US authorities have signalled they will take enforcement action against banks that violate the country’s far-reaching export control regulations, while providing guidance for the first time on how to comply with the rules.

The Bureau of Industry Security (BIS), which enforces the US export control regime, has previously marshalled banks to help detect potential violations by their clients, but the latest guidance indicates financial institutions will be held responsible if they have knowledge of violations, or even likely violations, and fail to prevent or report them.

The latest guidance “appears to mark the first time that BIS has formally indicated that US and non-US financial institutions could be the subject of enforcement actions… for violating the export control regulations directly,” law firm Paul Weiss says.

Export controls cover a wide range of goods which have both military and commercial uses. The US, European Union and their allies have sharpened their scrutiny of potential violations since Russia’s 2022 invasion of Ukraine set off an effort to prevent Western-made technology and goods contributing to Moscow’s war effort.

US regulations covering export controls include a section known as “general prohibition 10” which includes a ban on financing the export of relevant items “with knowledge that a violation has occurred or is about to occur”.

While the law is long-standing, no enforcement action against a financial institution under the rule has ever been publicly disclosed, and BIS criminal or administrative investigations usually target exporters.

With BIS now providing detailed guidance on how to comply with the prohibition order, experts say it is a signal that banks may become targets for investigators, rather than merely sources of information in probes targeting exporters.

“I think it’s sending a signal that… there could be enforcement actions where [BIS] do look at what the bank knew and what did they did, to try to then hammer them in enforcement proceeding as well,” says Thomas Andrukonis, who spent more than four decades at BIS and is now chief operating officer at ECS Advisors.

Penalties for violating the US rules, the Export Administration Regulations (EARs), can be up to US$300,000 per violation or twice the value of the transaction. The BIS can also seek criminal penalties against individuals, which include terms of up to 20 years’ imprisonment and a maximum US$1mn fine.

Like many other US sanctions regimes, authorities are empowered to take action against overseas banks too.

“The expanded responsibilities of [financial institutions] outlined in BIS’s new guidance create a new risk vector for many banks,” say Reid Whitten and Jordan Mallory, attorneys for US law firm Sheppard Mullin in note on the guidance.

The EARs also encompass many products manufactured outside the US, because they apply to goods that include US-origin “controlled content” or are made overseas “using controlled US software, technology or tools”, according to the BIS guidance.

“Nearly all foreign-produced microelectronics and integrated circuits” are also subject to the rules when destined for Russia or Belarus, or to associated military end users or procurement entities.

The BIS guidance says banks should screen customers – and customers’ customers “where appropriate” – against lists of companies that have shipped high-priority dual use goods to Russia since 2023, recommending data from commercial providers or the Trade Integrity Project.

BIS emphasises it does not expect banks to screen the details of transactions in real time to prevent violations of the general prohibition, but it recommends real-time screening against several blacklists maintained by the organisation.

While most banks have developed extensive processes for complying with general economic sanctions, many have struggled to grapple with the greater technical knowledge that some say EAR compliance demands.

“We keep asking banks now to look at the description of the goods and find out if they’re breaching export controls, if they are controlled technologies,” Alberto Almaraz, a trade compliance specialist, tells GTR.

“It feels like the regulatory landscape is moving in the direction of saying banks need to be in charge of this now, but banks don’t really have the technical knowledge.”

Export controls is a defined term with legal obligations attached, Almaraz says, but he argues dual use is a “very loose term” and that “bankers are not engineers”. Banks may simply drop some customers or exit certain countries that carry higher risk of EAR violations, he says.

“If you don’t have a big presence [in particular market], or you don’t have much of a business there, it could be very tempting to just scrap the country off your appetite list and say I’m not going to deal with them.”

The UK recently refreshed its own export control laws, which included fresh reporting requirement for banks, and launched a new body tasked with detecting and enforcing infringements of the rules.

In September, the G7 published for the first time collective guidance on export controls in an effort to streamline compliance across the countries that share a common opposition to Russia.