A Commerce Department audit found that regulators weren’t consistently verifying where controlled exports to China end up. Parisa Salehi of Parker Poe, a former inspector general of the Export-Import Bank, explains why findings like these often lead agencies to tighten enforcement and what that could mean for companies with global supply chains.
A recent audit by the US Department of Commerce Office of Inspector General (OIG) found that the Bureau of Industry and Security (BIS) was not effectively monitoring certain post-shipment verifications involving exports to China and Hong Kong and recommended stronger oversight and accountability measures. The BIS concurred with the recommendations and is working to implement corrective actions.
For companies operating in global supply chains, the practical takeaway is straightforward: When an inspector general identifies oversight weaknesses in a national security program, agencies typically respond with increased monitoring, enhanced accountability and greater enforcement attention.
Based on that reality, here are six steps companies engaged in exports involving China, Hong Kong or potential transshipment jurisdictions should consider taking now and why the OIG’s recommendations are noteworthy for companies from an enforcement perspective based on my experience as a former inspector general.
1. Reevaluate end-user due diligence
The most significant export control risks often arise not from the product itself but from who ultimately receives or uses it.
Companies should take this opportunity to reassess whether their due diligence procedures adequately identify ultimate end users, ownership and control structures, related entities, military or government affiliations and potential connections to parties of concern. As the BIS continues to focus on risks associated with China’s military-civil fusion strategy, exporters should ensure that their diligence extends beyond the immediate customer and, where appropriate, examines downstream users and affiliated organizations.
2. Review diversion-risk controls
The OIG audit centered on the BIS’s ability to verify what happens to controlled items after export. That focus underscores the importance of diversion-risk analysis within corporate compliance programs.
Organizations should evaluate whether they have procedures for identifying unusual shipping routes, third-country intermediaries, inconsistent end-use descriptions or requests involving technologies with military, defense or surveillance applications. Companies should also assess whether transactions presenting elevated risk receive enhanced review and appropriate management oversight before export.
3. Confirm documentation can withstand government review
Strong compliance programs depend on strong documentation.
Companies should assess whether they can quickly produce records supporting export classifications, licensing determinations, end-use certifications, restricted-party screening, due diligence efforts and internal approval decisions. If the BIS increases post-shipment verification activity or enforcement reviews, contemporaneous documentation will remain one of the most effective tools for demonstrating a thoughtful and well-executed compliance process.
4. Test internal escalation procedures
Employees responsible for sales, logistics, procurement and compliance should understand when and how to elevate concerns.
Potential warning signs can take many forms, including changes in end users late in a transaction, conflicting information regarding product use, unusual routing requests, indications of military or government connections or efforts to circumvent established review procedures. A compliance program is only as effective as its ability to identify and escalate risk before a transaction occurs.
5. Prepare for increased government inquiries
Although the audit focused on internal BIS processes, the report may increase management attention on post-shipment verification activity and enforcement metrics. Organizations that can clearly explain who the end user was, how the product was expected to be used, what due diligence was performed and why compliance decisions were made will generally be better positioned when regulators ask questions.
The ability to respond promptly with complete transaction records, shipment documentation and supporting compliance analysis can significantly reduce enforcement risk and help demonstrate a culture of compliance.
6. Conduct an export controls readiness assessment
The Commerce Department OIG audit highlights a fundamental question that every exporter should consider: If the government reviewed a transaction today, could the company demonstrate that its decisions were reasonable, documented and supported by effective oversight?
A readiness assessment should evaluate the entire compliance lifecycle — from export classifications and licensing decisions to end-user due diligence, restricted-party screening, diversion-risk analysis, recordkeeping, escalation procedures, management oversight and internal audit activities. The objective is not simply to determine whether compliance policies exist but whether the organization can demonstrate that those policies operate effectively in practice.
From an enforcement perspective, regulators often focus on a relatively straightforward set of questions:
- How was the customer approved?
- What due diligence was performed?
- Were diversion risks considered?
- Who reviewed and approved the transaction?
- How were concerns escalated?
The ultimate test is whether the organization can quickly produce documentation supporting each of those decisions. In many investigations, the ability to demonstrate how a compliance decision was reached is just as important as the decision itself.
Global Operators Need to Take a Hard Look at Cuba Sanctions
Access to American banks and financial structures are at risk if companies cross the sanctions
Read moreDetailsWhy this matters
The June 2026 audit examined whether the BIS adequately enforced export controls related to China by conducting and managing post-shipment verifications in China and Hong Kong. These verifications are intended to confirm that exported items reached authorized end users and are being used in accordance with US export control requirements.
The OIG found that BIS management did not consistently ensure that post-shipment verifications were conducted or that completed verifications were reviewed and approved within required timeframes. It also found weaknesses in supervisory oversight and accountability mechanisms associated with the verification process.
The report further noted that the BIS performs post-shipment verifications on less than 1% of items exported annually to China and Hong Kong, making effective oversight of those reviews particularly important.
In response, the OIG recommended stronger quality-control mechanisms and increased management visibility into outstanding verifications and accountability actions. BIS agreed with the recommendations.
What the OIG actually recommended
The OIG’s findings were not limited to identifying weaknesses. The report specifically recommended that the assistant secretary for export enforcement implement additional oversight measures designed to increase management visibility and accountability over post-shipment verifications.
Specifically, the OIG recommended that the BIS establish quality-control mechanisms requiring supervisors to monitor post-shipment verifications from approval through closure, ensure that verification results are submitted and reviewed within required timeframes and confirm that investigative leads are initiated when verification findings warrant further action. The OIG also recommended that supervisors provide regular reporting to the bureau’s leadership concerning the status of approved verifications, including those that remain open, and the completion of accountability actions arising from unsatisfactory verification results.
These recommendations are noteworthy because they focus on two areas that often drive enforcement activity: management reporting and accountability metrics. When agency leadership receives regular reports concerning unresolved verifications, investigations and corrective actions, institutional pressure frequently increases to demonstrate measurable enforcement results.
An inspector general’s perspective: Oversight findings often lead to more oversight
Having served as an inspector general, I view this report through a broader lens.
Inspectors general do not establish policy. Their role is to determine whether agencies are effectively administering the programs and authorities entrusted to them. When oversight reviews identify weaknesses in controls, monitoring or accountability, agency leadership typically responds by strengthening those mechanisms.
That pattern has played out repeatedly across national security, financial crime, sanctions, anti-money laundering and trade enforcement programs.
For exporters, therefore, the significance of this report extends beyond the specific post-shipment verification deficiencies identified by the OIG. The more important signal may be that BIS leadership will face increased pressure to demonstrate effective enforcement, measurable oversight and accountability in an area that remains a national security priority.
In practical terms, companies should not view this report as merely an internal government management issue. History suggests that when oversight bodies identify compliance gaps in a sensitive national security program, agencies often respond by enhancing supervision, increasing scrutiny of regulated parties and placing greater emphasis on demonstrable enforcement outcomes. Organizations that take steps now to strengthen diligence, documentation and oversight processes will be better positioned if that occurs.
Looking ahead
The Commerce Department OIG report reflects continuing concern regarding the effectiveness of enforcement mechanisms designed to address risks associated with China’s military-civil fusion strategy.
For companies operating in global supply chains, particularly those involving advanced technologies, dual-use items, semiconductors, aerospace products, AI applications or China-related transactions, now is an appropriate time to review compliance controls, reassess end-user diligence procedures and confirm that documentation and escalation protocols can withstand regulatory scrutiny.
The broader lesson from the report extends beyond any particular transaction or industry sector. Effective compliance is not simply about having policies on paper; it is about demonstrating that decisions are documented, risks are assessed, concerns are escalated and oversight mechanisms function as intended. As the BIS implements the OIG’s recommendations, companies would be well-served to ask the same questions of their own export compliance programs.


Parisa Salehi is the former inspector general of the Export-Import Bank of the United States (EXIM) and currently a partner in the Washington, D.C., office of Parker Poe. She brings more than 20 years of experience advising businesses and executives on complex compliance, cross-border investigations, international trade and government enforcement issues. 







