This article first appeared on Law360 on July 7, 2025.
In a recent Law360 article, Michael H. Huneke of Hughes Hubbard & Reed and John Rademacher and Abby Williams of Secretariat explore advanced strategies for strengthening export control compliance through improved third-party audits. US technologies continue to be diverted to foreign adversaries, often through networks of resellers and distributors that obscure the true end-users, intended uses, or final destinations. These activities threaten national security and may violate the Export Administration Regulations (EAR). In response, the US government has expanded enforcement efforts, with the Commerce Department seeking increased funding and the Department of Justice prioritizing corporate crimes that pose the greatest risks to U.S. interests. Companies are expected to adopt a proactive stance in identifying and mitigating diversion risks.
A risk-based approach to third-party audits is encouraged, focusing on depth and effectiveness rather than blanket coverage. Instead of auditing all partners equally, companies should identify high-risk relationships based on specific indicators such as unusual shipping routes, transshipment to high-risk jurisdictions, and irregular payment behaviors. For these high-risk cases, audits should go beyond basic document reviews to include in-depth interviews with staff, reconciliation of sales and compliance data, and direct verification of customer operations. These deeper procedures enable companies to uncover hidden compliance failures and better defend their due diligence process.
Advanced forensic analysis is essential for uncovering concealed ownership structures and identifying potential links to restricted entities. Open-source tools and local intelligence can help organizations identify third-party risks that are not apparent through standard screenings. As export enforcement becomes more aggressive, companies that go beyond checklists and self-certifications will be better equipped to comply with regulatory expectations and protect their technologies from unlawful diversion.