common ones: TMP (temporary exports), TSR (technology and software), ENC (encryption). Every exception carries conditions. Misapply one and the penalty exposure matches shipping without a license at all.

End-Use — What the exported item will actually be used for. End-use restrictions can block exports to nuclear, chemical/biological weapons, or missile programs regardless of ECCN classification. An EAR99 item headed for a prohibited end-use still violates the rules. Full stop.

End-User — Whoever ultimately receives and uses the item. Not always the buyer; the buyer may be a distributor or trading company. BIS and OFAC both enforce against exporters who failed to verify the final recipient. "We didn't know" has never been a viable defense.

Diversion — Unauthorized rerouting of exported goods to a different destination, end-user, or end-use than declared. BIS publishes specific red flags (15 CFR Part 732, Supplement No. 3): customers who refuse to identify the end-user, unusual routing through third countries, orders that don't match the buyer's normal business.

Denial Order — A BIS enforcement action that strips export privileges entirely. Getting hit with one cuts a company off from U.S. supply chains. Period.

Tariff and Classification Terms

HS Code — Harmonized System code. The international six-digit product classification maintained by the World Customs Organization (WCO), recognized across 200+ countries. After six digits, each country tacks on its own extensions for duty rate purposes. When a customs broker mentions "HS code" they mean the universal part.

HTS — Harmonized Tariff Schedule. The U.S.-specific version, extended to 8 or 10 digits for duty calculations. Wrong HTS number means wrong duty rate. Overpay and you're hemorrhaging margin; underpay and you're building a customs liability that compounds with every shipment.

Tariff Classification — Assigning the right HS/HTS code to a product. Sounds mechanical until you're classifying a medical device with electronic components and a chemical coating. Does it classify by function? By material? By primary use? The General Rules of Interpretation provide a framework, but experienced classifiers still argue over edge cases.

De Minimis — Two completely different concepts hiding behind the same term. In customs: the threshold below which imported goods skip duties and formal entry. In export controls: the percentage of U.S.-origin content that triggers EAR re-export requirements. Which meaning applies depends entirely on context. The customs de minimis for China shipments was gutted under expanded UFLPA enforcement in 2025. A major operational hit for anyone running e-commerce supply chains through Chinese suppliers.

Section 301 Tariffs — Additional tariffs on Chinese imports under Section 301 of the Trade Act. Covering approximately $370 billion in goods across Lists 1 through 4B, rates from 7.5% to 25%. Modified repeatedly, with further adjustments through 2025 affecting semiconductors, EVs, batteries, and critical minerals.

Section 232 Tariffs — Steel (25%) and aluminum (10%) tariffs imposed on national security grounds. Country-specific exemptions and quota arrangements have been reshuffled multiple times, most recently in early 2025.

Duty Drawback — Refund of duties paid on imported goods that get re-exported. Can recover up to 99% on qualifying transactions. Massively underused by SMB exporters because the administrative overhead historically ate the refund. Newer electronic filing has lowered that barrier, but most mid-market companies still leave money on the table.

Compliance Program Terms

ICP — Internal Compliance Program. Your documented playbook for managing trade compliance. Goes well beyond having a compliance officer on staff: written policies, risk assessments, screening procedures, training logs, audit trails, corrective action records. OFAC's Framework for Compliance Commitments spells out exactly what they want to see, and what they'll look for during an enforcement review.

Voluntary Self-Disclosure (VSD) — Reporting your own violations to the relevant agency before they discover them. Uncomfortable? Yes. But VSD remains the single most effective penalty mitigator available. OFAC's Enforcement Guidelines routinely cut base penalties by half or more for companies that self-report. The math on staying quiet almost never works out.

AES — Automated Export System. Census Bureau's electronic filing system for export shipment data. You need to file Electronic Export Information (EEI) through AES for anything over $2,500 per Schedule B number, or any shipment requiring a license. Late or inaccurate filings generate violations that stack up faster than people expect.

C-TPAT — Customs-Trade Partnership Against Terrorism. Voluntary CBP program that trades supply chain security commitments for expedited border processing. Annual self-assessments plus periodic CBP validation visits. Worth the effort for high-volume importers.

ISF — Importer Security Filing, also called "10+2." Data submission to CBP at least 24 hours before ocean cargo loads at a foreign port. Late filing triggers a $5,000 penalty per occurrence. CBP enforcement on ISF timing tightened considerably through 2025.

Frequently Used in Operational Contexts

Transshipment — Routing goods through a third country before the final destination. Normal in international logistics. Also the number-one method for sanctions evasion and export control circumvention. BIS red flag indicator: goods shipped to a country with no logical need for the product.

Bill of Lading (B/L) — The carrier's transport document confirming cargo receipt. Lists shipper, consignee, routing, and cargo description. Critical detail: the consignee on a B/L isn't necessarily the end-user. For screening purposes, that distinction matters more than most people realize.

Certificate of Origin — Document proving where goods were manufactured. Needed for preferential tariff rates under free trade agreements and for meeting country-specific import requirements.

Force Majeure (compliance context) — In sanctions specifically, force majeure provisions allow wind-down periods when new designations hit mid-contract. OFAC occasionally issues general licenses with 30-45 day windows. Not guaranteed. Check the specific designation notice.

KYC (Know Your Customer) — Due diligence on counterparty identity, business operations, and risk profile. In trade compliance, KYC reaches beyond standard AML checks into sanctions screening, export control restrictions, and end-use/end-user verification.

FAQ

What's the difference between OFAC and BIS?
OFAC at Treasury handles sanctions: who you can and can't deal with. BIS at Commerce handles export controls: what you can and can't ship, and where. Both maintain restricted party lists. Both can fine you. The legal frameworks, penalty calculations, and compliance expectations differ enough that treating them as interchangeable gets companies in trouble.

Do I need to screen against all these lists?
Depends on where you ship and what you sell. A U.S. exporter moving dual-use electronics to 20+ countries should screen OFAC SDN, OFAC non-SDN consolidated, BIS Entity List, BIS Denied Persons, BIS Unverified List, and EU or UK lists if those jurisdictions touch the deal. The CSL bundles 13 U.S. lists into one download, but always lags behind individual source updates.

How often do these lists actually change?
OFAC: roughly 200 updates per year. BIS published over a dozen Entity List additions during 2025 alone. EU Consolidated List follows Council Decisions on irregular schedules. Quarterly screening? Not remotely sufficient.

What happens if I use the wrong ECCN?
Misclassification can mean you shipped without the required license, which becomes a straight EAR violation. Civil penalties reach $250,000 per violation or twice the transaction value. Criminal penalties for willful violations: up to $1 million and 20 years (15 CFR 764.3).

Where can I look up these regulations?
EAR: 15 CFR Parts 730-774 at BIS.gov. OFAC sanctions: Treasury.gov/OFAC. ITAR: 22 CFR Parts 120-130 at DDTC. HTS codes: USITC.gov. EU sanctions: EUR-Lex.europa.eu. Always primary sources. Secondary summaries lag and sometimes get the details wrong.

The terminology keeps expanding. BIS's September 2025 Affiliate Rule alone created new beneficial ownership screening requirements that didn't exist the previous quarter. Lenzo tracks regulatory changes across OFAC, BIS, EU, UK, and UN regimes and flags when a terminology shift carries operational consequences. The kind of quiet update that turns a glossary entry into a compliance gap while nobody's watching.