Defense Trade Compliance

1
Defense Trade Compliance Glenn E. Smith Chief,
Enforcement Division Office of Defense Trade
Controls Compliance Partnering for Compliance
East Coast Conference February 23-25,
2011 Orlando, Florida

2
Presentation Topics

• Organization of Compliance at State
• Civil Enforcement Trends
• Consent Agreements
• Voluntary Disclosures
• Compliance Tips
• How Industry can Assist

3
Organization of Compliance at State
Greg Slavens ICE Liaison Orlando Odom FBI Liaison
Lisa Studtmann, Director Daniel Buzby, Deputy
Director

• Enforcement Division
• Glenn Smith, Chief
• Voluntary directed
• disclosures
• Civil enforcement actions
• charging letters consent
• agreements, policies of denial,
• debarments, transaction
• exceptions and reinstatements
• Support to the law enforcement
• community for criminal
• enforcement

• Compliance Registration
• Division
• Dan Cook, Chief
• Registration of manufacturers,
• exporters brokers
• Company Mergers
• Acquisitions
• Company Visit Program
• Consent Agreement
• Monitoring
• PM lead on CFIUS

• Research Analysis Division
• Ed Peartree, Chief
• Blue Lantern end-use
• monitoring program
• Watch List screening
• maintenance
• Compliance Report
• Intelligence research projects
• AECA Section 3 reports to
• Congress

4
Civil Enforcement Trends (FY10)Voluntary
Disclosures

• Over 1200 voluntary disclosures of civil
  violations by industry
• Rate consistent with 2009 figures . 10 increase
  from FY08 and over a 100 increase from FY06
• industry more focused on compliance and willing
  to disclose
• industry establishing internal auditing-but
  additional focus is needed
• due diligence as part of mergers acquisitions
• effect of consent agreements fines
• expansion of USG compliance education outreach
  efforts
• Company Visit Program DDTC
• Project Shield America DHS/ICE
• Domain Program FBI

5
Civil Enforcement Trends (FY10)Directed
Disclosures

• 58 directed disclosures issued by DTCC
• Approximately half of 2009 figures.
• disclosures increasingly more focused and
  remedial actions imposed
• better to disclose voluntarily than under
  direction

6
Civil Enforcement Trends (FY10)Disclosure
Violations

• Nature or pattern of violations appears not to
  have changed from previous years
• unauthorized export of hardware, data or services
• exceeding scope of license approval
• foreign person employment (you and your
  sub-contractors)
• improper use of exemptions
• exceeding dollar value of agreements (TAAs and
  MLAs)
• violating provisos and other conditions of
  approval
• misclassification of hardware/technical data

7
Civil Enforcement - Disclosure Review

• Harm to U.S. foreign policy or national security
• Adherence to law, regulations and DDTCs
  licensing and compliance policies
• Severity of violation (minor or substantive,
  procedural or judgmental, once or repeated,
  unique or systemic)
• Companys approach commitment to compliance
• Implementation of remedial measures
• Improvement of companys compliance program

8
Civil Enforcement

• What violations prompt civil penalties?
• Harm to U.S. National Security or Foreign Policy
  Interests
• Undermine the integrity of the legal and
  regulatory system

9
Civil Enforcement Trends (FY10) Consent Agreements

• Consent Agreements - Since 2003
• 25 consent agreements
• Fines over 180 million
• Remedial Measures
• Reporting and Oversight

10
Causes of Violations

• Compliance program is not well established.
• Program lacks organization and oversight.
• Insufficient resources (human and financial) to
  insure effective compliance.
• Training not systemic or tailored.
• No internal audit or periodic review to assess
  program.

11
Causes of Violations

• Record-keeping of all elements of defense trade
  activity is insufficient or not centralized to
  track activity from beginning to end.
• Program has not evolved to account for change or
  growth in companys regulated business activity
  (e.g., mergers acquisitions).
• Compliance program is outdated and does not
  reflect current regulations and relevant
  procedures.

12
Fines Penalties

• Civil Violations of the AECA ITAR
• 500,000 for each violation
• Extra compliance measures
• Debarment
• (Remember Successor liability applies after
• merger/acquisition.)
• Criminal Violations of the AECA ITAR
• 1 million for each violation
• 20 years imprisonment (see latest Iranian
  Sanctions Legislation) Increase from 10 to 20
  years
• Debarment

13
Consent AgreementsViolations Charged

• Common Violations in Consent Agreements
• Omissions of material facts and false statements
• Unauthorized exports of articles and services
• Violating terms of an authorization
• Classified exports in violation of the ITAR
• Record-keeping
• Unauthorized Proposals to 126.1 countries
• Misclassification of hardware and technical data

14
Consent AgreementsLessons Learned

• What drives these violations?
• Lack of corporate commitment
• Insufficient ITAR training
• Unclear policies/procedures
• Poor record keeping/tracking systems
• Insufficient resources
• Poor or non-existing audit procedures
• Lax security IT and classified handling
• Understanding the root causes of a violation is
  key to preventing future violations!

15
Voluntary Disclosure Areas of Increased
Attention

• Voluntary Disclosures
• Who was involved and how were decisions made.
  (Key focus for DTCC.)
• Provide the who, what, when and how.
• Follow ITAR 127.12(c)(2) and provide all the
  required information.
• DTCC is as concerned about how a violation
  occurred as well as that it happened.
• Use of passive voice and vague descriptions do
  not satisfy disclosure requirements in the ITAR.

16
Voluntary Disclosure Areas of Increased
Attention

• Voluntary Disclosures
• Corrective actions implemented or to be
  implemented to ensure the violations do not occur
  again.
• Provide copies of manuals and or procedures.
• Provide evidence of training.
• Provide evidence that procedures are being
  implemented effectively.

17
Voluntary Disclosure Areas of Increased
Attention

• Remember
• Technology derived from U.S. technology remains
  controlled under the ITAR.
• Disclosures involving repeat violations where
  remediation already claimed to have been
  implemented needs explanation.
• Disclosures are not data dumps submissions
  should be organized and tell the story.

18
Key Elements of Compliance Manual

• Internal compliance document should address
• Organizational structure
• Resources dedicated to export control
• Contracts/marketing screening
• Non-U.S. person employment
• Physical security of the ITAR facility
• Network security
• License preparation
• Use of exemptions
• Foreign travel

10. Foreign visitors 11. Record keeping 12.
Reporting 13. License maintenance 14. Actual
shipping processes 15. ITAR training 16. Internal
monitoring and audits 17. Voluntary
disclosures and discovery of export
violations 18. Violations and penalties
19
Compliance Tips

• Establish senior level commitment to strict
  adherence to all export control laws and
  regulations
• Establish and maintain and effective export
  compliance program
• Involve all elements of the business legal,
  marketing, travel, personnel, etc all play a
  role
• Establish a culture of compliance to ensure
  these procedures are followed

20
Compliance Tips

• Self-audit to identify problems and correct
  weaknesses
• Keep your program up to date with regulatory
  changes and changes in your business
• Establish training requirements tailored to job
  responsibilities and risk
• Recognize that there are no shortcuts
• Network with others in the industry to learn from
  them

21
Compliance Tips

• Establish Clear and Open Communication with
  Partners
• Before and After License Approvals
• Ensure complete and accurate information
• Ensure changes in use/retransfers are authorized
  
• Understand limitations of authorizations
• Due diligence on foreign parties is not
  difficult
• Identify and resolve warning flags before
  submitting
• application
• Knowing your foreign parties is in your best
  interest

22
Compliance Tips

• An inventory control system to track whereabouts
  of
• defense articles through final delivery
• Remind and educate the end-user of their
  obligations under the ITAR
• Notify the State Department if you receive
  derogatory information on end-user or foreign
  consignees after license approval

23
Compliance Tips

• Vet parties using public lists of the regulatory
  agencies State, Commerce, and OFAC. Refer to
  the Excluded Parties List System administered by
  the General Services Administration
• Enhance IT security. Prevent cyber attacks by
  implementing the appropriate encryption and
  firewall systems. Report events to DTCC in
  voluntary disclosure

24
Management Should Remember

• The importance of export compliance to our
  national security and foreign policy interest is
  great
• Enforcement is improving - more information on
  violations coming in as leads and tips have grown
• Governments ability to investigate and use
  information is improving cooperation is real.
• Claims of ignorance or surprise at violations is
  harder to argue with any credibility.
• Strict liability applies - a heavy burden and
  cost when not done correctly. Licensor is
  responsible for nearly all aspects of export
  transactions.

25
How Industry Can Assist Enforcement Efforts

• Good compliance means self-enforcement
• Industry has more eyes and ears available to
  uncover suspected violations
• Industry has greater access to useful information
  regarding compliance issues
• Industry has been instrumental in sensitizing and
  educating suppliers and vendors
• Willingness by industry to share and publish best
  practices with other members of the community

26
Why Share Information with DTCC

• Its the right thing to do
• To protect and secure our national security
• Maintain level playing field and prevent unfair
  advantage
• Protect proprietary information and maintain
  competitive technology lead

27
How Leads and Information are Provided to DTCC

• Phone calls
• Letters (to include anonymous)
• Emails
• Fax
• Conversations (including conferences)
• Hand written note on 3x5 cards

28
How is the Information Used?

• Used within DTCC to support administrative/civil
  investigations
• If warranted, we will share with DHS/ICE,
• FBI or the Department of Justice for potential
  criminal investigation or intelligence reporting.

29
How is the Information Handled?

• How is the information handled?
• -We will only share internally within the
• U.S. Government.

30
Examples of Leads Provided to DTCC

1. Fabrication of TAA and approval letter.
2. Deliberately deleting export control statement
   and company logo on technical drawings-then
   exporting w/o authorization.
3. Deliberately allowing foreign persons access to
   facility, technical data and exporting hardware
   w/o a license.
4. Deliberately conducting technical discussions
   with foreign person while license was pending
   with DDTC.
5. Competitor shipping identical hardware to
   proscribed destination.

31
Leads, tips or questionson compliance and
enforcement

• Glenn Smith
• Chief, Enforcement Division
• 202-632-2799

32
Suggested Reading

• Arms Export Control Act (AECA), Sections 38-40
• (22 U.S.C. 2778-2780) (P.L. 90-629)
• International Traffic in Arms Regulations (22 CFR
  120-130)
• Definitions 120
• U.S. Munitions List 121
• Registration 122
• Licenses 123
• Agreements 124
• Technical Data 125
• Policies Provisions 126
• Compliance 127 128
• Brokering 129
• Contributions, Fees 130
• Commissions
• DDTCs website www.pmddtc.state.gov

33
Useful Information

• U.S. Department of State
• Directorate of Defense Trade Controls
• Website
• www.pmddtc.state.gov
• Response Team Telephone Number
• 202-663-1282
• Response Team E-mail
• DDTCResponseTeam_at_state.gov