Transshipment & Re-Export Controls: 25 Questions Answered

BIS added 8 physical addresses in China to the entity list in early 2025 (not company names, just street addresses) because so many shell entities at those locations were funneling controlled goods to Russia (BIS Entity List Updates, 2025). That one action told mid-market exporters everything about where transshipment enforcement stands right now. The rules follow the goods. Your liability doesn't stop at the loading dock.

Key Takeaways:

• Maximum civil penalties for BIS re-export violations reached $374,474 per violation as of January 2025, with criminal fines up to $1M and 20 years imprisonment (15 CFR Part 766)
• BIS's September 2025 "Affiliates Rule" extends Entity List restrictions to any entity 50% or more owned by listed parties (90 FR, September 29, 2025)
• UAE, Turkey, Hong Kong, and Central Asian states account for the majority of diversion schemes in DOJ indictments since the Russia sanctions expansion (DOJ Tri-Seal Compliance Note, 2025)
• The Foreign Direct Product Rule now covers 7 distinct scenarios under EAR §734.9, including Russia/Belarus-specific provisions that keep expanding

1. Am I liable if my product gets diverted to an embargoed country after delivery?

Yes — if you had "knowledge" as defined in Part 772 of the EAR. And knowledge here means more than you'd think. It includes actual awareness, high probability, and willful blindness. BIS doesn't ask you to prove you didn't know. They ask you to prove you did the legwork. Ignoring red flags counts as knowledge under §764.2(e), and we've seen compliance teams get burned by assuming "we shipped to a legitimate buyer, so we're covered."

2. What countries are the highest-risk transshipment hubs right now?

UAE, Turkey, Hong Kong, Kazakhstan, Kyrgyzstan, Georgia, as well as Armenia, that's where Russia-related diversion concentrates as of early 2025 (DOJ Tri-Seal Compliance Note). For Iran, UAE and Oman remain primary conduits. BIS added Hong Kong and Turkey addresses directly to the Entity List in 2025, targeting known diversion chokepoints. What catches people off guard: these hubs shift. Enforcement pressure in UAE pushed activity toward Central Asia within months. The game of whack-a-mole hasn't slowed down.

3. How does EAR re-export control work outside the United States?

The EAR reaches items outside the US under three conditions: the item contains more than de minimis US-origin controlled content (generally 25%, or 10% for certain destinations), it was produced using US technology subject to the FDPR, or it was originally exported from the US and remains "subject to the EAR." Re-export means shipping an EAR-controlled item from one foreign country to another. License requirements mirror original export rules, same ECCN, same Country Chart, same end-use restrictions.

4. What tools and databases help track diversion patterns and high-risk routes?

BIS’s Trade Integrity Project (TIP) database, which BIS now explicitly recommends screening against, tracks Common High Priority List items shipped to Russia (BIS Guidance, 2025). C4ADS and RUSI publish open-source research on evasion networks. Import Genius provides bill-of-lading data revealing unusual routing. UN Comtrade data exposes suspicious trade spikes, like Central Asian countries suddenly importing hundreds of millions in US-origin electronics with zero domestic manufacturing capacity for those goods.

5. What's the practical difference between transshipment and diversion?

Transshipment means goods pass through an intermediate country en route to a final destination. Not inherently illegal. Diversion means goods get rerouted to an unauthorized end user, end use, or destination. Industrial controllers transiting Singapore for a Japanese buyer? Transshipment. Those same controllers getting split off in Singapore and forwarded through a Shenzhen front company to a Russian military supplier? Diversion.

6. How do end-use certificates actually prevent diversion?

They don't, by themselves. End-use certificates create a paper trail and shift liability. But BIS has made clear that a certificate alone doesn't satisfy the red flag resolution requirement. We keep seeing exporters treat the signed certificate as a compliance checkbox. It isn't. If your Dubai customer orders 500 oscilloscopes, pays cash, won't disclose the end user, plus asks you not to label the boxes, no certificate fixes that.

7. What are BIS's most common enforcement cases for diversion?

Aircraft parts to Russia through UAE and Turkey shell companies dominated recent BIS enforcement. Temporary Denial Orders hit networks shipping ECCN 9A991.d classified parts through layered intermediaries (BIS Enforcement Actions, 2025). The Seagate case still holds as the largest standalone BIS penalty: $300M for shipping foreign-produced hard drives to Huawei under the FDPR. That one shook compliance teams because the products were classified EAR99, items most exporters assumed were low-risk.

8. How do I spot front companies used for sanctions evasion?

Patterns from real enforcement cases: no signage at the registered address, websites created weeks before the first purchase order, zero employees on LinkedIn despite claiming millions in distribution volume, generic email domains. DOJ indictments describe front companies operating from empty rooms in strip malls. A freshly registered "agricultural equipment" company in Bishkek ordering signal processors should make anyone pause.

9. Does the foreign direct product rule (fdpr) apply to my exports?

The FDPR targets foreign-made items, not your US-origin exports directly. It determines whether goods produced abroad using your technology fall under the EAR. There are now 7 FDPR variants under §734.9: National Security (b), 9×515 (c), 600 Series (d), Entity List Footnote 1 (e), Russia/Belarus (f), Russia/Belarus Military End User (g) and Advanced Computing Footnote 4 provisions. If your products incorporate US-origin technology at any manufacturing stage, at least one variant probably applies.

10. What post-shipment verification obligations do I have?

No explicit statutory obligation exists for routine post-shipment verification by private exporters. However. BIS conducts its own PSV visits through export control officers at U.S. embassies. When a PSV fails, BIS may place that foreign party on the Unverified List. Your obligation kicks in when you receive information suggesting diversion, at that point, §744.6 requires you to stop shipping and address the red flags.

11. How do I handle a customer requesting unusual shipping routes?

Treat routing anomalies as red flags under BIS's Know Your Customer guidance (Supplement No. 1 to Part 732). A German buyer requesting delivery to a Dubai freight forwarder with destination listed as "TBD", textbook red flag. Document the request, ask for a commercial explanation, verify independently. If it doesn't hold up, that's an unresolved red flag, as well as shipping proceeds at your peril.

12. What triggers a BIS re-export license requirement?

Four scenarios: the ECCN/destination combination hits the Commerce Country Chart, the item heads to a party on the Entity List or Denied Persons List, the exporter knows of a prohibited end use, or the FDPR brings the item under EAR jurisdiction. BIS also now requires licenses for re-exports involving SDNs designated under 11 OFAC sanctions programs, converging export controls and sanctions into a single transaction analysis (BIS Final Rule, 2025).

13. How do I monitor where my products end up after initial delivery?

Contractual end-use reporting and audit rights give you legal framework but limited practical reach. Some companies build serial-number tracking into distribution agreements. The honest answer for most mid-market exporters: you can't track every unit post-delivery. For more context, see our guide on Software & Deemed Exports: 25 Compliance Questions Answered. What you can do is watch for anomalies. If your Malaysian distributor ordered 200 units, sold 50 domestically, plus trade data shows 150 shipped to China, start asking questions.

14. What role do freight forwarders play in transshipment schemes?

Freight forwarders appear in nearly every diversion prosecution we've tracked. BIS Best Practice No. 2 states explicitly that exporters should work only with forwarders maintaining compliance programs. In multiple enforcement cases, networks used several forwarders across jurisdictions to obscure Russian destinations for US-origin aircraft parts. Your forwarder's compliance failures become your problem when enforcement comes knocking.

15. How do I assess transshipment risk for specific trade lanes?

Cross-reference three data points: destination country diversion history (BIS enforcement actions, DOJ indictments), product sensitivity (CHPL items carry higher diversion rates) and buyer profile (years in business, order consistency, stated end use). BIS sent red flag letters to 20 US manufacturers informing them their products turned up in Russian weapons found in Ukraine (BIS Enforcement, 2025). That tells you which lanes draw scrutiny.

16. What's the difference between re-export and transfer (in-country)?

Re-export: an EAR-controlled item moves between foreign countries. Transfer (in-country): the item changes end users within the same country. Both require independent license analysis. Example: a German distributor sells controlled test equipment to a Munich electronics firm That firm sells it to a Shenzhen entity's German subsidiary. The second transaction constitutes a transfer requiring its own compliance review.

17. How has russia sanctions enforcement changed transshipment patterns?

Dramatically. Before the Russia sanctions expansion, most diversion ran through established EU trading channels. Since then, flows shifted through UAE, Turkey, Kazakhstan, Armenia, as well as Georgia. Commerce Secretary Lutnick signaled at the March 2025 BIS Update Conference a "dramatic increase" in enforcement targeting diversion through China, Hong Kong, plus Central Asian corridors (Gibson Dunn BIS Conference Summary, 2025). Enforcement pressure on one hub pushes activity to the next within months.

18. What due diligence do I owe on intermediate consignees?

Same standard as ultimate consignees. Screen against the Consolidated Screening List, verify legitimacy, confirm commercial logic. Under the September 2025 Affiliates Rule, you also need to determine whether intermediaries are 50% or more owned by Entity List parties, ownership analysis beyond basic screening (90 FR, September 29, 2025).

19. Can I contractually prohibit re-export and call it done?

No. We hear this question constantly. Contractual prohibitions constitute one element of a compliance program, not the whole thing BIS 2025 guidance recommended "No re-export to Russia/Belarus" clauses modeled on EU practice, but characterized this as one component among many. A contract clause won't protect you if you shipped oscilloscopes to a Kyrgyz company ordering quantities far exceeding domestic demand and refusing to name the final buyer.

20. What are the penalties specifically for re-export violations?

Civil penalties: $374,474 per violation (15 CFR Part 766, January 2025). Criminal: up to $1M per violation and 20 years. For FDPR violations, the Seagate precedent set $300M. BIS revised penalty guidelines, removing the base monetary cap and eliminating the option to offset penalties with compliance spending (BIS Penalty Guidelines), Supplement No. 1 to Part 766). Voluntary self-disclosure still helps, but the discount got smaller.

21. How do free trade zones (ftzs) factor into transshipment risk?

FTZs in UAE (Jebel Ali), Hong Kong, Singapore and Panama provide reduced customs oversight that diversion networks exploit. Goods entering FTZs get relabeled, repackaged, as well as re-exported with minimal inspection. Multiple DOJ indictments reference Jebel Ali as a staging ground for controlled goods headed to Iran. If your buyer's delivery address sits inside an FTZ, apply heightened scrutiny.

22. What are the red flags in shipping documentation that suggest diversion?

Mismatched end users between purchase orders and shipping docs. Payment from a third-party entity in a different country. Routing through known transshipment hubs without commercial justification. Vague end-use statements. Cash payment for high-value technical equipment. Buyer resistance to disclosing delivery addresses Freight forwarder listed as ultimate consignee. Recently changed company name at the same address as a denied party. One red flag might have an innocent explanation. Three together almost never do.

23. How do I handle transshipment risk when selling through distributors?

Require distributors to maintain their own compliance programs, provide end-user data for controlled items, plus accept audit rights. Monitor order patterns for anomalies, sudden volume spikes, unfamiliar geographies, products mismatched with the distributor's stated customer base. BIS red flag letters sent to manufacturers in recent enforcement rounds identified specific distributor customers whose products ended up in Russian military equipment (BIS Enforcement, 2025). If your distributor refuses to share end-user information for controlled items, that refusal itself qualifies as a red flag under BIS guidance.

24. What's BIS's "know your customer" guidance for re-export scenarios?

Supplement No. 1 to Part 732 of the EAR outlines the framework: evaluate customer identity, product capability in context of stated end use, destination and red flag presence. BIS notification guidance expanded obligations for companies receiving "supplier list" letters, "red flag" letters, Project Guardian requests, or "is informed" letters (BIS Guidance, 2025). Failure to act on a BIS notification counts as an aggravating factor in enforcement.

25. How do multilateral export controls affect re-export obligations?

Wassenaar Arrangement, Nuclear Suppliers Group, Australia Group, as well as MTCR establish baseline controls, but member states implement them with different thresholds and licensing policies. A product freely exportable from Germany to UAE under EU dual-use regulation might still require a BIS license for re-export under the EAR. Platforms aggregating multi-jurisdictional controls (Descartes, SAP GTS, Lenzo) reduce the data reconstruction work, but each re-export transaction still demands independent analysis under every applicable regime.

Transshipment enforcement got measurably harder in 2025. BIS's Affiliates Rule, expanded FDPR variants, plus address-based Entity List designations all point in the same direction: regulators expect exporters to know more about where goods end up, not less. Screening tools like Lenzo trade compliance platform, Descartes and SAP GTS consolidate multi-list checks and flag routing anomalies, but no platform replaces the human judgment call when a buyer in Bishkek orders 500 signal processors and can't explain why.