Most compliance guides for freight forwarders stop at the agency list and a penalty number designed to scare you. This one goes further. It covers the specific decisions your operations team faces every week: when to screen, when to file, what your bond actually covers, where your liability ends and your customer’s begins, and what breaks first when you hire a sub-agent who cuts corners.

If you run a freight forwarding operation touching U.S. trade, you face enforcement risk from at least five federal agencies simultaneously. None of them accept “I’m just the forwarder” as a defense.

The regulatory agencies that govern U.S. freight forwarding

Seven agencies hold primary enforcement authority over freight forwarding operations in the United States. Knowing which agency owns which risk is the foundation of any working compliance program.

AgencyPrimary authorityEnforcement mechanism
U.S. Customs and Border Protection (CBP)Import entry, duties, bonds, ISFPenalty notices, holds, seizure
Bureau of Industry and Security (BIS)Dual-use export controls (EAR)Civil and criminal penalties, denial orders
Office of Foreign Assets Control (OFAC)Sanctions programsStrict liability civil penalties, criminal prosecution
Federal Maritime Commission (FMC)Ocean carrier licensing, tariff, bondLicense revocation, fines up to $50,000/violation
Transportation Security Administration (TSA)Air cargo security, certified shipperCargo hold, decertification
Directorate of Defense Trade Controls (DDTC)Defense articles (ITAR)Criminal referral, debarment
Census Bureau / AESExport data reporting (EEI)Civil penalties up to $10,000/violation

The overlap is where forwarders get caught. A single ocean export shipment can simultaneously trigger CBP (AES filing), BIS (ECCN classification), OFAC (party screening), and FMC (tariff compliance). Each agency runs its own enforcement calendar and does not coordinate penalty notices with the others.

Importer Security Filing (ISF / 10+2): the most commonly missed obligation

The Importer Security Filing is the compliance area where small and mid-size freight forwarders most consistently accumulate risk without realizing it. Most compliance guides mention ISF once in a FAQ and move on. The operational reality is more complicated than that.

What ISF requires

Under 19 CFR 149, ocean imports into the United States require an ISF transmission to CBP at least 24 hours before cargo is loaded at the foreign port. The “10+2” label refers to the ten data elements the importer must provide and two the ocean carrier provides separately.

The importer’s ten elements:

  1. Seller (name and address)
  2. Buyer (name and address)
  3. Importer of record number (IRS EIN, SSB, or CBP-assigned)
  4. Consignee number
  5. Manufacturer (or supplier) name and address
  6. Ship-to party name and address
  7. Country of origin
  8. Commodity HTS-6 number (first six digits)
  9. Container stuffing location
  10. Consolidator (stuffer) name and address

The carrier’s two elements are the vessel stow plan and container status messages.

Who files ISF, and who is liable

The ISF must be filed by or on behalf of the importer of record, not the freight forwarder. In practice, most importers delegate ISF filing to their forwarder or customs broker. When you accept that delegation, you inherit the filing liability.

If you file on your customer’s behalf, your service agreement must define who provides the ten data elements and by what deadline, assign liability for penalties that result from late or inaccurate data the customer provides, and specify whether you use a power of attorney for CBP filings.

Without a clear agreement, CBP treats you as the responsible party.

ISF penalties

CBP can assess up to $5,000 per violation for late, inaccurate, or incomplete ISF filings. Common triggers:

  • Late transmission (after cargo load, not just late by an hour)
  • Missing or incorrect HTS-6 code
  • Manufacturer name that does not match the bill of lading
  • Failure to update an ISF when cargo details change before arrival

CBP runs a 100% ISF compliance targeting rate. Automated holds are immediate. Liquidated damages notices follow.

ISF for consolidations (LCL)

For less-than-container-load freight, the rules get more complicated. The consolidator (typically an NVOCC) files a single ISF 5 with five data elements for the full container. Each underlying importer’s forwarder files an ISF 10 for their individual shipment. If your customer is one of twenty importers in a consolidated container, you are still responsible for your customer’s ISF 10 filing on time.

Import compliance: beyond the entry summary

Customs bonds: what your customer’s bond actually covers

Every commercial import transaction into the United States requires a customs bond. Most forwarders know this. Fewer understand the bond mechanics well enough to explain them to customers.

A Single Entry Bond covers one importation. The bond amount equals the total entered value of the merchandise plus applicable duties, taxes, and fees, with a minimum of $100. Infrequent importers use this.

A Continuous Import Bond covers all importations by the bond principal for a 12-month period. The minimum is $50,000, or 10% of the duties, taxes, and fees paid in the prior calendar year, whichever is greater. Almost all regular importers use a continuous bond.

CBP can make a claim against the bond principal and the surety for any outstanding duties, penalties, or liquidated damages within three years of the relevant import transaction. If your customer’s bond is insufficient, CBP can hold subsequent shipments until the bond is increased.

If you are named as the surety’s agent for filing purposes and you file an entry with a bond you knew was insufficient, you carry potential liability alongside the importer. When onboarding a new shipper, verify their bond status and capacity before filing the first entry.

HTS classification and forwarder liability

The importer of record is legally responsible for correct HTS classification. The freight forwarder is not, unless you classified the goods yourself and the importer relied on your classification.

In practice: if your customer gives you the HTS code, get it in writing, in the commercial invoice or a written instruction. If you classify goods on their behalf, CBP expects classification at the most specific applicable heading, not the cheapest duty rate. Misclassification penalties under 19 USC 1592 range from 20% of the unpaid duties (negligence) to the full domestic value of the merchandise (fraud).

Antidumping and countervailing duty orders

AD/CVD orders are some of the largest financial exposure in import compliance and among the most commonly ignored. When CBP initiates an AD/CVD investigation, it publishes a deposit rate. Final determination can come years later, and the actual duty owed can differ significantly from the deposit rate.

You are not required to assess AD/CVD liability. But if your customer imports goods from a country and product category with known AD/CVD orders, the appropriate professional posture is to disclose that you are not advising on AD/CVD exposure and to recommend they consult a licensed customs broker.

Current AD/CVD orders cover over 600 product categories. Common ones that catch forwarders off guard:

  • Solar panels (China, multiple orders)
  • Steel and aluminum products (broad country coverage)
  • Wooden bedroom furniture (China)
  • Mattresses (multiple countries)
  • Hardwood plywood (China)
  • Certain paper products

Export compliance: how to determine whether you need a license

Most compliance training stops at “BIS governs dual-use exports.” If your team cannot run the actual license determination, that knowledge does nothing. The five-step process below is what your operations staff needs to work through on any non-routine export.

Step 1: classify the item under the Commerce Control List (CCL)

Every physical product, software, and technology has an Export Control Classification Number (ECCN) or falls under the catch-all designation EAR99.

EAR99 means the item is subject to the Export Administration Regulations but falls outside the CCL. EAR99 items generally do not require a license for most destinations, but can still be controlled to specific countries or parties.

An ECCN is a five-character code (e.g., 5A002, 1C351) identifying controlled items and the reason for control.

How to find an ECCN:

  1. Check the manufacturer’s export compliance documentation first.
  2. Search the Commerce Control List (15 CFR Part 774).
  3. Request a classification ruling from BIS if the item is borderline.

Never assume a product is EAR99 without checking. Assuming wrong on a military electronics component carries criminal exposure.

Step 2: identify the reason for control

Each ECCN lists one or more reasons for control: National Security (NS), Anti-Terrorism (AT), Crime Control (CC), Missile Technology (MT), Nuclear Nonproliferation (NP), Chemical and Biological Weapons (CB), and others.

The reason for control determines which countries require a license, based on the Commerce Country Chart (Supplement 1 to Part 738).

Step 3: check the Country Chart

Cross-reference the ECCN’s reason for control against the destination country on the Commerce Country Chart. If there is an “X” at the intersection of the reason for control and the destination country column, a license is required unless a license exception applies.

For items going to a Country Group E:1 country (Cuba, Iran, North Korea, Syria, or Russia under current sanctions), the analysis stops: essentially all exports require a license, and most will be denied.

Step 4: check available license exceptions

BIS publishes license exceptions in Part 740 that allow certain exports without a formal license application. The most commonly used for commercial freight:

ExceptionCodeCommon use
Low Value ShipmentsLVSParts/components below dollar threshold
Shipments to Country Group BGBSCertain items to allied nations
Technology and SoftwareTSRCertain software to approved destinations
Temporary Imports, Exports, and ReexportsTMPTrade show samples, returns
BaggageBAGPersonal effects

Apply only one exception per shipment. If no exception applies and the Country Chart shows a license required, file a license application with BIS before export.

Step 5: file the Electronic Export Information (EEI) via AES

For exports valued over $2,500 per Schedule B number, or for any export requiring a BIS license, you must file Electronic Export Information through the Automated Export System (AES), accessible via the Census Bureau’s ACE portal.

EEI must be filed and a valid ITN (Internal Transaction Number) generated before export. The Schedule B or ECCN classification must appear on the EEI. If a license applies, the license number and exception code must appear. Penalties for AES violations go up to $10,000 per civil violation; criminal violations carry up to $250,000 and 10 years.

The freight forwarder typically files EEI as the authorized agent of the U.S. Principal Party in Interest (USPPI, usually the exporter). When you file EEI, you are certifying the information is accurate. If the exporter gives you bad data and you file it, you share the violation.

OFAC sanctions compliance: what “screening” actually means

The strict liability problem

OFAC sanctions violations do not require intent. If you route a shipment that involves a sanctioned party, OFAC can assess a civil penalty even if you had no reason to know the party was sanctioned. This is the strict liability standard, and it is the most misunderstood aspect of sanctions compliance in the freight industry.

Your screening process is your primary defense. Its quality determines your penalty exposure even when a violation occurs. OFAC’s Economic Sanctions Enforcement Guidelines treat a robust compliance program as a significant mitigating factor in penalty calculation. No compliance program at all is an aggravating factor.

What you must screen

Screen these parties on every transaction, at minimum:

  • Shipper / exporter
  • Consignee / importer
  • Notify party
  • Intermediate consignee
  • Ultimate consignee
  • Bill of lading parties
  • Financial institutions in the payment chain (if available)
  • Vessel / carrier (for ocean freight)

Screen against these lists:

  • SDN List (OFAC): Specially Designated Nationals and Blocked Persons
  • Non-SDN Consolidated List (OFAC): includes sectoral and other program lists
  • Entity List (BIS): parties subject to enhanced export licensing requirements
  • Denied Persons List (BIS): parties prohibited from participating in export transactions
  • Unverified List (BIS): parties where BIS could not verify end-use
  • Debarred Parties List (DDTC/State): parties debarred from ITAR transactions

The Consolidated Screening List maintained by the International Trade Administration combines most U.S. government export-control lists and is available free via api.trade.gov. That is a reasonable starting point. For high-volume operations, automated screening integrated into your TMS workflow is the industry standard.

When a match hits

If your screening system returns a potential match:

  1. Do not process the transaction until the match is resolved.
  2. Compare the match against all available identifying information: date of birth, address, ID numbers.
  3. Document your analysis in writing.
  4. If the match is confirmed or cannot be ruled out, do not proceed. Contact OFAC if you need a specific license.
  5. Log every potential match and resolution, including the logic used to clear a false positive.

Screening logs are your audit trail. OFAC examiners will ask for them.

ITAR: the standard that cannot be delegated

The International Traffic in Arms Regulations govern defense articles, defense services, and related technical data. Civil penalties go up to $1,394,572 per violation. Criminal penalties go up to $1 million and 20 years per count.

Freight forwarders who handle defense-related cargo need to understand one obligation clearly: you cannot export, re-export, or transfer ITAR-controlled items without a State Department license or an applicable exemption, regardless of what the shipper tells you.

If a shipper presents hardware, technical data, or services that touch military applications, space launch, firearms, or military electronics and does not produce a valid DSP-5 export license or documented ITAR exemption, decline the shipment. The shippers who pressure forwarders to move ITAR cargo without documentation are often the ones who already know they have a problem.

Product-specific import compliance: what triggers what agency

Most compliance guides mention that FDA, EPA, USDA, and CPSC have authority over certain imports. Few explain the practical trigger points.

FDA (Food and Drug Administration)

FDA review is triggered by product category, not importer status. Common freight categories requiring FDA clearance:

  • Food and beverages (including pet food): FDA Prior Notice required 2-8 hours before arrival depending on mode. Automatic detention risk for shipments from facilities with prior violations.
  • Drugs and biologics: Import permit required. Unapproved drugs are subject to immediate detention.
  • Medical devices: FDA registration and device listing required for the manufacturer. 510(k) clearance or PMA approval must be on file before import.
  • Cosmetics: Lower bar than drugs, but products with drug claims are regulated as drugs.
  • Tobacco products: FDA Center for Tobacco Products has separate import requirements.

If the commercial invoice describes food, supplement, drug, medical device, or cosmetic, assume FDA involvement and verify clearance status before the shipment arrives. FDA detention means the cargo sits in a bonded warehouse at the importer’s cost until resolved, which can be days to months.

USDA / APHIS / FSIS

The Animal and Plant Health Inspection Service and the Food Safety and Inspection Service have jurisdiction over:

  • Live plants and plant materials: Phytosanitary certificate from the country of origin required. Many products require a USDA import permit.
  • Live animals: Veterinary health certificate, quarantine on arrival.
  • Meat, poultry, and egg products: Must originate from a USDA-approved foreign establishment. FSIS reinspects at the port.
  • Wood packaging material: All wood packaging (pallets, crates, dunnage) must comply with ISPM 15 (heat-treated or fumigated). Non-compliant wood packaging is one of the most common hold triggers that delays entire containers, and it is routinely overlooked.

If the cargo is fully compliant but the pallet is not, CBP and USDA will hold the entire container. Confirm ISPM 15 compliance with your shipper before the cargo ships.

EPA

EPA has import authority over:

  • Vehicles and engines (emissions compliance): Vehicles must comply with EPA emission standards. Non-compliant vehicles cannot be imported for use on public roads.
  • Ozone-depleting substances: Import permits required for substances controlled under the Montreal Protocol.
  • Pesticides: FIFRA registration required. Pesticides without EPA registration are prohibited imports.
  • PCB-containing equipment: Specific handling and documentation requirements.

CPSC (Consumer Product Safety Commission)

Consumer products must meet CPSC safety standards. The compliance mechanisms forwarders encounter most often:

  • Children’s products: Third-party testing and a Children’s Product Certificate (CPC) required. Lead, phthalate, and flammability standards apply.
  • General merchandise: General Conformity Certificate (GCC) required for products subject to consumer product safety rules.
  • Electronic products emitting radiation (including microwave ovens, lasers, X-ray equipment): FDA Center for Devices and Radiological Health has parallel jurisdiction.

CPSC can refuse entry on non-compliant products and can pursue civil penalties against importers who repeatedly import non-compliant goods.

The customs broker vs. freight forwarder distinction

This is one of the most consequential misunderstandings in the industry. It determines who holds the license, who signs the entry, and who CBP chases first when something goes wrong.

A licensed customs broker holds a CBP license under 19 USC 1641. A customs broker can prepare and file customs entries on behalf of importers, must pass a CBP broker examination or be a corporation with a licensed broker as a qualifying individual, and is subject to CBP discipline including license suspension and revocation. Only a licensed customs broker is legally authorized to transact customs business.

A freight forwarder holds an Ocean Transportation Intermediary license from the Federal Maritime Commission (for ocean freight) or registration with TSA (for air freight). A freight forwarder arranges the movement of cargo. Without a separate CBP broker license, a freight forwarder cannot file customs entries.

Many freight forwarders believe their OTI license covers customs entry preparation. It does not. Preparing a customs entry without a CBP broker license is unlicensed customs practice, which CBP can penalize.

If you are not a licensed customs broker, you cannot file the import entry (CBP Form 3461, 7501) yourself. You need a licensed customs broker for entry filing. Your role ends at cargo handling and documentation. When you market “customs clearance” services, verify whether your license covers that or whether you are contracting it to a broker partner.

Many firms hold both licenses. If yours does not, and your team is preparing entries, stop and either get licensed or engage a broker.

FMC licensing: the ocean freight forwarder’s baseline

If you arrange ocean freight on behalf of shippers in the United States, you are required to be licensed by the Federal Maritime Commission as an Ocean Freight Forwarder (OFF) or registered as a Non-Vessel Operating Common Carrier (NVOCC) under the Shipping Act of 1984 (46 USC 40901).

An Ocean Freight Forwarder license is required to dispatch shipments from U.S. ports on behalf of exporters. It requires a $50,000 surety bond, an FMC Form 18 application, a background check, and a qualifying individual.

NVOCC registration is required to issue bills of lading to shippers. It requires a $75,000 surety bond (or $3,000,000 for certain NVOCCs), published tariffs with FMC via an approved tariff publisher, and a “bill of lading terms” disclosure in each B/L.

Operating as an OTI without the required license or registration carries penalties up to $50,000 per voyage.

Third-party and sub-agent liability

This is the compliance gap most forwarders discover only after an incident.

When you engage a foreign correspondent agent, a trucking subcontractor, a customs broker in another country, or a co-loader to handle part of a transaction, you do not transfer your compliance liability to them.

BIS holds the U.S. party in a transaction responsible for export violations even when a foreign agent executed the transaction at your direction. OFAC applies strict liability to the U.S. person who arranged the transaction, regardless of which entity conducted the physical transfer. CBP holds the importer of record and its authorized agents responsible for entry accuracy, even if bad data came from a foreign supplier or consolidator.

Practical steps to limit sub-agent exposure

  1. Written agreements. Every sub-agent relationship should include a compliance certification. The agent represents they have screened all parties and the transaction complies with applicable trade laws.
  2. Screen the sub-agent. Screen your sub-agents against restricted party lists. Engaging a freight agent that is itself on the SDN list is a violation.
  3. Right to audit. Include a right to audit compliance practices in major agent relationships.
  4. Incident notification. Require the agent to notify you immediately if they discover a potential violation in your transaction.
  5. No delegation of OFAC screening. You can use your agent’s screening result as supplementary information, but maintain your own screening process as the primary layer.

Record retention: what to keep and for how long

U.S. trade compliance has multiple overlapping record retention obligations. A single import or export transaction may generate records subject to different retention clocks under different agencies.

Record typeRetention periodAuthority
Customs entry records (import)5 years from entry date19 CFR 163.4
Export transaction records (EEI, BIS)5 years from export date15 CFR 762.6
OFAC screening records and SDN match decisions5 years from transactionOFAC guidance
FMC tariff records5 years46 CFR 532
ITAR export records5 years from expiration of license or export22 CFR 122.5
ISF filing records5 years from entry date19 CFR 149
AES/EEI filings5 years15 CFR 30.10

Five years is the baseline across U.S. trade compliance. Design your document retention system around that floor and you cover most of your obligations.

Maintain records in a format that allows production to a government examiner within a reasonable timeframe. CBP and BIS both issue document requests with 30-day response windows. Paper-only records stored off-site is a compliance risk independent of the underlying transaction.

C-TPAT: the voluntary program that is not optional anymore

The Customs-Trade Partnership Against Terrorism is technically a voluntary CBP supply chain security program. In practice, major importers now require C-TPAT certification from their freight service providers as a condition of doing business.

C-TPAT reduces how often CBP examines your cargo, gets you priority processing at ports, opens the FAST lane at land borders, and gives you preferred treatment in penalty mitigation.

CBP conducts a security profile assessment covering physical facility security, personnel hiring practices, IT systems, access controls, and training. Minimum criteria include a named security point of contact, a written C-TPAT security policy, employee background checks in hiring, facility perimeter controls (fencing, lighting, locks), cargo seal procedures for container operators, and training for security-related roles.

Certification is granted after a CBP validation visit, followed by periodic revalidations.

If your operation does not have C-TPAT status and your target customers are mid-market manufacturers or importers with formal procurement processes, expect C-TPAT to appear on their vendor onboarding checklist.

Building a compliance program: what actually works for a small forwarder

A five-person forwarder cannot run a compliance program designed for a Fortune 500 trade department. Here is the functional minimum.

1. Designate one person as the compliance lead

This does not have to be a full-time compliance officer. This person needs to own the screening process and document it, receive training annually on changes to BIS, OFAC, and CBP requirements, be the single contact for any government inquiry, and review any transaction flagged as unusual before it processes.

Without a named person, compliance tasks fall through the gaps.

2. Build a written screening policy

Two pages is enough. It should state what lists you screen against, when screening happens in the transaction workflow (before booking, before B/L issuance, or both), who performs the screen, what happens when a potential match is found, and how long screening records are kept.

3. Implement screening in your workflow, not after the fact

Screening after the B/L is issued is not screening. By then, you have already agreed to move the cargo. Screening must occur before you accept the booking. If you use a TMS, screen at the booking stage. If you use email workflows, screen before sending the booking confirmation.

4. Get the right licenses

Verify that your FMC license or NVOCC registration is current before onboarding a new lane. Verify that your CBP broker license, if you hold one, has a qualifying individual who is still employed. Licenses lapse; staff turns over.

5. Audit one trade lane per quarter

Pick a lane, pull ten recent transactions, and check: Was ISF filed on time? Was every party screened? Was EEI filed where required? Are the records complete and retrievable?

Ten transactions is enough to find systematic problems. You do not need to audit everything.

How AI is changing U.S. trade compliance for freight forwarders

The compliance workflow described in this guide generates hundreds of data points per transaction: shipper names, addresses, HTS codes, AES filings, screening outcomes, ISF data elements. Managing that data has historically required manual entry across multiple disconnected systems, which is where the errors accumulate.

Freight forwarding operations are adopting AI tools that automate the data extraction layer, connecting inbound shipment emails and documents to the compliance workflow before a human touches the transaction. ISF data collection happens earlier. Screening happens at booking rather than at B/L. The audit trail builds automatically rather than getting reconstructed after the fact.

For small and mid-size forwarders, this changes the economics. A compliance workflow that previously required a dedicated administrator can run on a fraction of that labor, with more consistent documentation than any manual process produces.

The regulatory agencies have not changed their standards in response. CBP still assesses $5,000 per ISF violation. OFAC still applies strict liability. What has changed is the practical ability of a five-person forwarder to meet those standards without a compliance department.

A note on using this guide

Freight forwarding compliance in the United States is not a single framework. It is a set of overlapping agency requirements, each with its own penalty structure, each updated on its own schedule, and none of which communicate with each other when they find a problem. The forwarder who assumes compliance with one agency satisfies the others will eventually find out otherwise.

The practical path is to build the screening and filing workflows correctly at the start, document everything, name someone responsible, and audit regularly. The cost of getting it right is substantially lower than the cost of the first significant violation.

This guide covers U.S. regulatory requirements as of 2025. Regulations in this space change frequently. Confirm current requirements with a licensed customs broker, trade attorney, or the relevant agency before making compliance decisions for specific transactions.

Frequently asked questions

Can a freight forwarder be held liable for an OFAC violation if they did not know the party was sanctioned?

Yes. OFAC's strict liability standard means knowledge is not required for a civil penalty. OFAC's enforcement guidelines provide significant mitigation for organizations with a compliance program that shows proactive screening and reasonable care. No compliance program at all is an aggravating factor.

What is the difference between an ISF 10 and an ISF 5?

An ISF 10 is filed for non-bulk ocean imports and requires all ten data elements from the importer. An ISF 5 is filed by NVOCCs or consolidators for consolidated LCL shipments and requires only five data elements: booking party, foreign port of unlading, place of delivery, ship-to party, and commodity HTS-6. In an LCL shipment, the NVOCC files the ISF 5 and each underlying importer's agent files an ISF 10 for their cargo.

Do freight forwarders need to screen every shipment, or only shipments to sanctioned countries?

Screen every shipment, regardless of destination country. SDN-listed parties operate through front companies in non-sanctioned countries. A sanctioned Iranian national can be the ultimate beneficial owner of a Canadian freight company. Geography alone is not a reliable risk filter.

Are freight forwarders responsible for the compliance of their foreign sub-agents?

U.S. law holds U.S.-based parties responsible for transactions they arranged, even when executed by foreign agents. You cannot transfer OFAC, BIS, or CBP liability to a foreign correspondent agent by contract alone. Maintain your own screening, include compliance certifications in your agent agreements, and document your oversight of their practices.

Can a freight forwarder prepare and file U.S. customs entries?

Only if the freight forwarder also holds a CBP customs broker license. An OTI license from the FMC covers ocean freight forwarding, not customs entry preparation. Preparing a customs entry without a CBP broker license is unlicensed customs practice. Forwarders who do not hold a broker license must work with a licensed customs broker for all entry filing.

What is the ISF penalty for a late or inaccurate filing?

CBP can assess up to $5,000 per violation for late, inaccurate, or incomplete ISF filings. Common triggers include late transmission after cargo load, missing or incorrect HTS-6 code, manufacturer name that does not match the bill of lading, and failure to update an ISF when cargo details change before arrival. CBP runs a 100 percent ISF compliance targeting rate.