Mr. Sanctions

Category: Dual-Use Goods

  • Burning Questions: Export Control on both sides of the pond

    The Claude prompt:

    Explain the UK’s export control licensing system, and compare and contrast it to that of the US, in language suitable for non-expert professionals. Show your sources and verify that the response is supported by the sources. If anything is less than well-supported, see if you can find sources that buttress or clarifies those points.

    The response:

    UK and US Export Control Licensing Systems: A Plain-English Guide

    Export controls are laws that regulate what goods, technology, and services a country allows to leave its borders — and to whom. They exist to prevent sensitive or dangerous items from reaching hostile states, terrorist groups, or others who might misuse them. Both the UK and US have comprehensive systems, but they’re structured quite differently. Here’s how each works, followed by a direct comparison.

    Part 1: The UK System

    Who runs it?

    The Export Control Joint Unit (ECJU) administers the UK’s system of export controls and licensing for military and dual-use items. It brings together operational and policy expertise from the Department for Business and Trade (DBT), the Foreign, Commonwealth and Development Office (FCDO), and the Ministry of Defence (MOD). DBT has overall responsibility for the statutory and regulatory framework of export controls and for decisions to grant or refuse an export licence. FCDO and MOD are DBT’s principal advisers, advising on the Strategic Export Licensing Criteria used to assess licence applications.

    Think of the ECJU as a single front door for the whole system — but with three departments consulting behind the scenes before a decision is made.

    What items are controlled?

    The UK maintains the Strategic Export Control Lists, which detail military goods, dual-use items, and controlled technologies. These lists align broadly with EU and international lists but diverge in specific areas, particularly post-Brexit. The list is searchable online through the UK government website.

    Controlled goods include most items which have been specially designed or modified for military use and their components, including any technology and software used in or with the item, as well as dual-use items — goods that can be used for both commercial or military purposes, such as ball bearings that use technology which could be repurposed to make ballistic missiles.

    Importantly, even if a product is not listed on the control lists, it may be subject to end-use controls if the exporter knows or suspects it will be used in prohibited applications, such as weapons development or military purposes in embargoed countries. This “catch-all” provision imposes a responsibility on exporters to obtain licences for unlisted goods if they possess knowledge of restricted end-use.

    What types of licences are there?

    The UK offers three main licence types, designed to suit different export scenarios:

    1. Open General Export Licence (OGEL) — the simplest route. OGELs are the most flexible and commonly used licence, enabling unlimited exports to pre-approved destinations. You only need to register once to start using them. They’re pre-published, publicly available, and cover many routine, lower-risk situations.

    2. Standard Individual Export Licence (SIEL) — needed when no OGEL applies. SIELs for permanent exports are generally valid for 2 years or until the quantity specified has been exported, whichever occurs first. The ECJU aims to provide a decision on 70% of SIEL applications within 20 working days, and 99% within 60 working days.

    3. Open Individual Export Licence (OIEL) — for repeat business. An OIEL allows a named exporter to export multiple shipments of specific controlled goods to named destinations. It is tailored to an exporter’s specific needs and is available to exporters who have a track record in applying for export licences, or those who can demonstrate business need. OIELs are usually valid for 3 to 5 years.

    How are applications assessed?

    The ECJU assesses all licence applications on a case-by-case basis against the Strategic Export Licensing Criteria, which provide a thorough risk assessment framework. A licence will not be granted when it is inconsistent with the Criteria. Those criteria weigh factors including human rights in the destination country, regional stability, the risk of proliferation of weapons of mass destruction, and the UK’s international obligations.

    What are the consequences of non-compliance?

    It is a criminal offence to export controlled goods without the correct licence. Penalties vary depending on the nature of the offence. They can range from de-registration to fines or imprisonment.

    Part 2: The US System

    A more fragmented structure

    The US system is notably more complex because it is split across multiple agencies depending on the type of item involved. The three principal bodies are: the US Department of Commerce’s Bureau of Industry and Security (BIS), which oversees the Export Administration Regulations (EAR); the US Department of State’s Directorate of Defense Trade Controls (DDTC), which oversees the International Traffic in Arms Regulations (ITAR) and the Arms Export Control Act; and the US Department of Treasury’s Office of Foreign Assets Control (OFAC), which administers economic sanctions and embargoes. Nuclear-related export controls are additionally administered by the Nuclear Regulatory Commission and the Department of Energy.

    In practice, most exporters need to navigate two main regimes: ITAR and EAR.

    ITAR — for purely military items

    Administered by the US Department of State through the DDTC, ITAR governs items on the United States Munitions List (USML). This list covers a wide range of defense-related items, from firearms and explosives to spacecraft and advanced targeting systems. ITAR does not only apply to the physical objects themselves — it also applies to technical data and services related to those items. That means design documents, instructions, or even the know-how to maintain an ITAR-controlled aircraft engine are just as tightly regulated as the engine itself.

    ITAR regulations place strict restrictions on who can view or handle controlled items and data. In almost all cases, only US persons (meaning US citizens or permanent residents) are permitted access unless a special licence is obtained. Even something as simple as allowing a foreign national employee to view a controlled document on a shared drive could count as a violation if no authorisation is in place.

    EAR — for dual-use and commercial items

    The EAR regulates the manufacture, sale, distribution and export of commercial and dual-use items, technology and information not already covered by ITAR. The governing agency is the US Department of Commerce’s Bureau of Industry and Security (BIS), and its primary document is the Commerce Control List (CCL). Each item that falls under the EAR is assigned an Export Control Classification Number (ECCN).

    EAR applies to dual-use items — those with commercial applications that could also be adapted for military or security purposes, such as advanced semiconductors, encryption software, or certain chemicals. While EAR also places access restrictions, they are more nuanced. The level of restriction depends on the classification of the item, the destination country, the intended end use, and the end user.

    Penalties

    ITAR licences from DDTC typically take 60–90 days but can exceed 120 days for complex cases. EAR licences from BIS average 30–60 days. Civil penalties can exceed $1M per violation. Criminal penalties for wilful violations include fines up to $1M and 20 years imprisonment.

    Part 3: Comparing the Two Systems

    Here is where the most practically significant differences lie.

    1. Single agency vs. multiple agencies

    The UK channels everything through one body — the ECJU. The US divides responsibility between at least three major agencies (State, Commerce, Treasury), plus others for nuclear matters. The US regime has more jurisdictions, more categories of items, and more combinations of restrictions, exceptions, exemptions, and governing authorities. Overall the US regime is similar to but more restrictive and burdensome than the UK regime.

    2. The “deemed export” rule — a major US-specific concept

    This is one of the most significant differences for organisations employing international staff or collaborating across borders. The US export control regime recognises that certain disclosures or transfers of controlled items to certain individuals (typically foreign nationals that are not exempt) may be deemed to be an export or re-export. In plain terms: showing a controlled document to a foreign colleague in a US office can constitute an “export” requiring a licence.

    By contrast, the UK regime has no concept of “deemed” exports — disclosures and transfers under UK law are nationality-agnostic. The UK regime applies to transfers and disclosures of controlled items made from within the UK to destinations and recipients outside of the UK. This is a substantial practical difference for universities, research institutions, and multinationals.

    3. Extraterritorial reach — the US casts a much wider net

    US regulations routinely apply to items after they’ve been exported from the United States, and in many cases to items that have never touched US soil. For example, foreign-made products or software that contain US components, or are produced with the benefit of technology or software originating in the United States, may be subject to US export licence requirements.

    The US export control laws have a wide-ranging extraterritorial reach and the US government seeks to penalise companies and individuals who breach the export control laws, regardless of where they are located.

    The UK, by contrast, focuses primarily on exports departing from UK territory. EU and UK sanctions apply within the territory of the United Kingdom, aboard aircraft or vessels under their jurisdiction, to UK nationals, and to entities constituted under UK law. To date, neither the EU nor the UK has aggressively enforced sanctions against foreign persons processing transactions through their financial systems, in contrast to the United States.

    4. Licence types and flexibility

    The UK regime currently makes more extensive use of open licences and general authorisations (OGELs) for exporting predefined items to eligible destinations. These function as standing pre-approvals for common, lower-risk scenarios, reducing the burden on exporters. The US has analogous “licence exceptions” under the EAR, but commentators generally find them less accessible. Exporters with experience in both systems generally find the EU/UK system easier to navigate.

    5. End-use controls

    The UK regime has more widely defined end-use controls for unrated items — meaning UK exporters face a broader “catch-all” obligation to seek a licence even for items not on any formal list if they have reason to believe the end-use is problematic. The US end-use controls are similarly broad, though organised differently by item and destination.

    6. Shared international foundations

    Despite their differences, both systems rest on the same multilateral foundations — chiefly the Wassenaar Arrangement (conventional arms and dual-use), the Nuclear Suppliers Group, the Australia Group (chemical and biological), and the Missile Technology Control Regime. This means the categories of controlled goods are broadly similar; the differences are procedural, institutional, and in the breadth of jurisdiction.

    Summary Table

    FeatureUKUS
    Central bodySingle agency (ECJU)Multiple agencies (BIS, DDTC, OFAC, others)
    Main licencesOGEL, SIEL, OIELLicence exceptions (EAR), DDTC licences (ITAR)
    Military itemsUK Military List (via ECJU)USML / ITAR (via DDTC/State Dept)
    Dual-use itemsStrategic Export Control List (via ECJU)Commerce Control List / EAR (via BIS/Commerce)
    Deemed exportsNot applicable — nationality-agnosticYes — disclosures to foreign nationals in the US can require a licence
    Extraterritorial reachPrimarily territorialBroad — applies to US-origin content worldwide
    Ease of navigationGenerally simplerMore complex; multiple overlapping frameworks
    PenaltiesCriminal fines and imprisonmentCivil fines up to $1M+; criminal fines up to $1M and up to 20 years imprisonment

    Practical takeaway: If your organisation exports from the UK, you are dealing with one agency applying one set of criteria. If you work with US-origin technology or employ non-US nationals on US-controlled projects — even in the UK — US rules may apply to you regardless. Any organisation operating internationally should be aware that the two systems can overlap, and compliance with one does not guarantee compliance with the other.

    , , , , , , , ,

  • Burning Questions: Doesn’t India have export control requirements?

    Yes, I thought Gemini had left out the dual-use goods screening requirements for Indian banks, which I had run into some years ago, so I asked…

    For Indian banks, the requirement to check for dual-use goods has shifted from “best practice” to a hard legal mandateas of 2023, largely driven by amendments to the WMD Act and updated RBI Master Directions.

    Here is the specific breakdown of the requirements for Indian financial institutions.

    1. The Core Legal Mandate: The WMD Act (Amendment)

    The most critical regulation is the Weapons of Mass Destruction and their Delivery Systems (Prohibition of Unlawful Activities) Amendment Act, 2022.

    • The “Finance” Clause: Section 12A was inserted to explicitly prohibit the financing of any activity related to weapons of mass destruction and their delivery systems.
    • The Implication: Before this amendment, the law mostly targeted exporters/manufacturers. Now, if a bank provides a Letter of Credit (LC) or processes a payment for a dual-use item that is being exported illegally, the bank itself can be held liable for “financing” a prohibited activity.

    2. The Regulatory Instruction: RBI Master Direction

    The Reserve Bank of India (RBI) operationalized the WMD Act through the Master Direction on KYC (Updated 2023) to align with FATF Recommendation 7 (Proliferation Financing).

    • Section 12A & 54: The RBI explicitly instructs banks to ensure they do not deal with funds or assets of individuals/entities designated under the WMD Act or UNSC resolutions (Iran/North Korea).
    • Risk Assessment: Banks are now required to conduct a “Proliferation Financing Risk Assessment.” This means they must identify which of their customers (e.g., chemical manufacturers, aerospace startups) deal in dual-use goods and apply higher scrutiny to them.

    3. The Control List: SCOMET

    Indian banks do not screen against “Wassenaar” or “US Commerce” lists directly. They screen (or should screen) against the SCOMET List (Special Chemicals, Organisms, Materials, Equipment, and Technologies).

    • What it is: This is India’s national dual-use list, maintained by the DGFT (Directorate General of Foreign Trade). It consolidates all the major regimes (Wassenaar, MTCR, NSG) into one document.
    • The Check: If a bank customer is exporting an item on the SCOMET list, they must present a valid SCOMET Export Authorization (license) to the bank.
    • Bank Obligation: In Trade Finance, the bank is expected to verify that the goods declared in the Letter of Credit/Invoice do not require a SCOMET license, or if they do, that the license is present and valid.

    4. How Indian Banks Actually Implement This

    In practice, Indian banks (especially larger ones like HDFC, ICICI, SBI) handle this in two layers:

    1. Sanctions Layer (Automated):
      • They screen names/entities against the UNSC Consolidated List and the MHA (Ministry of Home Affairs) designated list. This is automated and mandatory for every transaction.
    2. Trade Finance Layer (Manual/Semi-Automated):
      • When processing an export bill or LC, the trade desk checks the HS Code.
      • If the HS code matches a “high risk” SCOMET category (e.g., nuclear materials, high-end electronics), they ask the exporter for a “Non-SCOMET declaration” or the actual license.
      • Note: The DGFT’s online system for SCOMET licenses actually requires exporters to input their Bank Details(Bank Name, Branch, IFSC), which creates a digital trail linking the bank to the specific licensed transaction.

    Summary Table for Policy Drafting

    ComponentRequirement SourceWhat Banks Must Do
    The LawWMD Act Amendment 2022Ensure no funds are provided to prohibited WMD activities.
    The RegulatorRBI Master Direction (KYC)Conduct PF (Proliferation Financing) Risk Assessments; screen UNSC lists.
    The ListSCOMET List (Appendix 3 of ITC HS)Verify SCOMET authorization for controlled exports.
    The TriggerTrade Finance / ForexFlag transactions involving HS codes that overlap with SCOMET items.

    so, I asked Gemini why India had been left out of the first response – and, as usual Gemini was its usual solicitous self:

    That was an oversight on my part, and you are right to call it out. India absolutely should have been in that conversation, especially given the aggressive legal updates in 2022 and 2023.

    I likely excluded it from the initial “top tier” list for two nuanced reasons regarding how compliance is viewed globally versus locally:

    1. Recency of the “Financial” Mandate

    The countries I listed (US, HK, Singapore) have had explicit banking guidance on dual-use goods for quite some time.

    • India’s Shift: Until the WMD Act Amendment in 2022, the burden in India was almost entirely on the exporter(via the DGFT and Customs). Banks were primarily checking boxes to ensure paperwork (like the IEC code) was in order.
    • The Change: The 2022 Amendment (Section 12A) was the game-changer that explicitly criminalized the financingof these goods.1 This moved India from “administrative checks” to “active liability” very recently, so it sometimes gets missed in older global compliance playbooks.

    2. “Check the License” vs. “Screen the Goods”

    This is a subtle but critical distinction in how the requirement works:

    • The “Hong Kong/US” Model (Detective Approach):These regulators expect banks to act like detectives. Even if the exporter says “this is a harmless pipe,” the bank is expected to look at the description, screen it against a list (like the Commerce Control List), and say, “Wait, this pipe specifications match a nuclear centrifuge part.”
    • The “India” Model (Gatekeeper Approach):Historically, the RBI and DGFT framework treated banks more as gatekeepers of documentation. The requirement was often: “Did the customer give you a valid SCOMET license? If yes, process it. If no, get a declaration.”While this is changing, many Indian banks still operate on the premise that if the customer declares it as Non-SCOMET, the bank is safe. In contrast, US/EU regulators increasingly tell banks they cannot just trust the customer’s declaration and must independently verify the goods.

    Summary: Where India Fits Now

    If I were to redraw that first list for 2025/2026, India belongs firmly in the “Strict” category, but with a different flavor:

    • US/EU: Strict because of global reach and independent screening expectations.
    • India: Strict because of criminal liability (under the WMD Act) and the tight integration with Forex laws (FEMA).

    , ,

  • Burning Question: What export control lists should I consider?

    For a compliance policy or screening tool, you need to distinguish between the Source Regimes (where the lists are agreed upon diplomatically) and the Implementation Lists (the actual legal documents you screen against).

    Most screening tools ingest the Implementation Lists because those contain the specific codes (ECCNs) and legal definitions used by customs.

    1. The “Big Four” (The Source Regimes)

    These are the multilateral agreements where experts decide what counts as “dual-use.”

    • Wassenaar Arrangement (WA): Covers conventional arms and dual-use goods and technologies (e.g., encryption, sensors, lasers, aerospace). This is the largest and most commercially relevant list.
    • Nuclear Suppliers Group (NSG): Covers nuclear material and nuclear-related dual-use equipment (e.g., high-grade graphite, certain machine tools).
    • Missile Technology Control Regime (MTCR): Covers delivery systems (missiles, drones) and related technology (e.g., propulsion, guidance systems).
    • Australia Group (AG): Covers chemical and biological weapons proliferation (e.g., precursors, fermenters, toxins).

    2. The Implementation Lists (What You Actually Screen)

    Banks and exporters do not usually screen against the “Wassenaar list” directly. They screen against the national laws that incorporate those regimes.

    List NameJurisdictionDescription
    Commerce Control List (CCL)USAManaged by the BIS. Items are identified by an ECCN (Export Control Classification Number). This is the global “gold standard” because of the reach of the US Dollar.
    EU Dual-Use Annex IEUThe consolidated list for all EU member states (Regulation 2021/821). It combines all four regimes above into one document.
    UK Strategic Export Control ListsUKThe “Consolidated List of Strategic Military and Dual-Use Items.” Post-Brexit, the UK maintains its own, though it largely mirrors the EU/Wassenaar.
    METI Control ListJapanManaged by the Ministry of Economy, Trade and Industry. Highly specific for Asian trade corridors.

    3. The “High Priority” Subsets (Crucial for 2025/2026)

    Because screening millions of transactions against the full dual-use list is difficult (and generates many false positives), regulators have recently published shorter, prioritized lists specifically targeting Russian and Iranian supply chains.

    • Common High Priority List (CHPL):
      • Issuers: Jointly identified by the US (BIS), EU, UK, and Japan.
      • Content: This is a subset of about 50 HS Codes (Harmonized System codes) that are essentially “Red Alert” items. It includes microelectronics (integrated circuits), CNC machine tools, and ball bearings.
      • Action: If you are building a tool, flagging these HS codes is the highest priority for immediate risk reduction.

    4. The “Data Problem” (HS Codes vs. ECCN)

    This is the hardest part of building a screening tool.

    • The Mismatch: Dual-use lists are defined by technical specifications (e.g., “Carbon fiber with tensile strength > X”), but bank data usually only has HS Codes (e.g., “6815.10 – Articles of carbon”).
    • The Solution: You need a Correlation Table.
      • The European Commission publishes a “Correlation Table” that maps EU Dual-Use codes to Customs CN codes.
      • Warning: It is not 1-to-1. One HS code might contain both controlled and uncontrolled items. This is why “catch-all” screening often produces false positives (e.g., stopping a shipment of tennis rackets because they share an HS code with controlled carbon fiber).

    , ,

  • Burning Question: Do I need to screen controlled goods lists?

    My prompt:

    What countries require that financial services firms check their transactions against dual-use goods lists?

    Gemini’s initial response:

    Most countries do not have a simple, direct law that says “banks must screen all transactions against dual-use goods lists” in the same way they mandate screening against Terrorist or Sanctions lists (like OFAC or the UN Security Council lists).

    However, Hong KongSingaporethe United Arab Emirates, and the United States have arguably the most explicit regulatory frameworks or recent guidance that effectively compel financial institutions to perform these checks, particularly for trade finance.

    In most jurisdictions, the “requirement” is indirect: banks are legally prohibited from facilitating Proliferation Financing (PF) (funding weapons of mass destruction). Since dual-use goods are the primary method for this, regulators expect banks to screen for them to avoid breaking the broader law.

    1. Countries with Explicit Guidance or “De Facto” Mandates

    These jurisdictions have issued specific guidance documents telling banks that they are expected to screen for dual-use goods.

    • Hong Kong:
      • The Mandate: The Hong Kong Monetary Authority (HKMA) and the Hong Kong Association of Banks (HKAB) have issued granular guidance notes. They explicitly expect banks to check for dual-use goods in trade finance transactions.
      • Specifics: The guidance is detailed, asking banks to identify if goods in a transaction match those on the Import and Export (Strategic Commodities) Regulations. It is considered one of the strictest explicit expectations globally.
    • United States:
      • The Mandate: While the US Export Administration Regulations (EAR) primarily target exporters, the Bureau of Industry and Security (BIS) issued new guidance in October 2024 that significantly increased the pressure on banks.
      • Specifics: The “General Prohibition 10” rule prevents any person (including banks) from financing a transaction with “knowledge” that a violation has occurred. The new guidance clarifies that banks cannot ignore “red flags” and explicitly recommends screening customers and transactions against BIS lists (like the Entity List and Commerce Control List) as a best practice to avoid liability.
    • Singapore:
      • The Mandate: The Monetary Authority of Singapore (MAS) includes dual-use goods screening as a key part of its Anti-Money Laundering (AML) controls for trade finance.
      • Specifics: Banks are expected to have specific policies to detect “strategic goods” (their term for dual-use items). If a bank fails to catch a dual-use good shipment that aids proliferation, they can be penalized for having inadequate AML/CFT controls.
    • United Arab Emirates (UAE):
      • The Mandate: The UAE has recently tightened controls on proliferation financing. Circular No. 1 of 2022 explicitly publicized the “UAE Control List” for dual-use items.
      • Specifics: Financial institutions are required to ensure they are not facilitating the transfer of these goods to sanctioned entities. The publication of the list was accompanied by warnings that compliance is mandatory to avoid penalties.

    2. How the “Requirement” Works (The Legal Hook)

    If you are looking for a law that looks like the “Patriot Act” but for dual-use goods, you won’t find one. Instead, the requirement comes from Proliferation Financing rules:

    Type of ScreeningLegal BasisApplicability
    Sanctions ScreeningExplicit Law (e.g., OFAC, EU Sanctions).Mandatory for every transaction (payments, wires, etc.).
    Dual-Use ScreeningRisk-Based Guidance (e.g., FATF Rec 7).Expected for Trade Finance (Letters of Credit, Bills of Lading).

    Why banks do it anyway:

    If a bank processes a payment for a dual-use good (e.g., high-grade carbon fiber) that ends up in an Iranian missile program, the bank can be fined billions for violating Sanctions laws, not just export laws. Therefore, they screen against dual-use lists (like the EU Annex I or US Commerce Control List) to protect themselves.

    3. Summary by Region

    • European Union: The EU Dual-Use Regulation (2021/821) obliges exporters to get licenses. Banks are not explicitly named as “enforcers” in the regulation itself, but EU banks screen to ensure they aren’t processing payments for unlicensed exports, which would be a predicate offense for money laundering.
    • United Kingdom: Similar to the EU. The focus is on the exporter, but the UK’s Financial Conduct Authority (FCA) expects banks to have systems to identify “high risk” trade, which implicitly includes dual-use goods.
    • Japan: Under the Foreign Exchange and Foreign Trade Act, banks must confirm that certain transactions (especially those involving “residential status” or specific regions) do not violate export controls, though the burden is heavily shared with the exporter.

    Hint: I felt something was missing with this response… tune in tomorrow.

    , ,