Is Your Counterparty Screening Too Thin?

DFARS Subpart 225.771 prohibits contracting or subcontracting with a firm owned or controlled by the government of a country that is a state sponsor of terrorism, absent a waiver. The related DFARS provision at 252.225-7050 requires an offeror to disclose if such a government owns or controls a significant interest in the offeror, its subsidiary, or any other firm that owns or controls the offeror. The related DFARS clause at 252.209-7004 says the contractor shall not enter into certain subcontracts with a firm identified in SAM Exclusions as ineligible for defense awards because it is owned or controlled by such a government.

That is bigger than a checkbox exercise. It means ownership structure matters. Parent company relationships matter. Subsidiaries matter. Control chains matter. And subcontractor screening matters, not just prime offeror screening.

The State Department currently lists four state sponsors of terrorism: Cuba, Iran, North Korea, and Syria. That does not mean every transaction touching those geographies is your main risk. The real operational issue is whether ownership, control, or influence connected to restricted parties is hidden inside a supplier, reseller, intermediary, or lower tier team member you did not examine closely enough.

A lot of firms do one quick screen against a visible company name and assume they are done. That is not enough for three reasons.

• First, the visible company name may not reveal the real ownership chain. OFAC says entities owned 50 percent or more in the aggregate by one or more blocked persons are themselves considered blocked even if they are not separately named on the SDN List.
• Second, ownership and control are not the same thing. OFAC explicitly notes its 50 Percent Rule speaks to ownership, not control. So a firm that is controlled but not owned 50 percent or more by a blocked person may not be automatically blocked under that rule, but it can still present serious risk that requires deeper diligence.
• Third, BIS tells exporters to follow its “Know Your Customer” guidance and resolve red flags. If red flags cannot be explained or justified and you proceed, BIS says you risk having had “knowledge” that can make the transaction a violation.

Here are examples of how this breaks down.

1. The reseller looks clean, but the parent structure does not

You subcontract with a U.S. based distributor for avionics components. The distributor’s website looks professional. The entity name does not trigger a sanctions hit. But nobody on your team checks the parent ownership chain, affiliate structure, or beneficial ownership. Months later, diligence shows the distributor is controlled through a layered structure tied to a restricted or high risk foreign ownership network. The issue was never the surface level name. The issue was the structure behind it. This is exactly why DFARS and OFAC both care about ownership, control, and firms that own or control other firms.

2. The subcontractor is fine, but its lower tier supplier is not

A prime screens its direct machining subcontractor and moves on. The subcontractor then sources a critical input from a lower tier supplier with poor provenance, unresolved ownership questions, or export control red flags. Now the prime has a delivery, compliance, and reputational problem even though its direct partner initially looked acceptable. DFARS 252.209-7004 directly addresses subcontracting risk, and BIS red flag guidance is built around not ignoring suspicious indicators just because the transaction seems commercially convenient.

3. The JV partner is screened once, then never revisited

A contractor forms a joint venture or teaming arrangement and performs one diligence review at onboarding. A year later, ownership changes, a new investor comes in, or a foreign affiliate takes a significant interest. Nobody refreshes the screening. That is dangerous because ownership can change after initial approval, and OFAC warns that blocked ownership can exist even where the entity itself is not separately listed.

4. The broker or intermediary is treated like a logistics function

A defense company uses a sales agent, broker, or overseas intermediary to facilitate introductions, quoting, or routing. The team checks the end customer, but not the intermediary’s ownership, sanctions exposure, or role in the transaction. That is too narrow. OFAC’s framework says many organizations screen customers, supply chain participants, intermediaries, counterparties, documents, and transactions.

5. The company checks names, but not identifiers

A counterparty screen that relies only on a company name can miss aliases, alternate spellings, addresses, identifiers, and beneficial ownership links. The federal Consolidated Screening List exists precisely to help companies screen parties subject to U.S. restrictions across multiple agency lists, and Treasury warns that organizations often fail to include pertinent identifiers in screening.

6. The team assumes “commercial item” means “low risk”

DFARS 225.771 and 252.225-7050 still apply to relevant DoD solicitations, including those using FAR Part 12 procedures for commercial products and commercial services above the threshold specified in the rule. So “this is just commercial support” is not a safe excuse for weak ownership diligence.

Busy teams often stop at the first layer because delivery pressure is real. But the skipped steps are usually the ones that matter most:

• checking parent and subsidiary relationships
• identifying who actually owns or controls the entity
• refreshing screens when ownership changes
• screening intermediaries, brokers, and logistics facilitators
• pushing diligence requirements down to lower tier suppliers
• checking SAM Exclusions, not just general sanctions tools
• resolving BIS red flags instead of explaining them away
• documenting the review in a way that can survive audit or customer scrutiny

A mature defense contractor usually builds a layered process, not a single search.

• SAM Exclusions check: FAR requires contracting officers to review SAM exclusion records before award, and DFARS 252.209-7004 specifically ties the subcontracting prohibition to SAM Exclusions for certain defense work.
• Consolidated Screening List check: Trade.gov’s CSL consolidates multiple U.S. government screening lists and is meant to support screening of parties in regulated transactions.
• Ownership review: Go past the entity name and identify the parent, affiliates, and beneficial ownership issues that could change the risk profile. OFAC’s 50 Percent Rule is the reason this step matters.
• Control and influence review: Even where a party is not automatically blocked, foreign control, board influence, or unusual governance rights can create risk that deserves escalation. OFAC and DFARS do not let you hide behind superficial structure.
• Red flag review: BIS says unresolved red flags can create “knowledge” risk. That means odd payment flows, evasive end use answers, unusual routing, or opaque ownership should trigger deeper review, not business as usual.
• Refresh cadence: Screening once at onboarding is not enough for long term teammates, suppliers, or JVs. Ownership and sanctions status can change. This is an inference based on how the rules work and how party lists and ownership structures evolve.

This is not only a legal operations issue. It is a trust issue.

If your company works in defense, aerospace, controlled manufacturing, mission IT, or supply chain intensive programs, sophisticated buyers and primes want to see signs of diligence maturity. A thin website that says nothing about supplier vetting, sanctions awareness, counterparty screening, export control discipline, or lower tier controls can make a firm look operationally naive, even if the internal team is better than average. That is an inference, but it follows directly from the fact that the government’s own rules and screening systems expect companies to pay attention to ownership, exclusions, counterparties, and red flags.

A credible site should make a few things visible:

• supplier and counterparty screening discipline
• export control and sanctions awareness
• lower tier oversight expectations
• clear compliance points of contact
• disciplined onboarding for partners, resellers, and subcontractors

That does not mean publishing your whole compliance manual. It means showing you understand where risk actually sits.

The hard truth

Many defense contractors are not ignoring ownership and counterparty risk because they do not care. They are ignoring it because they are busy. Busy with proposals. Busy with delivery. Busy with customer pressure. But that is exactly why this risk grows. The thinner your diligence, the easier it is for a bad ownership chain, blocked interest, evasive intermediary, or questionable lower tier supplier to slip into a program before anyone asks the harder questions.

In this market, “we screened the name” is not the same as “we understood the counterparty.”