Hello, this is Hamamoto from TIMEWELL. Today I want to walk through Japanese export control violations in chronological order and consider what each of them means for the risk management of your own organization.
"We don't make weapons or military equipment, so this doesn't apply to us." To any executive or corporate management professional holding that view, I want to push back firmly. Most of the companies that have been caught up in violations started with exactly the same assumption. Machine tools, industrial helicopters, measurement instruments, even jet-ski engines — any of these can suddenly be treated as dual-use goods, and a single momentary misjudgment by a practitioner can lead to a company-wide export ban. This is not historical background. It was still happening in 2024.
In this article, I cover representative cases from the 1987 Toshiba Machine COCOM incident through the 2024 unauthorized exports to Russia, and dig into the structural patterns behind violations and the countermeasures that actually work. In the analysis METI published in December 2024, 70% of violations were rooted in classification. That is not a coincidence — it is evidence that the same structural weakness has kept surfacing for decades.
The Lasting Lessons of the Toshiba Machine COCOM Incident (1987)
No account of Japanese export control violations can skip the Toshiba Machine COCOM incident. Between December 1982 and 1984, Toshiba Machine, through Itochu Corporation and the trading house Wako Koeki, exported eight high-performance machine tools capable of simultaneous nine-axis control, along with NC units and dedicated software, via Norway to the Soviet Union's Ministry of Machine-Building Industry Foreign Trade Organization. All of these were prohibited items under COCOM, the Coordinating Committee for Multilateral Export Controls.
In late 1986, a whistleblower at Wako Koeki named Hitori Kumagai brought the matter to the attention of the US authorities. The US Department of Defense concluded that the machine tools had contributed to the quieting of the propellers on Soviet attack nuclear submarines, and the incident became a serious political issue between Japan and the US. On April 30, 1987, the Public Security Bureau of the Metropolitan Police Department raided the company; on May 15, MITI (now METI) imposed an administrative order banning exports to the Eastern Bloc for one year; and on May 27, two executives were arrested for violating FEFTA. On the US side, a demonstration in the halls of Congress featured lawmakers smashing Toshiba radio-cassette players with hammers, and a bill banning Toshiba from US government procurement for three years was introduced.
The core of the case was not simply an illegal export but "a three-layer structure designed to obscure responsibility." The pattern of using a manufacturer, a trading house, and a transit country in combination to create paperwork that looked acceptable on the surface is still the classic playbook for sanctions evasion. METI's repeated guidance to "verify the true end user of the destination" grows directly out of the lessons of this case. Equally important is the fact that an internal whistleblower tipped the dominos. No matter how tightly an organization tries to contain information, the risk compounds from the moment more than one person is involved. The takeaway is that compliance is not protected by secrecy; it is protected by structures designed to prevent violations from occurring in the first place.
How to solve export compliance challenges?
Learn about TRAFEED (formerly ZEROCK ExCHECK) features and implementation benefits in our materials.
Representative Cases From the 2000s: Yamaha Motor's Unauthorized Unmanned Helicopter Exports
In 2006, a widely reported case involved Yamaha Motor's attempt to export its industrial unmanned helicopter RMAX Type II G to a Chinese company without authorization. The destination was Beijing BVE (Beijing Bi Wei Yi Chuang Ji Technology Co., Ltd.), and the contract was moving forward in 2005 without the required export license. The origin of the investigation was unexpected: in April 2005, Fukuoka Prefectural Police arrested two Chinese intermediaries on suspicion of aiding illegal employment, and documents relating to the helicopter export were seized from related parties. The violation surfaced not through the export control function but through a separate criminal case that led investigators back to it.
In January 2006, Shizuoka and Fukuoka prefectural police executed a joint search, and in January 2007 three employees were referred to prosecutors (and later given suspended indictments). The company itself received a summary order from Hamamatsu Summary Court to pay a JPY 1 million fine, and in May 2007 METI imposed a nine-month export ban. The day after the first reports, Yamaha Motor's share price hit the daily limit-down, and market capitalization dropped by roughly JPY 111.4 billion — a decline of 13.4%. The fine was JPY 1 million, but the market's economic penalty was several orders of magnitude larger.
The reason this case still works as a textbook example of internal control is the sheer visibility of the structural weakness. The investigation found that the classification decision — whether METI approval was required to export the product — had been delegated almost entirely to a single individual in the Sky Division. There was no review by multiple reviewers, and delivery pressure from the sales function flowed straight through. Even with a product as clearly dual-use as an unmanned helicopter, a single practitioner's interpretation — "this is civilian use, so we're fine" — could become the final decision. The same structure is latent in almost every manufacturer. The moment you hear "our classification lead is a veteran, so we don't need to worry," you should treat that statement as a warning sign in itself.
Cases From the 2010s and 2020s: Spreading Into Research Institutions and Small Businesses
From the 2010s onward, export control violations spread beyond heavy industry into research institutions and smaller companies. A symbolic case is the international student FEFTA violation that was finalized in February 2018. The accused had exported technical information from a university's research activities to mainland China via Hong Kong without METI authorization, resulting in a final conviction with a JPY 1 million fine. In April 2018, METI imposed a three-month export ban. The case rapidly accelerated the debate around deemed export management at universities and research institutions.
"Deemed export" refers to the concept that providing technology domestically to foreign researchers or international students is subject to regulation when the effect is equivalent to exporting it overseas. In November 2021, METI issued a directive clarifying deemed export management, introducing a new framework in which the evaluation is not limited to the resident/non-resident distinction but extends to whether someone falls under a "specific category." In August 2023, a casebook for operational clarification was published, and universities and research institutions across the country raced to revise their rules and put in place technology transfer management ledgers. The University of Tokyo had already established a Security Export Control Support Office back in October 2011, but for smaller research institutions without equivalent functions, the burden has been substantial.
In July 2024, violations at a small or mid-sized company surfaced again. Osaka Prefectural Police arrested the CEO of the trading company Astrade on suspicion of violating FEFTA. The allegation was that in January 2023, without government approval, the company exported one marine engine, four jet skis, and used motorcycles to Russia, worth roughly JPY 40 million in total. Items that look like straightforward civilian products — such as jet skis — are strictly controlled under the export restrictions imposed on Russia after the invasion of Ukraine. METI materials aimed at small and mid-sized companies also document a case in which a president received one year and six months of imprisonment, a JPY 1.2 million fine, and a one-year-and-one-month ban on exporting all goods to all destinations. The smaller the company, the harder it is to write off violations as "accidents" — and that logic has played out again and again in the same way.
Root-Cause Analysis by Violation Type: Intentional, Negligent, and Structural
Read carefully, METI's December 2024 "Analysis of FEFTA Violations (FY2023)" maps out the structure of the problem. Of all violations, 88% related to the export of goods (Article 48, Paragraph 1) and 12% related to the provision of services (Article 25, Paragraph 1), meaning the overwhelming majority are movements of physical items. Broken down by cause, 70% were linked to classification and 21% to compliance structure deficiencies. Within the classification bucket, misclassifications and misinterpretations of law accounted for 30%.
Mapping these to violation patterns, three categories emerge. The first is the "intentional" type, exemplified by Toshiba Machine, in which firms construct false filings or circumvent routes in pursuit of revenue or schedule. The number of cases is small, but the impact at the time of disclosure and the criminal liability are the most severe — sometimes threatening the very survival of the legal entity. The second is the "negligent" type, exemplified by the 2024 Astrade case, in which the exporter simply fails to recognize how much tighter the rules have become. METI also publishes classic patterns such as "the practitioner shipped on their own judgment because the delivery date was slipping" and "after repairing a defective item under the repair exemption, they shipped it to a different destination at the customer's request." The third is the "structural" type, exemplified by Yamaha Motor, rooted in single-person classification processes and the absence of cross-checks.
What these three patterns have in common is that most violations originate not in malice but in process gaps. The 70% figure for classification tells us that, before we reach the level of executive judgment, the day-to-day mechanics of the system are not working. Classification itself requires a repeated overlay of list controls, catch-all controls, use-based controls, and end-user controls against item classification tables. Running this entirely in Excel and PDF, by hand, hits its limits quickly. With rulebooks updated every year, and with operations that must also align with US EAR and China's export control law, the workload has physically exceeded what a single dedicated specialist can carry.
What Companies Should Do: Refresh the Compliance Program and Systematize With TRAFEED
So what do you do? The foundation is a refresh of the Export Control Compliance Program (CP). Taking METI's standard CP as a starting point, you rebuild the operational handbook, the classification workflow, the end-user screening checklist, the training plan, the internal audit cycle, and the initial response protocol for violations — adjusted to the actual shape of your transactions. If your CP has not been updated for more than five years, assume you are behind on the tightening of rules that has taken place since 2022. The combination of Russia-related sanctions, China's export control law, the US BIS Entity List expansions, and EU dual-use regulation reforms represents a volume of change in a few years that is comparable to the preceding two decades.
Building on that, the heart of the matter is moving classification and end-user screening off "memory and experience" and onto a proper system. This is where I want to introduce our export control AI agent, TRAFEED (formerly ZEROCK ExCHECK). As the world's first export-control-focused AI agent, TRAFEED provides end-to-end support for item classification, Entity List and denied-party matching, end-user due diligence, and multilingual document analysis. It ships with a classification workflow aligned to METI standards and handles consistency checks against US EAR and China's export control law, so decisions that used to depend on specific individuals can be captured as organizational knowledge. Classification results are stored as logs, and the history is immediately traceable during internal audits or external inquiries.
The greatest value of systematization is not simply reducing the incidence of violations — it is the evidence that "a process was followed." Even if a classification happens to be wrong, the combination of judgment history, grounding clauses, and referenced lists inside TRAFEED lets you explain objectively, during voluntary disclosure to METI or customs, that "this was an exceptional event, not a structural failure." That distinction makes a decisive difference when negotiating the severity of administrative action. Historically, the faster a company moves to voluntary disclosure and corrective action, the shorter the penalty tends to be. The goal is both to aim for zero violations and, should one occur, to minimize its fallout. That two-layer preparedness is the standard that export control operations are now expected to meet.
Summary: Three Things You Can Change Starting Today
From Toshiba Machine in 1987 to Astrade in 2024, the substance of violations has barely changed across nearly 40 years. Single-person processes, insufficient verification, and lag in keeping up with regulatory change — all of them begin with the assumption that "it could never happen to us."
Here are three things you can begin changing today. First, check the date on which your CP was last updated and confirm whether regulatory changes since 2022 are reflected. Second, examine whether classification is still entrusted to a single person and, at minimum, put a double-check mechanism in place. Third, inventory the past three years of export transactions and reassess the risk of end users and end uses. Just these three moves will meaningfully reduce violation risk for most companies.
Export control violations are more familiar, and come with heavier penalties, than most executive teams realize. And once a case becomes public, the secondary damage — share price declines, suspended business relationships, impact on recruiting — can exceed the formal penalty itself. From a risk management perspective, investment in this area should be treated not as a cost but as an insurance premium. If TRAFEED is relevant to your situation, please reach out. We can work through what level of capability your organization needs, using past cases as the reference.
For related reading, see The Full Picture of Penalties and Risks for Export Control Violations, China's Export Controls on Japan and the New Reality of 2026, The Penalty Structure Under FEFTA, and Economic Security Through the Lens of the Makino Milling Acquisition Halt for a more three-dimensional view.
References
- METI, "Analysis of FEFTA Violations Related to Security Trade (FY2023)," December 2024
- METI, "About Security Export Control," September 2020
- METI, "Near-Miss Casebook on Security Trade Control in Universities and Research Institutions," updated September 2023
- METI, "Clarification of Deemed Export Management," November 2021
- CISTEC, "FEFTA Violation Cases"
- Wikipedia, "Toshiba Machine COCOM Violation Incident"
- Yamaha Motor, "Internal Disciplinary Action," May 11, 2007
- Tokyo Chamber of Commerce and Industry, "Overview of the Foreign Exchange and Foreign Trade Act (FEFTA) and Examples of Violations"