Consultants Corner Archives - Page 2 of 5

The U.S. Department Of State, Office Of Defense Trade Controls Issues Two Temporary Open General Licenses That Will Assist Foreign Parties With Retransfers of U.S. Origin ITAR Defense Articles

In an extraordinary announcement announced on July 19, 2022, the U.S. Department of State, Office of Defense Trade Controls Licensing (“ODTCL”) has taken a proactive step in assisting foreign companies in the United Kingdom, Australia, and Canada by issuing two Temporary Open General Licenses (“OGEL”) pursuant to the International Traffic in Arms Regulations (“ITAR”) and ITAR § 126.9(b) authority to authorize the retransfer and reexport of previously authorized and exported defense articles and technical data to and within Australia, Canada, and the UK.

These Temporary OGELs go into effect on August 1, 2022, and expire one year later on July 31, 2023. ODTCL is issuing these OGELs as part of a pilot program to assess the viability and appropriateness of the open general license concept.

OGEL 1 and OGEL 2 only relate to ITAR-controlled defense articles and technical data that were previously authorized for export from the U.S. pursuant to a valid license, agreement, or other authorization and cannot be used as authorization for any exports from the U.S.

OGEL 1 authorizes the retransfer[1] (as defined in § 120.51) of unclassified defense articles to:

The Government of Australia, the Government of Canada, or the Government of the United Kingdom;
Members of the Australian Community as defined in § 126.16(d)[2], at all locations in Australia;
Members of the United Kingdom Community as defined in § 126.l7(d)[3], at all locations in the United Kingdom; or
Canadian-registered persons as defined in § 126.5(b). [4]

OGEL 2 authorizes the reexport[5] (as defined in § 120.19) of unclassified defense articles and technical data between or among:

The Government of Australia, the Government of Canada, or the Government of the United Kingdom;
Members of the Australian Community as defined in § 126.16(d), at all locations in Australia;
Members of the United Kingdom Community as defined in § 126.l 7(d), at all locations in the United Kingdom; or
Canadian-registered persons as defined in § 126.5(b).

The retransfer pursuant to OGEL 1 and the reexport pursuant to OGEL 2 of any unclassified defense articles and technical data to any of the parties listed above for OGEL 1 and OGEL 2, is subject to all the following requirements, limitations, and provisos:

Requirements: The transferor shall:

Comply with the requirements of § 123.9(b)[6];
Maintain the following records for each retransfer/reexport: a description of the defense article, including technical data; the name and address of the recipient and the end-user, and other available contact information (e.g., telephone number and electronic mail address); the name of the natural person responsible for the transaction; the stated end use of the defense article; the date of the transaction; and the method of transfer;
Ensure that such records are available to ODTCL upon request; and
Utilize Open General License No. 1 or Open General License No. 2 as the license or other approval number or exemption citation on all records pertaining to transfer

Limitations and Provisos:

The defense articles and technical data to be retransferred/reexported were originally exported pursuant to a license or other approval issued by ODTCL pursuant to section 38 of the Arms Export Control Act (AECA), the Defense Trade Cooperation Treaty between the United States and Australia (§ 126.16), or the Defense Trade Cooperation Treaty between the United States and the United Kingdom, (§ 126.17);
A defense article or technical data originally exported pursuant to the ITAR’s Foreign Military Sales (“FMS”) exemption at § 126.6(c) may not be retransferred/reexported under OGEL 1 or OGEL 2;
Defense articles and technical data described in § 126.16(a)(5) or § 126. l 7(a)(5) may not be retransferred/reexported under OGEL 1 or OGEL 2;
Defense articles may not be retransferred under OGEL 1 or OGEL 2 if they are listed on the Missile Technology Control Regime (MTCR) Annex or identified as Missile Technology (MT) on the United States Munitions List (USML) in § 121;
Defense articles may not be retransferred/reexported under OGEL 1 or OGEL 2 if they will be used to support the design, development, engineering, manufacture, production, assembly, testing, repair, maintenance, modification, operation, demilitarization, destruction, or processing of a missile, UAV, space-launch vehicle, item listed on the MTCR Annex, or item listed as MT on the USML in § 121;
Technical data may only be retransferred/reexported under OGEL 1 or OGEL 2 for the purpose of organizational-level, intermediate-level, or depot-level maintenance, repair, or storage of a defense article;
Any major defense equipment (as defined in § 120.8)[7] valued (in terms of its original acquisition cost) at $25,000,000 or more and any defense article or related training or other defense service valued (in terms of its original acquisition cost) at $100,000,000 or more, may only be retransferred/reexported under OGEL 1 or OGEL 2 for the purpose of: maintenance, repair, or overhaul defense services, including the repair of defense articles used in furnishing such services, if the retransfer/reexport will not result in any increase in the military capability of the defense articles and services to be maintained, repaired, or overhauled; or a temporary retransfer/reexport of defense articles for the sole purpose of receiving maintenance, repair, or overhaul;
The retransfer/reexport must take place wholly within the physical territory of Australia, Canada, or the United Kingdom;
Any retransfer/reexport of a defense article other than technical data is for end use by, or operation on behalf of, the Government of Australia, the Government of Canada, or the Government of the United Kingdom; and
OGEL 1 or OGEL 2 may not be utilized by persons to whom a presumption of denial is applied by ODTCL pursuant to §§ 120.l(c) or 127.l l(a), including, among other reasons, for past convictions of certain U.S. criminal statutes or because they are otherwise ineligible to contract with or receive an export or import license from an agency of the U.S. Government.

Information regarding OGEL 1 and OGEL 2 can be found on the Department of State’s website at:

https://www.pmddtc.state.gov/ddtc_public?id=ddtc_public_portal_news_and_events

[1] (a) Retransfer, except as set forth in § 120.54, § 126.16 or § 126.17, means:

(1) A change in end use or end user, or a temporary transfer to a third party, of a defense article within the same foreign country; or

(2) A release of technical data to a foreign person who is a citizen or permanent resident of the country where the release or transfer takes place.

[2] (d) Australian Community. For purposes of the exemption provided by this section, the Australian Community consists of:

(1) Government of Australia authorities with entities identified as members of the Approved Community through the DDTC Web site at the time of a transaction under this section; and

(2) The non-governmental Australian entities and facilities identified as members of the Approved Community through the DDTC Web site at the time of a transaction under this section; non-governmental Australian entities and facilities that become ineligible for such membership will be removed from the Australian Community.

[3] (d)^[3] United Kingdom Community. For purposes of the exemption provided by this section, the United Kingdom Community consists of:

(1) Her Majesty's Government entities and facilities identified as members of the Approved Community through the DDTC Web site at the time of a transaction under this section; and

(2) The non-governmental United Kingdom entities and facilities identified as members of the Approved Community through the DDTC Web site (www.pmddtc.state.gov) at the time of a transaction under this section; non-governmental United Kingdom entities and facilities that become ineligible for such membership will be removed from the United Kingdom Community.

[4] For purposes of this section, “Canadian-registered person” is any Canadian national (including Canadian business entities organized under the laws of Canada), a dual citizen of Canada and a third country other than a country listed in § 126.1 of this subchapter, and permanent resident registered in Canada in accordance with the Canadian Defense Production Act, and such other Canadian Crown Corporations identified by the Department of State in a list of such persons publicly available through the Internet website^[4] of the Directorate of Defense Trade Controls and by other means.

[5] (a) Reexport, except as set forth in § 120.54, § 126.16, or § 126.17, means:

(1) An actual shipment or transmission of a defense article from one foreign country to another foreign country, including the sending or taking of a defense article to or from such countries in any manner;

(2) Releasing or otherwise transferring technical data to a foreign person who is a citizen or permanent resident of a country other than the foreign country where the release or transfer takes place (a “deemed reexport”); or

(3) Transferring registration, control, or ownership of any aircraft, vessel, or satellite subject to the ITAR between foreign persons.

(b) Any release outside the United States of technical data to a foreign person is deemed to be a reexport to all countries in which the foreign person has held or holds citizenship or holds permanent residency.

[6] (b) The exporter, U.S. or foreign, must inform the end-user and all consignees that the defense articles being exported are subject to U.S. export laws and regulations as follows:

(1) The exporter must incorporate the following information as an integral part of the commercial invoice, whenever defense articles are to be shipped (exported in tangible form), retransferred (in tangible form), or reexported (in tangible form) pursuant to a license or other approval under this subchapter:

(i) The country of ultimate destination;

(ii) The end-user;

(iii) The license or other approval number or exemption citation; and

(iv) The following statement: “These items are controlled by the U.S. government and authorized for export only to the country of ultimate destination for use by the ultimate consignee or end-user(s) herein identified. They may not be resold, transferred, or otherwise disposed of, to any other country or to any person other than the authorized ultimate consignee or end-user(s), either in their original form or after being incorporated into other items, without first obtaining approval from the U.S. government or as otherwise authorized by U.S. law and regulations.”

[7] Pursuant to section 47(6) of the Arms Export Control Act (22 U.S.C. 2794(6)), major defense equipment means any item of significant military equipment (as defined in § 120.7) on the U.S. Munitions List having a nonrecurring research and development cost of more than $50,000,000 or a total production cost of more than $200,000,000.

The U.S. Department Of State, Office Of Defense Trade Controls Issues Two Temporary Open General Licenses That Will Assist Foreign Parties With Retransfers of U.S. Origin ITAR Defense Articles Read More »

The Golden Rule

By Jenny Hahn

President, FD Associates, Inc.

Keysight Technologies, Inc., Enters Into a 3 Year Consent Agreement With DDTC

The U.S. Department of State's Directorate of Defense Trade Controls (DDTC), Office of Defense Trade Controls Compliance (DTCC) has announced that Keysight Technologies, Inc., of Santa Rosa, California ("Keysight"), has entered into a 3-year Consent Agreement to settle allegations that it violated the International Traffic in Arms Regulations (ITAR) in connection with unauthorized exports of technical data, to include software, to various countries, including a proscribed destination. According to the Proposed Charging Letter:

On November 9, 2017, the Office of Defense Trade Controls Policy ("DTCP") raised concern over Keysight's potential misclassification of its Signal Studio for Multi-Emitter Scenario Generation software ("MESG software"). It recommended Keysight submit a CJ to determine the jurisdiction of the software. The MESG software can be used with certain hardware equipment to model and simulate multi-emitter electronic warfare threat scenarios for testing radar equipment on fixed or mobile platforms.
Between December 5, 2015, and April 18, 2018, Keysight exported the MESG software as both trial and full versions of the software. Keysight exported full versions of the software installed on hardware or electronically. Further, Keysight exported trial versions of the software via downloads from their website.
In response to DTCP's recommendation, Keysight submitted CJ-0005-18 on January 4, 2018. On April 27, 2018, DDTC provided Keysight with a determination that the MESG software was controlled under USML Category XI(d) based on the software's direct relation to electronic warfare test sets described by USML Category XI(a)(11).
Between January 9, 2018, and April 18, 2018, while CJ-0005-18 was under review, Keysight exported without authorization the MESG software on eight separate occasions to the PRC, Russia, Japan, Israel, and Canada. Keysight claimed that these exports were based on good faith but misguided belief that the MESG software was not subject to ITAR controls, and once Keysight learned of DDTC's formal CJ determination, it stopped any further unlicensed exports of MESG software and treated MESG software as ITAR controlled.
On May 21, 2018, Keysight submitted an initial disclosure assigned DTCC case number 18-0000493. Subsequently, on July 24, 2018, Keysight submitted its full disclosure in which it disclosed unauthorized exports to multiple countries of its MESG software, as described above. Keysight's disclosure stated the exports of the MESG software were conducted pursuant to the Export Administration Regulations (EAR), under Export Control Classification Number (ECCN)EAR99.
Keysight believed the ITAR jurisdiction was in error, and on August 30, 2018, Keysight appealed CJ-0005-18 by submitting a reconsideration request in accordance with ITAR § 120.4(g), which was assigned CJ-0391-18. On February 13, 2019, DDTC provided Keysight with the determination of CJ-0391-18, reaffirming the determination of CJ-0005-18. DDTC maintained that the MESG software was controlled under USML Category XI(d) based on the software's direct relation to electronic warfare test sets described by USML Category XI(a)(11).

In accordance with the Consent Agreement and Order issued in this matter, Keysight has agreed to the following enforcement measures:

A civil penalty of $6,600,000, with $1,100,000 payable within ten days of signing the Order and $1 million payable each year on the anniversary of the Order for the next three years, the remaining $2.5 million suspended on the condition that Keysight applies the amount to Consent Agreement-authorized remedial compliance costs.
Appointment of an outside Special Compliance Officer in consultation with the Director, DTCC to serve for a minimum of two years, and thereafter Keysight may request that DTCC allow it to substitute an Internal Special Compliance Officer.
Conduct a review within 90 days of the appointment of the Special Compliance Officer to ensure adequate/sufficient resources are dedicated to ITAR Compliance throughout Keysight's ITAR regulated operating divisions, subsidiaries, and business units.
Strengthen compliance policies and procedures within 9 months of the implementation of the consent agreement, including training for persons responsible for supervising Keysight employees and senior managers to ensure they are knowledgeable about the underlying principles of the AECA and ITAR.
Within 12 months, complete a classification review of all hardware and software pertaining to Keysight's ITAR-regulated business activities and any technical data or defense services directly related to such hardware and/or software.
Complete at least one third-party audit conducted within 12 months of the Order. DTCC has the option of requesting additional audits.
Permit on-site reviews by DTCC during the 36 month period.

What is the lesson learned?

Heed the call and follow the GOLDEN RULE.

What is the GOLDEN RULE?

When filing a Commodity Jurisdiction (CJ) request for a product, software, or technology, treat the product, software, or technology as ITAR controlled until the CJ is adjudicated.

When the Office of Defense Trade Controls Policy (DTCP) came knocking raising concerns over the potential misclassification of the Keysight MESG software and recommending the filing of a Commodity Jurisdiction to validate the export jurisdiction and classification of the MESG software, Keysight missed a clear compliance signal regarding how they were and should be treating the export jurisdiction of the MESG software.

The product and software description, available on the Keysight website, describes a software used for signal generation for Electronic Warfare systems, which are sophisticated systems crucial to the U.S. natural security, with clear elaboration in the U.S.M.L. category XI(a)(4) and designated as Significant Military Equipment. Test sets for testing electronic warfare systems and radars are enumerated in USML XI(a)(11). The software which is treated as technical data under the ITAR is classified as USML XI(d).

When Keysight was instructed to file a Commodity Jurisdiction request to receive a formal USG ruling from the Department of State regarding the export jurisdiction and classification of the MESG software, Keysight acted promptly and filed the Commodity Jurisdiction request within 2 months of the DTCP request. But instead of following the GOLDEN RULE of compliance and treating the MESG software as ITAR until formally advised otherwise, they continued to make exports of the MESG software as EAR99.

In doing so, they made exports of an ITAR software to an ITAR 126.1 sanctioned country (China); exports to Russia, when Russia required export licenses and was deemed a very sensitive destination; and made exports to 3 other countries. The DTCC determined that the exports to China and Russia caused harm to the national security of the U.S.

In total, Keysight made unauthorized exports to 17 countries during the 2015 - 2018 period.

DTCC considered the exports as aggravating factors in weighing the 24 violations alleged in the proposed charging letter. Mitigating factors included Keysight's cooperation with DTCC, filing the voluntary disclosure that acknowledged the conduct, implementation of remedial measures, and agreement to toll the statutory time limitations of the review period. Accordingly, DTCC determined it was not appropriate to debar Keysight in addition to the financial and compliance measures required by the consent agreement.

This case highlights the critical and fundamental first step for all exports. Conducting the export jurisdiction and classification analysis. Both at the time of design but on a continued basis, as the export regulations are evolving. While the ITAR and DTCP do not require filing Commodity Jurisdiction requests for each item to be exported, self-classification must follow the Order of Review set out in the ITAR and EAR. If conducted with export control and technical input, the export classification determination should clearly detail the analysis performed and stand the test of a government inquiry.

Keysight is a publicly traded company and a spin-off from Agilent Technologies, which has many ITAR regulated and EAR regulated products. Therefore, it is expected that Keysight had conducted its due diligence in classification and reached a very different conclusion for export control.

Here are the key takeaways:

1) DTCP regularly reviews exporters' websites for products that might be ITAR regulated but not promoted by the exporter as such.

2) If contacted by DTCP and requested to file a CJ, immediately start treating the item as ITAR. Not all CJs result in an ITAR outcome. In fact, at least 60% provide an EAR determination. Voluntary Disclosures can be filed based on the outcome of the CJ if needed.

2) When performing self-classification, exporters should research the Department of State Commodity Jurisdiction (CJ) database (DDTC CJ database) to see if there have been any prior CJs for similar products that would give insight into how the government adjudicated a similar product.

3) When filing a CJ because you are unsure if your product is ITAR or EAR, ALWAYS treat the product as ITAR until the CJ is adjudicated.

4) Self Classification of company products should be periodically reevaluated by compliance personnel, as the ITAR USML and the EAR CCL have undergone an overhaul, thus changing export jurisdiction and export classification of many items.

5) Regular and periodic internal and external audits should review export jurisdiction and classification of products

6) Exporters should never presume that a product, software, or technology, if not ITAR controlled it is EAR99. If a product is truly not ITAR, there may be an applicable ECCN classification on the CCL before reaching EAR99 status.

The Proposed Charging Letter, Consent Agreement, and Order can be found here.

Proposed Charging Letter

Consent Agreement

Order

The Golden Rule Read More »

Should You Be The ITAR Empowered Official?

Jenny Hahn, President

Your company manufactures defense articles and has been told that in order to conduct any international business such as marketing the defense articles or actually making a sale and selling hardware, software or services, you must first be registered with the Department of State as a precursor to applying for any ITAR export license. Then you learn that the company must have someone sign the ITAR license application and that person is called the “ITAR Empowered Official”.

Sounds simple and administrative. Anyone in the company should be able to fulfill this function, right?

Actually, who the company designates as the ITAR Empowered Official is a very important first step in the company trade compliance program. The ITAR Empowered Official is responsible to meet the conditions set forth in the ITAR for this position and in many small companies the ITAR Empowered Official is also responsible for the company trade compliance program.

If you have been “selected” or “volunteered” for the role of ITAR Empowered Official, it is important to first know what the ITAR states your qualifications should be. The Department of State often asks about the qualifications of the persons in your company designated as the trade compliance personnel including the ITAR Empowered Official. Selection is key.

Lets review the ITAR regulation at ITAR 120.25:

§ 120.25 Empowered Official

(a) Empowered Official means a U.S. person who:

(1) Is directly employed by the applicant or a subsidiary in a position having authority for policy or management within the applicant organization; and

(2) Is legally empowered in writing by the applicant to sign license applications or other requests for approval on behalf of the applicant; and

(3) Understands the provisions and requirements of the various export control statutes and regulations, and the criminal liability, civil liability and administrative penalties for violating the Arms Export Control Act and the International Traffic in Arms Regulations; and

(4) Has the independent authority to:

(i) Inquire into any aspect of a proposed export, temporary import, or brokering activity by the applicant;

(ii) Verify the legality of the transaction and the accuracy of the information to be submitted; and

(iii) Refuse to sign any license application or other request for approval without prejudice or other adverse recourse.

Lets analyze each element of the requirements.

U.S. Person – The ITAR defines “Person” as a natural person or a corporation, business association, partnership, society, trust, or any other entity, organization or group, including governmental entities. A U.S. person meets the “Person” definition, and is a citizen of the United States, a lawful permanent resident a.k.a. green card holder or a person here in the US on a protected status (religious or political asylum).

Directly employed by the applicant or a subsidiary – other than stating the obvious, this means that external resources such as your outside counsel, consultant, or past ITAR Empowered official who retires and consults back to the company part time on a 1099, cannot fulfill this role.

In a position having authority for policy or management within the applicant organization - Typically Directors, Managers, Vice Presidents and Presidents are some of the titles associated with the person fulfilling this role. If your title is contracts administrator, shipping clerk, administrative assistant, it suggests that the role you play in the company does not carry the level of responsibility or authority for policy or management to meet the threshold to be designated as the ITAR Empowered Official.

Is legally empowered in writing by the applicant to sign license applications or other requests for approval on behalf of the applicant - A letter is required from the Key Senior Officer (the person who signed the registration statement with the Department of State) to you designating you formally as the company ITAR empowered official. If you are at a subsidiary location, the letter should specify that you are limited to signing authority for your location only. Corporate empowerment letters can simply restate the ITAR definition at §120.25 or they can be more expansive articulating the responsibilities of the ITAR Empowered Official for the company trade compliance program or responsibilities that person may also hold. Each ITAR Empowered Official should maintain this letter in their files, Human Resources should also maintain it in the personnel file and the corporate books should maintain a copy.

Understands the provisions and requirements of the various export control statutes and regulations-

This means the ITAR Empowered Official should be able to do more than spell ITAR! It is expected that you will have had training in the International Traffic In Arms Regulations so that you can assert that you understand the regulations. But that is not enough. The ITAR references various export control statutes and regulations. Related regulations include the Foreign Trade Regulations, which every ITAR hardware export transaction interfaces with; the Office of Foreign Assets Controls, which maintains a list of persons and companies and countries that require separate approvals to make exports to from what the ITAR or EAR may impose; the Foreign Corrupt Practices Act, that prohibits the making of payments or other gifts to influence a sale to a government (bribe); and the Export Administration Regulations that regulates the items that were once ITAR but moved over the last few years as a result of Export Control Reform, along with truly commercial or dual use items. That’s a lot of regulations you should be familiar with!

And the criminal liability, civil liability and administrative penalties for violating the Arms Export Control Act and the International Traffic in Arms Regulations- It is critically important that as the ITAR Empowered Official, you know what the fines and penalties are for willful a.k.a. criminal violations and those unwitting inadvertent mistakes made by the company. The ITAR Empowered Official and the company should understand what the possible outcomes could be for the company and responsible individuals in terms of jail time, denial of export privileges and fines as well as understanding the overall financial costs the company could have as a result of export violations not to mention the potential to lead to repercussions in government contracts including suspension or debarment.

Regular training of the ITAR Empowered Official to understand the civil and criminal penalties is necessary. Penalties are updated on a periodic basis and adjusted for inflation.

Has the independent authority to:

Inquire into any aspect of a proposed export, temporary import, or brokering activity by the applicant -The ITAR Empowered Official should be able to question any functional department personnel about the transaction, including business development, finance, contracts, sales, legal, shipping.
Verify the legality of the transaction and the accuracy of the information to be submitted- The tools and resources should be readily available to the Empowered Official to conduct due diligence and confirm the proposed transaction is a legitimate business dealing with qualified eligible parties.
Refuse to sign any license application or other request for approval without prejudice or other adverse recourse – This means the boss can’t fire the ITAR Empowered Official if the ITAR Empowered Official says I am not comfortable with proceeding based on what I know about this transaction.

Based on the criteria enumerated in the ITAR to fulfill this role, the ITAR Empowered Official should be a person within the company that has knowledge about the regulations, understand the scope of the regulations, the penalties if not abided by, the respect of company employees to follow the ITAR Empowered Official lead and understanding and buy-in by management that no one can override any unfavorable decision made by the ITAR Empowered Official concerning a pending export transaction.

This role is often entered into by employees who are volunteered for the position because they are available or because they heard about the ITAR on their last job. The requirements to fulfill the ITAR Empowered Official position is much more demanding and carries with it significant expectations by the Department of State regarding this responsibility and how the company ensures that it selects qualified candidates. The company is expected to ensure that the ITAR Empowered Official receive regular training regarding the export regulations and criminal and civil penalties.

If you read this article and questioned your qualifications, or thought you might need more training, join us for our ITAR Empowered Official classes in April and November! We discuss in detail the compliance roles ITAR Empowered Officials take on..

Should You Be The ITAR Empowered Official? Read More »

Does Your Export Compliance Program Pass Muster?

By: Jenny Hahn, President

Small companies may suddenly find their export compliance programs aren’t up to the expectations of the Departments of State, Directorate of Defense Trade Controls (DDTC) or Commerce, Bureau of Industry and Security (BIS). This is particularly true when you consider the complexity of the Export Control Reform (ECR) initiative, and the significant changes to the US Munitions List (USML) that have occurred or will occur as a result of ECR. Items once controlled under the International Traffic in Arms Regulations (ITAR), may now be controlled under the Export Administration Regulations (EAR), under the so-called “600 Series” ECCNs (Export Control Classification Number), with a totally different set of rules to comply with. Added to that, technical services or assistance related to these now EAR controlled articles may remain controlled under the ITAR, and unknowing For unprepared companies may find their export compliance program woefully deficient.

One of the most common issues small companies face is that the company budget doesn’t provide for dedicated internal export compliance resources and personnel assigned to export compliance may be multi-hatted, and don’t have the time or the right level of training to develop a comprehensive company-wide export compliance program. Often companies only learn that their compliance program is lacking during a US government investigation of matters related to a voluntary disclosure as a result of a violation of the ITAR or the EAR. Below are some examples of things that may require a company to submit a voluntary disclosure:

The company learns the parts it has been exporting without a license for 10 years are regulated by the ITAR and would have required an ITAR license to ship. The company needs to complete the export of the remainder of the hardware on the purchase order and needs an ITAR authorization to do so;
The company has a foreign national employee assigned to perform a manufacturing or engineering related task on an ITAR or EAR 600 series hardware and the company does not have the required authorization from State or Commerce:
The company learns that its domestic supplier of ITAR or 600 series hardware has had the part produced offshore in China or another destination without a ITAR/EAR authorization;
The company learns that the foreign program it has been providing design assistance on involves a platform on the USML or Commerce Control List (CCL) in a 600 series ECCN;
The company is using the cloud for its IT storage and email requirements and learns that its service provider is hosting the data on servers located offshore;
The company learns that its foreign partners on an ITAR TAA (Technical Assistance Agreement) are transferring technical data received from your company to subcontractors that are not listed on the TAA;
The company failed to renew its State Department ITAR registration in a timely manner but continued to make technical data and defense service exports against existing State Department licenses;
The company is notified that it is a named party in another companies voluntary disclosure

How the government agency (State or Commerce) handles that disclosure and determines if it will levy a penalty or whether it will require monitoring or oversight of the company’s activities, can be based in large part, on how the company compliance program is setup and what steps the company undertakes to fix the cause of the violation(s) and prevent future occurrences.

The DDTC and BIS generally require companies to provide their export compliance manuals, policies and procedures as support documents to the corrective actions cited in a voluntary disclosure. Government enforcement and compliance personnel reviewing the disclosure will want information pertaining to training provided to key staff including senior management & compliance personnel as well as relevant departments/persons involved in the violation . Both DDTC and BIS will want to know the specific details on the company’s audit program including internal and external audits, when and where they were last performed and how frequently they are performed.

Where does your company stand with respect to a documented compliance program with processes and procedures, training and internal/external audits? Don’t let your compliance program be implemented via a voluntary disclosure! Taking a proactive stance in establishing all necessary steps to ensure export compliance will help prevent costly mistakes that could lead to fines and sanctions.

Questions and steps to consider:

Does your company have sufficient resources allocated to export compliance?
Are your resources adequately trained in the ITAR and the EAR?
Do you have a good process to determine the correct jurisdiction and classification of your products and technology for export purposes?
Do you have a documented export compliance plan?
Is your compliance plan implemented in the day-to-day processes of the company operations?

Instead of spending dollars on government mandated programs as a result of a voluntary disclosure, why not engage one of our export compliance experts to assist your company with establishing a meaningful export compliance program. We offer customized training programs for all levels within the company. We have baseline export compliance manuals and procedures, ready to be tailored to your company’s specific requirements. We offer one or two day onsite procedure reviews to identify weaknesses in your compliance program and make recommendations for improvement. Call us to find out how FD Associates may assist you.

You can learn more about FD Associates by visiting our website https://fdassociates.net or contacting me at jhahn@fdassociates.net or at 703-847-5801.

Does Your Export Compliance Program Pass Muster? Read More »

Honeywell International, Inc. Reaches 3 Year Consent Agreement With The Department Of State

By Jenny Hahn, President

The U.S. Department of State's Directorate of Defense Trade Controls (DDTC) has announced that Honeywell International, Inc. has entered into a 3 year Consent Agreement to resolve charges that it committed 34 violations of the Arms Export Control Act and the ITAR between July 2011 and July 2018 involving unauthorized exports or retransfers of technical data resulting from the failure to exercise appropriate internal controls.

Alleged Violations:

In December 2015, Honeywell initially disclosed to the Department of State that its Integrated Supply Chain (ISC) organization had sent Requests For Quotation (RFQs) to U.S. and foreign suppliers via its DEXcenter (file exchange program) requesting pricing for parts. The RFQs generally included drawings.

In its initial notice of disclosure Honeywell identified that there had been multiple exports of ITAR-controlled drawings without authorization via DEXcenter to Taiwan and the People's Republic of China (PRC) in July 2015. It was subsequently determined that 51 of the drawings exported had been to unaffiliated suppliers in the PRC, an ITAR sanctioned country. Honeywell had exported 20 of the drawings to its affiliates in the PRC.

In Honeywells' September 2016 filing of the final report regarding the voluntary disclosure, Honeywell informed the Department of State of multiple corrective actions it had taken to prevent the types of violations it disclosed from recurring. The actions included:

1) a mandatory second-level review requirement for all international document transfers through DEXcenter;

2) mandatory training measures to address the risk of human error due to misidentifying export classification or authorizations, especially in the RFQ context; and

3) enhancing DEXcenter to further reduce the risk of human error by limiting the user's ability to select an export authorization that does not match a drawing's export classification and by providing additional warnings, reminders, and training resources and requirements.

By March 2017, based on an internal investigation and additional analysis conducted at the Department of States request, Honeywell ultimately identified 71 ITAR-controlled drawings that had been exported without authorization between July 2011 and October 2015 had exported via DEXcenter to Canada, Ireland, the PRC, and Taiwan, 65 of which form the basis of the alleged violations.

The 71 drawings, which Honeywell identified in its first voluntary disclosure and supplemental correspondence with the Department of State are controlled under Categories VIII(i), XI(d), and XIX(g) of the United States Munitions List (USML), contained engineering prints showing layouts, dimensions, and geometries for manufacturing castings and finished parts for multiple aircraft, military electronics, and gas turbine engines, including the F-35 Joint Strike Fighter, F-22 Aircraft, B-1B Lancer bomber, C-130, A-7H Corsair, A-10 Aircraft, Apache Longbow Helicopter, the M1A1 Abrams Tank, the Tactical Tomahawk Missile and the T55 Turboshaft Engine.

Some of the drawings contained technical data designated as Significant Military Equipment under the ITAR. The SME designation has significance because the USG has determined that special export controls are warranted because of the capacity for substantial military utility or capability.

In October 2018, Honeywell submitted a second voluntary disclosure describing how personnel in the same organization within Honeywell Aerospace, ISC, committed another series of ITAR violations between June and July, 2018 that were similar to the violations disclosed in the first voluntary disclosure.

According to the second voluntary disclosure, a team of ISC personnel invented what Honeywell referred to as "an alternative process, which the team believed complied with export compliance requirements," for soliciting RFQs.

Under the alternative process, ISC personnel either failed to review the export control classifications for multiple technical documents or used a classification analysis method that did not properly categorize the documents as described on either the USML or the Commerce Control List (CCL).

Additionally, ISC personnel without authorization exported technical drawings using a different file exchange tool than DEXcenter called Daptiv. The reasoning for the use of Daptiv was to increase the efficiency and speed of a procurement project.

There were a total of 27 additional exports using this system, 2 to Canada, 2 to the PRC and 23 to Mexico. The drawings were classified on the USML as Category VIII(i) and XIX(g) and contained the same type of information as before for the manufacture of castings and finished parts for the following platforms:

F35 Joint Strike Fighter
F/A-18 Hornet
F135 turboshaft engine
F414 turboshaft engine
T55 turboshaft engine
CTS800 turboshaft engine

Like the first disclosure, some of the drawings contained technical data designated as SME.

Lastly, the two drawings to the PRC was to an employee at one of Honeywells' subsidiaries and that employee retransferred one of the drawings to another employee at its subsidiary in the PRC.

Settlement

(i) Civil penalty of $13,000,00, with $8,000,000 payable in three installments and the remaining $5,000,000 assessed for remedial compliance measures

(ii) appointment of a Special Compliance Officer or Internal Special Compliance Officer

(iii) implementation of an automated export compliance system

(iv) a minimum of one external audit

(v) on-site reviews by DDTC with minimum advance notice, and

(vi) other strengthened makeup Compliance Policies, procedures, and training, including legal department support to all divisions for all matters involving the AECA and the ITAR.

DDTC posted the following documents in connection with this settlement: Draft Charging Letter, Consent Agreement, and Order.

Read each of the documents here

What is the lesson learned?

Beyond the clear national security violations that this case presented because of the exports to China which triggered the fine amount imposed, the voluntary disclosures revealed a startling lack of consideration of export jurisdiction and classification, the failure to follow company guidelines, processes and procedures and that even in the largest of companies exports of technical data via established processes and procedures can go easily go astray.

The most rigorous of processes installed to ensure secure transfer of the companies valued technical data was not a fool proof mechanism and the trade compliance team bears the responsibility to routinely investigate, test and validate exports are compliant to the ITAR or EAR and the associated licensing and other authorizations within the ITAR or EAR.

A lack of detailed training is often attributable to these types of export violations. It is critical for defense contractors, large and small to ensure functional department training is provided along with detailed written processes/work instructions that include specific export compliance obligations for that department to make clear the expectation for the department before they make exports of technical data, controlled or non controlled. Following such training regular auditing of department processes is necessary to validate compliance.

As this case demonstrates it is imperative that all company personnel share the same corporate objective of trade compliance and understanding of all the fundamental elements to export compliance when exporting technical data.

In all instances before company personnel make an export of technical data, they must know export jurisdiction, export classification and licensing responsibilities under the ITAR or the EAR for the release of that data.

Small, medium and large companies all have the same responsibilities and the same risks.

Best practices include (not a comprehensive list)

Dedicated personnel assigned to determine export jurisdiction and export classification for all items or technical data being exported
Having a single point of export for a program, a license or a department that minimizes that number of humans involved in the export of technical data and allows for an assessment whether the technical data is properly within the scope of the export authorization and whether the export classification is correct
Use of secure portal for sharing export controlled data
IT tools that restrict/quarantine exports to China or any other prohibited destination (ITAR 126.1) before release after trade compliance review
Trade compliance follow up on export activity for licensed and non licensed exports made by individual functional departments
Regular audits, both internal and external, of export activities
Follow up of compliance actions resulting from any matter of non compliance
Training, training, training
Employee certifications and acknowledgment of responsibilities
Consequences up to and including termination for violations of the company policies and procedures causing export violations

Honeywell International, Inc. Reaches 3 Year Consent Agreement With The Department Of State Read More »

To Register Or Not, That Is The Question

By Jenny Hahn, President

Do I need to register or maintain registration with the Department of State (“DOS”)? Companies may find themselves asking this question, as a result of Export Control Reform. There are several factors to consider before deciding that your company should or should not register or maintain its registration with the Department of State.

Are you a manufacturer of defense articles (items identified on the US Munitions List)? The USML can be found in Part 121 of the International Traffic in Arms Regulations (“ITAR”). If yes, you have a regulatory obligation under the ITAR, Part 122, to be registered and maintain registration with the Department of State, as long as you continue to manufacture defense articles. Remember, a manufacturer of an article on the USML needs to be registered whether it exports or not. Under the ITAR, even the manufacture of one defense article requires registration.
Have all of the articles you manufacture transferred to a 600 or 515 series ECCN (Export, Control Classification Number) on the Commerce Control List? If yes, you will no longer need to be registered with DOS but you will want to document your review. (Remember: not all categories have been revised and some of the old “catch‐all’ provisions remain). Additionally, you should ask yourself the question: do you provide defense services, e.g. assisting a foreign customer with the integration of the non‐TAR hardware into an end item/platform, which is described on the USML, and therefore your actions are subject to ITAR controls. If yes, you should consider maintaining your registration for the purposes of obtaining licenses/agreements to perform these defense services.
Are you an exporter of defense articles? Today that question is a little easier to answer, as the USML in most instances, clearly defines the articles that are subject to the ITAR. If yes, you should obtain or maintain your registration with DOS as an exporter, so that you may apply for or continue to apply for export licenses.
And then there is the broker registration with DOS: Changes October 25, 2013, to ITAR Part 129 made more clear who is required to register with DOS as a broker. All persons located in the US (US and foreign), who are not the OEM, may be deemed to be conducting brokering activities if they assist the US or foreign manufacturers with marketing and selling their products. These companies/persons should register as brokers as required by ITAR Part 129.3. Foreign persons not located in the US and not owned or controlled by US persons assisting in the marketing or selling of US-origin products do not need to register with DOS as a broker unless they actually conduct brokering activities in the US.
If your company provides processing, inspection, or testing services or other engineering and technical services as a support function to a US manufacturer of defense articles, you will also need to register if you were are exporting. How might you do that? Employ a foreign person and assign them to ITAR designated programs or send ITAR work offshore. These are just two examples of how an export may occur. Your company would need to be registered to be able to apply for an export license under these circumstances or any time it provides ITAR controlled technical data or defense services to a foreign person.

While Export Control Reform has made significant changes to the USML, these changes have not changed the requirements for US companies involved in defense work or persons engaged in brokering activities to obtain or maintain registration with DOS. On a brighter note, the number of licenses companies are required to seek from the Department of State has been reduced and thus the annual registration fee for companies may be less than past years.

Do you have questions about your obligation to register with DOS or any other export compliance matter? Contact the export experts at FD Associates to navigate your regulatory obligations.

https://fdassociates.net or in fo@fdassociates.net

To Register Or Not, That Is The Question Read More »

ITAR Certified, What Does It Mean?

Posted in 2016, very relevant today and worth a second read!

Updated by Jenny Hahn, President

Today many prime defense contractors and others involved in the manufacture and sale of defense articles regulated by the ITAR require evidence that companies in their supply chain are registered with the Department of State, Directorate of Defense Trade Controls (DDTC), or, my personal favorite, be “ITAR Certified.” “ITAR Certified” is not defined within the regulations, thus creating more confusion among the small and medium size companies as they try to understand how to become “Certified”.

A company cannot become “ITAR Certified”, although its trade compliance employees can take courses in which they can receive titles like CUESCO, which means they individually are a "certified" export compliance officer. The better question is how did “certification” become an expectation imposed on supply chain?

ITAR Certification is a misnomer; you cannot gain an ITAR Certification like you can an ISO Certification or a CMMI rating. There isn’t a specific standard or set of criteria to be rated against to achieve “ITAR Certification.” Of course, you can include your ITAR Compliance program in the ISO Certification and auditing process but that’s not going to prove you are following the ITAR regulations; it will only demonstrate that your Company is following the Company’s policy, procedures and work instructions consistently.

Some companies have believed that being registered with DDTC is all that is required to allow them to complete the prime contractor questionnaire that will demonstrate they are “ITAR Certified”.

The reality is much more than a simple registration with DDTC. The ITAR imposes a requirement for companies to register, if they meet one of three conditions, manufacture defense articles, export defense articles or furnish defense services, or broker defense articles.

In our experience, many companies do not have a clear understanding of what they are signing up for when registering with DDTC. Just Google “ITAR Certified” and click on Images; you will find many companies have posted their DDTC registration letters with their registration codes. This doesn't make them "ITAR Certified". In fact, a seasoned trade compliance professional will wonder what the company doesn't know by this bold statement.

When a company registers with DDTC, its certifying that a corporate officer or board member of the company understands the obligations of the ITAR, and has established an export compliance program, which includes designation of an ITAR Empowered Official and a trade compliance program. Each year with a company registers or renews its registration with DDTC, DDTC will provide the company with the letter acknowledging their registration and a 4 page compliance program guideline.

What the prime contractors are really concerned with beyond the registration of your company with DDTC, is does my supplier understand that the ITAR imposes licensing obligations if they have a foreign person working at their facility that have access to and release of my technical data? Does my supplier understand if they send my technical data offshore to fulfill the purchase order or contract obligation that an ITAR export license is going to be required? Is my supplier in any way ineligible to participate in an ITAR export transaction because they have become ineligible under the ITAR?

In addition to the prime contractor concerns triggering the "ITAR Certified" form, once a company registers with DDTC, DDTC expects that the Company will stand up a Trade Compliance Program that is clearly documented in writing, tailored to the business, regularly reviewed/updated and fully supported by management. Your program should address these basic elements:

Registration

Determine export jurisdiction of your products, data and services;

Know the end user and end use of defense articles and services (not limited to international transactions);

Know the intermediate parties to a transaction, including supply and title chain

Know what countries are prohibited destinations

Conduct denied party screening of all parties to the transaction, this includes banks, freight forwarders, supply chain (U.S) and all foreign parties;

Ensure party names and address are accurate;

Licensing of items when/if being exported or use an exemption if its applicable to the transaction and conditions imposed in the ITAR;

Ensuring reporting requirements related to the payment of fees and commissions associated with the export transaction are researched and made as part of licensing filing;

International travel by employees

Foreign Visitors to the company facilities

Marking of export controlled materials internally and externally for domestic use and for exports;

Maintaining records of the manufacture and disposition of defense articles. Having a policy that addresses which records need to be maintained, who is responsible and where they are to be maintained;

Ensuring administrative reporting requirements of the ITAR are met, such as the reporting of the initial export of technical data or the performance of defense services against an ITAR license, submitting executed Technical Assistance Agreements, providing annual sales reports for Warehousing Distribution Agreements or Manufacturing License Agreements or making semi annual reports related to exports authorized by the ITAR 126.5 Canadian Exemption;

Training employees on the basic elements of the regulations and how to comply. Irregardless of the size of you company, if your employees don’t understand the many ways an export can take place how are they going to know what to watch out for?

Auditing of Company compliance program, exports and any USG authorizations in place;

Last but not least, having a specific policy regarding what the Company will do when a potential issue of non-compliance is raised. Who will conduct the investigations, provide the reports to management and prepare the voluntary disclosure to the DDTC?

If you have a compliance program that addresses these elements and have appointed trade compliance responsibilities within your company and on your organization chart, when asked to complete the forms for “ITAR Certification” you can do so with more confidence.

In the end, let’s call “ITAR Certification” by its real name, a Trade Compliance Program, and no matter your company size it really boils down to risk adversity. While the regulations don’t specifically state you must have a documented program in place but with the DOJ taking a position regarding the individual responsibility of Corporate employees [see (Yates, 2015) Memo] and DDTC and BIS both detailing their expectations for compliance programs on their websites, how can you not?

Contact FD Associates at 703-847-5801 or Tell Us Your Needs, for support in enhancing your compliance program so you can be more confident when requested to complete the “ITAR Certified” forms for your customers.

ITAR Certified, What Does It Mean? Read More »

Do You Know Where Your Export Controlled Technical Data Is?

By Jenny Hahn

President

FD Associates, Inc.

In today’s global environment, the transfer of export controlled technical data, your company’s IP or customer technical data occurs in an instant. Export controlled technical data is regularly transferred electronically by email or other means to domestic and international customers, partners, vendors, legal counsel and consultants. To ensure compliance with U.S. export regulations, the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR) are met, it is important to understand what happens to the export controlled technical data when it is received by the domestic or international party. Who will have access to the export controlled technical data? Where will it be stored? If the export controlled technical data will be shared with other persons employed by the recipient or external to the recipient.

A recent case we encountered highlights just how far the questions need to go. In this situation, a U.S. company was exporting export controlled technical data to a foreign company. In doing its due diligence, it asked the foreign company where the export controlled technical data would be stored, and whether there were any external IT companies supporting the foreign company (i.e. administering its servers or supply chain partners that would receive the export controlled technical data). The U.S. company learned that backup of the foreign company servers would be at the foreign company’s parent location in another country. This backup of U.S. origin export controlled technical data in a separate country is a reexport under the ITAR and EAR, for which export authorization is or maybe required. If this question had not been asked during the license development process, the U.S. company would have released export controlled technical data to the foreign company and the foreign company would have caused an unwitting export violation.

How often do you ask this simple question of your domestic and foreign customers, partners, vendors, legal counsel or consultants?

Knowing where the export controlled technical data will reside once released from your company is a critical component of your export compliance program and due diligence.

Most companies require the implementation of a Non-Disclosure Agreement (NDA) before releasing export controlled technical data or company IP to another party. The primary reason for the NDA is not trade compliance related but for protection of company trade secrets. Those NDAs often permit the recipient to release the technical data to parties integral to the recipient to facilitate their cooperation with your company. Many NDAs do not include export compliance language articulating the need to comply with the ITAR or EAR prior to the transfer of the protected export controlled technical data to

another party. While an NDA can give the receiving company the permission to release the export controlled technical data to other parties, it is not an ITAR or EAR approval and it cannot override either the ITAR or EAR requirements for authorization for the release/retransfer/reexport of export controlled technical data to a foreign person or foreign company in the form of a license, or license exemption/exception.

When executing an NDA with a domestic or foreign party or evaluating the export regulatory considerations associated with an export of technical data to a foreign party, whether by license, license exemption/exception, be sure to perform your due diligence. This includes researching the party that you are doing business with, verifying whether there is any foreign ownership of that entity, asking if the U.S. company has foreign person employees, inquiring where the export controlled technical data is going to be stored, asking whether there are any IT service providers who will have access to the server and confirming whether backup of the company servers is done by a third party or by the same company in a different country.

Due Diligence also includes knowing where the servers are physically located. With the rampant use of the cloud to cut equipment costs, it is important to know that not all cloud providers can commit to hosting solutions that comply with the ITAR or EAR requirements (Not to mention DFARS requirements if the data is generated related to a U.S. government contract). Today both the ITAR and the EAR do not consider transfer to the cloud an export if suitable encryption is used in transit and in rest, and no access information is provided to foreign persons to unlock the data. If encryption is not used and the export-controlled data is placed in a cloud environment unsecured, that export controlled data may only be stored in a cloud environment hosted in the United States and managed by U.S. persons, to avoid violations of the ITAR or EAR.

A red flag regarding possible use of the cloud by customers, partners, vendors, legal counsel, consultants and others is the use of non-company email accounts like gmail, yahoo, aol, hotmail, msn etc. The use of such email service provider suggests the recipient does not have a traditional network infrastructure and is using the cloud to store any export controlled technical data sent to them. Companies like Google and Yahoo have servers located around the world and storage of the emails can take place at any of them.

Prior to any release of export controlled technical data, your company should determine what path that export controlled technical data will travel when it leaves your company and is received by the domestic or international customer, partner, vendor, legal counsel or consultant for storage and access.

Only when your company fully appreciates the electronics transfers made by others of your company IP, can your company be fully compliant with the ITAR and EAR.

This article does not address the separate Defense Federal Acquisition Regulations Cybersecurity obligations, DFARS 252.204-7000 and 252.204.7012 and the NIST SP 800-171. Refer to our article by Keil Ritterpusch on this subject.

Do You Know Where Your Export Controlled Technical Data Is? Read More »

Due Diligence Considerations When Exporting To China

by Keil J. Ritterpusch Senior Compliance Associate and Jenny A. Hahn President

The current climate between the U.S. Government and China related to export-controlled commodities is quite hostile and is not likely to change in the near term, even with a new U.S. President in place. The U.S. Government, concerned with national security threats, human rights abuses, military modernization, theft of U.S. technology, and theft of U.S. personal information by Chinese actors, has gone on the offensive from an export regulatory perspective to attempt to prevent parties supportive of the Chinese Government and Chinese military from acquiring US-origin products, including, in some cases, products that are EAR99.

The U.S. Government, acting through the U.S. Department of Commerce's Bureau of Industry & Security ("BIS"), has recently added a large number of Chinese companies, including companies that are predominantly involved with commercial enterprises, to the Entity List under the Export Administration Regulations ("EAR"). By being added to the Entity List, any export from the U.S. to a listed party is subject to an export license requirement under the EAR, with a presumption of denial applicable in most cases. Listed parties cannot receive U.S. exports indirectly either, such as by buying through intermediary parties. These intermediary parties know that it is not lawful for U.S. exporters to engage in transactions involving ultimate end use by parties on the Entity List. Thus, in many cases, they disguise the intended end-use, end-users, and parties to the export transactions.

Beyond the expansion of the Entity List, BIS has taken steps to expand the EAR's Foreign Direct Product Rule at EAR Section 736.2(b)(3) to specifically target Chinese telecommunications giant, Huawei Technologies Group Co. Ltd. ("Huawei") and affiliates in China and worldwide. The EAR's Foreign Direct Product Rule was expanded so that foreign origin products built-in plants with U.S.-origin equipment and technology that are exported from abroad or re-exported to Huawei and affiliates are subject to the EAR and prohibited without a license from BIS.

In addition to the broad prohibitions that have been placed on numerous Chinese companies, preventing them from receiving exports of any commodity from the United States, a large number of Chinese companies and organizations have recently been identified under the EAR as Military End Users ("MEUs"). The action to formally identify companies as MEUs, in China, as well as Russia and Venezuela, follows their identification by the U.S. Department of Defense as parties with strong ties to military end-users and military end-uses. By adding entities as MEUs under the EAR, U.S. exporters are officially on notice that any export transaction involving these entities where an item on the EAR's Commerce Control List ("CCL") -- meaning any item with an Export Control Classification Number ("ECCN") requires an export license approved by BIS.

Given the extensive expansion of export restrictions involving China (as well as Russia and Venezuela), it is more important than ever for parties exporting from the United States to carefully identify the parties to their export transactions and the export classifications of products being exported. Even items that are EAR99 or are otherwise No License Required ("NLR") to most worldwide destinations now require licensing for export to certain end-users and for certain end uses in China. Thus, exporters must take formalized steps to document their export due diligence for transactions involving China, as well as Hong Kong and Macau (which are now treated as part of China by the U.S. Government).

BIS has published "Know Your Customer Guidance and Red Flags" as a supplement to the Ten Prohibitions listed in EAR Part 736. The guidance explains the appropriate due diligence required for U.S. export transactions and provides context as to how to sufficiently establish "knowledge" of the particulars of export transactions, including the proper identification of parties, end uses, and end-users. The General Prohibitions cover a gamut of export-related matters but generally prohibit exporters and re-exporters from engaging in export transactions involving prohibited end uses and prohibited end-users. In order to comply with the EAR's General Prohibitions, exporters and re-exporters must establish "reasonable " knowledge regarding the parties to their export transactions and the ultimate end-use and end-users of the exports.

The industry standard for validating this information is through the End User Statement ("EUS")/End User Certification ("EUC"). Without a EUS/EUC, an exporter is arguably self-blinding with respect to compliance with the EAR General Prohibitions, as well as overall export compliance with EAR requirements. Companies that fail to establish sufficient "knowledge" of the details of export transactions can be hit with substantial fines when export transactions result in end uses or end users that are prohibited.

What is Reasonable Due Diligence?

An array of documentation can be used by exporters and re-exporters to validate the parties, end uses, and end users involved with export transactions. The following are tools that should be used by exporters and re-exporters in varying degrees as part of the due diligence to validate export transactions.

End-Use and End-User Statements
Denied Party Screening
Internet research validating the parties to the export transaction
Business licenses and other documents validating the bona fides of the parties, should information regarding the entities to the transaction not be easily discovered through internet searches.

Of these tools for performing due diligence, the most important, by far, is the End User Statement/End-Use Certification. In our opinion, this document should be obtained for all export transactions. After receipt of the EUS/EUC, the U.S. exporter should perform Denied Party Screening on the names of the parties to the export transactions, including the purchaser, intermediate consignees, ultimate consignee, and end-user, doing "fuzzy" searches of company names and variations on the company name. In addition, the Denied Party Screening should search for companies at the same or similar addresses. Widely scoped Denied Party Screening is crucial to the overall due diligence, as it demonstrates to the U.S. Government that the exporters (and re-exporters) took steps to validate that the parties to the transaction are not prohibited from receiving U.S. exports.

Following the Denied Party Screening, we recommend that exporters and re-exporters perform an internet search to ensure that the parties named on the EUS/EUC exist and are in a business with a connection to the product to be exported. Should information on the parties not be able to be readily found on the internet, the exporter or re-exporter should contemplate getting a more detailed EUS/EUC and having it signed both by their customer and the ultimate consignee/end-user. Even in cases where a multi-party signed EUS/EUC is received. It may be necessary to receive copies of business formation documents if the exporter or re-exporter cannot find information on a party to the export transaction after an internet search, particularly the stated end-user/ultimate consignee.

What Flags Should a Prospective Exporter Look For?

Exporters and re-exporters are responsible under the EAR for engaging in lawful export transactions and not engaging in export transactions where they "know" or have "reason to know" that the export transaction may involve an unauthorized party, end-use, or end-user. When evaluating the due diligence collected in relation to prospective export transactions, exporters and re-exporters should highlight any facts where there is missing information or where answers to questions about the parties, end-use, and end-users do not "add up."

For example, if a party receives a completed EUS/EUC that lists a distributor as an end-user, the entire export transaction is a red flag since details regarding the true end-use and end-user are not being provided. Similarly, if a party receives a completed EUS/EUC that lists various parties, including the purchaser, ultimate consignee, and end-users, that cannot be validated through an internet search, there is a red flag to the export transaction, and additional due diligence should be performed.

Liability in the Event that a Party to An Export Transaction Provides Incorrect Information?

Entities in China that have been placed on the Entity List or designated as MEUs still need to receive components to manufacture their products. Companies like Huawei and Semiconductor Manufacturing International Corporation ("SMIC") have not slowed their production of products for the commercial marketplace or for the Chinese Government. As a result, we fully expect that "front" companies will be formed solely for the purpose of diverting goods to companies like Huawei and SMIC in contravention of the EAR. Exporters and re-exporters cannot afford to completely stop exporting to China and Hong Kong (and other destinations) solely because there is a possibility that their shipments will be diverted for unauthorized end uses or unauthorized end users.

To mitigate the risks associated with diversions downstream in export transactions, exporters and re-exporters need to be able to rely on certifications made by legitimate parties to export transactions. There is no requirement to perform post-delivery validation of export transactions involving products that are EAR99 or controlled by the EAR for Anti-Terrorism ("AT) reasons alone. However, exporters and re-exporters need to be able to validate before shipment that the parties to export transactions are legitimate legal entities and that other red flags are overcome.

Therefore, a critical burden on exporters and re-exporters is to ensure that the parties who sign EUS/EUC for prospective export transactions are legitimate legal entities. Once the EUS/EUC is received and the bona fides of the parties have been established and export classifications validated, exporters and re-exporters can export/re-export freely, whether under an export license, under a license exception, or as NLR, if applicable. If an exporter or re-exporter learns after the fact that there has been a diversion, the matter should be reported to BIS, and steps taken internally to document concerns with the pertinent parties to the export transaction resulted in diversion should be undertaken to avoid any recurrence of the diversion.

* * * *

FD Associates is available to help exporters and re-exporters to establish processes and procedures for collecting and performing the appropriate due diligence for their prospective export transactions, particularly those involving China. FD Associates provides export classifications, end-user and end-use validation, and the investigation of red flags for export transactions. We can be reached by email at info@fdassociates.net or by phone at (703) 847-5801.

**FD Associates notes that there are financial sanctions applicable to other parties to export transactions that do not relate to the EAR but rather are implemented under U.S. Department of Treasury regulations. This article does not address such requirements, but parties engaged in export transactions with a nexus with the United States should consult the U.S. Department of Treasury regulations and website to validate that other parties to export transactions, including freight forwarders, banks, and issuers of credit, are not debarred from engaging in transactions involving U.S. jurisdiction.

Due Diligence Considerations When Exporting To China Read More »

The President Signs Executive Order To Treat Hong Kong As China

By: Carlos Bentancor, Junior Associate & Jenny Hahn, President

Hong Kong Now an Arms Embargoed Destination Announced 7.14.2020 and License Exceptions for EAR Items are Suspended

The President signed an Executive Order (EO) on July 14, 2020, which requires the Special Administrative Region of Hong Kong (Hong Kong) to be treated as the People's Republic of China (PRC). The EO states pursuant to section 202 of the United States - Hong Kong Policy Act of 1992 that the U.S. Government no longer considers Hong Kong to be autonomous from China and no longer warrants treatment as an entity separate from China. The President directed the heads of various agencies to begin eliminating policy exemptions for Hong Kong. As a result, Hong Kong is now an arms embargoed destination included in the entry for China under section 126.1(d)(1) of the ITAR, and thus subject to a policy of denial for all transfers subject to the ITAR. This action includes all end-users in Hong Kong.

The Department of Commerce separately announced on June 30 the suspension of License Exceptions for Hong Kong.

Background

In May 2020, China announced its plans to impose national security legislation unilaterally and arbitrarily on Hong Kong, and on May 27th, 2020 the U.S. Secretary of State declared the PRC had undermined Hong Kong's autonomy and reported this to the U.S. Congress. China has through a series of ongoing actions continued to follow through imposing national security legislation on Hong Kong undermining Hong Kong's autonomy, leading the U.S. government to take action intended to prevent any sensitive U.S. items from illegal diversion to the PRC or North Korea.

Government Agency Actions

The Directorate of Defense Trade Controls (DDTC) has announced two actions in response to the EO. First, there will be an exception made in favor of Hong Kong persons who reside outside Hong Kong or PRC, who have been previously authorized access to defense articles subject to ITAR, in future licensing; and second, any current, valid, non - exhausted ITAR licenses with Hong Kong as the transferred territory are not affected by the EO, DDTC is not revoking or rescinding previously approved licenses for defense articles or services to Hong Kong.

Prior to the publication of the EO, on June 30, 2020, BIS suspended any License Exception for exports, re-exports, or transfers (in-country) to Hong Kong of items subject to the EAR that would provide Hong Kong with differential treatment than those available to the PRC. On July 14, President Trump signed an Executive Order officially revoking the use of EAR License Exceptions for Hong Kong that will provide differential treatment compared to those applicable to exports to China.

The actions listed above under the ITAR and EAR are just two of the approximately twenty actions to be taken by various government agencies with respect to Hong Kong within 15 days of the Executive Order (i.e., by July 29, 2020).

The President's Executive Order on Hong Kong Normalization

https://www.whitehouse.gov/presidential-actions/presidents-executive-order-hong-kong-normalization/

Recommendations for Exporters:
FD Associates, Inc. strongly encourages all exporters who export products, provide services, or transmit technical data to foreign nationals or entities from Hong Kong, to evaluate these transactions before making any further exports.

To speak to FD Associates, Inc. about the new rules for exports to Hong Kong, please call (703) 847-5801 or send an email to info@fdassociates.net.

The President Signs Executive Order To Treat Hong Kong As China Read More »