Compliance Crossroads:
Where Security and
Export Control Meet
Kimberly Fordham
Empowered Official
Lockheed Martin Missiles & Fire Control
4 August 2011
THE INDUSTRY PERSPECTIVE
IN ADDITION TO COMPLIANCE WITH NISPOM,
COMPLIANCE IS REQUIRED WITH THE
APPROPRIATE EXPORT REGULATIONS:
DEPARTMENT OF COMMERCE, BUREAU OF INDUSTRY AND
SECURITY (BIS)
DEPARTMENT OF STATE, DIRECTORATE OF DEFENSE TRADE
CONTROLS (DDTC)
OTHER REGULATIONS MAY APPLY, DEPENDING ON PRODUCT
THE INDUSTRY PERSPECTIVE
COMMERCIAL PRODUCTS AND TECHNOLOGY CONTROLLED BY
COMMERCE/BIS ARE SUBJECT TO THE EXPORT ADMINISTRATION
REGULATIONS (EAR)
http://www.access.gpo.gov/bis/
DEFENSE ARTICLES, DATA, AND SERVICES CONTROLLED BY
STATE/DDTC ARE SUBJECT TO THE ARMS EXPORT CONTROL ACT
(AECA), INTERNATIONAL TRAFFIC IN ARMS REGULATIONS (ITAR)
http://www.pmddtc.state.gov
THERE ARE PENALTIES FOR NON-COMPLIANCE!
THE INDUSTRY PERSPECTIVE
JURISDICTION
COMMERCE/BIS – MOST DUAL- USE PRODUCTS ARE LICENSABLE
STATE/DDTC – REGISTRATION REQUIREMENT, EVEN IF YOU DO NOT
EXPORT
All U.S. persons that manufacture or export defense articles,
furnish defense services, or U.S. and foreign persons engaged in
arms brokering, are required to register with the State Department
(via DDTC).
THE INDUSTRY PERSPECTIVE CONTINUED
DOES NOT ALLOW YOU ANY EXPORT PRIVILEGES
REGISTRATION IS A PREREQUISITE TO EXPORT LICENSING
APPROVAL
REGISTRATION PROCESS INFORMS USG ABOUT COMPANY
OWNERSHIP, LEGAL STATUS, AND AREAS OF ACTIVITY
SERVES AS CHANNEL TO PROVIDE INDUSTRY WITH INFO ABOUT
EXPORT REGULATIONS AND USG CONCERNS
COMMERCE/BIS JURISDICTION
BIS IMPLEMENTS AND ENFORCES THE EXPORT
ADMINISTRATION REGULATIONS (EAR) (CODE OF FEDERAL
REGULATIONS, TITLE 15, CHAPTER VII, SUBCHAPTER C)
REGULATES THE EXPORT OF DUAL USE ITEMS, WHICH HAVE
BOTH COMMERCIAL AND MILITARY CAPABILITY
SCREEN ALL PARTIES AGAINST DENIED PARTIES LISTS
COMMERCE/BIS JURISDICTION CONTINUED
MAY REQUIRE AN EXPORT LICENSE FOR CIRCUMSTANCES INVOLVING
NATIONAL SECURITY, FOREIGN POLICY, MISSILE TECHNOLOGY,
REGIONAL STABILITY, OR TERRORIST CONCERNS
LICENSE REQUIREMENTS DETERMINED BY TECHNICAL ASPECTS,
DESTINATION, END USE AND END USER
A MODIFIED DUAL USE ITEM CAN BECOME ITAR CONTROLLED
SCREEN ALL PARTIES AGAINST DENIED PARTIES LISTS
STATE/DDTC JURISDICTION
DDTC IMPLEMENTS AND ENFORCES THE ARMS EXPORT CONTROL
ACT (AECA) VIA THE INTERNATIONAL TRAFFIC IN ARMS
REGULATIONS (ITAR) (CODE OF FEDERAL REGULATIONS, TITLE 22
CHAPTER 1, SUBCHAPTER M, PARTS 120-130)
REGULATES THE EXPORT OF DEFENSE ARTICLES
AN AK-47 SOLD TO THE POPE IS STILL AN AK-47
STATE/DDTC JURISDICTION CONTINUED
AN EXPORT LICENSE IS REQUIRED FOR ANY ITEM ENUMERATED ON
THE UNITED STATES MUNITIONS LIST (ITAR PART 121)
LICENSE REQUIREMENT IS NOT DETERMINED BY TECHNICAL
CHARACTERISTICS, DESTINATION, OR END USE AND END USER
AN AK-47 SOLD TO THE POPE IS STILL AN AK-47
ITAR TERMS TO KNOW
• DEFENSE ARTICLE – Any item or technical data designated in the
U.S. Munitions List (ITAR Part 121)
• TECHNICAL DATA – Information (includes software) required for
the design development, production, manufacture, assembly,
operation, repair, testing, maintenance or modification of defense
articles, REGARDLESS of classification
• DEFENSE SERVICES – Furnishing of controlled technical data and
assistance (including training) to foreign persons, whether in the
United States or abroad, in the design, development, engineering,
manufacture, production, assembly, testing, repair, maintenance,
modification, operation, demilitarization, destruction, processing
or use of defense articles
EXPORTS UNDER THE ITAR - 120.17
RESTRICTIONS ON TRANSFERS OF SOFTWARE , TECHNICAL DATA,
AND DEFENSE SERVICES
AN EXPORT OCCURS WHEN:
TECHNICAL DATA, REGARDLESS OF CLASSIFICATION, IS DISCLOSED
TO A FOREIGN PERSON, WHETHER IN THE U.S. OR ABROAD
PROHIBITED COUNTRIES IDENTIFIED IN ITAR 126.1 INCLUDE:
BELARUS, CUBA, ERITREA, IRAN,NORTH KOREA, SYRIA, VENEZUELA,
BURMA, CHINA, LIBERIA, SUDAN
EXPORTS UNDER THE ITAR - 120.17 CONTINUED
PERFORMING A DEFENSE SERVICE FOR THE BENEFIT OF A
FOREIGN PERSON, WHETHER IN THE U.S. OR ABROAD
SENDING OR TAKING TECHNICAL DATA, REGARDLESS OF
CLASSIFICATION, OUT OF THE U.S. IN ANY MANNER
IT IS ILLEGAL TO ACCOMPLISH ANY OF THE ABOVE WITHOUT
SPECIFIC AUTHORITY ISSUED BY THE DDTC (LICENSE OR
EXEMPTION)
PROHIBITED COUNTRIES IDENTIFIED IN ITAR 126.1 INCLUDE:
BELARUS, CUBA, ERITREA, IRAN,NORTH KOREA, SYRIA, VENEZUELA,
BURMA, CHINA, LIBERIA, SUDAN
HOW SECURITY AND EXPORT CONTROL IMPACT:
CONTRACTS
MARKING REQUIREMENTS PER PROGRAM SECURITY INSTRUCTION
(PSI) AND/OR SECURITY CLASSIFICATION GUIDE (SCG)
All technical data should be marked IAW the program’s Security
Guide, Export License, Contract, Company Procedures and
NISPOM
Additional markings may be required for Proprietary Information
and compliance with Export Regulations
Multiple sources may require multiple markings
If marking becomes complex, may need to provide training or
issue a desktop guide
Coordinate with other Security managers to ensure proper
markings
ALL FUNCTIONAL AREAS ARE AFFECTED!
HOW SECURITY AND EXPORT CONTROL IMPACT:
CONTRACTS
KNOW YOUR CUSTOMER – NOT ALL COUNTRIES/ENTITIES ARE
ELIGIBLE
USG CONTRACTS VS. DIRECT COMMERCIAL SALES – WHAT’S YOUR
VISIBILITY?
IS CLASSIFIED DATA INTENDED FOR EXPORT UNDER THE
CONTRACT, AND IF SO – IS THERE A CLASSIFIED EXPORT LICENSE
IN PLACE, AND IS THE CUSTOMER’S FACILITY CLEARED?
ALL FUNCTIONAL AREAS ARE AFFECTED!
HOW SECURITY AND EXPORT CONTROL IMPACT:
SHIPPING/RECEIVING
CLASSIFIED SHIPMENTS, BOTH INCOMING AND OUTGOING, MUST
BE PROCESSED VIA SECURITY
PERSONNEL NEED TO KNOW THAT THEY CAN’T PUT HARDWARE IN A
BOX AND FED EX IT OUT OF THE COUNTRY
IF THEY MAKE A MISTAKE, CUSTOMS CAN SEIZE THE GOODS,
RESULTING IN FINES, STORAGE FEES, AND SCHEDULE IMPACT
ALL FUNCTIONAL AREAS ARE AFFECTED!
HOW SECURITY AND EXPORT CONTROL IMPACT:
UTILIZE A FREIGHT FORWARDER FAMILIAR WITH THE ITAR
FOR ALL EXPORTS
SHIPPING TECHNICAL DATA- MUST CERTIFY PROPOSED
EXPORT IS COVERED BY ITAR EXEMPTION BY MARKING
PACKAGE OR LETTER CONTAINING TECHNICAL DATA WITH
THE APPLICABLE ITAR EXEMPTION
ALL FUNCTIONAL AREAS ARE AFFECTED!
HOW SECURITY AND EXPORT CONTROL IMPACT:
ENGINEERING AND BUSINESS DEVELOPMENT
TECHNICAL MEETINGS – CLASSIFIED MEETINGS REQUIRE SECURITY
AND EXPORT APPROVAL (RELEASE CERTIFICATION)
KNOW THE PARTIES AND THE SCOPE COVERED BY YOUR TECHNICAL
ASSISTANCE AGREEMENT (TAA) – ALL ATTENDEES NOT NECESSARILY
COVERED
IDENTIFY PARTICIPANTS ON THE OTHER END OF THE PHONE – IF
THEY AREN’T AUTHORIZED, THEY CAN’T ATTEND THE MEETING
ALL FUNCTIONAL AREAS ARE AFFECTED!
HOW SECURITY AND EXPORT CONTROL IMPACT:
ENGINEERING AND BUSINESS DEVELOPMENT
THERE MAY BE AN AVAILABLE EXEMPTION THAT CAN BE USED IN
THE CASE OF A CRITICAL MEETING WHERE THEY NEED TO
DISCUSS TECHNICAL DATA THAT ISN’T APPROVED FOR EXPORT
THE USG CUSTOMER DOES NOT HAVE THE AUTHORITY TO DIRECT
INDUSTRY TO MAKE AN EXPORT
ALL FUNCTIONAL AREAS ARE AFFECTED!
HOW SECURITY AND EXPORT CONTROL IMPACT:
ENGINEERING AND BUSINESS DEVELOPMENT
UNLESS THERE IS A SPECIFIC MARKETING LICENSE IN PLACE,
BUSINESS DEVELOPMENT CANNOT MAKE TECHNICAL
PRESENTATIONS TO POTENTIAL CUSTOMERS
ENSURE CONTROLS ARE IN PLACE FOR THE PROPER SHARING OF
TECHNICAL DATA AND DEFENSE SERVICES
ALL FUNCTIONAL AREAS ARE AFFECTED!
HOW SECURITY AND EXPORT CONTROL IMPACT:
HUMAN RESOURCES
HIRING A FOREIGN PERSON TO WORK ON DEFENSE ARTICLES
REQUIRES A DSP-5 LICENSE
DUAL AND THIRD COUNTRY NATIONALS HAVE ADDITIONAL
RESTRICTIONS (126.1 COUNTRIES INELIGIBLE; OTHERS REQUIRE
LICENSE OR ITAR EXEMPTION)
TECHNOLOGY CONTROL PLAN – REQUIRED IN SUPPORT OF
LICENSE/TAA
US EMPLOYEES TRANSFERRED OVERSEAS AS EXPATRIATES MUST BE
TREATED AS FOREIGN NATIONALS FOR EXPORT PURPOSES
ALL FUNCTIONAL AREAS ARE AFFECTED!
HOW SECURITY AND EXPORT CONTROL IMPACT:
INFORMATION TECHNOLOGY (IT)
DAMAGE CONTROL IN CASE OF A NETWORK
BREACH/UNAUTHORIZED ACCESS – POTENTIAL EXPORT AND
SECURITY VIOLATION
CONSIDER YOUR NETWORK INFRASTRUCTURE IF FOREIGN
NATIONALS WILL HAVE ACCESS,DETERMINE IF FIREWALLS OR
OTHER DETERRENTS ARE REQUIRED
ADDRESS THESE SECURITY, EXPORT, AND IT CONCERNS
BEFORE
ENTERING INTO A COLLABORATIVE ENVIRONMENT
HOW SECURITY AND EXPORT CONTROL IMPACT:
INFORMATION TECHNOLOGY (IT)
FOREIGN NATIONAL NETWORK ACCESS TO CLASSIFIED
INFORMATION REQUIRES ADDITIONAL SECURITY AND EXPORT
APPROVALS
THE EXPORT SHOULD OCCUR FROM WHERE THE INDIVIDUAL IS
PHYSICALLY LOCATED – ACCESSING THE NETWORK VIA A US
SERVER CONSTITUTES AN EXPORT
ADRESS THESE SECURITY, EXPORT, AND IT CONCERNS
BEFORE
ENTERING INTO A COLLABORATIVE ENVIRONMENT
HOW SECURITY AND EXPORT CONTROL IMPACT:
INFORMATION TECHNOLOGY (IT)
DO NOT ALLOW FNs TO CONNECT THEIR ELECTRONIC MEDIA OR
STORAGE DEVICES TO YOUR NETWORK UNLESS THE APPROPRIATE
AUTHORIZATIONS ARE IN PLACE
LIMIT THE SIZE OF E-MAIL ATTACHMENTS TO DISCOURAGE EMAILING TECHNICAL DATA OVER THE INTERNET WITHOUT
ENCRYPTION
ADDRESS THESE SECURITY, EXPORT, AND IT CONCERNS
BEFORE
ENTERING INTO A COLLABORATIVE ENVIRONMENT
HOW SECURITY AND EXPORT CONTROL IMPACT:
FOREIGN NATIONAL VISITS
DEFINITION OF ‘U.S. PERSON’ IS NOT THE SAME IN NISPOM AND
ITAR!
NISPOM = U.S. CITIZEN
ITAR = PERMANENT RESIDENT/GREEN CARD HOLDER
ALL FUNCTIONAL AREAS ARE AFFECTED!
HOW SECURITY AND EXPORT CONTROL IMPACT:
FOREIGN NATIONAL VISITS
DEFINE WHAT VISITORS ARE AUTHORIZED TO HAVE ACCESS TO
A LICENSE OR EXEMPTION IS REQUIRED FOR ACCESS TO TECHNICAL
DATA/ATTENDANCE AT MEETINGS
THERE ARE ITAR EXEMPTIONS AVAILABLE FOR BOTH CLASSIFIED
AND UNCLASSIFIED VISITS
ITAR RECORDKEEPING REQUIREMENTS - Must maintain Foreign
National Visitors Log
ALL FUNCTIONAL AREAS ARE AFFECTED!
HOW SECURITY AND EXPORT CONTROL IMPACT:
FOREIGN DISCLOSURE REVIEW
FOREIGN RELEASE OF TECHNICAL DATA:
All technical data requires foreign disclosure release review
and approval by appropriate USG agency prior to being exported
Review TAA provisos for any restrictions or specific release
process
Work with USG FSO on release procedure
NISPOM 10-408 REQUIRES AN EMPOWERED OFFICIAL (ITAR
120.25) TO CERTIFY THAT EACH CLASSIFIED EXPORT IS
AUTHORIZED
ALL FUNCTIONAL AREAS ARE AFFECTED!
HOW SECURITY AND EXPORT CONTROL IMPACT:
FOREIGN DISCLOSURE REVIEW
REVIEW OF TECHINICAL DATA - Review CDRLs/SDRLs prior to being
submitted and upon receipt.
Review all shipments.
KNOW YOUR TAA(S) – AUTHORIZED SCOPE AND PARTIES; REVIEW
LIMITATIONS AND PROVISOS RECORDKEEPING - Must comply with all
terms and conditions of your license. All exports are required to be
documented IAW ITAR. Must maintain records for a minimum of 5
years AFTER EXPIRATION of your license or agreement.
Export of technical data via phone, fax, email, meetings, telecon
etc… must also be documented accordingly
ALL FUNCTIONAL AREAS ARE AFFECTED!
HOW SECURITY AND EXPORT CONTROL IMPACT:
EMPLOYEES TRAVELING ABROAD
HAND CARRY OF TECHNICAL DATA (HARD COPY OR ELECTRONIC)
UNCLASSIFIED REQUIRES EXPORT CONTROL DOCUMENTATION;
CLASSIFIED REQUIRES BOTH EXPORT CONTROL AND SECURITY
DOCUMENTATION
ENSURE DEFENSE SERVICES TO BE PROVIDED ARE AUTHORIZED
ALL FUNCTIONAL AREAS ARE AFFECTED!
HOW SECURITY AND EXPORT CONTROL IMPACT:
EMPLOYEES TRAVELING ABROAD
TRAVELERS SHOULD BE BRIEFED BY SECURITY AND EXPORT
CONTROL
EMPLOYEES SHOULD BE FAMILIAR WITH TAA LIMITATIONS
AND PROVISOS AND UNDERSTAND WHAT IS, AND IS NOT,
AUTHORIZED FOR DISCLOSURE
ALL FUNCTIONAL AREAS ARE AFFECTED!
HOW SECURITY AND EXPORT CONTROL IMPACT:
SUBCONTRACTS AND PROCUREMENT
KNOW WHO YOUR FOREIGN SUPPLIERS ARE AND SCREEN
REGULARLY AGAINST THE DENIED PARTIES LISTS
HAVE A PROCEDURE IN PLACE TO DETERMINE WHETHER YOUR US
SUPPLIERS EMPLOY FOREIGN NATIONALS AND TO ENSURE THEY
ARE AUTHORIZED
REQUIRE US SUBS TO OBTAIN THEIR OWN TAAS
HOW SECURITY AND EXPORT CONTROL IMPACT:
SUBCONTRACTS AND PROCUREMENT
HAVE A PROCEDURE IN PLACE TO DETERMINE WHETHER YOUR
FOREIGN SUPPLIERS EMPLOY DUAL OR THIRD COUNTRY
NATIONALS AND TO ENSURE THEY ARE AUTHORIZED
ARE THERE SUBLICENSEES INVOLVED?
REQUIRE US SUBS TO OBTAIN THEIR OWN TAAS
WHAT YOU NEED TO KNOW
Consequences for Export Violation
IT IS A VIOLATION IF YOU:
Export, or attempt to export, from the US, or re-export or
retransfer, any defense article or technical data from one
foreign destination to another without the required license.
Make any untrue statement or omit any material fact required
when registering
Import, or attempt to import , any defense article without the
required license whenever a license is required
Violate any terms of your license
WHAT YOU NEED TO KNOW
PENALTIES FOR VIOLATION:
Interim suspension or TAAs/licenses may be revoked
Seizure or forfeiture of defense articles
Debarred from participating directly or indirectly in the
procurement of defense articles and defense services for a
specified period of time
Civil penalties $500K for each violation
Criminal penalties $1M for each violation & up to 10 yrs in
prison
VIOLATIONS
PROVIDE GUIDANCE SO THAT EMPLOYEES KNOW WHAT TO
DO IF THEY SUSPECT THAT A SECURITY AND/OR EXPORT
VIOLATION HAS OCCURRED
IT IS CRUCIAL THAT EVEN SUSPECTED VIOLATIONS BE
REPORTED IMMEDIATELY TO ENABLE SECURITY AND/OR
EXPORT CONTROL TO MITIGATE DAMAGE AND TAKE THE
APPROPRIATE ACTION UNDER THE REGULATIONS
EXPORT COMPLIANCE

IMPLEMENT AN EXPORT COMPLIANCE PROGRAM
Implement Compliance at Corporate Level, Flow Down
Integrate into Standard Business Procedures
Assign Responsibilities
Part of Risk Management
Train & Retrain
Conduct Self-Assessments
Audits
Continuous Improvements
Corrective Action
CONCLUSION
AWARENESS AND COMMUNICATION ARE KEY
Seek the Advice of Your ECO
Work with Your USG Sponsoring FSO
Be aware of Export Licensing and Controls
Export Controls Affect Every Function and Every Organization
Level
Don’t Export Commodities or Technical Data Without an Export
License, Agreement, or Exemption and Proper Documentation
Plan Well in Advance
WEBSITES TO KNOW
SOCIETY FOR INTERNATIONAL AFFAIRS (SIA)
http://www.siaed.org/
BUREAU OF ALCOHOL, TOBACCO & FIREARMS
http://www.atf.gov/
DEFENSE SECURITY COOPERATION AGENCY
http://www.dsca.osd.mil/
DEFENSE TECHNOLOGY SECURITY ADMINISTRATION
http://www.defenselink.mil/policy/sections/policy_offices/dtsa/index.html
QUESTIONS??