Category Archives: Compliance

SUBMIT YOUR ADVISORY OPINIONS ON-LINE TO DDTC! REVIEW AND MAKE COMMENTS ON THE NEW CJ FORM

Advisory Opinions Accepted Online Through DECCS

Following last year’s testing, the Department of State, Directorate of Defense Trade Controls (DDTC) has announced the release of their new Advisory Opinions application for DDTC’s cloud-based Defense Export Control and Compliance System (DECCS).

The new Advisory Opinions application covers the following ITAR requests:

  • 126.9(a) – Whether DDTC would likely grant approval for a particular defense article or service to a particular country.*
  • 126.9(c) – ITAR interpretation
  • 129.9 – Guidance on whether an activity constitutes brokering under Part 129.

*Note that in many cases, it is preferable to submit a DSP-5 technical data license for marketing a defense article rather than a General Correspondence Advisory Opinion request.  While the new application is intended improve the submission and review process, a DSP-5 can avoid the need for two separate submissions for the same activity. (See DDTC’s 2016 guidance on advisory opinions.)

Other General Correspondence requests, such as §123.9 reexports or retransfers are still submitted in hard copy by mail.

The new application can be found at the DECCS Industry Service Portal: https://deccspmddtc.service-now.com/deccs

See the DDTC News & Events page (02/04/2019) for more information on this release.

Comment on Commodity Jurisdiction Form

In related DECCS news, on February 6, 2019, DDTC published a notice (84 FR 2295) requesting comments on the DS-4076 Request for Commodity Jurisdiction Determination form.  This request is part of the Office of Management and Budget (OMB) approval process.

Comments may be submitted until April 8, 2019.  Please see the Federal Register Notice for additional details.

Comment on DDTC Registration Form

On February 13, 2019, DDTC published a notice (84 FR 3846) requesting comments on the DS-2032 Statement of Registration form.  This request is also part of the OMB approval process.  Notably, DDTC plans to remove the fields for Social Security Numbers and home addresses for the various senior officers listed on the form.

Comments may be submitted until March 15, 2019.  Please see the Federal Register Notice for additional details.

CFIUS EXTENDS LONG ARM TO INCLUDE REVIEW OF DEFENSE ARTICLES/ DEFENSE SERVICES ON THE USML

As anticipated following the August enactment of the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), the Department of the Treasury has issued new regulations implementing changes to the Committee on Foreign Investment in the United States (CFIUS).

CFIUS Amendments

The first, an interim rule issued October 11, 2018 (83 FR 51316), primarily makes technical amendments to the CFIUS Part 800 regulations.  These changes include:

  • Extending CFIUS review period from 30 to 45 days,
  • Revising various definitions to be consistent with FIRRMA,
  • Providing examples of covered transactions,
  • Implementing electronic submissions,
  • Allowing parties to stipulate that a transaction is a covered transaction, and
  • Revising language regarding violations and remedies.

This rule was effective immediately and comments may be submitted through November 10, 2018.  Please see the Federal Register Notice for more information on how to comment.

Pilot Program

The second notice, also issued on October 11, 2018 (83 FR 51322) implements a “pilot program” expanding CFIUS review and mandatory declarations to a specific list of covered industries when dealing with “critical technologies.”

Under the new rule, “critical technologies” include:

  • Defense articles or defense services included on the United States Munitions List (USML) controlled by the Department of State,
  • Commerce Control List (CCL) items controlled pursuant to multilateral regimes, for regional stability, or surreptitious listening by the Department of Commerce,
  • Nuclear equipment and technology controlled by the Department of Energy,
  • Nuclear facilities, equipment, and material controlled by the Nuclear Regulatory Commission, and
  • Select agents and toxins controlled by the Department of Agriculture or the Department of Health and Human Services.

Companies in or developing products for the industries listed in the new Annex A to Part 801 are covered by the pilot program as follows, including North American Industry Classification System (NAICS) codes:

Industry NAICS Code
Aircraft Manufacturing 336411
Aircraft Engine and Engine Parts Manufacturing 336412
Alumina Refining and Primary Aluminum Production 331313
Ball and Roller Bearing Manufacturing 332991
Computer Storage Device Manufacturing 334112
Electronic Computer Manufacturing 334111
Guided Missile and Space Vehicle Manufacturing 336414
Guided Missile and Space Vehicle Propulsion Unit and Propulsion Unit Parts Manufacturing 336415
Military Armored Vehicle, Tank, and Tank Component Manufacturing 336992
Nuclear Electric Power Generation 221113
Optical Instrument and Lens Manufacturing 333314
Other Basic Inorganic Chemical Manufacturing 325180
Other Guided Missile and Space Vehicle Parts and Auxiliary Equipment Manufacturing 336419
Petrochemical Manufacturing 325110
Powder Metallurgy Part Manufacturing 332117
Power, Distribution, and Specialty Transformer Manufacturing 335311
Primary Battery Manufacturing 335912
Radio and Television Broadcasting and Wireless Communications Equipment Manufacturing 334220
Research and Development in Nanotechnology 541713
Research and Development in Biotechnology (except Nanobiotechnology) 541714
Secondary Smelting and Alloying of Aluminum 331314
Search, Detection, Navigation, Guidance, Aeronautical, and Nautical System and Instrument Manufacturing 334511
Semiconductor and Related Device Manufacturing 334413
Semiconductor Machinery Manufacturing 333242
Storage Battery Manufacturing 335911
Telephone Apparatus Manufacturing 334210
Turbine and Turbine Generator Set Units Manufacturing 333611

Transactions in these areas are covered by the pilot program when the investment would give a foreign investor:

  • Access to material nonpublic technical information;
  • Membership, observer, or nomination rights on the board of directors; or
  • Involvement in substantive decision-making regarding critical technology.

This rule will take effect on November 10, 2018 and comments may be submitted through that date.  Please see the Federal Register Notice for more information on how to comment.

The Department of the Treasury has also published a press release and fact sheet that summarize these changes.

The pilot program is scheduled to end no later than March 5, 2020, once replaced by a full expansion of CFIUS review.

(None of the information is intended to be authoritative official or professional legal advice. Consult your own legal counsel or compliance specialists before taking actions based upon this blog or other unofficial sources.)

“U.S. Persons” Include More Than Just Citizens

What is a “U.S. Person”?  If you are hiring for ITAR-controlled programs, you need to know.

The U.S. Department of Justice recently settled a hiring discrimination investigation against a large international law firm, Clifford Chance US LLP:

The Department’s investigation determined that Clifford Chance’s unlawful practice of excluding otherwise qualified non-U.S. citizens and dual U.S. citizens from the document reviewer positions was based on the law firm’s misunderstanding of the requirements of the International Traffic in Arms Regulations (ITAR). The Department found that the law firm improperly terminated or removed three individuals from their positions based on their citizenship status.

The settlement includes a $132,000 civil penalty, lost wages, compliance training, and two years of monitoring and reporting.

The problem for Clifford Chance was that the ITAR does not require that export-controlled projects be restricted to US citizens in order to avoid unauthorized exports.

The ITAR definition of a “U.S. person,” to which a release of technical data is not an export, is:

§120.15 U.S. person.
U.S. person means a person (as defined in §120.14 of this part) who is a lawful permanent resident as defined by 8 U.S.C. 1101(a)(20) or who is a protected individual as defined by 8 U.S.C. 1324b(a)(3). It also means any corporation, business association, partnership, society, trust, or any other entity, organization or group that is incorporated to do business in the United States. It also includes any governmental (federal, state or local) entity. It does not include any foreign person as defined in §120.16 of this part.

For individuals, including the categories in 8 U.S.C. 1324b(a)(3), U.S. persons include:

  1. US Citizens
  2. Lawful permanent residents (i.e., Green Card holders)
  3. Other narrow categories including some refugees and asylees.

Coming at it from the other side, foreign persons are defined as the inverse of US persons:

§120.16 Foreign person.
Foreign person means any natural person who is not a lawful permanent resident as defined by 8 U.S.C. 1101(a)(20) or who is not a protected individual as defined by 8 U.S.C. 1324b(a)(3). It also means any foreign corporation, business association, partnership, trust, society or any other entity or group that is not incorporated or organized to do business in the United States, as well as international organizations, foreign governments and any agency or subdivision of foreign governments (e.g., diplomatic missions).

While ITAR § 120.17(a)(2) defines releasing technician data to a foreign person in the United States as a deemed export, dual U.S. citizens and permanent residents (as well as other “protected individuals”) are not foreign persons.  As U.S. persons, they would not require export authorization and should not be categorically excluded.

The Export Administration Regulations (EAR) use the same basic definitions of U.S. and foreign persons for the purposes of deemed exports (see § 734.13(a)(2) for deemed exports and Part 772 for definitions).

So next time your company has an ITAR or EAR-related job listing, keep this case in mind.  Misunderstanding the category of “U.S. persons” could lead to steep penalties and time-consuming training.

(None of the information is intended to be authoritative official or professional legal advice. Consult your own legal counsel or compliance specialists before taking actions based upon this blog or other unofficial sources.)

Big Changes Coming to CFIUS, EAR No Longer an Emergency

This year’s defense authorization bill didn’t just fund the Department of Defense, but also set the stage for big changes to foreign investment and export controls.  Signed on August 13, 2018, the John S. McCain National Defense Authorization Act (NDAA) included the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) and the Export Control Reform Act (ECRA).

Foreign Investment Risk Review Modernization Act

The Foreign Investment Risk Review Modernization Act (FIRRMA) expands the jurisdiction of the Committee on Foreign Investment in the United States (CFIUS).  CFIUS, an interdepartmental committee chaired by the Treasury Department, was already authorized to review certain business transactions involving foreign investment in the United States that involve national security considerations.

FIRRMA expands the scope of transactions subject to CFIUS review to include transactions involving foreign persons including:

  • real estate located in proximity to airports, maritime ports, or sensitive government facilities such as military bases;
  • critical infrastructure, critical technologies, or sensitive personal data of US citizens;
  • membership on the board of directors or other decision-making rights;
  • changes in a foreign investor’s rights resulting in foreign control; and
  • other transactions designed to circumvent CFIUS jurisdiction.

FIRRMA also revises filing and review processes and timelines, expanding the ordinary review period from 30 to 45 days, effective when FIRRMA became law.  Notices received before August 13th will remain subject to the 30 day review period.  FIRRMA also provides for the option for CFIUS to implement filing fees.

The most significant provisions will not be effective until the earlier of eighteen months after the enactment (February 2020) or 30 days after the Secretary of the Treasury publishes a notice that the necessary regulations and resources are in place.  CFIUS may also conduct pilot programs under the new law.

CFIUS has advised businesses to continue to notify transactions as provided in current CFIUS regulations.

The Treasury Department has released a summary of FIRRMA and FIRRMA FAQs.

The International Traffic in Arms Regulations (ITAR) continue to require notification when there are changes to ownership or control (as well as other material changes) under 122.4.  Notification of transfer of ownership or control to a foreign person is required 60 days in advance and is independent of CFIUS processes.  See the State Department’s Directorate of Defense Trade Controls Mergers/Acquisition/Divestitures page for more information.

Export Control Reform Act

The new Export Control Reform Act (ECRA) provides statutory authority for the Export Administration Regulations (EAR) and Antiboycott rules, which have been maintained by emergency executive orders under the International Emergency Economic Powers Act (IEEPA) since the Export Administration Act (EAA) expired in 1994.

Notably, the ECRA also directs the Departments of Commerce, Defense, Energy, and State to “identify emerging and foundational technologies” that may warrant export controls, including CFIUS and export licensing.

Continuing developments from the last year, the ECRA establishes a US government procurement ban on telecommunications equipment produced by Huawei Technologies Company or ZTE Corporation.  It does not reinstate the Department of Commerce’s denial order for ZTE which was lifted in July.  The procurement ban also includes video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company.

The ECRA also increases potential civil penalties to $300,000 (from the most recently inflation-adjusted $295,141).

ECS will continue to monitor developments as new CFIUS regulations and the reviews of “emerging and foundational technologies” are discussed, proposed for comment, and implemented.

(None of the information is intended to be authoritative official or professional legal advice. Consult your own legal counsel or compliance specialists before taking actions based upon this blog or other unofficial sources.)

Iran Sanctions Reimposed—No More Mr. Nice Guy

On May 8, 2018, the White House announced the termination of U.S. participation in the Joint Comprehensive Plan of Action (JCPOA) with Iran.  Previously suspended sanctions, particularly related to Iran’s energy, petrochemical, and financial sectors will be re-imposed subject to a wind-down periods for existing business.

The Department of the Treasury released a follow-on statement including the following:

As soon as is administratively feasible, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) expects to revoke, or amend, as appropriate, general and specific licenses issued in connection with the JCPOA.  At that time, OFAC will issue new authorizations to allow the wind down of transactions and activities that were authorized pursuant to the revoked or amended general and specific licenses.  At the end of the 90-day and 180-day wind-down periods, the applicable sanctions will come back into full effect.

OFAC also posted FAQs on the re-imposition of sanctions.  Notably, the 90-day wind-down period that ends on August 6, 2018 includes:

ii.  Activities undertaken pursuant to specific licenses issued in connection with the Statement of Licensing Policy for Activities Related to the Export or Re-export to Iran of Commercial Passenger Aircraft and Related Parts and Services (JCPOA SLP); and

iii.  Activities undertaken pursuant to General License I relating to contingent contracts for activities eligible for authorization under the JCPOA SLP.

The 180-day wind-down period that ends on November 4, 2018 includes shipping, shipbuilding, petroleum, and energy sectors.  Other categories of business are distributed between the two wind-down periods.

Due to the wind-down periods, sanctions and license revocations were not yet officially implemented.  The full FAQs may be found here.

For ITAR purposes, Iran was and remains a prohibited destination subject to a policy of denial under Section 126.1.  The Department of Commerce Export Administration Regulations (Section 746.7) include both Commerce Department and OFAC licensing requirements for Iran.

(None of the information is intended to be authoritative official or professional legal advice. Consult your own legal counsel or compliance specialists before taking actions based upon this blog or other unofficial sources.)

Seize the Opportunity to Review & Test State/DDTC’s Electronic Disclosure Form!

The Department of State, Directorate of Defense Trade Controls (DDTC) has published the following notice on their website:

Industry Notice: Industry Feedback on Electronic Disclosures (DS-7787) (4.12.18) DDTC is developing an electronic version of the current DS-7787: Disclosure of Violations of the Arms Export Control Act form, also known as Disclosures. As an alternative to paper and mail, the online version will allow Industry personnel to submit Disclosures directly through DDTC’s Defense Export Compliance and Control System (DECCS). In an effort to improve this electronic form, DDTC is enabling a test version of the new online process for Industry feedback between April 16, 2018 – April 30, 2018, prior to it being publicly available online. If you are interested in participating, please visit https://pmddtcqa.service-now.com/um/ for more information on how to access and use the test version. Once you have completed testing, you can submit feedback or comments through the Provide feedback button.

As disclosures are an important part of compliance programs, this is a great opportunity to see what DDTC is developing and help make it more useful and user-friendly in the future.

(None of the information is intended to be authoritative official or professional legal advice. Consult your own legal counsel or compliance specialists before taking actions based upon this blog or other unofficial sources.)

EAR Amended to Reflect Australia Group Decisions; DTAG Meeting; More Penalty Inflation Adjustments

Australia Group EAR Amendments

On April 2, 2018 (83 FR 13849), the Department of Commerce amended the Export Administration Regulations (EAR) to revise the following Export Control Classification Numbers (ECCNs) based on 2017 Australia Group decisions:

  • 1C350 (toxic chemical agent precursors)
  • 1C351 (human and animal pathogens and toxins)
  • 1C353 (genetic elements and genetically-modified organisms)
  • 2B350 (chemical manufacturing facilities and equipment)
  • 2B351 (toxic gas monitors and monitoring systems)
  • 2B352 (equipment capable of use in handling biological materials)

The specific changes, largely intended to clarify the entries, are detailed in the Federal Register Notice.

In addition, due to the admission of India to the Australia Group in January, an international forum for harmonizing for chemical and biological export controls, the Country Commerce Chart (Supplement No. 1 to part 738 of the EAR) was revised to remove the “X” in India’s entry for the CB 2 column (Chemical and Biological Weapons) and India was added to the Australia Group column (A:3) in the Country Groups chart (Supplement No. 1 to part 740 of the EAR).

DTAG to Meet in May

The Defense Trade Advisory Group (DTAG) will meet on May 10, 2018 to discuss the following topics:

  1. Address one remaining task not briefed as final by the IT working group at the February 1 plenary meeting. Pass any remaining work by way of recommendations for further study;
  2. Provide recommended changes to ITAR § 123.17 exemption that would cover other commonly carried Government Furnished Equipment (GFE); and
  3. Further discussion and recommendations with regards to the Defense Services Working Group.

The DTAG meeting is open to the public, with seating limited to 125 persons.  For meeting and registration information, click here for the meeting notice.

OFAC and DHS Inflation Adjustments of Civil Monetary Penalties

On March 19, 2018, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) published inflation adjustments for civil monetary penalties under multiple sets of regulations.  The changes are detailed in the Federal Register Notice, 83 FR 11876.

On April 2, 2018, the Department of Homeland Security (DHS) published inflation adjustments for civil monetary penalties under DHS components, including the Chemical Facility AntiTerrorism Standards (CFATS), U.S. Customs and Border Protection (CBP), U.S. Immigration and Customs Enforcement (ICE), and the U.S. Coast Guard.  The changes are detailed in the Federal Register Notice, 83 FR 13826.

(None of the information is intended to be authoritative official or professional legal advice. Consult your own legal counsel or compliance specialists before taking actions based upon this blog or other unofficial sources.)

South Sudan Policy of Denial; Will be Added to 126.1 Prohibited Destinations

The State Department’s Directorate of Defense Trade Controls (DDTC) has published a web notice announcing a policy change for South Sudan:

Change in Policy on Exports of Defense Articles and Defense Services to South Sudan (2.2.18)
Pursuant to section 38(a) of the Arms Export Control Act and the delegated authority of the Secretary of State thereunder, the Secretary has determined that it is the policy of the Department of State to deny, with limited exceptions, export licenses or other approvals for defense articles and defense services subject to the International Traffic in Arms Regulations (ITAR) and destined for South Sudan. This policy is effective immediately. DDTC will publish a rule in the Federal Register to implement a conforming change to ITAR §126.1.

Sudan is already listed as a prohibited destination under ITAR § 126.1, which includes a note on South Sudan’s previous post-independence status:

Note to §126.1. On July 9, 2011, the Republic of South Sudan declared independence from Sudan and was recognized as a sovereign state by the United States. This policy does not apply to the Republic of South Sudan. Licenses or other approvals for exports or imports of defense articles and defense services destined for or originating in the Republic of the South Sudan will be considered on a case-by-case basis.

The State Department has also published a more detailed press release on the policy change based on continuing violence in South Sudan.

UPDATE:  The amendment (83 FR 6457) adds South Sudan under 126.1(w) effective February 14, 2018:

(w) South Sudan. It is the policy of the United States to deny licenses or other approvals for exports of defense articles and defense services destined for South Sudan, except that a license or other approval may be issued, on a case-by-case basis, for:

(1) Defense articles and defense services for monitoring, verification, or peacekeeping support operations, including those authorized by the United Nations or operating with the consent of the relevant parties;

(2) Defense articles and defense services intended solely for the support of, or use by, African Union Regional Task Force (AU-RTF) or United Nations entities operating in South Sudan, including but not limited to the United Nations Mission in the Republic of South Sudan (UNMISS), the United Nations Mine Action Service (UNMAS), the United Nations Police (UNPOL), or the United Nations Interim Security Force for Abyei (UNISFA);

(3) Defense articles and defense services intended solely for the support of or use by non-governmental organizations in furtherance of conventional weapons destruction or humanitarian demining activities;

(4) Non-lethal defense articles intended solely for humanitarian or protective use and related technical training and assistance;

(5) Personal protective equipment including flak jackets and helmets, temporarily exported to South Sudan by United Nations personnel, human rights monitors, representatives of the media, and humanitarian and development workers and associated personnel, for their personal use only; or

(6) Any defense articles and defense services provided in support of implementation of the Comprehensive Peace Agreement, the Agreement on the Resolution of the Conflict in the Republic of South Sudan, or any successor agreement.

(None of the information is intended to be authoritative official or professional legal advice. Consult your own legal counsel or compliance specialists before taking actions based upon this blog or other unofficial sources.)

New Year State and Commerce Maximum Penalty Adjustments,
EAR Corrections, and Invitation for DTAG Membership

Editorial Updates to EAR

On December 27, 2017 (82 FR 61153, corrected by 83 FR 709), the Department of Commerce issued a series of revisions, clarifications, and technical corrections to the Export Administration Regulations (EAR).  These are editorial corrections that do not affect license requirements.  The rule also updates the Export Control Decision Tree (supplement No. 1 to part 732), last revised in 2004, primarily to correct references to the EAR.  The flow of the Export Control Decision Tree is unchanged.

Civil Penalties Adjusted for Inflation

On January 3, 2018 (83 FR 234, corrected by 83 FR 2738), the Department of State amended the ITAR (and other Title 22 regulations) to adjust the maximum civil penalties for inflation.  The § 127.10 civil penalties were amended as follows:

  • 127.10(a)(1)(i) increased from $1,111,908 to $1,134,602.
  • 127.10(a)(1)(ii) increased from $808,458 to $824,959 (or five times the amount of the prohibited incentive payment, whichever is greater).
  • 127.10(a)(1)(iii) increased from $962,295 to $981,935.

On January 8, 2018 (83 FR 706), the Department of Commerce published its adjustments for inflation, including increasing the maximum penalty for a violation of the International Emergency Economic Powers Act from $289,238 to $295,141.

DTAG Membership Notice

Finally, the Defense Trade Advisory Group (DTAG), the State Department’s advisory group of defense trade representatives, is seeking applications for membership with a postmark deadline of March 2, 2018.  For application and submission instructions, please see this notice.

(None of the information is intended to be authoritative official or professional legal advice. Consult your own legal counsel or compliance specialists before taking actions based upon this blog or other unofficial sources.)

EXPORT COMPLIANCE IN 11 WORDS (Part 9 of 12)

EXPORT COMPLIANCE IN 11 WORDS
A Series on Export Compliance Essentials

(Part 9 of 12)

MONITOR!

Once you have an export compliance program in place, continuous monitoring is critically important to provide reasonable assurance of its effectiveness, enable you to make incremental adjustments to changing situations, and show you ways to improve the program’s efficiency. Annual compliance audits and assessments will be limited in their effectiveness and afford inadequate protection unless they are supported and complemented by the ongoing review processes that should be an integral part of compliance management.

Congratulations! It took a lot of hard work, and more time than you’d expected, but you’ve finally succeeded in getting a comprehensive export compliance program up and running at your company. You’re satisfied that it’s all there—the works, the whole enchilada, all the compliance essentials we’ve been looking at in this series:

  • Risk analysis and planning
  • A thorough manual with written policies and detailed procedures
  • Upper management commitment and involvement
  • Initial and repeated multi-level employee training
  • Clear delineation of roles, responsibilities, and accountability
  • Procedures for jurisdictional determination and product classification
  • Obtaining approval for licenses and agreements
  • Tracking the use of exemptions and exceptions
  • Labeling and marking controlled items and technical data
  • Real-time screening of customers, suppliers, service contractors, business partners, new hires, and other parties
  • Physical security
  • IT security
  • Mandatory recordkeeping and records-retention practices
  • Mandatory reporting to the government agencies
  • Periodic internal and external reviews, with follow-up of findings

All good. Sounds fantastic. We’ve got just a few more questions for you before you take off on that well-earned vacation you’ve been looking forward to. Here’s one:

What provisions have you made for monitoring the operation of your program? In other words, how do you plan to make sure your policies and procedures continue to be adequate and continue to function properly? And how do you plan to make sure you won’t be the last to know if they aren’t working as they should?

In compliance management, as in every other part of life, no matter how carefully you’ve planned and how well you’ve done your homework, there are sure to be some unforeseen challenges. Issues will surface that were not initially identified. A procedure that looked good on paper will be put into practice and turn out to be . . . not so good. Situations and personnel will change without warning, giving rise to a whole new set of problems.

Even the best-designed compliance program is bound to require fine-tuning and frequent adjustments in response to:

  • Changes in business needs
  • Changes in U.S. export laws and regulations
  • Changes in federal agency enforcement policies
  • Changes in technology
  • Changes in the national economy
  • Changes in the global marketplace
  • Changes in the global threat environment.

Yes, the annual risk assessments and compliance audits that you wisely included in your compliance plan are one important tool for coping with those challenges, but periodic audits cannot be the whole solution. All too often compliance audits are conducted too long after non-compliance events have already occurred to allow you to correct the issues and problems they uncover before a great deal of damage has been done.

If your company is committing an export violation today, or is about to do so, do you really want to be first apprised of the situation by the annual compliance audit report?  Don’t put off tomorrow what can be done today!

As a compliance officer, you need windows into your compliance program that allow you to view the current state of your company’s internal processes and see which areas need more attention right now. Periodic company-wide audits and assessments are most effective when they are informed and supplemented by day-to-day and week-to-week feedback from operational management, as well as frequent tests, checks, surveys, and “mini-audits” of specific processes and risk points.

Preventing the occurrence of export violations, or at least stopping them before they can multiply, is nearly always less costly and stressful than dealing with their aftermath. Successfully detecting intentional deviations from processes and procedures—such as when an employee purposely ignores or contravenes compliance safeguards for his or her own advantage or convenience—has the added benefit of reinforcing the perception that management prioritizes export compliance, is watching, and will take prompt action when problems occur.

That’s undoubtedly why the DDTC’s Compliance Program Guidelines counsel “internal monitoring” that involves “measurement of effectiveness of day-to-day operations” with “emphasis on validation of full export compliance, including adherence to license and other approval conditions.”

It’s also why the BIS’s Office of Exporter Services included “internal and external compliance monitoring,” along with periodic audits, as one of the Nine Key Elements of an Effective Compliance Program. In the agency’s 145-page handbook for U.S. exporters, Compliance Guidelines: How to Develop an Effective Export Management and Compliance Program and Manual, the BIS recommends “a transaction-level and process-level review of compliance efforts with a special emphasis placed on areas of high risk,” noting that such monitoring can “successfully focus attention at the business-unit level on risk areas at an early stage, affording the opportunity to correct deficiencies before they result in major problems.”

The DDTC and BIS guidance documents agree that internal and external monitoring are both important. Every company or organization, in addition to actively monitoring itself, needs outside assurance from an independent third party that its compliance efforts are on the right track.

The following compliance “best practices” also fall under the general rubric of export compliance monitoring:

  • Self-monitoring and reporting by operations staff in all export-related departments and divisions of the company on the effectiveness of specific compliance processes and procedures is requested and implemented.
  • Timely crosstalk is encouraged among employees in export-related departments, divisions, and branches within the company to ensure that practical compliance experiences and lessons learned are communicated throughout the entire organization, with a view to improving the effectiveness and efficiency of export controls and promoting consistency of procedures.
  • Clear and specific internal procedures have been established and communicated to all employees, including contract employees, for the reporting of potential export compliance problems to management, including the option of reporting export violations anonymously through a mailbox, website, or helpline.
  • Employees understand that management considers the reporting of suspected export violations to be the duty of each employee and know that they will be protected from retribution or retaliation of any kind if they raise questions or concerns about compliance in good faith.
  • On-site end-use monitoring of personnel performing defense services is performed frequently by qualified export compliance staff to ensure that their activities remain within the scope of the relevant export authorization.
  • Previously identified export compliance problems or high-risk areas are revisited to ensure that the prescribed corrective actions were implemented and that they have been effective.

Unlike banks and financial institutions, who may choose to concentrate their compliance monitoring on those transactions with the highest impact on revenue, exporters of defense articles and services, dual-use commodities, technical data, and controlled technology, when monitoring ITAR, EAR, and OFAC compliance, may sometimes need to focus on business areas that have a relatively small revenue impact but carry a large compliance risk. Manufacturing or distribution operations in a developing country, for example, or exports to new trading partners in a formerly embargoed nation whose U.S. trade sanctions were only recently lifted, might be relatively small now, when measured by current sales or profits, but multiple compliance challenges and the potential for serious penalties may call for close and continuous monitoring.

Monitoring day-to-day compliance may seem unexciting, like performing routine maintenance on your car. It undoubtedly requires a significant investment of time, effort, and money, and the benefits may not be immediately evident. But most car owners understand that failure to do so is a sure recipe for disaster.  In other words, don’t let procrastination get in the way of success and continuously monitor your compliance program!

 

(None of the information is intended to be authoritative official or professional legal advice. Consult your own legal counsel or compliance specialists before taking actions based upon this blog or other unofficial sources.)