AI Raises New Risks in Trade Compliance, Industry Strategist Says

AI is shaping compliance workflows in screening, classification, customs and export controls, and the pressure on teams is rising as sanctions expand, export controls increase and customs shift toward pattern‑based enforcement, said Simran Sethi, senior consultant for industry strategy at Descartes.

“The real question, of course, is what happens when AI starts influencing decisions that later need to be explained or justified or defended, because while AI improves efficiency, it also changes visibility, accountability and governance expectations,” she said during a May 11 webinar hosted by Descartes and the Middle East & Africa Compliance Association.

AI is embedded across trade workflows, often in ways users don’t see, she said, and many assume better technology means less risk, even though it changes the type of risk and can sometimes increase it.

Trade compliance is changing from fixed rules to intelligence. Historically, teams relied on static logic such as rules, thresholds and binary decisions, she said, but that model is giving way to an intelligence‑driven approach shaped by patterns, relationships and broader trade flows.

Today, risk shows up in ownership structures, routing behavior, indirect exposure and broader network links, she said. AI can detect these patterns across large volumes of activity, but it also adds opacity because the outputs come as confidence levels rather than clear answers.

“Now, operationally, when you look at this, and you're like 85% confident, it sounds very powerful, but from a compliance perspective, someone still needs to decide whether you want to approve it, reject it, escalate, or stop that transaction, and that accountability still remains with the organization,” she said.

One of the most significant risks, she said, is that AI can reduce false positives but also suppress signals that would otherwise trigger review, creating failures that aren’t visible.

“So, even though AI reduces the noise, you will see that it's also causing lesser review,” she said.

“AI outputs often look highly structured, very confident, very clean, very quick, very deterministic, which makes people more likely to trust them very quickly,” she said. “And that's where governance becomes critical.”

Sethi said this overconfidence can mask the real problem, the false negative -- the risky counterparty or shipment that never generates an alert, never gets reviewed and leaves no audit trail.

“The most dangerous failures are the ones that we are not seeing at all because we have AI in place,” she said.

Sethi said this creates a tension between efficiency and defensibility. AI can speed up screening, classification and document processing, but regulators judge decisions by whether they can be explained and defended.

High efficiency with low defensibility is a risky place to be, she said, because it weakens audit trails, blurs accountability and leaves organizations exposed.

The goal is to match high efficiency with high defensibility, which depends on explainable AI, solid auditability and clear human ownership of outcomes, she added.

Sethi emphasized that AI is already embedded across the trade compliance workflow, often in ways users do not fully recognize. Screening tools rely on AI for entity resolution and false‑positive reduction. Classification engines use it for tariff determination and cross‑border harmonization. Export control modules use it to analyze documents and flag potential controls. Customs risk engines use it to detect routing anomalies and behavioral deviations.

“AI is not a single capability,” she said. “It is embedded across all of these workflows in trade compliance.”

But the same reach that makes AI powerful also magnifies errors, she said, because a single incorrect Harmonized System code or export control determination can carry through across products, systems and shipments.

Misclassification can trigger retroactive duties, penalties, shipment delays and broader audit exposure, she said, and the risk is even higher in dual‑use and export‑control determinations where technical nuance and regulatory interpretation matter. AI can flag potential issues, Sethi said, but it cannot reliably resolve ambiguity or intent.

Screening presents a similar challenge. AI improves matching and reduces false positives, but aggressive filtering can hide ownership links, intermediary relationships or routing patterns that matter for sanctions exposure, she said, and when too much is filtered out, visibility drops, she said.

Sethi also warned against overreliance on AI‑generated regulatory research. Compliance teams increasingly use AI tools to summarize sanctions rules, export controls and tariff obligations, but confident answers can still be incomplete or wrong, she said.

“High confidence is not the same as legal accuracy,” she said. “But AI-generated answers are not defensible unless they are validated against primary sources, authentic sources and experienced human review.”

Trade documentation is another area where AI can process large volumes quickly but can’t fix underlying data quality, Sethi noted. If invoices, packing lists and product descriptions are inconsistent or commercially written rather than technically accurate, AI will extract the errors and pass them downstream, she said.

“AI can process bad data extremely well,” she said. “And in customs environments, bad data does not disappear. It gets declared, and that's where the fault starts.”

Customs enforcement is changing as authorities use AI to spot patterns across shipments, trade lanes and supply‑chain networks, which makes weak internal controls easier to detect, she said.

The question is no longer whether a single shipment is compliant, she said, but whether the shipment fits the expected pattern.

To manage these risks, Sethi outlined five elements of AI governance -- role clarity, data governance, human oversight, auditability and ownership. AI should support decisions, not make them. Data must be curated and version‑controlled. High‑risk decisions require human validation. Every decision must be traceable. And accountability must be continuous.

“Effective AI governance is really about operational discipline and not slowing down automation,” she said.

On the regulatory side, Sethi said, organizations can’t wait for dedicated AI laws because regulators are already applying existing sanctions, export control and customs rules to AI‑influenced outcomes.

She noted that the EU AI Act, which entered into force in 2024, is setting a global standard through its risk‑based structure and strict requirements for high‑risk systems. The act introduces fines for violations, including up to 35 million euros or 7% of global annual turnover for prohibited AI practices.

While the act’s major obligations won't apply until 2026, she said enforcement has already begun under other EU regimes, including the General Data Protection Regulation, the Digital Markets Act, and consumer protection and competition laws.

Sethi said the U.S. is taking an enforcement‑led approach, especially through agencies such as DOJ, the Federal Trade Commission and the Bureau of Industry and Security.

Sethi added that regulators themselves are now using AI to detect anomalies and valuation trends across shipments, making weak internal controls easier to spot at scale.

Despite different models, she said, the expectation of accountability is the same.

Sethi said many organizations get AI in trade compliance wrong by treating it as a technology upgrade rather than a control change, assuming vendor tools eliminate risk and prioritizing speed over auditability.

This is especially true, she said, when AI is embedded in third‑party platforms where model logic and data sources are opaque, leading some to believe the vendor absorbs their regulatory risk even though accountability remains with the organization.

To manage these risks, Sethi said, compliance leaders should prepare now by putting basic controls in place before incidents occur, training teams to question AI outputs, improving data quality and documenting how decisions are made and where AI should or shouldn’t be used.

“Ultimately, the real differentiator will not be AI adoption, it will be whether organizations can continue maintaining control, integrity and defensible decision-making as automation becomes deeply embedded in your compliance processes, and that is really the challenge that compliance leaders now need to prepare for,” she said.