What the US BIS “50% Affiliates” Rule Means for Third-Party Risk

In the era of global supply chains and rapidly evolving export-control regimes, screening by name alone is no longer enough. The Bureau of Industry and Security (BIS) recently issued a new final interim rule Expansion of End-User Controls To Cover Affiliates of Certain Listed Entities or what’s being dubbed the “50% Affiliates Rule”, significantly expanding the universe of entities subject to U.S. export controls through ownership and affiliation. 

While implementation of the rule has been temporarily suspended for one year (through to November 2026), the policy direction is clear. Organizations have a critical window to strengthen ownership visibility, operationalize look-through diligence, and lay the ground for compliance before the rule returns.

What Could Change - At a Glance

As of late 2025, BIS issued an interim rule that treats any foreign entity that is 50% or more owned (directly or indirectly, individually or in aggregate) by one or more parties on the Entity List, Military End‐User (MEU) List or certain Specially Designated Nationals and Blocked Persons (SDN) entries as if it itself were a listed entity. While the rule’s enforcement is currently suspended, companies should be building ownership visibility and decisioning capabilities now, not waiting for active enforcement to resume.  

Historically, many organizations would screen counterparties only for direct listing status (e.g., on the Entity List) and not look deeper into ownership. The new rule closes that “loophole” by adding a look-through obligation.

The change aligns the BIS export‐control regime more closely with the existing approach of the Office of Foreign Assets Control (OFAC) in the sanctions space, where the “50% rule” for ownership has been long-established.

In practice: if your supplier, distributor, joint-venture partner or other third-party is 50%+ owned by a listed entity, once the rule is back in force, you must treat them as subject to export restrictions (license requirements, possible denial) -  regardless of whether they are explicitly listed themselves.

Why This Still Matters for Compliance & TPRM Programs

Hidden exposure becomes real

Many organizations have robust screening of named entities and watchlists. However, they may lack visibility into ownership chains, indirect investments, or aggregate holdings. Once the new rule goes into force,  what was once “clean” might now be captured simply due to ownership structure.

Diligence expectations rise

Compliance teams will need to:

• Understand who owns the entity (directly and indirectly) and if listed parties sit in that ownership structure.

• Document what has been assessed - the “affirmative duty” to assess ownership is now explicit.

• Escalate where ownership is opaque or indeterminate. If you cannot determine ownership, you may need to assume risk or cease the relationship.

Supply-chain complexity increases

Especially for enterprises operating globally, supply chains include multiple tiers, joint-ventures, minority investments and hybrid ownerships. Keeping track of this across jurisdictions is operationally challenging -  and the cost of error is high.

Screening by name is no longer enough

Traditional screening tools (match name to watchlist) are necessary but insufficient. Ownership-based screening will be a core expectation. If your process doesn’t capture beneficial ownership, indirect investment, or identify when a listed entity controls 50%+ of a counterparty, you’re exposed.

Key Steps for Organizations

1. Map your counterparty universe – suppliers, distributors, partners, joint ventures. Identify which involve U.S.-origin goods, software or technology (or items subject to the EAR) or U.S. export-control jurisdiction.

2. Determine ownership and affiliation – for each counterparty, collect ownership information: who owns them, what percentage, whether any listed entity is in the chain.

3. Define red flags and escalation logic – e.g., if ownership by listed entity ≥ 50% (direct or indirect) then treat as listed; if you cannot determine ownership then trigger enhanced review or license decision.

4. Revise policies and procedures – update your screening policy to reflect the ownership rule, define how indirect/aggregate ownership is handled, and ensure due diligence workflows capture this.

5. Use enhanced screening tools + data – leverage third-party data that captures corporate linkages, beneficial ownership, and aggregate holdings beyond just named watchlists.

6. Document thoroughly – maintain an audit trail showing your ownership investigations, how decisions were made, and what residual risks remain.

7. Train your wider organization – this is not just a legal exercise. Procurement, logistics, sales and other functions need to understand how ownership risk can flow into export-control risk.

8. Monitor and update – ownership structures may change (mergers, acquisitions, investments); screening is not a one‐time exercise but should be ongoing.

How GAN Integrity Helps

At GAN Integrity, we recognize that the “look-through” ownership challenge is one of the most difficult compliance obstacles facing global organizations today. Here’s how we support you:

• Ownership network intelligence – Integrity Enrich’s AI-led Network Risk Intelligence helps shed light on multi-level ownership structures and available ownership percentages (direct, indirect, aggregate). Native integrations with providers such as Sayari and Moody’s Orbis provide further insight into whether a counterparty meets the 50% threshold for listed-affiliate risk.

• Defensible audit trail – all data, decision-points, ownership investigations and risk determinations are captured in one place, making it easier to demonstrate your compliance efforts to regulators or auditors.

• Global, integrated perspective – because the ownership challenge spans jurisdictions, our system links with third-party data sources globally and integrates export-control, sanctions and ownership risk into your broader compliance ecosystem.

Final Thoughts - A Better Compliance Posture

Although the BIS Affiliates Rule is suspended for a year, it remains a landmark development.  The delay does not diminish the long-term shift it represents: global-scale compliance now requires much deeper visibility into ownership, control and affiliation - not just screening names. Organizations that treat this as a tick-box exercise will face increased risk of inadvertent violations, disruptions, or reputational harm.

The good news is: this isn’t an entirely new discipline. Many advanced compliance and TPRM teams have been evolving their third-party screening programs to include beneficial ownership and network-mapping already. The rule simply raises the bar and puts sharper regulatory expectations into view.

By combining ownership intelligence, automated workflows, and a unified compliance platform, you can turn what looks like a compliance burden into a strategic advantage, enabling better decision-making, stronger global supply-chain resilience and a defensible posture in the face of regulatory change.

If you’d like to explore how GAN Integrity can support your organization’s readiness for the BIS ownership-based obligations, we’d be happy to walk you through a tailored demonstration.