As the second Trump administration renews its focus on economic security, the spotlight has widened beyond tariffs to the enforcement of export controls and sanctions. With Secretary of Commerce Howard Lutnick stating in public forums that violations of the Export Administration Regulations (EAR) will face increased penalties and oversight, companies engaged in international trade are being urged to reassess their compliance posture.
The shift signals more than a policy preference – it represents a strategic directive aimed at closing regulatory gaps across jurisdictions, technologies and supply chains. For companies, particularly those with cross-border operations or exposure to sensitive sectors, the stakes are rising. Risk managers are now being called upon to scrutinise these exposures with more granularity.
“This heightened focus on export control enforcement and on the penalties for EAR violations highlights the need for all companies to maintain airtight, risk-based export compliance programs,” said Eric Rudolph, senior managing director at FTI Consulting.
He noted that compliance frameworks should be continuously evaluated to ensure alignment with both regulatory developments and business activity. This includes organic growth, as well as transactions such as mergers and acquisitions that could introduce new risk exposure.
For many organisations, this is not just a legal or operational issue – it is a critical aspect of enterprise risk management.
“These policy actions further underscore the importance of regularly assessing compliance programs to confirm they address changes in risk profiles due to ever-changing regulations and evolutions in business operations, including through M&A,” Rudolph said.
While much attention has centred on tariffs and supply chain decoupling, the long reach of the EAR is increasingly reshaping global compliance obligations. This includes jurisdictions and firms that may not immediately consider themselves subject to US law.
“Foreign-based companies should reassess whether their products and technology are subject to US export control jurisdiction, as the US has consistently expanded the extraterritorial reach of the EAR in recent years,” Rudolph said.
The extraterritorial expansion has largely been driven by the application of Foreign Direct Product Rules, which can apply US export control jurisdiction to items made abroad, provided they are derived from US-origin technology or software. Companies that believe they operate outside the US regulatory perimeter may find that assumption no longer holds.
“This is particularly the case through the proliferation of more Foreign Direct Product Rules, which operate to pull certain items under US jurisdiction – even when located and made outside the US – if they are the direct product of certain US technology and software,” he said. “The same applies for products going to certain destinations, end users or end uses.”
According to Rudolph, the motivation behind this enforcement trend is a growing concern about the misuse of US technology in adversarial settings. This is especially relevant to sectors such as quantum computing, artificial intelligence and semiconductors, which are viewed as high-priority targets for control.
“The intent signals a heightened emphasis on preventing sensitive US technologies and intellectual property from reaching adversarial nations and nonstate actors,” he said.
He emphasised that compliance programmes cannot rely solely on existing protocols. Evolving threats, particularly in the form of diversion networks, call for greater vigilance. These networks are often sophisticated, employing multiple intermediaries to obscure the true end user or end use.
Risk managers should be evaluating whether their current controls can detect and address these circumvention tactics.
“A key area of concern remains the role of diversion networks in circumventing trade controls,” Rudolph said. “BIS enforcement officials at the conference detailed how certain nation-state actors have facilitated the transfer of controlled items to adversaries.”
These developments also reflect a broader shift in how export control enforcement is administered. Agencies are coordinating to bring both civil and criminal actions, often with significant financial consequences.
“Companies found in violation may face hefty fines, loss of export privileges – which can jeopardize revenue and business relationships – and, in severe cases, criminal prosecution,” Rudolph said.
The EAR’s structure makes it imperative for companies to understand how restrictions apply to their specific goods or services. These layers of scrutiny create a complex compliance environment that requires investment in both internal controls and staff training. For risk management professionals, understanding these regulatory dimensions is becoming a core part of their responsibilities.
“Companies need to ensure that they have implemented effective controls to address nuanced risks,” said Rudolph. “Even those with seemingly robust programs in place would be wise to reevaluate their potential exposure.”
Beyond routine compliance, there is a need for firms to act preemptively. With regulatory updates occurring frequently, companies must take a dynamic approach to policy monitoring and enforcement readiness.
“Potential legislative changes and executive actions might introduce stricter licensing requirements and expanded enforcement mechanisms,” Rudolph said. “Even inadvertent violations will not get a pass – companies must remain proactive, regularly review their compliance frameworks and stay informed about policy updates.”
Asked what practical steps companies should consider, Rudolph was unequivocal. This is not an environment where outdated policies or passive compliance will suffice.
“Evaluate and pressure-test existing export compliance programs; identify weak links and overlooked risks, including end uses and users; and implement targeted improvements to address gaps, and reduce exposure, while aligning with national security objectives,” he said.
What are your thoughts on this story? Please feel free to share your comments below.
