The Entity List, and why your sub-tier supplier matters.

Last month a customer ran a denied-party screen on a new buyer. The screen came back clean. The deal moved. Three months later, a letter arrived from BIS. The buyer was clean. The buyer's parent was clean. The parent's biggest customer, the company actually consuming the product, was on the Entity List.

The screen wasn't wrong. The screen was incomplete.

This week, what the Entity List is, why it is structurally different from the sanctions lists most shops have heard of, and how the cascade rule pulls in companies that thought they were safe.

The Entity List is a list maintained by the Bureau of Industry and Security at Commerce. It is published in Supplement No. 4 to Part 744 of the EAR. Each entry names a foreign person, which can be a company, a research institute, a university, or sometimes an individual, that BIS has determined poses an unacceptable risk of involvement in activities contrary to U.S. national security or foreign policy interests.

Each entry comes with a license requirement. For some entries, every export is subject to license review. For others, the license requirement applies only to specific items or specific destinations. The license review policy ranges from "presumption of denial" to "case-by-case." The default working assumption when you see an Entity List entry is that the license requirement is broad and the review policy is not friendly.

The Entity List is not the same as the Specially Designated Nationals (SDN) list. The SDN list is OFAC's tool, under Treasury, and it implements economic sanctions rather than export controls. The two lists serve different statutes and have different consequences. They also have different scopes. The SDN list catches more transactions because it covers anything an American touches financially. The Entity List is sharper for export controls because it speaks directly to items and licenses.

If you only screen against one list, you have a gap. The Consolidated Screening List that BIS, State, and Treasury publish together rolls the major federal screening lists into one query. That is the practical floor for any shop that ships internationally.

OFAC has the 50 Percent Rule. If a sanctioned person owns fifty percent or more of an entity, directly or indirectly, that entity is also treated as sanctioned even if it is not on the SDN list itself. The rule exists to keep corporate restructuring from defeating sanctions.

The Entity List works differently. There is no automatic 50 percent rule for Entity List entries. A non-listed subsidiary of a listed parent is not automatically on the Entity List. But you are not off the hook either, because the General Prohibition Ten at 15 CFR 736.2(b)(10) makes it a violation to proceed with a transaction when you know or have reason to know that a violation will occur. Doing business with a non-listed subsidiary of a listed parent is a "reason to know" situation. It is a red flag under BIS's Know Your Customer guidance at Supplement No. 3 to Part 732.

The practical effect is similar to the OFAC bright line, but you get to the same outcome through a diligence obligation rather than an ownership formula.

The hardest version of the screening question is what BIS calls end-user analysis. The Entity List restricts exports to listed parties, but the broader end-use and end-user framework at 15 CFR 744 asks not just who the consignee is on the paperwork but who actually ends up using the item. If your U.S.-origin part flows to a clean distributor, then to a clean integrator, then to a final customer on the Entity List, you have an end-user problem even though every party on your invoice was clean.

This is the three-deep problem. Your customer is fine. Their customer is fine. Their customer's customer is on the Entity List. The U.S.-origin content makes you part of the chain.

You cannot screen your way out of every cascade. What you can do is build the diligence record. Ask the distributor, in writing, where the part ends up. Get end-user statements for material orders. Document the answers you got and the date you got them. If the answer changes a year later, you have evidence that you did the work you were supposed to do.

Screen the buyer of record. Screen the consignee if it is different. Screen the named end user. Screen the parent company if you know it. Screen the bank involved if the destination is high-risk.

Screen at three moments. At onboarding, before any contract is signed. At order intake, before any shipment. And on a rolling cadence for existing customers, because listings change. Once a quarter is reasonable for most shops; monthly is better if you have any high-risk destinations.

Keep the date, the screening source, the names searched, the result, and the name of the person who did the check. That is your file. That is what makes the screen real.

Pull your top ten customers by revenue. Run each one against the Consolidated Screening List today, even if you ran them six months ago. Note the date, the result, and the name of the reviewer. Store the file somewhere durable.

For your top two destinations that are not Canada, Mexico, the UK, or the EU, write down what you know about where the part actually ends up. If the answer is "I do not know," that is the gap to close.

If you want the screening check to produce a memo with a named reviewer, a timestamp, and a regulation cited, run one customer through ExChek at exchek.us. Want a walk-through? Book a call.

Screen the buyer. Screen the cascade. Keep the file.

The ExChek Team

ExChek is software, not legal advice. Every determination is reviewed and approved by you. American-owned, built to help American SMBs navigate export compliance.