Chad Geary, Celena Kingman, and Zachary Parker

Best Practices for
Export Compliance
Auditing & Oversight
Chad Geary
Celena Kingman
Zachary Parker
Raytheon Company
11/7/13
Copyright © 2012 Raytheon Company. All rights reserved.
Customer Success Is Our Mission is a registered trademark of Raytheon Company.
Introductions
Chad Geary
– Global Trade Operations Manager
 Transactional Export/Import compliance
Celena Kingman
– Manager II, ExIm Operational Excellence
 Responsible for IDS EXIM Operational Compliance through training, creating
and implementing work instructions, procedures and practices. Oversee the
completion of regular internal assessments and the close out of
incidents/disclosures and corrective actions. Investigates any findings and
creates corrective actions to address.
Zachary Parker
– Senior Compliance Advisor – Raytheon Office of General Counsel/Global
Trade Compliance
 Responsible for Enterprise-wide Export/Import oversight through
management of audits/assessments, metrics and disclosures to
governmental agencies
4/13/2015
2
Agenda
– Fundamentals of a Strong Compliance Program
– Auditing from a Global Trade Operations Perspective
– Auditing from a Business Unit/Product Line Perspective
– Auditing from a Corporate Perspective
– Incident Reporting & Corrective Actions
– Questions and Discussion
4/13/2015
3
Fundamentals for Compliance
In order to have a strong compliance program, you need:
– Corporate Leadership Commitment
– Strong Recordkeeping Program
– Implementation of Compliance-Related and Cross-Functional Policies,
Standard Operating Procedures and Work Instructions
– Clearly Defined Roles & Responsibilities
– Understanding of Regulatory Jurisdictions
– Consistency in Decisions
4/13/2015
4
Global Trade Operations Perspective
 A Multi-Tiered approach to transactional audits
– Established process and desk-level work instructions
– Data integrity on export/import documents
 Engage with internal stakeholders and external vendors
– Partnership with freight forwarders/brokers-they represent you before USG
4/13/2015
5
Global Trade Operations Perspective
 Follow-up and timeliness are key
– Timely identification of errors
– Cadence for reviews
– Rules for corrective actions
 Established escalation process/reporting
– Clear path for reporting errors and escalations (Incident Reporting/Disclosures)
 Ability to adjust to changes
– Flexible audit protocol – regulations constantly changing
4/13/2015
6
GTO – Case Study
 Originated with incident related to transactional compliance with
handling of AES filing for ITAR controlled shipment
– Mishandling of export license and AES filing
– Gap in quality of work done by filing agent- manual process filled with errors
– Developed 21-point checklist that filing agent would use to validate AES filing data
and transactional compliance
 Audit checklist includes:
– AES data integrity
 Did agent file accurately based on SLI provided on SLI
– Documentation accuracy
 Are proper markings included on documents-DCS, license information, parties,
values
– Temporary export/import licenses
 Endorsements done timely and accurately
– Recordkeeping
 Complete/correct/timely export documentation
4/13/2015
7
Business/Product Line Perspective
 Continuous Audits Through Checklists
– Based upon ITAR/EAR Requirements
 Pre license submittal
 Post license approval
 Semi-annual assessments
– Completeness and Requirement
 Ensure all documents are on record
– Modify Checklists based upon instances of non-compliance
4/13/2015
8
Business/Product Line Perspective
 Semi-Annual Audit Review
– Identify the timeframe for which the Audit will cover
– Identify Activity within the timeframe
– Randomly select the records to be audited
 For consistency need to have a set format for choosing records to be audited
 This includes determining the data pool to be used – have written
instructions that define the time frame and the records that will be audited
 use a standard Statistical Sampling tool such as Zero-Based Acceptance
Sampling Plan to determine the number of records from each source to be
reviewed.
– Need method for recording the records assessed and any findings i.e.
database or spreadsheets
– Within the Internal Self Assessment tool, identify records that are not
sufficient/potential issue and develop action plan (report or fix).
4/13/2015
9
BU/PL – Case Study
 Self-audits drive compliance
- One of the questions is whether all provisos have been completed
- Standard Proviso for classified agreements, IDS is suppose to send copies of
agreement approvals and the executed agreement to the local DSS office.
- Additionally any simple amendments and reclamas
- Discovered that a simple amendment had not been sent to the DSS office
- As this was a proviso requirement, it was a violation and had to be reported in
a Disclosure
- Prior to sending the disclosure, we did a further review of all agreements
authorizing classified data export to determine if we had any other issues
- Discovered that we had several simple amendments and reclamas that had
not been forwarded to DSS
- Edited work instruction to specifically call out the need to forward such
documents to DSS.
4/13/2015
10
Corporate Perspective
Why does Corporate also assess?
– External and independent assessments are an essential element in the
process of accountability for correct export and import compliance behavior
– Strong internal compliance is a method of good corporate stewardship
– Assessments are underpinned by three fundamental principles
 The assessment team is independent from the business being audited
 The scope of the assessment is extended to cover not only the review of
export and import transactions, but also all areas that may affect the legality
of an export or import transaction
 The assessment team may report aspects of their work to the General
Counsel, the Board of Directors and other key stakeholders
4/13/2015
11
Corporate Perspective
Assessment Program Development
– Study Incident Report and Voluntary Disclosures submitted for the previous year throughout
the enterprise and perform a detailed analysis on the Root Cause of the incidents
– Review changes in the regulatory environment
– Discuss anecdotal situations
– Hold discussions with business contacts
– Identify issues that are high-risk but have previously not been monitored by OGC/GTC or
business leads
Examples of areas for audit may be:
•
•
•
•
•
•
Shipping/Receiving Processes
Authorized Parties
License Quantities
Hardware Controls
General Exemption Usage
Agreement/License Provisos and
Limitations
• Inter-Organizational Transfers
• Contract Scope, Statement of Work and
Contract Modifications
• Temporary Export/Import of Hardware
• Part 130 Reporting
• Program Export/Import Compliance Procedures
(PEICP) Compliance/Distribution
• Public Release Process
• Technical Data Controls/Document Markings
• Recordkeeping/Maintenance
• Tradeshows
• USML/CCL Classifications
• General Knowledge and Training
4/13/2015
12
Corporate Perspective
What is involved in Corporate Audits?
– The GTC Audit Procedures involve multiple research methods. Specifically,
the assessment will involve:
 Review of business and site procedures
 Knowledge of international trade compliance
 Implementation of a compliance program within various functional areas of
program or location
4/13/2015
13
Corporate Perspective
Who is involved?
– Due to the company-wide implications of international trade compliance,
the Audit Procedures involve open and candid conversations with multiple
individuals throughout the various functional areas of the company.
– The team may contact individuals from the functional areas listed below to
learn more about their role within international trade compliance, as
applicable to the specific location and business procedures.











Export/Import Operations (Licensing & Global Trade Operations)
Program and Engineering Personnel
Supply Chain Management-Logistics
Business Development
Physical/Program Security
Finance
Contracts
Configuration Management/Data Management
Communications, including Business Tradeshow Coordinator
Information Technology Security
Mailroom
4/13/2015
14
Incident Reporting & Corrective Actions
Audit Findings are Key to Compliance
– Prioritize findings based upon business risk for immediate action
 Immediately Report Issues of Regulatory Non-Compliance
–
–
–
–
–
Gather the immediate facts
Notify relevant responsible compliance personnel
Collect supporting documentation
Conduct thorough investigation to identify scope and root cause
Disclose to regulatory agencies
4/13/2015
15
Incident Reporting & Corrective Actions
Corrective Actions Drive Compliance
–
–
–
–
–
–
–
Address the root cause of the finding, not just correcting the problem
Outline a timeframe for achievement
Identify the deliverables required for closure
Implement fully across affected parties
Track for completion
Test for compliance
Monitor for closure
4/13/2015
16
Questions and Discussion
4/13/2015
17