We continue to explore what the ‘reopening’ of Venezuela to US energy companies means for the compliance professional. Over the last two days, we considered the corruption issues in Parts One and Two of this blog post series. Today in Part 3, we look at export control and trade sanction issues. I spoke with Brent Carlson, founder of Red Flags Rising Solutions LLC, for his insights.
When the White House announces that U.S. oil companies may be returning to Venezuela, the business press immediately begins talking about opportunities. Compliance professionals should be talking about risk. Not hypothetical risk. Not academic risk. Real, layered, enterprise-threatening risk that sits at the intersection of export controls, sanctions, geopolitics, corruption, security, and board oversight. The conversation I recently had with Carlson makes one thing abundantly clear: Venezuela is not “opening.” It is recalibrating. And compliance programs that treat this moment as a return to business as usual will fail.
Venezuela Remains a High-Risk Jurisdiction by Design
Let us start with first principles. Venezuela remains designated as a D:5 country under the Export Administration Regulations (EAR). That places it in the most restrictive category, alongside jurisdictions such as Iran and North Korea. Even the shipment of EAR99 items can be problematic under the current framework.
That legal reality did not change simply because the President met with U.S. energy executives. Carlson is clear on this point. Whatever policy adjustments may come will be sector-specific, narrowly tailored, and aligned with geopolitical priorities, particularly oil production. There will not be a wholesale rollback of export controls or sanctions. For compliance professionals, this means one thing: the law today is the law as it existed yesterday. Until the Bureau of Industry and Security (BIS) and OFAC issue formal guidance, licenses, or regulatory amendments, nothing has changed.
Regulatory Enforcement Follows Politics, but Law Follows Process
One of the most important compliance insights Carlson offers is that regulatory enforcement follows political drivers, which in turn follow geopolitical drivers. That is undoubtedly true. But it is also where companies get themselves into trouble. Political signaling is not legal authorization. Tweets, speeches, and press briefings do not override the Export Administration Regulations, OFAC sanctions, or anti-money laundering laws. Compliance programs must be built to withstand whiplash, not chase headlines.
This is especially critical in Venezuela, where any meaningful restart of oil production will require billions of dollars, long project timelines, complex infrastructure, and sustained government engagement. These are not quick deals. They are multi-year commitments that must be compliant from day one.
Start With the Business, but Do Not Stop There
Carlson emphasizes that compliance analysis must begin with the business opportunity itself. What is the company actually trying to do? What products or services will be provided? Who will operate them? Where will the equipment go? Who will maintain it? For compliance professionals, this requires operational fluency that goes far beyond policy review. You must understand the business process step by step. Not in the abstract. Literally, transaction by transaction.
This exercise does more than identify export control risks. It exposes corruption, diversion, money laundering, security, and reputational risks. Venezuela is not a jurisdiction where silos survive.
Dual-Use Risk Is Not Theoretical in Venezuela
Any company operating in the energy sector must assume heightened scrutiny around dual-use items. Control systems, industrial machinery, software, and communications technology can all be repurposed. Carlson makes an important point here. Companies that manufacture or deploy these items already know where the risks are. The issue is not ignorance. The problem is prioritization and escalation.
This is where proactive engagement with the BIS becomes essential. Unlike some areas of compliance, export controls encourage dialogue with regulators. Companies can and should engage BIS field offices early to discuss proposed transactions, licensing pathways, and regulatory obstacles. This is not lobbying. It is compliance.
One of the most powerful insights in our discussion is the call for compliance professionals to sit down with business operations and map every operational step. This is not busywork. It is risk triage. Too often, compliance reviews occur after a deal is already emotionally committed. At that point, compliance becomes the obstacle rather than the enabler. Carlson is explicit: sales and operations teams do not want to waste time on deals that will collapse under regulatory scrutiny. When compliance is embedded early, it improves deal quality. It filters out bad opportunities and strengthens good ones. That is value creation.
Siloed Compliance Will Fail in Venezuela
If there is one jurisdiction where compliance silos are fatal, it is Venezuela. Export controls intersect with sanctions. Sanctions intersect with AML. AML intersects with corruption. Corruption intersects with security. Security intersects with human rights and ESG. Carlson cites enforcement actions where companies failed because information did not flow across functions. Finance saw one risk. Operations saw another. Compliance saw a third. No one saw the whole picture.
For Venezuela, companies must adopt a non-siloed, enterprise-wide risk model. Export control specialists must talk to anti-corruption teams. Treasury must talk to security. Legal must talk to operations. This is not optional.
Board Oversight Must Evolve Beyond Periodic Updates
Boards of directors will play a decisive role in whether companies succeed or fail in Venezuela. Carlson is clear that boards must demand updated, transaction-specific risk assessments focused on central compliance risks, not generic program health. This is not about micromanagement. It is about governance. Boards must understand that Venezuela presents a dynamic risk environment where geopolitical shifts can occur overnight. The right board questions are not “Do we have a compliance program? ” They are:
- What export control risks are central to this opportunity?
- What sanctions exposure remains?
- How are we monitoring changes in real time?
- What is our exit strategy if conditions reverse?
The Case for a Standing Enterprise Risk Committee
Carlson raises a critical governance concept: the need for a standing, cross-functional risk committee empowered to act quickly. Not an ad hoc task force. Not an annual review. A permanent capability. We are no longer in a stable geopolitical environment. Long-trusted partners can become sanctioned entities within weeks. Supply chains built over decades can collapse overnight. For compliance professionals, this reinforces the need for real-time risk sensing, escalation protocols, and decision authority. Venezuela is simply the proving ground.
Enforcement Is Coming, Not Fading
The most sobering warning Carlson offers is about enforcement. The U.S. government has been signaling for some time that export control enforcement will increase. DOJ’s Trade Fraud Task Force, BIS outreach visits, and expanded definitions of “knowledge” under the EAR all point in the same direction. Compliance professionals should recognize the parallel to early FCPA enforcement. Policies alone are not enough. Programs must demonstrate that they identify high-probability risks, escalate them, and act. Testing matters. Documentation matters. Integration matters.
Final Thoughts
The prospect of renewed oil activity in Venezuela is not a green light for compliance. It is a stress test. Companies that approach this moment with discipline, humility, and integrated risk management can create value while protecting themselves. Companies that treat it as a political reopening will find themselves exposed on multiple fronts. For compliance professionals, this is a defining moment. The question is not whether Venezuela is open for business. The question is whether your compliance program is ready for the real world.
