The views expressed by the authors in this publication do not represent their employers or any agency. Any content should
This month we’re digging into the legal, operational, and regulatory tensions at the core of LC and guarantee practice.
Since a draft was included in the presentation at issue in ICC Opinion TA.948, it prompts important questions about examination not only under UCP but also under bills of exchange law.
The views expressed by the authors in this publication do not represent their employers or any agency. Any content should not be interpreted in any capacity as regulatory guidance, recommendations, or interpretations of law. Such expressed views are to be considered individual opinions and perspectives.
Editor's note: This paper is reprinted with the permission of the ITFA, and is available here: https://itfa.org/wp-content/uploads/2025/06/MDU-Complexities_2025JUNE18.pdf
The recent impacts of regulations for export controls and military dual-use (MDU) goods classification are a driving force towards the ongoing digitization of trade finance workflows. Today’s trade compliance environment consists mainly of legacy technology reliant upon screening processes that tend to include list-based methodologies, manual reviews, or a combination thereof. These methods require the investigative and analytical skillsets found across trade finance, military dual-use identification, Anti-money Laundering (AML), sanctions evasion, and export controls. In the fast-paced trade compliance environment, list-based methods have limited scalability, consistency, and efficacy. Institutions, therefore, need to adapt to the specific and growing jurisdictional complexities of import and export goods’ classification requirements. One option is to utilize recent advances in technology which can help fill complex knowledge gaps, improve detection methods, and promote collaborative efforts across the supply chain.
The technological advances in Application Programming Interfaces (APIs) and labeled data, both internal and external, can enable businesses to build more sophisticated goods classification and detection systems. The development and structure of APIs have become widely standardized resulting in ease of use for a business attempting to reduce adoption times and potentially remove the slow, traditional, manual review and stop gap measures of list-based screening. An integral component of API systems is the near real time delivery of trade data integrated with an institution’s existing risk management software. APIs simplify the ingestion of different and unique data sources, crafted to send data in near real-time for in-flight or post transaction processing, with the flexibility to fit an organization’s risk appetite.
Trade finance businesses have multiple options for ingesting structured, labeled data from open source and private vendor solutions. For example, an institution can ingest data from United Nations trade statistics[[1]], United States government Export Control Classification Number (ECCN) information[[2]] and chemical standard datasets.[[3]] Proprietary data sources can supply large content dictionaries compiled over many years, assisting institutions in the management of standards and the consolidation of multiple datapoints for in-depth analysis. Trade finance industry players are commoditizing their data and structuring it for regulatory and business initiatives. Internal datasets, combined with external data, opens the possibilities of a new world of Technological detection. Different technology components can enhance each other as well as the traditional manual processes. The mentality of considering one model or screening system, either built internally or outsourced through a vendor, may not necessarily meet the different nuances of MDU and/or goods detection. A layered approach of data extraction and artificial intelligence/machine learning (AI/ML) algorithms aligned with a rules-based decision filter can work in concert to minimize false positives and highlight areas of increased risk. Other monitoring technologies can join with MDU detection to determine if other red flags or higher inherent risk attributes are present within a transaction. Attributes such as goods destination obfuscation, shell companies, complex shipment routes, transshipment, or drop shipping are equally important elements within the detection process.
Regulatory agencies, the trade finance industry, and advisory services have shown their willingness to experiment with newer, advanced AI/ML technologies. New AI/ML technologies and techniques, like supervised random forest and gradient boosting, can harness historical information and combine it with unique public and private databases consisting of military goods. Machine learning is the process of predicting an outcome based on previously defined data analytics. Using historical transactions, a trained content set can potentially classify if a goods description in a new transaction is likely to be subject to MDU investigative controls. Each prediction is based on multiple datapoints from a training set, and the one decided by the machine to be the majority is selected and returned as the ‘answer.’
To execute a successful project that utilizes the above-mentioned technology, a small team of experts armed with analytical tools can determine if automation vs. manual review is cost effective. These small teams could include business expertise, perspectives on capabilities in the RegTech market, compliance professionals, data scientists, and AI/ML specialists. Strong leadership support and a culture of compliance will facilitate the team’s flexibility and penetration within the organizations’ data structure, slicing through bureaucratic and traditional organizational silos. A small team can quickly develop a proof of concept with either internal and external parties in a more rapid fashion to prove a system’s capability, especially when calling for additional investment. Supportive leadership is key to shield the technology team from the project management habits of large, conservative, hierarchal organizations, thus preventing scope creep and the tendency to be engaged by peripheral non-critical teams.
A small agile team can quickly evaluate the effectiveness of traditional methods, for example, list-based versus automation. This would be achieved through specific metrics and decision criteria, approved by management. Inclusive of the effectiveness evaluation would be a review and stress test of existing information technology architecture found within the institution. An organization would need to take a An unbiased view to determine if the organization’s existing Information Technology (IT) infrastructure can support the rapid analysis of large data sets from internal and/or external sources. The ability to integrate APIs and conduct appropriate security and vulnerability testing in an efficient fashion is key to ensure integration and development initiatives are not unduly hindered. Following which, development teams in partnership with their IT organizations could ensure such advanced data and screening technology can support ongoing, near real-time system execution, is scalable for potential business expansion, and maintains an effective maintenance and support structure.
A different take on the risk perspective of MDU is the ability of the organization to sustain the gains made from initial research, development, and implementation of advanced compliance screening techniques. Regulatory and industry recommendations provide best practices on how to sustain effective technology oversight. These are centered around systems explainability, data management, privacy, security and third-party risk.
Recent developments on government-specific MDU lists were undertaken in certain cases without recourse to the multilateral conventions which manage dual-use goods. Items within the supercomputing and semiconductor categories were updated by country-specific regulation in the United States, United Kingdom, and European Union without seeking a global level of alignment. This has resulted in a fragmentation of international standards and increased nuances in goods data. This occurred due to alleged disruption within international conventions by certain nation-states, preventing certain items from being classified officially as MDU. The response by the United States and its partners was to make frequent and more ad-hoc changes to MDU regulation, increasing the complexities of MDU data management.
“Trade Finance Compliance is data driven. An organization’s employees must understand that they sit on a huge load of data that can be used to potentially detect areas of higher risk. We need to make use of this data.”
- ITFA, Financial Crime Compliance Initiative Survey, February 2025, participant comment
When managing an institution’s MDU identification tool, remaining up to date with fragmented regulation is an ongoing process. Specifically, the efforts called for when updating and maintaining a higher level of model accuracy or building or creating a list of MDU items all pose a certain set of challenges and opportunities. No complete MDU goods list exists or adapts quickly enough whereby all items and products across multiple sectors and industries are curated together for the purpose of identification screening. Adding additional due diligence for an institution is the decision to seek out partner third-parties to assist with complementary datasets for enhanced detection screening. A vendor may have a more extensive list of goods and items, but it will not provide 100% coverage.
When creating MDU lists, an institution needs to be aware of overall goods coverage. Is there enough data in the MDU goods dictionary to ensure an adequate match of potential high-risk items? To what extent are potential MDU industries covered? Which industries are easier to scope for enhanced visibility and coverage? Are there enough historical occurrences to create a viable AI/ML model? Product catalogues are generally available from manufacturers and offer a concise insight into potential MDU items. Another perspective available to institutions requires the collection of content from various open-source locations. For example, data would be collated from the nuclear, chemical, electronic, engineering, aerospace, and other sectors. As a starting point, content can be found in various formats on NATO bill of material dictionaries[[5]]. Many product catalogues will also specify goods by HS Code and ECCN, but these are usually configured by product or model number rather than high-level description, with the former only being found in trading documents on a limited basis.
Costs to develop and maintain such a solution are driven by an organization’s risk appetite and evaluated through a risk assessment process. This could include an evaluation of an institution’s customer, product, and geographic exposure to MDU through its trade finance program. There are a few courses of action available to pursue:
Given a particular risk appetite or scale of a business, the continuation of manual controls can be appropriate. However, as complexities in goods descriptions and export control compliance increase, manual controls may require review. Here the traditional mindset could fall back on applying more manual controls, thereby creating the second-order effects of more manual testing and resources for list maintenance. In this scenario, institutions must extract reliable lists, conduct proofing, test for new accuracy ratings, then upload to list management systems. This all requires more resources, time, quality assurance controls, and efforts on a continual basis. Regardless of these potential additional effects, an institution’s risk appetite could result in remaining with a manual control process as it sufficiently mitigates inherent risks.
Purchasing an off-the-shelf application from a vendor can be utilized out-of-the-box. For those with limited resources and budget, the most optimal solution could be to work directly with a vendor who offers a ready-made product. The goal of successful MDU detection is shared across industry and institutions of different sizes and regions. Additionally, the data and technology required to manage an MDU detection system are readily available in the market. The IT services and data science principles concerning machine learning have been refined over many years, allowing institutions to invest in established services and technology.
Economies of scale could also be utilized via a ‘buy’ strategy in respect to enhanced learning embedded in the model, for example, the addition of an institution’s data such as raw goods descriptions used to test the model leads to all-round gains for the users of the third-party solution. A hand-off by the institution in a ‘buy’ scenario does imply that the vendor manages data maintenance, data quality and technical throughput. The consequence of this means that institutions must have Service Level Agreements (SLAs) and contractual language in place with their provider to ensure ongoing compliance and continued technical operability. A valid SLA which meets the needs of both parties may be considered to cover response times, key contacts, notification periods for important updates, and resolution management for issues that might arise through the term of a contract.
The other side of the buy option is for an institution to build an in-house solution. This can be a resource-intensive exercise requiring linkage to an organization’s strategic information technology and budget plans. Such engagements are usually years in the making as infrastructure, talent, and data management foundations are required prior to embarking on an internal AI/ML journey. This is important not only from the build perspective but also to allow other data source integrations, say through vendor or other internal APIs, to allow for greater scalability and sustainability. Realistically, projects of this nature usually encounter the traditional delays caused by in-depth reviews by data scientists into areas that perhaps have not seen the proverbial light of day. Other factors leading to delays could be a result of unforeseen data poisoning as more outside systems are integrated but were previously beyond the purview of the business unit. These hurdles are not insurmountable but require expectation management, open and realistic reporting as to budgetary needs, areas of improvement and success, and the ultimate Return on Investments (ROI). Areas of consideration which might lighten an organization’s load to implementation are reductions in third-party risk management, less complicated data privacy impacts, and faster development of a proof of concept in a parallel run environment. Ultimately, team leads should establish clear success criteria for moving forward at the project’s most critical staging points. This criteria can be used to determine when to continue, when to pause and learn from a task, or when to cancel an initiative.
A cooperative approach which combines the key attributes of build and buy is to utilize the expertise and resources of a third-party alongside the institution’s framework. This approach requires careful evaluation of third-party capabilities and their alignment with the goals of the task. The partnership approach can minimize the weaknesses in pursuing a distinct buy-versus-build scenario while reinforcing strengths intrinsic to the The institution and vendor. Specifically, the nuances of goods screening and MDU detection requiring deep knowledge can be more easily addressed. The institution can provide the tacit in-house system and risk appetite expertise while the vendor wields unique MDU data sets and flexibility to deploy advanced detection tools and conduct rapid prototyping. Further, an institution can analyze an outside organization's data feed and look to enhance a screening process using dedicated resources while seeking to use in-house talent and reduce time to market as resources juggle normal business activities and new initiatives. Changes to data, MDU regulation, and learning from industry actions could be part of a feedback loop which continually enhances and modifies content provided by a third-party.
For IT services, an agreement to manage new enhancements, fixes, and output metrics together with the security features to protect sensitive data would require consideration. For example, where an institution sends only the necessary raw data (reducing data privacy and security concerns), a third-party employs its advanced tools, sending its output to the institution and finally, having the institution use internal data to further refine the output. Gaps in MDU data emphasize the call for a wide foundation of military and dual-use goods across multiple high-risk industries. Success could be determined by a strong and transparent relationship between a vendor and an institution, advancing beyond the traditional transactional vendor-customer mindset.
How an institution decides to proceed when strengthening MDU detection processes should be carefully evaluated based on risk appetite, cost, data availability, and condition of its technology stack. This criterion could be aligned to the institution’s core values and regulatory requirements. Advances in technology, through the implementation and use of machine learning techniques to better manage content, reduce manual review, and reuse an institution’s historical data, can break current dependencies on list-based screening techniques. Machine learning can harness internal data and align this with specific MDU content for improvements and efficiencies in the detection process, but governance procedures, ongoing compliance, and data management to capture such risk must be addressed through an operational approach. Sustaining the gains from an advanced screening framework requires the use of metrics and measurable testing as inclusive parts of any technology process, ensuring not only the aim of compliance but also managing the exposure to new MDU risk attributes. As new goods and products fall into the controlled goods category, it is important to harness advances in data-driven decision making to meet new challenges.
Many thanks to those esteemed colleagues from the ITFA Financial Crime Compliance Initiative who provided expertise, guidance, and advice.
Any comments or thoughts expressed within this publication are those of the individuals’ professional perspectives and not associated with any employer, entity, government, or organization.
[[1]]: Global trade data platform aggregating annual and monthly trade statistics. Available at: https://comtradeplus.un.org/
[[2]]: Non-exhaustive Supplement to the U.S. Commerce Control List. Available at: https://www.bis.doc.gov/index.php/documents/regulations-docs/2329-commerce-control-list-index-3/file
[[3]]: Delineation of the three schedules for toxic chemicals and precursors defined by the Organisation for the Prohibition of Chemical Weapons (OPCW). Available at: https://www.opcw.org/chemical-weapons-convention/annexes/annexchemicals/annex-chemicals
[[4]]: Basic data science metrics used to define the applicability of a model. Available at: https://developers.google.com/machinelearning/
crash-course/classification/accuracy-precision-recall
[[5]]: Bill of material data dictionaries define the underlying components used to produce certain equipment, machinery, materials. Available at: https://www.iso-group.com/nsn-search/Search-NSN-Parts-Database/Search-By-NATO-Part-Number
Since a draft was included in the presentation at issue in ICC Opinion TA.948, it prompts important questions about examination not only under UCP but also under bills of exchange law.
A simpler, more standardized approach to standbys benefits everyone and the ISP98 Model Forms offer built-in best practices.
A deceptive LC transfer leads a confirming bank to pay twice. Explore this trade finance fraud case from Abdurrahman Özalp’s book on international trade.
For the 7th year, the Institute of International Banking Law & Practice conducted its one-day Americas Trade Finance Compliance Annual Meeting. This summary provides an overview of topics discussed at the conference hosted by S&P Global on 2 April 2025 in New York and conducted as a hybrid event.
Gain full access to analysis, cases, eBooks and more with a DCW Free Trial
