From Peanuts to Elephant-Sized Penalties:  A Recent Have a look at Latest U.S. Export Controls Enforcement Developments & Future Developments

by Brent Carlson

Photograph courtesy of the writer

Export controls penalties that had been beforehand peanuts in comparison with FCPA penalties are actually turning into extra like elephants, with the “excessive chance” commonplace driving the stampede.

On July 28, 2025, DOJ and BIS introduced a $140 million decision with an digital design automation (“EDA”) exporter by way of a responsible plea[1] and BIS settlement[2] over exports to China.

The BIS settlement turned on what the exporter had “cause to know, together with consciousness of a excessive chance” (aka the “excessive chance” commonplace), and never simply precise information—an escalation in BIS’s use of the complete definition of “information” below the U.S. Export Administration Rules (“EAR”).[3] Latest BIS steerage in July 2024, October 2024, and Could 2025 foreshadowed this shift,[4] as did an August 15, 2025, $5.8 million settlement.[5]

For sensible steerage on the “excessive chance” commonplace, see prior “Recent Seems” posts.[6]

This latest case additionally warrants an replace of the November 14, 2023, comparability of export controls and FCPA enforcement, which likewise leveraged the “excessive chance” commonplace.[7]

Regulators anticipate corporations to study from prior resolutions. Right here, which means understanding what info had been thought-about adequate to create “cause to know, together with consciousness of a excessive chance.”

On February 18, 2015, China’s Nationwide College of Protection Expertise (“NUDT”) was positioned on BIS’s “Entity Listing,” thereby requiring a license for any exports, reexports, or in-country transfers to NUDT of things topic to the EAR. Nevertheless, after NUDT was positioned on the Entity Listing, unlicensed enterprise continued by way of one other purchaser, Central South CAD Middle (“CSCC”).

That the exporter had “cause to know, or consciousness of circumstances that ought to have prompted additional due diligence, that” CSCC was in actual fact “an alias of” NUDT[8] was indicated by:

• The handle for CSCC “intently matches” an handle on the NUDT campus.[9]
• Sure of the exporter’s native staff in China “generally used the acronym ‘CSCC’ along with the Chinese language characters for NUDT (国防科技大学) in correspondence, indicating a hyperlink between the 2.”[10]
• Gross sales personnel on the exporter’s native subsidiary in China had “familiarity and interplay” with CSCC personnel as a result of CSCC was a “key account” for them; “sure personnel inside [the exporter’s local subsidiary in] China throughout a number of roles had cause to know that CSCC was an alias for NUDT.”[11] This included sending invites and paperwork to CSCC staff by way of NUDT electronic mail addresses.[12] Gross sales personnel additionally related CSCC with supercomputers made by NUDT (for nuclear explosives).[13] Equally, sure CSCC staff had been speaking utilizing @phytium.com.cn electronic mail addresses, related to one other entrance firm, Phytium Expertise Co. Ltd. (“Phytium”); such electronic mail addresses had been related to CSCC contacts within the exporter’s buyer database.[14]
• Technical personnel on the China subsidiary had conferences with CSCC personnel whom that they had beforehand recognized as NUDT personnel, communicated by way of an NUDT electronic mail handle, and put in the {hardware} at NUDT places.[15]
• Finance personnel “periodically weighed in on credit score issues with CSCC” and famous that CSCC had no Web presence (in English or Chinese language) and no discernable credit score historical past.[16] These issues, particularly the “incapability to confirm details about CSCC in reference to its test of CSCC’s credit score,” “ought to have prompted additional due diligence.”[17]
• Authorized personnel concerned in discussing the reassignment of CSCC contracts to Phytium “supplied a now-former gross sales group director in China with draft task letters for the IP and requested her to acquire related contact and site data from Phytium, noting, ‘after all the e-mail addresses ought to all be @phytium.com.cn company addresses.’”[18] The identical personnel wrote, “I do know it’s two completely different events, CSCC and Phytium, however we additionally know they’re associated with respect to all these transactions.”[19]
• Engineering personnel defined to the identical authorized personnel that they’d transfer “the ‘enterprises’ in our system from CSCC to Phytium” and that they’d “guarantee all the suitable Phytium contacts are moved in [the customer database] to Phytium (many are CSCC now).”[20]
• Supplies personnel despatched audit letters for each CSCC and Phytium as attachments to a single electronic mail “to a Phytium consultant recognized by [the exporter’s local subsidiary in] China to be related to each CSCC and NUDT.”[21]

Additional violations had been dedicated when, after the exporter stopped gross sales to CSCC, the exporter transferred—in violation of Common Prohibition 10 (“You might not . . . switch . . . any merchandise topic to the EAR. . . with information {that a} violation of the [EAR] . . . has occurred . . . in reference to the merchandise.”)—CSCC’s {hardware}, software program and know-how to Phytium.[22]

The above info illustrate the “collective information doctrine” below U.S. white-collar company enforcement. Below this doctrine, it’s permissible to deduce “company” information of info—however not “intent”—“by way of the buildup of particular person information” throughout staff.[23]

There isn’t a allegation that the exporter’s one-person commerce compliance workforce was conscious of the above info.[24] As an alternative, it was the collective information of gross sales, technical, finance, authorized, engineering, and supplies personnel that gave the exporter “cause to know, together with consciousness of a excessive chance” of the violations.

Virtually talking, commerce compliance personnel can not survey their complete firm’s information concerning each transaction in worldwide commerce. However when “crimson flags” point out a possible violation of U.S. export controls, commerce compliance personnel ought to think about who else is fairly more likely to have data related to the evaluation and potential mitigation of such crimson flags.

Within the face of the above “crimson flags,” conventional self-certifications weren’t adequate.

For instance, “When confronted with export compliance-related points, [the exporter] undertook further due diligence to handle such crimson flags, together with requesting a Letter of Assurance from CSCC in January 2019 to substantiate that there was no prohibited end-use and/or end-user concerned in transactions with CSCC.”[25]

Moreover, “[the exporter] sought and obtained from Phytium affirmation that its merchandise weren’t navy gadgets, used to help a navy merchandise, or used to help or contribute to the operation, set up, restore, refurbishing, improvement, or manufacturing of a navy merchandise. Phytium additionally confirmed that it might not enable any individual related with or employed by an entity on the Entity Listing to make use of [the exporter’s] merchandise in violation of U.S. regulation.”[26]

Neither of the above was adequate to keep away from or scale back the $140 million penalty.

A number of prospects continued to obtain managed software program even after they had been positioned on the Entity Listing, “as a result of sure system-level gaps” in “established compliance processes and procedures for terminating transactions with corporations who had been later designated on the Entity Listing.” As a result of no license was sought (and obtained) to allow these software program downloads, these downloads additionally violated U.S. export controls.[27]

By leveraging the “excessive chance” commonplace, BIS stands poised to carry extra enforcement actions, resolve them sooner, and levy a lot increased penalties. Under is an replace to the November 2023 comparability between FCPA and export controls penalties. Export controls penalties nonetheless lag far behind, however the brand new BIS enforcement playbook signifies that penalties will proceed to extend.

1. The period of “excessive chance” enforcement and compliance has arrived. The July 28, 2025 decision is one other step by the federal government in following an “FCPA playbook” in export controls enforcement.
2. Different exporters ought to overview the above info and think about whether or not they have related dangers. Neither BIS nor DOJ ought to be anticipated to imagine that, given the amount of gross sales to China and the significance to Chinese language corporations of acquiring managed gadgets and know-how, that the oblique gross sales to NUDT by way of CSCC and Phytium are remoted incidents.
3. Within the face of “crimson flags” suggesting {that a} purchaser is an “alias” or a entrance firm for a restricted end-use or end-user, reliance on conventional self-certifications by counterparties is more likely to exacerbate, quite than mitigate, the compliance and enforcement dangers. This has essential implications for the brand new “Associates Rule,” introduced by BIS with speedy impact on September 29, 2025, which is roofed intimately in a two-part podcast.[28]

[1] Plea Settlement, U.S. v. Cadence Design Methods, Inc., CR 25-00217-EJD (SVK) (N.D. Cal. July 28, 2025).

[2] U.S. Dept. of Comm., Bureau of Indus. & Safety, Settlement Settlement, Within the Matter of Cadence Design Methods, Inc. (July 28, 2025).

[3] See p. 2 of the BIS Settlement Settlement: “Pursuant to Part 772.1 of the EAR, ‘information of a circumstance (the time period could also be a variant, similar to “know,” “cause to know,” or “cause to consider”) consists of not solely constructive information that the circumstance exists or is considerably sure to happen, but additionally an consciousness of a excessive chance of its existence or future prevalence.’ 15 C.F.R.§772.1. This consciousness could also be inferred from proof of an individual’s acutely aware disregard of recognized info or an individual’s willful avoidance of info.”

[4] BIS, Steerage to Business on BIS Actions Figuring out Transaction Events of Diversion Threat (July 10, 2024); BIS, Bureau of Business and Safety Points New Steerage to Monetary Establishments on Greatest Practices for Compliance with the Export Administration Rules (Oct. 9, 2024); BIS, Division of Commerce Pronounces Rescission of Biden-Period Synthetic Intelligence Diffusion Rule, Strengthens Chip-Associated Export Controls (Could 13, 2025) (amassing three steerage paperwork).

[5] U.S. Dept. of Comm., Bureau of Indus. & Safety, BIS Imposes $5.8 Million Penalty Towards Pennsylvania Firm for Shipments of Low-Degree Objects to Events Tied to the PRC’s Hypersonics, UAV, and Army Electronics Applications (Aug. 15, 2024).

[6] Collected at https://wp.nyu.edu/compliance_enforcement/tag/brent-carlson/; see, e.g., Brent Carlson, When Loopholes Create Legal responsibility Pitfalls: A Recent Have a look at Export Controls, NYU Program on Company Compliance & Enforcement (“PCCE”) Weblog (Aug. 25, 2023); Brent Carlson & Michael Huneke, Know Your Buyer, However Additionally Your self: A Recent Have a look at Sanctions & Export Controls Threat Assessments within the Period of the “New FCPA,” NYU PCCE Weblog (Sept. 28, 2023); Brent Carlson & Michael Huneke, Gradual is Clean, Clean is Quick: A Recent Have a look at Planning and Executing Inner Investigations into Allegations of Sanctions or Export Controls Evasion, NYU PCCE Weblog (Oct. 30, 2023); Brent Carlson & Michael Huneke, How To not Stand Out Like a Sore Thumb (Half 2): A Recent Have a look at the “Excessive Likelihood” Definition of Data Utilized to Export Controls and Sanctions Enforcement, NYU PCCE Weblog (Feb. 21, 2024); and Brent Carlson & Michael Huneke, Keep away from Kicking the Hornet’s Nest: A Recent Have a look at Anticipate, Keep away from, and Reply to BIS Administrative Subpoenas (Half 1), NYU PCCE Weblog (Sept. 19, 2024).

[7] Brent Carlson & Michael Huneke, From Peanuts to Jail Time – A Recent Have a look at the Evolution of Export Controls Penalties, NYU PCCE Weblog (Nov. 14, 2023).

[8] BIS Settlement Settlement at p.2.

[9] Id. at ¶ 6.

[10] Id. at ¶ 7.

[11] Id. at ¶ 8.

[12] Id. at ¶¶ 11–15.

[13] Id. at ¶¶ 11–15.

[14] Id. at ¶ 30.

[15] Id. at p.4 & ¶¶ 23–24.

[16] Id. at ¶¶ 26–27.

[17] Id. at ¶¶ 22 & 27.

[18] Id. at ¶ 31.

[19] Id. at ¶ 32.

[20] Id. at ¶ 33.

[21] Id. at ¶ 34.

[22] Id. at p.3.

[23] See, e.g., U.S. v. SAIC, 626 F.3d 1257, 1275–76 (D.C. Cir. 2010) (citing and distinguishing U.S. v. Financial institution of New England, 821 F.2nd 844, 856 (1st Cir. 1987)).

[24] See additionally Plea Settlement, Attachment A1 (Assertion of Info) ¶ 30, U.S. v. Cadence Design Methods, Inc., CR 25-00217-EJD (SVK) (N.D. Cal. July 28, 2025) (“Through the related time interval by way of 2019, Cadence employed one export management officer with duty over Cadence’s export management compliance program.”).

[25] BIS Settlement at ¶ 22.

[26] Plea Settlement, Attachment A1 (Assertion of Info) ¶ 41.

[27] BIS Settlement at ¶¶ 39–40.

[28] See Episodes 28 and 29 of the “Pink Flags Rising” podcast obtainable at Apple, Spotify, and RSS.

Brent Carlson is the founding father of Pink Flags Rising Options LLC. The views expressed herein are the writer’s personal and don’t mirror the views of his organizations, or of the companions or staff thereof.

The views, opinions and positions expressed inside all posts are these of the writer(s) alone and don’t characterize these of the Program on Company Compliance and Enforcement (PCCE) or of the New York College Faculty of Regulation. PCCE makes no representations as to the accuracy, completeness and validity or any statements made on this web site and won’t be liable any errors, omissions or representations. The copyright of this content material belongs to the writer(s) and any legal responsibility with reference to infringement of mental property rights stays with the writer(s).

by Brent Carlson

Photograph courtesy of the writer

Export controls penalties that had been beforehand peanuts in comparison with FCPA penalties are actually turning into extra like elephants, with the “excessive chance” commonplace driving the stampede.

On July 28, 2025, DOJ and BIS introduced a $140 million decision with an digital design automation (“EDA”) exporter by way of a responsible plea[1] and BIS settlement[2] over exports to China.

The BIS settlement turned on what the exporter had “cause to know, together with consciousness of a excessive chance” (aka the “excessive chance” commonplace), and never simply precise information—an escalation in BIS’s use of the complete definition of “information” below the U.S. Export Administration Rules (“EAR”).[3] Latest BIS steerage in July 2024, October 2024, and Could 2025 foreshadowed this shift,[4] as did an August 15, 2025, $5.8 million settlement.[5]

For sensible steerage on the “excessive chance” commonplace, see prior “Recent Seems” posts.[6]

This latest case additionally warrants an replace of the November 14, 2023, comparability of export controls and FCPA enforcement, which likewise leveraged the “excessive chance” commonplace.[7]

Regulators anticipate corporations to study from prior resolutions. Right here, which means understanding what info had been thought-about adequate to create “cause to know, together with consciousness of a excessive chance.”

On February 18, 2015, China’s Nationwide College of Protection Expertise (“NUDT”) was positioned on BIS’s “Entity Listing,” thereby requiring a license for any exports, reexports, or in-country transfers to NUDT of things topic to the EAR. Nevertheless, after NUDT was positioned on the Entity Listing, unlicensed enterprise continued by way of one other purchaser, Central South CAD Middle (“CSCC”).

That the exporter had “cause to know, or consciousness of circumstances that ought to have prompted additional due diligence, that” CSCC was in actual fact “an alias of” NUDT[8] was indicated by:

• The handle for CSCC “intently matches” an handle on the NUDT campus.[9]
• Sure of the exporter’s native staff in China “generally used the acronym ‘CSCC’ along with the Chinese language characters for NUDT (国防科技大学) in correspondence, indicating a hyperlink between the 2.”[10]
• Gross sales personnel on the exporter’s native subsidiary in China had “familiarity and interplay” with CSCC personnel as a result of CSCC was a “key account” for them; “sure personnel inside [the exporter’s local subsidiary in] China throughout a number of roles had cause to know that CSCC was an alias for NUDT.”[11] This included sending invites and paperwork to CSCC staff by way of NUDT electronic mail addresses.[12] Gross sales personnel additionally related CSCC with supercomputers made by NUDT (for nuclear explosives).[13] Equally, sure CSCC staff had been speaking utilizing @phytium.com.cn electronic mail addresses, related to one other entrance firm, Phytium Expertise Co. Ltd. (“Phytium”); such electronic mail addresses had been related to CSCC contacts within the exporter’s buyer database.[14]
• Technical personnel on the China subsidiary had conferences with CSCC personnel whom that they had beforehand recognized as NUDT personnel, communicated by way of an NUDT electronic mail handle, and put in the {hardware} at NUDT places.[15]
• Finance personnel “periodically weighed in on credit score issues with CSCC” and famous that CSCC had no Web presence (in English or Chinese language) and no discernable credit score historical past.[16] These issues, particularly the “incapability to confirm details about CSCC in reference to its test of CSCC’s credit score,” “ought to have prompted additional due diligence.”[17]
• Authorized personnel concerned in discussing the reassignment of CSCC contracts to Phytium “supplied a now-former gross sales group director in China with draft task letters for the IP and requested her to acquire related contact and site data from Phytium, noting, ‘after all the e-mail addresses ought to all be @phytium.com.cn company addresses.’”[18] The identical personnel wrote, “I do know it’s two completely different events, CSCC and Phytium, however we additionally know they’re associated with respect to all these transactions.”[19]
• Engineering personnel defined to the identical authorized personnel that they’d transfer “the ‘enterprises’ in our system from CSCC to Phytium” and that they’d “guarantee all the suitable Phytium contacts are moved in [the customer database] to Phytium (many are CSCC now).”[20]
• Supplies personnel despatched audit letters for each CSCC and Phytium as attachments to a single electronic mail “to a Phytium consultant recognized by [the exporter’s local subsidiary in] China to be related to each CSCC and NUDT.”[21]

Additional violations had been dedicated when, after the exporter stopped gross sales to CSCC, the exporter transferred—in violation of Common Prohibition 10 (“You might not . . . switch . . . any merchandise topic to the EAR. . . with information {that a} violation of the [EAR] . . . has occurred . . . in reference to the merchandise.”)—CSCC’s {hardware}, software program and know-how to Phytium.[22]

The above info illustrate the “collective information doctrine” below U.S. white-collar company enforcement. Below this doctrine, it’s permissible to deduce “company” information of info—however not “intent”—“by way of the buildup of particular person information” throughout staff.[23]

There isn’t a allegation that the exporter’s one-person commerce compliance workforce was conscious of the above info.[24] As an alternative, it was the collective information of gross sales, technical, finance, authorized, engineering, and supplies personnel that gave the exporter “cause to know, together with consciousness of a excessive chance” of the violations.

Virtually talking, commerce compliance personnel can not survey their complete firm’s information concerning each transaction in worldwide commerce. However when “crimson flags” point out a possible violation of U.S. export controls, commerce compliance personnel ought to think about who else is fairly more likely to have data related to the evaluation and potential mitigation of such crimson flags.

Within the face of the above “crimson flags,” conventional self-certifications weren’t adequate.

For instance, “When confronted with export compliance-related points, [the exporter] undertook further due diligence to handle such crimson flags, together with requesting a Letter of Assurance from CSCC in January 2019 to substantiate that there was no prohibited end-use and/or end-user concerned in transactions with CSCC.”[25]

Moreover, “[the exporter] sought and obtained from Phytium affirmation that its merchandise weren’t navy gadgets, used to help a navy merchandise, or used to help or contribute to the operation, set up, restore, refurbishing, improvement, or manufacturing of a navy merchandise. Phytium additionally confirmed that it might not enable any individual related with or employed by an entity on the Entity Listing to make use of [the exporter’s] merchandise in violation of U.S. regulation.”[26]

Neither of the above was adequate to keep away from or scale back the $140 million penalty.

A number of prospects continued to obtain managed software program even after they had been positioned on the Entity Listing, “as a result of sure system-level gaps” in “established compliance processes and procedures for terminating transactions with corporations who had been later designated on the Entity Listing.” As a result of no license was sought (and obtained) to allow these software program downloads, these downloads additionally violated U.S. export controls.[27]

By leveraging the “excessive chance” commonplace, BIS stands poised to carry extra enforcement actions, resolve them sooner, and levy a lot increased penalties. Under is an replace to the November 2023 comparability between FCPA and export controls penalties. Export controls penalties nonetheless lag far behind, however the brand new BIS enforcement playbook signifies that penalties will proceed to extend.

1. The period of “excessive chance” enforcement and compliance has arrived. The July 28, 2025 decision is one other step by the federal government in following an “FCPA playbook” in export controls enforcement.
2. Different exporters ought to overview the above info and think about whether or not they have related dangers. Neither BIS nor DOJ ought to be anticipated to imagine that, given the amount of gross sales to China and the significance to Chinese language corporations of acquiring managed gadgets and know-how, that the oblique gross sales to NUDT by way of CSCC and Phytium are remoted incidents.
3. Within the face of “crimson flags” suggesting {that a} purchaser is an “alias” or a entrance firm for a restricted end-use or end-user, reliance on conventional self-certifications by counterparties is more likely to exacerbate, quite than mitigate, the compliance and enforcement dangers. This has essential implications for the brand new “Associates Rule,” introduced by BIS with speedy impact on September 29, 2025, which is roofed intimately in a two-part podcast.[28]

[1] Plea Settlement, U.S. v. Cadence Design Methods, Inc., CR 25-00217-EJD (SVK) (N.D. Cal. July 28, 2025).

[2] U.S. Dept. of Comm., Bureau of Indus. & Safety, Settlement Settlement, Within the Matter of Cadence Design Methods, Inc. (July 28, 2025).

[3] See p. 2 of the BIS Settlement Settlement: “Pursuant to Part 772.1 of the EAR, ‘information of a circumstance (the time period could also be a variant, similar to “know,” “cause to know,” or “cause to consider”) consists of not solely constructive information that the circumstance exists or is considerably sure to happen, but additionally an consciousness of a excessive chance of its existence or future prevalence.’ 15 C.F.R.§772.1. This consciousness could also be inferred from proof of an individual’s acutely aware disregard of recognized info or an individual’s willful avoidance of info.”

[4] BIS, Steerage to Business on BIS Actions Figuring out Transaction Events of Diversion Threat (July 10, 2024); BIS, Bureau of Business and Safety Points New Steerage to Monetary Establishments on Greatest Practices for Compliance with the Export Administration Rules (Oct. 9, 2024); BIS, Division of Commerce Pronounces Rescission of Biden-Period Synthetic Intelligence Diffusion Rule, Strengthens Chip-Associated Export Controls (Could 13, 2025) (amassing three steerage paperwork).

[5] U.S. Dept. of Comm., Bureau of Indus. & Safety, BIS Imposes $5.8 Million Penalty Towards Pennsylvania Firm for Shipments of Low-Degree Objects to Events Tied to the PRC’s Hypersonics, UAV, and Army Electronics Applications (Aug. 15, 2024).

[6] Collected at https://wp.nyu.edu/compliance_enforcement/tag/brent-carlson/; see, e.g., Brent Carlson, When Loopholes Create Legal responsibility Pitfalls: A Recent Have a look at Export Controls, NYU Program on Company Compliance & Enforcement (“PCCE”) Weblog (Aug. 25, 2023); Brent Carlson & Michael Huneke, Know Your Buyer, However Additionally Your self: A Recent Have a look at Sanctions & Export Controls Threat Assessments within the Period of the “New FCPA,” NYU PCCE Weblog (Sept. 28, 2023); Brent Carlson & Michael Huneke, Gradual is Clean, Clean is Quick: A Recent Have a look at Planning and Executing Inner Investigations into Allegations of Sanctions or Export Controls Evasion, NYU PCCE Weblog (Oct. 30, 2023); Brent Carlson & Michael Huneke, How To not Stand Out Like a Sore Thumb (Half 2): A Recent Have a look at the “Excessive Likelihood” Definition of Data Utilized to Export Controls and Sanctions Enforcement, NYU PCCE Weblog (Feb. 21, 2024); and Brent Carlson & Michael Huneke, Keep away from Kicking the Hornet’s Nest: A Recent Have a look at Anticipate, Keep away from, and Reply to BIS Administrative Subpoenas (Half 1), NYU PCCE Weblog (Sept. 19, 2024).

[7] Brent Carlson & Michael Huneke, From Peanuts to Jail Time – A Recent Have a look at the Evolution of Export Controls Penalties, NYU PCCE Weblog (Nov. 14, 2023).

[8] BIS Settlement Settlement at p.2.

[9] Id. at ¶ 6.

[10] Id. at ¶ 7.

[11] Id. at ¶ 8.

[12] Id. at ¶¶ 11–15.

[13] Id. at ¶¶ 11–15.

[14] Id. at ¶ 30.

[15] Id. at p.4 & ¶¶ 23–24.

[16] Id. at ¶¶ 26–27.

[17] Id. at ¶¶ 22 & 27.

[18] Id. at ¶ 31.

[19] Id. at ¶ 32.

[20] Id. at ¶ 33.

[21] Id. at ¶ 34.

[22] Id. at p.3.

[23] See, e.g., U.S. v. SAIC, 626 F.3d 1257, 1275–76 (D.C. Cir. 2010) (citing and distinguishing U.S. v. Financial institution of New England, 821 F.2nd 844, 856 (1st Cir. 1987)).

[24] See additionally Plea Settlement, Attachment A1 (Assertion of Info) ¶ 30, U.S. v. Cadence Design Methods, Inc., CR 25-00217-EJD (SVK) (N.D. Cal. July 28, 2025) (“Through the related time interval by way of 2019, Cadence employed one export management officer with duty over Cadence’s export management compliance program.”).

[25] BIS Settlement at ¶ 22.

[26] Plea Settlement, Attachment A1 (Assertion of Info) ¶ 41.

[27] BIS Settlement at ¶¶ 39–40.

[28] See Episodes 28 and 29 of the “Pink Flags Rising” podcast obtainable at Apple, Spotify, and RSS.

Brent Carlson is the founding father of Pink Flags Rising Options LLC. The views expressed herein are the writer’s personal and don’t mirror the views of his organizations, or of the companions or staff thereof.

The views, opinions and positions expressed inside all posts are these of the writer(s) alone and don’t characterize these of the Program on Company Compliance and Enforcement (PCCE) or of the New York College Faculty of Regulation. PCCE makes no representations as to the accuracy, completeness and validity or any statements made on this web site and won’t be liable any errors, omissions or representations. The copyright of this content material belongs to the writer(s) and any legal responsibility with reference to infringement of mental property rights stays with the writer(s).