Monthly Archives: February 2017

EXPORT COMPLIANCE IN 11 WORDS (Part 9 of 12)

EXPORT COMPLIANCE IN 11 WORDS
A Series on Export Compliance Essentials

(Part 9 of 12)

MONITOR!

Once you have an export compliance program in place, continuous monitoring is critically important to provide reasonable assurance of its effectiveness, enable you to make incremental adjustments to changing situations, and show you ways to improve the program’s efficiency. Annual compliance audits and assessments will be limited in their effectiveness and afford inadequate protection unless they are supported and complemented by the ongoing review processes that should be an integral part of compliance management.

Congratulations! It took a lot of hard work, and more time than you’d expected, but you’ve finally succeeded in getting a comprehensive export compliance program up and running at your company. You’re satisfied that it’s all there—the works, the whole enchilada, all the compliance essentials we’ve been looking at in this series:

  • Risk analysis and planning
  • A thorough manual with written policies and detailed procedures
  • Upper management commitment and involvement
  • Initial and repeated multi-level employee training
  • Clear delineation of roles, responsibilities, and accountability
  • Procedures for jurisdictional determination and product classification
  • Obtaining approval for licenses and agreements
  • Tracking the use of exemptions and exceptions
  • Labeling and marking controlled items and technical data
  • Real-time screening of customers, suppliers, service contractors, business partners, new hires, and other parties
  • Physical security
  • IT security
  • Mandatory recordkeeping and records-retention practices
  • Mandatory reporting to the government agencies
  • Periodic internal and external reviews, with follow-up of findings

All good. Sounds fantastic. We’ve got just a few more questions for you before you take off on that well-earned vacation you’ve been looking forward to. Here’s one:

What provisions have you made for monitoring the operation of your program? In other words, how do you plan to make sure your policies and procedures continue to be adequate and continue to function properly? And how do you plan to make sure you won’t be the last to know if they aren’t working as they should?

In compliance management, as in every other part of life, no matter how carefully you’ve planned and how well you’ve done your homework, there are sure to be some unforeseen challenges. Issues will surface that were not initially identified. A procedure that looked good on paper will be put into practice and turn out to be . . . not so good. Situations and personnel will change without warning, giving rise to a whole new set of problems.

Even the best-designed compliance program is bound to require fine-tuning and frequent adjustments in response to:

  • Changes in business needs
  • Changes in U.S. export laws and regulations
  • Changes in federal agency enforcement policies
  • Changes in technology
  • Changes in the national economy
  • Changes in the global marketplace
  • Changes in the global threat environment.

Yes, the annual risk assessments and compliance audits that you wisely included in your compliance plan are one important tool for coping with those challenges, but periodic audits cannot be the whole solution. All too often compliance audits are conducted too long after non-compliance events have already occurred to allow you to correct the issues and problems they uncover before a great deal of damage has been done.

If your company is committing an export violation today, or is about to do so, do you really want to be first apprised of the situation by the annual compliance audit report?  Don’t put off tomorrow what can be done today!

As a compliance officer, you need windows into your compliance program that allow you to view the current state of your company’s internal processes and see which areas need more attention right now. Periodic company-wide audits and assessments are most effective when they are informed and supplemented by day-to-day and week-to-week feedback from operational management, as well as frequent tests, checks, surveys, and “mini-audits” of specific processes and risk points.

Preventing the occurrence of export violations, or at least stopping them before they can multiply, is nearly always less costly and stressful than dealing with their aftermath. Successfully detecting intentional deviations from processes and procedures—such as when an employee purposely ignores or contravenes compliance safeguards for his or her own advantage or convenience—has the added benefit of reinforcing the perception that management prioritizes export compliance, is watching, and will take prompt action when problems occur.

That’s undoubtedly why the DDTC’s Compliance Program Guidelines counsel “internal monitoring” that involves “measurement of effectiveness of day-to-day operations” with “emphasis on validation of full export compliance, including adherence to license and other approval conditions.”

It’s also why the BIS’s Office of Exporter Services included “internal and external compliance monitoring,” along with periodic audits, as one of the Nine Key Elements of an Effective Compliance Program. In the agency’s 145-page handbook for U.S. exporters, Compliance Guidelines: How to Develop an Effective Export Management and Compliance Program and Manual, the BIS recommends “a transaction-level and process-level review of compliance efforts with a special emphasis placed on areas of high risk,” noting that such monitoring can “successfully focus attention at the business-unit level on risk areas at an early stage, affording the opportunity to correct deficiencies before they result in major problems.”

The DDTC and BIS guidance documents agree that internal and external monitoring are both important. Every company or organization, in addition to actively monitoring itself, needs outside assurance from an independent third party that its compliance efforts are on the right track.

The following compliance “best practices” also fall under the general rubric of export compliance monitoring:

  • Self-monitoring and reporting by operations staff in all export-related departments and divisions of the company on the effectiveness of specific compliance processes and procedures is requested and implemented.
  • Timely crosstalk is encouraged among employees in export-related departments, divisions, and branches within the company to ensure that practical compliance experiences and lessons learned are communicated throughout the entire organization, with a view to improving the effectiveness and efficiency of export controls and promoting consistency of procedures.
  • Clear and specific internal procedures have been established and communicated to all employees, including contract employees, for the reporting of potential export compliance problems to management, including the option of reporting export violations anonymously through a mailbox, website, or helpline.
  • Employees understand that management considers the reporting of suspected export violations to be the duty of each employee and know that they will be protected from retribution or retaliation of any kind if they raise questions or concerns about compliance in good faith.
  • On-site end-use monitoring of personnel performing defense services is performed frequently by qualified export compliance staff to ensure that their activities remain within the scope of the relevant export authorization.
  • Previously identified export compliance problems or high-risk areas are revisited to ensure that the prescribed corrective actions were implemented and that they have been effective.

Unlike banks and financial institutions, who may choose to concentrate their compliance monitoring on those transactions with the highest impact on revenue, exporters of defense articles and services, dual-use commodities, technical data, and controlled technology, when monitoring ITAR, EAR, and OFAC compliance, may sometimes need to focus on business areas that have a relatively small revenue impact but carry a large compliance risk. Manufacturing or distribution operations in a developing country, for example, or exports to new trading partners in a formerly embargoed nation whose U.S. trade sanctions were only recently lifted, might be relatively small now, when measured by current sales or profits, but multiple compliance challenges and the potential for serious penalties may call for close and continuous monitoring.

Monitoring day-to-day compliance may seem unexciting, like performing routine maintenance on your car. It undoubtedly requires a significant investment of time, effort, and money, and the benefits may not be immediately evident. But most car owners understand that failure to do so is a sure recipe for disaster.  In other words, don’t let procrastination get in the way of success and continuously monitor your compliance program!