Previously we have written about Compliance Convergence, which noted Compliance Expert Howard Sklar, the author of Open Air Blog, has termed as “the merging of control programs such as anti-bribery and anti-corruption, with anti-money laundering, and export control.”, in regard to the Foreign Corrupt Practices Act (FCPA) and touched on briefly with regards to anti-money laundering laws and regulations. Today we will turn our attention to Howard’s third prong in Compliance Convergence, that of Export Control.
Generally speaking, a Company must comply with all applicable export control laws in the country of origin of the products including, in some instances, the components contained within the products and technologies they are exporting; and all applicable international sanctions that may not be directly addressed in national law (e.g., United Nations sanctions programs). Witness the recent sanctions entered into by the US, UN and EU regarding trade with Libya.
What are some of the lists that a company must check for each overseas transaction? They include the US Department of State’s International Traffic in Arms Regulations (ITAR), which control the export and re-export of military products and technologies. The ITAR site contains a list compiled by the State Department of parties who are barred by §127.7 of ITAR (22 CFR §127.7) from participating directly or indirectly in the export of defense articles, including technical data or in the furnishing of defense services for which a license or approval is required by ITAR.
The Bureau of Industry and Security (BIS) has two lists which a Company must review. These include 1) the Denied Persons List, which provides a list of individuals and entities that have been denied export privileges. Any dealings with a party on this list that would violate the terms of its denial order are prohibited; and 2) the Unverified List which provides a list of parties where BIS has been unable to verify the end use in prior transactions. The presence of a party on this list in a transaction is a “red flag” that should be resolved before proceeding.
The US Treasury Department, Office of Foreign Assets Control (OFAC) has regulations which may prohibit a transaction if a party one of these lists. These lists can include both the Specially Designated Nationals (SDN) list and the General Order 3 to Part 736 (page 9) which sets out the general order which imposes a license requirement for exports and re-exports of all items subject to the Export Administration Regulations (EAR) where the transaction involves a party named in the order.
Therefore, a company must ensure that the US government permits it to export (1) its goods; (2) to the buyer; (3) in a particular company. But more is required that simply checking the status of to whom a company might be selling directly to, even if such buyer is located in the US. Writing in the In-House Texas supplement to the March 7, 2011 edition of the Texas Laywer, Jackson Walker attorney Robert Soza, Jr. in an article entitled, “Establish an Effective Export-Compliance Program’ noted that “multiple US export-control requirements come into play if a company’s actions indicate that it knows that its goods will be exported abroad such as delivering a product to a US port.”
Soza goes on to write that the creation and implementation of an export control policy and program “minimizes the risk of non-compliance and may reduce penalties in the result of a violation.” He sets forth his guidelines of what an effective export control compliance program should include.
1. Top and Middle Management Committee. The tone from management must support the company’s overall export control efforts.
2. Continuous Risk Assessment. If a company does not currently have a compliance program, it should initiate an evaluation to determine if it has violated any US export controls laws or regulations in prior transactions.
3. A written policy back up by a procedures manual. The policy should be spelled out in writing with the detailed procedures filled in on how to conduct an effective export control system.
4. Ongoing training of employees. Training should be provided for all employees with international sales responsibilities, marketing, export and those involved with the hiring of foreign nationals. The training can be live or web-based. The training should be designed to provide employees with the keys which trigger day-to-day regulatory implications.
5. Ongoing screening of employees, contractors, customers, products and transactions. There must mechanism through software or other methods for the continuous monitoring of these items and individuals. Simply checking any of the above once only provides a snapshot at the time the review was made. In this current compliance and enforcement environment such checks must be made on each transaction and more continually for employees, contractors, customers and products.
6. Record Keeping (Document, Document, Document). If you do not keep records and document something you cannot measure it and if you cannot measure it you cannot improve. However, when dealing with the government, if you do not document it, you cannot prove it.
7. Period Audits. After you have put your export control policy in place, your company should engage in an effective continuous export controls assessment and regular spot audits will help to ensure compliance.
8. An internal program for the reporting of violations and appropriate mechanism for escalation of any export violations. In addition to some type of hotline for the reporting of any export control violations, your company should have a dedicated export control resource expert who can be available to answer question and generally provide assistance to those employees charged internally with export control.
9. Appropriate corrective actions to hold employees accountable under a progressive disciplinary program and voluntary self-disclosure. A policy has no teeth if there are no repercussions to employees who violate the export control program. If there are violations, the government will expect to see discipline and training based on event.
(Any of this sounding familiar?)
Soza concluded his article by stating:
While it is often difficult to obtain senior management commitment to an export-compliance program [a company] simply cannot afford to sell their products and services internationally without such a program in place. Penalties for failure to comply with these requirements may result in the loss of export privileges, fines and imprisonment, not to mention damaging publicity.
We do not believe that we could have articulated it better. Compliance Convergence in these areas demonstrates that the ostrich days of a sticking your head in the sand regarding export controls are long gone. But just as convergence demonstrates the widening scope of compliance, we believe that it provides opportunities for cross-discipline compliance. Export control needs to talk to the FCPA compliance attorney and let them know the screening they perform on a regular basis. A company’s treasury or finance department needs to communicate its offshore payment policy regarding its prohibition of payment of any invoices in countries other than the home country of the payee or where the work was perform. There is an opportunity to learn from each of these disciplines so take advantage of the Compliance Convergence in your company.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2011