Monthly Archives: November 2015

OFAC: The Not to Be Forgotten Part of Export Compliance (Part 3 of 3)

Question: I’m seeing a lot of headlines about OFAC sanctions in the global trade news lately. Why has developing a corporate OFAC compliance program suddenly become so important?

Over the past few years, the U.S. Government has increasingly looked to trade embargoes and economic sanctions programs, which OFAC administers, to help achieve its foreign policy and national security objectives. Sanctions have also served as an integral component of America’s counter-terrorism strategy and campaign to halt the spread of weapons of mass destruction. More recently, they are being employed in innovative ways to combat malicious cyber activity and transnational organized crime.

Not surprisingly, given that America’s economy and capital markets are still the largest in the world, U.S. sanctions have had a dramatic impact on international trade; in multiple instances, they appear to have been effective in influencing the behavior of countries that the government viewed as national security threats. Because of the proven effectiveness of these measures, and probably also because of the nation’s current economic state and a generally war-weary public, sanctions have become a tool of first resort for U.S. foreign policy. Consequently, we have seen OFAC (with help from the Department of Justice) ramping up their sanctions enforcement and aggressively pursuing potential violators throughout the world.

Major prosecutions under the Foreign Corrupt Practices Act have made the headlines several times this past year. Economic sanctions enforcement seems poised to be the next big focus for government regulators. U.S. businesses that operate, or intend to operate, in the global marketplace urgently need to take a close look at their corporate export compliance programs and develop strategies for complying with rapidly changing regulations and enforcement policies in this area.

(1)    Proactive is always better than reactive.

More and more large U.S. and multi-national corporations, especially those who are prime U.S. Government contractors, are now addressing the OFAC compliance challenge and requiring all those with whom they do business—subcontractors, vendors, suppliers, partners—to demonstrate a similar diligence. Addressing the OFAC compliance challenge on your own timeline, rather than waiting until you are obligated by a contract or business transaction to do so, will allow you to choose compliance options that are cost-effective for your company’s business model, circumstances, and goals.

(2)    The recent Yates Memo has sounded a new warning note and made enforcement more personal.

The policy memorandum issued on September 15, 2015 by Deputy Attorney General Sally Quillian Yates appears to signal a more aggressive approach by the U.S. Government that prioritizes the prosecution of individual corporate executives in cases of corporate wrongdoing, including sanctions violations. While the insistence on individual accountability for corporate misdeeds is not new, the policy outlined in the Yates Memorandum places a greater emphasis than before on requiring the corporation’s internal investigation to identify the individual decision-makers who were involved in, or were responsible for, the regulatory noncompliance. Essentially, companies that want any “cooperation credit” from the U.S. Government (i.e., mitigation of penalties) will first need to fully disclose to the prosecutors the results of their internal investigation concerning the employees and senior executives involved.

Although the significance and implications of the Yates Memo are not yet entirely clear, the trend in regulatory enforcement that it represents underscores the need for companies to have more effective export compliance policies and procedures in place. You may want to consider including policies that spotlight individual accountability and processes that facilitate the rapid triage of incident reports and immediate and thorough investigations when appropriate.

Question: In what ways is achieving and maintaining OFAC compliance a greater challenge for a company than ITAR and EAR compliance?

(1)    OFAC sanctions are continually evolving. U.S. trade embargoes and economic sanctions, and the names of entities on the SDN List, can and do change very quickly—even overnight. For that reason, keeping abreast of new and evolving programs and ensuring compliance with recordkeeping, reporting, licensing, and other OFAC requirements can be extraordinarily difficult.

The Treasury Department’s SDN List contains several thousand names, and people or organizations can be removed from it, or added to it, at any time. Several foreign jurisdictions, including the European Union, Canada, and Mexico, also maintain “blocking statutes” that may address the U.S. trade embargoes and sanctions concerns, and a wide range of other restrictive measures as well, so your company’s transactions may need to be screened against multiple lists. What is more, some of these restrictive measures may conflict with U.S. regulations. Due diligence requires continuous, real-time, comprehensive monitoring to ensure that your dealings and transactions with foreign countries and individuals are not in violation of OFAC prohibitions.

(2)    OFAC sanctions are extraordinarily comprehensive. In addition to prohibiting certain transactions, OFAC regulations prohibit U.S. persons from “facilitating” (i.e., assisting, supporting, directing, or approving) a transaction by, or with, a sanctioned entity. The regulatory definition of “facilitation” is quite general, and its concrete interpretation has not been clear, since enforcement actions against companies for “facilitation” violations have been fairly infrequent. That situation has now changed dramatically. In the past few years, the U.S. Government has begun aggressively pursuing criminal actions against individuals and firms that “willfully facilitate” sanctions violations. Referring prohibited business to a foreign party, providing guidance or advice on a prohibited activity, financing or insuring or guaranteeing a prohibited transaction, providing merchandise or services in connection with a prohibited activity—any or all of these may constitute facilitation, and thus violate the OFAC regulations.

Most OFAC Sanctions Programs apply to ‘‘U.S. persons,’’ a term embracing U.S. citizens, permanent resident aliens, entities organized under the laws of the U.S. or any jurisdiction within the U.S. (including foreign branches of U.S. corporations), and any persons in the U.S. However, some sanctions programs state a wider jurisdiction. The Cuban Assets Control Regulations (CACR), 31 C.F.R. Part 515, use a more broadly defined term, ‘‘Persons subject to the jurisdiction of the U.S.,’’ which includes foreign subsidiaries of U.S. companies (see 31 C.F.R §515.329 and §515.330).

(3)    OFAC violations can carry staggering penalties.

Violations of the OFAC regulations may incur either civil or criminal penalties, or both. We have seen a very aggressive enforcement trend over the past few years. Increasingly, the U.S. Government has chosen to pursue criminal charges against violators (or has settled cases using criminal allegations), and a series of record-setting penalties have been imposed for OFAC sanctions violations. Examples within the last year include the almost $1 billion in fines handed down to BNP Paribas, and more recently Commerzbank’s agreement to pay $258 million in fines for falsifying business records for sanctioned countries. Nor is it only banks that have been prosecuted for sanctions violations. The Department of Justice recently agreed to a fine of $232 million to settle criminal charges with Schlumberger Oilfield Holdings Ltd for violating U.S. sanctions. That action and a few others are indications that regulators may soon be turning their attention to U.S. manufacturing companies as well.

* * *

A serious OFAC compliance program demonstrates that your company is aware of the SDN List and sanctions regulations, understands the risks, and is actively trying to prevent OFAC violations. If a violation does occur, it will be a strong mitigating factor against severe penalties. In some recent criminal prosecutions, the U.S. Government has contended—and the Courts have agreed—that failing to have an adequate compliance program in place was an indication of “reckless disregard” and therefore supported prosecution of the company and individual employees for willful, criminal violations of regulations. Depending on the sanctions program, criminal penalties for willful violations can include fines of up to $20 million and imprisonment of up to 30 years. Even worse, a single transaction can produce multiple violations, placing a company at risk of significant liability.

In addition to avoiding draconian penalties, another good reason for making OFAC compliance (and EAR/ITAR compliance) a high priority is minimizing costly and time-consuming investigations. Even if the finding is that no violation has occurred, or if civil penalties are eventually waived due to mitigating factors, responding to U.S. Government queries regarding potential violations and conducting comprehensive internal investigations can place a heavy and damaging burden on corporate resources.

Given those risks, it’s hardly surprising that more and more company boards and senior executives are moving enhanced OFAC compliance measures to the top of their agendas.

Catch next week’s post “The Key Elements of an Effective OFAC Compliance Program” for advice on how to set up and maintain a successful OFAC compliance program.

OFAC: The Not To Be Forgotten Element of Export Compliance (Part 2 of 3)

Question: In your last post, you referred to “OFAC export authorizations” and the possibility that a U.S. company might apply for and obtain an “OFAC Specific License” for an export transaction involving a sanctioned country. Isn’t that a contradiction in terms? I thought the whole point of U.S. economic sanctions was that no financial transactions or business dealings whatsoever are permitted with a customer in, or from, an OFAC-sanctioned country.

While it’s true that economic sanctions administered and enforced by OFAC can impose sweeping prohibitions against trade with targeted countries—Cuba, Iran, and Sudan, for example—and that U.S. Government policy is normally to deny export licenses in such cases, exceptions do exist which permit exports to OFAC-sanctioned countries in certain cases.

For one thing, because each sanctions program is based on a unique set of foreign policy imperatives, no two are exactly alike. Each of the twenty-eight OFAC Sanctions Programs is distinct and different; the range and coverage varies greatly from country to country. Some programs are nearly total in scope, while others are much more narrowly focused. So the application of sanctions to a country does not necessarily mean that all commercial opportunities in that country or that country’s nationals are off limits. There is a huge difference, for example, between the fairly limited and selectively tailored sanctions currently imposed on certain individuals and entities under the Ukraine/Russia Sanctions Program, and the strict and comprehensive sanctions that that are currently imposed on most transactions with the Iranian government, Iranians, and Iranian entities. For that reason, a deal involving a sanctioned country will sometimes be able to go forward because it falls outside the scope of the applicable OFAC export prohibitions. Determining whether this is true in any particular case, of course, requires a detailed review of the regulations currently in force.

Even for comprehensively sanctioned countries such as Cuba, Iran, and Sudan, the prohibitions on trade, although stringent and far-reaching, are not absolute. Many companies are surprised to learn that the U.S. permits the imports and exports of certain items to and from these nations despite the tense political relationships.

What’s more, due to the political nature of sanctions and their use by the U.S. Government as diplomatic tools to influence the behaviors of other nations, OFAC regulations are constantly changing. On the positive side, this means that new opportunities for U.S. exporters can open up at any time. For example, on July 11, 2012, OFAC moved to lift a near-total ban on business with Myanmar (Burma), and began allowing certain U.S. investments in that country in response to the government’s promises of reform and transition to democracy. Other regulatory changes followed, and in April of this year OFAC took several Myanmar companies and individuals off the blacklist.

Some types of permitted transactions reflect long-standing and fundamental principles of U.S. foreign policy.

  • It has generally been U.S. foreign policy to promote and encourage the free flow of information and freedom of speech between the U.S. and other nations. The Berman Amendment, passed by Congress in 1988, as amended and expanded by the Free Trade in Ideas Act in 1994, makes it clear that OFAC does not have the statutory authority to regulate “directly or indirectly” transactions concerning the import or export of “information and informational materials” to or from sanctioned countries, “regardless of format or medium of transmission.” “Informational materials” in this context has been deemed to include most books, magazines, eBooks, and other publications; pre-recorded video and audio tapes and CDs; and paintings, sculptures, and other works of art; and it may include payments for such items, depending on the sanctions program involved. It is essential to keep in mind, however, that this does not cover CCL items: controlled software and controlled technical data do not fall within this exemption. Exporters should also be aware that the application of this “informational materials” exemption to such related activities as the development, marketing, and distribution of the materials is a matter of ongoing legal controversy; those related activities may require an OFAC Specific License.
  • It has not generally been the policy of the U.S. to withhold the supply of food and medicine to other nations as a means of furthering U.S. foreign policy goals. Thus, U.S. sanctions programs have usually included provisions explicitly allowing humanitarian exports of food, clothing, medicine, and other forms of humanitarian support. Even nations whose governments are notoriously hostile to the U.S. or who have been spotlighted as supporters of terrorism can receive exports of U.S.-origin humanitarian goods. To that end, the Trade Sanctions Reform and Export Enhancement Act of 2000 (TSRA), also known as the Nethercutt Amendment, authorizes the export of certain agricultural commodities, medical supplies, and medical devices to otherwise comprehensively embargoed countries under licenses issued by OFAC (for Iran and Sudan) or Commerce/BIS (for Cuba). This complicated measure authorizes exports of certain agricultural commodities, medicines, and medical devices to Cuba, Iran, Sudan, and Libya. The criteria for items that meet the TSRA definition of agricultural commodity or medicine/medical device are varied and complex, however, and close consultation with OFAC, BIS, and the FDA is highly advisable for U.S. exporters.

While compliance with TSRA licenses and adherence to the scope of the Berman Amendment exemptions can be complicated, these efforts can yield opportunities for U.S. companies that export eligible items.

Some other examples of transactions that may be permitted even with countries under strict U.S. economic sanctions include the provision of telecommunications services, research activities by U.S. persons (although this is sometimes conditioned on obtaining specific approval from either BIS or OFAC or both), and professional meetings. The applicability of these exemptions to specific occasions and circumstances must always be carefully analyzed and considered, however.

What kinds of OFAC authorization are available? There are three categories: Exemptions, OFAC General Licenses, and OFAC Specific Licenses. When someone tells you that you need to obtain an “OFAC license,” they are generally referring to the third category, Specific Licenses. But before pursuing such a license, you should look closely at the first two categories, and see if there is either an Exemption or an OFAC General License that covers the transactions you wish to engage in.

Exemptions. The legislation underlying the regulations administered by OFAC may expressly exempt a particular good, service, benefit, or activity from the kinds of transactions the agency is authorized to block or prohibit. The category of OFAC Exemptions includes those activities, goods, and services which are beyond the legal authority of the Executive Branch to sanction—and therefore outside the realm of OFAC’s regulatory powers. Some examples of activities that are usually exempt have already been mentioned. Another example of a common exemption is travel: freedom of movement is considered by many to be a fundamental liberty, and under most U.S. sanctions programs— which, like the ITAR and EAR, are authorized by the International Emergency Economic Powers Act (IEEPA)—transactions related to travel to and from the country by individuals who are U.S. persons are not prohibited.

A notable—and highly controversial—exception has been Cuba Sanctions, which are largely authorized by the Trading With the Enemy Act of 1917 (TWEA). The U.S. has imposed a comprehensive economic embargo against Cuba since the 1960s. The embargo regulations do not actually ban travel itself, and the Cuban Assets Control Regulations (CACR) do expressly authorize transactions incident to 12 categories of travel, among which are “journalistic activities” and “educational activities, including people-to-people contact.” In addition, OFAC Specific Licenses are issued a case-by-case basis. Nevertheless, the restrictions placed on financial transactions related to travel to Cuba have effectively banned all tourist travel from the U.S.—formerly a major source of revenue for that nation. Some Cuban travel restrictions have been significantly eased by amendments to the CACR during the past few years, most recently in January 2015; and nineteen U.S. airports are now officially authorized by Customs and Border Protection to serve flights to and from Cuba. But given that transactions for tourist activities are still expressly forbidden by a provision in the TSRA, the practical economic significance of these recent regulatory changes for the U.S. travel industry and other sectors is uncertain.

OFAC General Licenses. If no exemption covers the goods or services you want to export, and they are therefore subject to OFAC regulation, then you should determine whether OFAC has published a General License indicating that the agency consents to the export of goods or services of that kind to the sanctioned country. Some general licenses are contained within the OFAC regulations themselves. When an embargo is new, or has just been amended, there may be general licenses issued that have not yet been codified in the CFR, but can be found on the OFAC web site. Various regulatory interpretations are also issued from time to time by OFAC; the legal effect of these interpretations may be equivalent to that of a general license.

General licenses are open-ended authorizations: they grant blanket authority to engage in a certain kind of transaction and you don’t have to apply to use them—although sometimes there are notification or reporting requirements. One important way in which an OFAC General License differs from an Exemption is that OFAC can rescind a general license at any time, whereas it is beyond OFAC’s legal authority to apply sanctions to exempt goods, activities, or transactions.

OFAC Specific Licenses. If the goods or services you want to export are neither exempt from OFAC regulation nor covered by an OFAC General License, you have the option of applying for an OFAC Specific License.

OFAC has fairly broad legal authority to allow—on a case-by-case basis—transactions that would otherwise be prohibited under specific sanctions provisions. OFAC’s Licensing Division reviews all applications from exporters strictly in the order in which they were submitted, and issues or denies licenses based on U.S. foreign policy and national security goals.

Before you proceed to apply for a license, however, we suggest that you review the the details of your proposed export transaction thoroughly, asking the following questions:

(1)   Are there are any U.S. Persons involved in the transaction? (The definition of “U.S. Person” includes a U.S. citizen, a permanent legal resident, an entity formed under the laws of the United States, or anyone physically present in the U.S.)

(2)   Are any of the parties to your proposed export transaction targeted by U.S. economic sanctions (e.g., individuals, businesses, institutions, organizations, or other entities, or official government agents or agencies, who ordinarily reside or operate in sanctioned countries)? (Be sure to identify all parties—including brokers, intermediate banks, freight forwarders, shipping companies, and any other middlemen—their nationalities and their relationship to the transaction.)

(3)    Is the nature of the proposed transaction such that it comes under and is prohibited by the applicable laws and regulations?

If the answer to these three questions is Yes, then you should assume that an OFAC license will be needed before the transaction can be conducted.

How can I apply for a license? For official guidance related to applying for an OFAC Specific License, in addition to the information and instructions found on the OFAC web site, you should refer to 31 CFR 501.801.

You may submit your application electronically, using the online form on the OFAC website at http://licensing.ofac.treas.gov. Alternatively, you may send a letter of request providing a detailed description of the proposed transaction, including the names and addresses of all individuals or companies involved. You can mail your license request letter to the following address:

Office of Foreign Assets Control
U.S. Department of the Treasury
Treasury Annex
Attn: Licensing Division
1500 Pennsylvania Avenue, NW
Washington, DC 20220-0002

All U.S. exporters ought to take full advantage of the extensive compliance resources provided by OFAC on their web site. The agency devotes considerable effort to compliance outreach, and has compiled and published a veritable library of reference materials, including publications geared toward the specific concerns of exporters and importers, including summaries of each sanctions program. They also make an up-to-date SDN list available in a variety of searchable formats.

Finally, you should understand that an OFAC Specific License application, like any request for an exception to a rule, needs to be an advocacy document. That is to say, in order for your application to be granted in a situation of presumed denial, you will have to do more than merely provide the detailed facts concerning the transaction you are proposing; you will also need to make a convincing case for the issuance of the license by appealing to the provisions of the relevant laws and regulations—ideally, to a section or clause indicating the potential availability of special permits or export authorizations for certain reasons or in certain circumstances. You may want to appeal to the stated U.S. Government policy and rationale behind the specific export control regime as well.

In Part 3 of this post, we’ll offer you some practical advice and suggestions for ensuring that OFAC compliance is fully and effectively integrated with ITAR and EAR compliance processes and internal controls in your company’s overall export compliance program.

OFAC: The Not To Be Forgotten Element of Export Compliance (Part 1 of 3)

Question: I read in the Daily Bugle recently about a small family-owned business in Maryland with only ten employees that had to pay a $78,750 penalty for alleged export violations. The article said they had shipped three HVAC duct fabrication machines to a company in China and received payments for them “without authorization from OFAC.” Can you tell me what this is all about? I’m familiar with ITAR and EAR export controls, of course. As a U.S. manufacturer and exporter, my company is registered with the State Department’s DDTC, and we’ve applied for multiple BIS export licenses using the SNAP-R system, but this was new to me. How much do I need to know about OFAC? Bottom line: how critical is this for my company?

Yes, you should know about this. Not knowing can be costly and painful, as that company you read about in the news—Precision Products Inc. (PPI) of Charlotte Hall, Maryland—learned to their dismay earlier this year. You, too, are among those to whom OFAC regulations apply.

OFAC, the Office of Foreign Assets Control, is an often overlooked but extremely powerful and far-reaching agency of the Treasury Department. Its mission is to administer and enforce economic and trade sanctions based on U.S. foreign policy and national security goals. Many of these sanctions programs—prohibitions on financial dealing—have been put in place by the U.S. Government to ensure that companies don’t unwittingly do business with terrorist organizations, sanctioned countries, nationals of some countries, and other specified entities who are engaged in activities related to the proliferation of weapons of mass destruction or other threats. Some OFAC sanctions are based on United Nations and other international mandates, and are therefore multilateral in scope, involving close cooperation with allied governments.

OFAC acts under Presidential wartime and national emergency powers, as well as authority granted by specific legislation. The agency has the authority to prohibit U.S. citizens and corporations from making payments, or providing anything of value, to embargoed countries, businesses, organizations, or individuals. It has the power to impose controls on business transactions of all kinds and freeze any assets that are under U.S. jurisdiction. It publishes the constantly updated list of over 6,000 names–the Specially Designated Nationals List (“SDN List”)–of companies and individuals whose assets are blocked. This is a “black list”: Americans are expressly forbidden to enter into transactions with any of these companies and individuals. U.S. exporters and importers are required to exercise due diligence in searching the SDN List and confirming that dealings with foreign countries are not in violation of OFAC sanctions programs.

In addition, OFAC prohibits travel to, and certain other dealings with, embargoed countries and entities. There are a handful of countries commonly referred to as “OFAC countries” or “embargoed destinations”—a few of the most widely known in recent years have been Cuba, Iran, North Korea, Sudan, and Syria—to whom comprehensive trade sanctions, administered by OFAC, have been applied. In other cases, the economic sanctions have taken a variety of forms, including arms embargoes, capital restraints, asset freezes, and trade restrictions.

Has OFAC been around for a long time? As an arm of the Treasury Department that sets out and enforces trade sanctions issued by the U.S. Government, OFAC is arguably one of the oldest law enforcement agencies in the country. It dates back prior to the War of 1812, when Treasury was first authorized to administer U.S. economic sanctions imposed against a hostile foreign power—in that case, Great Britain, which was harassing American sailors. In more recent times, between 1940 and 1947, Foreign Funds Control (FFC) and the Office of International Finance (OIF) were established as units of the Treasury Department, with legal authority deriving from the Trading with the Enemy Act (TWEA). FFC administered controls over enemy assets and restrictions on trade with enemy states during World War II. It was abolished in 1947, and its functions were transferred to the OIF. In 1950, the OIF morphed into the Division of Foreign Assets Control, when President Truman declared a national emergency and blocked all Chinese and North Korean assets subject to U.S. jurisdiction following the entry of the People’s Republic of China into the Korean War. In 1962, the Treasury Department changed the agency’s name to OFAC.

How critical is OFAC compliance? Absolutely critical. Understanding and monitoring OFAC compliance is a must for U.S. businesses who have foreign suppliers, customers, or clients, or who work with overseas partners. Exporters and importers who are “U.S. persons”—a regulatory term that should be well known to any compliance officer acquainted with the ITAR—are responsible for following OFAC regulations designed to halt terrorist and other illegal funds from circulating. In certain cases, foreign subsidiaries owned by U.S. companies and foreign persons in possession of U.S.-origin goods are also required to comply. So, if you are a small business owner or an individual doing business overseas, you need to familiarize yourself with OFAC. And if you are a company officer or manager in an industry with significant foreign trade, you need to make sure that OFAC compliance is an essential component of your corporate compliance program.

Penalties for violating the regulations administered by OFAC are serious, and have grown even more serious in the last few years. Depending on the sanctions program, potential criminal penalties for willful violations include fines ranging up to $20 million and imprisonment of up to 30 years. Civil penalties for violations of the Trading With the Enemy Act (TWEA) can be as much as $65,000 for each violation. Civil penalties for violations of the International Emergency Economic Powers Act (IEEPA) can range up to $250,000 for each violation, or twice the gain from the violation, whichever is greater. Over the past several years, the number and monetary value of enforcement actions by OFAC have increased dramatically: civil penalties and settlements rose from about $3.5 million in 2008 to more than $1.2 billion in 2014. These are not penalties that can simply be written off as “the cost of doing business”!

Yet OFAC compliance is the most commonly misunderstood and most likely to be forgotten element in corporate export compliance programs. Discussions of U.S. export controls are frequently dominated by and focused on ensuring compliance with the ITAR and EAR, while OFAC regulations are overlooked or undervalued. Yet OFAC rules generally override all other export controls, and OFAC restrictions may apply even when an EAR license exception or ITAR exemption is available.

The widespread tendency to underestimate the importance of monitoring OFAC compliance is especially problematic because OFAC’s programs are dynamic: the embargoes and sanctions, the scope and details of the restrictions, and the names on the SDN List and other lists change very frequently. What is more, new lists may appear at any time, as U.S. foreign policy refocuses in response to a rapidly changing world scene—witness the Sectoral Sanctions Identification List (“SSI List”) that OFAC issued in 2014, targeting transactions with persons in four sectors of the Russian economy: financial services, energy, defense, and mining. It is essential therefore that exporters check the Treasury web site frequently and have the necessary processes and internal controls in place to monitor compliance continuously. Firms with weak processes and controls limit their ability to prevent violations, or to detect and quickly deal with them if they do occur. They run significant risks of heavy fines and other damaging consequences.

In Part Two of this post, we’ll take a look at the three kinds of OFAC export authorizations available to U.S. companies—Exemptions, General Licenses, and Special Licenses, explain when you may need an OFAC Special License and how you can apply for one, and clear up a couple of common misconceptions. (No, OFAC requirements don’t impact only banks and financial institutions!)

In Part Three, we’ll look at the essential ingredients of a robust corporate OFAC compliance program. (Hint: simply checking your customers’ names and addresses against the SDN List is not enough!)

In today’s challenging international environment, the economic and trade sanctions administered by OFAC are likely to play a larger and larger role in cross-border transactions. It will be important for U.S. exporters to understand these controls thoroughly and keep abreast of changing requirements in order to focus on maintaining full compliance. The Export Compliance Solutions Training Academy provides a variety of training options—including 2-day regional seminars, in-house training, and live web-based seminars—that afford comprehensive coverage of ITAR, EAR, and OFAC controls, supplemented by case studies, practical advice, and help with strategic planning for your business. Check out the information on our web site about course offerings and online video training in export compliance awareness for your employees. Contact us by phone or e-mail to learn more. The ECS staff represents the most recognized expertise in the compliance field. We’re here to help!

Redefining EAR and ITAR Terms: Little Changes Could Make a Big Difference for Exporters

Question: Thanks for the heads-up last week about the compliance risks of storing sensitive data in the cloud—and the good news that regulatory changes may be ahead. Are there other revisions to the EAR and ITAR in the works that are likely to impact my company’s policies for safeguarding export-controlled technology and technical data? As I look at the Proposed Rules published by State and Commerce on June 3, I get the impression that they’re mostly about definitions—clarifying the meanings of certain technical terms. How important is all that stuff, practically speaking, to a firm like ours?

Very important. Compliance requirements and potential violations often hinge on the definition of a single word! So you really need to review these proposed new definitions carefully—both the Commerce Department’s proposed revisions to the definitions in the EAR and the State Department’s proposed revisions to definitions in the ITAR— to determine what impact they would have on your operations and compliance obligations, should they be adopted.

As I’m sure you’re well aware, U.S. export controls under the ITAR for defense articles and services contrast sharply with the (generally) more liberal controls under the EAR for “dual-use” commodities, software, and technology. For that reason, it’s critically important that you determine accurately whether or not the items or technical data you plan to ship or transfer internationally are subject to ITAR controls. Making that jurisdictional determination requires paying careful attention to the current USML and the appropriate categories within the USML that apply to the export in question.

That’s one of the reasons it’s also vital that you follow closely all the recent changes that have been made to the USML—and the “600 series” ECCNs of the CCL— due to the ongoing Export Control Reform initiative, as well as those changes that are still being made. And that most emphatically includes proposed revisions to the definitions of terms!

The Proposed Rule published by the DDTC on June 3 is notable for its length (14 pages of hard copy in the small print of the triple-columned Federal Register) and for the unusually large number of revisions to the ITAR that are proposed. It contains a plethora of new definitions for regulatory terms, making it a veritable dictionary. Many of the proposed revisions are meant to harmonize the ITAR rules with those of the EAR. The BIS published a similar Proposed Rule with conforming amendments.

The key terms and phrases that would be redefined, clarified, updated, or adopted under the June 3 Proposed Rules include the following:

Technology
Technical Data
Public Domain
Fundamental, Basic, and Applied Research
Development
Production
Required
Defense Article
Defense Service
Characteristics and Functions (of an item)
Peculiarly Responsible
Export
Reexport
Release
Transfer (in-country)
Retransfer
End-to-end Encryption

For exports controlled by the ITAR, two of the proposed new definitions are especially noteworthy: “public domain” (vs. “technical data”) and “defense service.” That’s because these definitions potentially apply to every single category of the U.S. Munitions List.

We’ll take a closer look at the first of these this week, and discuss the second and more controversial of the two in a future post.

Revisiting “Public Domain”

The State Department proposes to revise the definition of “public domain” in ITAR Section 120.11 in order to simplify, update, and introduce greater versatility into the definition. The current version of ITAR Section 120.11 enumerates the ways in which “public domain” information might be published. State says that it now believes that defining “public domain” by a list such as this is unnecessarily limiting in scope and insufficiently flexible, given the continually evolving array of physical and electronic media and communication technologies by which information can be disseminated. The new definition they propose is intended to be more versatile than the list-based approach to identifying public-domain information sources.

Under the State Department’s proposed revisions to definitions in the ITAR, unclassified information and software are considered to be in the public domain—and thus not technical data or software subject to the ITAR—“when they have been made available to the public without restrictions upon their further dissemination such as through any of the following . . . .” Among the means of dissemination mentioned, 120.11(a)(4) is of special interest, as it includes in the “public domain” information available on publicly accessible web sites:

(4) Public dissemination (i.e., unlimited distribution) in any form (e.g., not necessarily in published form), including posting on the Internet on sites available to the public;

There are some important qualifications that should be carefully noted, however.

One well-known consequence of the open, uncontrolled nature of the internet is that a vast amount of information can be found online that was uploaded illegally, in violation of a wide range of national and international laws governing copyrights, patents, privacy, public safety, national security, and many other matters. Plainly, the discovery of certain technical data, information, or software on a web site carries no guarantee that the individual or organization posting it hasn’t done so in violation of U.S. export laws and regulations.

With regard to such contingencies, a note to the proposed revision to ITAR Section 120.11 warns that anyone exporting, reexporting, or retransferring export-controlled information found on the internet, or otherwise making it available to the public, will be committing an export violation.

Taken together, the new definition and the warning that accompanies it raise the specter of inadvertent illegal exports of ITAR-controlled technical data by U.S. exporters who had no reason to suspect that the information they were making use of was not in the public domain, given that it was already freely available to the public via the internet. Evidently foreseeing this concern, the DDTC immediately reassures exporters, in a second note to the new Section 120.11, that in such cases a person will not be considered guilty of an export violation . . . unless — as described in the revised Section 127.1(a)(6) — “such person has knowledge that the technical data or software was made publicly available without an authorization.”

But here’s the rub: how can your company be certain that any item of technical information found on the internet was properly cleared for public release before being uploaded? And if your company should inadvertently disseminate technical data that later turns out to have been controlled by the ITAR and uploaded to the internet by somebody else without DDTC authorization, how would you be able to prove that you did not “have knowledge” that it was export-controlled? Those are just a few of the questions and concerns that have been raised about the language of this proposed revision to ITAR Section 120.11. Discussions of these concerns between the regulatory agencies, the defense industry, the research universities, and the legal community are ongoing. It is possible that the language in the Proposed Rules will be revised as a result of those discussions. Whenever the DDTC and BIS publish their Final Rules on the definitions of these key terms — possibly within the next few months — we may find that some of these points have been addressed and further clarified.

Stay on the Safe Side

Be that as it may, here is what we recommend to you as the safest policy and procedure for your company under the current regulations — and none of the revisions currently under consideration by the DDTC or BIS is likely to change this greatly: before posting to the internet any technical information about your company’s products or research, other than non-proprietary general system descriptions or information on the basic function or purpose of an item, thoroughly review the USML and the CCL to determine if the information falls under U.S. export controls. If there is doubt about export jurisdiction, request a Commodity Jurisdiction determination from the DDTC; and if State should determine that ITAR controls apply, obtain an export license for the technical data, or request authorization for “release” of the document you want to post online from the appropriate agency, as described in Section 120.11(b).

Remember that knowingly uploading controlled technical data to the internet without appropriate authorization is a export violation that could have extremely serious penalties and consequences, for both you and your company, whether or not there is any evidence that a foreign national has read or downloaded the data. Don’t needlessly put yourself and your company at risk.

Paragraph (b) of the revised definition explicitly sets forth the DDTC’s requirement of authorization to release information into the “public domain.” This requirement is not new: it also exists under the current rules; the revised rules would state it more explicitly and amend some definitions to clarify the scope of the information covered, but the requirement is already there. Before you can make such information available, the U.S. Government must approve the release through one of the following agencies: (1) The State Department’s DDTC; (2) the DoD’s Office of Security Review (OSR); (3) a relevant U.S. Government contracting authority, if one exists, with the authority to allow the technical data or software to be made available to the public; or (4) another U.S. Government official with the proper authority for this.

In many cases, we believe that requesting a security review by the OSR will be the best and wisest route you can take in order to safeguard your company against the risk of an export violation. Guidelines for submitting documents for review can be found on their web site.

The experienced compliance professionals at Export Compliance Solutions (ECS) are well-positioned to advise you regarding the impact that the revised definitions in the June 3 Proposed Rules are likely to have on your operations and corporate export compliance programs, and to assist you with other export control issues as well. Our consultants frequently work with ECS clients to review their current classification policies and procedures, conduct large-scale or multi-national classification projects, train employees in navigating complex reporting and recordkeeping requirements, discover ways to enhance and streamline administrative processes, and more effectively implement internal compliance audits and assessments. As America’s premier trainers and consultants in EAR and ITAR compliance, we can help you make sure that your company maintains full compliance with the changing Commerce and State Department regulations.