By Jenny Hahn, President
The U.S. Department of State's Directorate of Defense Trade Controls (DDTC) has announced that Honeywell International, Inc. has entered into a 3 year Consent Agreement to resolve charges that it committed 34 violations of the Arms Export Control Act and the ITAR between July 2011 and July 2018 involving unauthorized exports or retransfers of technical data resulting from the failure to exercise appropriate internal controls.
In December 2015, Honeywell initially disclosed to the Department of State that its Integrated Supply Chain (ISC) organization had sent Requests For Quotation (RFQs) to U.S. and foreign suppliers via its DEXcenter (file exchange program) requesting pricing for parts. The RFQs generally included drawings.
In its initial notice of disclosure Honeywell identified that there had been multiple exports of ITAR-controlled drawings without authorization via DEXcenter to Taiwan and the People's Republic of China (PRC) in July 2015. It was subsequently determined that 51 of the drawings exported had been to unaffiliated suppliers in the PRC, an ITAR sanctioned country. Honeywell had exported 20 of the drawings to its affiliates in the PRC.
In Honeywells' September 2016 filing of the final report regarding the voluntary disclosure, Honeywell informed the Department of State of multiple corrective actions it had taken to prevent the types of violations it disclosed from recurring. The actions included:
1) a mandatory second-level review requirement for all international document transfers through DEXcenter;
2) mandatory training measures to address the risk of human error due to misidentifying export classification or authorizations, especially in the RFQ context; and
3) enhancing DEXcenter to further reduce the risk of human error by limiting the user's ability to select an export authorization that does not match a drawing's export classification and by providing additional warnings, reminders, and training resources and requirements.
By March 2017, based on an internal investigation and additional analysis conducted at the Department of States request, Honeywell ultimately identified 71 ITAR-controlled drawings that had been exported without authorization between July 2011 and October 2015 had exported via DEXcenter to Canada, Ireland, the PRC, and Taiwan, 65 of which form the basis of the alleged violations.
The 71 drawings, which Honeywell identified in its first voluntary disclosure and supplemental correspondence with the Department of State are controlled under Categories VIII(i), XI(d), and XIX(g) of the United States Munitions List (USML), contained engineering prints showing layouts, dimensions, and geometries for manufacturing castings and finished parts for multiple aircraft, military electronics, and gas turbine engines, including the F-35 Joint Strike Fighter, F-22 Aircraft, B-1B Lancer bomber, C-130, A-7H Corsair, A-10 Aircraft, Apache Longbow Helicopter, the M1A1 Abrams Tank, the Tactical Tomahawk Missile and the T55 Turboshaft Engine.
Some of the drawings contained technical data designated as Significant Military Equipment under the ITAR. The SME designation has significance because the USG has determined that special export controls are warranted because of the capacity for substantial military utility or capability.
In October 2018, Honeywell submitted a second voluntary disclosure describing how personnel in the same organization within Honeywell Aerospace, ISC, committed another series of ITAR violations between June and July, 2018 that were similar to the violations disclosed in the first voluntary disclosure.
According to the second voluntary disclosure, a team of ISC personnel invented what Honeywell referred to as "an alternative process, which the team believed complied with export compliance requirements," for soliciting RFQs.
Under the alternative process, ISC personnel either failed to review the export control classifications for multiple technical documents or used a classification analysis method that did not properly categorize the documents as described on either the USML or the Commerce Control List (CCL).
Additionally, ISC personnel without authorization exported technical drawings using a different file exchange tool than DEXcenter called Daptiv. The reasoning for the use of Daptiv was to increase the efficiency and speed of a procurement project.
There were a total of 27 additional exports using this system, 2 to Canada, 2 to the PRC and 23 to Mexico. The drawings were classified on the USML as Category VIII(i) and XIX(g) and contained the same type of information as before for the manufacture of castings and finished parts for the following platforms:
- F35 Joint Strike Fighter
- F/A-18 Hornet
- F135 turboshaft engine
- F414 turboshaft engine
- T55 turboshaft engine
- CTS800 turboshaft engine
Like the first disclosure, some of the drawings contained technical data designated as SME.
Lastly, the two drawings to the PRC was to an employee at one of Honeywells' subsidiaries and that employee retransferred one of the drawings to another employee at its subsidiary in the PRC.
(i) Civil penalty of $13,000,00, with $8,000,000 payable in three installments and the remaining $5,000,000 assessed for remedial compliance measures
(ii) appointment of a Special Compliance Officer or Internal Special Compliance Officer
(iii) implementation of an automated export compliance system
(iv) a minimum of one external audit
(v) on-site reviews by DDTC with minimum advance notice, and
(vi) other strengthened makeup Compliance Policies, procedures, and training, including legal department support to all divisions for all matters involving the AECA and the ITAR.
DDTC posted the following documents in connection with this settlement: Draft Charging Letter, Consent Agreement, and Order.
What is the lesson learned?
Beyond the clear national security violations that this case presented because of the exports to China which triggered the fine amount imposed, the voluntary disclosures revealed a startling lack of consideration of export jurisdiction and classification, the failure to follow company guidelines, processes and procedures and that even in the largest of companies exports of technical data via established processes and procedures can go easily go astray.
The most rigorous of processes installed to ensure secure transfer of the companies valued technical data was not a fool proof mechanism and the trade compliance team bears the responsibility to routinely investigate, test and validate exports are compliant to the ITAR or EAR and the associated licensing and other authorizations within the ITAR or EAR.
A lack of detailed training is often attributable to these types of export violations. It is critical for defense contractors, large and small to ensure functional department training is provided along with detailed written processes/work instructions that include specific export compliance obligations for that department to make clear the expectation for the department before they make exports of technical data, controlled or non controlled. Following such training regular auditing of department processes is necessary to validate compliance.
As this case demonstrates it is imperative that all company personnel share the same corporate objective of trade compliance and understanding of all the fundamental elements to export compliance when exporting technical data.
In all instances before company personnel make an export of technical data, they must know export jurisdiction, export classification and licensing responsibilities under the ITAR or the EAR for the release of that data.
Small, medium and large companies all have the same responsibilities and the same risks.
Best practices include (not a comprehensive list)
- Dedicated personnel assigned to determine export jurisdiction and export classification for all items or technical data being exported
- Having a single point of export for a program, a license or a department that minimizes that number of humans involved in the export of technical data and allows for an assessment whether the technical data is properly within the scope of the export authorization and whether the export classification is correct
- Use of secure portal for sharing export controlled data
- IT tools that restrict/quarantine exports to China or any other prohibited destination (ITAR 126.1) before release after trade compliance review
- Trade compliance follow up on export activity for licensed and non licensed exports made by individual functional departments
- Regular audits, both internal and external, of export activities
- Follow up of compliance actions resulting from any matter of non compliance
- Training, training, training
- Employee certifications and acknowledgment of responsibilities
- Consequences up to and including termination for violations of the company policies and procedures causing export violations