1. Core Regulatory Intersection: Trade Controls and National Security Screening
The intersection of trade law and national security creates overlapping compliance obligations. The Commerce Department's Bureau of Industry and Security (BIS) administers the Export Administration Regulations (EAR), which restrict export or reexport of controlled items, technical data, and services to certain countries and end-users based on national security concerns. The Committee on Foreign Investment in the United States (CFIUS) reviews inbound foreign direct investment in defense, semiconductors, and critical infrastructure sectors to assess whether transactions threaten national security.
Corporations must evaluate whether their products, technology, or services fall within controlled categories before engaging in cross-border activity. Classification is not always straightforward, and misclassification, even in good faith, does not shield a company from enforcement. End-use and end-user restrictions apply independently of product classification; a company may face liability if it knows or has reason to know an item will be diverted to a prohibited end-use or sold to a restricted party.
| Regulatory Agency | Compliance Trigger | Key Enforcement Risk |
|---|---|---|
| Commerce Department (BIS) | Export/reexport of controlled items or technology | Unlicensed export; misclassification; diversion |
| Treasury Department (OFAC) | Transactions with sanctioned countries or entities | Blocked transactions; civil or criminal penalties |
| CFIUS (Multi-Agency) | Foreign investment in sensitive sectors | Deal termination; forced divestment |
| State Department (ITAR) | Export of defense articles or technical data | Criminal prosecution; license revocation |
Corporations should establish a compliance baseline by conducting a controlled-items classification review and implementing a restricted-party screening protocol before any international transaction. Preventive classification and due diligence cost substantially less than post-transaction investigation or litigation.
2. Procedural Posture: Classification Challenges and Administrative Review
When a corporation receives a regulatory inquiry regarding export classification or sanctions compliance, the procedural question is whether the company can demonstrate that its interpretation was reasonable and that it took documented steps to comply. This is an administrative review in which classification methodology, training records, and transaction documentation become central evidence.
Classification Determination and Commodity Jurisdiction Requests
If a corporation is uncertain whether a product is subject to EAR, it may submit a Commodity Jurisdiction (CJ) request to BIS before exporting. BIS will make a formal classification determination, and the company generally cannot export until BIS responds. A CJ request creates a contemporaneous record showing the company sought regulatory guidance, but delays the transaction and risks an adverse classification. A company that proceeds without seeking clarification and later faces enforcement cannot claim it attempted to comply. Courts evaluate this choice pragmatically: a company's failure to seek clarification when classification was ambiguous may weigh against it, but good-faith reliance on industry practice may support a reasonable-efforts defense.
Restricted-Party Screening and Due Diligence Defenses
A common enforcement trigger is a transaction with a sanctioned party or one engaged in a prohibited end-use. Corporations that conduct transaction screening using commercially available databases and maintain documentation often have a stronger procedural posture. Screening does not guarantee immunity, but demonstrates a reasonable compliance system. A company that did not screen or ignored warning signs faces higher enforcement risk and fewer defenses.
When a corporation discovers it has transacted with a restricted party or exported a controlled item without authorization, immediate notification to the relevant agency can mitigate penalties. Voluntary self-disclosure programs allow companies to report violations and receive reduced penalties, provided the company did not act with knowledge of the violation. Self-disclosure shifts the enforcement posture from investigation-driven to company-initiated remediation, which regulatory agencies view more favorably.
3. Sector-Specific National Security Review: Cfius and Foreign Investment
Corporations that are targets of foreign investment or acquiring foreign assets in sensitive sectors must navigate CFIUS review. CFIUS review is a screening process, not a licensing regime like EAR. It may result in a deal being prohibited, conditioned, or cleared. The national security standard is broad and fact-intensive, and CFIUS has significant discretion based on the investor's country of origin, the nature of technology or infrastructure being acquired, and investor ties to foreign governments.
A voluntary CFIUS filing triggers a mandatory 30-day review period, after which CFIUS may request a second 45-day investigation period if national security concerns are identified. If CFIUS recommends to the President that the transaction threatens national security, the President has 15 days to decide whether to block or condition the deal. This timeline is not negotiable. Documentation of the company's national security posture, including cybersecurity measures, employee vetting, and data protection protocols, becomes central to CFIUS's assessment.
For corporations considering international acquisitions or foreign investment in the United States, early engagement with CFIUS counsel is essential. A company that understands CFIUS's concerns before filing can structure the transaction through divestitures, operational conditions, or investor modifications to improve clearance likelihood. A company that files without advance coordination risks protracted review or deal termination.
4. New York Practice and Administrative Enforcement Timing
When a corporation receives a civil investigation demand or penalty notice from BIS, OFAC, or CFIUS, the procedural timeline and forum depend on the agency and violation nature. In New York, corporations often seek judicial review of administrative penalties through federal district court, which applies a deferential arbitrary-and-capricious standard. A critical procedural risk is that failure to preserve transaction records, communications, and classification methodologies within the first 30 to 60 days of receiving an inquiry can severely limit the ability to mount a credible defense.
Regulatory agencies conduct investigations on an accelerated timeline. Corporations that delay producing requested documents or provide incomplete responses face adverse inferences and enhanced penalties. A corporation should treat a regulatory inquiry as a litigation-level event: preserve all relevant communications, transaction files, and compliance records immediately, segregate them from routine files, and coordinate responses through counsel to ensure accuracy and privilege protection. The difference between documented, timely response and delayed response often determines whether the agency views the violation as negligent or willful, which directly affects penalty calculations.
5. Strategic Considerations and Forward-Looking Compliance
Corporations operating in international trade should evaluate their compliance infrastructure. Specific steps include:
(1) conducting a controlled-items classification audit;
(2) implementing a restricted-party screening protocol updated regularly and integrated into transaction workflows;
(3) documenting all classification decisions, screening results, and compliance training;
(4) establishing a clear escalation procedure for ambiguous transactions; and
(5) identifying counsel experienced in trade and national security law before enforcement inquiry arises.
Our firm's experience with international trade matters and international trade and commerce issues equips us to guide corporations through overlapping compliance regimes and represent clients in administrative investigations and judicial review. Corporations that prioritize documentation, early legal engagement, and systematic compliance controls substantially reduce enforcement exposure and reputational harm.
21 May, 2026
