News & Blogs

Bosch Fined $36M for Export Control Violations, Highlighting Critical Compliance Gaps

Global · · radicalcompliance.com

Bosch has been penalized $36.1 million for violating U.S. export controls by selling advanced software and micro-electronics to Huawei, a sanctioned entity. This case underscores the critical importance of robust, well-resourced trade compliance programs, especially for multinational corporations navigating complex international regulations like the Foreign Direct Product Rule. Internal audit and assurance professionals should examine their organizations' export control frameworks, staffing, and training to prevent similar costly oversights and ensure compliance with evolving global sanctions.


Bosch's Costly Compliance Failures

German manufacturing giant Bosch has agreed to pay $36.1 million to settle charges of violating U.S. export controls. The violations stemmed from the sale of $72.4 million worth of advanced software and micro-electronics to Huawei, a Chinese telecom company under U.S. sanctions since 2019. The core issue revolved around Bosch's subsidiaries, BST and ETAS, exporting products that were direct products of U.S. technology, thus falling under the Foreign Direct Product Rule (FDPR). This rule prohibits foreign companies from selling goods to sanctioned parties if the manufacturing process relies on U.S. components or technology, even if the goods are produced abroad.

Under-resourced Compliance and Misinterpretations

The Commerce Department's settlement order revealed significant weaknesses in Bosch's trade compliance function. The U.S. export controls compliance team was severely understaffed, with only two employees, one of whom was dedicated full-time to the area. This lack of resources led to a critical misunderstanding of the FDPR, particularly its application to products manufactured using U.S. technology. A German trade compliance officer erroneously conflated the De Minimus Rule with the FDPR, advising subsidiaries that their products were compliant for export to Huawei. Furthermore, the software subsidiary, ETAS, was incorrectly informed that FDPR restrictions did not apply to software, leading to further violations.

Ignored Warnings and Remedial Actions

Compounding the problem, Bosch received multiple warnings from external business partners regarding potential FDPR violations, yet these concerns were consistently dismissed or misinterpreted by the under-informed compliance team. These warnings, some explicitly referencing the FDPR and other enforcement actions, failed to trigger a proper internal review. Ultimately, Bosch self-disclosed the violations to U.S. authorities, a crucial step that led to a declination of criminal charges from the Justice Department. As part of its remediation, Bosch significantly bolstered its trade compliance capabilities, hiring 66 new employees, expanding U.S. trade compliance resources, and updating internal policies and procedures to clarify U.S. export controls and licensing requirements. This case serves as a stark reminder that early disclosure, even before a complete internal investigation, and a robust, well-funded compliance program are paramount for mitigating enforcement risks.


Read more
Comments

No comments yet. Be the first.


Sign in to join the discussion.

Sign in or Create account
Subscribe

By email

Get audit & assurance news in your inbox.


By feed reader

We publish RSS, Atom, and JSON feeds sliced by category and region.

View all feeds →

Have a tip? Submit a story or job →

Subscribe by email

Get audit & assurance news in your inbox. Or use a feed reader — view all feeds →