risk determination in export compliance
Post on 20-Aug-2015
940 Views
Preview:
TRANSCRIPT
Risk DeterminationInternational Trade Compliance
ICPA
Jasper Helder, Baker & McKenzie, AmsterdamJasper.Helder@bakermckenzie.com
2
Introduction
3
Int. Trade regulatory remit (non-exhaustive)
– Product related– Export Controls
– Customs classification & origin
– VAT rate/Excise duties
– Product safety & RoHS
– Labelling & Packaging
– Environmental
– Transaction related– Sanctions & embargoes
– FCPA
– AML & Forex
– Incoterms
4
Legal appreciation of compliance programs
– US: factor for mitigation of consequences of non-compliance
– EU: Authorised Economic Operator demands compliance program and compliance function
– AEO confers benefits for customs processes
– Export Compliance: national requirements for granting general/global licenses
5
Agenda
– The compliance function as a risk: organisational challenges
– A systematic approach to risks: comparison with the HACCP model
– An example: Export Controls Compliance in the Defense sector
6
The compliance function as a risk: organisational challenges
7
Organisational challenges
– Allocating resources– “Fire fighting” or pro active risk management?
– Allocating the right resources- “Empowered Official” under section 120.25 ITAR
- Authority for policy or management- Legally empowered - Understanding export control statutes- Independent authority to review and verify legality of
transactions without adverse recourse
8
Organisational challenges
– Internal authority
– Budgets
– To whom does compliance report?
– Internal enforcement of decisions/policies/procedures
– Independent review?
9
Organisational challenges
– External authority
– Empowered for external representation
– Understanding the regulatory environment
– Experience is one very good source (but one source besides others)
– “Train the trainer”
10
A systematic approach to risks: comparison with the HACCP model
11
A systematic approach to risks
– Hazard Analysis Critical Control Point (HACCP)
– “a systematic preventive approach to food and pharmaceutical safety that addresses physical, chemical and biological hazards as a means of prevention rather than finished product inspection”
– ISO 22000
– Process based approach to identifying, monitoring and actioning risks to prevent non-compliance (or reduce chances to acceptable levels)
12
A systematic approach to risks
– HACCP Principle 1: Conduct a risk analysis
– A risk is a circumstance which may cause a legal requirement not to be met
– A compliance plan determines the risks and identifies the preventive measures the plan can apply to control these risks
– Identify processes
13
A systematic approach to risks
– HACCP Principle 2: Identify critical control points
– A Critical Control Point (CCP) is a point, step, or procedure in a process at which control can be applied and, as a result, a risk can be prevented, eliminated, or reduced to an acceptable level
14
A systematic approach to risks
– HACCP Principle 3: Establish critical limits for each critical control point
– A critical limit is the maximum or minimum value to which a risk must be controlled at a critical control point to prevent, eliminate, or reduce that risk to an acceptable level
15
A systematic approach to risks
– HACCP Principle 4: Establish critical control point monitoring requirements
– Monitoring to gain control over a process at each critical control point
– Monitoring procedures and frequency incorporated in a compliance plan
16
A systematic approach to risks
– HACCP Principle 5: Establish corrective actions
– Actions when monitoring indicates a deviation from an established critical limit
– Corrective actions to be taken if a critical limit is not met
– Corrective actions must prevent reoccurrence
17
A systematic approach to risks
– HACCP Principle 6: Establish record keeping procedures
– Risk analysis
– Compliance plan & procedures
– Monitoring of critical control points
– Corrective Actions (?)
18
A systematic approach to risks
– HACCP Principle 7: Establish procedures for ensuring the system is working
– Validation to ensure that the compliance procedures are operating in practice
– In itself a critical control point
19
An example: Export Controls Compliance in the Defense sector
20
Compliance Layer 1: Product-related Export Controls
– US Rules– Military: ITAR (Dept. of Defense Trade Controls)– Dual Use: EAR (Commerce Dept., BIS)
– EU Rules – Military Export Controls – Dual Use Lists
– National Rules – Military Lists – Dual Use lists
21
Compliance Layer 2: Transaction related Export Controls
– US Rules:
– ITAR “no go countries” (DDTC)
– Sanctions & Embargoes (OFAC)
– EU Rules
– Sanctions & Embargoes
– National Rules
– Sanctions & Embargoes
– National Control Lists of persons/entities etc.
22
– Be self conscious about your supplier’s compliance– Do not assume your supplier is getting it right– Make sure your end of the project is reflected in your suppliers
compliance steps
– ITAR or EAR classified ?– Commodity jurisdiction required ?
– US Authorisation needed ?– Scope for use of ITAR exemptions ?– Export License: any re-export/retransfer needs ?– TAA: scope of work clearly identified ?
Verify “US Connection”
23
Determine EU & National Controls
– Item subject to EU Dual Use Controls or Military Controls ?– If on Military List
– identify National (and EU) Transaction Controls that may apply
– screen other parties engaged in transactions– Projects: any intra-EU transfers needed
– (check if US Authorizations allow this!)
– If not on Military List– Check Annex I and Annex IV EU Dual Use Reg– If not on Annex I: check Military End Use and National
Controls
24
Elements of practical implementation
– Fixed product catalog: implement Export Control status in Item Master Data in SAP or other ERP systems
– Projects:
– Identify Logistics Flows and Tech Data Flows
– “Compliance Map”
– Before applying for Export Licenses: check the past !
Risk DeterminationInternational Trade Compliance
ICPA
Jasper Helder, Baker & McKenzie, AmsterdamJasper.Helder@bakermckenzie.com
top related