Regulatory complexity at a time of geopolitical flux, trade wars and profound technological change

The rules governing who banks can and cannot do business with are displaying increasing complexity. The industry needs to catch up.

Visualise what happens today. A compliance team runs its screening software, names get checked against government watchlists and boxes get ticked. Somewhere in the back office, a loan is approved, a letter of credit is issued or a trade is executed. All of this is perfectly clean on paper but potentially problematic in reality.

The problem is structural, and it is getting worse. Sanctions are blunt instruments. A government publishes a list, the bank checks the list and based on that, the transaction was either cleared or it not. However, sanctioned individuals operate through complex multi-layered structures and the regulators have noticed that. Consequently, the regulatory environment that financial institutions now operate in is evolving rapidly. It is layered and deeply unforgiving of ignorance.

Consider what it actually means today for a security to be “sanctioned.” The obvious case: debt or equity issued directly by an entity on a government ban list is only the innermost ring of a much larger target. The next ring encompasses securities issued by unlisted subsidiaries that are 50% or more owned by a sanctioned parent. Further out are the derived and synthetic assets: ETFs, mutual funds, options and swaps that incorporate prohibited underlying shares. A fund manager who has never heard of the sanctioned entity could still be holding it, three degrees removed, inside a perfectly respectable index product. Standard screening software will find none of this. It was not designed to do so.

The Bureau of Industry and Security (BIS) adds its own layer through the BIS 50% Rule. OFAC’s rule governs financial assets; BIS governs export controls on American-origin items, software and technology. If a company on the BIS Entity List owns 50% or more of an unlisted subsidiary, that subsidiary inherits the licensing restriction globally. For a bank financing a shipment of US-content goods to a counterparty that fails this aggregate test, the institution is in direct violation regardless of whether it knew. Violations carry civil fines exceeding $300,000 per incident, plus the catastrophic risk of losing export or clearing privileges entirely.

The operational headache for trade finance is considerable. Verifying a lawful commercial transaction requires mapping multiple corporate layers of buyer, seller and end-user. The identification of a hidden layer mid-transaction triggers a pause pending specific BIS export licenses. While the transaction idles at a container depot, the compliance team, with no automated way to resolve beneficial ownership down to the fourth subsidiary tier, is tracing UBOs and ownership layers manually.

Then there is Executive Order 14105, perhaps the most strategically significant instrument of the three. It restricts US persons from investing in Chinese advanced technology sectors to prevent dual-use development, operating on two tracks. Prohibited transactions represent a complete ban on high-end investments in semiconductors, quantum information technology and certain artificial intelligence applications, with Treasury retaining authority to force divestment.

Notifiable transactions require formal disclosure within 30 days of closing in lesser-restricted categories. The boundary that trips up commercial lenders is the “Investment Nexus”: standard corporate loans are generally excluded, but the moment a debt instrument acquires equity-like characteristics, for example, convertible notes, warrants, etc., it crosses the threshold. Pending legislation under the COINS Act would extend the net, bringing ordinary debt financing into the ambit of pre-screening as well. Banks without screening workflows for Chinese technology counterparties are already behind this particularly bendy curve.

What connects these three regulatory pillars is a single vulnerability that compliance professionals are beginning to call the “Hidden Entity” problem. Each regime requires knowing not just the name of your direct counterparty but the full network behind it, i.e., who owns whom, at what percentage, and whether any node in that ownership tree is restricted. This is UBO mapping in its most rigorous form, and it cannot be done with a static list checked once at onboarding. Corporate structures change daily. New designations are added. The data infrastructure required to stay current is immense and requires specialist data and diligence capabilities to be put in place, either in-house or through outsourcing arrangements.

The contractual dimension matters too. Because these rules mirror sanctions regimes rather than deal-by-deal clearance processes, banks operate under strict liability. The emerging best practice is to insert Outbound Investment Representation and Warranty clauses into loan agreements, forcing borrowers to certify clean supply chains. However, these promises must be backed by active, timestamped UBO data validation to satisfy regulators.

The synthesis is therefore a challenge. You cannot comply with the BIS 50% Rule in trade finance while ignoring sanctioned securities in capital markets and EO 14105 in your lending book. They share the same structural flaw and require the same solution: a single, continuously updated, network-level data architecture across all three business lines.

Simple name screening is inadequate in this scenario. The institutions that grasp this earliest will face fewer regulatory shocks. The ones still ticking boxes against a static list will, sooner or later, discover that the name they never recognised was the problem all along.