Tag: BIS

Categories
FCPA Compliance Report

FCPA Compliance Report – Navigating Export Control and Trade Sanction Challenges in Venezuela: Insights from Brent Carlson

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this inaugural episode of 2026, Tom Fox welcomes back Brent Carlson, a specialist in trade and economic sanctions, focusing on compliance issues related to Venezuela.

Tom and Brent discuss the shifting political landscape, potential business opportunities in the energy sector, and the steps compliance professionals need to take to navigate new regulations and restrictions from the export control and trade sanctions perspective. Brent emphasizes the importance of a robust, business-aligned compliance strategy, a non-siloed approach involving all risk disciplines, and proactive dialogue with regulators. They also discuss the heightened enforcement landscape and the need for companies to remain vigilant and adaptable in a rapidly changing global environment.

Key highlights:

  • Focus on Venezuela: Navigating Export Controls and Sanctions
  • Business Opportunities and Risks in Venezuela
  • Importance of Understanding Business Operations
  • Board of Directors: Asking the Right Questions
  • Geopolitical Changes and Risk Management

Resources:

Brent Carlson on LinkedIn

Red Flags Rising website

Tom Fox

Five-Part Blog Post Series on Doing Business in Venezuela on the FCPA Compliance and Ethics Blog

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Returning to Venezuela: Part 3 – Export Controls and the Illusion of “Reopening”

We continue to explore what the ‘reopening’ of Venezuela to US energy companies means for the compliance professional. Over the last two days, we considered the corruption issues in Parts One and Two of this blog post series. Today in Part 3, we look at export control and trade sanction issues. I spoke with Brent Carlson, founder of Red Flags Rising Solutions LLC, for his insights.

When the White House announces that U.S. oil companies may be returning to Venezuela, the business press immediately begins talking about opportunities. Compliance professionals should be talking about risk. Not hypothetical risk. Not academic risk. Real, layered, enterprise-threatening risk that sits at the intersection of export controls, sanctions, geopolitics, corruption, security, and board oversight. The conversation I recently had with Carlson makes one thing abundantly clear: Venezuela is not “opening.” It is recalibrating. And compliance programs that treat this moment as a return to business as usual will fail.

Venezuela Remains a High-Risk Jurisdiction by Design

Let us start with first principles. Venezuela remains designated as a D:5 country under the Export Administration Regulations (EAR). That places it in the most restrictive category, alongside jurisdictions such as Iran and North Korea. Even the shipment of EAR99 items can be problematic under the current framework.

That legal reality did not change simply because the President met with U.S. energy executives. Carlson is clear on this point. Whatever policy adjustments may come will be sector-specific, narrowly tailored, and aligned with geopolitical priorities, particularly oil production. There will not be a wholesale rollback of export controls or sanctions. For compliance professionals, this means one thing: the law today is the law as it existed yesterday. Until the Bureau of Industry and Security (BIS) and OFAC issue formal guidance, licenses, or regulatory amendments, nothing has changed.

Regulatory Enforcement Follows Politics, but Law Follows Process

One of the most important compliance insights Carlson offers is that regulatory enforcement follows political drivers, which in turn follow geopolitical drivers. That is undoubtedly true. But it is also where companies get themselves into trouble. Political signaling is not legal authorization. Tweets, speeches, and press briefings do not override the Export Administration Regulations, OFAC sanctions, or anti-money laundering laws. Compliance programs must be built to withstand whiplash, not chase headlines.

This is especially critical in Venezuela, where any meaningful restart of oil production will require billions of dollars, long project timelines, complex infrastructure, and sustained government engagement. These are not quick deals. They are multi-year commitments that must be compliant from day one.

Start With the Business, but Do Not Stop There

Carlson emphasizes that compliance analysis must begin with the business opportunity itself. What is the company actually trying to do? What products or services will be provided? Who will operate them? Where will the equipment go? Who will maintain it? For compliance professionals, this requires operational fluency that goes far beyond policy review. You must understand the business process step by step. Not in the abstract. Literally, transaction by transaction.

This exercise does more than identify export control risks. It exposes corruption, diversion, money laundering, security, and reputational risks. Venezuela is not a jurisdiction where silos survive.

Dual-Use Risk Is Not Theoretical in Venezuela

Any company operating in the energy sector must assume heightened scrutiny around dual-use items. Control systems, industrial machinery, software, and communications technology can all be repurposed. Carlson makes an important point here. Companies that manufacture or deploy these items already know where the risks are. The issue is not ignorance. The problem is prioritization and escalation.

This is where proactive engagement with the BIS becomes essential. Unlike some areas of compliance, export controls encourage dialogue with regulators. Companies can and should engage BIS field offices early to discuss proposed transactions, licensing pathways, and regulatory obstacles. This is not lobbying. It is compliance.

One of the most powerful insights in our discussion is the call for compliance professionals to sit down with business operations and map every operational step. This is not busywork. It is risk triage. Too often, compliance reviews occur after a deal is already emotionally committed. At that point, compliance becomes the obstacle rather than the enabler. Carlson is explicit: sales and operations teams do not want to waste time on deals that will collapse under regulatory scrutiny. When compliance is embedded early, it improves deal quality. It filters out bad opportunities and strengthens good ones. That is value creation.

Siloed Compliance Will Fail in Venezuela

If there is one jurisdiction where compliance silos are fatal, it is Venezuela. Export controls intersect with sanctions. Sanctions intersect with AML. AML intersects with corruption. Corruption intersects with security. Security intersects with human rights and ESG. Carlson cites enforcement actions where companies failed because information did not flow across functions. Finance saw one risk. Operations saw another. Compliance saw a third. No one saw the whole picture.

For Venezuela, companies must adopt a non-siloed, enterprise-wide risk model. Export control specialists must talk to anti-corruption teams. Treasury must talk to security. Legal must talk to operations. This is not optional.

Board Oversight Must Evolve Beyond Periodic Updates

Boards of directors will play a decisive role in whether companies succeed or fail in Venezuela. Carlson is clear that boards must demand updated, transaction-specific risk assessments focused on central compliance risks, not generic program health. This is not about micromanagement. It is about governance. Boards must understand that Venezuela presents a dynamic risk environment where geopolitical shifts can occur overnight. The right board questions are not “Do we have a compliance program? ” They are:

  • What export control risks are central to this opportunity?
  • What sanctions exposure remains?
  • How are we monitoring changes in real time?
  • What is our exit strategy if conditions reverse?

The Case for a Standing Enterprise Risk Committee

Carlson raises a critical governance concept: the need for a standing, cross-functional risk committee empowered to act quickly. Not an ad hoc task force. Not an annual review. A permanent capability. We are no longer in a stable geopolitical environment. Long-trusted partners can become sanctioned entities within weeks. Supply chains built over decades can collapse overnight. For compliance professionals, this reinforces the need for real-time risk sensing, escalation protocols, and decision authority. Venezuela is simply the proving ground.

Enforcement Is Coming, Not Fading

The most sobering warning Carlson offers is about enforcement. The U.S. government has been signaling for some time that export control enforcement will increase. DOJ’s Trade Fraud Task Force, BIS outreach visits, and expanded definitions of “knowledge” under the EAR all point in the same direction. Compliance professionals should recognize the parallel to early FCPA enforcement. Policies alone are not enough. Programs must demonstrate that they identify high-probability risks, escalate them, and act. Testing matters. Documentation matters. Integration matters.

Final Thoughts

The prospect of renewed oil activity in Venezuela is not a green light for compliance. It is a stress test. Companies that approach this moment with discipline, humility, and integrated risk management can create value while protecting themselves. Companies that treat it as a political reopening will find themselves exposed on multiple fronts. For compliance professionals, this is a defining moment. The question is not whether Venezuela is open for business. The question is whether your compliance program is ready for the real world.

Categories
Red Flags Rising

Red Flags Rising: S01 E33: Back to Basics

As the geopolitical and national political winds continue to swirl, Mike & Brent go back to basics to level-set and provide some foundational first principles of export controls compliance. They discuss the roller-coaster of the Affiliates Rule suspension (01:44); why the real risks from a compliance and enforcement perspective lay just outside of the Rule (02:37); how General Prohibition 10, the full definition of “knowledge” to include “an awareness of a high probability,” and the various inchoate provisions (i.e., causing, aiding and abetting, solicitation and attempt, conspiracy, acting with knowledge, misrepresentation and concealment, intent to evade, and failure to comply with recordkeeping requirements) are the foundational anti-diversion provisions under the U.S. Export Administration Regulations (EAR) (03:02); great listener feedback about how the Affiliates Rule shaped the in-house discussion of diversion risk (05:23); developing and implementing a high probability protocol as the only way to stay grounded in dynamic and challenging times (08:33); recent legislative proposals and hearings, including a recent hearing by a subcommittee of the House Foreign Affairs Committee focused on export control loopholes, and the dangers of a dissatisfied U.S. Congress (09:42); why the definition of “knowledge” under the EAR is not mere legalese to be lost in the 1,467 pages (as of January 1, 2025) of the EAR but is instead the path forward for both government and industry (14:18); the details and implications of General Prohibition 10 (17:11); the details of the full definition of “knowledge,” including what we can learn from its history in the U.S. Foreign Corrupt Practices Act and, before then, the Model Penal Code (18:48); and recent enforcement activity by DOJ and BIS, and what the activity signals about the government’s next enforcement moves (22:30).

They then conclude with the latest installment of Brent’s increasingly popular “Managing Up” segment (27:14).

Resources:

Brent’s latest NYU Law School Program on Corporate Compliance & Enforcement post, from October 31, 2025

Brent’s email: brent@redflagsrising.com

Mike’s email: michael.huneke@morganlewis.com

Categories
Red Flags Rising

Red Flags Rising: S01 E31: Running To and Through the Export Controls Investigation Finish Line – Avoiding Resolution Pitfalls and Monitoring What Matters

Mike and Brent take a break from Affiliates Rule (delayed) suspension news to focus on practical advice for companies that may be in the midst of U.S. government investigations into alleged export control violations. They discuss the importance of engaging with the government with an awareness and an appreciation for the latest enforcement trends and signals, particularly regarding the government’s emphasis on the full definition of “knowledge” to include “an awareness of a high probability” (00:49); the importance of not being surprised by these trends in the middle of an investigation (02:52); the dangers to the cost, delay, and outcome of any investigation for failing to perceive the signals through the noise (04:08); the particular relevance of these strategies in defending against allegations of entity-shifting (09:48); the need to consider waiving privilege over prior bad legal advice—especially to avoid paying more to protect an investigation that was triggered by adhering to the prior advice (11:52); what to look for in the terms of a proposed settlement agreement, including whether and how the company will be “covered” if there are post-resolution reports of additional, previously undisclosed pre-resolution misconduct (13:22) and executive officer certification requirements (16:51); and the importance in national security resolutions, where they are imposed, of having post-resolution independent monitors or independent compliance consultants commit to focused, risk-based post-resolution monitoring that direct addresses the root causes of the violations, to avoid “industrial tourism” and to best promote the national security objectives of the United States (19:34).

Then, conclude with the next installment of Brent Carlson’s “Managing Up” segment (23:37).

Resources:

Brent’s latest NYU Program on Corporate Compliance & Enforcement (PCCE) post, “From Peanuts to Elephant-Sized Penalties: A Fresh Look at Recent U.S. Export Controls Enforcement Developments & Future Trends” (Oct. 31, 2025)

Mike & Brent’s prior NYU PCCE post, “Monitoring What Matters: A Fresh Look Proposal to Government and Industry for How Post-Resolution Oversight Can Best Deny Hostile Actors the Means to Cause Deadly Harm” (Mar. 28, 2024)

Contact Brent: brent@redflagsrising.com

Contact Mike: michael.huneke@morganlewis.com

Categories
Red Flags Rising

Red Flags Rising: S01 E30: Look Before You Leap, Think Before You Speak

Fresh off the October 15, 2025, WIT-NC/PAEI/TTRA “Global Trade Compliance Best Practices Conference” in Santa Clara, California, Mike and Brent discuss the practical takeaways of several recent media reports and statements from the U.S. Congress, including how compliance programs that incorporate the high-probability standard give executives and spokespersons the most options. Specifically, they discuss the conference (00:49); the recent Affiliates Rule (01:27); why straightforward statements that a company “complies with the law” might generate cynicism from the public and inquiries as to how from the government (02:59); why it’s important for companies to consider the context in which their public statements will appear, even where they might not agree with the facts asserted in that context (04:06); how delegitimizing the laws in the eyes of the public might be one of the smugglers’ objectives (05:47); how thinking about compliance as never being a one-and-done solution can help avoid pitfalls in public statements (06:54); why it’s dangerous to rely upon assertions by anonymous “legal experts” reported in articles about the existence of loopholes, including because those loopholes do not actually exist (08:49); the importance of keeping in mind, in the context of the Entity List and the Affiliates Rule, that the List is but one part of U.S. export controls and statements that fixate on the Entity List’s applicability expose corporations to questions about their compliance with other catch-all provisions, with General Prohibition 10, and with the various inchoate provisions (10:27); the importance of appreciating that U.S. regulators read the news too (11:40); how the “high probability” standard can help companies in making enhancements to their compliance programs to better support broader public statements as to their compliance with the law (14:41); recent reports about U.S. items being sold for crime control purposes and attention from the U.S. Congress on those reports (15:03); similar risks related to the recent report by the U.S. House of Representatives’ Select Committee on the Chinese Communist Party (17:23); keeping in mind that your own disagreement with U.S. national security policy is not a defense to export controls promulgated in support of that policy (19:02); and the importance of having advisors who are viewed by the government as honest brokers that are not clinging to legacy views about the government’s intentions or authorities (21:07).

Mike and Brent then conclude with another installment of Brent Carlson’s “Managing Up” (23:29).

Resources:

Contact Brent: brent@redflagsrising.com

Contact Mike: michael.huneke@morganlewis.com

Learn more about the conference’s organizing associations:

Women in International Trade – Northern California (WIT-NC)

Professional Association of Exporters & Importers (PAEI)

Technology Trade Regulation Alliance (TTRA)

Categories
Red Flags Rising

Red Flags Rising: S01 E29: Affiliates Rule Aftermath – Finding the Right Path Forward

Mike and Brent take an even deeper dive into the “Affiliates” or “50%” Rule announced by the Bureau of Industry & Security (BIS) on September 29, 2025. They identify several misperceptions in the public discussion, explain why they are misperceptions, and identify the pitfalls of operating under those misperceptions—especially in response to inquiries by BIS about pre-rule due diligence on affiliates of entities on the entity list. Specifically, they discuss why the Affiliates Rule is a close cousin to the Office of Foreign Assets Control’s own 50% rule, but why and how BIS’s Affiliates Rule serves different national security objectives and operates a bit differently (02:42); whether the Affiliates Rule brings new compliance burdens and, if so, risk-based due diligence strategies and likely questions from BIS regarding why (10:26); why in the current geopolitical context the benefit of local, boots-on-the-ground compliance might be overstated—or significantly discounted by the U.S. government—and what to do about it (16:18); why it would be a mistake to think that BIS is not today able to bring enforcement actions based on the Affiliate Rule, especially given their ability to bring enforcement actions on the “full” definition of knowledge to include “an awareness of a high probability” (19:26); and why it is dangerous to think of “knowledge” as only “actual knowledge,” and thereby misperceiving that the new Affiliates Rule—by reminding everyone that the catch-all provision under which the Entity List is promulgated is a strict-liability regulation, even as to awareness—has someone taken away a previously available “absence of actual knowledge” defense (23:00).

Mike and Brent then offer practical tips for applying for the license available under the Affiliates Rule for situations where the exporter, reexporter, or transferor is aware of “red flags” as to ownership that it cannot resolve through risk-based due diligence (28:20).

Mike and Brent then conclude with a special edition of Brent Carlson’s “Managing Up,” in which Brent offers some valuable self-reflection (34:58).

Resources:

More about Brent: www.redflagsrising.com

Contact Brent: brent@redflagsrising.com

Mike: https://www.linkedin.com/in/mhuneke/https://www.morganlewis.com/bios/michaelhuneke

Contact Mike: michael.huneke@morganlewis.com

BIS’s “Export Control Decision Tree”

Categories
Red Flags Rising

Red Flags Rising: S01 E26 – Grab the Carrots, Avoid the Sticks, and Get Ready for More Transparency

Mike and Brent pick up the discussion from Episode 25 with some further thoughts on the proposed revenue-sharing arrangement between the U.S. government and certain exporters, including what should be anticipated from the U.S. government in terms of increased transparency (01:36), give their take on the Maintaining American Superiority by Improving Export Controls Transparency Act signed into law by the President, including both what it does do and what it doesn’t do (10:27), and provide their takes on the long-running media speculation about a so-called “50% rule” that would extend the Entity List maintained by the U.S. Bureau of Industry & Security (BIS) automatically to subsidiaries or affiliates owned 50% or more by a listed entity (18:53), including questions that the debate raises about what due diligence is being done now on subsidiaries and affiliates of listed entities, and important distinctions between U.S. economic sanctions—from where the 50% rule concept is being borrowed—and U.S. export controls that suggest the rule is better suited for the former than the latter.

They conclude with another installment of Brent Carlson’s “Managing Up” (26:25).

Resources:

Brent LinkedIn

Mike LinkedIn

Mike & Brent’s “Fresh Looks” Series

Categories
Red Flags Rising

Red Flags Rising: S01 E24 – Preventing Diversion Starts Close to Home

Mike and Brent break down the key takeaways from an affidavit by a Bureau of Industry & Security Special Agent in Los Angeles, which was unsealed on August 5, 2025, and is a masterclass in how BIS is identifying and analyzing “red flags” indicating potential export control violations.

Mike and Brent discuss the basics of the case (00:58), the value of the detailed affidavit prepared by the BIS Special Agent in support of the arrests (02:19), the value of the case to those making broader strategic decisions for companies in illustrating the competitive advantages—and ability to maximize the benefits of America’s AI Action Plan—through effective export controls compliance (03:00), the most-relevant details of the allegations (04:20), the dangers of doing business with “fly-by-night” operations of any type (05:45), how these allegations underscore the importance of dynamic risk assessments, i.e., those that focus on changes in customers or orders around significant changes to U.S. export controls (06:14), what the affidavit signals for corporate enforcement (07:21), what we can learn about diversion risks from Brent’s studies of the Qing dynasty and frozen meats (07:40), what seized text messages revealed about the smugglers’ view of the current U.S. Administration (08:57), what the affidavit indicates that trade compliance teams realistically, at the front end, could or should have known (10:31), how to respond to BIS requests for information or outreach visits (13:58), Mike’s leaky dishwasher analogy for diversion (and why you need to fix both) (14:15), how the affidavit shows that BIS agents are applying a high probability mindset in their investigations (18:27), how not to “kick the hornet’s nest” when BIS visits or requests information (20:29), the expectations of U.S. regulators generally that companies that become aware of potential violations, whether or not they voluntarily disclose anything, at least do a “root cause” analysis and consider whether compliance program enhancements are necessary (22:17), and the relevance of General Prohibition 10 and the several inchoate provisions under 15 C.F.R. § 764.2 (23:10).

They then conclude with the ever-popular segment, Brent Carlson’s “Managing Up” (26:03).

Resources:

Edvard Pettersson’s article, with a link to the BIS Special Agent’s affidavit, “Chinese nationals charged with illegal exports of Nvidia chips” (Courthouse News, Aug. 5, 2025)

The DOJ Press Release

Brent LinkedIn

Mike LinkedIn

Mike & Brent’s “Fresh Looks” Series

Categories
Red Flags Rising

Red Flags Rising: S01 E23 – $140M “High Probability” Enforcement Action

Mike and Brent break down the $140 million corporate resolution announced on Monday, July 28, 2025, by the U.S. Department of Commerce’s Bureau of Industry & Security (BIS) and the U.S. Department of Justice’s National Security Division (NSD). Of this amount, $95 million was imposed by BIS alone, which is the largest stand-alone BIS penalty since April 2023.

Mike and Brent discuss the geopolitical context (00:39), how the resolution responds to December 2024 criticism from the then-majority staff of the U.S. Senate’s Permanent Subcommittee on Investigations (01:58), why this is “where the juice is” for future BIS and NSD enforcement (03:05), how the settlement underscores that sustained compliance with national security-driven regulations requires a substance-over-form approach (04:45), the relevant facts related to the resolving company’s China subsidiary and customers (06:36), the relevant facts related to the parent company (08:59), why a letter of assurance and end-use/end-user certifications were not sufficient to respond to the “red flags” identified (10:38), how U.S. parent companies should be thinking holistically about export controls risk and strategies for mitigating that risk, including in responding to BIS outreach visits or queries to hopefully avoid administrative subpoenas or, worse, referrals to criminal authorities (12:37), the signals BIS and NSD expect companies subject to U.S. export controls to perceive from the public documents (16:37), the significance of BIS’s reference to General Prohibition 10 and to attempted violations of U.S. export controls (16:37), and the key takeaways for legal and trade compliance professionals (19:09).

Mike and Brent then conclude with the still-back-by-popular-demand segment, Brent Carlson’s “Managing Up” (19:52).

Resources:

The BIS Press Release, with links to the settlement documents

The NSD Press Release, with links to the corporate guilty plea and criminal information

Brent LinkedIn

Mike LinkedIn

Mike & Brent’s “Fresh Looks” Series

Categories
Red Flags Rising

Red Flags Rising: S01 E14 – Getting a Grip on U.S. Export Controls Guidance

Mike and Brent unpack the May 13, 2025, due diligence guidance from the U.S. Bureau of Industry & Security. They describe what happened on May 13 (00:00), the guidance from BIS on General Prohibition 10 and Huawei Ascend chips (03:34), the related BIS policy statement (04:13), and then focus on the BIS “Industry Guidance to Prevent Diversion of Advanced Computing Integrated Circuits” (04:47), specifically the underlying U.S. national security concerns (05:50), relevant key takeaways from Episode 13’s special guest Dana W. White (06:51), the significance of the Industry Guidance’s reference to the WMD and military-intelligence catch-all provisions (08:29), the historical pre-1993 “KYC Guidance” cross-referenced by BIS in the new Industry Guidance (11:53), how the historical “KYC Guidance” is often misunderstood through selective quotation devoid of relevant context (13:34), the new “red flags” identified in the May 13, 2025 Industry Guidance (16:10), the key takeaways of the Industry Guidance (17:55), a warning about over-reliance on the Industry Guidance’s statement about existing end-use certificates (18:47), and the practical implications of the Industry Guidance for trade compliance teams (19:36). They then conclude with the next installment of Brent Carlson’s “Managing Up” (21:26).

Resources:

BIS May 15, 2025 Industry Guidance

Brent LinkedIn

Mike LinkedIn

Mike & Brent’s “Fresh Looks” Series