Add to collection(s) Add to saved
  1. Business
  2. Management

PMA Training

advertisement 
Export Controls: In the
Trenches: Hands-On Approach
to Export Compliance
NCURA REGION VI & VII
2011 SPRING MEETING
APRIL 3 - 6, 2011
Presentation
Overview
Presenters:
Kay Ellis
Export Compliance Program
Licenses and Other Requests
Adilia Koch
Technology Control Plans
Recordkeeping
Voluntary Disclosures
Export Compliance:
“Preventing violations”
KEEPING YOUR CAMPUS
COMPLIANT
Develop an Export Compliance
Management Plan
 Risk Assessment – Where are the high risk areas?



Shipping
Procurement
Sponsored Research

Specific colleges/units
 Develop “best practices” and tools






Checklists
NDAs, MTAs
File for licenses and exemptions
Technology Control Plans (TCPs)
Manual
Training
 Maintain export control website
 Recordkeeping
Managing export controlled research
Assuming you can’t negotiate out the
restrictive clauses - how do you
manage the export controlled project?
Determining the need for a license
(Export Controls Review)
Questions to Ask:
 What is the nationality of researchers
INCLUDING Professors and Research Assistants
(grad students/post-docs)?
 Will the researcher or grad student be receiving
restricted information?


Is it EAR controlled?
Is it ITAR controlled?
Determining the need for a license
(Export Controls Review)
Questions to Ask:
 Is the project strictly defense-related?
 If it’s ITAR, will the foreign national grad student
need to discuss the data with the sponsor?
 Destination: Is the research technology or goods
going overseas to a foreign company, government or
individual?

Does the PI want to take the technology/equipment/data with
him or her?
Determining the need for a license
Steps to Take:
 Determine if license is needed for the
technology/end user/end use
 Determine if license exemption or
exception is available
Do I need to be concerned about export controls in this
research?
1.
2.
Public domain, and
a) No equipment, encrypted
software, listed-controlled
chemicals, bio-agents or
toxins, or other restricted
technologies are involved,
and
b) Information/software is
already published, and
c) There is no contractual
restriction on export, or
Fundamental Research
(note definitions and caveats
associated with this
exemption)
1.
2.
3.
4.
Equipment or encrypted software
is involved, or
Technology is not in the public
domain, and
Technology may be exposed to
foreign nations (even on campus)
or foreign travel is involved, and
a) The equipment, software
or technology is on the
Commerce Control List, or
b) Information or instruction is
provided about software,
technology, or equipment
on the CCL, or
c) The foreign nationals are
from or the travel is to an
embargoed country
The contract has terms e.g. a
publication restriction that effect
the Fundamental Research
Exemption
1.
2.
3.
4.
Equipment, software, chemical,
bio-agent, or technology is on
the US Munitions List (ITAR), or
Equipment, software, chemical,
bio-agent or technology is
designed or modified for military
use, use in outer space, or there
is reason to know it will be used
for or in weapons of mass
destruction, or
Chemicals, bio-agents or toxins
on the Commerce Control List
are involved, or
The contract contains a
restriction on export or access
by foreign nationals
Probably
NO
(further review is required)
License May Be
Required
YES
License Will Be
Required
9
Determining the need for a license
If no exceptions or exemptions,
determine what kind of license is
needed • EAR
• ITAR
• OFAC
What next?!
Next steps:
 Get a license
 Set up a Technology Control Plan
 Train the project personnel
 Audit the Plan
 Keep records
Register first!
 If ITAR - must be registered with State (DDTC)
 http://www.pmddtc.state.gov/registration/index.html
 $2250 flat fee for first-time users and universities or
organizations not subject to taxation
 Need a digital certificate
 License submitted through D-Trade
 If EAR – must register with Commerce (BIS)
 Free!
 http://www.bis.doc.gov/snap/pinsnapr.htm
 If OFAC – no registration necessary
Bureau of Industry & Security(BIS):
SNAP-R licenses
 Deemed Export License (BIS 748P-B)
 Licenses are required for release of controlled technology or
software to a foreign national only if a license is required for
the export of such items to the home country.
 Commodity Classification
 Review the Commerce Control List (Part 774 Supplement 1) to
identify (approximately) the ECCN or ECCNs that seem to be
appropriate. Try to describe your item/technology in the
control parameters used in the CCL entries.
 Shipping license (BIS 748P-A)
 http://www.bis.doc.gov/snap/index.htm
Submitting an OFAC license
 No required form – provide a detailed description
of proposed transaction, including names and
addresses of all involved
 States in the license records shall be made
available upon demand for at least 5 years
 Call Licensing Div. (202) 622-2480 or Compliance
Div. (202) 622-2490 for status
http://www.treasury.gov/about/organizationalstructure/offices/Pages/Office-of-Foreign-Assets-Control.aspx
Most Commonly Used ITAR Forms
and Agreements
 DSP-5
 License
for permanent export of unclassified
defense articles and related unclassified
technical data
 License for foreign employees/students
 “Vehicle” for online submission of TAA
 Technical Assistance Agreement (TAA)
 an agreement for the performance of a defense
service(s) or disclosure of technical data
Most Commonly Used ITAR Forms
and Agreements
 DSP-83 Nontransfer and Use Certificate required for
export of significant military equipment (SME) and
classified articles/data
 DSP-73 License for Temporary Export of
Unclassified Defense Articles
 Commodity Jurisdiction (CJ) – Purpose is to
determine whether an item or service is covered by
the U.S. Munitions List (USML)
Commodity Jurisdiction (CJ)
Requests: “What to do when
you don’t know what to do”
ONLY STATE CAN
DETERMINE JURISDICTION
EAR or ITAR?
 Need to go to the authority - State Department
has sole authority
not the PI
 not the Sponsor
 not DoD
 not Commerce

 You do not need to be registered with State
to submit a CJ
Before you start writing…
 Ask yourself the 3 most obvious
questions



Who is funding the project?
(DoD? NASA? NIH?)
What is the intended end-use?
(Military? Commercial? Both?)
What is the actual technology involved?
(Surveillance? Space?)
Then ask yourself these…
 Does the item or technology have predominant military,




space or intelligence application?
Was it designed, manufactured or tested to meet military
or commercial specifications?
What is the current predominant application?
Does it have performance equivalent (in form, fit and
function) to an item used for civil application?
Is there sufficient justification for Commerce or State
Department jurisdiction?
If it looks like a duck…
 The CJ process is there to use when there is doubt about




a technology’s or commodity’s jurisdiction
When writing a CJ, you’re usually trying to argue your
item is not subject to the ITAR
CJs take time to write and even more time to process
Don’t waste time on a CJ if there is no doubt your project
is controlled under the ITAR and you have no justification
for reconsideration
If the intended end-use is for a military application, there
is no doubt – it’s ITAR-controlled
And it sounds like a duck…
 Follow your instincts
 Don’t believe everything PIs tell you no matter how
confidently or definitively they state it
 Most PIs, unless they’ve worked in industry, are not
experienced with or savvy about these regulations – high
level of naiveté
 Dig for information, ask lots of questions
 Ask them again and again
Some assertions I’ve heard….
“This (satellite) information can’t be ITAR-controlled to Japan – they’re
a peace-loving nation. They are our allies.”
“DHS doesn’t fund ITAR-controlled work because DHS is a civilian law
enforcement agency.”
“We can’t call it ITAR because we don’t know the end use. The sponsor
won’t tell us because it’s classified.”
“I have a document marked ‘ITAR-controlled’ but it’s also marked
‘uncontrolled when printed.’ I have a printed copy so I guess it’s not
export-controlled.”
It is a duck
 Prime is DoD
 Sponsor won’t tell you which agency within DoD
 Contract terms and conditions contain restrictions on
publication and participation of foreign nationals
 Statement of Work asserts “innovative and advanced
research”
 End-use is for a military application
It’s an ITAR duck
Doubt arises when…
 The sponsor’s determination differs from yours
 You’re modifying a defense article substantially for a
commercial purpose*
 You are collaborating with another university that is
treating the project differently
 You request a classification or a license from BIS and
they advise you to submit a CJ
*If you’re modifying an item for a military purpose, it’s ITAR-controlled.
Tips on writing CJs
 Include as much information as possible
 PI or technical staff must participate in writing the CJ –
they need to explain the technology clearly
 Try to anticipate questions
 Don’t try to fudge
 Predominant means most of the time
 Identical means exactly the same
 Modified means modified – no matter how insignificant
the change may seem
Tips on writing CJs
 Two legitimate arguments:
 Your commodity is not a defense article and is not on the
USML
 Your commodity was a defense article but has been
modified so it no longer has military application
 Tell them how you think it should be classified,
e.g. Dual-use, EAR99, ECCN 3A992, etc.
Tips on writing CJs
 Follow the Guidelines – these are not in the regulations –
they are online see:
http://www.pmddtc.state.gov/commodity_jurisdiction/inde
x.html
 DDTC often posts information on its webpages – always
check for the latest information
 CJs must be uploaded* to DDTC using their Electronic
Form Submission software. Requests must include fully
executed DS-4076 CJ Form and all supporting
documentation

120.4 (c) revised – no longer need original and 7 collated copies!
*as of September 3, 2010
CJ Processing
 Interagency review
 Per DDTC usually less than 65 business days
 May get calls for additional information, be ready to
answer or have PIs and Researcher prepared to respond
 Be courteous and professional and make sure the PI and
Researchers are as well
 Don’t blame the reviewers, they’re just doing their jobs
Documenting Export Controls
Compliance:
Technology Control Plans
ELEMENTS OF A TECHNOLOGY
CONTROL PLAN
License or Technology Control Plan?
 In some situations it is possible to put a TCP in
place instead of applying for a license
 A TCP is simply a plan that outlines the procedures
to secure controlled technology (e.g., technical
information, data, materials, software, or
hardware) from use and observation by unlicensed
non-U.S. citizens

If this is not possible, then a license or technical assistance
agreement would be needed
Technology Control Plans (TCPs)
 If you have export-controlled projects at your university
you need technology control plans
 Elements of a TCP
 Commitment
 Personnel Screening
 Physical Controls
 IT Security
 Recordkeeping
 Communication and Training
 Ongoing audits and assessments
When do you need a TCP?
 In conjunction with a Technical Assistance Agreement




(TAA) – Dept. of State
In conjunction with a Deemed Export license – Dept.
of Commerce
In conjunction with an agreement that does not allow
foreign nationals
In conjunction with an agreement that involves
controlled technology – includes NDAs
Or in conjunction with any project that involves
controlled technology!
What are some key elements to
consider in developing a TCP?
 A TCP is project-specific!
 Authorized personnel should be identified
 Export-controlled information must be identified and
marked as export-controlled
 Project data and/or materials must be physically shielded
from observation by unauthorized individuals by
operating in secured lab spaces or time blocks
 Work products such as soft and hardcopy data, lab
notebooks, reports, and research materials should be
stored in locked cabinets preferably in rooms with keycontrolled access
More elements to consider…..
 Key controlled access by authorized personnel only
 Equipment or internal components such as
operating manuals and schematic diagrams
containing identified export-controlled technology
must be secured
 Disposal of export-controlled information
 Discussions about the project


authorized personnel only and in secure area
no third-party discussion unless conducted under signed
agreement with U.S. citizen limitations
Even more elements to consider…..
 Export-controlled electronic communications and
databases need to be secured. Such measures may
include:



user ID, strong password, SSL or other approved encryption
technology (TrueCrypt)
activate screensavers after 10 minutes
full disk encryption for laptops
 Must include any project specific restrictions
 PI must approve and all project members sign off
Now that the TCP is in place…
 Project personnel need to be trained or briefed prior
to the start of the project
 Update TCP Certification every semester – project
personnel could change
 Retrain project personnel at least once a year
 Audit project to make sure TCP is being followed

Get IT folks to help audit electronic security measures
Now that the project is over…
 Security measures should remain in effect
to protect export-controlled information
unless earlier terminated when the
information has been destroyed or
determined to be no longer controlled.
Export Compliance:
Recordkeeping
The devil is in the details!
What’s required of us?
 Federal Sentencing Guidelines: Effective
Compliance and Ethics Program

In general, requires the “…exercise (of) due diligence to
prevent and detect criminal conduct; and otherwise promote
an organizational culture that encourages ethical conduct
and a commitment to compliance with the law.”

United States Sentencing Commission, Guidelines Manual,
§8B2.1(a) (Nov. 2006)
What’s required of us?
 The USSC’s 7 Step Program
 Establish standards & procedures
 Knowledgeable governing authority with reasonable oversight
 Authority personnel does not include individuals engaged in
illegal activities
 Effective training programs
 Monitoring, auditing, periodic evaluation, and a reporting
system for employees & agents
 Consistent enforcement
 Respond to non-compliance w/ reasonable steps
So where is recordkeeping?
 The USSC’s 7 Step Program
 Establish standards & procedures
 Knowledgeable governing authority with reasonable oversight
 Authority personnel does not include individuals engaged in
illegal activities
 Effective training programs
 Monitoring, auditing, periodic evaluation, and a reporting
system for employees & agents
 Consistent enforcement
 Respond to non-compliance w/ reasonable steps
But, what is a record?
National Archives & Records Administration
36 Code of Federal Regulations (CFR) 1220
 Section 1220.14 General Definitions: Records include all books,
papers, maps, photographs, machine readable materials, or other
documentary materials, regardless of physical form or
characteristics, made or received by an agency of the United States
Government under Federal law or in connection with the
transaction of public business and preserved or appropriate for
preservation by that agency or its legitimate successor as evidence of
the organization, functions, policies, decisions, procedures,
operations or other activities of the Government or because of the
informational value of the data in them (44 U.S.C. 3301).
In Export Control-speak…
 Export Administration Regulations (EAR) Part 762
 Recordkeeping
 International Traffic in Arms Regulations (ITAR)
Part 122
Registration of Manufacturers and Exporters (122.5),
with an additional clause at
 Part 123.26 Recordkeeping requirement for exemptions

 Documentation must be kept five years after the
expiration of license

EAR Part 762
 Scope
 Transactions involving restrictive trade practices;
exports/reexports; Canadian exports if involving nonU.S./Canadian persons with an interest; or any other
transactions subject to the EAR
 Records to be Retained
 Memoranda; Notes; Correspondence; Contracts; Invitations
to Bid; Books of Account; Financial Records; Restrictive
Trade Practice or Boycott Documents/Reports, and Other
records describing those transactions
 Bottom Line: Anything about Anything!
ITAR Part 122.5
 Maintenance of records by registrants
 “…maintain records concerning the manufacture,
acquisition and disposition (to include copies of all
documentation on exports using exemptions and
applications and licenses and their related documentation),
of defense articles; of technical data; the provision of defense
services; brokering activities; and information on political
contributions, fees, or commissions furnished or obtained,
as required by part 130 of this subchapter.”
 Bottom Line: Anything about Anything!
How should I keep records?
 Lessons learned from case history:
 Electronic systems are valid, but not required; operational
needs can (and should!) be considered in this decision
 Deleting electronic records is OK; as long as all the
information is available elsewhere
 Record management is KEY!
Export Compliance:
“When Stuff Happens”
Voluntary
Disclosures
What should you do if think you have a
violation?
 Have a process
 Document what the process is and who
needs to be involved
 Empowered
Official
 VPR
 Legal
Department
 Dean or Department Head
Stop the activity immediately!
Voluntary disclosures – initial letter
51
 If you realize a violation has occurred, the appropriate
agency should be notified ASAP!

Penalty (hopefully!) will be less severe
 Send a brief initial notification pursuant to
 15 CFR §764.5 Office of Export Enforcement
(Commerce/BIS)
 22 CFR §127.12(c) Office of Defense Trade Controls
Compliance (State)
 State the matter is under internal review and complete
narrative account will follow per


15 CFR §764.5(3) and (4) or
22 CFR §127.12(c)(2)
Voluntary disclosures – Agency response
52
Commerce:
 The BIS Office of Export Enforcement will respond
upon receipt with instructions


Per §764.2(e), can’t do anything (order, buy, remove, store,
use, loan, forward, service, etc.) with the item(s) in question
Per §764.5(f), can request permission to engage in activities
that would otherwise be a violation
Voluntary disclosures – Agency response
53
State – DDTC:
 The Office of Defense Trade Controls Compliance,
Enforcement Division (DTCC/END) will
acknowledge receipt and assign a case number
 Per §127.12(c)(1)(i), you must submit full disclosure
within 60 days of date of letter
 Can ask for an extension but must specify what and
why required information could not be provided
Voluntary disclosure – next step
54
 Compile the facts – what happened
 Gather supporting documents and information
 Names, addresses, citizenship
 Equipment lists (chart or table format)
Manufacturer and model number
 Quantity and unit cost
 ECCNs and/or USML categories


Phone calls, logs, meetings
Voluntary disclosure –
supplementary letter
55
 Show corrective action taken and the measures put
in place to prevent it from happening again, such as:
Annual export control training
 Set up technology control plan
 Enhanced website with links to export control
procedures and forms
 Implemented internal procedures to ensure no exports
are made without a license or license exemption
 Implemented a formal export approval process

 University commitment to compliance
Voluntary disclosure –
supplementary letter
56
 Give background information (project description)
 Describe the violations (unauthorized export,
recordkeeping, license terms)





What (item and categories)
When (supply dates)
Where (countries)
Who (people involved and citizenships)
Why (give explanation of reasons for violation)
Closeout
 Hopefully you will get a letter stating “ we are closing
this case without taking action”

They can reopen the case
 State or Commerce could require an outside audit
 Worst-case scenario, the institution get fined or the
PI faces jail-time and fines
Things to remember
 Don’t jump to conclusions
 May not be an export violation at all, could be a
misunderstanding or a violation of an internal process

We live in an electronic world
◦ Documents are emailed, downloaded, backed-up to servers,
copied to thumb drives, posted to websites, printed out
◦ All of these methods must be reviewed, including who had access
to what, by which means and when
 Must be a closed loop process
 Ensure corrective actions are implemented
 Check back in a couple of weeks to make sure they are working
Discussion Time
Contact Information
Adilia Koch
Kay Ellis
Director of Export Compliance
California Institute of Technology
Export Control Officer
University of Arizona
adilia.koch@caltech.edu
626-395-4469
ellisk@email.arizona.edu
520-626-2437
Related documents
international business experience
international business experience
University of Arkansas Fayetteville
University of Arkansas Fayetteville
Invitation - Economic and Commercial Counsellor`s Office of the
Invitation - Economic and Commercial Counsellor`s Office of the
here - Smartsavings
here - Smartsavings
Action planning 2014
Action planning 2014
Trade Presentation Huw Roberts WG 161013
Trade Presentation Huw Roberts WG 161013
Slides - OASPA
Slides - OASPA
Compliance with AES
Compliance with AES
FlexNet Publisher Briefing for CELUG Celug.Aug.2010
FlexNet Publisher Briefing for CELUG Celug.Aug.2010
AB 60 Community Education Powerpoint
AB 60 Community Education Powerpoint
flyer - Association of Old Crows Garden State Chapter
flyer - Association of Old Crows Garden State Chapter
Export Control - Basics
Export Control - Basics
(EU) 775/2014
(EU) 775/2014
Download
advertisement