What Changed and Why It Matters
For years, compliance professionals relied on the "exact match" principle for screening against the Bureau of Industry and Security (BIS) Entity List. If a company wasn't explicitly named on the list, many assumed it was safe to do business with.
That assumption is no longer safe. Following the lead of the Treasury Department's Office of Foreign Assets Control (OFAC), the BIS has clarified its position on ownership extensions. The "BIS 50 Rule" (or BIS 50 Percent Rule) explicitly states that restrictions applying to a listed entity also apply to any entity owned 50% or more by that listed party.
Critical Compliance Update
You can no longer screen only against the published text of the Entity List. You must now screen against the ownership graph of every counterparty to detect hidden links to restricted entities.
How the BIS 50 Rule Works
The rule is mathematical and ruthless. It accounts for three types of ownership structures that can trigger a block:
1. Direct Ownership
This is the simplest scenario. If Entity List Party A owns 51% of Company B, then Company B is treated exactly as if it were on the Entity List itself. No license exceptions apply, and license requirements are identical.
2. Indirect Ownership
Restrictions flow down through corporate chains. If Entity List Party A owns 100% of Intermediate Corp, and Intermediate Corp owns 50% of Target Company, then Target Company is blocked.
However, care must be taken with calculation. Indirect ownership is calculated by multiplying percentages only if strict control isn't established, but BIS/OFAC generally view a 50%+ stake at any level as controlling the next level.
3. Aggregate Ownership (The "50% Rule")
This is the most common trap. You must sum the ownership stakes of all restricted parties.
Example: Aggregate Ownership Calculation
Minority Ownership: The "Red Flag"
What if the ownership sum is only 40%? Is the entity safe?
Not necessarily. BIS guidance explicitly identifies "significant minority ownership" by a restricted party as a "Red Flag." While a license may not be legally required solely based on ownership, proceeding without caution is dangerous.
If a restricted party owns 25% or more of an entity (or holds a board seat or veto power), you face the risk that the restricted party could:
- Divert controlled items to themselves.
- Use the non-listed entity as a procurement front.
- Access technical data in violation of deemed export rules.
SecurePoint USA recommends a 25% minority ownership threshold for generating automated warnings ("Red Flags") in your screening workflow.
Operationalizing Compliance
Building a defensible compliance program requires more than just checking names. You need an audit trail that proves you checked for ownership.
1. Verify Beneficial Ownership
Ask your counterparties for their beneficial ownership structure. Who owns them? Are there any parent companies?
2. Map Against Sanctions Lists
Cross-reference every owner (and owner's owner) against the BIS Entity List, MEU List, and OFAC SDN List.
3. Document the Math
If you find matches, perform the aggregation calculation. Store this calculation in your transaction logs. This is your "shield" during an audit—proof that you did the math.
Simplify Your Screening
Don't rely on spreadsheets to track complex ownership graphs. SecurePoint USA's automated screening tools handle the BIS 50 Rule and minority ownership red flags automatically.
Frequently Asked Questions
Does the 50% rule apply to the Unverified List?▼
Not legally in the same automatic way as the Entity List, but BIS recommends treating affiliates of unverified parties with extreme caution. It is considered a strong red flag.
What if firm ownership is exactly 50%?▼
The rule applies to ownership of 50% or more. Therefore, an exactly 50% stake triggers the blockage. A 49.9% stake does not trigger an automatic block but is a major red flag.
How often should I re-screen ownership?▼
Ownership structures change. We recommend re-screening at least annually, or prior to any new major transaction or contract renewal. Continuous monitoring solutions are best.