No business intends to violate export controls. Yet the recent $140 million penalty announced by the Bureau of Industry and Security (BIS) and Department of Justice (DOJ) against a leading U.S. technology company shows just how quickly gaps in denied party screening and compliance processes can escalate into devastating consequences.
The question many compliance and business leaders are asking now is simple: how do we avoid becoming the next headline for export control violations?
The case illustrates that it’s not just about knowing the rules—it’s about having the right systems in place to enforce them consistently. If your organization exports controlled items, uses third-party distributors, or provides digital access to software or IP addresses, the risks faced by this American technology company may feel uncomfortably familiar. The truth is that manual checks, one-time screenings, and siloed oversight are no longer enough.
Denied party screening software integrated with export compliance controls could have caught the red flags earlier, blocked high-risk transactions, and prevented years of violations. In this post, we’ll look at what went wrong, what regulators expect, and how modern screening solutions help businesses protect revenue, reputation, and regulatory standing.
Key Takeaways
- The $140 million penalty levied against a major U.S. tech company shows that export control violations don’t just create headlines—they create huge financial and reputational fallout.
- Export compliance failures accumulate when gaps in denied party screening, monitoring, and escalation go unaddressed.
- Screening is not a checkbox, it must be continuous, integrated, and intelligent.
- Investing in the right denied party screening software reduces regulatory risk, ensures faster responses to new trade restrictions, and safeguards legitimate business from disruption.
- Don’t wait for the next designation update, the cost of inaction is clear. Leverage the capabilities of Descartes denied party screening software to expand globally with confidence.
Background of the BIS Enforcement Action
A leading U.S. provider of electronic design automation (EDA) software became the subject of one of the most significant recent export control enforcement actions. Between 2015 and 2021, regulators found that its Chinese operations exported—or helped export—semiconductor design technology, software, and hardware controlled under Export Control Classification Numbers (ECCNs) for semiconductors (3B991b.2.c), software (3D991), and technology (3E991), along with certain Export Administration Regulations (EAR)99 items. These exports were made to an entity ultimately tied to a Chinese military university that had been on the BIS Entity List since 2015.
The violations included:
- Unlicensed exports of controlled items worth approximately $45.3 million
- Loans, in-country transfers, and unauthorized downloads to restricted parties
- Post‑export transfers to a related corporate affiliate with overlapping personnel in the listed institute and other Chinese counterparties
- Failure to block downloads from listed companies such as Huawei, SMIC, and JSC Mikron
To resolve the case, the American company admitted to the conduct and entered into parallel settlements:
- A $95.3 million civil penalty with BIS, which also imposed mandatory audits and enhanced compliance oversight.
- A concurrent agreement with the DOJ that included $45 million in forfeitures, bringing the combined penalty to over $140 million.
This high-profile case highlights how easily compliance gaps—particularly in denied party screening and post-export controls—can cascade into systemic violations with financial and reputational consequences.
How did these Export Violations Occur Despite Compliance Awareness?
It’s easy to assume that a $140M penalty happens only when export compliance is ignored altogether. But this case shows a harder truth: even when teams are aware of the rules, gaps in execution can still lead to years of violations.
Here’s where things broke down:
- Weak or inconsistent denied party screening: Screening was often done at a limited scale rather than at every new transaction, leaving space for restricted parties to re-engage undetected. There were insufficient end-use checks, so even when customers provided information, the company did not consistently verify whether products were intended for restricted military research.
- Subsidiary oversight issues: Deals routed through their Chinese subsidiary weren’t adequately screened, exposing weaknesses in global governance and creating blind spots in export compliance coverage.
- Gaps in entity identification and corporate chains: The customer wasn’t immediately identified as an alias of the Chinese military university placed on the BIS Entity List. Shared personnel, overlapping addresses, and even installation sites weren’t consolidated, leaving critical connections overlooked. Without stronger entity resolution, restricted parties were able to blend into legitimate business dealings.
- Ineffective post-export controls: Customers downloaded software updates and transferred licenses in-country without proper gating, giving restricted entities long-term access to sensitive technology.
- Incomplete transaction-level controls: Financial transactions such as loans and transfers were not routed through export-control workflows.
- Escalation Breakdowns: Compliance red flags like unusual credit activity or conflicting information weren’t consistently elevated to legal or export control teams in time to act.
- Commercial Pressure Overrode Caution: Large accounts and revenue incentives tilted decisions toward closing deals quickly, even when compliance signals suggested slowing down. Manual approvals with limited audit trail and slow legal escalation.
When organizations rely on manual checks, fragmented data, and reactive processes, due diligence slips through the cracks. As Descartes Senior Implementation Manager Richard Smokorowski explains:
“The answer to when you should automate is always. Any manual process is vulnerable—someone will eventually forget to screen a customer, and that’s all it takes to create risk.”
The cost of gaps in compliance is not just regulatory penalties but also reputational harm, strained government relationships, and lasting restrictions on export privileges.
Where Denied Party Screening Software Could Have Made the Difference
Reviewing the export violations, it is clear that denied party screening software directly addresses the weak points that allowed restricted exports to slip through.
- Continuous Denied Party Screening at Every Touchpoint: Instead of one-time checks, automated denied party screening continuously monitors every order, shipment, download, loan, or in-country transfer. Rescreening against global watchlists updates (including sanctioned /restricted party lists from OFAC, BIS, EU, UK) ensure no transaction moves forward even if a party is newly restricted.
- Ownership Structure and Corporate Chain Analysis: Aliases, shared personnel, overlapping addresses, or even installation sites can reveal hidden ties. Enhanced due diligence with specialized risk mitigation intelligence reveals these data points so front companies and other restricted entities can’t hide behind slightly altered details.
- Integrated Export Controls Across Business Systems: When denied party screening is embedded into customer resource management (CRM), enterprise resource planning (ERP), ecommerce, and export licensing systems, no sale, shipment, or software download can bypass compliance. Screening isn’t an afterthought; it’s a built-in guardrail.
- Automated Escalation & Transaction Gating: Every red flag should trigger a hold, automated legal review, and a clear escalation path. With built-in compliance management workflows, issues don’t get lost in email chains or buried under commercial pressure.
- Post-Export End-User Monitoring: Compliance doesn’t end after shipment. Denied party screening solutions can gate software entitlements, revoke licenses, and require re-screening before in-country transfers or renewals.
- Audit-Ready Recordkeeping: Every decision, match, and escalation is logged in an immutable audit trail that complies with the recordkeeping standards of key regulators. This not only protects the organization in case of an investigation but also proves diligence.
Bottom line: Each of the violations BIS cited maps directly to a control that denied party screening software provides. Where manual, reactive processes left gaps, automated, integrated screening would have blocked restricted transactions, escalated red flags, and preserved both compliance and reputation.
Concrete Prevention Scenarios (Before and After Using Denied Party Screening Software + Export Controls)
To make the lessons more tangible, let’s look at some prevention scenarios through the lens of robust denied party screening software and integrated export controls.
| Export Compliance Gap (Before) | With Denied Party Screening Software (After) |
| Irregular compliance checks missed new designations | Every transaction is screened in real time, catching new entity list additions |
| Aliases and shared addresses with restricted parties go unnoticed | Hidden ties and connections to high-risk entities are flagged instantly |
| Red flags raised were bypassed under sales pressure | Deals are automatically paused until compliance review is complete |
Practical Recommendations for Export Compliance Teams
The details of this export violation highlights what every global business must confront: manual, ad-hoc screening is no longer enough. Relying on people to remember red flags or update lists leaves dangerous gaps—gaps that can quickly escalate into enterprise-wide violations. Here’s what the case teaches about building a resilient export compliance program:
- Screen Beyond the Obvious: Don’t limit denied party screening to direct customers. Restricted parties often hide behind distributors, resellers, logistics providers, or “friendly” intermediaries. Your program should screen every entity involved in the transaction lifecycle—from suppliers to end-users.
- Incorporate Corporate Ownership Structures and Affiliations: A restricted entity doesn’t need to appear as the direct counterparty to expose you. If it owns or controls another company—sometimes even below 50%—you could still be at risk. Screening tools with ownership data help surface hidden ties.
- Make Screening Continuous, Not One-Time: The restricted party was added to the BIS Entity List in 2015, yet transactions continued for years. This happened because screening wasn’t ongoing. Lists update daily, and customers can become restricted mid-contract. Automated, continuous screening closes that gap.
- Enforce Escalation and Legal Oversight: Red flags shouldn’t die in a sales pipeline. Every sale, shipment, loan, transfer, and software download—especially those tied to high-risk accounts, sensitive transactions, or controlled ECCNs—should automatically route to compliance or legal for sign-off before moving forward. Integrating export controls inside core business systems like ORACLE and SAP ensures nothing slips through.
- Maintain Audit-Ready Documentation: Regulators distinguish between willful negligence and good-faith effort. A centralized audit trail—complete with screening logs, escalation notes, and licensing records—can reduce penalties and prove your compliance posture.
- Choose the Right Trade Compliance Partner for Technology + Expertise: When regulations shift overnight, software alone won’t warn you—but the right partner will. A true compliance partner combines denied party screening technology with the expertise to interpret new rules, strengthen controls, and train your teams.
- Train for Awareness at Every Touchpoint: Compliance isn’t just a legal or export control issue. Sales, procurement, finance, and logistics teams all touch transactions where risks can hide. Training ensures employees recognize red flags and know how to escalate them.
- Back Technology with Policy: Ensure a clear, enforceable export compliance policy is in place. Software alone won’t help if employees lack defined rules and accountability.
The $95M BIS penalty (plus $45M DOJ forfeiture) dwarfs the cost of proactive investment in export compliance technology. Modern denied party screening software transforms compliance from a reactive burden into a proactive safeguard for growth.
Cut Risk and Grow Revenue with Descartes Denied Party Screening
The enforcement case against the multinational technology firm highlights how export compliance risks build silently when denied party screening is manual, fragmented, or left to chance. Every day without continuous screening exposes you to missed designations, hidden entity ties, and potential violations.
Descartes’ trade compliance solutions provide the safeguards that manual checks and siloed processes cannot:
- Dynamic Denied Party Screening: Continuous, automated, and integrated screening of every sale, shipment, loan, and software access against 180+ global watchlists.
- Export Classification & Licensing: Integrated workflows to ensure every ECCN and EAR item is correctly classified and licensed before movement.
- Comprehensive Restricted/Denied Party Data: Daily updated global lists, enriched with corporate ownership insights and third-party risk management data like adverse media, politically exposed persons, forced labor, etc.
- Resolution & Escalation Workflows: Easily review and resolve screening matches with AI-powered capabilities to reduce false positives.
- Due Diligence Documentation: Immutable logs to prove compliance decisions and reduce risk in the event of government scrutiny.
Ready to see how Descartes can help you cut compliance risk and grow revenue? Request a demo today and put your compliance program on stronger footing before the next enforcement headline hits.
Find out what our customers are saying about Descartes Denied Party Screening on G2 – an online third-party business software review platform. Additionally, you can read this essential buyer’s guide to denied party screening to help you select a solution that fits your needs.
