Guest article by: Brent Carlson (BRG) and Michael Huneke (Hughes Hubbard & Reed)
It’s a tough time for trade compliance teams. Uncertainty rules the roost with wildly swinging tariffs and an escalating trade war between the United States and China. Nobody can say for certain where—and at what velocity—many things will go. Even before all this, compliance teams were scrambling to meet the challenges of new export controls rules. In one key area, at least, signals are clear and consistent: We are entering a new era of U.S. export controls enforcement.
Export controls have undergone a flurry of new rulemaking, from the first Trump administration through and even to the last days of the Biden administration. However, like many areas of regulatory compliance and enforcement, enforcement lags behind rule changes—sometimes significantly. The experience from the last two decades of U.S. Foreign Corrupt Practices Act (“FCPA”) enforcement illustrates this. From its initial passage in 1977 it remained rather a sleeper law—with little enforcement activity by regulators—through the late 1990s. The market was slow to anticipate the ultimate implications of the 1997 signing, and 1999 entry into force, of the Organization for Economic Co-operation and Development’s (“OECD”) Anti-Bribery Convention and the fertile enforcement ground it paved the road for when geopolitical, domestic political, and enforcement priorities coalesced in the early 2000s. Even after enforcement began in earnest, it was not until penalties significantly increased with the $1.6 billion U.S.-Germany resolution in 2008 against Siemens that FCPA enforcement really posed a central compliance risk for companies—and individuals—that drew the attention from the C-suite and boards of directors. Companies subsequently invested significantly in FCPA compliance to prevent such ten-figure penalties.
Export controls now follow a similar trajectory. As the U.S. government under the second Trump administration has paused FCPA enforcement, export controls have emerged to become the next FCPA, imposing similar central compliance risks for many companies. All this is being driven by gale-force geopolitical dynamics. Despite the torrent of new export controls rules, enforcement has struggled to keep up.[1] The real-world impact of this was apparent in the “battlefield effect” whereby American technology was found in Russian, Iranian, and North Korean missiles and drones recovered on the battlefields in Ukraine.[2]
Pressure to step up export controls enforcement only has increased over the last few months. The America First Trade Policy, issued on Day 1 of the new Trump administration, called for the elimination of loopholes and an increase in enforcement.[3] In the early days of the new administration, the U.S. faced a new “Sputnik moment” with China’s artificial intelligence innovations announced by DeepSeek.[4] Reports that these innovations were facilitated through alleged evasion made possible due to U.S. export controls’ ineffectiveness prompted two senators at the opposite ends of the political spectrum—Josh Hawley of Missouri and Elizabeth Warren of Massachusetts—to issue a joint letter to incoming Commerce Secretary Howard Lutnick demanding he quickly address these issues.[5] Bipartisan support—in a polarized polity—remains strong to address export controls leaks.
Commerce Secretary Lutnick heard the message. At the Bureau of Industry and Security (“BIS”) Update Conference in Washington, DC, in March 2025, he stated in stark terms, “We have had enough,” and warned industry that export controls enforcement and penalties would dramatically increase.[6] While tough talk on enforcement at the annual conference may seem to be a perennial topic for some attendees—and thus some may be content to adopt a wait-and-see approach rather than fully appreciate the warning signals from Secretary Lutnick and other BIS representatives—it is important to note we now live in a very different world from the recent past. Even in the classic Aesop fable, “The Boy Who Cried Wolf,” the wolf did indeed arrive at the end (with the dreaded results). That’s why it is important to look for other signals that may provide additional clues and context.
There have been recent signals to indicate that BIS enforcement activity is stirring—and in “dramatic” ways, as reflected in recent reports in the press. First, Reuters reported that TSMC, the world’s leading semiconductor manufacturer, may face a penalty of $1 billion or more for alleged violations of U.S. export controls involving products that made their way to a company in China on the Entity List.[7] This represents a big jump that has been anticipated for some time and puts export controls penalties up in the range of FCPA experience.[8] This Reuters article was followed by reporting in Export Compliance Daily that administrative subpoenas by BIS are on the rise.[9]
Where there is smoke, there is fire. These reports suggest that considerable enforcement activity is underway below the surface. Settlements—and the official public reporting of them—come well after the fact. Compliance teams should not wait until that happens; then it may be too late to mitigate enforcement risks most effectively.
Clarity brings transparent solutions
While the prospect of increasing enforcement may sound grim, clarity on the signals also points a clear path to new, more effective solutions. As the signals of a “dramatic increase” in enforcement are clear, the next critical question is: How will BIS do it? Here too the signals have been clear. BIS will leverage the full definition of “knowledge” under the Export Administration Regulations (“EAR”) that includes an “awareness of a high probability.” BIS expressed this in guidance issued on July 10, 2024; expressly quoted this definition in an August 15, 2024, enforcement action; and reiterated the standard in guidance on October 9, 2024. The Senate Permanent Subcommittee on Investigations’ (“PSI”) December 18, 2024, majority staff report recommended: “BIS should charge companies with ‘knowing’ violations when they fail to sufficiently investigate red flags or other strong indicia of potential diversion and violations occur.”[10]
Finally, on April 3, 2025, the Report to the President on the America First Trade Policy Executive Summary previewed that export controls will be made “simpler” and “more effective.”[11] One way this should be expected is by further leveraging the full definition of “knowledge” to include an “awareness of a high probability.” As the same standard facilitated FCPA enforcement, here too BIS will be able to bring more enforcement actions, resolve them more quickly, and impose higher penalties (up to twice the value of the associated transactions). BIS also has at its disposal the ability to apply a “denial of export privileges.” For compliance teams seeking to communicate the costs for noncompliance, these are attention-grabbing reminders of the return on investment of compliance.
A final critical question remains: What can compliance teams do to protect their companies, officers and directors, and themselves in this new era of enforcement?
We address these issues in detail in our ECTI webinar “Mastering the New Era of Export Controls: Understanding BIS’s ‘High Probability’ Standard and Mitigating Enforcement Risks,” which can be viewed here. We explain the context for and causes of these trends and provide practical steps to put an effective risk mitigation plan into action.
More recently, we expanded on these themes in the April 2025 issue of WorldECR with our article “Looking through a glass onion: Demystifying the definition of ‘knowledge’ under the U.S. EAR,” available here (subscription required). We also discuss these trends in a recent episode of our podcast Red Flags Rising (see Episode 5, “The Knowledge ‘Glass Onion’ for U.S. Export Controls”).
Now is the time to assess your company’s potential exposure to the “high probability” standard, develop a protocol to infuse it into your export controls compliance program, and test it to make sure it is being put into effect in the company to address the latest emerging areas of risk. By doing so, companies can avoid being caught flat-footed when the export enforcement wave hits the shore.
The views and opinions expressed in this article are those of the authors and do not necessarily reflect the opinions, position, or policy of Berkeley Research Group, LLC, Hughes Hubbard & Reed LLP, or either organizations’ other partners, or its other employees and affiliates.
[1] See U.S. Senate Permanent Subcommittee on Investigations, The U.S. Technology Fueling Russia’s War in Ukraine: Examining the Bureau of Industry and Security’s Enforcement of Semiconductor Export Controls,” Majority Staff Report (December 18, 2024).
[2] Ibid.
[3] See Section 4(c) of the America First Trade Policy, issued January, 20, 2025.
[4] Brent Carlson & Michael Huneke, “DeepSeek Finds US Export Controls at a New ‘Sputnik Moment’,” Bloomberg Law (January 31, 2025).
[5] Letter from Elizabeth Warren and Josh Hawley to Howard Lutnick regarding US export controls (February 3. 2025).
[6] See the Red Flags Rising podcast episode “Lutnick: ‘We have had enough.’” (Available on Apple, Spotify, and RSS.)
[7] Karen Freifeld, “Exclusive: TSMC could face $1 billion or more fine from US probe, sources say,” Reuters (April 8, 2025).
[8] Brent Carlson & Michael Huneke, “From Peanuts to Prison Time – A Fresh Look at the Evolution of Export Controls Penalties,” NYU Compliance & Enforcement Blog (November 14, 2023).
[9] Ian Cohen, “Gov’t May Be Issuing More Export Control-Related Subpoenas, Industry Lawyer Says,” Export Compliance Daily (April 10, 2025) (subscription required).
[10] U.S. Senate PSI (December 18, 2024), p. 27.
[11] See The White House, Report to the President on the America First Trade Policy Executive Summary (April 3, 2025), chapter 19.
