Dun & Bradstreet

Thought Leadership

Preparing for the BIS 50% Rule: Strengthening Third-Party Risk Programs in a Changing Regulatory Landscape

The Bureau of Industry and Security (BIS) under the U.S. Department of Commerce has proposed the BIS 50% Rule to strengthen export controls & compliance. Global exporters will need to ramp up compliance efforts as regulatory reforms such as the BIS 50% Rule will have a profound effect on third party risk management programs.

What this means is that the BIS 50% rule specifically applies to entities that are either directly or indirectly owned by restricted parties, even if the entities are not explicitly stated or named on restricted lists, enforcing similar requirements to the OFAC 50% rule which place stricter measures to prevent circumvention of existing regulatory frameworks and additional  complexity to third party risk management programs , especially in managing upcoming screening requirements.

Implications for third party risk programs

Impacted Organizations should consider their current third- party risk management programs, they should proactively prepare for updating their screening programs to ensure future preparedness for screening beyond just name screening, which should include relevant ownership structures.  For many, this will mean that they will need to make substantial changes to their risk policies and adapt to perpetual data driven strategies. What this means in practice, is that traditional outreach verification approaches, will need to shift towards perpetual KYB processes to reduce operational risk and secure business continuity. 

Due diligence efforts will not only require reliable standardized data but also speed of global data availability to efficiently monitor ownership chains across their third parties, including their customers, suppliers, and partners.   Failure to detect and restrict indirect ownership influence, could lead to disruptions across value chains, reputational harm, fines, national security risks and even potential loss of licensing and criminal convictions.

Practical Tips & Recommendations for Compliance professionals

Companies should proactively prepare to move towards ownership-based due diligence, re-evaluate their third-party eco-systems & prepare for integration of enhanced measures to proactively manage upcoming risks within their value chain. Championing compliance initiatives should be seen as a value driver that connects key internal stakeholders within compliance, procurement and legal functions to help foster operational resilience & navigate regulatory change.

For questions, please contact:

Theodora Papadimitropoulou

[email protected]