Trade Compliance
Guides & Insights

End-user certificates document stated intent; they don't verify actual end-use or end-user legitimacy. BIS enforcement actions increasingly cite inadequate end-user verification as an aggravating factor — even when exporters had signed certificates on file.

OFAC examined audit trail quality in 89% of enforcement actions settled in 2025. The screening result matters less than your ability to prove what you screened, when you screened it, and what you did with the results. Companies with solid screening programs face six-figure penalties because their audit trail had gaps. The screening happened. The documentation didn't.

BIS issued 89 warning letters in 2025, up 34% from the prior year. A warning letter isn't a fine—not yet. But how you respond over the next 30–60 days determines whether this becomes a closed file or the opening chapter of a formal enforcement case.

A German subsidiary of a US aerospace company shipped controlled components to a UAE distributor in March 2023. The components never touched US soil. Manufacturing happened in Munich, shipping originated from Frankfurt. Eight months later, BIS issued a $3.2 million penalty — against the US parent in Texas.

BIS issued 47 enforcement actions involving software and technology exports in 2025, with penalties averaging $2.3M per case. Most involved companies that genuinely had no idea their cloud platform counted as an "export" under EAR. We keep running into this assumption—that SaaS somehow exists outside export control jurisdiction. It doesn't. And learning that lesson from BIS costs seven figures.

BIS issued 190 administrative enforcement cases in fiscal year 2024, with civil penalties totaling $34.6 million. Roughly 40% of those cases cited inadequate export compliance programs — specifically, failures in the exact responsibilities BIS expects an Export Compliance Officer to handle.

OFAC and BIS have issued 52 joint alerts since February 2022 identifying documentation patterns tied to Russia sanctions evasion. 78% of Russia-related OFAC enforcement actions in 2025 cited documentation red flags rather than direct SDN matches.

BIS added 743 semiconductor-related entities to the Entity List between January 2023 and December 2024. Only 287 targeted China. The remaining 456 additions across Russia, Iran, Belarus, UAE, Malaysia, and other jurisdictions blindside most mid-market exporters who built compliance programs around the October 2022 China rules.

India's Strategic Trade Authorization (STA-1) status was supposed to simplify everything. Eight years later, our compliance team still fields calls from exporters who assumed "STA country" meant "license-free shipping." It doesn't. Of the 2,847 ECCN entries on the Commerce Control List, roughly 40% still require individual licenses for India depending on end-use, end-user, and specific technical parameters.