By John Herzo, Senior Associate, FD Associates, Inc.
And Jenny Hahn, President, FD Associates, Inc.
April 11, 2023
Background:
On February 27, 2023, 3D Systems Corporation (“3D Systems”) entered into a settlement agreement with the Department of Commerce, Bureau of Industry and Security (“BIS”) for violations of the Export Administration Regulations (“EAR”) resulting in a fine up to $2,777,570; a three (3) year consent agreement with the Department of State for violations of the International Traffic in Arms Regulations (“ITAR”) with a fine of up to $20,000,000; and a settlement with the Department of Justice for violations of the False Claims Act with a fine of up to $4,540,000. In addition to the fines related to the EAR violations, 3D Systems must conduct two (2) audits of its export controls compliance program and is subject to a three-year denial of its export privileges under the EAR. Based on the ITAR violations, 3D Systems will engage an external Special Compliance officer for at least the first year of its 3 year Consent Agreement with the Department of State and will conduct two external audits of its ITAR compliance program and implement additional compliance measures.
3D Systems’ violations, included those of its subsidiary Quickparts.com, Inc., (“Quickparts”). Quickparts provided prototypes and low-volume production parts using traditional computer numerical control machining, cast urethane modeling, and injection molding services. Quickparts regularly exported customer data primarily to third-party suppliers abroad, including China, for quotation and potential production.
3D Systems’ violations, including those of operating divisions, subsidiaries (in particular Quickparts), and business units, of the EAR, ITAR and False Claims Act included:
• Exports to China without a license;
• Acting with knowledge a violation would occur by exporting EAR-controlled technology to China without the required license; exports, reexports and transfers of technology/technical data to Germany without a license;
• Exports, reexports and transfers to Taiwan without an ITAR license;
• Exports, reexports and transfers to China without an ITAR license;
• Exports of technical data to foreign person employees (FPEs) from India and the United Kingdom;
• A failure to maintain records; and
• Violations of the False Claims Act by improperly transmitting export-controlled technical data to China in violation of the export control laws of the United States in connection with certain NASA and DOD contracts.
Having an effective compliance program including training that educates all employees on all aspects of export is a foundational element of a trade compliance program. The facts of this case presented several lessons that industry should take note of when making exports and vetting suppliers. These actions resulted in the noted enforcement actions:
• Heed the warning. The enforcement actions taken against 3D Systems, including those of operating divisions, subsidiaries (in particular Quickparts), and business units by the Department of Commerce, Department of State and the Department of Justice began when a customer of Quickparts notified Quickparts in 2015 of potential violations of the EAR in connection with the export of technology subject to the EAR to China. The customer also informed Quickparts that it had submitted a voluntary disclosure to the United States Government regarding such potential violations. 3D Systems and Quickparts did not act on this information by filing their own self-disclosure and they continued to make exports to China without export licenses. It was not until two years later, after a visit by the BIS’ Office of Export Enforcement in April 2017 and in response to BIS’s October 2017 administrative subpoenas, that 3D Systems/Quickparts subsequently filed self-disclosures; and
• The agencies talk! An interagency referral from BIS/OEE to the Department of Justice led to the civil settlement between the Department of Justice and 3D Systems to resolve allegations that 3D Systems violated the False Claims Act by improperly transmitting export-controlled technical data to China in violation of the export control laws of the United States in connection with certain NASA and DOD contracts; and
• You are responsible for the acts of your subsidiaries, even when sold. Most of the ITAR, EAR and False Claims Act violations by Quickparts occurred when Quickparts was a subsidiary of 3D Systems. 3D Systems sold Quickparts in June of 2021, to Trilantic North America, a middle-market private equity firm, prior to the enforcement actions taken against 3D Systems. By charging 3D Systems after the sale of its subsidiary, BIS, the Department of State and the Department of Justice broke prior precedent of applying successor liability to the new owner. To date, BIS, the Department of State and the Department of Justice have not taken any known enforcement action against Quickparts’ new owner, Trilantic North America; and
• Export Jurisdiction and Classification analysis: A foundational element of all trade compliance programs is knowing the export jurisdiction (ITAR or EAR) of incoming technical information. Before exporting technical data received from customers, the exporter must establish the export jurisdiction (ITAR or EAR) and the export classification within the U.S. Munitions List (USML) for ITAR or Commerce Control List (CCL) for EAR. These determinations drive the export licensing requirements. Not knowing or understanding the export markings on technical data identifying the export jurisdiction or classification led to the export violations of the nature described herein; and
• Know where your technical data is stored on your network. The violations regarding exports to Germany occurred because 3D Systems arranged for the backup of the U.S. email systems for Quickparts’ and other subsidiaries to a server in Germany creating an immediate export scenario. Employee emails containing design documents such as blueprints, drawings, plans, diagrams, engineering designs and specifications, computer-aided design files were included in these email files. It is imperative that company IT personnel and management understand the risks with backup of emails and other programs that will contain export controlled information to servers outside the U.S. and being able to identify where in your network your technical data or your customers technical data is critical to a successful export compliance program. Not only is the unencrypted backup of technical data a contravention of U.S. export rules, any government contractor may cause violations of the NIST 800-171 and DFARS Cybersecurity rules by doing so; and
• Fox in the hen house. Hiring foreign persons creates an immediate export scenario. Placing these persons in positions of direct responsibility for ITAR and EAR controlled programs obligates the company to first secure the access to export controlled technical data until they have secured the appropriate ITAR and EAR Foreign Person Employee Licenses from the appropriate government agencies. 3D Systems or its subsidiaries failed to lock down the network and failed to obtain the required Foreign Person Employee Licenses; and
• Restricting network access: Implementing network access requirements to the level of “need to know” and coordination with IT to block folders with export controlled content regulated by the ITAR or EAR is the first step to ensuring export compliance until the foreign person employees or foreign subsidiaries have been granted ITAR and EAR authorizations to such export controlled data for specific programs; and
• Understanding restricted countries: An essential element of any trade compliance program is training personnel on the export status of individual countries under sanction. The ITAR, EAR and OFAC all have different levels of restrictions on countries, in addition to that placed on individuals and entities. China has been an armed embargoed nation under the ITAR since 1989; and
• Maintenance of Records: It is an ITAR and EAR requirement to maintain records for a minimum period of five years from the date of export. It is expected that the company export compliance program will have specific policies and procedures including the retention of employee emails for the required period. This includes all related records including those created by former employees. The enforcement actions against 3D Systems, its operating divisions, subsidiaries and business units included failures to maintain records pursuant to the EAR and the ITAR. Email accounts were deleted when employees left the company; and
• Don’t be snarky with the government: Statements made in voluntary disclosure filings should genuinely reflect the serious nature of violation(s) being disclosed and express respect to the government process. Discounting the importance of conducting a full review and investigation into possible violations because the company deems it burdensome will result in only one outcome. A financial penalty.
This article explores the details of these violations below.
EAR:
3D Systems entered into a settlement agreement with BIS regarding nineteen (19) violations of the EAR.
On November 30, 2015, a Quickparts customer notified Quickparts of potential violations of the EAR in connection with the export of technology subject to the EAR to China. The customer also informed Quickparts that it had submitted a disclosure to the United States Government regarding such potential violations. On April 19, 2017, in connection with the disclosure, a BIS Special Agent conducted an outreach with 3D Systems’ then Director of Operations and Special Projects. On April 20, 2017, BIS issued a Warning Letter to 3D Systems regarding the conduct described in the disclosure. 3D Systems and Quickparts therefore knew or had reason to know that certain technology it handled regularly as part of its On Demand Manufacturing (“ODM”) business unit that was subject to the EAR and likely required BIS licenses prior to its release to most countries, including China. However, despite the outreach and explanation by a BIS Special Agent of the Company’s export control compliance obligations under the EAR, neither 3D Systems nor Quickparts sought to or obtained a license for such technology before exporting it. Thus, by forwarding technology subject to the EAR to China without the required BIS license it was with knowledge that a violation of the EAR had occurred. Refer to 15 C.F.R. § 772.1, which provides that “Knowledge of a circumstance (the term may be a variant, such as ‘know,’ ‘reason to know’ or ‘reason to believe’) includes not only positive knowledge that the circumstance exists or is substantially certain to occur, but also an awareness of a high probability of its existence or future occurrence. Such awareness is inferred from evidence of the conscious disregard of facts known to a person and is also inferred from a person’s willful avoidance of facts.”
The first two charges related to the export of controlled technology to China without a license. On two occasions from October 2, 2015 through October 3, 2015, 3D Systems’ subsidiary Quickparts exported technology subject to the EAR to China without the required license from the Department of Commerce. Specifically, Quickparts exported design documents such as blueprints, drawings, plans, diagrams, engineering designs and specifications, computer-aided design files, via e-mail to its then-subsidiary’s office located in China. These design documents were technology required for the development, production, operation, installation, repair, overhaul, or refurbishing of spacecraft and related commodities, classified under Export Control Classification Number (“ECCN”) 9E515. The 9E515 technology at issue is controlled for national security and regional stability related reasons, and, pursuant to Sections 742.4 and 742.6 of the EAR, a BIS license was required to export such items to China (and per the EAR a policy of denial exists for such license applications).
The next four charges relate to 3D Systems and Quickparts acting with knowledge of a violation by exporting EAR-controlled technology to China without the required license. On four occasions from June 14, 2016, through February 7, 2018, Quickparts exported technology subject to the EAR to China with knowledge that a violation of the EAR had occurred, was occurring, or was about to occur in connection with the export. Specifically, Quickparts released design documents such as blueprints, drawings, plans, diagrams, engineering designs and specifications, computer-aided design files, via e-mail to its Chinese subsidiary. The design documents were technology required for military electronics, classified under ECCN 3E611 and technology required for the development, production, operation, installation, repair, overhaul, or refurbishing of spacecraft and related commodities, classified under ECCN 9E515. Both 3E611 and 9E515 technology are controlled for national security and regional stability related reasons. A BIS license was required to export such items to China.
Four charges related to 3D Systems, via Quickparts, engaging in prohibited conduct by exporting EAR-controlled technology to Germany without the required license. On four occasions between January 21, 2015 and June 14, 2016, Quickparts exported technology subject to the EAR to Germany without the required license from the Department of Commerce. Specifically, Quickparts’ employee emails containing design documents such as blueprints, drawings, plans, diagrams, engineering designs and specifications, computer-aided design files, were stored on a server located in Germany. These design documents were classified under ECCN 3E611, technology required for military electronics, and ECCN 9E515, technology required for the development, production, operation, installation, repair, overhaul, or refurbishing of spacecraft and related commodities. Both the 3E611 and 9E515 technology at issue was controlled for national security and regional stability related reasons, and pursuant to Sections 742.4 and 742.6 of the EAR, a BIS license was required to export such items to Germany. All Quickparts employee emails and attachments were stored on a server located in Germany, which “mirrored” the email server in the United States. When the mirrored server was activated in December 2014, any emails in an employee’s inbox as of that date, and those that the employees sent or received after that date, were transferred to the German server. 3D Systems ceased the practice for its subsidiary’s in December 2017 and fully decommissioned the German server in October 2018, since which time all 3D Systems employee email, including those of its operating divisions, subsidiaries and business units are hosted exclusively in the United States.
Lastly, 3D Systems failed to comply with the EAR’s recordkeeping requirements. Between January 21, 2015 and February 7, 2018, in connection with the transactions described in the charges referenced above, 3D Systems failed to comply with the recordkeeping requirements set forth in Section 762.2 of the EAR. 3D Systems failed to retain documents required to be retained under Section 762.2, including contracts relating to these exports.
Based on the violations described above, 3D Systems was assessed a civil penalty in the amount of $2,777,570, that was required to be paid to the U.S. Department of Commerce within 30 days of the date of the Order. 3D Systems shall complete two (2) audits of its export controls compliance program. 3D Systems Corporation is subject to a three-year denial of its export privileges under the EAR. Such denial shall be suspended for a probationary period of three years, and shall thereafter be waived, provided that 3D Systems has made full and timely payment as set forth above, has completed the audits and submitted the audit results as set forth above, and has not committed another violation of EAR or any order, license, or authorization issued under the EAR.
ITAR:
As noted, in October 2017, the Bureau of Industry and Security served a subpoena on 3D Systems seeking information related to potential export violations under the EAR. Following the receipt of the subpoena, 3D Systems expanded the scope of its internal investigation of Quickparts’ handling of export control data, which resulted in the discovery of ITAR violations that 3D Systems disclosed to the Department of State in three disclosures. The violations involved unauthorized exports, reexports, and retransfers of technical data to Germany, Taiwan, and China; unauthorized exports of technical data to foreign person employees (FPEs) from India and the United Kingdom; and a failure to maintain records related to foreign person employees’ and exports of technical data to Germany and China.
3D Systems agreed to pay a civil penalty of $20,000,000 pursuant to the 3 year Consent Agreement with the Department of State. Half of the civil penalty, $10,000,000, will be suspended if 3D Systems uses $10,000,000 for Department of State approved remedial compliance measures to strengthen 3D Systems’ compliance program. 3D Systems will also engage an external Special Compliance officer for at least the first year of the Consent Agreement and will conduct two external audits of its ITAR compliance program and implement additional compliance measures.
From December 2014 to October 2018, 3D Systems stored all employee emails, including Quickparts employee’s email that contained technical data and attachments, on an unencrypted email server located in Germany, which “mirrored” the email exchange server in the United States to provide a back-up system and improve service for users outside of the United States. Through this mirroring process, all email 3D Systems employees sent or received appeared simultaneously on 3D Systems’ U.S. and German email servers. 3D Systems reported that emails on its U.S. and German servers contained technical data controlled under multiple USML Categories, including IV(i), VII(h), VIII(i), XII(f), and XIII(l), for the purpose of providing quotation and manufacturing services for third-party customers and troubleshooting technical issues. As a result of the implementation of this mirroring process, 3D Systems exported without authorization ITAR-controlled technical data to Germany many times when its employees’ emails containing technical data appeared on its German servers.
3D Systems ceased mirroring to the German server of Quickparts’ employee emails in December 2017. However, in addition to Quickparts employees’ emails, emails from employees in other 3D Systems business units were also mirrored to the unencrypted email server in Germany. At the time, Advanced Manufacturing Group (“AMG”) was a business unit within 3D Systems. AMG created benchmarking parts for potential 3D Systems customers in connection with the sale of its 3D printers. As part of the benchmarking process, 3D Systems customers provided AMG with technical data to print test parts so that the customers could evaluate the capabilities of 3D Systems’ printers. Customers occasionally provided ITAR-controlled technical data to AMG as part of their benchmarking requests, including via email. The mirroring continued until October 2018, when 3D Systems fully decommissioned the German server. Thus, until October 1, 2018, 3D Systems automatically backed-up ITAR-controlled technical data included in emails to the unencrypted email server located in Germany, resulting in unauthorized exports. Through the use of this process, 3D Systems, its operating divisions, subsidiaries, and business units, without authorization exported technical data to Germany on multiple additional occasions.
Quickparts’ office in China, assisted Quickparts employees in the United States with obtaining quotations from third-party suppliers in China and managing projects that proceeded from quotation to production. As part of the quotation process, Quickparts employees in the United States provided requests for quotation (RFQs), which included associated technical data received from Quickparts customers in the United States, to Quickparts employees in China without authorization. The Quickparts employees in China retransferred the technical data to third-party suppliers in China for quotations. Also, Quickparts employees in the United States sent RFQs and associated technical data directly to third-party suppliers in China. In some instances, the third-party suppliers in China used the technical data to manufacture ITAR-controlled defense articles. Quickparts exported without authorization technical data controlled under USML Categories IV(i), XII(f), and XIII(l) 36 times and Quickparts China retransferred without authorization technical data 28 times from December 2015 to December 2017.
Quickparts’ offices in China sometimes used overseas third-party suppliers located in countries other than China as part of the quotation process. For example, between June 2017 and April 2018, Quickparts’ offices in China reexported without authorization ITAR-controlled technical data from China to Taiwan. On three such occasions, Quickparts’ offices in China emailed technical data to Idea Development Company in Taiwan.
3D Systems identified two foreign person employees (FPEs) (one each from India and the United Kingdom, respectively) whose job functions required export controlled information which meant 3D Systems/Quickparts had without authorization repeatedly exported ITAR-controlled technical data to the FPEs. The two FPEs were a Sales Manager and a Manufacturing Manager who reviewed ITAR-controlled documents to provide customers and Quickparts personnel with advice regarding the manufacturing options. These two individuals had substantive interactions with ITAR-controlled technical data whenever a customer’s question or production issue was brought to their attention. These activities likely resulted in unauthorized exports of technical data to other foreign persons/entities listed under several USML Categories referenced.
3D Systems failed to produce copies of multiple records related to its ITAR controlled activities that the Department of State requested, which limited the scope of the Department’s investigation. The full scope of 3D System’s, including those of its operating divisions, subsidiaries and business units, unauthorized exports to China and Germany, retransfers within the China, and exports to FPEs is unknown because 3D Systems disclosed that it did not maintain complete records for:
• Unauthorized exports of technical data via email;
• The members of the Quickparts China email distribution list, and thus the number of unauthorized exports and retransfers;
• The nationality of employees who received technical data from customers; and
• The individual use of technical data on company servers because IT systems did not record this information.
As a consequence of not having a central system to transfer RFQs and associated ITAR-controlled technical data within 3D Systems, 3D Systems only has records of the exports of ITAR-controlled technical data in employee emails. Historically, 3D Systems had not implemented a document retention policy with respect to employee emails. In some instances, 3D Systems deleted former employee emails upon their departure or sometime thereafter. 3D Systems identified 30 former employees, approximately 16 percent of the total employees potentially involved in exporting technical data, for whom emails were no longer available for review. The failure to retain these employees’ emails meant 3D Systems did not maintain complete records of all exports to Germany and China these employees made, even though, based on their job duties, they exported technical data to Germany and China.
In addition to the failure to maintain employee emails, any 3D Systems employee with IT credentials had the ability to locate folders containing ITAR technical data, and all users’ credentials permitted them to open and view documents within those folders. 3D Systems identified 65 FPEs who worked for 3D Systems since January l, 2012, and who could have accessed ITAR-controlled technical data due to their IT systems access credentials. 3D Systems’ IT system was not designed to track individual access to technical data. As a result, 3D Systems could not provide records of exports of ITAR-controlled technical data to these FPEs even if, based on their job duties, some exports likely did occur. 3D Systems identified additional business units other than Quickparts and AMG that may have received ITAR-controlled technical data from customers. Specifically, 3D Systems reported that the plastics printer sales team (Plastic Printer Sales) and the software services and technical support teams (Services & Support) on occasion received ITAR-controlled data from potential plastic printer customers and from customers experiencing technical issues with software purchased from 3D Systems. However, while 3D Systems acknowledged that it is likely that the employees of the Plastic Printer Sales and the Services & Support business units had their email mirrored to the German server until October 2018, 3D Systems did not conduct a review for potential ITAR violations because they believed “the risk of controlled data existing in these employees’ email was low, conducting a review of this email was unlikely to uncover potential ITAR violations and therefore did not justify such a burdensome review.”
Department of Justice:
3D Systems agreed to pay the United States up to $4.54 million to resolve allegations that it violated the False Claims Act by improperly transmitting export-controlled technical data to China in violation of the export control laws of the United States in connection with certain NASA and DOD contracts.
Per the terms of a civil settlement executed with the Department of Justice on February 27, 2023, 3D Systems Corporation agreed to pay $2.27 million in restitution to the federal government within 30 days. The company may be required to pay an additional $2.27 million in penalties under the Justice Department settlement agreement, for a total of up to $4.54 million, if it fails to pay at least that amount in civil penalties to the Department of State and the Department of Commerce in connection with the parallel administrative settlements referenced above.
According to the Justice Department Settlement Agreement, 3D Systems, through its Quickparts subsidiary completed on-demand manufacturing projects both directly and indirectly on contracts issued by DOD and NASA, including for projects involving technical or other data potentially classified under and controlled by the International Emergency Economic Powers Act, the Arms Export Control Act, the Export Administration Regulations, and/or the International Traffic in Arms Regulations.
The referenced Export Control Laws prohibit certain controlled items and/or intellectual property from being exported to certain foreign countries, including China, without a license or authorization from the appropriate federal agencies. In the Justice Department settlement agreement, the United States alleged that between January 1, 2012 and December 31, 2017 3D Systems exported certain items and/or intellectual property to China without the appropriate license or authorization in violation of the Export Control Laws in connection with certain contracts issued by DOD and NASA in violation of the False Claims Act. The claims resolved by the settlement are allegations only. There has been no determination of liability.
https://www.pmddtc.state.gov/ddtc_public?id=ddtc_kb_article_page&sys_id=384b968adb3cd30044f9ff621f961941 and https://www.bis.doc.gov/index.php/documents/about-bis/newsroom/press-releases/3233-2023-02-27-3d-press-release/file and https://efoia.bis.doc.gov/index.php/documents/export-violations/export-violations-2023/1468-e2807/file and https://www.justice.gov/usao-ndtx/pr/3d-printing-company-pay-454-million-settle-false-claims-act-allegations-export and https://www.3dsystems.com/press-releases/3d-systems-announces-sale-demand-manufacturing-business