Compliance is a board-level risk
A recent BIS settlement with Solventum over export violations highlights that trade-compliance failures are becoming operational and board-level risks rather than isolated legal problems. The case reinforces the need to embed export-control checks into procurement, supplier attestations, and programme management rather than treating them as after-the-fact audits. (radicalcompliance.com)
On March 27, 2026, the U.S. Bureau of Industry and Security said Solventum would pay a $1.6 million civil penalty over two export-control cases tied to China, and both cases involved membrane contactors that the company treated as low-risk EAR99 items. (bis.gov 1) (bis.gov 2) The surprise is that “EAR99” does not mean “ship anywhere.” It usually means an item is not on a tightly controlled product list, but a license can still be required if the customer is a blocked party or the end use is restricted. (bis.gov 1) (bis.gov 2) One charge says Solventum helped send 87 contactors to Semiconductor Manufacturing South China Corporation after a late-2022 internal request named “Shanghai SMSC Project” as the end user and a January 2023 purchase order from a Hong Kong reseller also identified “SMSC.” (radicalcompliance.com) (bis.gov) Solventum had Bureau of Industry and Security licenses for some sales to that customer earlier in 2023, but the agency suspended those licenses in late 2023. Solventum’s trade-compliance team canceled some shipments, yet this order still moved, with the goods handed to a U.S.-based freight forwarder on December 28, 2023 and arriving in China on January 9, 2024. (radicalcompliance.com) (bis.gov) The other charge shows how fast the rules can change in the middle of an ordinary order cycle. A China-based reseller ordered 30 contactors on November 30, 2020, nine were meant for Ningbo Semiconductor International, and that customer was added to the Entity List on December 18, 2020 before the shipment went out on January 1, 2021. (radicalcompliance.com) (bis.gov) That is why export compliance now looks less like a legal memo and more like air-traffic control. A customer can be clear on Monday, restricted on Friday, and still sitting inside a live sales order, a warehouse queue, and a freight booking. (bis.gov 1) (bis.gov 2) The Solventum case also turned on operations data, not a whistleblower or a dramatic raid. Radical Compliance reports that a routine filing from the freight forwarder listed both Solventum and the Chinese end user, which triggered a Bureau of Industry and Security review. (radicalcompliance.com) (bis.gov) That changes who owns the risk inside a company. If sales teams enter project names, distributors name end users, procurement teams accept supplier paperwork, and logistics teams release freight, then a board cannot treat export controls as something the legal department checks after the truck leaves the dock. (radicalcompliance.com) (bis.gov) The practical lesson is boring in exactly the way big failures usually are. Screening has to happen when a customer is created, when an order changes, when a license is suspended, and again before shipment, because each handoff is a chance for an old approval to keep moving after the rules have changed. (bis.gov) (bis.gov) The penalty here was $1.6 million, but the number understates the message. The Bureau of Industry and Security has been telling exporters through enforcement releases and case summaries that export controls are now a systems problem, where bad master data, stale approvals, and weak escalation can turn a routine shipment into a board-level event. (bis.gov) (bis.gov)
