Consultants Corner

To Register Or Not, That Is The Question

By Jenny Hahn, President

Do I need to register or maintain registration with the Department of State (“DOS”)? Companies may find themselves asking this question, as a result of Export Control Reform. There are several factors to consider before deciding that your company should or should not register or maintain its registration with the Department of State.

  1. Are you a manufacturer of defense articles (items identified on the US Munitions List)? The USML can be found in Part 121 of the International Traffic in Arms Regulations (“ITAR”). If yes, you have a regulatory obligation under the ITAR, Part 122, to be registered and maintain registration with the Department of State, as long as you continue to manufacture defense articles. Remember, a manufacturer of an article on the USML needs to be registered whether it exports or not. Under the ITAR, even the manufacture of one defense article requires registration.
  2. Have all of the articles you manufacture transferred to a 600 or 515 series ECCN (Export, Control Classification Number) on the Commerce Control List? If yes, you will no longer need to be registered with DOS but you will want to document your review. (Remember: not all categories have been revised and some of the old “catch‐all’ provisions remain). Additionally, you should ask yourself the question: do you provide defense services, e.g. assisting a foreign customer with the integration of the non‐TAR hardware into an end item/platform, which is described on the USML, and therefore your actions are subject to ITAR controls. If yes, you should consider maintaining your registration for the purposes of obtaining licenses/agreements to perform these defense services.
  3. Are you an exporter of defense articles? Today that question is a little easier to answer, as the USML in most instances, clearly defines the articles that are subject to the ITAR. If yes, you should obtain or maintain your registration with DOS as an exporter, so that you may apply for or continue to apply for export licenses.
  4. And then there is the broker registration with DOS: Changes October 25, 2013, to ITAR Part 129 made more clear who is required to register with DOS as a broker. All persons located in the US (US and foreign), who are not the OEM, may be deemed to be conducting brokering activities if they assist the US or foreign manufacturers with marketing and selling their products. These companies/persons should register as brokers as required by ITAR Part 129.3. Foreign persons not located in the US and not owned or controlled by US persons assisting in the marketing or selling of US-origin products do not need to register with DOS as a broker unless they actually conduct brokering activities in the US.
  5. If your company provides processing, inspection, or testing services or other engineering and technical services as a support function to a US manufacturer of defense articles, you will also need to register if you were are exporting. How might you do that? Employ a foreign person and assign them to ITAR designated programs or send ITAR work offshore. These are just two examples of how an export may occur. Your company would need to be registered to be able to apply for an export license under these circumstances or any time it provides ITAR controlled technical data or defense services to a foreign person.

While Export Control Reform has made significant changes to the USML, these changes have not changed the requirements for US companies involved in defense work or persons engaged in brokering activities to obtain or maintain registration with DOS. On a brighter note, the number of licenses companies are required to seek from the Department of State has been reduced and thus the annual registration fee for companies may be less than past years.

Do you have questions about your obligation to register with DOS or any other export compliance matter? Contact the export experts at FD Associates to navigate your regulatory obligations.

https://fdassociates.net or info@fdassociates.net

To Register Or Not, That Is The Question Read More »

ITAR Certified, What Does It Mean?

Posted in 2016, very relevant today and worth a second read!

Updated by Jenny Hahn, President

Today many prime defense contractors and others involved in the manufacture and sale of defense articles regulated by the ITAR require evidence that companies in their supply chain are registered with the Department of State, Directorate of Defense Trade Controls (DDTC), or, my personal favorite, be “ITAR Certified.” “ITAR Certified” is not defined within the regulations, thus creating more confusion among the small and medium size companies as they try to understand how to become “Certified”.

A company cannot become “ITAR Certified”, although its trade compliance employees can take courses in which they can receive titles like CUESCO, which means they individually are a "certified" export compliance officer. The better question is how did “certification” become an expectation imposed on supply chain?

ITAR Certification is a misnomer; you cannot gain an ITAR Certification like you can an ISO Certification or a CMMI rating. There isn’t a specific standard or set of criteria to be rated against to achieve “ITAR Certification.” Of course, you can include your ITAR Compliance program in the ISO Certification and auditing process but that’s not going to prove you are following the ITAR regulations; it will only demonstrate that your Company is following the Company’s policy, procedures and work instructions consistently.

Some companies have believed that being registered with DDTC is all that is required to allow them to complete the prime contractor questionnaire that will demonstrate they are “ITAR Certified”.

The reality is much more than a simple registration with DDTC. The ITAR imposes a requirement for companies to register, if they meet one of three conditions, manufacture defense articles, export defense articles or furnish defense services, or broker defense articles.

In our experience, many companies do not have a clear understanding of what they are signing up for when registering with DDTC. Just Google “ITAR Certified” and click on Images; you will find many companies have posted their DDTC registration letters with their registration codes. This doesn't make them "ITAR Certified". In fact, a seasoned trade compliance professional will wonder what the company doesn't know by this bold statement.

When a company registers with DDTC, its certifying that a corporate officer or board member of the company understands the obligations of the ITAR, and has established an export compliance program, which includes designation of an ITAR Empowered Official and a trade compliance program. Each year with a company registers or renews its registration with DDTC, DDTC will provide the company with the letter acknowledging their registration and a 4 page compliance program guideline.

What the prime contractors are really concerned with beyond the registration of your company with DDTC, is does my supplier understand that the ITAR imposes licensing obligations if they have a foreign person working at their facility that have access to and release of my technical data? Does my supplier understand if they send my technical data offshore to fulfill the purchase order or contract obligation that an ITAR export license is going to be required? Is my supplier in any way ineligible to participate in an ITAR export transaction because they have become ineligible under the ITAR?

In addition to the prime contractor concerns triggering the "ITAR Certified" form, once a company registers with DDTC, DDTC expects that the Company will stand up a Trade Compliance Program that is clearly documented in writing, tailored to the business, regularly reviewed/updated and fully supported by management. Your program should address these basic elements:

Registration

Determine export jurisdiction of your products, data and services;

Know the end user and end use of defense articles and services (not limited to international transactions);

Know the intermediate parties to a transaction, including supply and title chain

Know what countries are prohibited destinations

Conduct denied party screening of all parties to the transaction, this includes banks, freight forwarders, supply chain (U.S) and all foreign parties;

Ensure party names and address are accurate;

Licensing of items when/if being exported or use an exemption if its applicable to the transaction and conditions imposed in the ITAR;

Ensuring reporting requirements related to the payment of fees and commissions associated with the export transaction are researched and made as part of licensing filing;

International travel by employees

Foreign Visitors to the company facilities

Marking of export controlled materials internally and externally for domestic use and for exports;

Maintaining records of the manufacture and disposition of defense articles. Having a policy that addresses which records need to be maintained, who is responsible and where they are to be maintained;

Ensuring administrative reporting requirements of the ITAR are met, such as the reporting of the initial export of technical data or the performance of defense services against an ITAR license, submitting executed Technical Assistance Agreements, providing annual sales reports for Warehousing Distribution Agreements or Manufacturing License Agreements or making semi annual reports related to exports authorized by the ITAR 126.5 Canadian Exemption;

Training employees on the basic elements of the regulations and how to comply. Irregardless of the size of you company, if your employees don’t understand the many ways an export can take place how are they going to know what to watch out for?

Auditing of Company compliance program, exports and any USG authorizations in place;

Last but not least, having a specific policy regarding what the Company will do when a potential issue of non-compliance is raised. Who will conduct the investigations, provide the reports to management and prepare the voluntary disclosure to the DDTC?

If you have a compliance program that addresses these elements and have appointed trade compliance responsibilities within your company and on your organization chart, when asked to complete the forms for “ITAR Certification” you can do so with more confidence.

In the end, let’s call “ITAR Certification” by its real name, a Trade Compliance Program, and no matter your company size it really boils down to risk adversity. While the regulations don’t specifically state you must have a documented program in place but with the DOJ taking a position regarding the individual responsibility of Corporate employees [see (Yates, 2015) Memo] and DDTC and BIS both detailing their expectations for compliance programs on their websites, how can you not?

Contact FD Associates at 703-847-5801 or Tell Us Your Needs, for support in enhancing your compliance program so you can be more confident when requested to complete the “ITAR Certified” forms for your customers.

ITAR Certified, What Does It Mean? Read More »

Do You Know Where Your Export Controlled Technical Data Is?

By Jenny Hahn

President

FD Associates, Inc.

In today’s global environment, the transfer of export controlled technical data, your company’s IP or customer technical data occurs in an instant. Export controlled technical data is regularly transferred electronically by email or other means to domestic and international customers, partners, vendors, legal counsel and consultants. To ensure compliance with U.S. export regulations, the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR) are met, it is important to understand what happens to the export controlled technical data when it is received by the domestic or international party. Who will have access to the export controlled technical data? Where will it be stored? If the export controlled technical data will be shared with other persons employed by the recipient or external to the recipient.

A recent case we encountered highlights just how far the questions need to go. In this situation, a U.S. company was exporting export controlled technical data to a foreign company. In doing its due diligence, it asked the foreign company where the export controlled technical data would be stored, and whether there were any external IT companies supporting the foreign company (i.e. administering its servers or supply chain partners that would receive the export controlled technical data). The U.S. company learned that backup of the foreign company servers would be at the foreign company’s parent location in another country. This backup of U.S. origin export controlled technical data in a separate country is a reexport under the ITAR and EAR, for which export authorization is or maybe required. If this question had not been asked during the license development process, the U.S. company would have released export controlled technical data to the foreign company and the foreign company would have caused an unwitting export violation.

How often do you ask this simple question of your domestic and foreign customers, partners, vendors, legal counsel or consultants?

Knowing where the export controlled technical data will reside once released from your company is a critical component of your export compliance program and due diligence.

Most companies require the implementation of a Non-Disclosure Agreement (NDA) before releasing export controlled technical data or company IP to another party. The primary reason for the NDA is not trade compliance related but for protection of company trade secrets. Those NDAs often permit the recipient to release the technical data to parties integral to the recipient to facilitate their cooperation with your company. Many NDAs do not include export compliance language articulating the need to comply with the ITAR or EAR prior to the transfer of the protected export controlled technical data to

another party. While an NDA can give the receiving company the permission to release the export controlled technical data to other parties, it is not an ITAR or EAR approval and it cannot override either the ITAR or EAR requirements for authorization for the release/retransfer/reexport of export controlled technical data to a foreign person or foreign company in the form of a license, or license exemption/exception.

When executing an NDA with a domestic or foreign party or evaluating the export regulatory considerations associated with an export of technical data to a foreign party, whether by license, license exemption/exception, be sure to perform your due diligence. This includes researching the party that you are doing business with, verifying whether there is any foreign ownership of that entity, asking if the U.S. company has foreign person employees, inquiring where the export controlled technical data is going to be stored, asking whether there are any IT service providers who will have access to the server and confirming whether backup of the company servers is done by a third party or by the same company in a different country.

Due Diligence also includes knowing where the servers are physically located. With the rampant use of the cloud to cut equipment costs, it is important to know that not all cloud providers can commit to hosting solutions that comply with the ITAR or EAR requirements (Not to mention DFARS requirements if the data is generated related to a U.S. government contract).  Today both the ITAR and the EAR do not consider transfer to the cloud an export if suitable encryption is used in transit and in rest, and no access information is provided to foreign persons to unlock the data.  If encryption is not used and the export-controlled data is placed in a cloud environment unsecured, that export controlled data may only be stored in a cloud environment hosted in the United States and managed by U.S. persons, to avoid violations of the ITAR or EAR.

A red flag regarding possible use of the cloud by customers, partners, vendors, legal counsel, consultants and others is the use of non-company email accounts like gmail, yahoo, aol, hotmail, msn etc. The use of such email service provider suggests the recipient does not have a traditional network infrastructure and is using the cloud to store any export controlled technical data sent to them. Companies like Google and Yahoo have servers located around the world and storage of the emails can take place at any of them.

Prior to any release of export controlled technical data, your company should determine what path that export controlled technical data will travel when it leaves your company and is received by the domestic or international customer, partner, vendor, legal counsel or consultant for storage and access.

Only when your company fully appreciates the electronics transfers made by others of your company IP, can your company be fully compliant with the ITAR and EAR.

This article does not address the separate Defense Federal Acquisition Regulations Cybersecurity obligations, DFARS 252.204-7000 and 252.204.7012 and the NIST SP 800-171. Refer to our article by Keil Ritterpusch on this subject.

Do You Know Where Your Export Controlled Technical Data Is? Read More »

Due Diligence Considerations When Exporting To China

by Keil J. Ritterpusch Senior Compliance Associate and Jenny A. Hahn President

The current climate between the U.S. Government and China related to export-controlled commodities is quite hostile and is not likely to change in the near term, even with a new U.S. President in place.  The U.S. Government, concerned with national security threats, human rights abuses, military modernization, theft of U.S. technology, and theft of U.S. personal information by Chinese actors, has gone on the offensive from an export regulatory perspective to attempt to prevent parties supportive of the Chinese Government and Chinese military from acquiring US-origin products, including, in some cases, products that are EAR99.

The U.S. Government, acting through the U.S. Department of Commerce's Bureau of Industry & Security ("BIS"), has recently added a large number of Chinese companies, including companies that are predominantly involved with commercial enterprises, to the Entity List under the Export Administration Regulations ("EAR").  By being added to the Entity List, any export from the U.S. to a listed party is subject to an export license requirement under the EAR, with a presumption of denial applicable in most cases.  Listed parties cannot receive U.S. exports indirectly either, such as by buying through intermediary parties.  These intermediary parties know that it is not lawful for U.S. exporters to engage in transactions involving ultimate end use by parties on the Entity List.  Thus, in many cases, they disguise the intended end-use, end-users, and parties to the export transactions.

Beyond the expansion of the Entity List, BIS has taken steps to expand the EAR's Foreign Direct Product Rule at EAR Section 736.2(b)(3) to specifically target Chinese telecommunications giant, Huawei Technologies Group Co. Ltd. ("Huawei") and affiliates in China and worldwide.  The EAR's Foreign Direct Product Rule was expanded so that foreign origin products built-in plants with U.S.-origin equipment and technology that are exported from abroad or re-exported to Huawei and affiliates are subject to the EAR and prohibited without a license from BIS.

In addition to the broad prohibitions that have been placed on numerous Chinese companies, preventing them from receiving exports of any commodity from the United States, a large number of Chinese companies and organizations have recently been identified under the EAR as Military End Users ("MEUs").  The action to formally identify companies as MEUs,  in China, as well as Russia and Venezuela, follows their identification by the U.S. Department of Defense as parties with strong ties to military end-users and military end-uses.  By adding entities as MEUs under the EAR, U.S. exporters are officially on notice that any export transaction involving these entities where an item on the EAR's Commerce Control List ("CCL") -- meaning any item with an Export Control Classification Number ("ECCN") requires an export license approved by BIS.

Given the extensive expansion of export restrictions involving China (as well as Russia and Venezuela), it is more important than ever for parties exporting from the United States to carefully identify the parties to their export transactions and the export classifications of products being exported.  Even items that are EAR99 or are otherwise No License Required ("NLR") to most worldwide destinations now require licensing for export to certain end-users and for certain end uses in China.  Thus, exporters must take formalized steps to document their export due diligence for transactions involving China, as well as Hong Kong and Macau (which are now treated as part of China by the U.S. Government).

BIS has published "Know Your Customer Guidance and Red Flags" as a supplement to the Ten Prohibitions listed in EAR Part 736.  The guidance explains the appropriate due diligence required for U.S. export transactions and provides context as to how to sufficiently establish "knowledge" of the particulars of export transactions, including the proper identification of parties, end uses, and end-users.  The General Prohibitions cover a gamut of export-related matters but generally prohibit exporters and re-exporters from engaging in export transactions involving prohibited end uses and prohibited end-users.  In order to comply with the EAR's General Prohibitions, exporters and re-exporters must establish "reasonable " knowledge regarding the parties to their export transactions and the ultimate end-use and end-users of the exports.

The industry standard for validating this information is through the End User Statement ("EUS")/End User Certification ("EUC").  Without a EUS/EUC, an exporter is arguably self-blinding with respect to compliance with the EAR General Prohibitions, as well as overall export compliance with EAR requirements.  Companies that fail to establish sufficient "knowledge" of the details of export transactions can be hit with substantial fines when export transactions result in end uses or end users that are prohibited.

What is Reasonable Due Diligence?

An array of documentation can be used by exporters and re-exporters to validate the parties, end uses, and end users involved with export transactions.  The following are tools that should be used by exporters and re-exporters in varying degrees as part of the due diligence to validate export transactions.

  • End-Use and End-User Statements
  • Denied Party Screening
  • Internet research validating the parties to the export transaction
  • Business licenses and other documents validating the bona fides of the parties, should information regarding the entities to the transaction not be easily discovered through internet searches.

Of these tools for performing due diligence, the most important, by far, is the End User Statement/End-Use Certification.  In our opinion, this document should be obtained for all export transactions.  After receipt of the EUS/EUC, the U.S. exporter should perform Denied Party Screening on the names of the parties to the export transactions, including the purchaser, intermediate consignees, ultimate consignee, and end-user, doing "fuzzy" searches of company names and variations on the company name.  In addition, the Denied Party Screening should search for companies at the same or similar addresses.  Widely scoped Denied Party Screening is crucial to the overall due diligence, as it demonstrates to the U.S. Government that the exporters (and re-exporters) took steps to validate that the parties to the transaction are not prohibited from receiving U.S. exports.

Following the Denied Party Screening, we recommend that exporters and re-exporters perform an internet search to ensure that the parties named on the EUS/EUC exist and are in a business with a connection to the product to be exported. Should information on the parties not be able to be readily found on the internet, the exporter or re-exporter should contemplate getting a more detailed EUS/EUC and having it signed both by their customer and the ultimate consignee/end-user.  Even in cases where a multi-party signed EUS/EUC is received. It may be necessary to receive copies of business formation documents if the exporter or re-exporter cannot find information on a party to the export transaction after an internet search, particularly the stated end-user/ultimate consignee.

What Flags Should a Prospective Exporter Look For?

Exporters and re-exporters are responsible under the EAR for engaging in lawful export transactions and not engaging in export transactions where they "know" or have "reason to know" that the export transaction may involve an unauthorized party, end-use, or end-user.  When evaluating the due diligence collected in relation to prospective export transactions, exporters and re-exporters should highlight any facts where there is missing information or where answers to questions about the parties, end-use, and end-users do not "add up."

For example, if a party receives a completed EUS/EUC that lists a distributor as an end-user, the entire export transaction is a red flag since details regarding the true end-use and end-user are not being provided.  Similarly, if a party receives a completed EUS/EUC that lists various parties, including the purchaser, ultimate consignee, and end-users, that cannot be validated through an internet search, there is a red flag to the export transaction, and additional due diligence should be performed.

Liability in the Event that a Party to An Export Transaction Provides Incorrect Information?

Entities in China that have been placed on the Entity List or designated as MEUs still need to receive components to manufacture their products.  Companies like Huawei and Semiconductor Manufacturing International Corporation ("SMIC") have not slowed their production of products for the commercial marketplace or for the Chinese Government.  As a result, we fully expect that "front" companies will be formed solely for the purpose of diverting goods to companies like Huawei and SMIC in contravention of the EAR.  Exporters and re-exporters cannot afford to completely stop exporting to China and Hong Kong (and other destinations) solely because there is a possibility that their shipments will be diverted for unauthorized end uses or unauthorized end users.

To mitigate the risks associated with diversions downstream in export transactions, exporters and re-exporters need to be able to rely on certifications made by legitimate parties to export transactions.  There is no requirement to perform post-delivery validation of export transactions involving products that are EAR99 or controlled by the EAR for Anti-Terrorism ("AT) reasons alone.  However, exporters and re-exporters need to be able to validate before shipment that the parties to export transactions are legitimate legal entities and that other red flags are overcome.

Therefore, a critical burden on exporters and re-exporters is to ensure that the parties who sign EUS/EUC for prospective export transactions are legitimate legal entities.  Once the EUS/EUC is received and the bona fides of the parties have been established and export classifications validated, exporters and re-exporters can export/re-export freely, whether under an export license, under a license exception, or as NLR, if applicable.  If an exporter or re-exporter learns after the fact that there has been a diversion, the matter should be reported to BIS, and steps taken internally to document concerns with the pertinent parties to the export transaction resulted in diversion should be undertaken to avoid any recurrence of the diversion.

*                       *                       *                       *

FD Associates is available to help exporters and re-exporters to establish processes and procedures for collecting and performing the appropriate due diligence for their prospective export transactions, particularly those involving China.  FD Associates provides export classifications, end-user and end-use validation, and the investigation of red flags for export transactions.  We can be reached by email at info@fdassociates.net or by phone at (703) 847-5801.

**FD Associates notes that there are financial sanctions applicable to other parties to export transactions that do not relate to the EAR but rather are implemented under U.S. Department of Treasury regulations. This article does not address such requirements, but parties engaged in export transactions with a nexus with the United States should consult the U.S. Department of Treasury regulations and website to validate that other parties to export transactions, including freight forwarders, banks, and issuers of credit, are not debarred from engaging in transactions involving U.S. jurisdiction.

Due Diligence Considerations When Exporting To China Read More »

The President Signs Executive Order To Treat Hong Kong As China

By: Carlos Bentancor, Junior Associate & Jenny Hahn, President

Hong Kong Now an Arms Embargoed Destination Announced 7.14.2020 and License Exceptions for EAR Items are Suspended

The President signed an Executive Order (EO) on July 14, 2020, which requires the Special Administrative Region of Hong Kong (Hong Kong) to be treated as the People's Republic of China (PRC). The EO states pursuant to section 202 of the United States - Hong Kong Policy Act of 1992 that the U.S. Government no longer considers Hong Kong to be autonomous from China and no longer warrants treatment as an entity separate from China. The President directed the heads of various agencies to begin eliminating policy exemptions for Hong Kong. As a result, Hong Kong is now an arms embargoed destination included in the entry for China under section 126.1(d)(1) of the ITAR, and thus subject to a policy of denial for all transfers subject to the ITAR. This action includes all end-users in Hong Kong.

The Department of Commerce separately announced on June 30 the suspension of License Exceptions for Hong Kong.

Background

In May 2020, China announced its plans to impose national security legislation unilaterally and arbitrarily on Hong Kong, and on May 27th, 2020 the U.S. Secretary of State declared the PRC had undermined Hong Kong's autonomy and reported this to the U.S. Congress. China has through a series of ongoing actions continued to follow through imposing national security legislation on Hong Kong undermining Hong Kong's autonomy, leading the U.S. government to take action intended to prevent any sensitive U.S. items from illegal diversion to the PRC or North Korea.

Government Agency Actions

The Directorate of Defense Trade Controls (DDTC) has announced two actions in response to the EO. First, there will be an exception made in favor of Hong Kong persons who reside outside Hong Kong or PRC, who have been previously authorized access to defense articles subject to ITAR, in future licensing; and second, any current, valid, non - exhausted ITAR licenses with Hong Kong as the transferred territory are not affected by the EO, DDTC is not revoking or rescinding previously approved licenses for defense articles or services to Hong Kong.

Prior to the publication of the EO, on June 30, 2020, BIS suspended any License Exception for exports, re-exports, or transfers (in-country) to Hong Kong of items subject to the EAR that would provide Hong Kong with differential treatment than those available to the PRC. On July 14, President Trump signed an Executive Order officially revoking the use of EAR License Exceptions for Hong Kong that will provide differential treatment compared to those applicable to exports to China.

The actions listed above under the ITAR and EAR are just two of the approximately twenty actions to be taken by various government agencies with respect to Hong Kong within 15 days of the Executive Order (i.e., by July 29, 2020).

The President's Executive Order on Hong Kong Normalization

https://www.whitehouse.gov/presidential-actions/presidents-executive-order-hong-kong-normalization/

Recommendations for Exporters:
FD Associates, Inc. strongly encourages all exporters who export products, provide services, or transmit technical data to foreign nationals or entities from Hong Kong, to evaluate these transactions before making any further exports.

To speak to FD Associates, Inc. about the new rules for exports to Hong Kong, please call (703) 847-5801 or send an email to info@fdassociates.net.

The President Signs Executive Order To Treat Hong Kong As China Read More »

US Department Of Commerce Publishes Rules That Greatly Expand The Requirement For Obtaining EAR Licenses

By:  Keil J. Ritterpusch, Senior Compliance Associate, and Jenny Hahn, President

On April 28, 2020, the U.S. Department of Commerce’s Bureau of Industry & Security (“BIS”) published two new final rules and one proposed rule to the Export Administration Regulations (“EAR”) which substantially affect U.S. exporters of goods to China, Russia, and Venezuela.  In general, the rule:

  • Broadens license requirements in EAR Section 744.21 to apply to military end users in China and expands the scope of items in the List of Items Subject to the Military End-Use License Requirement of Section 744.21 (Supplement No. 2 to Part 744);
  • Adopts a license review presumption of denial in Section 744.21(e);
  • Broadens the definition of “military end use” by expanding the definition to include any item that supports or contributes to the operation, installation, maintenance, repair, overhaul, refurbishing, “development,” or [emphasis added] “production” of military items;
  • Clarifies the controls on exports of “600 series” .y and 9x515.y Export Control Classification Numbers (“ECCNs”) to China, Russia, or Venezuela by relocating them from Section 744.21 to the License Requirements sections of each ECCN;
  • Designates regional stability (“RS”) as the reason for control of these items; and
  • Expands Electronic Export Information (“EEI”) filing requirements for exports to China, Russia, and Venezuela.

The regulatory changes that will affect the greatest number of exporters is the requirement to file EEI for all exports to China, Russia, and Venezuela regardless of value (or end use or end user) of products on the EAR’s Commerce Control List (“CCL”) and to provide the correct export classification on such EEI submissions.  The EEI filing requirement for EAR99 items, which are by definition not included on the CCL, remains the same:  EEI submissions are required for exports of EAR99 items only when the value of the export is $2,500 or more per Harmonized Tariff Schedule (“HTS”) code on the EEI.  We believe the consequence of this regulatory revision is even more widespread than the expanded requirements for obtaining export licenses (and the presumption of denial) for exports to military end uses and military end users in China, Russia, and Venezuela.

The following are some of the key points for exporters related to the regulatory changes:

EEI Submissions for ALL Exports to China, Russia, and Venezuela (Except EAR99 Items):

Effective June 29, 2020, exporters will need to file EEI submissions in the Automated Export System (“AES”) portal within the Automated Commerce Environment (“ACE”) website – ace.cbp.dhs.gov – for ALL exports of items listed on the CCL to China, Russia, or Venezuelaregardless of value, end use, or end user.  Prior to this final rule being published (82 FR 23459), exports that were designated as No License Required (“NLR”) did not require the filing of EEI unless the value of the export transaction was $2,500 or more per HTS code.  Now, only EAR99 items below the $2,500 threshold do not require EEI submissions, per FTR Section 30.37(a).

Correct Export Classification is Required for ALL Exports to China, Russia, and Venezuela:

In addition to requiring EEI submissions for ALL exports of items on the CCL to China, Russia, or Venezuela, the new rule provides that exporters must include the correct Export Control Classification Number (“ECCN”) for each item listed on EEI for exports to China, Russia, and Venezuela.  This new requirement underscores the responsibility U.S. exporters have to correctly classify the products they export.

Currently, for exports to China, Russia, and Venezuela, exporters may state on export documents and in the EEI filing (when required by the EAR) that their products are No License Required (“NLR”) – citing license code “C33” on the EEI.  These exporters were not required, by either the EAR or the Foreign Trade Regulations (“FTR”), to provide the exact export classification of the items being exported if the products do not require a license.

Going forward, exporters should not assume that their products that were classified as “NLR” are classified as EAR99 items.  Over the years we have encountered many instances where exporters have believed that “NLR” means “EAR99”.  While all EAR99 products are, in fact, NLR to all worldwide end users, except prohibited end users and sanctioned countries, “”NLR” is not an export classification.  “NLR” is a conclusion under the EAR that results from first determining the export classification, then reviewing the reasons for control for export of products under the ECCN, and, then, determining that No License is Required for the export.  Only after establishing the proper ECCN can one arrive at a conclusion of “NLR”.

It would be a grave mistake for a U.S. exporter to unilaterally state that its products are EAR99 after June 29, without first revalidating the export classification for any export to China, Russia, or Venezuela, because misstatements of export classification on an EEI and failure to file EEI each subject the exporter to a $10,000 fine per violation under the FTR.  Exporters must perform appropriate export classification analysis to avoid substantial risk of misclassification.

Export Licensing is Required for Exports of Most Commodities to China, Russia, or Venezuela Where The End Use is Military or End User is Military … With Presumption of Denial of Said Licenses:

The EAR now requires an export license to be obtained prior to exports to China, Russia, and Venezuela of items that are currently only restricted to terrorism supporting countries under Anti-Terrorism (“AT”) controls of the EAR, when the export is to a military end user or for a military end use.  Moreover, there is an express policy of denial for such export license applications.

Products falling under the following ECCNs will require licenses for export to military end users and military end uses in China, Russia, and Venezuela beginning June 29, 2020:

  • 3A991,
  • 3A992,
  • 3A999,
  • 4A994,
  • 4D994,
  • 5A991,
  • 5B991,
  • 5A992,
  • 5D992,
  • 6A991,
  • 6A993,
  • 6A995,
  • 6A996,
  • 7A994,
  • 8A992, and
  • 9A991.

Beyond the broad expansion of the products that require a license for export to military end uses and military end users in China, Russia, and Venezuela, the new rules also greatly expand the definition of what is a “military end use”.  The new definition is so open-ended that FD Associates would not be surprised to see BIS issue clarifying Frequently Asked Questions (“FAQs”) or narrow the definition before the new rule goes into effect on June 29, 2020.  Under the new rule, any product that is exported that “supports or contributes to the operation, installation, maintenance, repair, overhaul, refurbishing, “development,” or [emphasis added] “production” of any military item is a “military end use”.  There is no limitation for products that are for use both for non-military end uses and military uses.  So, for example, if software that is controlled under ECCN 5D992 – having encryption built-in, but being available for export on a “mass market” basis – is used in China to aid a Chinese company that manufactures both military aircraft parts and commercial aircraft parts, it is arguable that the software would be for a “military end use” under the revised rule.

Recommendations for Exporters:

Potential concerns for exporters arise in product misclassification and failure to conduct appropriate due diligence when conducting business with China, Russia and Venezuela.  While both product classification and transactional due diligence are core tenets of a company compliance program, exporters are on notice that the government is watching and the risks of export violations, government queries, inspections, detentions, seizures, and fines are substantially magnified for transactions involving China, Russia and Venezuela.

In light of the substantial increase in potential liability for exporters, FD Associates, Inc. strongly encourages all exporters who export products to China, Russia and/or Venezuela to evaluate all products that they have self-classified as EAR99 and revalidate the export classification per the Order of Review in the EAR, before exporting to China, Russia and/or Venezuela.

FD Associates, Inc. also recommends that exporters perform added due diligence, including the collection of detailed end use and end user statements and associated research and screening of the end users and end uses of their products in China, Russia, and Venezuela, to validate the actual end users and end uses.  This is especially critical, as a significant percentage of US exports to China, in particular, do not go to the end user or directly to the end use, but instead go through a distributor or a re-seller.  Since exports of otherwise NLR products that are for end use by military end users (or parties on behalf of them) or are for “military end uses” in these countries now requires a license from BIS, it is imperative that  exporters have a sufficient “paper trail” related to the end users and end uses of products they sell to China (as well as Russia and Venezuela).

To speak to FD Associates, Inc. about the new rules for exports to China, Russia, and/or Venezuela, please call (703) 847-5801 or send an email to info@fdassociates.net.

US Department Of Commerce Publishes Rules That Greatly Expand The Requirement For Obtaining EAR Licenses Read More »

DDTC Announces New Policies And Changes Affecting ITAR Registrations, Licensing, Part 130 Reporting, And DDTC Management

COVID 19 has impacted our daily lives. DDTC is no exception. Between the DECCS rollout and COVID 19 telework, DDTC is impacted and has responded with the following policies and changes intended to aid industry and ease the burden on exporters that may be hampered during this period to make filings in accordance with the ITAR timelines or existing export authorizations.

Registrations

  • Effective March 13, 2020, a temporary suspension of the requirement in ITAR Parts 122 and 129 to renew registration as a manufacturer, exporter, and/or broker and pay a fee on an annual basis by extending ITAR registrations expiring on February 29, March 31, April 30, May 31, and June 30, 2020 for two months from the original date of expiration.
  • DDTC is also pursuing a one-time temporary reduction in registration fees for certain categories of DDTC registrants. More information on any change will be provided on DDTC's website.

Voluntary disclosures

  • Voluntary Disclosures can be filed electronically to DTCC-CaseStatus@state.gov
  • DDTC Compliance is now granting an additional 30 days for responses to its request-for-information letters related to voluntary and directed disclosure matters. DDTC Compliance is also considering extensions for the submission of full voluntary disclosures on a case-by-case basis. Extension requests should be sent via email to DTCC-CaseStatus@state.gov on company letterhead in PDF format.

Licensing

Validity period of export licenses

  • Effective March 13, 2020, a temporary suspension, modification, and exception to the limitations on the duration of ITAR licenses contained in ITAR Parts 120-130, including but not necessarily limited to ITAR §§ 123.5(a) (temporary exports), 123.21(a) (duration of licenses), and 129.6(e) (validity of brokering approval), to extend any license that expires between March 13, 2020, and May 31, 2020, for six (6) months from the original date of expiration so long as there is no change to the scope or value of the authorization and no Name/Address changes are required. This six (6) month extension is warranted in light of the unique challenges applicants face in the current environment when attempting to coordinate with U.S. and foreign business partners regarding the scope of applications.

Note: this extension is automatic and requires no action by the license holder

Remote work by company and long term contract employees defined by ITAR 120.39

  • To support remote work in this extraordinary period, effective March 13, 2020, a temporary suspension, modification, and exception to the requirement that a regular employee, for purposes of ITAR § 120.39(a)(2), work at the company's facilities, to allow the individual to work at a remote work location, so long as the individual is not located in Russia or a country listed in ITAR § 126.1. This suspension, modification, and exception shall terminate on July 31, 2020, unless otherwise extended in writing.

Remote work by regular employees (ITAR 120.39) of foreign signatories to TAAs/MLAs or ITAR exemptions

  • Effective March 13, 2020, authorization for regular employees of licensed entities who are working remotely in a country not currently authorized by a TAA, MLA, or exemption to send, receive, or access any technical data authorized for export, reexport, or retransfer to their employer via a TAA, MLA, or exemption so long as the regular employee is not located in Russia or a country listed in ITAR § 126.1. This suspension, modification, and exception shall terminate on July 31, 2020, unless otherwise extended in writing.

Paper filings with DDTC, adjudication of filing will be emailed to the applicant

  • DDTC is implementing new procedures and will send to the contact listed on the application email scans of final action letters for General Correspondence requests submitted in writing. If email information was not provided, final actions will continue to be mailed back to the applicant.
  • DDTC is implementing new procedures and will send to the applicant email scans of unclassified final action letters for DSP-85s submitted in writing. If email information was not provided, final actions will continue to be mailed back to the applicant. The Defense Counterintelligence and Security Agency (DCSA) will continue to receive original sealed copies through the mail.

Note: Approvals for DSP-5, DSP-61, DSP-73, and TAAs/MLAs/WDAs in DECCS, DDTC's electronic portal and can be retrieved via DECCS 

Expedited requests for licensing in support of U.S Operations

  • DDTC is re-issuing guidance for the expedited authorization of requests submitted in support of U.S. Operations (USOP) at DTCL SOP - USOPS Guidance. Refer to the DDTC website

DDTC to file Congressional Notifications electronically

  • In coordination with Congress and DOD, DDTC has moved to electronic submissions of Congressional Notifications of proposed Direct Commercial Sales (DCS) and Foreign Military Sales (FMS) to the Congress.

Other

  • DDTC is leveraging updated staffing protocols to ensure streamlined interagency licensing reviews.

Part 130 Reporting

Updated information repoints of contact

  • To facilitate timely responses to inquiries from the public and regulated industry, DDTC has added additional points of contact on the Key Personnel tab of the About DDTC page on the DDTC website, and additional staffing and IT resources have been added to its Response Team and Help Desk functions.

DDTC Announces New Policies And Changes Affecting ITAR Registrations, Licensing, Part 130 Reporting, And DDTC Management Read More »

DECCS Is Here!

Don’t Panic, Just Enroll

If you are registered as an exporter or manufacturer of defense articles with the Department of State, Directorate of Defense Trade Controls (“DDTC”), you have by now probably noted reference to “DECCS”, the Defense Export Control and Compliance System, either on the DDTC website or in correspondence from or with DDTC.

Do you know what DECCS is?

More importantly, do you understand your responsibilities with DECCS today?

DECCS is DDTC’s new electronic portal for Export Licensing, Registration, Commodity Jurisdictions, Advisory Opinions, Retransfer Requests and in the future for Voluntary Disclosures.

DECCS is borne out of DDTC’s IT Modernization effort which began almost five years ago. After much testing, discussion and work, all of which is still underway, DECCS will formally deploy on Tuesday February 18, 2020.  Per DDTC, DTrade will cease to be available as of 6 PM EST February 14, 2020.

Don’t worry! All registrant information, licensing and digital certificate information tied to your company registrant’s registration code will be migrated to your account in DECCS. NOTHING will be lost.

If you have a valid ITAR registration with DDTC, you need to enroll in DECCS to continue your ITAR licensing or registration activities.

Over the last few weeks DDTC has contacted all registrants and holders of digital certificates via a 3rd party (OKTA) about registering in DECCS. Upon reviewing the email, you will find your user ID for DECCS and a link to start your enrollment process in DECCS.

Unfortunately, as the email did not come from DDTC, but rather OKTA, and references an application program “MyApps”, many exporters have either believed it is junk/spam and deleted it or the email was automatically filtered to junk/spam.

To add some more bad news, the email link/window to register with the link in the window was only 7 days from the date OKTA sent it.  This means if you cannot find the email and have not actioned it by the time you are reading this communique you will have missed the window to respond.  Do not fear! You can easily resolve this problem by contacting the DDTC DTrade/DECCS Help Desk and requesting that the email be resent.  See email addresses below to make this request.

So now that you have completed step 1, your in the DECCS enrollment page, what comes next?

You will provide your user ID and first/last name and phone number.

Click Enroll!

You then will get a notification on the DECCS page that an email is forthcoming from OKTA to complete the DECCS enrollment.

The second email from OKTA will prompt users to create a password and provide a phone number to enable two factor authentications for access to DECCS through the DECCS portal.

Now you are all set… almost! Like any IT system conduct validation testing

Log in and see the two-factor authentication process work.

Once complete you will be able to log into the DECCS portal and conduct business with DDTC, whether it is managing your account and users, preparing or tracking license status, filing registrations.

And the good news is, all licenses submitted in DTrade prior to the conversion will continue to process, as will any registrations that have been submitted. When complete, they will be issued in DECCS.

The phone numbers to call DDTC and request resending of the initial email are 202-663-2838 or 202-663-1282.  To submit requests to DDTC via email, we recommend submitting to the following:

deccspmddtc@midatl.service-now.comDDTCResponseTeam@state.gov; and dtradehelpdesk@state.gov.

DECCS Is Here! Read More »

Traveling With Electronic Devices – Are You Ready?

By Odyssey E. Gray, III, Associate, FD Associates, Inc.

Today’s world is a “smart” world, a world of various electronic devices that provide ever expanding connectivity and access.  As a result of this age of “connectivity,” employers may require their employees to travel internationally, conducting business on their behalf while carrying electronic devices with them.  What if your business involves ITAR controlled products?  Will you receive or hand-carry ITAR regulated technical data on laptops, smart phones or other electronic devices?  Are you remotely logging in to your company server while abroad to access ITAR regulated technical data?  Are there controls in place to protect this data from being accessed by foreign persons while you are abroad?  Is the ITAR technical data being accessed for individual use without further export, or, will you share the ITAR regulated technical data with foreign persons?  Most importantly, does your company understand the authorizations required to allow the export of ITAR technical data on devices being carried internationally? Any export of ITAR controlled technical data requires ITAR authorization for the export.

What if the data being carried internationally is not ITAR regulated?  Would this would mean no controls and thus, no USG authorization required?  This is a common mistake by many who believe that if the data is not ITAR regulated, it is not export controlled.  In fact, if the data is not ITAR controlled, then it is, or may be, subject to the Export Administration Regulations (“EAR”) and, if subject, the applicable ECCN for the information (technology) will determine whether Department of Commerce approval or EAR license exception is required for its export.

The good news for international travelers is that both the ITAR and the EAR have clear provisions for the license-free export of technical data and technology for employee use abroad under applicable ITAR license exemption and EAR license exception.  The ITAR license exemption is available at ITAR 125.4(b)(9).  The EAR has two applicable license exceptions at EAR Part 740.9 (TMP license exception) and EAR Part 740.14 (BAG license exception).  These authorizations are commonly referred to as “personal use.”

The “personal use exemption” at ITAR Section 125.4(b)(9) authorizes the export, reexport or retransfer of ITAR controlled technical data, including classified information, without a license, by or to a U.S. person, or a foreign person employee of a U.S. person (who has been authorized to receive ITAR regulated technical data under an ITAR DSP-5 employment license) travelling or on temporary assignment abroad for their personal use.

The EAR “personal use exception” at EAR Part 740.9 – TMP (Temporary Imports, Exports, Reexports, And Transfers (In-Country), authorizes the export, reexport or transfer of EAR controlled technology, without a license, by or to a U.S. person, or a foreign person employee of a U.S. person travelling or on temporary assignment abroad for their personal use.

The EAR “personal use exception” at EAR Part 740.14 – BAG (Baggage), authorizes individuals leaving the United States either temporarily (i.e., traveling) or longer-term (i.e., moving) to take to any destination, as personal baggage, the classes of commodities, software and EAR controlled technology described pursuant to this license exception.  License exception BAG authorizes the export of technology as “Tools of Trade” for use in the trade, occupation, employment, vocation, or hobby of the traveler.  License exception BAG also authorizes the export of encryption commodities and software subject to EI controls, if for personal use.

Once you know where your data falls jurisdictionally, you can cite the proper export authority, contingent upon meeting all of the stated requirements of using either ITAR 125.4(b)(9) license exemption or the EAR license exceptions TMP or BAG.

Both the ITAR and EAR require that security precautions (e.g., encryption of the data; firewalls; use of secure network connections or other access restrictions on the electronic device on which the data is stored, e.g., passwords, etc.) are in place on the electronic device to prevent unauthorized access to the controlled information by foreign persons.

The most secure method for access abroad by an employee is the use of a secure encrypted tunnel into the company server (e.g., secure VPN), whereupon data may be viewed and accessed by the employee who is using either a company laptop / electronic device or a personal electronic device.  All technical data remains on the company server and is not downloaded to the local device, except for viewing in an encrypted window.

If the company provides or allows its employee to use a company laptop or electronic device for hand-carry and use abroad while on travel, the device may already be loaded with ITAR controlled information/files (the hard drive should be encrypted and/or password protected).  The company device should contain software that allows the device to be remotely wiped in case of theft or loss.  The employee must maintain positive control and access of the company device with stored information so as not to allow unauthorized access.  If the employee will not keep the laptop with them, at all times, they should plan to store the laptop in a secure place such as a hotel safe.

The company should have a written travel policy, including written processes and procedures, to provide guidance and instruction to all employees traveling to ensure that all regulatory requirements are met to remain compliant with the export of controlled information to the company employee.

Procedures should exist not only for the use of the applicable ITAR exemption or EAR license exception, but as a means to document the information released, to whom it was released, the manner in which the transfer occurred, as well as information concerning the device used to access/carry the data, whether it be a personal device or company device.

It is recommended that the traveler have a proforma invoice describing the device, the data or software installed, to include, any hard copies of data previously exported, and, the applicable ITAR license, license exemption / EAR license, license exception with them at the time of travel.

In addition to the actual export, the regulations require that records for each export be maintained by the exporter (e.g., description of the technical data that was exported; name of the recipient(s); date and time of export; method of transmission, i.e. facsimile, courier, email, meeting).  The same record-keeping requirements that exist for any license approval for exports to foreign parties are the same as those for the use of any ITAR exemption or EAR license exception for exports to employees traveling internationally.

Any exports made beyond the scope of ITAR 125.4(b)(9) or EAR license exceptions TMP or BAG, i.e., not for “personal use,” are subject to the usual export licensing rules under the ITAR or EAR.  In other words, if one seeks to provide controlled data to foreign persons, that export/transfer requires separate authorization, e.g., license approval, ITAR license exemption or EAR license exception.

Fines and penalties for any violation of the ITAR or EAR are applicable, thus, use of these “personal use” authorizations must be within the scope as cited in the ITAR or EAR, respectively.

While these steps might seem burdensome to a small company, did you know that the U.S. Customs and Border Protection (“CBP”) issued a new directive in January of this year (2018) which authorizes and provides guidance to CBP in its procedures for “…searching, reviewing, retaining, and sharing information contained in computers, tablets, removable media, disks, drives, tapes, mobile phones, cameras, music and other media players, and any other communication, electronic, or digital devices…”  CBP has authority to search the contents of any electronic device leaving or entering the United States at their discretion.  In 2017 alone, CBP conducted 30,000 searched of electronic devices.

CBP searches are authorized to facilitate border security.  In practice, this means CBP may review and/or copy any information on any electronic device, even those items that are encrypted or password protected.  CBP may make copies of any of the information on the device.  If the information is not accessible, CBP may detain or seize the device to ship it off-site for further analysis and to facilitate CBP review of all information therein.

Even information marked as “Attorney-Client privileged” is subject to review and/or copy.  Individuals, however, should alert and advise CBP if such information exists on the device and its status as “Attorney-Client privileged,” so that CBP is aware that this is protected information.  A best practice would be to utilize the same procedures for confidential business information.  Note, however, CBP may not use the electronic device to access information stored remotely.  This directive is applicable only to the information stored on the actual electronic device.

Consistent with CBP policy, no specific cause is needed for CBP to conduct the search of the device.  The directive does instruct that “CBP will protect the rights of individuals against unreasonable search and seizure and ensure privacy protections while accomplishing its enforcement mission.”   Should CBP wish to review your device, you want to be able to provide CBP with evidence you have complied with applicable U.S. export laws.  A copy of a completed traveler form that identifies the device, the applicable ITAR license exemption / EAR license exception, the reason for travel and the information being carried abroad is a good tool to demonstrate to CBP that you have not violated U.S. export laws.

The primary mission of both the ITAR and the EAR is national security and safeguarding U.S.-origin technology.  The regulations recognize that company employees may require the use of export-controlled data to perform work assignments while abroad, thus, the ITAR 125.4(b)(9) license exemption and EAR license exceptions TMP and BAG for “personal use” permit this type of export.

There is one notable exclusion to the use of the ITAR 125.4(b)(9) exemption.  It cannot be used for the carrying of ITAR controlled data to proscribed countries per ITAR 126.1 (e.g., China, Venezuela, etc.).  Therefore, if a person is travelling to China or Venezuela, for example, on business, or even on personal travel, with their company issued device or a personal device that can access company information, they must know that they cannot lawfully carry or access ITAR technical data or EAR 600-series technical data while they are in ITAR 126.1 countries.  Not only is there no applicable exemption under the ITAR or EAR, but there is a policy of denial for exports to these countries.

In today’s “smart” world, businesses should have travel policies and procedures that comply with the exemptions/exceptions available and protect the export of ITAR technical data or EAR controlled technology.  If you need help with developing a travel policy, FD Associates stands by to assist you.

Traveling With Electronic Devices – Are You Ready? Read More »

Export Compliance Red Flags

By John Herzo, Senior Associate

Everyone involved in export compliance understands that the cornerstone of corporate compliance is a strong export compliance program. A sign that your export compliance program is functioning properly is the ability of your employees to identify and prevent potential export compliance violations before they occur. One essential tool for an effective export compliance program is employee training on the recognition and remediation of "red flags" in export transactions. The goal of this article is to explain what is meant by "red flags" and the forms in which the "red flags" present themselves in prospective export transactions.

Scenario - Missiles, Inc., of the U.S. (Your Company) received a purchase order from ABC GmbH of Germany for sophisticated missile engine components. Per your company's Export Compliance Manual, Missiles, Inc., performed its due diligence on the new customer ABC GmbH. The due diligence determined the following facts about ABC GmbH:

  • ABC GmbH has no company website;
  • ABC GmbH's purchase order was sent to you via a Gmail email account;
  • ABC GmbH's asked if Missiles, Inc., would accept a cash payment for the missile engine components;
  • ABC GmbH's purchase order did not request any ongoing support, which is customary for these products;
  • ABC GmbH is listed on several investment websites as a book store;
  • A Google Earth search identified ABC GmbH at the street address provided and the store front appears to be a book store;
  • Missiles, Inc., ran a denied party screening of ABC GmbH against U.S. Government denied party lists and revealed a hit for ABC GmbH of Germany, but the address is slightly different than the address for ABC GmbH;
  • ABC GmbH asked for the missile engine components to be sent to their freight forwarder in the U.S., and did not note delivery to their address in Germany; but identified for the freight forwarder to contact ABC GmbH for delivery instructions
  • Lastly, ABC GmbH refused to provide an end use statement regarding its intended use of the missile engine components.

Let's analyze the information Missiles, Inc., is presented with:

Denied Party Screening

Red Flag - ABC GmbH's address is similar to one of the parties found on BIS', the Office of Foreign Assets Control's ("OFAC") or other U.S. Government agency's denied parties/persons lists.

The existence of this "red flag" means that Missiles, Inc., will need to perform additional due diligence, e.g., research, to confirm that ABC GmbH is not the party on the subject denied party list. This is a difficult "red flag" to overcome, particularly when viewed in conjunction with the other "red flags" explained below. Missiles, Inc., must have persuasive evidence, not merely a statement in writing, that ABC GmbH is an entirely different organization from the listed entity at a different address. As companies who are prohibited from receiving U.S. exports will take significant steps to conceal their "prohibited" status, Missiles, Inc., must conduct extensive due diligence to overcome this "red flag".

End-Use Statement

Red Flag - ABC GmbH refused to provide an end-use statement regarding how it will utilize the missile engine components after Missiles, Inc., requested the end-use statement.

This "red flag" is a very serious one, particularly in light of the sensitive end use and extensive controls applicable worldwide on missile components. Detailed end-use statements are absolutely essential for items like missile components given that the U.S. Government will only approve export to vetted Governmental end users in "friendly" countries. This "red flag" may also present itself in other obvious ways such as the customer providing limited information on end-use when requested. If the potential customer or purchasing agent understands U.S. export regulations and believes it knows the classification of your product, they may try and tell you that there is no licensing requirement for the export of your product to their country. Therefore, end-use information is not required. The correct response, per EAR Part 744, or the ITAR (if applicable) is that the U.S. Government prohibits sales of any item if it will be used in nuclear production or any unsafeguarded nuclear facility; or any missile or unmanned aerial vehicle capable of a range of 300km or greater; or any chemical or biological end-use. Thus, your company requires end-use information to rule out the requirement for a license per EAR Part 744.

or the ITAR

Product Capability Vs. Customer's Line Of Business

Red Flag - Your due diligence revealed that ABC GmbH is a book store, therefore the product's capabilities, sophisticated missile engine components, does not fit ABC GmbH's line of business.

This is a really impossible "red flag" to overcome. The purchase of sensitive items, like missile components by those not in the same line of business is risky, given the high possibility of diversion to unauthorized end users. The fact that ABC GmbH is a book store was corroborated by Missiles, Inc.'s Google Earth search. As a result, Missiles, Inc. needs additional information for any possibility of overcoming this "red flag".

Technical Level Of End-Use Country

Red Flag - The item ordered is incompatible with the technical level of the country to which it is being shipped.

This "red flag" did not present itself in the scenario above because ABC GmbH is from Germany a highly technical country with active missile development end users. This type of "red flag" typically presents itself when the due diligence reveals export controlled equipment is being requested for purchase and shipment to a country that has no known capability to field or use the equipment.

Payment In Cash

Red Flag - ABC GmbH asked if Missiles, Inc., would accept cash for the missile engine components. The missile engine components are very expensive and would normally call for financing.

This "red flag" is indicative of an entity not wanting a "paper trail" and a sign of possible diversion. Your company's business development and sales force should be able to identify this "red flag" during sales meetings and contract negotiations.

Payment By Another Company

Red Flag - A secondary party requests to pay for another party's purchase.

This "red flag" did not present itself in this scenario. This "red flag" will present itself during the negotiation of the sale or after the sale has been negotiated, but prior to payment. Typically, a U.S. entity requests to pay for the purchase of a foreign entity. In some cases, the foreign customer / end user is from a proscribed country, such as Venezuela. The payment through another party may be a way to avert economic sanction regulations or to otherwise avoid being a party to a transaction. This "red flag" may implicate compliance issues with the OFAC regulations and the Foreign Corrupt Practices Act.

Little Or No Business Background

Red Flag - The customer has little or no business background.

This "red flag" also did not directly present itself in the scenario above. This "red flag" will typically present itself during the negotiation of the sale. Your company's business development personnel or sales force should be able to identify this "red flag" readily through bid and proposal discussions.

Unfamiliar With Product's Performance Characteristics

Red Flag - The customer is unfamiliar with the product's performance characteristics but still wants the product.

This "red flag" did not present itself in our scenario above. This "red flag" typically presents itself during the negotiation of the sale. Your company's business development personnel or sales force should also be able to identify this "red flag" as performance characteristics are essential for applications like missiles.

Decline Of Routine Installation, Training, Or Maintenance Services

Red Flag - ABC GmbH's purchase order did not request maintenance information or a warranty.

This "red flag" presented itself in ABC GmbH's email that contained its purchase order for the missile engine components. The failure to request installation, training or maintenance support where it is ordinarily requested can be a "red flag" indicating diversion to a prohibited end use as the ultimate end user would be denied the ability to receive this support, as well as the parts. This "red flag" typically presents itself during the negotiation of the sale. Your company's business development personnel or sales force should also be able to identify this "red flag".

Delivery Requirements

Red Flag - Delivery dates are vague, or deliveries are planned for out of the way destinations.

This "red flag" did not present itself in the scenario above. Typically, this "red flag" will present itself during the negotiation of the sale. Your company's business development personnel or sales force should be able to differentiate between vague delivery dates for valid business reasons as opposed to vague delivery dates that are "red flags". Deliveries to out of the way destinations will present themselves during the due diligence phase when your company is screening the potential customer. For instance, the customer's address is in the United Arab Emirates, but they are asking for delivery to Uganda. This is a "red flag" that is often able to be overcome when the purchaser is able to explain the logical reasoning behind its request. This "red flag" will need to be addressed in the export license application as verification of address is important.

Delivery To Freight Forwarder

Red Flag - ABC GmbH requested that the missile engine components be delivered to its freight forwarder in the U.S. and did not state to deliver to ABC GmbH in Germany.

Is this a "red flag"? It is often customary for the foreign customer to identify the freight forwarder if they pay the freight charge. This can be a red flag if the purchase order doesn't identify to make the shipment from the U.S. direct to ABC GmbH in Germany. In this scenario, the requirement for the freight forwarder to get instructions for delivery information at a later time is another red flag. Is this a routed transaction, where the responsibility for licensing of controlled exports is placed on the U.S. freight forwarder? If yes, receive and review a copy of their export license before you make delivery to the freight forwarder. This allows you to verify the bona fides of the parties to the export transaction. This "red flag" should be identified by your company's business development personnel, sales force or shipping department as it is not typical to ship missile engine components to only the U.S. freight forwarder without knowledge of direct shipment to the foreign customer.

Shipping Route

Red Flag - The shipping route is abnormal for the product and destination.

This "red flag" did not present itself in the scenario above. This "red flag" presents itself during the negotiation of the sale and the shipping process. Your company's business development personnel, sales force and shipping department should be able to identify this "red flag". This is a risk of diversion when the product is transported on an unusual route.

Packaging

Red Flag - Packaging is inconsistent with the stated method of shipment or destination.

This "red flag" did not present itself in our scenario above. The "red flag" presents itself during the shipping process. Your company's shipping department should be able to identify this "red flag". This "red flag" often indicates a product will be diverted and party maybe used to obfuscate the country of export.

Evasive Customer

Red Flag - When questioned, the buyer is evasive and especially unclear about whether the purchased product is for domestic use, for export, or for reexport.

This "red flag" did not specifically present itself in the scenario above. However, ABC GmbH did refuse to provide an end-use statement, which is a form of evasiveness. This "red flag" may arise during the negotiation of the sale. This is very serious given the strict rules on end use of these types of items. Your company's business development personnel or sales force should also be able to identify this "red flag".

Website

Red Flag - Missiles, Inc.'s due diligence into the bona fides of ABC GmbH revealed that ABC GmbH does not have a company website. While not every company has a website, most companies involved in the use of missile engine components have a website. The failure of your customer to have a website is a "red flag" that your company should perform additional due diligence to determine the bona fides of the customer.

This "red flag" presented itself in the scenario during the performance of Missiles, Inc.'s due diligence. Your company's business development personnel or sales force should also be able to identify this "red flag".

Email Address

Red Flag - ABC GmbH's email to Missiles, Inc., came from a gmail email account as opposed to an ABC GmbH corporate email account. While not every customer will have a corporate email account, most companies involved in the use of missile engine components have a corporate email account. Your customer's failure to have a corporate email account is a "red flag" that your company should perform additional due diligence to determine the bona fides of the customer.

This "red flag" presents itself at the inquiry stage of the sales process. This "red flag" is easily identifiable by your company's customer service, business development and sales personnel.

Conclusion

With the preponderance of red flags present in this scenario, should Missiles, Inc., proceed with the order? What would your company do?

There can be many different "red flags" to export transactions that should put your company on notice that a given transaction has the potential to lead to an export violation and diversion of goods. It is your company's responsibility to address these "red flags" as they present themselves to different departments within your company from business development to shipping. Having a well-established export compliance program that includes specific departmental export compliance training and specific procedures that include "red flag" alerts and reviews will allow your personnel to identify potentially suspect export transactions and further research them to ensure the transaction is valid before proceeding.

We have utilized the "red flags" published on the Department of Commerce, Bureau of Industry and Security's ("BIS")[1] webpage as a guide for this article.

Export Compliance Red Flags Read More »