Restricted Party Screening – Best Practices

Screening is an essential element of all export compliance programs.  Serious penalties for noncompliance do exist in this area, even when it’s unintentional. It’s important that every exporter be aware of some basic best practices for effective and successful screening.

Garbage In – Garbage Out…

Data integrity is crucial!  We’ve all heard the saying garbage in, garbage out – that is 100% true with screening, and it is only as effective as the information that is fed into any tool.

This means that incomplete or insufficient customer or transaction data, spelling mistakes, and typos will all affect the results. For example, lots of exporters cannot afford the expensive screening tools and use the Consolidated List; a free tool offered by the U.S. Government that screens many lists.

Kim Jung Un, the current President of North Korea, is a hit on the Consolidated List. However, if we screen Kim Jung Uno through the CSL, he is no longer a hit.  Imagine what this could mean for other common names such as Muhammad, Mohamed, Mohammad, Mohammed, Mohamad, Muhammed etc.

Another common error is not screening legal names.  In some countries, people will adopt a “Christian” name versus their legal name, which they use in a business setting.  This is not helpful when trying to determine if the person you are conducting business with is restricted.  Remember also that the order matters – circling back to Kim Jung Un – if we scramble the name on the CSL to Un Kim Jung, he is no longer a hit on the list.  This is true for most search engines, which is why the order matters.

Remember that accurate information and due diligence are key to effective screening. Poor Data Quality will not result in effective screening.  Incomplete or insufficient customer data, spelling mistakes, typos etc., all contribute to false positive results.

Screening is a company’s first line of defense, so it is vital that the information being screened is accurate.  Utilizing checklists in the data entry process, removing the ability to save incomplete records, and training employees are just a few of the ways to incorporate an effective screening program.

What About Addresses?

Yes, you must also screen addresses.  This means that even if the entity is not a hit, you must also screen the address.  Why?  Because in June of 2024, BIS added “address only” entries.  This was done to address diversion risks – meaning that BIS designated certain addresses WITHOUT listing any associated companies or entities.  In these cases, when only an address is named, BIS has determined that shipping to ANY entity at this address is prohibited.

Best Practices

Below is a list of best practices that we have developed to assist companies with screening.

• Always screen all parties to all export transactions (& other transactions if applicable), including addresses, forwarders, any intermediate consignees, and all individuals involved in the transaction.
• All Exporters Should be Familiar with – Know your customer: All companies are expected to know their customers and to perform their due diligence for all export transactions.  This should be fully documented for all export transactions and any other screening your company does.
• Screen at multiple intervals:  Screen as often as necessary to ensure compliance for your company and business model.  That is not the same for everyone.  For some, that can mean screening at multiple stages: during initial contact, account or contract setup, order acceptance, and then again immediately prior to shipment or technical data exchange, to ensure compliance.
• Document everything and maintain a thorough audit trail: Keep records of all screening results and the entire transaction for the required five years, and be prepared for potential audits or end-use checks from Export Enforcement.  Document everything – have screenshots of screenings/internet searches.  Save all research.  Be audit-ready!
• Train Employees and provide necessary tools: Ensure all relevant staff are trained on screening procedures and red flags to watch for to ensure consistent compliance.  Provide the necessary tools for your organization.  If it’s feasible for your company, you should automate the process, especially if you have a high volume of transactions.  Be sure to understand how your screening tool works.  For example, if you enter the entity name and address, will the tool screen them separately or all together?
• Follow an established Export Management Compliance Program (EMCP) or other Export Policy: Have a clear, written procedure and plan for handling potential matches, including a defined chain of command for review and final determination.  Ensure any escalations are fully documented in your audit trail.
• Integrate screening into the appropriate functions and screen beyond just a name:  Make sure all appropriate functions are coordinated and work together to ensure consistent and compliant screening.  This is a cross-functional responsibility where screening affects various functions involved, and sometimes that includes multiple departments responsible for various aspects of screening, such as Procurement, technology transfer, physical shipping, finance, etc.  Remember to use available information to research any red flags and always pay attention to the details of any transaction from a due diligence perspective and on a case-by-case basis.
• Don’t export without screening: Never attempt to export an item or controlled technical data outside the U.S. before completing all necessary screening requirements.  This includes deemed exports to foreign persons here in the US or technical conversations with foreign persons abroad, especially those who haven’t been internally vetted yet, that are from external or partner companies.
• Don’t ignore red flags: If a transaction raises a “red flag,” don’t ignore it. Perform additional due diligence to ensure the transaction is compliant.
• Don’t ignore potential matches (false positives): A “soft match” requires an internal review process for verification. Don’t simply assume it is a false positive and proceed; refer to those documented procedures and verify.
• Don’t neglect record-keeping: Failure to document compliance efforts can make it difficult to prove due diligence to regulators, potentially leading to massive fines. A thorough audit trail is always necessary.
• Don’t assume a one-time screening is sufficient: Watch lists change frequently, so a party cleared one day might be added to a denied list the next. Rescreening is essential; again, refer to your internal procedures on when screening is performed.
• Don’t ignore screening prior to the export of controlled technical data for any activity. Just a friendly reminder that tech data exports are still an export transaction – Including technical conversations (both here in the US with foreign persons – and abroad, or just a Zoom call), RFPs, proposals, and many other opportunities where technical data exchange may occur.

Remember…

All companies, regardless of size, are tasked with adhering to the law, including compliance with U.S. export regulations.  Following U.S. Government regulations is not optional, and one of those rules includes not doing business with any entities that the government has placed on any restricted lists.

Screening is a required control to prevent illicit transactions by prohibited entities. It is required by law in many countries, including the United States, Canada, the United Kingdom, and the European Union.

Failure to comply with export regulations can result in significant financial, legal, and reputational risks for businesses. Penalties for non-compliance can include fines and, in the most severe cases, can lead to criminal charges.  Screening ensures that companies are not doing business with prohibited entities and Remember – exporting to an entity on any of the denied party lists is illegal and includes not just the end user or your customer, but also financial institutions, resellers etc.

If you don’t have a restricted party screening process, EMCP, or a screening tool to use that is more user-friendly than just the consolidated list, we can get you covered. Schedule a no-charge consultation with one of our experts today.