The BIS 50% Rule Returns November 10

Detailed close-up of a calendar displaying months in several languages.

Custom Audio Player
0:00

Article Summary

What is the BIS Affiliates Rule?

The BIS Affiliates Rule extends Entity List and Military End-User restrictions to any unlisted company that is 50% or more owned—directly or indirectly, in aggregate—by one or more listed entities. It means that a counterparty does not need to appear on a restricted party list to be off-limits; its ownership structure determines its status.

When does the BIS Affiliates Rule take effect?

Enforcement is scheduled for November 10, 2026. BIS introduced the rule in late 2025 and granted a one-year grace period. That grace period is not an exemption—it is a compliance runway, and for most organizations it has already shrunk to approximately four months.

Why is name-based screening no longer sufficient under this rule?

The rule captures entities that do not appear on any restricted party list but are controlled by listed parties through ownership. A screening system that checks only the counterparty's name will not detect an unlisted subsidiary whose restricted status derives entirely from its capital structure—leaving the exporter exposed under a strict liability framework that does not require intent to find a violation.

What should compliance teams do before November 10, 2026?

Four actions are most urgent: integrate beneficial ownership data into existing automated screening workflows; re-screen the existing customer base and active intermediaries rather than waiting for new onboarding; build operational protocols for flagging and holding transactions when corporate ownership is opaque or partially linked to a restricted party; and document the methodology and outcomes of these reviews as evidence of proactive compliance investment.

Does a further deadline extension eliminate the compliance obligation?

No. Even if BIS delays enforcement beyond November 10, the regulatory direction is established. Firms that treat deadline extensions as reasons to pause rather than continue building compliance infrastructure will be perpetually behind the standard—and under a strict liability regime, the compliance gap that accumulates during a grace period does not disappear when enforcement begins.

The single most consequential change to U.S. restricted party screening in years is paused but not cancelled and the clock is running.

In late 2025, the Bureau of Industry and Security (BIS) introduced its Affiliates Rule, extending strict Entity List and Military End-User (MEU) restrictions to any unlisted company 50% or more owned, directly or indirectly, in aggregate by listed entities. Though enforcement was paused for a one-year grace period, it is officially scheduled to take effect on November 10, 2026. For corporate compliance teams, the corporate runway has shrunk to four months.

Why it matters: Screening a counterparty's explicit name is no longer a viable defense. Export controls operate on strict liability; missing an unlisted subsidiary because you failed to probe its capital structure leaves your firm exposed. Thousands of global entities could be swept in.

What to do in the next four months:

  • Upgrade to Beneficial Ownership: Integrate deep ownership-data layers into your existing automated screening workflows.
  • Execute a Retroactive Audit: Do not wait for new onboarding; re-screen your existing customer base and active intermediaries.
  • Codify the 'Aggregate Risk' Standard: Build clear operational protocols to flag and hold transactions when corporate ownership is opaque or partially linked to a restricted party.
  • The pause is a gift of time, not an exemption from liability. Even if the deadline shifts, the direction is set. Firms that wait for a final date to act are always playing catch-up. The ones that stay ahead treat every policy change as a reason to tighten, not a reason to pause.

If you're not sure whether your screening sees through ownership, CTP can assess it before November does.

Request a screening review.

Key Points

What does the BIS Affiliates Rule actually change about restricted party screening obligations, and why does it make ownership analysis a compliance requirement rather than an enhancement?

The Affiliates Rule is not an incremental tightening of existing screening standards—it is a structural expansion of who counts as a restricted party that fundamentally changes what adequate screening requires:

  • Ownership-based restriction extending Entity List controls to unlisted entities whose restricted status is derived entirely from their capital structure rather than their own designation — Prior to the Affiliates Rule, restricted party screening focused on whether a named counterparty appeared on an applicable government list; the rule adds a parallel restriction pathway in which an entity that has never been designated—and whose name will never appear on a restricted party list—is nonetheless off-limits because 50% or more of its ownership, in aggregate, is held by one or more listed entities; screening programs that do not probe ownership structures have no mechanism to detect this category of restricted counterparty regardless of how comprehensive their list coverage is.
  • Aggregate ownership calculation creating restriction exposure from combinations of listed party ownership that individually fall below 50% — The rule's "in aggregate" language means that restriction can arise from multiple listed entities whose combined ownership reaches the 50% threshold even when no single listed entity holds a majority stake; a company 30% owned by one Entity List designee and 25% owned by another is captured by the rule despite neither ownership interest individually meeting the threshold; screening programs that evaluate ownership on a per-listed-entity basis without aggregating multiple listed party interests will miss the ownership combinations that the aggregate calculation is specifically designed to capture.
  • Indirect ownership chains extending restriction through multi-tier corporate structures that place listed party control several degrees removed from the counterparty — The rule applies to ownership held "directly or indirectly," meaning that restriction can flow through holding companies, investment vehicles, and corporate structures that separate the listed entity from the counterparty by multiple ownership tiers; a counterparty whose immediate shareholders include no listed entities may nonetheless be captured if a listed entity holds a controlling interest in one of those shareholders further up the ownership chain; detection requires ownership tracing that penetrates multi-tier structures rather than evaluating only the counterparty's direct shareholders.
  • Strict liability framework making ownership investigation a legal requirement rather than a due diligence best practice — Export control violations under the EAR operate on a strict liability standard in which intent is not required for civil penalty exposure; a company that exports to an Affiliates Rule-captured entity without detecting the ownership connection is liable for the violation regardless of whether it conducted a good-faith restricted party screen that simply did not probe ownership; the strict liability standard converts beneficial ownership investigation from a compliance enhancement into a legal obligation whose omission produces the same enforcement exposure as failing to conduct any screening at all.
  • Thousands of potentially captured entities creating screening scope that existing customer bases and onboarding programs were not designed to address — The Affiliates Rule's extension of Entity List restrictions through ownership chains means that the population of restricted counterparties is substantially larger than the named entity lists that current screening programs are calibrated to detect; the scale of potential new restriction — across subsidiaries, affiliates, and investees of hundreds of currently listed entities — requires a systematic approach to ownership investigation that individual transaction screening cannot deliver without underlying beneficial ownership data infrastructure.

What does upgrading to beneficial ownership screening actually require, and what does inadequate implementation look like in practice?

Beneficial ownership screening is not a feature that can be switched on in an existing screening platform — it requires data infrastructure, workflow integration, and analytical methodology that most compliance programs were not built to provide:

  • Beneficial ownership data sourcing requiring structured, machine-readable ownership data that goes substantially beyond what corporate registry searches and public filings provide — Meaningful beneficial ownership screening requires access to structured ownership data that identifies the full ownership chain for counterparties across global jurisdictions — data that corporate registry searches, website review, and public filing review cannot consistently provide at the depth and coverage that Affiliates Rule compliance requires; compliance programs that attempt to implement beneficial ownership screening through manual research rather than integrated ownership data sources will produce coverage that is inconsistent, incomplete, and operationally unsustainable at the transaction volumes active trading relationships generate.
  • Workflow integration connecting ownership data to automated screening processes rather than creating a parallel manual review layer that depends on individual compliance judgment — Beneficial ownership screening is most effective when ownership data is integrated into the automated screening workflow that evaluates counterparties at onboarding and pre-transaction stages — surfacing ownership risk indicators alongside name-based screening results rather than requiring compliance reviewers to separately initiate ownership investigations for every counterparty; manual ownership investigation workflows that operate separately from automated screening create the coverage gaps and timing delays that allow Affiliates Rule-captured entities to proceed through transaction processing before ownership review is complete.
  • Aggregate ownership calculation methodology requiring a defined approach to combining multiple listed party ownership interests rather than evaluating each listed party relationship independently — Implementing the rule's aggregate ownership standard requires a defined methodology for identifying all listed party ownership interests in a counterparty, summing those interests to determine whether the 50% threshold is met, and handling the analytical complexities that arise when ownership data is incomplete, expressed in ranges, or involves indirect ownership through multiple tiers; compliance programs that evaluate listed party ownership interests individually without aggregating them will miss the combinations that the rule specifically targets.
  • Opaque ownership structure protocols defining how compliance programs handle counterparties whose ownership cannot be fully traced due to data limitations, confidentiality structures, or jurisdictional opacity — Not all counterparty ownership structures are fully traceable through available data sources; beneficial ownership screening programs must establish defined protocols for counterparties whose ownership is partially unknown — specifying what level of ownership uncertainty triggers a compliance hold, what additional information can be requested from the counterparty, and when ownership opacity alone is sufficient to decline a transaction regardless of whether a specific restricted party connection has been confirmed.
  • Inadequate implementation recognizable by the gap between documented screening policy and the actual data and analytical capability the program deploys — Compliance programs that update their screening policies to reference beneficial ownership requirements without implementing the underlying data infrastructure, workflow integration, and aggregate calculation methodology that meaningful ownership screening requires produce documentation that describes a capability the program does not actually possess; the test of beneficial ownership screening adequacy is not whether the compliance manual references ownership investigation but whether the program can reliably detect an Affiliates Rule-captured entity in a live transaction environment.

What does a retroactive audit of existing customers and intermediaries require, and why is waiting for new onboarding an inadequate response to the Affiliates Rule?

The Affiliates Rule's effective date applies to all transactions — not only to new customer relationships established after November 10 — making the existing customer base and active intermediary network an immediate compliance priority rather than a secondary remediation task:

  • Existing customer base exposure arising from ownership changes that occurred after initial onboarding rather than only from onboarding due diligence failures — Many existing customers whose initial onboarding screening confirmed no restricted party connections may have subsequently experienced ownership changes — through acquisition, investment, restructuring, or listed entity ownership expansion — that now place them within the Affiliates Rule's scope; a retroactive audit must evaluate current ownership structures rather than relying on onboarding screening results that reflect the customer's ownership at a prior point in time when no restriction existed.
  • Intermediary network audit as a distinct and often higher-risk priority than direct customer re-screening — Freight forwarders, distributors, agents, and other intermediaries in active transaction chains present Affiliates Rule exposure that may be more consequential than direct customer exposure because intermediary relationships are often less intensively screened at onboarding and because intermediaries can facilitate exports to Affiliates Rule-captured entities without the exporter's awareness; retroactive audit scope must explicitly include the full intermediary network rather than focusing exclusively on direct commercial customers.
  • Prioritization framework for retroactive audit sequencing based on transaction volume, destination country risk, and counterparty ownership complexity — A retroactive audit of the full existing customer base and intermediary network cannot be completed simultaneously at the same depth; compliance programs must establish a prioritization framework that sequences the audit based on risk factors — concentrating initial audit resources on counterparties with high transaction volumes, counterparties in jurisdictions with significant listed entity investment activity, and counterparties whose corporate structures include holding company ownership or cross-border ownership arrangements that present elevated Affiliates Rule exposure.
  • Audit documentation standards creating a contemporaneous record of ownership investigation methodology and conclusions that demonstrates proactive compliance investment before the November deadline — Retroactive audit results must be documented with sufficient specificity to demonstrate that ownership investigation was conducted through a defined methodology rather than a cursory review; documentation should capture what ownership data sources were consulted, what ownership structures were identified, what aggregate ownership calculations were performed, and what compliance conclusions were reached — creating an evidentiary record that is available if BIS enforcement review examines whether the organization took reasonable steps to identify Affiliates Rule exposure before the effective date.
  • Remediation workflow for counterparties identified as potentially Affiliates Rule-captured requiring defined escalation, transaction hold, and relationship disposition procedures — The retroactive audit will identify counterparties whose ownership structures place them within or near the Affiliates Rule's scope; compliance programs must have defined procedures for what happens when a potentially captured counterparty is identified — including transaction hold authority, escalation to legal review, customer notification procedures, and in some cases relationship termination — rather than discovering during the audit that there is no defined pathway for acting on the findings it produces.

How should compliance programs codify the aggregate ownership risk standard operationally, and what does a functional protocol for opaque or partially restricted ownership look like?

Building operational protocols for aggregate ownership risk requires translating the rule's legal standard into decision rules that compliance personnel can apply consistently under the time and information constraints of active transaction processing:

  • Defined ownership thresholds triggering escalating levels of compliance response based on the degree of identified listed party ownership rather than applying binary restricted or unrestricted determinations — The Affiliates Rule's 50% threshold is a legal bright line, but operational protocols benefit from defined response tiers below that threshold — specifying what compliance actions are triggered when identified listed party ownership reaches 25%, 35%, or 45% of a counterparty's known ownership — because ownership data is frequently incomplete and the difference between known ownership and actual ownership may be the margin that pushes a counterparty above or below the threshold; tiered response protocols ensure that counterparties approaching the threshold receive enhanced scrutiny rather than proceeding on the basis of incomplete ownership data that shows known listed party ownership below 50%.
  • Ownership opacity classification defining when a counterparty's resistance to ownership transparency is itself a compliance risk indicator sufficient to hold or decline a transaction — Not all ownership opacity reflects legitimate confidentiality concerns; counterparties in jurisdictions with documented histories of listed entity investment activity who resist ownership disclosure or provide structurally incomplete ownership information are exhibiting behavior that should trigger compliance holds independent of whether specific listed party ownership has been confirmed; protocols must define the ownership disclosure standards that counterparties must meet and the compliance consequences of failing to provide ownership information sufficient to complete the aggregate calculation.
  • Aggregate calculation documentation requirements specifying how ownership percentages are recorded, combined, and applied to the 50% threshold in a format that supports audit review — The aggregate ownership calculation must be documented in a format that an enforcement reviewer can reconstruct — identifying each listed party ownership interest, the data source for each percentage, the calculation combining multiple interests, and the threshold determination; undocumented ownership calculations that produce a compliance conclusion without a reconstructable analytical record cannot demonstrate that the aggregate standard was correctly applied rather than estimated or assumed.
  • Transaction hold authority calibrated to ownership uncertainty rather than requiring confirmed restriction before a hold is imposed — Compliance protocols that require confirmed listed party ownership above 50% before a transaction hold is imposed allow transactions to proceed while ownership investigation is incomplete; effective protocols must establish that ownership uncertainty above defined thresholds triggers a hold that remains in place until investigation is complete rather than allowing transactions to proceed on the basis of incomplete ownership data; hold authority must be organizationally real — with defined decision authority and commercial hold procedures — rather than procedurally stated but commercially circumvented under transaction timeline pressure.
  • Protocol review and update cadence ensuring that aggregate ownership risk standards evolve as BIS issues additional guidance, enforcement actions, and interpretive positions that clarify the rule's application — The Affiliates Rule is new and BIS guidance on its application to complex ownership scenarios will develop through enforcement actions, advisory opinions, and formal guidance documents over time; compliance protocols codified before November 10 must include a defined review cadence that updates operational procedures as BIS clarifies how the aggregate ownership standard applies to the specific ownership structures and data limitations that compliance programs encounter in practice.

What does the November 10 deadline mean for firms that are still building their beneficial ownership screening capability, and what interim measures reduce exposure while full implementation is completed?

The November 10 deadline is a fixed point against which compliance program readiness will be measured — and firms whose full beneficial ownership screening implementation will not be complete by that date need interim risk management measures that reduce exposure rather than waiting for complete implementation:

  • Risk-based transaction prioritization applying enhanced manual ownership review to the highest-risk transactions while automated capability is built — Firms that cannot implement full automated beneficial ownership screening before November 10 should establish a risk-based prioritization framework that applies enhanced manual ownership investigation to the transactions presenting the highest Affiliates Rule exposure — high-value transactions, transactions involving counterparties in jurisdictions with significant listed entity investment activity, and transactions with counterparties whose corporate structures include holding company ownership or cross-border investment arrangements — while processing lower-risk transactions under standard screening with documented acknowledgment of the interim gap.
  • Customer ownership disclosure requirements as an interim data collection mechanism that supplements limited automated ownership data with counterparty-provided information — Requesting ownership disclosure from counterparties through updated onboarding forms and customer questionnaires provides an interim source of beneficial ownership information that can supplement limited automated data during the implementation period; counterparty-provided ownership information is less reliable than independently verified data, but it creates a compliance record that demonstrates active ownership investigation and shifts accountability for misrepresentation to the counterparty rather than the exporter.
  • Legal counsel engagement before November 10 to assess self-disclosure obligations for transactions that may have involved Affiliates Rule-captured entities during the grace period — Firms conducting retroactive audits that identify counterparties who may be captured by the Affiliates Rule should engage legal counsel before the effective date to assess whether any transactions during the grace period create voluntary self-disclosure obligations to BIS; the grace period reduces but does not eliminate compliance exposure for transactions that occurred after the rule was announced, and pre-deadline legal assessment of self-disclosure obligations is a proactive compliance investment that post-deadline discovery does not allow.
  • Compliance program documentation demonstrating implementation progress and interim risk mitigation as evidence of good-faith compliance investment before the effective date — Firms whose beneficial ownership screening implementation is not complete by November 10 should maintain documentation of implementation progress — including the steps taken, the timeline established, and the interim risk mitigation measures applied — that demonstrates good-faith compliance investment rather than inaction; documented implementation progress is a meaningful factor in BIS's assessment of compliance program adequacy and is relevant to enforcement disposition if a violation is identified during the period when full implementation was still in progress.
  • The direction is set regardless of deadline movement — compliance investment made before November 10 retains its value if the deadline shifts and becomes immediately necessary if it does not — Firms that treat the November 10 deadline as the trigger for compliance action rather than as a fixed point by which compliance action should be complete will be permanently behind the standard the rule establishes; beneficial ownership screening capability built before the effective date protects the firm regardless of whether enforcement begins precisely on November 10, while firms that wait for a final confirmed date will face compressed implementation timelines that produce the compliance gaps enforcement review is most likely to find.

CTP Updates

Latest Posts

Contact Us

How Can CTP Help You?

Please complete the form.
A member of the CTP team will be in touch soon!

// Simple Form Validation by BRIX Agency
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.