ITAR Consulting – Export Compliance Expertise

CVG Strategy’s ITAR Consulting services.

CVG Strategy’s ITAR Consulting has been assisting organizations with export compliance for over a decade.   Our export regulation experts have created ITAR compliance programs, performed risk assessments and audits, classified articles and services, and obtained required licenses. 

Our ECTI Accredited Export Compliance Professionals maintain their levels of expertise in ITAR, EAR, and Canadian Controlled Goods Program regulations to ensure that your export compliance team has availability to the latest information regarding these changing regulations.  We pride ourselves in providing honest and professional guidance to our customers.  Because our team has been involved in administrating businesses involved with export compliance, we understand the challenges that businesses of all sizes face daily with regards to the ITAR.

What is ITAR?

ITAR ConsultingThe International Traffic in Arms Regulations (ITAR)  control the export of defense related materials and technologies, including hardware, software, services and technical data.  These controls exist to protect national security and foreign policy interests of the United States Government.  The ITAR is administered and enforced by the Directorate of Defense Trade Control (DDTC).

If an organization is involved with the provision of items or services controlled by the ITAR, they are required to register with the DDTC and maintain an Export Compliance Management System.  Determination of this requirement is made by classifying the specific item or service to determine if it is enumerated in the United States Munitions List (USML).

What are the requirements for ITAR Compliance?

The DDTC has specific requirements for ITAR compliance programs for organizations involved in the export of items on the USML.

Classification

Export Control Classification is required of businesses selling products that fall under the jurisdiction of any federal regulations.  An export can include sale of goods within the United States to a person or entity that is not a U.S. person.  A transfer of technical data can also be considered an export which can be conducted by means of a phone call or email.

Export Control Classification begins with the defining the technical specifications for the item to be transferred.  This applies to actual shipments as well as transfers of technical data.  It is important to note that a given product may fall under numerous classifications based on how regulations are interpreted. 

It is essential to ensure that a thorough analysis be conducted to ensure that due diligence for compliance has been met.  Therefore it is not prudent to rely on a customer’s or supplier’s classification as there are severe consequences for non-compliance. 

Registration

The DDTC Export Compliance Program Guidelines outline the many activities that are part of a compliance program.  These of course begin with registration with the the DDTC, which is a requirement for any manufacturer, exporter, or broker of defense products or services.  The agency also details types of registration and requirements for registration changes.

Licensing, Agreements and Approvals

Other activities include applying for licenses, agreements, or other approvals from the DDTC for export, reexport, retransfers or temporary import of controlled goods and services.  The activities include Manufacturing Licensing Agreements (MLA), Technical Assistance Agreements (TAA), and Distribution Agreements.

Restricted Party Screening

Significant emphasis was given in the guidance to the performance of restricted party screening for all parties involved in a transaction.  This activity is often overlooked or performed with insufficient care in many organizations.  Restricted Party Screening should also be performed on all personnel and any other parties who may come in contact with controlled items or data thereof.

Recordkeeping

It is a requirement of ITAR to maintain records pertaining to the manufacture, acquisition, and disposition of defense articles.  These records must be maintained for a minimum of five years.  They should include licenses, exemptions, technical data exports, brokering activities, and any political contributions, fees, and commissions. The DDTC again calls for documented policies and procedures that define what activities must be documented and allocate specific responsibilities for the creation and maintenance of those records.

Detecting, Reporting, and Disclosure of Violations

The DDTC understands that violations of export regulations often occur through error.  However, because these violations can cause harm to the national security and foreign policy of the United States, it is important that organizations detect these violations, investigate the cause of the violation, take corrective actions to mitigate further violations, and report these violations through the Voluntary Disclosure mechanism. 

Training

It is essential that organizations perform training programs that provide sufficient levels of education for all employees, especially those members of the organization’s export compliance team.  This training should be up to date and utilize knowledgeable and experienced trainers.  Furthermore the depth of the training should reflect the level of activity that person has in the compliance program.

Risk Assessments

It is important to continually reassess risks that may lead to ITAR violations.  Considerations in the reassessments should include changes in the organization, the physical and cybersecurity infrastructure, the organizations, employees, customers, suppliers, and other third parties.  These should occur as required throughout the year.

Classification Export Control Classification is required of businesses selling products that fall under the jurisdiction of any federal regulations. An export can include sale of goods within the United States to a person or entity that is not a U.S. person. A transfer of technical data can also be considered an export which can be conducted by means of a phone call or email. Export Control Classification begins with the defining the technical specifications for the item to be transferred. This applies to actual shipments as well as transfers of technical data. It is important to note that a given product may fall under numerous classifications based on how regulations are interpreted. It is essential to ensure that a thorough analysis be conducted to ensure that due diligence for compliance has been met. Therefore it is not prudent to rely on a customer’s or supplier’s classification as there are severe consequences for non-compliance. Registration The DDTC Export Compliance Program Guidelines outline the many activities that are part of a compliance program. These of course begin with registration with the the DDTC, which is a requirement for any manufacturer, exporter, or broker of defense products or services. The agency also details types of registration and requirements for registration changes. Licensing, Agreements and Approvals Other activities include applying for licenses, agreements, or other approvals from the DDTC for export, reexport, retransfers or temporary import of controlled goods and services. The activities include Manufacturing Licensing Agreements (MLA), Technical Assistance Agreements (TAA), and Distribution Agreements. Restricted Party Screening. Significant emphasis was given in the guidance to the performance of restricted party screening for all parties involved in a transaction. This activity is often overlooked or performed with insufficient care in many organizations. Restricted Party Screening should also be performed on all personnel and any other parties who may come in contact with controlled items or data thereof. Cybersecurity Although the ITAR does not include specific cybersecurity requirements, there are regulatory requirements to protect information and data of controlled items. CMMC is a requirement for organizations contracting with the Department of Defense (DoD) that handle Controlled Unclassified Information (CUI). The guidance suggests the use of cybersecurity protocols and encryption to protect this sensitive data. It also recommends the establishment of policies and procedures for employees traveling with mobile devices. Recordkeeping It is a requirement of ITAR to maintain records pertaining to the manufacture, acquisition, and disposition of defense articles. These records must be maintained for a minimum of five years. They should include licenses, exemptions, technical data exports, brokering activities, and any political contributions, fees, and commissions. The DDTC again calls for documented policies and procedures that define what activities must be documented and allocate specific responsibilities for the creation and maintenance of those records. Detecting, Reporting, and Disclosure of Violations The DDTC understands that violations of export regulations often occur through error. However, because these violations can cause harm to the national security and foreign policy of the United States, it is important that organizations detect these violations, investigate the cause of the violation, take corrective actions to mitigate further violations, and report these violations through the Voluntary Disclosure mechanism. Training It is essential that organizations perform training programs that provide sufficient levels of education for all employees, especially those members of the organization’s export compliance team. This training should be up to date and utilize knowledgeable and experienced trainers. Furthermore the depth of the training should reflect the level of activity that person has in the compliance program. Risk Assessments It is important to continually reassess risks that may lead to ITAR violations. Considerations in the reassessments should include changes in the organization, the physical and cybersecurity infrastructure, the organizations, employees, customers, suppliers, and other third parties. These should occur as required throughout the year.

Penalties for Failures to Comply with ITAR

As specified by the International Traffic in Arms Regulations in the Code of Federal Regulations (CFR):

  1. Civil penalties are the greater of $1,200,000 or twice the amount the transaction that was the basis of the violation
  2. Criminal penalties up to $1,134,602 and/or up to 10 years imprisonment per violation
  3. Reporting $824,959 or five times prohibited incentive payment
  4. Embargoes $981,935 and / or debarment from federal contracts.

What does Export Compliance mean to businesses?

If your company deals with defense equipment, supplies, services or technologies, federal regulations specify that you share these items only with U.S. persons and organizations.  To do otherwise requires authorization from the Department of State or qualification for a special exemption. 

When compliance issues or questions arise, it is important to seek answers and advice from knowledgeable sources.  Our ITAR consulting service can assist you with answers and solutions including assistance with classifications and licensing.

ITAR Consulting at CVG Strategy

CVG Strategy, LLC is recognized the world over as the premier provider of customized export compliance programs.  This includes ITAR and  Export Administration Regulations (EAR).  We also can provide assistance with the Canadian Goods Program.

Our ITAR consulting service works with businesses of all sizes.  We have the compliance and training programs to fit your exact needs.  We even serve as an outsourced Export Compliance Officer for some clients, who don’t have the bandwidth to dedicate to the function but need it done on a part-time basis.

How Can We Help?

CVG Strategy offers unique solutions for Export Compliance, Test and Evaluation, Information Security Management, and Quality Management. 

Latest News