Recent enforcement activities by the Bureau of Industry and Security (BIS) illustrate the importance of having a viable Export Administration Regulations (EAR) Export Compliance Program. These events including a 300-million-dollar penalty imposed on Seagate Technology earlier this year, are as Assistant Secretary for Export Enforcement Matthew Axelrod described, “a clarion call” for businesses to comply with BIS export laws.
Export Administration Regulations (EAR) control the export of commodities enumerated as described in15 CFR §730. The EAR are administered and enforced by the Bureau of Industry and Security (BIS) under the auspices of the Department of Commerce. These regulations are in place to advance the national security and foreign policy objectives of the United States Government.
Items controlled under the EAR are listed in the Commerce Control List (CCL) and identified by a unique Export Control Classification Number (ECCN). Prohibition of export or requirements for licensing are based on the classification of the item, the destination of export, the end user, and the end use of the item.
Elements of an Export Compliance Program
Export compliance programs must have processes in place to identify, prevent, and mitigate export regulation violations. These programs should include the following components in a manner that is coordinated with a cohesive management system.
Management
An effective export compliance must have commitment from top management as reflected in an official policy statement. This statement should include statements that no sale or transfer of controlled items will occur and identify persons to contact if potential violations or compliance questions arise. Management must also provide adequate resources for the compliance program and develop a company culture of compliance through example and training.
Risk Assessment
Processes should be in place to assess risks associated with:
-
- Exporting a controlled item without a required export license
- A deemed export caused by the unauthorized release of sensitive information or controlled technologies
- Servicing of items outside of the United States
Organizational Operations
Programs should have clearly defined roles with sufficient oversight. Interdepartmental cooperation and communication within the organization are critical. When organizations have multiple campuses, considerations should be given to the degree of independence required to maintain compliance at each location. Furthermore, procedures related to the compliance programs should be delineated in a properly maintained document system.
Screening of Customers
It is the responsibility of the exporter to ensure that exports do not end up in the hands of prohibited end-users. Procedures should be in place to verify the legitimacy of the buyer, obtain end-use statements, screen all involved parties against denied parties lists, and ensure that shipping documentation notifies all parties of the nature of the export.
Customer screening should address the risk of unauthorized diversions of exported items and ensure that agreements are not made in violation of Anti-boycott laws.
Export Authorization
Processes should be in place for the proper classification of products and services. Classifications should begin with determining if the item falls under the International Traffic in Arms Regulations (ITAR) which are administered by the Directorate of Defense Trade Controls. Then determinations can be made as to whether the item is subject to the EAR.
Once classification has been completed a determination should be made if the intended export is prohibited, licensing is required, or license exemptions apply.
Record Retention
Retention of documents pertaining to export activities should be maintained for a minimum period of five years. For electronic documentation, care should be taken to ensure confidentiality, integrity, and availability of information. Specific roles and responsibilities for maintaining these records should be assigned.
Training
Any EAR Export Compliance Program is only as resilient as its weakest link. Training is mandatory for all members of an organization that are involved with controlled items. This training should provide job specific knowledge, communicate responsibilities, and impart accountability for compliance. This training should be periodically reviewed to ensure knowledge and update personnel on changes in regulations or policies.
Audits
The export compliance program should be regularly audited to assess its effectiveness. Audits should be conducted on specific functional levels as well as the program level. While these audits can be conducted internally, it is considered a best practice to conduct an audit with an outside auditor.
Handling Export Violations and Taking Corrective Actions
Violations can occur even in a well-executed export compliance program. In the event of a violation, procedures should be in place to address the investigation, corrective action processes, and voluntary disclosure. An organizational culture should be in place that encourages employees to suspected violations and ensures a safe environment for doing so.
CVG Strategy Export Compliance Programs
EAR Export Compliance Programs are essential for businesses involved in the export of items listed on the CCL. These programs should be incorporated into an organization’s management system to ensure effective mitigation of risks associated with violations.
CVG Strategy can help you understand Export Administration Regulations, and help you establish a coherent and effective export compliance program. We can perform export control classifications, perform audits, and educate your team. Regardless of whether your business falls under EAR or ITAR, CVG Strategy has the expertise to help.