Export compliance is about entities, goods, and processes.
There are multiple Federal departments, laws and regulations concerned with personal and corporate liability for export violations. While these can be separated into two categories or classes, screening for restricted/denied parties is essential to both:
- Engagement violations: violation of laws governing the export or domestic sale or transfer of restricted goods/technologies to restricted, denied, specially designated, sanctioned, debarred, blocked and embargoed entities—persons, corporations, organizations, and countries.To guard against engagement violations, it is absolutely essential to screen customers, contractors, logistics providers, employees, suppliers and others with whom you intend to do business.
- Process violations: violation of administrative processes including documentation, filing, recordkeeping and other administrative requirements. Guarding against process violations includes your ability to prove you screened appropriately.
General export compliance program elements
A good export compliance program ensures and proves that your business is not transacting business with terrorists and terrorist organizations, drug traffickers, human rights violators, regimes producing weapons of mass destruction, and other restricted parties. And that you aren’t supplying controlled goods and technologies to companies themselves restricted, denied, sanctioned or blocked.
Experts in the export compliance field typically incorporate six elements when building compliance programs.
- Demonstrating management support
- Company profiling and risk assessment
- Establishing & managing accountability
- Process & engagement controls (preferably automated)
- Screening parties — restricted, denied, sanctioned, designated, blocked, or “red flagged”
- Classifying goods — ECCN, HTS or Schedule B, USML
- Screening transactions — party/goods/country restrictions and licenses including domestic “deemed exports” and international re-exports
- Screening countries — restricted, embargoed, blocked, sanctioned
- Preparing documentation
- Regulatory submission
- Recordkeeping — regulatory management
- Communication & education/training
- Audit & quality management
Note that screening has an important role to play in most process and engagement controls.
ITAR compliance program guidelines
Comprehensive operational compliance programs include manuals that articulate the processes to be followed in implementing the company program. There are a number of important elements of effective manuals and programs.
- Organizational charts.
- Description (and flow charts, if appropriate) of company’s defense trade functions.
- Description of any management and control structures for implementing and tracking compliance with U.S. export controls (including names, titles, and principal responsibilities of key officers).
Corporate commitment and policy
- Directive by senior company management to comply with Arms Export Control Act (AECA) and the International Traffic in Arms Regulations (ITAR)
- Knowledge and understanding of when and how the AECA and ITAR affect the company with ITAR controlled items/technical data
- Knowledge of corporate internal controls that have been established and implemented to ensure compliance with the AECA and ITAR, for example:
- Citation of basic authorities (AECA, ITAR)
- Identification of authorized U.S. Government control body (Directorate of Defense Trade Controls (“DDTC”))
- Corporate policy to comply fully with all applicable U.S. export control laws and regulations
- Compliance as a matter for top management attention that needs adequate resources
- Identification, duties, and authority of key persons (senior executives, empowered officials) for day-to-day export/import operations and compliance oversight
- Corporate Export Administration organization chart
- Operating Division Export Administration flow chart
Identification, receipt and tracking of ITAR controlled items/technical data
- Methodology used, specifically tailored to corporate structure, organization, and functions, to identify and account for ITAR controlled items/technical data the company handles (trace processing steps of ITAR controlled transactions from the time the company manufactures/receives the item to the time an item is shipped from the company—or in the case of a defense service, when provided). Examples of questions to be addressed include:
- Are appropriate employees familiar with the AECA and ITAR and related requirements, including handling export approvals with certain provisos and limitations?
- Are company employees notified of changes in U.S. export control restrictions, and are they provided accurate, reliable interpretation of U.S. export control restrictions?
- What U.S. origin defense articles are manufactured/received by the firm and from whom? How identified and “tagged”?
- What U.S. origin technical data related to defense articles are produced/received by the firm and from whom? How identified and “tagged”?
- What items are manufactured by the firm using U.S. origin technical data? How identified and “tagged”?
- What items or articles are manufactured by the firm that incorporates U.S. origin defense articles (components)? How identified and “tagged”?
- What kind of recordkeeping system does the company maintain that would allow for control of, and for retrieval of information on, U.S. origin technical data and/or defense articles exported to the company?
- Procedures utilized to (a) obtain written State Department approval prior to the retransfer to a party not included in a State Department authorization of an item/technical data transferred or exported originally to the company, and (b) track the re-export or re-transfer (including placing parties on notice that the proposed transfers involve U.S. origin products and labeling such products appropriately).
- Procedure when an ITAR controlled item/technical data is transferred by the company to a foreign national employed at the company.
- Procedure when an ITAR controlled item/technical data is transferred by the company to a foreign person within the U.S.
- Procedure when ITAR controlled technical data or defense articles are transferred from the company to a foreign person outside of the U.S.
- Procedure when an ITAR controlled item/technical data is to be used or transferred for an end-use not included in the State Department authorization.
Restricted/prohibited exports and transfers
- Procedure for screening customers, carriers, and countries
- Screening procedure for high-risk transactions
- Procedures to investigate any evidence of diversion or unauthorized use of U.S. origin products
- Description of record systems concerning U.S. origin products
- Procedures for maintaining records relating to U.S. origin products for five years from the expiration of the State Department license or other approval
- Regular internal review of files to ensure proper practices and procedures by persons reporting to top management
- Perform audits periodically to ensure integrity of compliance program
- Emphasis on validation of full export compliance, including adherence to license and other approval conditions
- Measurement of effectiveness of day-to-day operations
- Adopt procedure for highlighting any compliance areas that needs more attention
- Report known or suspected violations to Corporate export administration office
- Effective liaison and coordination with Ombudsman. Examples include:
- Specific description of procedures (examination of organizational structure, reporting relationships, and individuals assigned to export/import controls process
- Random document review and tracing of processes
- Review of internal recordkeeping, communications, document transfer, maintenance and retention
- Conclusion and report of violations to Corporate Export Administrator
- Coordination with Ombudsman
- Explanation of company training program on U. S. export control laws and regulations
- Process to ensure education, training, and provision of guidance to all employees involved on exports (including those in departments such as Traffic, Marketing, Contracts, Security, Legal, Public Relations, Engineering, Executive Office)
Violations and penalties
- Procedures for notification of potential violations, including use of voluntary disclosure and Ombudsman to report any violation of the company’s internal control program or U.S. export controls
- Emphasis on importance of compliance (to avoid jeopardizing Corporate business and severe sanctions against the Corporation and responsible individuals)
- Description of AECA/ITAR penalties
- Written statements and procedures to foster employee discipline (e.g., keying certain types of advancement to compliance understanding and implementation, and establishment of internal disciplinary measures)