Export Control Compliance:

Technology Transfers and Deemed Exports Developing and Implementing a Comprehensive Compliance Program

to Minimize Exposure and Mitigate Penalties for Inadvertent Violations

Today’s faculty features:

1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific

The audio portion of the conference may be accessed via the telephone or by using your computer's

speakers. Please refer to the instructions emailed to registrants for additional information. If you

have any questions, please contact Customer Service at 1-800-926-7926 ext. 10.

WEDNESDAY, DECEMBER 10, 2014

Presenting a live 90-minute webinar with interactive Q&A

Giovanna M. Cinelli, Partner, Jones Day, Washington, D.C.

Josephine Aiello LeBeau, Partner, Wilson Sonsini Goodrich & Rosati, Washington, D.C.

Elsa Manzanares, Partner, Gardere Wynne Sewell, Dallas

Tips for Optimal Quality

Sound Quality

If you are listening via your computer speakers, please note that the quality

of your sound will vary depending on the speed and quality of your internet

connection.

If the sound quality is not satisfactory, you may listen via the phone: dial

1-866-570-7602 and enter your PIN when prompted. Otherwise, please

send us a chat or e-mail sound@straffordpub.com immediately so we can

address the problem.

If you dialed in and have any difficulties during the call, press *0 for assistance.

Viewing Quality

To maximize your screen, press the F11 key on your keyboard. To exit full screen,

press the F11 key again.

FOR LIVE EVENT ONLY

Continuing Education Credits

For CLE purposes, please let us know how many people are listening at your

location by completing each of the following steps:

• In the chat box, type (1) your company name and (2) the number of

attendees at your location

• Click the SEND button beside the box

If you have purchased Strafford CLE processing services, you must confirm your

participation by completing and submitting an Official Record of Attendance (CLE

Form).

You may obtain your CLE form by going to the program page and selecting the

appropriate form in the PROGRAM MATERIALS box at the top right corner.

If you'd like to purchase CLE credit processing, it is available for a fee. For

additional information about CLE credit processing, go to our website or call us at

1-800-926-7926 ext. 35.

FOR LIVE EVENT ONLY

Program Materials

If you have not printed the conference materials for this program, please

complete the following steps:

• Click on the ^ symbol next to “Conference Materials” in the middle of the left-

hand column on your screen.

• Click on the tab labeled “Handouts” that appears, and there you will see a

PDF of the slides for today's program.

• Double click on the PDF and a separate page will open.

• Print the slides by clicking on the printer icon.

FOR LIVE EVENT ONLY

© 2014

Export Control Compliance: Technology

Transfers and Deemed Exports:

Export Enforcement Trends

December 10, 2014

Giovanna M. Cinelli

(202) 879-3653

gcinelli@jonesday.com

© 2014

Export Enforcement

Statutorily driven

Policy driven

Personnel driven

6

© 2014

Export Enforcement

Focus depends on policy objectives each Administration

seeks to achieve

Some objectives remain constant – e.g., denied parties

prohibitions

Other objectives change as the Government sees shifts

in global circumstances -- e.g., Russia – Ukraine

sanctions

7

© 2014

Export Enforcement

Understanding the Government’s focus is key to addressing

compliance issues, whether the issues involve the

establishment of compliance programs, the retention of

compliance personnel or expenditures related to essential

compliance tools

The Government’s enforcement actions, whether civil or

criminal, provide insight into the various agencies’ priorities

8

© 2014

Export Enforcement Trends

Issues of Concern

State Commerce

• Misclassification • False statements and misrepresentations

• Unauthorized technical data and defense

services exports

• Unauthorized exports to Iran and China

• False statements and material omissions • Unauthorized exports to denied parties or

listed entities

• Unauthorized exports to proscribed

countries

• Acting with knowledge that a violation

occurred, was occurring, or was going to

occur

• Ineffective investigations • Cross-suspension or debarment for

violations of other than EAR/IEEPA

• Personal liability and a failure to oversee

compliance personnel

• Individual liability

9

© 2014

10

Select Department of Commerce Enforcement Cases

(2007 through 2014)

Case Name Year Country(ies) Violations

Technical Data

or Technology

SCP Global Technologies,

Inc. 2007 Taiwan; PRC; Israel Acting with knowledge of a violation

No

Biospherical Instruments,

Inc. 2007 India

Acting with knowledge of a violation;

misrepresentation No

Graco Inc. 2007 India; Saudi Arabia;

Taiwan Acting with knowledge of a violation

No

3DSP Corporation 2007 China Unauthorized deemed export to foreign

nationals from a listed entity Yes

Lam Research Corporation 2007 Russia; China Unauthorized deemed exports Yes

Hardinge, Inc 2007 Israel Failure to keep records No

EHI Group USA, Inc. 2007 China Acting with knowledge of a violation No

Ingersoll Machine Tools,

Inc. 2008 Italy; India Unauthorized deemed exports

Yes

Maxim Integrated Products 2008 PRC; Iran Unauthorized deemed exports; acting with

knowledge of a violation Yes

Engineering Physics

Software, Inc. d/b/a COADE,

Inc.

2008 Iran; UAE

Unlicensed export of software to a listed

entity; unauthorized transshipment and

diversion Yes

Reson Inc. 2008 France; UK Unauthorized deemed exports Yes

AMD Austin 2008 Ukraine; China Unauthorized deemed exports Yes

TFC Manufacturing, Inc. 2008 Iran Unauthorized deemed exports Yes

Falmouth Scientific, Inc. 2009 China Misrepresentations to BIS in a formal filing Yes

© 2014

Select Department of Commerce Enforcement Cases

(2007 through 2014)

Case Name Year Country(ies) Violations

Technical Data

or Technology

GE Homeland Protection,

Inc. 2009 South Africa Acting with knowledge of a violation No

Shu Quan-Sheng 2010 China Violations of the AECA, the ITAR and FCPA Yes

Manoj Bhayana 2011 Pakistan

False statements during an investigation;

causing, aiding and abetting in violations of

the EAR

No

ArvinMeritor, Inc. 2011

Brazil; India; China;

Mexico; South Korea;

Italy

Unauthorized deemed exports; unlicensed

exports of technical drawings to FNs outside

the US

Yes

3M Attenti, Ltd. 2012 China; Israel Unauthorized deemed exports Yes

Mattson Technology, Inc. 2012 Israel; Malaysia; China;

Singapore; Taiwan Acting with knowledge of a violation No

PhibroChem, Inc. 2012 Mexico Acting with knowledge of a violation No

Ethan Levander 2012 Iran; UAE False statements to US Government

personnel No

Temrex Corporation 2012 Iran; UAE Acting with knowledge of a violation;

improper transshipment and diversion No

China Nuclear Industry

Hauxing Construction Co.,

Ltd.

2012 China Acting with knowledge of a violation (related

to the PPG Industries cases) No

General Technology

Systems Integration

Corporation

2012 China Acting with knowledge of a violation Yes

Donald V. Bernardo a/k/a

Don Bernardo 2013 Venezuela Violations of the AECA and ITAR; brokering No

11

© 2014

Select Department of Commerce Enforcement Cases

(2007 through 2014)

Case Name Year Country(ies) Types of Violations

Technical Data

or Technology

Afshin (“Sean”) Naghibi 2013 Iran Conspiracy; unauthorized transshipment and

diversion No

Yaming Nina Qi Hanson 2013 China Misrepresentation and concealment of

material facts No

University of Massachusetts

at Lowell 2013 Pakistan Unlicensed exports to a listed entity No

Billy L. Powell, Sr. 2013 Iran Acting with knowledge of a violation No

Aeroships International, Inc. 2013 Pakistan Causing, aiding and abetting a violation

(involving a listed entity) No

Sixing Liu a/k/a Steve Liu 2013 China Violations of the AECA and ITAR;

unlicensed exports Yes

Harold Dewitt Hanson 2013 China Misrepresentations to US Government

personnel No

KMT GmbH 2013 Iran Evasion; unauthorized transshipment and

diversion No

Comasec SAS 2014 Iran Causing, aiding and abetting in a violation;

unauthorized transshipment and diversion No

Intevac, Inc. 2014 Russia; China Unauthorized deemed exports Yes

12

© 2014

Select Department of State Enforcement Cases

(2007 through 2014)

Case Name Year Types of Violations

Technical Data

or Technology

Esterline Technologies Corp. 2014 Unlicensed export of technical data (among other)

charges Yes

Meggett USA Inc. 2013 Unlicensed export of technical data, defense services Yes

Aeroflex, Inc. 2013 Unauthorized export of technical data, defense services

(facts but not charged) Yes

Raytheon 2013 Unauthorized exports of technical data and defense

services; ineffective investigations Yes

United Technologies 2012 Unauthorized exports of modified software and data;

ineffective investigations Yes

XE Services 2010 Unauthorized exports of technical data and defense

services Yes

Analytical Methods, Inc. 2009 Unauthorized exports of technical data and modified

software Yes

Northrup Grumman Corp. 2008

Unauthorized exports of service code to Russia;

unauthorized exports of software to Angola, Indonesia,

China and Ukraine; unauthorized defense services to

various non – 126.1 countries

Yes

Lockheed Martin Corp. 2008 Unauthorized export of performance specifications and

classified information to UAE Yes

Qioptiq SrL 2008 Unauthorized retransfers of technical data to China and

Singapore Yes

ITT Corporation 2007

Unauthorized exports of technical data to China;

misrepresentations and omissions of fact; unauthorized

export of classified technical data

Yes

13

© 2014

QUESTIONS ?

14 783202886

Giovanna M. Cinelli

(202) 879-3653

gcinelli@jonesday.com

Export Control Compliance: Technology

Transfers and Deemed Exports

Key components of compliance programs

Josephine Aiello LeBeau 15

Topics Covered

Export Compliance Programs Overview

Special Challenges for Technology Transfers and Deemed

Exports

16

Export Compliance Programs

Elements for Success

17

A Successful Export Compliance Program

Is…

An organized, integrated system that is established to

Manage export-related decisions and transactions

Ensure compliance with export regulations

Help assess risks

18

A Successful Export Compliance Program…

Has the support of senior management

Clearly demonstrates a company’s commitment to comply with export control

laws and regulations

Establishes accountability for export controls, by identifying persons inside a

company who are responsible for performing daily export control-related

activities and supervising the overall export control compliance process

Implements and maintains compliance safeguards, to ensure that appropriate

levels of due diligence are conducted

Guides employees in the required screening of export transactions

Explains the importance of identifying and clearing red flag indicators that call a

transaction into question

Protect employees, through training and awareness programs, from inadvertently

violating the EAR

19

Contents of a Successful Export Compliance

Program

The substance of an ECP will depend on the

Size of the exporter

Types of customers

Resellers

Distributors

End-users

Government entity

Manufacturers

OEMs

Bank s

End-uses by customers

20

Contents of a Successful Export Compliance

Program

Other considerations which will affect the substance of the Export Compliance Program:

End-user locations

Planned subsequent transfers/reexports

Exporter/Customer Relationships:

Customer is a foreign branch of U.S. company

Customer is a foreign subsidiary or affiliate under effective control of U.S. company

Exporter is the subsidiary/branch of customer

Independent relationship

Company is a new customer

Customer is unknown (i.e., anonymous downloads)

21

Elements of a Successful Compliance

Program

Element 1 Management Commitment Policy

Element 2 Responsible Officials

Element 3 Procedures for responsible parties

Element 4 Record Keeping

Element 5 Training

Element 6 Internal Reviews

Element 7 Notification

22

Element 1 – Management Commitment

Policy

A company establishing an Export Management System (“ECP”) should formulate clear and concise export control policies which outline senior management’s commitment to export compliance

Is the commitment statement from senior management?

Does it explain why corporate commitment is important?

Does it contain a policy statement that no sales will be made contrary to US EAR?

Does the statement contain a description of penalties applied in instances of compliance failure?

Does it contain the name/position & telephone number of the person to contact with questions?

Are there written procedures to address if the statement is updated and reissued? If the statement is communicated on a regular basis?

To whom is the statement distributed?

23

Element 1 – Management Commitment

Policy

Senior management must

Establish written export compliance standards for the organization

Commit sufficient resources for the export compliance program

Ensure appropriate senior company management are

Designated with the overall responsibility for the export compliance program

Responsible to ensure adherence to export control laws and regulations

The commitment must be:

Clear and concise written statement

Prepared on company letterhead

Signed by senior corporate management (president or CEO)

Dated

Outlines commitment to export compliance

Describes penalties for non-compliance

Identifies individuals to contact for further information

Provide to all employees in export-related functions

Updated and redistributed to reflect personnel changes

24

Element 2 – Responsible Officials

Identify those positions within the company whose duties

include the responsibility for export control compliance

and provide those individuals with the necessary level of

authority to stop export transactions as needed.

Is there a list identifying one employee from each export

related function as responsible for compliance?

Have back up personnel been assigned (including e-mail &

telephone numbers)?

Is the person responsible for compliance at each site identified?

How often is this information updated?

25

Element 2 – Responsible Officials

Identify persons and positions primarily responsible and

backups by name, title, and telephone number

Designees should have authority commensurate with

degree of responsibility

Outline formal lines of communication with other

personnel with export-related functions

Provide education and training to all employees with

export-related functions on ongoing basis

Update designations and training to reflect changes to

personnel and regulations

26

Element 3 - Procedures

27

Detailed procedures for those with responsibilities

Broken down by area

Can be separate detailed booklets

Element 4 – Recordkeeping

The EAR requires that records be kept of all export

transactions for a period of at least five years

Develop a program to maintain records of export

transactions in accordance with EAR

What documentation is maintained for export transactions?

What system is used to record such transactions?

Where is the documentation kept?

Who has access to this documentation?

28

Element 4 – Recordkeeping Identify specific documents to be maintained

Describe record maintenance procedures and locations

Documents should be kept in easily retrievable form and location

Filing system should allow easy matching of invoices, shippers export declarations, delivery notes, and air waybills

Specify duration of record maintenance

Minimum of five years for most documents

Original, or reproductions that meet standards of legibility and readability requirements in '762.5

Who keeps records

Principal or agent who participates in transaction.

What to keep Export control documents and related documents listed in '762.2 and 772

Records are subject to inspection by

The Office of Export Enforcement

Immigrations and Customs Enforcement

29

Element 5 – Training

An ECP should include a training program

To keep employees informed of up-to-date regulations, and

Knowledgeable with respect to export control responsibilities

What types of training programs are provided to Export

Compliance employees?

How often is the training provided?

What performance measures are used to monitor activity and

progress?

How do you ensure that employees have a solid understanding

of export regulations and their implications?

30

Element 5 – Training

Maintain up-to-date training modules

Tailor training for employees with different job functions

Establish and keep true to a schedule of training

Subscribe to information regarding legal and regulatory

updates

Appoint someone to monitor this information source

Provide updates to employees as necessary upon changes

in laws and regulations

31

Element 6 – Internal Reviews

The company should dedicate a team to conduct regular internal reviews to ensure that the ECP

Is operating effectively and in compliance with all the applicable export regulations

Particular attention should be given to ensure that there are proper screening procedures and supporting documentation is being maintained

32

Element 6 – Internal Reviews

Establish schedule for each type of audit

Reviews may be conducted by personnel in operating

units and/or outside personnel

Establish procedures to document audit findings

Establish procedures for notification of corporate

management and/or government in cases of

noncompliance

33

Element 6 – Internal Reviews

When conducting a review

Obtain an understanding of the export compliance policies and procedures and related processes.

Evaluate the adequacy and effectiveness of the key internal controls

Evaluate the effectiveness of the export controls compliance process.

Evaluate compliance with corporate policies and procedures.

Identify opportunities for internal control and process improvements.

Evaluate the internal control environment against the elements needed for an effective ECP.

34

Element 6 – Internal Reviews

When conducting a review

Have the Export Compliance Manger introduce the audit

team to key management and personnel and explain the

following:

The purpose of the visit is to improve business controls and

performance as a team.

The nature of the work, including the timing and duration of both

initial and follow-up interviews.

Schedule time for initial interviews with the key individuals

responsible for the following functions:

Any export compliance personnel involved in the process

35

Element 7 – Notification

When questions arise regarding the propriety of specific export transactions, establish a process for consulting with an expert

What is the process when a question regarding export compliance arises?

What is the hierarchy?

Are employees provided with the appropriate contact information? Who do they contact?

Who do you contact?

How is the result of the inquiry handled?

36

Element 7: Notification

Establish an e-mail address or telephone hotline for

reports of potential violations

Have clear guidance on how to handle allegations of

export control violations

Maintain a list of individuals qualified to conduct a review

of any allegations or complaints

Establish a policy regarding internal reviews and self-

disclosures

37

Special Challenges for Technology

Transfers and Deemed Exports

38

What Is An Intangible Export?

Transfers of U.S.-origin technology/technical data, to a non-U.S.

national via

Written communications, including email and fax

On computer servers, in labs, in shared research facilities

Oral transfers of information

Downloads of software

Emails containing technical information/technology

Reexports of controlled technology, or technical data

Deemed exports / deemed re-exports

39

Non-U.S. National / Non-U.S. Person

Anyone person who is not a citizen or lawful permanent

resident of the U.S. (i.e., green card holders)

Note that F-1 visa holders are not permanent residents

Note that H1-B and S-1 visa holders are not permanent

residents

Any non-U.S. Government Agency

Any non-U.S. Corporation or group that is not currently

incorporated in the U.S. or organized to do business in

the U.S.

40

“Deemed Exports”

Transfer of technology to non-U.S. nationals who are physically located

in the U.S.

May be an employee of a U.S. company

May be a visiting customer, visiting professor, visiting student

May be a non-U.S. partner, affiliate, or research partner

Transfer “deemed” an export to the non-U.S. national’s country of

citizenship

Must determine whether the technology is subject to the regulations and

whether a license is required to “export” to the non-U.S. person

Companies must certify in H1-B visa process that they are in compliance

with U.S. export regulations for non-U.S. person

41

“Deemed Re-Exports”

Transfer of U.S. technology to non-U.S. nationals who are nationals of

one country but physically located in another

Transfer “deemed” a re-export to the non-U.S. national’s country of

citizenship or permanent residence

Must determine whether the technology is subject to the regulations and

whether a license is required to “re-export” to the non-U.S. person

42

ECPs and Technology Deemed Exports

Elements to include to address the special challenges of

deemed exports:

Confidentiality agreements and/or Written Assurances signed by all

employees

Consultations for new employees or employees whose job changes to

determine whether they will have access to controlled technology

Applying for deemed export licenses where required, and waiting until

they are granted to allow the employee to access controlled

technology

Implementation of Information Security measures:

Restricted electronic access

Physical security measures

Restriction on password sharing among employees

43

ECP’s and Technology Transfers

Elements to include to address the special challenges of

technology transfers:

Importance of Screening:

Based on product export classification

Controlled technology and data may not be released until a license is

obtained and foreign nationals may not have access to technical data until a

license is in place.

Screening for embargoed countries

IP address blocking

Screening for prohibited individuals or entities

the Denied Persons List (“DPL”), the Entity List, Unverified Parties List, the

List of Specially Designated Nationals List (“SDN List”), the State

Department’s list of debarred parties, and the Sectoral Sanctions

Identifications List (“SSI List”)

44

ECP’s and Technology Transfers

Elements to include to address the special challenges of

technology transfers:

Restricted Electronic Access

Marking of documents

Passwords

Server security

Physical placement of servers

Challenge of cloud computing

Emails

Classifications

Recordkeeping

Footers

45

ECP’s and Technology Transfers

46

Physical security issues

Internal secure areas

Filing cabinets

Seating arrangements

Training for office talk (elevators, kitchens, etc.)

Guest Security

Color-coded pathways

Registration of guests

Areas of meetings

Thank You

Josephine Aiello LeBeau

jalebeau@wsgr.com

202-973-8813

47

Best Practices for

Meeting Regulatory

Requirements and

Mitigating Risk

December 10, 2014 Elsa Manzanares, Partner

Gardere Wynne Sewell LLP

Best Practices

49

Identify and Classify Your Inventory of Products, Software and

Technology

Educate Employees About Export Controls

Adopt a Technology Control Plan

Best Practices

Create a classification database of products, software, and

the technology associated with those products and software.

• Include product description, Schedule B, USML/ECCN, technology

classification, reasons for control, potential license exceptions,

verification date, and name of classifier.

• Regulations should be monitored regularly to ensure classifications in

database are up to date.

50

Best Practices

Identify your methods of export/reexport of technology.

• How is your information accessed or released?

Visual inspection/oral exchanges/travel abroad/defense

services

• Who are foreign persons (ITAR)/foreign national (EAR)?

IT staff

U.S. citizens employed by subsidiaries abroad

Interns

Visitors

• Identification is an ongoing process

51

Best Practices

Where is your technology located?

• Servers, drawings, file cabinets, intranet, within U.S., outside U.S.

• Review is an ongoing process

52

Best Practices

Assign priorities based on a risk assessment.

• Start with the highest risk.

o Sensitivity of technology and countries involved

o Likelihood of violation

53

Best Practices

Conduct periodic testing of IT and physical security technology

controls

• Are control groups property populated/permissions set properly?

• Determine level of potential access by FNs within IT system and physical

spaces

Outside party review can help identify gaps.

54

Best Practices

Provide Export Compliance Training to Employees • Many companies require that all new employees attend export

compliance training

Adopt a Technology Control Plan (TCP)

• Outlines company’s formal process to limit unauthorized access to

controlled items and technology.

55

Best Practices

Who is Responsible for Technology Control Plan?

•Designate a Technology Control Officer

• Establish Technology Control Team comprised of:

o Technical staff

o Operations staff

o IT representative

o IP representative

o Security representative

o HR representative

• Create formal process to review products and technologies prior to

release to foreign nationals

56

Best Practices

Content of a Technology Control Plan

• Definitions relating to releases of technology

• Identifies specific information that constitutes “technology”

• Outlines Procedures to Limit Unauthorized Access

o Building Security Procedures

o Information Security Procedures

Structure and Description of IT Security

• Personnel Screening

• Hard Copy Technology

• Training

57

Best Practices

Implementing a Technology Control Plan

•Conduct formal roll-out of TCP with employee training

• Provide copies of TCP to all new employees

• Provide regular training on content and use of TCP

• Modify content of TCP as new situations arise

58

So you’ve tackled the tariff code!

‒ Key Concepts – tariff classification

‒ Duty Rates

‒ Nuts and Bolts of Tariff Classification

‒ Schedule B

‒ Binding Rulings

Elsa Manzanares, Partner

Gardere Wynne Sewell LLP

emanzanares@gardere.com

214-999-4172

Questions?

59