By Tom Reynolds, Export Solutions

This is the first in a series of articles called The Automation Dilemma. During the next few weeks and months, we’ll discuss some of the common “do’s and don’ts” of automating your company’s export compliance process. Keep checking back for future installments in this series.

In today’s world, many companies use different methods to automate their compliance procedures. There are so many variations, it can be hard to stay focused on what to look for during the design and implementation process. I’ve seen many of the basic principles of compliance overlooked during the requirements phase of a project, which can result in very costly mistakes for your business down the road.

This article is the first in a series which will address The Automation Dilemma. Today, we’re going to talk about restricted parties list screening within an Enterprise Resource Planning (ERP) system. When I refer to restricted parties lists (RPL), I mean any of the following U.S. government lists: Denied Parties List (BIS), Unverified List (BIS), Entity List (BIS), Specially Designated National List (OFAC), Debarred List (DDTC) and Non-Proliferation Sanctions Lists (OFAC).

Whether you’re using SAP, BAAN, J.D. Edwards, Oracle or a company-developed ERP system, these basic principles should be decided:

  • What transactions to screen?
  • What lists to use?
  • Who will create and update the lists?
  • How often should I re-screen?
  • How sensitive should the screening be?

What transactions to screen and how often?

The first decision is what transactions to screen and how often to screen them. To answer this question, you need to become very familiar with your company’s order fulfillment process. I suggest mapping out your entire process, including the time between when an order is placed, to when it is shipped or received by your customer; including purchases as well as sales. All of your company’s sales orders, purchase orders and repair orders should be screened against all the RPLs. For those of you who have your HR system integrated into your ERP system, screening your employees is a good idea, too.

What lists to use?

U.S. companies should screen all of the U.S. restricted parties lists. This includes screening the debarred list – even if your company isn’t producing military items. The individuals on this list are “red flags” and known violators, which means your company probably shouldn’t be doing business with them. If your company has locations outside of the U.S., I suggest adding those countries’ sanctions/embargoes to your overall RPL screening.

Who will create the lists?

Having your employees keep the lists up-to-date is not a good idea. Maintaining the lists is an onerous job and often requires a full-time job. These lists can change daily, and updating them requires extensive scanning of the federal register or other governmental notices. On top of that, a person must configure the names, addresses, aliases, effective dates, and other relevant information into a computer language format (e.g., ASCII, text delimited, etc.). So, it’s much more cost effective to purchase your restricted party list from a vendor who specializes in creating and updating them. Depending on your needs, these RPL subscriptions can range from $5,000 to $20,000 per year – far less expensive than hiring a full-time employee. We have compiled a list of various companies who provide this type of service. If you’re interested, contact us at for more details.

How often should I rescreen?

Screening should include verification of address and names of all parties to the transaction. This includes such parties as: purchaser, “bill to” address (if different than purchaser), “ship to” address, intermediate consignees, freight forwarders, customs brokers and contact/ “attention of” names. The frequency of screening depends on your business model. If you have a 24-hour/7-day turnaround time from order placement to order fulfillment, one screening is usually adequate. However, this also depends on how frequently you update the lists. If you update the lists only once per week, and the order fulfillment takes place within that 7-day window, then only one screening is required. I often suggest that the restricted parties screening be part of the customer/vendor set-up process. If you don’t have a requirement to set-up a new customer or vendor profile in your ERP system, then screening should occur upon order entry.

Bottom Line: You don’t want to waste time and money trying to fulfill and order if you can’t go through with the transaction due to the customer or vendor being a restricted party. If you have longer lead times (e.g., 3-6 months for manufacturing) you will want to consider screening the RPLs a few times during the fulfillment process. I suggest once at order entry, then again during one of the manufacturing processes (delivery order creation, quality review, etc.), and finally at shipping documentation creation (prior to shipment).

How sensitive should the screening be?

What do I mean by sensitivity? Almost all automated RPL screening tools have a level of sensitivity that you can choose. Does the name have to match letter for letter? (In other words, do you need a 100% match?) Like so many things, the answer is “it depends.”

Go back and think about your business model – including customers , distributors, vendors, data collected, products and supply chain. Look at the regions where you sell. Investigate what industries your company markets to. All of these areas will help you develop the type of automated screening your company needs. For example, if you sell directly to a consumer (like, you could have thousands of requests every day, and make the compliance job impossible, if you set the screening to sensitive. If your company is opening a location and marketing to Latin America, you may need to have a more sensitive screening.

There are other areas that can help with the screening, too. Consider having a field that describes the customer’s end-use in the ERP system. Break up the first and last name of contacts. Have a policy which states that no acronyms will be used for company names when adding them to your ERP system. (Example: The name must be entered as ‘Hewlett-Packard’ instead of ‘HP’). Determining the right level of sensitivity for your business is something of a fine art, and that’s where a seasoned trade compliance specialist can help.

The best way to figure this out is TESTING, TESTING, and more TESTING. The better you test, the better data you have to analyze what sensitivity works for your business. Remember, there is no one right way to do this.

There are many other topics to consider when automating your trade compliance processes. Check back for future installments in this series, where we’ll discuss topics such as: license determination, classification databases, commercial invoice creation, valuation algorithms, country of origin determination … and the list goes on and on!

Tom Reynolds is the President of Export Solutions, a consultancy firm which specializes in helping companies with import/export compliance.