Consultants Corner Archives - FD Associates, Inc.

ITAR Brokering – The Good, The Bad and the Ugly

John Hezro, Senior Associate of ITAR for FD Associates

By John Herzo, Senior Associate, FD Associates, Inc.

Edited by Jenny Hahn, President, FD Associates, Inc.

September 20, 2023

Did you know that the International Traffic in Arms Regulations (“ITAR”) has an entire chapter devoted to non export activities?? ITAR Part §129 relates to brokering activities performed by U.S. Persons (individuals and companies), foreign companies owned by U.S. persons and foreign persons conducting brokering activities in the U.S. The ITAR’s brokering requirements are some of the most challenging aspects of the ITAR to understand and comply with. This article will provide you with a quick guide to the brokering requirements.

Before we step into this discussion, we explore a recent Department of State consent agreement levied on a U.S. company who did not appreciate the complexities of the ITAR’s brokering requirements. On August 25, 2023, Island Pyrochemical Industries Corp (“IPI”) entered into a 3 year consent agreement with the Department of State (“DOS”) regarding certain violations of the ITAR, including brokering violations. They received a civil penalty and have committed to a monitored compliance program for 3 years. The Charging Letter, Consent Agreement and Order (Link here) are for public display on the Department of State website.

IPI is a small, privately held corporation with less than 100 employees and a manufacturer and supplier of specialty chemicals and related materials with a variety of applications in both the commercial and military sectors, including rocket propellants and precursor chemicals used in explosive ordnance. IPI has affiliates in Brazil and the People’s Republic of China (“PRC”). IPI engages in both domestic and foreign sales.

After registering as a broker in March, 2015, on or around April 2015, IPI contacted three companies to discuss the procurement of ammonium perchlorate (“APC”). APC is listed on the US Munitions List and is considered a defense article. IPI, including IPI’s President and Chief Executive Officer (“CEO”), met with representatives from Avibras Industria Aeroespacial SA (“Avibras”), a Brazilian company, to discuss a transaction to procure APC for Avibras’ use in manufacturing certain rockets for its client, the Kingdom of Saudi Arabia.

At the same time, IPI contacted Dalian Gaojia Chemical Co., Ltd (“Dalian”), a PRC manufacturer of APC, and an export company, Aerospace Long-March International Co., Ltd. (“ALIT”), a subsidiary of China Aerospace Science and Technology Corporation, about the supply of APC to Brazil from China.

By undertaking these activities, IPI, engaged in brokering activities, as described in ITAR Part §129.2)\, by facilitating communications and engagement between Avibras. Brazil and ALIT, China[1]. On May 27, 2015, IPI entered into an agreement with Avibras for the procurement of APC from ALIT. The underlying communications validated that IPI was taking an action on behalf of another, coordinating the sale and delivery of the APC from ALIT, China to Avibras, Brazil.

In addition to this activity, IPI also engaged in multiple brokering activities in this transaction involving the solicitation, promotion, negotiating, contracting for, arranging, and otherwise assisting in the purchase of APC from China. All of this was done without obtaining a broker authorization from the Department of State, after having attempted to secure an export license for the transaction.

IPI’s brokering activities included:

(1) Recommending courses of action to Avibras on obtaining the APC from the PRC and assisting in arranging meetings with suppliers during a planned trip to the PRC, thereby negotiating for, arranging for, and otherwise assisting in and facilitating the purchase of APC by Avibras and the transfer of the APC from the PRC to Brazil;

(2) IPI finalizing an arrangement to supply Avibras with APC manufactured in the PRC thereby facilitating the manufacture and intended export of a foreign defense article from the PRC to Brazil on behalf of Avibras;

(3) IPI arranging for shipment of APC from the PRC to Brazil on behalf of Avibras;

(4) IPI issuing Dalian the final specifications for the APC thereby facilitating, on behalf of Avibras, the manufacture of the APC;

(5) IPI providing a down payment to Dalian to enable Dalian to begin manufacturing the APC thereby facilitating on behalf of Avibras Dalian’s manufacture of APC; and

(6) IPI arranging for Avibras to send a purchase order to ALIT with pricing specified by IPI for shipment of APC from the PRC to Avibras in Brazil demonstrating that IPI assisted in the export and transfer of APC from the PRC to Brazil on behalf of Avibras.

As stated earlier, IPI registered with the DOS as a broker in March, 2015. Such registration implies that IPI understood the requirements of the ITAR, particularly related to brokering. IPI then applied for a DSP5 permanent export license for unclassified materials and technical data in July, 2015 in connection with the sale of the APC material to Avibras, listing itself as the manufacturer and ALIT, China as an intermediary party. Apply for a DSP-5 license implied that the APC was being exported from the United States to Brazil, not the transfer from China to Brazil of APC. The DOS rejected the DSP-5 application seeking an explanation on the roles of the parties. In a resubmission of the DSP-5 license, in August, 2015, ALIT was no longer listed, but IPI was still listed as the manufacturer. The application was DENIED because it was not consistent with U.S. national security and foreign policy objectives. This was because China is an ITAR 126.1 sanctioned country. The facts described herein were described in a Directed Disclosure response by IPI to DOS. (meaning that IPI did not voluntarily report these actions to the DOS).

IPI was charged with 3 violations of the ITAR, count one – unauthorized brokering without a license, counts 2 and 3, misrepresentation or omission of facts in an export control document.

DOS determined that IPI’s unauthorized brokering activities demonstrated a disregard for its export compliance responsibilities.

IPI was fined $850,000 by the Department of State, required to appoint a Special Compliance Officer, complete a Classification Review, obtain an Audit by an outside auditor, allow onsite reviews by the Department of State and obtain export compliance training, among other remedial measures. The fine and remedial measures are significant for a small company with less than 100 employees.

Provided below is guidance to assist your company’s compliance with the ITAR’s brokering requirements found at § 129 of the ITAR.

Broker Registration

The first step is registration with the Department of State specifically as a broker. It is a precondition for applying for broker prior approval licenses (when needed). Registration is required for only one brokering activity. Registration as a broker is separate from registration as a manufacturer or export.

Pursuant to §129.3, the following persons must register as a broker:

U.S. and foreign persons meeting the definition of a broker must register with the Department of State as a broker per the ITAR at §129.3(a); and
Broker registrations are submitted via the Department of State’s DECCS electronic licensing system using form DS2032 and checking the box for broker.

The ITAR at §129.3(b) includes the following exemptions from the broker registration requirements:

Foreign governments or international organizations, including their employees, acting in an official capacity; and
Persons exclusively in the business of financing, insuring, transporting, customs brokering, or freight forwarding, whose activities do not extend beyond financing, insuring, transporting, customs brokering, or freight forwarding. Examples include air carriers or freight forwarders that merely transport or arrange transportation for licensed defense articles, and banks or credit companies who merely provide commercially available lines or letters of credit to persons registered or required to register in accordance with §122 or 129.

Who Is A Broker

Before you register as a broker, you need to know who the ITAR defines as a broker and how it defines brokering activities. The ITAR at §129.2(a) defines who a broker is as follows:

Broker means any person who engages in the business of brokering activities:
- Any U.S. Person wherever located;
- Any foreign person located in the United States; or
- Any foreign person located outside the United States where the foreign person is owned or controlled by a U.S. Person.

The key point to remember regarding the ITAR’s definition of a broker is that it only captures foreign persons when they are located in the U.S. or foreign person located outside the United States where the foreign person is owned or controlled by a U.S. Person. Therefore, most foreign persons are NOT subject to the ITAR’s brokering regulations and do NOT need to register as a broker.

What Is Considered ITAR Brokering

The next step is to define what constitutes what the ITAR considers is brokering as it may differ from the traditional brokering activities. The ITAR at §129.2(a) defines brokering activity as follows:

Any action on behalf of another to facilitate the manufacture, export, permanent import, transfer, reexport, or retransfer of a U.S. or foreign defense article or defense service, regardless of its origin;
Such action includes, but is not limited to: financing, insuring, transporting, or freight forwarding defense articles and defense services; or
Soliciting, promoting, negotiating, contracting for, arranging, or otherwise assisting in the purchase, sale, transfer, loan, or lease of a defense article or defense service.

As you can see, a company can perform a brokering activity that does not involve the export from the United States of ITAR controlled technical data, hardware or defense services. In IPI’s case it was the transfer of material described in the ITAR’s U.S. Munitions List from China to Brazil at the heart of the broker violation.

“Any action on behalf of another” is broad and applicable to any actions that facilitate the manufacture, export, permanent import, transfer, reexport, or retransfer of a U.S. or foreign defense article or defense service. The phrase “any action” has been interpreted to mean several different things, for instance:

Exactly what it says, any action. This could be as simple as providing an email address or phone number of prospective foreign buyer of a U.S. or foreign defense article to the seller of the defense article;
Letting a purchase order for the drop shipment of a foreign defense article from one foreign country to another foreign country;
Initiating the manufacturing activity, caused when the purchase order is let, which starts the manufacturing process for a defense article that will be shipped from one foreign country to another foreign country; or
Initiating or supporting the shipping arrangements to have the material finalized for the drop shipment from one foreign country to another foreign country.

To determine if the activities your company engages in are brokering activities pursuant to the ITAR, first ask yourself, is your company assisting in the transaction in the following types of administrative activities as referenced in §129.2(b)(2):

Providing or arranging office space and equipment;
Providing hospitality;
Providing advertising;
Providing clerical assistance;
Providing assistance with obtaining visas;
Providing translation services;
Collecting product and pricing information to prepare a request to proposal;
Promoting company goodwill at trade shows; or
Providing legal advice to clients.

If your company is performing any of the administrative activities referenced above, it is not performing a brokering activity.

The following are also not brokering activities per §129.2(b)(2):

Activities performed by an affiliate on behalf of another affiliate; and
Activities by persons, including their regular employees, that do not extend beyond acting as an end-user of a defense article or defense service exported pursuant to a license or other approval under §123, §124, or §125, or subsequently acting as a reexporter or retransferor of such article or service under such license or other approval, or under an approval pursuant to §123.9.

If the activities your company engages in aren’t listed above, ask yourself is this transaction related to the prospective sale and/or export or import (as applicable) of U.S. or foreign origin ITAR regulated (or enumerated) hardware, technical data or services, and are on behalf of another party, U.S. or foreign? If your answer is yes, ask yourself, is my company taking any of the following actions:

Soliciting the sale of the ITAR regulated[2] (or enumerated[3]) hardware?
Promoting the sale of the ITAR regulated (or enumerated) hardware?
Negotiating the sale of the ITAR regulated (or enumerated) hardware?
Contracting for the sale of the ITAR regulated (or enumerated) hardware?
Arranging for the sale and/or export or import of the ITAR regulated (or enumerated) hardware?
Arranging the transfer of foreign defense articles from the foreign supplier to a foreign purchaser or foreign end user?
Obtaining a DSP-5 license for the export of the ITAR regulated hardware (or enumerated) or a DSP-61 for the temporary import of ITAR regulated hardware on behalf of another?
Obtaining an ATF Form 6 Permanent Import Permit for the permanent import of ITAR regulated (or enumerated) hardware that is listed on the ATF’s United States Munitions Import List (“USMIL”), on behalf of another?
Buying foreign origin ITAR enumerated hardware listed on the ITAR’s United States Munitions List (“USML”) or equipment listed on the USMIL from a foreign manufacturer or foreign owner for delivery to the U.S. for sale to another U.S. party?

If you answer yes to any of the above, brokering is occurring and a broker license will be required from the Department of State prior to ANY brokering activity taking place, for the articles listed below pursuant to §129.4(a)(2), if listed on the USML or the USMIL and for any foreign origin defense articles listed on the USML or listed on the USMIL, unless a license exemption is available:

Firearms and other weapons described by USML and USMIL Category I(a) through (d), USML and USMIL Category II(a) and (d), and full up rounds of Ammunition described in USML and USMIL Category III(a);
Rockets, bombs, and grenades as well as launchers for such defense articles described by USML Category IV(a), and launch vehicles and missile and anti-missile systems described by USML Category IV(b) (including man-portable air-defense systems);
Vessels of war described by USML Category VI;
Tanks and military vehicles described by USML Category VII;
Aircraft and unmanned aerial vehicles described by USML Category VIII;
Night vision-related defense articles and inertial platform, sensor, and guidance-related systems described by USML Categories XII(c) and (d);
Chemical agents and precursors described by USML Categories XIV(a), (d), and (e), biological agents and biologically derived substances described by USML Category XIV(b), and equipment described by USML Category XIV(f) for dissemination of the chemical agents and biological agents described by USML Categories XIV(a), (b), and (e);
Submersible vessels described by USML Category XX; and
Miscellaneous articles described by USML and USMIL Category XXI.

Broker License Exemptions

If you determine that your company is brokering and requires prior approval brokering authorization, the next step of the process is to determine if any of the ITAR’s brokering license exemptions apply to your transaction. The ITAR’s brokering license exemptions are found at §129.5(a) and §129.5(b).

Pursuant to §129.5(a), brokering activities undertaken for an agency of the U.S. government pursuant to a contract between the broker and that agency are exempt from the requirement for approval provided that:

The brokering activities concern defense articles or defense services solely for the use of the agency; or
The brokering activities are undertaken for carrying out a foreign assistance or sales program authorized by law and subject to control by the president by other means, as demonstrated by one of the following conditions being met:
- The U.S. Government agency contract with the broker contains an explicit provision stating the contract supports a foreign assistance or sales program authorized by law and the contracting agency has established control of the activity covered by the contract by other means equivalent to that established under this subchapter; or
- The Directorate of Defense Trade Controls provides written concurrence in advance that the condition is met.

Pursuant to §129.5(b), brokering activities regarding a foreign defense article or defense service are exempt from the requirement for approval when arranged wholly within and destined exclusively for the North Atlantic Treaty Organization, any member country of that organization, Australia, Israel, Japan, New Zealand, or the Republic of Korea, except in the case of the defense articles or defense services specified in § 129.4(a)(2) (see above), for which a broker license is required.

In order to use the broker license exemptions at §§ 129.5(a) and 129.5(b), pursuant to §129.5(c), brokers engaging in brokering activities described in §§129.5(a) or (b) are not exempt from obtaining a broker license from the Department of State if:

The broker is not registered as required by §129.3; or
The broker or any person who has a direct or indirect interest in or may benefit from the brokering activities, including any related defense article or defense service transaction, is ineligible as defined in §120.1(c)(2); or
A country or person referred to in §126.1 of this subchapter is involved in the brokering activities or such activities are otherwise subject to §129.7.

Broker Licensing

If your company is performing brokering activities and does not meet the requirements of the broker license exemptions referenced above, your company will need to submit a broker license (DS4294) to the Department of State, after it has secured a Broker registration code and before it undertakes any brokering activity. Below are the steps to file a broker license request:

The broker license request must be filed via the DS4294 form utilizing the Department of State’s DECCS electronic licensing system detailing the known specifics of the transaction, refer to §129.6(b);
Must identify the applicant’s name, address and PM/DDTC broker registration code;
Identify the specific brokering activity to be approved;
Identify the name, nationality, address, and place of business of all persons who may participate in the brokering activities;
Requires the ITAR 126.13 certification;
Must identify the specific defense article(s) or defense services involved as follows:
- The USML/USMIL category;
- The name or military nomenclature of each defense article;
- Whether the defense article is Significant Military Equipment;
- Estimated quantity of each defense article;
- Estimated U.S. Dollar value of defense articles and defense services;
- Security classification;
- End-user and end-use; and
Identify whether the brokering activities are related to a sale through Direct Commercial Sale or under the U.S. Foreign Military Sales program or other activity in support of the U.S. Government.

Brokering Items On The USML Not Listed In ITAR §129.4?

Provided the defense articles, technical data or defense services are U.S. origin, and not described in ITAR §129.4, no prior brokering approval is required, unless a sanctioned country or party is involved. If no prior brokering approval is required, the broker is required to report the brokering activity specifics with each annual broker registration renewal.

Summary

As you will now conclude, the ITAR brokering regulations are complex and compliance is critical to avoid fines and compliance remedial measures as described for IPI. Some key points to remember are:

Anyone who engages in a brokering activity, even a single brokering activity, must register with the Department of State as a broker before undertaking the brokering activity;
Foreign persons must register as brokers if they are to conduct a brokering activity when they are located in the U.S. or when they are owned or controlled by a U.S. Person;
The brokering of ANY foreign defense article requires prior brokering authorization approval, unless an ITAR broker exemption applies;
Even though most small arms and full up ammunition has moved to the export jurisdiction of the Export Administration Regulations (“EAR”), the brokering of U.S. or foreign origin small arms or full up ammunition enumerated on the ATF’s USMIL require prior ITAR brokering authorization approval;
Your company can perform a brokering activity without making an export of ITAR controlled technical data, hardware or defense services;
If your company is brokering any U.S. defense articles enumerated in 129.4(a)(2) your company will require a prior approval broker license or the utilization of a broker license exemption;
If your company is brokering any foreign defense article enumerated on the USML or the USMIL, your company will require a prior approval broker license or the utilization of a broker license exemption.
If your company is brokering a foreign defense articles enumerated in 129.4(a)(2) your company can utilize the NATO, Australia, Israel, Japan, New Zealand, or the Republic of Korea broker license exemption at §129.5(b) if the transaction is wholly within these countries including the country of manufacture; and
Annually all brokering activities, licensed or unlicensed, must be reported to DOS with the annual registration renewal.

Need help?? Contact our expert export consultants and attorneys for assistance at 703-847-5801 or by email at info@fdassociates.net.

[1] China is an ITAR 126.1 arms sanctioned country

[2] ITAR Regulated = Controlled by the ITAR.

[3] ITAR Enumerated = Foreign origin equipment, no U.S. content, included in the ITAR’s United States Munitions List (USML) or the ATF’s United States Munitions Import List (USMIL).

The Second Step in ITAR Registration

ABC Company is registered with the Department of State as a manufacturer of defense articles. During the company annual registration renewal process, the ABC Company office administrator assigned to prepare the registration renewal for signature by the senior corporate officer identified that ABC Company had in the preceding 12 months since the last registration renewal moved and changed their name due to a corporate rebranding effort.

In the DECCS DS-2032 registration form, as ABC Company attempts to prepare the renewal, they find that they cannot make these changes because the name and address are greyed out on the application.

What are they doing wrong?

Is it administrative? Or is there a regulatory compliance matter that they have failed to comply with?

ABC Company is experiencing both an administrative issue and a compliance issue.

There is an administrative issue because the name and address blocks on the renewal form are greyed out; the DECCS system will not allow for these changes to be made on the renewal form. A registration amendment must be filed to change these details on the DS-2032.

There is a compliance issue because a change in company name and address requires ABC Company to notify DDTC of the changes under 22 C.F.R. § 122.4. By failing to notify DDTC, ABC Company has found themselves to be in non-compliance with the ITAR.

22 C.F.R. § 122.4 states that within 5 days of the event, or 60 days in advance, written notification must be made to DDTC by the senior officer of the registrant of that change.

What counts as a change in company information?

Any change to the eligibility and/or conviction status of those listed on the registration statement. This includes indictment or otherwise charged (i.e. by criminal information in lieu of indictment) for or conviction of violating any of the U.S. criminal statutes listed in ITAR 120.6 or foreign criminal law on exportation of defense articles where conviction of such law carries a minimum term of imprisonment greater than 1 year; or becomes ineligible to contract with, or to receive a license or other approval from any agency of the U.S.G;
Any change to your company name or address.
Any change to your company organizational structure.
Any change in the ownership or control status of the company (DDTC requires all persons directly or indirectly with 5% or more ownership to be listed)
Any change in your senior officials, owners, and board members:
- Resignations/Retirements
- New appointments
- Ownership percentage changes
Any acquisition, divestment, or establishment of a new subsidiary engaged in ITAR related activities.
Any change to parent/subsidiary or affiliate companies’ information.

As exports consultants, we routinely discover that our ITAR registered clients have failed to properly notify the Department of State, Directorate of Defense Trade Controls and Compliance (“DDTC”) of material changes to their company information. We learn of this when asking our clients to verify the accuracy of the information contained in the current DS2032 filing made 1 year earlier. Name changes, address changes, owners/officer and ownership changes are significant material changes that should be managed within your company with an eye towards making all notifications within the 5-day post event notice timeline. Failure to notify the Department of State signals that your company doesn’t have a pulse on this administrative obligation. If your company is not managing its registration within the Department of State ITAR requirements and compliance guidelines[1], what else is your company not compliant with?

All companies and organizations involved in ITAR-regulated manufacturing and exporting must have a valid registration with DDTC. Filing a registration with DDTC annually and receiving approval is the first step in ensuring your company avoids any ITAR related compliance violations.

Maintaining a valid registration is the second step. Maintenance of your registration is more involved than submitting a renewal application each year and submitting the DDTC renewal fee payment (see below for a recent update on fees). All DDTC registered companies are required to submit notification to the Department of State of certain changes to the company information listed on your registration statement. This requirement is stipulated in 22 C.F.R. § 122.4(a)[2].

22 C.F.R. § 122.4(a) requires notification to DDTC within 5 days of the event of any change to the eligibility and/or conviction status of those individuals or entities listed on the registration statement. This includes indictment or otherwise charged (i.e. by criminal information in lieu of indictment) for or conviction of violating any of the U.S. criminal statutes listed in ITAR 120.6 or foreign criminal law on exportation of defense articles where conviction of such law carries a minimum term of imprisonment greater than 1 year; or becomes ineligible to contract with, or to receive a license or other approval from any agency of the U.S.G.

22 C.F.R. § 122.4(a) also requires 5-day notification to DDTC if there is a change in the registrant’s name or address, organizational structure, ownership of control of the company, establishment, acquisition, or divestment of a subsidiary company, or any change to the board of directors, senior officers, partners, or owners.

22 C.F.R. § 122.4(b)[3] requires notification to DDTC 60 days prior to an intended sale or transfer of ownership or control of the registered company to a foreign person or entity. The 60-day notification does not relieve the requirement to notify the DDTC of the sale or transfer (5-day notice) after the Committee on Foreign Investment in the United States (CFIUS) review is complete, or to secure export licenses for any possible export of technical information during the due diligence process.

22 C.F.R. § 122.4(c)[4] requires notification to DDTC within 5 days of the event to any merger, acquisition, or divestiture of a registrant. The details of the transaction should be provided in the notification along with all licenses and agreements that will be affected by the change. Following notification to DDTC, the registrant must subsequently receive approval of the transaction.

Recent update from DDTC on registration fees:

On June 26, 2023, The Department of State’s IT Modernization Team deployed the new “Renewal Fee Details” functionality to the DECCS Registration application. This feature will only be visible to Registration application users and affect small companies who fall into the Tier 3 (submitters of more than 10 export license applications) with a reduced registration fee.

Registration tiers are based on the number of license applications submitted by the registrant. Tier 1 registrants are those submitting an initial registration application, registrants who have not submitted any license applications during the preceding 12 months, and non-profit registrants. The set fee for Tier 1 registrants is $2,250. Tier 2 registrants are those renewing their registration who have submitted 1-10 license applications during the preceding 12 months. The set fee for Tier 2 registrants is $2,750. Tier 3 registrants are those renewing their registration who have submitted more than 10 license applications during the preceding 12 months. The fee for Tier 3 registrations is based at $2,750 and increases $250 for every license application after the 10^th application.

The process:

90 days or fewer remaining prior to the Registration expiration date;
The organization is subject to a Tier 2 or Tier 3 registration renewal fee[5]; and
Organizations having a minimum of 1 or more licenses “Approved” or “Approved with Provisos” in the twelve-month window ending 90 days before Registration expiration.

Provided the above criteria are met, users will see a new “Renewal Fee Details” button in their Registration dashboard in DECCS when there are 90 days or less before the expiration date. Selecting this button will display a pop-up window featuring additional details and information on how the renewal fee was calculated. Users will now be able to see the following information consolidated into the new Renewal Fee Details window:

Registration expiration date;
License Period “Start” and “End” dates;
- Any licenses which were either “Approved” or “Approved with Provisos” within this date range were incorporated in the calculation of renewal fees;
Number of Licenses;
- Any licenses which were “Returned Without Action” (RWA) will not be included in the calculation of renewal fees;
- DS-4294 & DS-6004 licenses are not included in the calculation of renewal fees;
Total License Value;
3% of Total License Value Reduced Fee (Tier 3 Renewals Only);
- The 3% of Total License Value Reduced Fee field is provided only for calculation purposes and will not be applicable to all organizations. Please see the “Payment of Registration” website page to determine your organization’s renewal fee tier and discount fee eligibility; and
Renewal Fee Charged By DDTC.

Within this pop-up window, users will be presented with a “Download Licenses” button which generates a .csv file of all licenses considered when calculating the renewal fee charged by DDTC. This .csv file will include the case number, license type, approval date, and license value of all licenses “Approved” or “Approved with Provisos” within the license period date range that were used in the calculation of the renewal fee.

ITAR registered companies must remain vigilant in maintaining the accuracy of their registrations with The Department of State. Do not skip the second step of your ITAR registration.

[1]https://www.pmddtc.state.gov/ddtc_public/ddtc_public?id=ddtc_kb_article_page&sys_id=4f06583fdb78d300d0a370131f961913

[2] § 122.4 Notification of changes in information furnished by registrants. (a) A registrant must, within five days of the event, provide to the Directorate of Defense Trade Controls a written notification, signed by a senior officer (e.g., chief executive officer, president, secretary, partner, member, treasurer, general counsel), if: (1) Any of the persons referred to in § 122.2(b) is indicted or otherwise charged (e.g., by criminal information in lieu of indictment) for or convicted of violating any of the U.S. criminal statutes enumerated in § 120.6 of this subchapter or violating a foreign criminal law on exportation of defense articles where conviction of such law carries a minimum term of imprisonment of greater than 1 year, or becomes ineligible to contract with, or to receive a license or other approval to export or temporarily import defense articles or defense services from any agency of the U.S. Government; or (2) There is a change in the following information contained in the Statement of Registration: (i) Registrant's name; (ii) Registrant's address; (iii) Registrant's legal organization structure; (iv) Ownership or control; (v) The establishment, acquisition, or divestment of a U.S. or foreign subsidiary or other affiliate who is engaged in manufacturing defense articles, exporting defense articles or defense services; or (vi) Board of directors, senior officers, partners, or owners.

[3] (b) A registrant must notify the Directorate of Defense Trade Controls by registered mail at least 60 days in advance of any intended sale or transfer to a foreign person of ownership or control of the registrant or any entity thereof. Such notice does not relieve the registrant from obtaining the approval required under this subchapter for the export of defense articles or defense services to a foreign person, including the approval required prior to disclosing technical data. Such notice provides the Directorate of Defense Trade Controls with the information necessary to determine whether the authority of § 38(g)(6) of the Arms Export Control Act regarding licenses or other approvals for certain sales or transfers of defense articles or data on the U.S. Munitions List should be invoked (see § 126.1(e) of this subchapter).

[4] (c) The new entity formed when a registrant merges with another company or acquires, or is acquired by, another company or a subsidiary or division of another company shall advise the Directorate of Defense Trade Controls of the following: (1) The new firm name and all previous firm names being disclosed; (2) The registration number that will survive and those that are to be discontinued (if any); (3) The license numbers of all approvals on which unshipped balances will be shipped under the surviving registration number, since any license not the subject of notification will be considered invalid; and (4) Amendments to agreements approved by the Directorate of Defense Trade Controls to change the name of a party to those agreements. The registrant must provide to the Directorate of Defense Trade Controls a signed copy of such an amendment to each agreement signed by the new U.S. entity, the former U.S. licensor and the foreign licensee, within 60 days of this notification, unless an extension of time is approved by the Directorate of Defense Trade Controls. Any agreement not so amended may be considered invalid.

BIS Issues Largest Civil Penalty In History for Export from Abroad of Foreign Manufactured EAR99 Hard Disk Drives to Huawei in China

By: Keil Ritterpusch – Vice President – Compliance – FD Associates, Inc.

On April 19, 2023, the U.S. Department of Commerce Bureau of Industry & Security (“BIS”) issued a $300 million civil penalty to Seagate Technology LLC of Fremont, California (“Seagate US”) and Seagate US’s Singaporean affiliate, Seagate Singapore International Headquarters Pte. Ltd. (“Seagate Singapore”) for the export from abroad to Huawei Technologies Co. Ltd. (“Huawei”) of approximately 7,420,496 foreign manufactured Hard Disk Drives (“HDDs”) for a total sales price of $1,104,732,205.

BIS determined, through an extended investigation into sales by Seagate US and Seagate Singapore to Huawei and through the review of technologies and equipment used by Seagate affiliated companies manufacturing HDDs, that all HDDs manufactured by Seagate in China, Northern Ireland, Malaysia, Singapore, and Thailand were “subject to the EAR” when sold to Huawei (directly or by downstream parties where Seagate had knowledge). BIS reached this conclusion by applying the Export Administration Regulations’ (“EAR’s”) Foreign Direct Product Rule (“FDPR”) specific to transactions involving Huawei entities, EAR § 734.9(e)(1), to the sale of foreign manufactured HDDs by Seagate US foreign affiliates.[1]

Specifically, BIS found that Seagate HDDs manufactured outside the United States were manufactured using technology originating in the United States that was controlled for export by Export Control Classification Number (“ECCN”) 3E991, among other ECCNs, and that Seagate plants manufacturing HDDs abroad used ECCN 3B992 inspection equipment for detecting defects on HDD substrates and media. From information on Seagate US’s website, all Seagate HDDs are listed as EAR99 items. The use of this technology and equipment alone made all of their products, when sold to Huawei, “subject to the EAR”.

In reviewing information on the civil penalty imposed by BIS in BIS’s public announcement of the penalty, the BIS Order, the Settlement Agreement, and the Proposed Charging Letter (“PCL”) for the civil penalty, it is clear that two major aggravating factors were at play in this case. The first was that all of Seagate’s competitors publicly stated after August 2020 that they would not sell HDDs to Huawei. The second aggravating factor was that Seagate not only continued to sell to Huawei, but substantially increased its sales and entered into long-term supply agreements with Huawei.

(https://www.bis.doc.gov/index.php/documents/about-bis/newsroom/press-releases/3264-2023-04-19-bis-press-release-seagate-settlement/file)

Nothing in the published documents references any defenses claimed by Seagate for the sale of its foreign manufactured HDDs to Huawei. However, we can deduce that Seagate determined – albeit informally — that its foreign manufactured HDDs were “not subject to the EAR”. What the Seagate civil penalty case says for any worldwide party who sells products to Huawei or any of the 48 other Entity List entities with special FDPR Rules in EAR § 734.9(e)(2) is that the bar for determining whether your foreign manufactured products are “subject to the EAR” is very low. BIS declared emphatically in the press release for the Seagate civil penalty that companies:

“need to evaluate [their] entire manufacturing process to determine if specified U.S. technologies, [equipment] or software [are] used in building the essential tools used in production” and if specific U.S. technologies, equipment, or software are used directly in the manufacture of products outside of the United States.

Given that Huawei was added to the Entity List with a special FDPR in August 2020 and more than 45 entities were added to the Entity List with similar (if not more expansive) FDPR requirements in October 2022, this major compliance action by BIS should be a warning. BIS’s Director of Export Enforcement John Sonderman stated this expressly in the public release for the Seagate civil penalty:

“Those who would violate our FDP rule restrictions are now on notice that these cases will be investigated and charged, as appropriate”

[1] The “Huawei FDPR” was moved from Footnote 1 to Supplement No. 4 to Part 744 of the EAR to EAR § 734.9(e)(1) on February 3, 2022 (87 FR 6033), with a further revision to the “Huawei FDPR” by BIS on October 13, 2022 (87 FR 62186).

3D Systems Corporation’s Trifecta Of Violations Of U.S. Export Control Laws

By John Herzo, Senior Associate, FD Associates, Inc.
And Jenny Hahn, President, FD Associates, Inc.
April 11, 2023

Background:

On February 27, 2023, 3D Systems Corporation (“3D Systems”) entered into a settlement agreement with the Department of Commerce, Bureau of Industry and Security (“BIS”) for violations of the Export Administration Regulations (“EAR”) resulting in a fine up to $2,777,570; a three (3) year consent agreement with the Department of State for violations of the International Traffic in Arms Regulations (“ITAR”) with a fine of up to $20,000,000; and a settlement with the Department of Justice for violations of the False Claims Act with a fine of up to $4,540,000. In addition to the fines related to the EAR violations, 3D Systems must conduct two (2) audits of its export controls compliance program and is subject to a three-year denial of its export privileges under the EAR. Based on the ITAR violations, 3D Systems will engage an external Special Compliance officer for at least the first year of its 3 year Consent Agreement with the Department of State and will conduct two external audits of its ITAR compliance program and implement additional compliance measures.

3D Systems’ violations, included those of its subsidiary Quickparts.com, Inc., (“Quickparts”). Quickparts provided prototypes and low-volume production parts using traditional computer numerical control machining, cast urethane modeling, and injection molding services. Quickparts regularly exported customer data primarily to third-party suppliers abroad, including China, for quotation and potential production.

3D Systems’ violations, including those of operating divisions, subsidiaries (in particular Quickparts), and business units, of the EAR, ITAR and False Claims Act included:
• Exports to China without a license;
• Acting with knowledge a violation would occur by exporting EAR-controlled technology to China without the required license; exports, reexports and transfers of technology/technical data to Germany without a license;
• Exports, reexports and transfers to Taiwan without an ITAR license;
• Exports, reexports and transfers to China without an ITAR license;
• Exports of technical data to foreign person employees (FPEs) from India and the United Kingdom;
• A failure to maintain records; and
• Violations of the False Claims Act by improperly transmitting export-controlled technical data to China in violation of the export control laws of the United States in connection with certain NASA and DOD contracts.

Having an effective compliance program including training that educates all employees on all aspects of export is a foundational element of a trade compliance program. The facts of this case presented several lessons that industry should take note of when making exports and vetting suppliers. These actions resulted in the noted enforcement actions:

• Heed the warning. The enforcement actions taken against 3D Systems, including those of operating divisions, subsidiaries (in particular Quickparts), and business units by the Department of Commerce, Department of State and the Department of Justice began when a customer of Quickparts notified Quickparts in 2015 of potential violations of the EAR in connection with the export of technology subject to the EAR to China. The customer also informed Quickparts that it had submitted a voluntary disclosure to the United States Government regarding such potential violations. 3D Systems and Quickparts did not act on this information by filing their own self-disclosure and they continued to make exports to China without export licenses. It was not until two years later, after a visit by the BIS’ Office of Export Enforcement in April 2017 and in response to BIS’s October 2017 administrative subpoenas, that 3D Systems/Quickparts subsequently filed self-disclosures; and

• The agencies talk! An interagency referral from BIS/OEE to the Department of Justice led to the civil settlement between the Department of Justice and 3D Systems to resolve allegations that 3D Systems violated the False Claims Act by improperly transmitting export-controlled technical data to China in violation of the export control laws of the United States in connection with certain NASA and DOD contracts; and

• You are responsible for the acts of your subsidiaries, even when sold. Most of the ITAR, EAR and False Claims Act violations by Quickparts occurred when Quickparts was a subsidiary of 3D Systems. 3D Systems sold Quickparts in June of 2021, to Trilantic North America, a middle-market private equity firm, prior to the enforcement actions taken against 3D Systems. By charging 3D Systems after the sale of its subsidiary, BIS, the Department of State and the Department of Justice broke prior precedent of applying successor liability to the new owner. To date, BIS, the Department of State and the Department of Justice have not taken any known enforcement action against Quickparts’ new owner, Trilantic North America; and

• Export Jurisdiction and Classification analysis: A foundational element of all trade compliance programs is knowing the export jurisdiction (ITAR or EAR) of incoming technical information. Before exporting technical data received from customers, the exporter must establish the export jurisdiction (ITAR or EAR) and the export classification within the U.S. Munitions List (USML) for ITAR or Commerce Control List (CCL) for EAR. These determinations drive the export licensing requirements. Not knowing or understanding the export markings on technical data identifying the export jurisdiction or classification led to the export violations of the nature described herein; and

• Know where your technical data is stored on your network. The violations regarding exports to Germany occurred because 3D Systems arranged for the backup of the U.S. email systems for Quickparts’ and other subsidiaries to a server in Germany creating an immediate export scenario. Employee emails containing design documents such as blueprints, drawings, plans, diagrams, engineering designs and specifications, computer-aided design files were included in these email files. It is imperative that company IT personnel and management understand the risks with backup of emails and other programs that will contain export controlled information to servers outside the U.S. and being able to identify where in your network your technical data or your customers technical data is critical to a successful export compliance program. Not only is the unencrypted backup of technical data a contravention of U.S. export rules, any government contractor may cause violations of the NIST 800-171 and DFARS Cybersecurity rules by doing so; and

• Fox in the hen house. Hiring foreign persons creates an immediate export scenario. Placing these persons in positions of direct responsibility for ITAR and EAR controlled programs obligates the company to first secure the access to export controlled technical data until they have secured the appropriate ITAR and EAR Foreign Person Employee Licenses from the appropriate government agencies. 3D Systems or its subsidiaries failed to lock down the network and failed to obtain the required Foreign Person Employee Licenses; and

• Restricting network access: Implementing network access requirements to the level of “need to know” and coordination with IT to block folders with export controlled content regulated by the ITAR or EAR is the first step to ensuring export compliance until the foreign person employees or foreign subsidiaries have been granted ITAR and EAR authorizations to such export controlled data for specific programs; and

• Understanding restricted countries: An essential element of any trade compliance program is training personnel on the export status of individual countries under sanction. The ITAR, EAR and OFAC all have different levels of restrictions on countries, in addition to that placed on individuals and entities. China has been an armed embargoed nation under the ITAR since 1989; and

• Maintenance of Records: It is an ITAR and EAR requirement to maintain records for a minimum period of five years from the date of export. It is expected that the company export compliance program will have specific policies and procedures including the retention of employee emails for the required period. This includes all related records including those created by former employees. The enforcement actions against 3D Systems, its operating divisions, subsidiaries and business units included failures to maintain records pursuant to the EAR and the ITAR. Email accounts were deleted when employees left the company; and

• Don’t be snarky with the government: Statements made in voluntary disclosure filings should genuinely reflect the serious nature of violation(s) being disclosed and express respect to the government process. Discounting the importance of conducting a full review and investigation into possible violations because the company deems it burdensome will result in only one outcome. A financial penalty.

This article explores the details of these violations below.

EAR:

3D Systems entered into a settlement agreement with BIS regarding nineteen (19) violations of the EAR.

On November 30, 2015, a Quickparts customer notified Quickparts of potential violations of the EAR in connection with the export of technology subject to the EAR to China. The customer also informed Quickparts that it had submitted a disclosure to the United States Government regarding such potential violations. On April 19, 2017, in connection with the disclosure, a BIS Special Agent conducted an outreach with 3D Systems’ then Director of Operations and Special Projects. On April 20, 2017, BIS issued a Warning Letter to 3D Systems regarding the conduct described in the disclosure. 3D Systems and Quickparts therefore knew or had reason to know that certain technology it handled regularly as part of its On Demand Manufacturing (“ODM”) business unit that was subject to the EAR and likely required BIS licenses prior to its release to most countries, including China. However, despite the outreach and explanation by a BIS Special Agent of the Company’s export control compliance obligations under the EAR, neither 3D Systems nor Quickparts sought to or obtained a license for such technology before exporting it. Thus, by forwarding technology subject to the EAR to China without the required BIS license it was with knowledge that a violation of the EAR had occurred. Refer to 15 C.F.R. § 772.1, which provides that “Knowledge of a circumstance (the term may be a variant, such as ‘know,’ ‘reason to know’ or ‘reason to believe’) includes not only positive knowledge that the circumstance exists or is substantially certain to occur, but also an awareness of a high probability of its existence or future occurrence. Such awareness is inferred from evidence of the conscious disregard of facts known to a person and is also inferred from a person’s willful avoidance of facts.”

The first two charges related to the export of controlled technology to China without a license. On two occasions from October 2, 2015 through October 3, 2015, 3D Systems’ subsidiary Quickparts exported technology subject to the EAR to China without the required license from the Department of Commerce. Specifically, Quickparts exported design documents such as blueprints, drawings, plans, diagrams, engineering designs and specifications, computer-aided design files, via e-mail to its then-subsidiary’s office located in China. These design documents were technology required for the development, production, operation, installation, repair, overhaul, or refurbishing of spacecraft and related commodities, classified under Export Control Classification Number (“ECCN”) 9E515. The 9E515 technology at issue is controlled for national security and regional stability related reasons, and, pursuant to Sections 742.4 and 742.6 of the EAR, a BIS license was required to export such items to China (and per the EAR a policy of denial exists for such license applications).

The next four charges relate to 3D Systems and Quickparts acting with knowledge of a violation by exporting EAR-controlled technology to China without the required license. On four occasions from June 14, 2016, through February 7, 2018, Quickparts exported technology subject to the EAR to China with knowledge that a violation of the EAR had occurred, was occurring, or was about to occur in connection with the export. Specifically, Quickparts released design documents such as blueprints, drawings, plans, diagrams, engineering designs and specifications, computer-aided design files, via e-mail to its Chinese subsidiary. The design documents were technology required for military electronics, classified under ECCN 3E611 and technology required for the development, production, operation, installation, repair, overhaul, or refurbishing of spacecraft and related commodities, classified under ECCN 9E515. Both 3E611 and 9E515 technology are controlled for national security and regional stability related reasons. A BIS license was required to export such items to China.

Four charges related to 3D Systems, via Quickparts, engaging in prohibited conduct by exporting EAR-controlled technology to Germany without the required license. On four occasions between January 21, 2015 and June 14, 2016, Quickparts exported technology subject to the EAR to Germany without the required license from the Department of Commerce. Specifically, Quickparts’ employee emails containing design documents such as blueprints, drawings, plans, diagrams, engineering designs and specifications, computer-aided design files, were stored on a server located in Germany. These design documents were classified under ECCN 3E611, technology required for military electronics, and ECCN 9E515, technology required for the development, production, operation, installation, repair, overhaul, or refurbishing of spacecraft and related commodities. Both the 3E611 and 9E515 technology at issue was controlled for national security and regional stability related reasons, and pursuant to Sections 742.4 and 742.6 of the EAR, a BIS license was required to export such items to Germany. All Quickparts employee emails and attachments were stored on a server located in Germany, which “mirrored” the email server in the United States. When the mirrored server was activated in December 2014, any emails in an employee’s inbox as of that date, and those that the employees sent or received after that date, were transferred to the German server. 3D Systems ceased the practice for its subsidiary’s in December 2017 and fully decommissioned the German server in October 2018, since which time all 3D Systems employee email, including those of its operating divisions, subsidiaries and business units are hosted exclusively in the United States.

Lastly, 3D Systems failed to comply with the EAR’s recordkeeping requirements. Between January 21, 2015 and February 7, 2018, in connection with the transactions described in the charges referenced above, 3D Systems failed to comply with the recordkeeping requirements set forth in Section 762.2 of the EAR. 3D Systems failed to retain documents required to be retained under Section 762.2, including contracts relating to these exports.

Based on the violations described above, 3D Systems was assessed a civil penalty in the amount of $2,777,570, that was required to be paid to the U.S. Department of Commerce within 30 days of the date of the Order. 3D Systems shall complete two (2) audits of its export controls compliance program. 3D Systems Corporation is subject to a three-year denial of its export privileges under the EAR. Such denial shall be suspended for a probationary period of three years, and shall thereafter be waived, provided that 3D Systems has made full and timely payment as set forth above, has completed the audits and submitted the audit results as set forth above, and has not committed another violation of EAR or any order, license, or authorization issued under the EAR.

ITAR:

As noted, in October 2017, the Bureau of Industry and Security served a subpoena on 3D Systems seeking information related to potential export violations under the EAR. Following the receipt of the subpoena, 3D Systems expanded the scope of its internal investigation of Quickparts’ handling of export control data, which resulted in the discovery of ITAR violations that 3D Systems disclosed to the Department of State in three disclosures. The violations involved unauthorized exports, reexports, and retransfers of technical data to Germany, Taiwan, and China; unauthorized exports of technical data to foreign person employees (FPEs) from India and the United Kingdom; and a failure to maintain records related to foreign person employees’ and exports of technical data to Germany and China.

3D Systems agreed to pay a civil penalty of $20,000,000 pursuant to the 3 year Consent Agreement with the Department of State. Half of the civil penalty, $10,000,000, will be suspended if 3D Systems uses $10,000,000 for Department of State approved remedial compliance measures to strengthen 3D Systems’ compliance program. 3D Systems will also engage an external Special Compliance officer for at least the first year of the Consent Agreement and will conduct two external audits of its ITAR compliance program and implement additional compliance measures.

From December 2014 to October 2018, 3D Systems stored all employee emails, including Quickparts employee’s email that contained technical data and attachments, on an unencrypted email server located in Germany, which “mirrored” the email exchange server in the United States to provide a back-up system and improve service for users outside of the United States. Through this mirroring process, all email 3D Systems employees sent or received appeared simultaneously on 3D Systems’ U.S. and German email servers. 3D Systems reported that emails on its U.S. and German servers contained technical data controlled under multiple USML Categories, including IV(i), VII(h), VIII(i), XII(f), and XIII(l), for the purpose of providing quotation and manufacturing services for third-party customers and troubleshooting technical issues. As a result of the implementation of this mirroring process, 3D Systems exported without authorization ITAR-controlled technical data to Germany many times when its employees’ emails containing technical data appeared on its German servers.

3D Systems ceased mirroring to the German server of Quickparts’ employee emails in December 2017. However, in addition to Quickparts employees’ emails, emails from employees in other 3D Systems business units were also mirrored to the unencrypted email server in Germany. At the time, Advanced Manufacturing Group (“AMG”) was a business unit within 3D Systems. AMG created benchmarking parts for potential 3D Systems customers in connection with the sale of its 3D printers. As part of the benchmarking process, 3D Systems customers provided AMG with technical data to print test parts so that the customers could evaluate the capabilities of 3D Systems’ printers. Customers occasionally provided ITAR-controlled technical data to AMG as part of their benchmarking requests, including via email. The mirroring continued until October 2018, when 3D Systems fully decommissioned the German server. Thus, until October 1, 2018, 3D Systems automatically backed-up ITAR-controlled technical data included in emails to the unencrypted email server located in Germany, resulting in unauthorized exports. Through the use of this process, 3D Systems, its operating divisions, subsidiaries, and business units, without authorization exported technical data to Germany on multiple additional occasions.

Quickparts’ office in China, assisted Quickparts employees in the United States with obtaining quotations from third-party suppliers in China and managing projects that proceeded from quotation to production. As part of the quotation process, Quickparts employees in the United States provided requests for quotation (RFQs), which included associated technical data received from Quickparts customers in the United States, to Quickparts employees in China without authorization. The Quickparts employees in China retransferred the technical data to third-party suppliers in China for quotations. Also, Quickparts employees in the United States sent RFQs and associated technical data directly to third-party suppliers in China. In some instances, the third-party suppliers in China used the technical data to manufacture ITAR-controlled defense articles. Quickparts exported without authorization technical data controlled under USML Categories IV(i), XII(f), and XIII(l) 36 times and Quickparts China retransferred without authorization technical data 28 times from December 2015 to December 2017.

Quickparts’ offices in China sometimes used overseas third-party suppliers located in countries other than China as part of the quotation process. For example, between June 2017 and April 2018, Quickparts’ offices in China reexported without authorization ITAR-controlled technical data from China to Taiwan. On three such occasions, Quickparts’ offices in China emailed technical data to Idea Development Company in Taiwan.

3D Systems identified two foreign person employees (FPEs) (one each from India and the United Kingdom, respectively) whose job functions required export controlled information which meant 3D Systems/Quickparts had without authorization repeatedly exported ITAR-controlled technical data to the FPEs. The two FPEs were a Sales Manager and a Manufacturing Manager who reviewed ITAR-controlled documents to provide customers and Quickparts personnel with advice regarding the manufacturing options. These two individuals had substantive interactions with ITAR-controlled technical data whenever a customer’s question or production issue was brought to their attention. These activities likely resulted in unauthorized exports of technical data to other foreign persons/entities listed under several USML Categories referenced.

3D Systems failed to produce copies of multiple records related to its ITAR controlled activities that the Department of State requested, which limited the scope of the Department’s investigation. The full scope of 3D System’s, including those of its operating divisions, subsidiaries and business units, unauthorized exports to China and Germany, retransfers within the China, and exports to FPEs is unknown because 3D Systems disclosed that it did not maintain complete records for:
• Unauthorized exports of technical data via email;
• The members of the Quickparts China email distribution list, and thus the number of unauthorized exports and retransfers;
• The nationality of employees who received technical data from customers; and
• The individual use of technical data on company servers because IT systems did not record this information.

As a consequence of not having a central system to transfer RFQs and associated ITAR-controlled technical data within 3D Systems, 3D Systems only has records of the exports of ITAR-controlled technical data in employee emails. Historically, 3D Systems had not implemented a document retention policy with respect to employee emails. In some instances, 3D Systems deleted former employee emails upon their departure or sometime thereafter. 3D Systems identified 30 former employees, approximately 16 percent of the total employees potentially involved in exporting technical data, for whom emails were no longer available for review. The failure to retain these employees’ emails meant 3D Systems did not maintain complete records of all exports to Germany and China these employees made, even though, based on their job duties, they exported technical data to Germany and China.

In addition to the failure to maintain employee emails, any 3D Systems employee with IT credentials had the ability to locate folders containing ITAR technical data, and all users’ credentials permitted them to open and view documents within those folders. 3D Systems identified 65 FPEs who worked for 3D Systems since January l, 2012, and who could have accessed ITAR-controlled technical data due to their IT systems access credentials. 3D Systems’ IT system was not designed to track individual access to technical data. As a result, 3D Systems could not provide records of exports of ITAR-controlled technical data to these FPEs even if, based on their job duties, some exports likely did occur. 3D Systems identified additional business units other than Quickparts and AMG that may have received ITAR-controlled technical data from customers. Specifically, 3D Systems reported that the plastics printer sales team (Plastic Printer Sales) and the software services and technical support teams (Services & Support) on occasion received ITAR-controlled data from potential plastic printer customers and from customers experiencing technical issues with software purchased from 3D Systems. However, while 3D Systems acknowledged that it is likely that the employees of the Plastic Printer Sales and the Services & Support business units had their email mirrored to the German server until October 2018, 3D Systems did not conduct a review for potential ITAR violations because they believed “the risk of controlled data existing in these employees’ email was low, conducting a review of this email was unlikely to uncover potential ITAR violations and therefore did not justify such a burdensome review.”

Department of Justice:

3D Systems agreed to pay the United States up to $4.54 million to resolve allegations that it violated the False Claims Act by improperly transmitting export-controlled technical data to China in violation of the export control laws of the United States in connection with certain NASA and DOD contracts.

Per the terms of a civil settlement executed with the Department of Justice on February 27, 2023, 3D Systems Corporation agreed to pay $2.27 million in restitution to the federal government within 30 days. The company may be required to pay an additional $2.27 million in penalties under the Justice Department settlement agreement, for a total of up to $4.54 million, if it fails to pay at least that amount in civil penalties to the Department of State and the Department of Commerce in connection with the parallel administrative settlements referenced above.

According to the Justice Department Settlement Agreement, 3D Systems, through its Quickparts subsidiary completed on-demand manufacturing projects both directly and indirectly on contracts issued by DOD and NASA, including for projects involving technical or other data potentially classified under and controlled by the International Emergency Economic Powers Act, the Arms Export Control Act, the Export Administration Regulations, and/or the International Traffic in Arms Regulations.

The referenced Export Control Laws prohibit certain controlled items and/or intellectual property from being exported to certain foreign countries, including China, without a license or authorization from the appropriate federal agencies. In the Justice Department settlement agreement, the United States alleged that between January 1, 2012 and December 31, 2017 3D Systems exported certain items and/or intellectual property to China without the appropriate license or authorization in violation of the Export Control Laws in connection with certain contracts issued by DOD and NASA in violation of the False Claims Act. The claims resolved by the settlement are allegations only. There has been no determination of liability.

https://www.pmddtc.state.gov/ddtc_public?id=ddtc_kb_article_page&sys_id=384b968adb3cd30044f9ff621f961941 and https://www.bis.doc.gov/index.php/documents/about-bis/newsroom/press-releases/3233-2023-02-27-3d-press-release/file and https://efoia.bis.doc.gov/index.php/documents/export-violations/export-violations-2023/1468-e2807/file and https://www.justice.gov/usao-ndtx/pr/3d-printing-company-pay-454-million-settle-false-claims-act-allegations-export and https://www.3dsystems.com/press-releases/3d-systems-announces-sale-demand-manufacturing-business

DDTC Announced Today A Temporary Suspension of the ITAR “See-Through Rule” For Certain High Energy Storage Capacitors Described on the USML

ITAR 120.11 (c)[1] pertains to the Order of Review and the Integration of controlled items described on the USML and states:

Defense articles described on the USML are controlled and remain subject to the ITAR following incorporation or integration into any item not described on the USML, unless specifically provided otherwise in this subchapter.

DDTC published the following announcement on their website as a notification to the Industry of temporary suspension of ITAR § 120.11(c) with respect to certain high energy storage capacitors

On November 21, 2022, the Deputy Assistant Secretary of State for Defense Trade Controls temporarily suspended for a period of six (6) months the applicability of § 120.11(c) of the International Traffic in Arms Regulations (ITAR) for certain capacitors described in U.S. Munitions List (USML) Category XI(c)(5).

USML XI(c) (5) controls the following types of capacitors.

(5) High-energy storage capacitors with a repetition rate of 6 discharges or more per minute and full energy life greater than or equal to 10,000 discharges, at greater than 0.2 Amps per Joule peak current, that have any of the following:

(i) Volumetric energy density greater than or equal to 1.5 J/cc; or

(ii) Mass energy density greater than or equal to 1.3 kJ/kg;

The Department assessed that it is in the security and foreign policy interests of the United States to facilitate commercial uses of certain capacitors when integrated into any item not described on the USML (for example, certain items used in energy exploration and commercial aviation).

Accordingly, pursuant to ITAR § 126.2, and the Department’s administration of the Arms Export Control Act (AECA), the Deputy Assistant Secretary of State for Defense Trade Controls ordered the temporary suspension of ITAR § 120.11(c) with respect to capacitors described in USML Category XI(c)(5) that have a voltage rating of one hundred twenty-five volts (125 V) or less and have been integrated into, and included as an integral part of, any item not described on the USML. Such articles are licensed by the Department of Commerce when integrated into and included as an integral part of items subject to the EAR.

This temporary suspension is valid for a period of six months, from November 21, 2022, to May 21, 2023, or when terminated by notice, whichever occurs first.

Capacitors described in USML Category XI(c)(5) remain subject to the controls of the ITAR in all other circumstances, including as stand-alone articles. The export, reexport, retransfer, or temporary import of technical data and defense services directly related to all defense articles described in USML Category XI(c)(5) remain subject to the ITAR.

Any violation of the ITAR, including any violation of the terms and conditions of any export license issued by the Department of State prior to the temporary suspension announced herein, remains a violation of the AECA. The Department of State strongly encourages the industry to disclose unauthorized exports, reexports, retransfers, or temporary imports of defense articles, including the subject capacitors, that occurred prior to this temporary suspension.

Editors comments:

Industry has seen the ITAR See Through rule overcome before. It’s important to follow DOS issuance of CJs and Consent Agreements to get insight into the regulators thinking on export controls of certain items.

Both Boeing and Goodrich incorporated the QRS-11 chip into commercial items, the 777 aircraft, and a flight standby instrument. DDTC awarded them both hefty civil penalties for this action, thus validating the ITAR See-Through Rule’s existence before it was formally adopted into the ITAR in 2022. In the QRS-11 case, after the fines were assessed to Boeing and Goodrich, the regulators incorporated specific exceptions into the ITAR and EAR pertinent to when the QRS-11 chip is installed/integrated into a civil item.

One has to wonder the cause of this suspension and opine there may be a Commodity Jurisdiction Request in process or a compliance case that is causing the regulators to rethink controls for certain high-energy storage capacitors meeting the technical levels noted. Stay tuned for further updates…

This notice also serves as a reminder of the criticality of reviewing your Bill of Materials when manufacturing commercial items to ensure that you don’t trip over the ITAR See-Through Rule.

The U.S. Department Of State, Office Of Defense Trade Controls Issues Two Temporary Open General Licenses That Will Assist Foreign Parties With Retransfers of U.S. Origin ITAR Defense Articles

In an extraordinary announcement announced on July 19, 2022, the U.S. Department of State, Office of Defense Trade Controls Licensing (“ODTCL”) has taken a proactive step in assisting foreign companies in the United Kingdom, Australia, and Canada by issuing two Temporary Open General Licenses (“OGEL”) pursuant to the International Traffic in Arms Regulations (“ITAR”) and ITAR § 126.9(b) authority to authorize the retransfer and reexport of previously authorized and exported defense articles and technical data to and within Australia, Canada, and the UK.

These Temporary OGELs go into effect on August 1, 2022, and expire one year later on July 31, 2023. ODTCL is issuing these OGELs as part of a pilot program to assess the viability and appropriateness of the open general license concept.

OGEL 1 and OGEL 2 only relate to ITAR-controlled defense articles and technical data that were previously authorized for export from the U.S. pursuant to a valid license, agreement, or other authorization and cannot be used as authorization for any exports from the U.S.

OGEL 1 authorizes the retransfer[1] (as defined in § 120.51) of unclassified defense articles to:

The Government of Australia, the Government of Canada, or the Government of the United Kingdom;
Members of the Australian Community as defined in § 126.16(d)[2], at all locations in Australia;
Members of the United Kingdom Community as defined in § 126.l7(d)[3], at all locations in the United Kingdom; or
Canadian-registered persons as defined in § 126.5(b). [4]

OGEL 2 authorizes the reexport[5] (as defined in § 120.19) of unclassified defense articles and technical data between or among:

The Government of Australia, the Government of Canada, or the Government of the United Kingdom;
Members of the Australian Community as defined in § 126.16(d), at all locations in Australia;
Members of the United Kingdom Community as defined in § 126.l 7(d), at all locations in the United Kingdom; or
Canadian-registered persons as defined in § 126.5(b).

The retransfer pursuant to OGEL 1 and the reexport pursuant to OGEL 2 of any unclassified defense articles and technical data to any of the parties listed above for OGEL 1 and OGEL 2, is subject to all the following requirements, limitations, and provisos:

Requirements: The transferor shall:

Comply with the requirements of § 123.9(b)[6];
Maintain the following records for each retransfer/reexport: a description of the defense article, including technical data; the name and address of the recipient and the end-user, and other available contact information (e.g., telephone number and electronic mail address); the name of the natural person responsible for the transaction; the stated end use of the defense article; the date of the transaction; and the method of transfer;
Ensure that such records are available to ODTCL upon request; and
Utilize Open General License No. 1 or Open General License No. 2 as the license or other approval number or exemption citation on all records pertaining to transfer

Limitations and Provisos:

The defense articles and technical data to be retransferred/reexported were originally exported pursuant to a license or other approval issued by ODTCL pursuant to section 38 of the Arms Export Control Act (AECA), the Defense Trade Cooperation Treaty between the United States and Australia (§ 126.16), or the Defense Trade Cooperation Treaty between the United States and the United Kingdom, (§ 126.17);
A defense article or technical data originally exported pursuant to the ITAR’s Foreign Military Sales (“FMS”) exemption at § 126.6(c) may not be retransferred/reexported under OGEL 1 or OGEL 2;
Defense articles and technical data described in § 126.16(a)(5) or § 126. l 7(a)(5) may not be retransferred/reexported under OGEL 1 or OGEL 2;
Defense articles may not be retransferred under OGEL 1 or OGEL 2 if they are listed on the Missile Technology Control Regime (MTCR) Annex or identified as Missile Technology (MT) on the United States Munitions List (USML) in § 121;
Defense articles may not be retransferred/reexported under OGEL 1 or OGEL 2 if they will be used to support the design, development, engineering, manufacture, production, assembly, testing, repair, maintenance, modification, operation, demilitarization, destruction, or processing of a missile, UAV, space-launch vehicle, item listed on the MTCR Annex, or item listed as MT on the USML in § 121;
Technical data may only be retransferred/reexported under OGEL 1 or OGEL 2 for the purpose of organizational-level, intermediate-level, or depot-level maintenance, repair, or storage of a defense article;
Any major defense equipment (as defined in § 120.8)[7] valued (in terms of its original acquisition cost) at $25,000,000 or more and any defense article or related training or other defense service valued (in terms of its original acquisition cost) at $100,000,000 or more, may only be retransferred/reexported under OGEL 1 or OGEL 2 for the purpose of: maintenance, repair, or overhaul defense services, including the repair of defense articles used in furnishing such services, if the retransfer/reexport will not result in any increase in the military capability of the defense articles and services to be maintained, repaired, or overhauled; or a temporary retransfer/reexport of defense articles for the sole purpose of receiving maintenance, repair, or overhaul;
The retransfer/reexport must take place wholly within the physical territory of Australia, Canada, or the United Kingdom;
Any retransfer/reexport of a defense article other than technical data is for end use by, or operation on behalf of, the Government of Australia, the Government of Canada, or the Government of the United Kingdom; and
OGEL 1 or OGEL 2 may not be utilized by persons to whom a presumption of denial is applied by ODTCL pursuant to §§ 120.l(c) or 127.l l(a), including, among other reasons, for past convictions of certain U.S. criminal statutes or because they are otherwise ineligible to contract with or receive an export or import license from an agency of the U.S. Government.

Information regarding OGEL 1 and OGEL 2 can be found on the Department of State’s website at:

https://www.pmddtc.state.gov/ddtc_public?id=ddtc_public_portal_news_and_events

[1] (a) Retransfer, except as set forth in § 120.54, § 126.16 or § 126.17, means:

(1) A change in end use or end user, or a temporary transfer to a third party, of a defense article within the same foreign country; or

(2) A release of technical data to a foreign person who is a citizen or permanent resident of the country where the release or transfer takes place.

[2] (d) Australian Community. For purposes of the exemption provided by this section, the Australian Community consists of:

(1) Government of Australia authorities with entities identified as members of the Approved Community through the DDTC Web site at the time of a transaction under this section; and

(2) The non-governmental Australian entities and facilities identified as members of the Approved Community through the DDTC Web site at the time of a transaction under this section; non-governmental Australian entities and facilities that become ineligible for such membership will be removed from the Australian Community.

[3] (d)^[3] United Kingdom Community. For purposes of the exemption provided by this section, the United Kingdom Community consists of:

(1) Her Majesty's Government entities and facilities identified as members of the Approved Community through the DDTC Web site at the time of a transaction under this section; and

(2) The non-governmental United Kingdom entities and facilities identified as members of the Approved Community through the DDTC Web site (www.pmddtc.state.gov) at the time of a transaction under this section; non-governmental United Kingdom entities and facilities that become ineligible for such membership will be removed from the United Kingdom Community.

[4] For purposes of this section, “Canadian-registered person” is any Canadian national (including Canadian business entities organized under the laws of Canada), a dual citizen of Canada and a third country other than a country listed in § 126.1 of this subchapter, and permanent resident registered in Canada in accordance with the Canadian Defense Production Act, and such other Canadian Crown Corporations identified by the Department of State in a list of such persons publicly available through the Internet website^[4] of the Directorate of Defense Trade Controls and by other means.

[5] (a) Reexport, except as set forth in § 120.54, § 126.16, or § 126.17, means:

(1) An actual shipment or transmission of a defense article from one foreign country to another foreign country, including the sending or taking of a defense article to or from such countries in any manner;

(2) Releasing or otherwise transferring technical data to a foreign person who is a citizen or permanent resident of a country other than the foreign country where the release or transfer takes place (a “deemed reexport”); or

(3) Transferring registration, control, or ownership of any aircraft, vessel, or satellite subject to the ITAR between foreign persons.

(b) Any release outside the United States of technical data to a foreign person is deemed to be a reexport to all countries in which the foreign person has held or holds citizenship or holds permanent residency.

[6] (b) The exporter, U.S. or foreign, must inform the end-user and all consignees that the defense articles being exported are subject to U.S. export laws and regulations as follows:

(1) The exporter must incorporate the following information as an integral part of the commercial invoice, whenever defense articles are to be shipped (exported in tangible form), retransferred (in tangible form), or reexported (in tangible form) pursuant to a license or other approval under this subchapter:

(i) The country of ultimate destination;

(ii) The end-user;

(iii) The license or other approval number or exemption citation; and

(iv) The following statement: “These items are controlled by the U.S. government and authorized for export only to the country of ultimate destination for use by the ultimate consignee or end-user(s) herein identified. They may not be resold, transferred, or otherwise disposed of, to any other country or to any person other than the authorized ultimate consignee or end-user(s), either in their original form or after being incorporated into other items, without first obtaining approval from the U.S. government or as otherwise authorized by U.S. law and regulations.”

[7] Pursuant to section 47(6) of the Arms Export Control Act (22 U.S.C. 2794(6)), major defense equipment means any item of significant military equipment (as defined in § 120.7) on the U.S. Munitions List having a nonrecurring research and development cost of more than $50,000,000 or a total production cost of more than $200,000,000.

The Golden Rule

By Jenny Hahn

President, FD Associates, Inc.

Keysight Technologies, Inc., Enters Into a 3 Year Consent Agreement With DDTC

The U.S. Department of State's Directorate of Defense Trade Controls (DDTC), Office of Defense Trade Controls Compliance (DTCC) has announced that Keysight Technologies, Inc., of Santa Rosa, California ("Keysight"), has entered into a 3-year Consent Agreement to settle allegations that it violated the International Traffic in Arms Regulations (ITAR) in connection with unauthorized exports of technical data, to include software, to various countries, including a proscribed destination. According to the Proposed Charging Letter:

On November 9, 2017, the Office of Defense Trade Controls Policy ("DTCP") raised concern over Keysight's potential misclassification of its Signal Studio for Multi-Emitter Scenario Generation software ("MESG software"). It recommended Keysight submit a CJ to determine the jurisdiction of the software. The MESG software can be used with certain hardware equipment to model and simulate multi-emitter electronic warfare threat scenarios for testing radar equipment on fixed or mobile platforms.
Between December 5, 2015, and April 18, 2018, Keysight exported the MESG software as both trial and full versions of the software. Keysight exported full versions of the software installed on hardware or electronically. Further, Keysight exported trial versions of the software via downloads from their website.
In response to DTCP's recommendation, Keysight submitted CJ-0005-18 on January 4, 2018. On April 27, 2018, DDTC provided Keysight with a determination that the MESG software was controlled under USML Category XI(d) based on the software's direct relation to electronic warfare test sets described by USML Category XI(a)(11).
Between January 9, 2018, and April 18, 2018, while CJ-0005-18 was under review, Keysight exported without authorization the MESG software on eight separate occasions to the PRC, Russia, Japan, Israel, and Canada. Keysight claimed that these exports were based on good faith but misguided belief that the MESG software was not subject to ITAR controls, and once Keysight learned of DDTC's formal CJ determination, it stopped any further unlicensed exports of MESG software and treated MESG software as ITAR controlled.
On May 21, 2018, Keysight submitted an initial disclosure assigned DTCC case number 18-0000493. Subsequently, on July 24, 2018, Keysight submitted its full disclosure in which it disclosed unauthorized exports to multiple countries of its MESG software, as described above. Keysight's disclosure stated the exports of the MESG software were conducted pursuant to the Export Administration Regulations (EAR), under Export Control Classification Number (ECCN)EAR99.
Keysight believed the ITAR jurisdiction was in error, and on August 30, 2018, Keysight appealed CJ-0005-18 by submitting a reconsideration request in accordance with ITAR § 120.4(g), which was assigned CJ-0391-18. On February 13, 2019, DDTC provided Keysight with the determination of CJ-0391-18, reaffirming the determination of CJ-0005-18. DDTC maintained that the MESG software was controlled under USML Category XI(d) based on the software's direct relation to electronic warfare test sets described by USML Category XI(a)(11).

In accordance with the Consent Agreement and Order issued in this matter, Keysight has agreed to the following enforcement measures:

A civil penalty of $6,600,000, with $1,100,000 payable within ten days of signing the Order and $1 million payable each year on the anniversary of the Order for the next three years, the remaining $2.5 million suspended on the condition that Keysight applies the amount to Consent Agreement-authorized remedial compliance costs.
Appointment of an outside Special Compliance Officer in consultation with the Director, DTCC to serve for a minimum of two years, and thereafter Keysight may request that DTCC allow it to substitute an Internal Special Compliance Officer.
Conduct a review within 90 days of the appointment of the Special Compliance Officer to ensure adequate/sufficient resources are dedicated to ITAR Compliance throughout Keysight's ITAR regulated operating divisions, subsidiaries, and business units.
Strengthen compliance policies and procedures within 9 months of the implementation of the consent agreement, including training for persons responsible for supervising Keysight employees and senior managers to ensure they are knowledgeable about the underlying principles of the AECA and ITAR.
Within 12 months, complete a classification review of all hardware and software pertaining to Keysight's ITAR-regulated business activities and any technical data or defense services directly related to such hardware and/or software.
Complete at least one third-party audit conducted within 12 months of the Order. DTCC has the option of requesting additional audits.
Permit on-site reviews by DTCC during the 36 month period.

What is the lesson learned?

Heed the call and follow the GOLDEN RULE.

What is the GOLDEN RULE?

When filing a Commodity Jurisdiction (CJ) request for a product, software, or technology, treat the product, software, or technology as ITAR controlled until the CJ is adjudicated.

When the Office of Defense Trade Controls Policy (DTCP) came knocking raising concerns over the potential misclassification of the Keysight MESG software and recommending the filing of a Commodity Jurisdiction to validate the export jurisdiction and classification of the MESG software, Keysight missed a clear compliance signal regarding how they were and should be treating the export jurisdiction of the MESG software.

The product and software description, available on the Keysight website, describes a software used for signal generation for Electronic Warfare systems, which are sophisticated systems crucial to the U.S. natural security, with clear elaboration in the U.S.M.L. category XI(a)(4) and designated as Significant Military Equipment. Test sets for testing electronic warfare systems and radars are enumerated in USML XI(a)(11). The software which is treated as technical data under the ITAR is classified as USML XI(d).

When Keysight was instructed to file a Commodity Jurisdiction request to receive a formal USG ruling from the Department of State regarding the export jurisdiction and classification of the MESG software, Keysight acted promptly and filed the Commodity Jurisdiction request within 2 months of the DTCP request. But instead of following the GOLDEN RULE of compliance and treating the MESG software as ITAR until formally advised otherwise, they continued to make exports of the MESG software as EAR99.

In doing so, they made exports of an ITAR software to an ITAR 126.1 sanctioned country (China); exports to Russia, when Russia required export licenses and was deemed a very sensitive destination; and made exports to 3 other countries. The DTCC determined that the exports to China and Russia caused harm to the national security of the U.S.

In total, Keysight made unauthorized exports to 17 countries during the 2015 - 2018 period.

DTCC considered the exports as aggravating factors in weighing the 24 violations alleged in the proposed charging letter. Mitigating factors included Keysight's cooperation with DTCC, filing the voluntary disclosure that acknowledged the conduct, implementation of remedial measures, and agreement to toll the statutory time limitations of the review period. Accordingly, DTCC determined it was not appropriate to debar Keysight in addition to the financial and compliance measures required by the consent agreement.

This case highlights the critical and fundamental first step for all exports. Conducting the export jurisdiction and classification analysis. Both at the time of design but on a continued basis, as the export regulations are evolving. While the ITAR and DTCP do not require filing Commodity Jurisdiction requests for each item to be exported, self-classification must follow the Order of Review set out in the ITAR and EAR. If conducted with export control and technical input, the export classification determination should clearly detail the analysis performed and stand the test of a government inquiry.

Keysight is a publicly traded company and a spin-off from Agilent Technologies, which has many ITAR regulated and EAR regulated products. Therefore, it is expected that Keysight had conducted its due diligence in classification and reached a very different conclusion for export control.

Here are the key takeaways:

1) DTCP regularly reviews exporters' websites for products that might be ITAR regulated but not promoted by the exporter as such.

2) If contacted by DTCP and requested to file a CJ, immediately start treating the item as ITAR. Not all CJs result in an ITAR outcome. In fact, at least 60% provide an EAR determination. Voluntary Disclosures can be filed based on the outcome of the CJ if needed.

2) When performing self-classification, exporters should research the Department of State Commodity Jurisdiction (CJ) database (DDTC CJ database) to see if there have been any prior CJs for similar products that would give insight into how the government adjudicated a similar product.

3) When filing a CJ because you are unsure if your product is ITAR or EAR, ALWAYS treat the product as ITAR until the CJ is adjudicated.

4) Self Classification of company products should be periodically reevaluated by compliance personnel, as the ITAR USML and the EAR CCL have undergone an overhaul, thus changing export jurisdiction and export classification of many items.

5) Regular and periodic internal and external audits should review export jurisdiction and classification of products

6) Exporters should never presume that a product, software, or technology, if not ITAR controlled it is EAR99. If a product is truly not ITAR, there may be an applicable ECCN classification on the CCL before reaching EAR99 status.

The Proposed Charging Letter, Consent Agreement, and Order can be found here.

Proposed Charging Letter

Consent Agreement

Order

Should You Be The ITAR Empowered Official?

Jenny Hahn, President

Your company manufactures defense articles and has been told that in order to conduct any international business such as marketing the defense articles or actually making a sale and selling hardware, software or services, you must first be registered with the Department of State as a precursor to applying for any ITAR export license. Then you learn that the company must have someone sign the ITAR license application and that person is called the “ITAR Empowered Official”.

Sounds simple and administrative. Anyone in the company should be able to fulfill this function, right?

Actually, who the company designates as the ITAR Empowered Official is a very important first step in the company trade compliance program. The ITAR Empowered Official is responsible to meet the conditions set forth in the ITAR for this position and in many small companies the ITAR Empowered Official is also responsible for the company trade compliance program.

If you have been “selected” or “volunteered” for the role of ITAR Empowered Official, it is important to first know what the ITAR states your qualifications should be. The Department of State often asks about the qualifications of the persons in your company designated as the trade compliance personnel including the ITAR Empowered Official. Selection is key.

Lets review the ITAR regulation at ITAR 120.25:

§ 120.25 Empowered Official

(a) Empowered Official means a U.S. person who:

(1) Is directly employed by the applicant or a subsidiary in a position having authority for policy or management within the applicant organization; and

(2) Is legally empowered in writing by the applicant to sign license applications or other requests for approval on behalf of the applicant; and

(3) Understands the provisions and requirements of the various export control statutes and regulations, and the criminal liability, civil liability and administrative penalties for violating the Arms Export Control Act and the International Traffic in Arms Regulations; and

(4) Has the independent authority to:

(i) Inquire into any aspect of a proposed export, temporary import, or brokering activity by the applicant;

(ii) Verify the legality of the transaction and the accuracy of the information to be submitted; and

(iii) Refuse to sign any license application or other request for approval without prejudice or other adverse recourse.

Lets analyze each element of the requirements.

U.S. Person – The ITAR defines “Person” as a natural person or a corporation, business association, partnership, society, trust, or any other entity, organization or group, including governmental entities. A U.S. person meets the “Person” definition, and is a citizen of the United States, a lawful permanent resident a.k.a. green card holder or a person here in the US on a protected status (religious or political asylum).

Directly employed by the applicant or a subsidiary – other than stating the obvious, this means that external resources such as your outside counsel, consultant, or past ITAR Empowered official who retires and consults back to the company part time on a 1099, cannot fulfill this role.

In a position having authority for policy or management within the applicant organization - Typically Directors, Managers, Vice Presidents and Presidents are some of the titles associated with the person fulfilling this role. If your title is contracts administrator, shipping clerk, administrative assistant, it suggests that the role you play in the company does not carry the level of responsibility or authority for policy or management to meet the threshold to be designated as the ITAR Empowered Official.

Is legally empowered in writing by the applicant to sign license applications or other requests for approval on behalf of the applicant - A letter is required from the Key Senior Officer (the person who signed the registration statement with the Department of State) to you designating you formally as the company ITAR empowered official. If you are at a subsidiary location, the letter should specify that you are limited to signing authority for your location only. Corporate empowerment letters can simply restate the ITAR definition at §120.25 or they can be more expansive articulating the responsibilities of the ITAR Empowered Official for the company trade compliance program or responsibilities that person may also hold. Each ITAR Empowered Official should maintain this letter in their files, Human Resources should also maintain it in the personnel file and the corporate books should maintain a copy.

Understands the provisions and requirements of the various export control statutes and regulations-

This means the ITAR Empowered Official should be able to do more than spell ITAR! It is expected that you will have had training in the International Traffic In Arms Regulations so that you can assert that you understand the regulations. But that is not enough. The ITAR references various export control statutes and regulations. Related regulations include the Foreign Trade Regulations, which every ITAR hardware export transaction interfaces with; the Office of Foreign Assets Controls, which maintains a list of persons and companies and countries that require separate approvals to make exports to from what the ITAR or EAR may impose; the Foreign Corrupt Practices Act, that prohibits the making of payments or other gifts to influence a sale to a government (bribe); and the Export Administration Regulations that regulates the items that were once ITAR but moved over the last few years as a result of Export Control Reform, along with truly commercial or dual use items. That’s a lot of regulations you should be familiar with!

And the criminal liability, civil liability and administrative penalties for violating the Arms Export Control Act and the International Traffic in Arms Regulations- It is critically important that as the ITAR Empowered Official, you know what the fines and penalties are for willful a.k.a. criminal violations and those unwitting inadvertent mistakes made by the company. The ITAR Empowered Official and the company should understand what the possible outcomes could be for the company and responsible individuals in terms of jail time, denial of export privileges and fines as well as understanding the overall financial costs the company could have as a result of export violations not to mention the potential to lead to repercussions in government contracts including suspension or debarment.

Regular training of the ITAR Empowered Official to understand the civil and criminal penalties is necessary. Penalties are updated on a periodic basis and adjusted for inflation.

Has the independent authority to:

Inquire into any aspect of a proposed export, temporary import, or brokering activity by the applicant -The ITAR Empowered Official should be able to question any functional department personnel about the transaction, including business development, finance, contracts, sales, legal, shipping.
Verify the legality of the transaction and the accuracy of the information to be submitted- The tools and resources should be readily available to the Empowered Official to conduct due diligence and confirm the proposed transaction is a legitimate business dealing with qualified eligible parties.
Refuse to sign any license application or other request for approval without prejudice or other adverse recourse – This means the boss can’t fire the ITAR Empowered Official if the ITAR Empowered Official says I am not comfortable with proceeding based on what I know about this transaction.

Based on the criteria enumerated in the ITAR to fulfill this role, the ITAR Empowered Official should be a person within the company that has knowledge about the regulations, understand the scope of the regulations, the penalties if not abided by, the respect of company employees to follow the ITAR Empowered Official lead and understanding and buy-in by management that no one can override any unfavorable decision made by the ITAR Empowered Official concerning a pending export transaction.

This role is often entered into by employees who are volunteered for the position because they are available or because they heard about the ITAR on their last job. The requirements to fulfill the ITAR Empowered Official position is much more demanding and carries with it significant expectations by the Department of State regarding this responsibility and how the company ensures that it selects qualified candidates. The company is expected to ensure that the ITAR Empowered Official receive regular training regarding the export regulations and criminal and civil penalties.

If you read this article and questioned your qualifications, or thought you might need more training, join us for our ITAR Empowered Official classes in April and November! We discuss in detail the compliance roles ITAR Empowered Officials take on..

Does Your Export Compliance Program Pass Muster?

By: Jenny Hahn, President

Small companies may suddenly find their export compliance programs aren’t up to the expectations of the Departments of State, Directorate of Defense Trade Controls (DDTC) or Commerce, Bureau of Industry and Security (BIS). This is particularly true when you consider the complexity of the Export Control Reform (ECR) initiative, and the significant changes to the US Munitions List (USML) that have occurred or will occur as a result of ECR. Items once controlled under the International Traffic in Arms Regulations (ITAR), may now be controlled under the Export Administration Regulations (EAR), under the so-called “600 Series” ECCNs (Export Control Classification Number), with a totally different set of rules to comply with. Added to that, technical services or assistance related to these now EAR controlled articles may remain controlled under the ITAR, and unknowing For unprepared companies may find their export compliance program woefully deficient.

One of the most common issues small companies face is that the company budget doesn’t provide for dedicated internal export compliance resources and personnel assigned to export compliance may be multi-hatted, and don’t have the time or the right level of training to develop a comprehensive company-wide export compliance program. Often companies only learn that their compliance program is lacking during a US government investigation of matters related to a voluntary disclosure as a result of a violation of the ITAR or the EAR. Below are some examples of things that may require a company to submit a voluntary disclosure:

The company learns the parts it has been exporting without a license for 10 years are regulated by the ITAR and would have required an ITAR license to ship. The company needs to complete the export of the remainder of the hardware on the purchase order and needs an ITAR authorization to do so;
The company has a foreign national employee assigned to perform a manufacturing or engineering related task on an ITAR or EAR 600 series hardware and the company does not have the required authorization from State or Commerce:
The company learns that its domestic supplier of ITAR or 600 series hardware has had the part produced offshore in China or another destination without a ITAR/EAR authorization;
The company learns that the foreign program it has been providing design assistance on involves a platform on the USML or Commerce Control List (CCL) in a 600 series ECCN;
The company is using the cloud for its IT storage and email requirements and learns that its service provider is hosting the data on servers located offshore;
The company learns that its foreign partners on an ITAR TAA (Technical Assistance Agreement) are transferring technical data received from your company to subcontractors that are not listed on the TAA;
The company failed to renew its State Department ITAR registration in a timely manner but continued to make technical data and defense service exports against existing State Department licenses;
The company is notified that it is a named party in another companies voluntary disclosure

How the government agency (State or Commerce) handles that disclosure and determines if it will levy a penalty or whether it will require monitoring or oversight of the company’s activities, can be based in large part, on how the company compliance program is setup and what steps the company undertakes to fix the cause of the violation(s) and prevent future occurrences.

The DDTC and BIS generally require companies to provide their export compliance manuals, policies and procedures as support documents to the corrective actions cited in a voluntary disclosure. Government enforcement and compliance personnel reviewing the disclosure will want information pertaining to training provided to key staff including senior management & compliance personnel as well as relevant departments/persons involved in the violation . Both DDTC and BIS will want to know the specific details on the company’s audit program including internal and external audits, when and where they were last performed and how frequently they are performed.

Where does your company stand with respect to a documented compliance program with processes and procedures, training and internal/external audits? Don’t let your compliance program be implemented via a voluntary disclosure! Taking a proactive stance in establishing all necessary steps to ensure export compliance will help prevent costly mistakes that could lead to fines and sanctions.

Questions and steps to consider:

Does your company have sufficient resources allocated to export compliance?
Are your resources adequately trained in the ITAR and the EAR?
Do you have a good process to determine the correct jurisdiction and classification of your products and technology for export purposes?
Do you have a documented export compliance plan?
Is your compliance plan implemented in the day-to-day processes of the company operations?

Instead of spending dollars on government mandated programs as a result of a voluntary disclosure, why not engage one of our export compliance experts to assist your company with establishing a meaningful export compliance program. We offer customized training programs for all levels within the company. We have baseline export compliance manuals and procedures, ready to be tailored to your company’s specific requirements. We offer one or two day onsite procedure reviews to identify weaknesses in your compliance program and make recommendations for improvement. Call us to find out how FD Associates may assist you.

You can learn more about FD Associates by visiting our website https://fdassociates.net or contacting me at jhahn@fdassociates.net or at 703-847-5801.

Honeywell International, Inc. Reaches 3 Year Consent Agreement With The Department Of State

By Jenny Hahn, President

The U.S. Department of State's Directorate of Defense Trade Controls (DDTC) has announced that Honeywell International, Inc. has entered into a 3 year Consent Agreement to resolve charges that it committed 34 violations of the Arms Export Control Act and the ITAR between July 2011 and July 2018 involving unauthorized exports or retransfers of technical data resulting from the failure to exercise appropriate internal controls.

Alleged Violations:

In December 2015, Honeywell initially disclosed to the Department of State that its Integrated Supply Chain (ISC) organization had sent Requests For Quotation (RFQs) to U.S. and foreign suppliers via its DEXcenter (file exchange program) requesting pricing for parts. The RFQs generally included drawings.

In its initial notice of disclosure Honeywell identified that there had been multiple exports of ITAR-controlled drawings without authorization via DEXcenter to Taiwan and the People's Republic of China (PRC) in July 2015. It was subsequently determined that 51 of the drawings exported had been to unaffiliated suppliers in the PRC, an ITAR sanctioned country. Honeywell had exported 20 of the drawings to its affiliates in the PRC.

In Honeywells' September 2016 filing of the final report regarding the voluntary disclosure, Honeywell informed the Department of State of multiple corrective actions it had taken to prevent the types of violations it disclosed from recurring. The actions included:

1) a mandatory second-level review requirement for all international document transfers through DEXcenter;

2) mandatory training measures to address the risk of human error due to misidentifying export classification or authorizations, especially in the RFQ context; and

3) enhancing DEXcenter to further reduce the risk of human error by limiting the user's ability to select an export authorization that does not match a drawing's export classification and by providing additional warnings, reminders, and training resources and requirements.

By March 2017, based on an internal investigation and additional analysis conducted at the Department of States request, Honeywell ultimately identified 71 ITAR-controlled drawings that had been exported without authorization between July 2011 and October 2015 had exported via DEXcenter to Canada, Ireland, the PRC, and Taiwan, 65 of which form the basis of the alleged violations.

The 71 drawings, which Honeywell identified in its first voluntary disclosure and supplemental correspondence with the Department of State are controlled under Categories VIII(i), XI(d), and XIX(g) of the United States Munitions List (USML), contained engineering prints showing layouts, dimensions, and geometries for manufacturing castings and finished parts for multiple aircraft, military electronics, and gas turbine engines, including the F-35 Joint Strike Fighter, F-22 Aircraft, B-1B Lancer bomber, C-130, A-7H Corsair, A-10 Aircraft, Apache Longbow Helicopter, the M1A1 Abrams Tank, the Tactical Tomahawk Missile and the T55 Turboshaft Engine.

Some of the drawings contained technical data designated as Significant Military Equipment under the ITAR. The SME designation has significance because the USG has determined that special export controls are warranted because of the capacity for substantial military utility or capability.

In October 2018, Honeywell submitted a second voluntary disclosure describing how personnel in the same organization within Honeywell Aerospace, ISC, committed another series of ITAR violations between June and July, 2018 that were similar to the violations disclosed in the first voluntary disclosure.

According to the second voluntary disclosure, a team of ISC personnel invented what Honeywell referred to as "an alternative process, which the team believed complied with export compliance requirements," for soliciting RFQs.

Under the alternative process, ISC personnel either failed to review the export control classifications for multiple technical documents or used a classification analysis method that did not properly categorize the documents as described on either the USML or the Commerce Control List (CCL).

Additionally, ISC personnel without authorization exported technical drawings using a different file exchange tool than DEXcenter called Daptiv. The reasoning for the use of Daptiv was to increase the efficiency and speed of a procurement project.

There were a total of 27 additional exports using this system, 2 to Canada, 2 to the PRC and 23 to Mexico. The drawings were classified on the USML as Category VIII(i) and XIX(g) and contained the same type of information as before for the manufacture of castings and finished parts for the following platforms:

F35 Joint Strike Fighter
F/A-18 Hornet
F135 turboshaft engine
F414 turboshaft engine
T55 turboshaft engine
CTS800 turboshaft engine

Like the first disclosure, some of the drawings contained technical data designated as SME.

Lastly, the two drawings to the PRC was to an employee at one of Honeywells' subsidiaries and that employee retransferred one of the drawings to another employee at its subsidiary in the PRC.

Settlement

(i) Civil penalty of $13,000,00, with $8,000,000 payable in three installments and the remaining $5,000,000 assessed for remedial compliance measures

(ii) appointment of a Special Compliance Officer or Internal Special Compliance Officer

(iii) implementation of an automated export compliance system

(iv) a minimum of one external audit

(v) on-site reviews by DDTC with minimum advance notice, and

(vi) other strengthened makeup Compliance Policies, procedures, and training, including legal department support to all divisions for all matters involving the AECA and the ITAR.

DDTC posted the following documents in connection with this settlement: Draft Charging Letter, Consent Agreement, and Order.

Read each of the documents here

What is the lesson learned?

Beyond the clear national security violations that this case presented because of the exports to China which triggered the fine amount imposed, the voluntary disclosures revealed a startling lack of consideration of export jurisdiction and classification, the failure to follow company guidelines, processes and procedures and that even in the largest of companies exports of technical data via established processes and procedures can go easily go astray.

The most rigorous of processes installed to ensure secure transfer of the companies valued technical data was not a fool proof mechanism and the trade compliance team bears the responsibility to routinely investigate, test and validate exports are compliant to the ITAR or EAR and the associated licensing and other authorizations within the ITAR or EAR.

A lack of detailed training is often attributable to these types of export violations. It is critical for defense contractors, large and small to ensure functional department training is provided along with detailed written processes/work instructions that include specific export compliance obligations for that department to make clear the expectation for the department before they make exports of technical data, controlled or non controlled. Following such training regular auditing of department processes is necessary to validate compliance.

As this case demonstrates it is imperative that all company personnel share the same corporate objective of trade compliance and understanding of all the fundamental elements to export compliance when exporting technical data.

In all instances before company personnel make an export of technical data, they must know export jurisdiction, export classification and licensing responsibilities under the ITAR or the EAR for the release of that data.

Small, medium and large companies all have the same responsibilities and the same risks.

Best practices include (not a comprehensive list)

Dedicated personnel assigned to determine export jurisdiction and export classification for all items or technical data being exported
Having a single point of export for a program, a license or a department that minimizes that number of humans involved in the export of technical data and allows for an assessment whether the technical data is properly within the scope of the export authorization and whether the export classification is correct
Use of secure portal for sharing export controlled data
IT tools that restrict/quarantine exports to China or any other prohibited destination (ITAR 126.1) before release after trade compliance review
Trade compliance follow up on export activity for licensed and non licensed exports made by individual functional departments
Regular audits, both internal and external, of export activities
Follow up of compliance actions resulting from any matter of non compliance
Training, training, training
Employee certifications and acknowledgment of responsibilities
Consequences up to and including termination for violations of the company policies and procedures causing export violations