Denied Parties Screening for Export Compliance

Denied Parties Screening
Denied Parties Screening

Denied Parties Screening is an essential practice for ensuring regulatory compliance to U.S. law.  Screening is performed to restrict or prohibit U.S. individuals and organizations from shipping products or providing services to parties listed on denial, debarment, and blocked persons lists.

Screening applies to all businesses regardless of product or service sector.  An organization is obligated to ensure that any transaction, where there is a transfer of money, is not destined to an individual or entity on a government watch list.  Screening also applies to businesses that only engage in domestic transactions, as individuals on these lists often reside in the United States.

The sanctions these screenings are designed to implement are often in effect regardless of an item or service’s export regulation classification.  Failure to perform a screening that results in the sale or transfer of an item, service, or information to a denied party or entity can result in civil fines, criminal fines, and imprisonment.

To illustrate the severity of failure to comply with these sanctions, the Department of Treasury’s Office of Foreign Assets Control (OFAC) has set, as of February of 2022, a maximum civil fine of $1,644,396 per violation of the Foreign Narcotics Kingpin Designation Act (FNKDA).

Who Should be Screened

Dependent on the business environment of an organization, screening may be a requirement for the following:

  • Suppliers, Vendors, Subcontractors
  • Customers, Brokers, Financial Institutions
  • Employees, Visitors, Contractors, and Consultants

Conducting Denied Party Screening

U.S. Government screening lists are updated regularly.  These updates should be checked against an organization’s current database of customers, suppliers, employees (to include consultants and contractors), and visitors, to determine if any new matches may exist.  Records of these screenings should be maintained for a minimum of five years.

Should this periodic screening indicate that a party in question is matched on one or more of the denied parties’ lists.  A review of the screen should be conducted by the organization’s Export Compliance Official (ECO) to determine if the result is a false positive match. 

If it is determined that the screen has correctly identified a person or entity, the organization should cease all involvement with that party.  This includes making efforts to stop any shipment which is in-transit to the matched party. 

If a transaction to a denied party has occurred a Voluntary Disclosure to the appropriate federal agency should be initiated.  It should be noted that Voluntary Disclosures usually are taken as a mitigating factor when penalties are imposed. 

Screening Lists

The United States Government maintains the Consolidated Screening List (CSL) as an online consolidation of multiple export screening lists.  The CSL is updated daily and includes tools that can optimize results such as a “fuzzy name search”.  These tools allow for searches without knowing exact spelling of names.  The CSL provides downloadable files that are date stamped to allow accurate record keeping.

While this provides some benefits to an organization it does not provide automation or easy implementation into business systems and databases.

Private Vendor Supplied Screening Tools

Private vendors supply Restricted Party Screening solutions that are affordable and modular.  These solutions are interfaceable to databases of persons and entities.  They can provide these screenings automatically and alert users to changes in status.  They also provide more thorough searches across wider sets of list than the CSL and these searches can be tailored to integrate into a variety of business systems.

CVG Strategy Can Help

Export Compliance is an important subject for businesses engaged in sales of items that are intended for international sales or could result in international sales.  Failure to comply with regulations can result in criminal prosecution including imprisonment and fines.  It can also result in civil penalties and disbarment from export activities.  Your business cannot afford to have its reputation ruined by a failure to comply.

CVG Strategy can help you in understanding Export Administration Regulations and establishing a coherent and effective export compliance system.   We can perform export control classifications, perform audits, and educate your team.  Regardless of whether your business falls under EAR or ITAR, CVG Strategy has the expertise to help.  Contact Us with you export regulation questions.

FBI Concerns About TikTok User Data

FBI Concerns about TikTok
FBI Concerns about TikTok

FBI concerns about TikTok’s use of U.S. citizens’ user data were conveyed to the House Committee on Homeland Security by Director Christopher Wray.  The Chinese owned social media app currently has over one billion monthly users.  Among the FBI’s concerns is that the Chinese government could conduct influence operations with the app or use it to gain control of millions of user devices.

The Chinese government allows officials to obtain access to data from companies.  Currently Chinese sponsored cyber attacks have stolen more U.S. personal and business data than all other nations combined.  Wray stated that the bureau has seen an increase in cybersecurity cases.  It is estimated that ransomware alone cost U.S. businesses $1.2 billion dollars in 2021.

Chinese Government Ties Not a New Concern

Former President Donald Trump attempted to ban TikTok in the United States in 2020 due to concerns for national security.  This executive order was revoked in 2021 by President Joe Biden. The Biden administration then asked the Treasury Department to investigate the app.  Consequently, the Committee on Foreign Investment in the United States (CFIUS) has been examining the risks and implications of TikTok’s continued activity in  the U.S. market. 

In 2020, the Department of Defense recommended that employees not install or uninstall TikTok  on their personal devices.  This was incorporated into Army, Navy, and Marine policies.  These policies ban the app from all government phones because the app is considered a cyber threat.

Many private organizations are also banning the app on business owned devices and taking cybersecurity preventative measures such as blocking specific internet categories or domains.

Chief Concerns About TikTok

TikTok’s parent company ByteDance is a Chinese company.  The Chinese National Intelligence Law requires all organizations and citizens to cooperate with state intelligence activities.  The company collects sensitive information from millions of devices without the user’s knowledge or permission.  This data can include browsing history, geolocation, and file names. 

ByteDance also collects Personally Identifiable Information (PII) such as image, age, gender, and relationship status.  Additionally it is alleged that the app collects various types of biometric data such as fingerprints, iris scans, and facial geometry. On the whole TikTok’s data collection activities are seen by industry experts as being far more intrusive than comparable apps.

Of even greater concern, TikTok has regularly been in violation of the Children’s Online Privacy Protection Rule (COPPA) which prohibits the collection of PII of children under the age of 13 without parental consent.  App content has also been a recurring concern raise about the app.  A national group of state attorneys have stated concerns that app content may pose a threat to the mental health of children. 

Aside from distribution of content that is not appropriate for children, the app also is used as a propaganda device for the Chinese government by both putting forth influencing content and banning information critical of the policies and actions of the nation.

CVG Strategy Cybersecurity Solutions

FBI Concerns about TikTok illustrate scope of the problem businesses are facing with cybersecurity.  IT solutions alone are not sufficient to combat these forces.  Viable solutions include all stakeholders in an enterprise.  They include people, policies, procedures, risk analysis, incident responses, and an internal auditing process that yields constant improvement.

CVG Strategy provides cybersecurity consulting and training for large and small organizations.  Our experts can tailor a program using risk management process to identify information assets and interested parties.   We can create the documentation and provide the essential training to establish your ISMS and guide you through certification audits.

CVG Strategy also provides consulting services for NIST 800-171 and CMMC Certification for those businesses and institutions providing services to the Department of Defense and other government agencies.