DOES ITAR REGULATE MY BUSINESS?

Similar documents
ITAR and the Supply Chain: Getting Stuck in the Middle

U.S. Export Regulations

EXPORT CONTROLS and EMBARGOES: SOME BASICS FOR ALL

SUBJECT: Effective Date: Policy Number: Export Control 3/22/ Supersedes: Page Of

Export Control Review Information for Hiring/Hosting Departments and Supervisors

Export Control Information

Export Controls: What s the Difference?

Export Controls and Sanctions Compliance

Introduction to Export Control Compliance: Awareness and Education

Understanding ITAR and the Future of Export Controls on Advanced Textiles

ITAR Deal With It Before It Deals With You

International Traffic in Arms Regulations/ Export Administration Regulations. Nadcap ITAR/EAR Information - 1 -

University Compliance & Integrity U.S. EXPORT CONTROLS IMPACT ON RESEARCH AND RELATED UNIVERSITY OPERATIONS

EXPORT CONTROL MANAGEMENT PROGRAM

Export Controls: Limits of the. Exclusion 1/17/2013. Overview. Key Terms

Colorado State University Export Compliance Questionnaire I-I29 Petition for a Non-Immigrant Worker

EXPORT REVIEW PROCEDURES GUIDE

Foreign Travel Export Awareness Briefing

UH Office of Export Controls (OEC) Jennifer Halaszyn Export Control Officer

Export Controls & International Travel Update RGA 070: Research Administrators Forum May 23, 2017 Kimmel Center, Room 914

EXPORT CONTROL. Policy Statement. Reason for Policy. Who is Governed by this Policy

Export Control Regulations Business Services

2010 Joint Armaments Conference, Exhibition & Firing Demonstration Update to ITAR Export Controls

Export Control Regulations

Export Control Compliance, Academic Research UNCLASSIFIED

ITAR FOR DEFENSE INDUSTRY EXECUTIVES. June 12, Thomas McVey Williams Mullen Washington, DC (202)

Kris West Associate VP for Research Director, Office of Research Compliance. 8/18/2011 Office of Research Compliance 1

Department of Defense INSTRUCTION

THE UNIVERSITY OF TEXAS RIO GRANDE VALLEY EXPORT COMPLIANCE PROGRAM MANUAL

The first question to ask when doing an export control jurisdictional analysis is What is the it at issue?

International Traffic in Arms Regulations Government and Corporate Perspectives

You Too Must Be ITAR-Compliant

(2) All Missile Technology Control Regime (MTCR) Annex Items.

SOUTH DAKOTA STATE UNIVERSITY

Department of Defense INSTRUCTION. International Transfers of Technology, Articles, and Services

Export Control Reform Initiative 17 May George Mason University ITRN

DDTC Issues Overly Expansive Interpretation of the ITAR for Defense Services (and Presumably Technical Data)

Complying with the ITAR: A Case Study (WS933)

Deemed Exports. May 22, 2006 Notice in Federal Register on (DEAC)

U.S. Export Controls: Implications for Universities

ITAR FOR DEFENSE EXECUTIVES

Export Control Laws, Technical Data and Academic Research Projects

Princeton University Export Control Management Plan

Export Management System DRAFT

Document Downloaded: Tuesday July 28, COGR Brochure - Export Controls and Universities - Information and Case Studies.

UNIVERSITY OF CENTRAL FLORIDA EXPORT CONTROLS MANAGEMENT PROGRAM

J-1 EXCHANGE VISITOR DS-2019 REQUEST PACKET

GLAST ITAR Briefing. Rachel Claus, University Counsel for SLAC 21 April 2003

Department of Defense DIRECTIVE

Many of these activities are conducted through formal and informal cooperation with both foreign and domestic institutions.

POLICY and STATEMENT OF COMPLIANCE WITH U.S. EXPORT AND SANCTION LAWS FOR THE UNIVERSITY OF NEBRASKA-LINCOLN

REPORT BY THE DEPARTMENT OF STATE PURSUANT TO SECTION 655 OF THE FOREIGN ASSISTANCE ACT OF 1961, AS AMENDED

Getting you started What we will cover

Funded in part through a grant award with the U.S. Small Business Administration

NAVAIR International Programs. NAVAIR International Programs

REPORT BY THE DEPARTMENT OF STATE PURSUANT TO SECTION 655 OF THE FOREIGN ASSISTANCE ACT OF 1961, AS AMENDED

Export Controls Where Research and National Security Collide

Where Biosecurity, Biosafety, and Export Controls Regulations Meet Traliance LLC

Budget Preparation and Development. Basic Budget Construction. Export Control

The Services Need To Improve Accuracy When Initially Assigning Demilitarization Codes

REPORT BY THE DEPARTMENT OF STATE PURSUANT TO SECTION 655 OF THE FOREIGN ASSISTANCE ACT OF 1961, AS AMENDED

September Texas A&M University-Kingsville Export Controls Compliance Program Manual Page 1 of 64

International Traffic in Arms Regulations (ITAR)

Export-Controlled Technology at Contractor, University, and Federally Funded Research and Development Center Facilities (D )

Government Contracts University. ITAR & EAR Awareness GOVCON U. Milt Johns Partner, Senior Government Contracts Counsel

9/11/2015. Navigation in the Meeting Room. Counter-Proliferation Investigations & National Security

Prescription Monitoring Program State Profiles - Illinois

Bureau of Industry and Security U.S. Department of Commerce

SI Checklist for Export Control For Sponsored Projects and International Activities

UPDATE 2009 Commodity Jurisdiction

Export Controls What are they, and how do they affect me?

EARLY-CAREER RESEARCH FELLOWSHIP GRANT AGREEMENT

Student Guide: Controlled Unclassified Information

History. Acts 1985, No. 876, 2; Acts 1993, No. 322, 1; 1993, No. 440, 1. A.S.A. 1947,

SECURITY and MANAGEMENT CONTROL OUTSOURCING STANDARD for NON-CHANNELERS

DPAS Defense Priorities & Allocations System for the Contractor

Sponsored Program Services POST AWARD

Export Control Reform Spacecraft/Satellites

DEPARTMENT OF DEFENSE (DFAR) GOVERNMENT CONTRACT PROVISIONS

PLEASE READ INSTRUCTIONS AND REMOVE BEFORE TYPING INSTRUCTIONS FOR DSP-94

CHAPTER 2 TYPES OF INTERNATIONAL PROGRAMS A. INTRODUCTION. International Programs Security Handbook 2-1

Northwest Export Controls Conference Seattle WA July 26-27, 2017

EXPORT CONTROL PROCEDURE (ECP) #1.3: EXPORT COMPLIANCE ORGANIZATION AND EMPOWERED OFFICIAL APPROVAL OF ITAR ACTIONS Release date: April 6, 2015

Interagency Review of the Export Licensing Processes for Dual-Use Commodities and Munitions. Report No Volume I

NAS Grant Number: 20000xxxx GRANT AGREEMENT

2017 AMSAT Space Symposium and Annual Meeting

COMPLIANCE PLAN PRACTICE NAME

Withholding of Unclassified Technical Data and Technology from Public Disclosure

DPAS Defense Priorities & Allocations System for the Contractor

Department of Defense INSTRUCTION. Registration and End-Use Monitoring of Defense Articles and/or Defense Services

Chapter 9 Legal Aspects of Health Information Management

POLICY AND ADMINISTRATIVE PROCEDURE Manual of Policies and Procedures

The Association of Universities for Research in Astronomy. Award Management Policies Manual

EARLY-CAREER RESEARCH FELLOWSHIP GRANT AGREEMENT [SAMPLE Public Institutions]

Commercial Solutions Opening (CSO) Office of the Secretary of Defense Defense Innovation Unit (Experimental)

Adopted by the Security Council at its 6733rd meeting, on 12 March 2012

OKLAHOMA ADMINISTRATIVE CODE TITLE 435. STATE BOARD OF MEDICAL LICENSURE AND SUPERVISION CHAPTER 15. PHYSICIAN ASSISTANTS INDEX

Attachment A. Procurement Contract Submission and Conflict of Interest Policy. April 23, 2018 (revised)

Commercial Solutions Opening (CSO) Office of the Secretary of Defense Defense Innovation Unit (Experimental)

LivaNova Terms and Conditions for Donations and Grants

Transcription:

DOES ITAR REGULATE MY BUSINESS? Disclosure: Please note that the information provided in this White Paper does not constitute legal advice and is not intended to be and should not be construed as legal advice. Readers with questions specific to the issues raised in this White Paper should consult with qualified legal counsel. Introduction Knowledge and understanding of the International Traffic in Arms Regulations ( ITAR ), including what they are, what they regulate, and the corporate responsibilities for compliance under these regulations, is critical to businesses, large and small, that manufacture products and technologies developed for military use or render defense services. While historically ITAR has applied to defense and government contract firms, with many of these technologies being used for commercial purposes, the application of ITAR has expanded to other industries, including, engineering, communications, manufacturing, and software among others. The purpose of this White Paper is to assist companies determine whether they are subject to ITAR and outline steps they can take to comply with ITAR. 1. Overview The International Traffic in Arms Regulation ITAR 1 is a set of regulations that control the manufacture, export, and temporary import of articles that have been designated as having military significance. 2 It also controls the export and temporary import of defense services relating to those articles. ITAR is promulgated under the Arms Export Control Act of 1976 ( AECA ), 22 U.S.C. 2778, which authorizes the President to designate items to be considered defense articles and services to be considered defense services under ITAR. Under ITAR, a defense article is broadly defined to include any item designated as such in the United States Munitions List ( USML ). 3 Additionally, items that are not specifically enumerated on the USML may be designated as defense articles by U.S. State Department Directorate of Defense Trade Controls ( DDTC ) if they have (1) substantial military utility; and (2) have been specifically designed or modified for military purposes. 4 ITAR also controls technical data, software, and services related to such articles. ITAR is administered by DDTC 5. DDTC also receives assistance from the U.S. Customs and Border 1 22 C.F.R. 120 et seq. 2 Permanent imports are regulated by the Attorney General under the direction of the Department of Justice s Bureau of Alcohol, Tobacco, Firearms, and Explosives. 27 C.F.R. Parts 447, 478, 479, and 555. 3 22 C.F.R. 120.6. 4 22 C.F.R. 120.3. 5 Within the DDTC, there are four offices with varying responsibilities: (1) the Office of Defense Trade Controls Management; (2) the Office of Defense Trade Controls Licensing; (3) the Office of Defense Trade Controls Policy; and (4) the Office of Defense Trade Controls Compliance. Useful information about DDTC s policies and procedures is available at http://www.pmddtc.state.gov 1

Protection and the U.S. Immigration and Customs Enforcement, both having authority to investigate, detain, and seize any export or attempted export. 6 2. The USML The USML lists the defense articles, technical data, software, and services that are subject to ITAR control. A company that manufacturers or exports defense articles or related technical data, software, or defense services that are listed on the USML is subject to ITAR. 7 In determining whether a particular article or service should be included on the USML, DDTC considers if the article or service: is specifically designed, developed, adapted, or modified for a military application; and does not have predominant civil applications; and does not have performance equivalent (defined by form, fit, and function) to those of an article or service used for civil applications. 8 The USML is made up of 21 categories of items: Category I - Firearms, Close Assault Weapons, and Combat Shotguns Category II - Guns and Armament Category III - Ammunition/Ordinance Category IV - Launch Vehicles, Guided Missiles, Ballistic Missiles, Rockets, Torpedoes, Bombs, and Mines Category V - Explosives and Energetic Materials, Propellants, Incendiary Agents, and Their Constituents Category VI - Surface Vessels of War and Special Naval Equipment Category VII - Ground Vehicles Category VIII - Aircraft and Related Articles Category IX - Military Training Equipment and Training Category X - Personal Protective Equipment 6 22 C.F.R. 127.4. 7 22 C.F.R. Part 121. 8 22 C.F.R. 120.3(a). Importantly, the intended use of the article or service after its export is not relevant to determining whether the article or service is subject to ITAR. 22 C.F.R. 120.3(b). 2

Category XI - Military Electronics Category XII - Fire Control, Range Finder, Optical and Guidance and Control Equipment Category XIII - Materials and Miscellaneous Articles Category XIV - Toxicological Agents, Including Chemical Agents, Biological Agents, and Associated Equipment Category XV - Spacecraft and Related Articles Category XVI - Nuclear Weapons Related Articles Category XVII - Classified Articles, Technical Data and Defense Services Not Otherwise Enumerated Category XVIII - Directed Energy Weapons Category XIX - Gas Turbine Engines and Associated Equipment Category XX - Submersible Vessels and Related Articles Category XXI - Articles, Technical Data, and Defense Services Not Otherwise Enumerated Importantly, Category XXI, a catch-all category, is defined broadly to include articles not specifically enumerated in the other categories. Articles included in Category XXI of the USML have substantial military applicability and have been specifically designed, developed, configured, adapted, or modified for military purposes. This includes technical data and defense services directly related to such defense articles. 9 Thus, one should always carefully consider whether an article not enumerated in any other Category of the USML nevertheless falls within the broad scope of Category XXI. In addition to defense articles expressly enumerated under Category I through Category XX, the following are also regulated by ITAR. Items Modified for Military Application: Commercial articles that are later modified for a military application. For example, any computer that is modified to be used with any item on the USML would be controlled under ITAR (Category XI(a)(6)). Parts, Components, and Accessories: Parts, components, and accessories related to defense articles in the USML are often controlled under ITAR, 9 22 C.F.R. 121.1. 3

particularly where those parts, components, or accessories have been modified for military application. 10 Manufacturing and Testing Equipment: Specialized equipment used in the manufacturing or testing of defense articles are also frequently controlled under ITAR. This also includes software, technical data, and services related to the specialized equipment. Small Business Innovation Research and Small Business Technology Transfers: Articles, technology, software or services developed using government military funding, such as funding from the Small Business Innovation Research ( SBIR ) or the Small Business Technology Transfers ( STTR ) are often regulated under ITAR. 11 This is an important consideration for research universities that receive funding through the federal government. For example, a University of Tennessee professor who had obtained an Air Force contract to develop plasma actuators to control the flight of small, subsonic, unmanned, military drone aircraft exported some technical data when he took his laptop computer, which contain the technical data associated with his work, with him to China to lecture at universities there. He also exported technical data by disclosing the same to students at the University, one a national of China and the other a national of Iran, who worked with him on the contract. The professor was sentenced to 48 months in prison. 12 3. Related Technical Data The term defense article under ITAR includes technical data. Technical data related to an ITAR controlled defense article is also regulated under ITAR. Technical data is broadly defined to include information that is required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance, or modification of defense articles. 13 Technical data may be in the form of blueprints, plans, diagrams, engineering designs, drawings, photographs, and instructions, among other things. 14 Additionally, technical data includes: Classified information relating to defense articles and defense services; Information covered by an invention secrecy order; and 10 22 C.F.R. 121.8(b), (c), (d). 11 Often, the SBIR and STTR contracts will expressly state that the work product developed with the funding is subject to ITAR. 12 United States v. John Reece Roth, 628 F.3d 827 (6th Cir. 2011). 13 22 C.F.R. 120.10. 14 22 C.F.R. 120.10. Importantly, technical data directly related to the manufacture or production of any defense articles identified in the USML as Significant Military Equipment ( SME ) must be itself designated as SME. SME consists of articles for which special export controls are warranted because of their capacity for substantial military utility or capability. See 22 C.F.R. 120.7. 4

Software directly related to defense articles, including system functional design, logic flow, algorithms, application programs, operating systems, and support software for design, implementation, tests, operation, diagnosis, and repair. 15 In other words, if the software is used to operate an item on the USML, the software is controlled by ITAR. Certain encryption software is listed independently of any article control under ITAR. 16 Technical data does not include information concerning general scientific, mathematical, or engineering principles commonly taught in schools, colleges, and universities or information in the public domain, which is defined in Section 120.11. 4. See-Through Rule Generally, the Department of Commerce exercises jurisdiction over the export of commercial or dual use articles, while the State Department has jurisdiction over the export of defense articles. To the extent a commercial article contains a component that was originally designed for a military purpose, determining which department has jurisdiction can be confusing. The State Department has long applied an unwritten policy known as the see-through rule. This rule subjects a commercial good to the jurisdiction of the State Department when the good integrates a component that is a defense article, even where the good has no military use. 17 The State Department has taken the position that a defense article (or technology) remains a defense article (or technology) notwithstanding the fact that it is incorporated into a commercial good because such incorporation does not change the character of the defense article (or technology). Notably, the State Department s policy is at odds with the Department of Commerce policy that export controls apply to the end-item, not to its individual components. The Export Administration Regulations ( EAR ) provide: In instances where one or more assembled machines or units of equipment are being exported, the individual component parts that are physically incorporated into the machine or equipment do not require a license. The license or general exception under which the complete machine or unit of equipment is exported will also cover its component parts, provided that the parts are normal and usual components of the machine or equipment being exported, or that the physical incorporation is not used as a device to evade the requirement for a license. 18 If there is any confusion as to whether the end item is controlled by ITAR or EAR (Commerce Department), a company can request a formal determination from DDTC. This process is called a Commodity Jurisdiction or CJ request. When making a CJ request, it is 15 A person who intends to export software only should apply for a technical data license pursuant to Part 125, unless the software is specifically enumerated in Section 121.1. 16 See Category XI Military Electronics, subparagraph (b); Category XIII Materials and Miscellaneous Articles, subparagraph (b); and Category XV Spacecraft and Related Articles, subparagraphs (b) and (c). 17 This rule also subjects foreign-origin items that incorporate ITAR-controlled components or technology from the U.S. to ITAR. 18 15 C.F.R. 770.2(b)(1). 5

important for a company to submit sufficient information to substantiate its position that the product is not controlled by ITAR. Otherwise, a company runs the risk of having its product misclassified by DDTC as controlled by ITAR. 5. Export Under ITAR, the term export is defined to include: Sending or taking a defense article out of the United States in any manner, except by mere travel outside of the United States by a person whose personal knowledge includes technical data; or Transferring registration, control or ownership to a foreign person of any aircraft, vessel, or satellite covered by the U.S. Munitions List, whether in the United States or abroad; or Disclosing (including oral or visual disclosure) or transferring in the United States any defense article to an embassy, any agency or subdivision of a foreign government (e.g., diplomatic missions); or Disclosing (including oral or visual disclosure) or transferring technical data to a foreign person, whether in the United States or abroad; or Performing a defense service on behalf of, or for the benefit of, a foreign person, whether in the United States or abroad. A launch vehicle or payload shall not, by reason of the launching of such vehicle, be considered an export for purposes of this subchapter. However, for certain limited purposes (see 126.1 of this subchapter), the controls of this subchapter may apply to any sale, transfer or proposal to sell or transfer defense articles or defense services. 19 ITAR broadly defines export to include actions that one would not typically associate with an export. For example, providing technical data to a foreign person, including company employees in the United States, without a license is an export to that person s home country. 6. Services ITAR also regulates the performance of services related to items on the USML. The regulations defined Defense Services to include [t]he furnishing of assistance (including training) to foreign persons, whether in the United States or abroad in the design, development, engineering, manufacture, repair, maintenance, modification, operation, demilitarization, destruction, processing or use of defense articles. 22 C.F.R. 120.9. Importantly, a defense 19 22 C.F.R. 120.17. 6

service also includes the furnishing of any technical data controlled under ITAR to foreign persons, whether in the United States or abroad. 20 Importantly, the term Defense Services is broadly construed. Defense services can be controlled under ITAR even where the service is rendered on items not controlled by ITAR. For example, consulting or other technical assistance U.S. persons provide on foreign-origin defense articles can fall within the definition of defense service despite the fact that no US-origin defense articles are involved. Additionally, U.S. persons may provide ITAR-controlled defense services, even when using EAR-controlled, dual-use software or other technology, if the service rendered is for a defense project located abroad. In a well-known enforcement action, a U.S. company that performed services for a foreign military organization using commercial software (dual use under EAR) was charged with ITAR violations because the service was regulated by ITAR since it was performed on a military system. As this case demonstrates, the scope of defense services can cover many different types of activities, including presentations, consulting, training, design work, analyses, calculations, and testing related to defense articles. 7. Brokering In addition to exports and temporary imports of defense articles and defense services, ITAR also regulates the brokering of defense articles and defense services. A broker is defined as any person who acts as an agent for others in negotiating or arranging contracts, purchases, sales or transfers of defense articles or defense services in return for a fee, commission, or other considerations. 21 Under ITAR, brokering activities means acting as a broker as defined under Section 129.2(2) and includes financing, transportation, freight forwarding, or taking of any action that facilitates the manufacture, export, or import of defense article or defense service, irrespective of its origin. 22 How Does My Business Comply with ITAR? The DDTC has implemented certain compliance requirements for any business in the United States that engages in the manufacturing or exporting of defense articles or that provides defense services (and temporary imports). Any person subject to U.S. jurisdiction (anywhere in the world) that is engaged in brokering activities is also subject to certain compliance requirements. 23 These businesses are subject to the following requirements: 1. Registration To ensure that the U.S. Government is aware of who is manufacturing or exporting defense articles or providing defense services, such companies must register with the DDTC. 20 The distinction between a foreign person and a U.S. person under ITAR is important. The term U.S. person includes (1) U.S. citizens; (2) lawful permanent residents; (3) protected individuals, as defined by 8 U.S.C. 1324b(a)(3); (4) a corporation, society, or other entity or group that is incorporated or organized to do business in the United States; and (5) any federal, state, or local government entity in the United States. 22 C.F.R. 120.15. As such, dual nationals who are U.S. citizens and non-u.s. citizens that hold a U.S. green card are considered U.S. persons for purposes of ITAR. 21 22 C.F.R. 129.2(a). 22 22 C.F.R. 129.2(b). 23 22 C.F.R. 122.1 (export and services); 22 C.F.R. 129.3 (brokers). 7

Importantly, a manufacturer of defense articles is required to register with DDTC even if it does not export them. 24 2. Appoint an Empowered Official Once DDTC has processed the registration submission, the applicant must identify its empowered official. The empowered official must be a U.S. person who: Is directly employed by the applicant or a subsidiary in a position having authority for policy or management within the applicant organization; and Is legally empowered in writing by the applicant to sign license applications or other requests for approval on behalf of the applicant; and Understands the provisions and requirements of the various export control statutes and regulations, and the criminal liability, civil liability and administrative penalties for violating the Arms Export Control Act ( AECA ) and ITAR; and Has the independent authority to: (i) Inquire into any aspect of a proposed export or temporary import by the applicant, and (ii) Verify the legality of the transaction and the accuracy of the information to be submitted; and (iii) Refuse to sign any license application or other request for approval without prejudice or other adverse recourse. 25 3. Duty to Notify A company must notify DDTC of any material change to its statement of registration. For example, within five days of the event: (1) a change in the senior officers; (2) the establishment, acquisition or divestment of a subsidiary or foreign affiliate; a merger; a change of location; (3) the dealing in an additional category of defense articles or defense services; or (4) the indictment, debarment, or denial of import-export privileges of a registrant, board member, or senior officer. 26 There is also a duty to notify DDTC within 60 days of any intended sale or transfer of ownership or control to a foreign person. 27 4. Duty to Maintain Records Companies are required to maintain records concerning the manufacture, acquisition, and disposal of defense articles, technical data, brokering activities, and the rendering of defense 24 22 C.F.R. 122.1(a). 25 22 C.F.R. 122.25. 26 22 C.F.R. 122.4(a). 27 22 C.F.R. 122.4(b). 8

services. 28 Additionally, companies must track information regarding political contributions, fees, and commissions, and they must keep such records for five years after the expiration of the company s registration. 29 5. Licensing Requirement and Agreements Export: companies are prohibited from permanently or temporarily exporting products listed in the USML without first obtaining a license. This includes technical data, including software related to defense articles or listed independently. Defense Services: companies are prohibited from performing services related to items on the USML for foreign parties, whether in the US or abroad, without entering into a Technical Assistance Agreement ( TAA ) with the State Department. 30 TAAs are typically a 10-year agreement. Deemed Export: companies are prohibited from sending technical data, including software, out of the US or disclosing it to a foreign national in the US without an export license. If technical data found outside the US will be shared with a foreign national (not employed by the U.S. company), a TAA for sharing with a foreign person outside the U.S. is needed. Temporary Imports: a company is prohibited from importing defense articles, such as for purposes of repairs, without first obtaining a temporary import license. Manufacturing License Agreement: a Manufacturing License Agreement is an agreement with the State Department granting a foreign person authority to manufacture defense articles abroad. 31 6. Brokering A company or U.S. person, wherever located, or a foreign person located in the United States or otherwise subject to the jurisdiction of the United States, who engages in the business of brokering activities, is prohibited from brokering sales of defense articles or services without complying with DDTC s brokering registration requirements. 32 7. Transactions with Prohibited Individuals/Places Companies are prohibited from entering into transactions with certain parties or exporting defense articles, technical data, or defense services to certain places. The following lists should be reviewed prior to entering into any transaction: 28 22 C.F.R. 122.5. 29 22 C.F.R. 130.9, 130.10. 30 22 C.F.R. 120.22. 31 22 C.F.R. 120.21. 32 22 C.F.R. 129.4. 9

DDTC debarred party list OFAC Specially Designated Nationals List BIS Denied Parties List Non-Proliferation Sanctions Lists 22 C.F.R. 126.1 Prohibited Country List Embargoed Destinations How Does My Business Implement a Compliance Program? ITAR is fraught with complexity, which makes it easy for companies to violate these regulations if they are not vigilant. Significant civil and criminal penalties can be imposed for violating ITAR. These penalties include: up to $500,000 civil penalty per violation and up to $1,000,000 and/or up to 10 years of imprisonment for criminal violation. 33 Additionally, DDTC has authority to debar companies and individuals from directly or indirectly exporting defense articles or providing defense services or deny, suspend, or revoke licenses and registrations. 34 DDTC also has authority to seize any articles that were exported. 35 Companies are advised to adopt an ITAR compliance program. Not only does a compliance program reduce the likelihood of ITAR violations, it also helps rebut a presumption that your company acted with knowledge. Importantly, a compliance program needs to be tailored to the company s actual procedures. At a minimum, a compliance program should include: 1. Organization Structure The program should include organizational charts and charts of the company s defense trade functions. It should also include a description of any management and control structures for implementing and tracking compliance with U.S. export controls (including names, titles, and principal responsibilities of key officers). 2. Corporate Commitment and Policy The program should acknowledge a corporate commitment to meeting ITAR regulations, including directives by senior company management to comply with AECA and ITAR regulations. Additionally, the program should include: Knowledge and understanding of when and how the AECA and ITAR affect the company with ITAR-controlled items/technical data. Knowledge of corporate internal controls that have been established and 33 22 U.S.C. 2778(e), 2780(j)-(k). 34 22 C.F.R. 127.7, 22 C.F.R. 120.27 and 126.7. 35 22 C.F.R. 127.6. 10

implemented to ensure compliance with the AECA and ITAR. Examples of detail: o Citation to basic authorities (AECA, ITAR). o Identification of authorized U.S. Government controlled body (e.g., DDTC). o Corporate policy to comply fully with all applicable U.S. export control laws and regulations. o Compliance as a matter for top management attention that needs adequate resources. o Identification, duties, and authority of key persons (senior executives, empowered officials) for day-to-day export/import operations and compliance oversight. o Corporate Export Administration organization chart. o Operating Division Export Administration flow chart. 3. Identification, Receipt, and Tracking of ITAR Controlled Items/Technical Data The program should address the identification, receipt, and tracking of ITAR controlled items and/or technical data (trace processing steps of ITAR-controlled transactions from the time the company manufactures/receives the item to the time an item is shipped from the company or in the case of a defense service, when provided). Examples of questions to be addressed include: Are appropriate employees familiar with the AECA and ITAR and related requirements, including handling export approvals and limitations? Are company employees notified of changes in U.S. export control restrictions, and are they provided accurate, reliable interpretation of U.S. export control restrictions? What U.S. origin defense articles are manufactured/received by the firm and from whom? How are they identified and tagged? What U.S. origin technical data related to defense articles are produced/received by the firm and from whom? How are they identified and tagged? What items are manufactured by the firm using U.S. origin technical data? 11

How are they identified and tagged? What items or articles are manufactured by the firm that incorporates U.S. origin defense articles (components)? How are they identified and tagged? What kind of recordkeeping system does the company maintain that would allow for control of, and for retrieval of information on, U.S. origin technical data and/or defense articles exported to the company? 4. Human Resources Hiring practices need to be defined as related to ITAR-controlled items and technical data. Access to controlled items and technical data, including storage and disposal and communications about the same, should be specifically outlined. 5. Re-exports/Re-transfers Unauthorized re-export or re-transfer of ITAR-controlled items or technical data is prohibited without authorization from DDTC. For this reason, a compliance program must contain procedures to (a) obtain written State Department approval prior to the re-transfer to a party not included in a State Department authorization of an item/technical data transferred or exported originally to the company, and (b) track the re-export or re-transfer (including placing parties on notice that the proposed transfers involve US origin products and labeling such products appropriately). These include: Procedure when an ITAR-controlled item/technical data is transferred by the company to a foreign national employed at the company. Procedure when an ITAR-controlled item/technical data is transferred by the company to a foreign person within the U.S. Procedure when ITAR-controlled technical data or defense articles are transferred from the company to a foreign person outside of the U.S. Procedure when an ITAR-controlled item/technical data is to be used or transferred for an end-use not included in the State Department authorization. 6. Restricted/Prohibited Exports and Transfers The compliance program should contain procedures for screening customers, carriers, and countries and high-risk transactions to combat illegal exports/re-transfers. This includes a centralized and automated system to screen customers against the several lists discussed above. Additionally, the program should include a Technology Control Plan ( TCP ) that outlines the procedures for limiting access to ITAR-controlled items and technical data. Examples of measures include: Identifying personnel who may lawfully access the technical data; 12

Securing access to electronic copies of and communications containing controlled technical data by password, user ids, and other methods; Storing hard copies of controlled technical data in secured locations such as locked cabinets or desks; Implementing IT controls such as ensuring electronically stored information is kept in the United States (i.e. servers/cloud computing issues); Limiting the number of copies of technical data; Requiring all individuals with lawful access to control data to sign a document certifying that they are familiar with export control issues; and Limit discussions with foreign persons anywhere. The program should also include procedures to investigate any evidence of diversion or unauthorized use of U.S. origin products. 7. Recordkeeping The compliance program must also address the company s record maintenance obligations under ITAR regulations. This includes retention periods and both secure storage areas and back-ups for electronically stored information: Description of record systems concerning U.S. origin products. Procedures for maintaining records relating to U.S. origin products for five years from the expiration of the State Department license or other approval. Regular internal review of files to ensure proper practices and procedures by persons reporting to top management. 8. Internal and External Monitoring Once developed, the company should adopt an audit process to monitor the implementation and effectiveness of its compliance program and full export compliance, including adherence to license and other approval conditions. The audit, both internal and external, should: Ensure integrity of compliance program. Measurement of effectiveness of day-to-day operations. Adopt procedure for highlighting any compliance areas that needs more attention. Report known or suspected violations to corporate export administration 13

office. 9. Training A compliance program will only be as good as the people implementing it. The program should include education and training programs on U. S. export control laws and regulations and guidance for all employees involved in exports, imports, or services of ITAR-related items or technical data. Training should be ongoing and should include training by outside counsel and web-based training. All training should be documented. This could be useful to rebut a presumption that violations were intentional. 10. Violations and Penalties The program should include procedures for notification of potential violations, including use of voluntary disclosure of any violation of the company s internal control program or U.S. export controls (see below). Other considerations include a description of AECA/ITAR penalties, and written statements and procedures to foster employee discipline (e.g., keying certain types of advancement to compliance understanding and implementation, and establishment of internal disciplinary measures). 11. Compliance Audit All companies should develop an audit plan and follow it. The plan should include both self-initiated internal and external audits. 12. Voluntary Disclosures The program should outline the process for voluntarily disclosing ITAR violations. The State Department strongly encourages voluntary disclosure to DDTC by persons or companies that believe they may have violated export control provisions. 36 Companies can seek to mitigate potential penalties by voluntarily disclosing violations to DDTC. To be a mitigating factor, voluntary disclosures must occur before the U.S. Government learns of the violation and inquires into it. Importantly, 22 C.F.R. 126.1(e) imposes an affirmative duty to disclose a proposed or actual sale, or transfer, of an ITAR article or technical data, or service, to a Section 126.1 prohibited country. Conclusion In summary, compliance with ITAR is critically important to companies involved in the manufacturing and exporting of defense articles, technical data, and furnishing of services, and those engaged in brokering activities related to defense articles. To successfully comply with ITAR, it is imperative to have a complete understanding of what ITAR regulates and what compliance measures should be implemented to avoid violations. Importantly, this White Paper is intended as a tool in determining whether ITAR regulates the manufacturing or export of your company s product and does not cover every requirement under ITAR. For this reason, we recommend that one always confer with qualified legal counsel as the repercussions for violating ITAR can be substantial for your business. 36 22 C.F.R. 127.12. 14

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback