export control compliance: technology transfers...
TRANSCRIPT
Export Control Compliance:
Technology Transfers and Deemed Exports Developing and Implementing a Comprehensive Compliance Program
to Minimize Exposure and Mitigate Penalties for Inadvertent Violations
Today’s faculty features:
1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific
The audio portion of the conference may be accessed via the telephone or by using your computer's
speakers. Please refer to the instructions emailed to registrants for additional information. If you
have any questions, please contact Customer Service at 1-800-926-7926 ext. 10.
WEDNESDAY, DECEMBER 10, 2014
Presenting a live 90-minute webinar with interactive Q&A
Giovanna M. Cinelli, Partner, Jones Day, Washington, D.C.
Josephine Aiello LeBeau, Partner, Wilson Sonsini Goodrich & Rosati, Washington, D.C.
Elsa Manzanares, Partner, Gardere Wynne Sewell, Dallas
Tips for Optimal Quality
Sound Quality
If you are listening via your computer speakers, please note that the quality
of your sound will vary depending on the speed and quality of your internet
connection.
If the sound quality is not satisfactory, you may listen via the phone: dial
1-866-570-7602 and enter your PIN when prompted. Otherwise, please
send us a chat or e-mail [email protected] immediately so we can
address the problem.
If you dialed in and have any difficulties during the call, press *0 for assistance.
Viewing Quality
To maximize your screen, press the F11 key on your keyboard. To exit full screen,
press the F11 key again.
FOR LIVE EVENT ONLY
Continuing Education Credits
For CLE purposes, please let us know how many people are listening at your
location by completing each of the following steps:
• In the chat box, type (1) your company name and (2) the number of
attendees at your location
• Click the SEND button beside the box
If you have purchased Strafford CLE processing services, you must confirm your
participation by completing and submitting an Official Record of Attendance (CLE
Form).
You may obtain your CLE form by going to the program page and selecting the
appropriate form in the PROGRAM MATERIALS box at the top right corner.
If you'd like to purchase CLE credit processing, it is available for a fee. For
additional information about CLE credit processing, go to our website or call us at
1-800-926-7926 ext. 35.
FOR LIVE EVENT ONLY
Program Materials
If you have not printed the conference materials for this program, please
complete the following steps:
• Click on the ^ symbol next to “Conference Materials” in the middle of the left-
hand column on your screen.
• Click on the tab labeled “Handouts” that appears, and there you will see a
PDF of the slides for today's program.
• Double click on the PDF and a separate page will open.
• Print the slides by clicking on the printer icon.
FOR LIVE EVENT ONLY
© 2014
Export Control Compliance: Technology
Transfers and Deemed Exports:
Export Enforcement Trends
December 10, 2014
Giovanna M. Cinelli
(202) 879-3653
© 2014
Export Enforcement
Focus depends on policy objectives each Administration
seeks to achieve
Some objectives remain constant – e.g., denied parties
prohibitions
Other objectives change as the Government sees shifts
in global circumstances -- e.g., Russia – Ukraine
sanctions
7
© 2014
Export Enforcement
Understanding the Government’s focus is key to addressing
compliance issues, whether the issues involve the
establishment of compliance programs, the retention of
compliance personnel or expenditures related to essential
compliance tools
The Government’s enforcement actions, whether civil or
criminal, provide insight into the various agencies’ priorities
8
© 2014
Export Enforcement Trends
Issues of Concern
State Commerce
• Misclassification • False statements and misrepresentations
• Unauthorized technical data and defense
services exports
• Unauthorized exports to Iran and China
• False statements and material omissions • Unauthorized exports to denied parties or
listed entities
• Unauthorized exports to proscribed
countries
• Acting with knowledge that a violation
occurred, was occurring, or was going to
occur
• Ineffective investigations • Cross-suspension or debarment for
violations of other than EAR/IEEPA
• Personal liability and a failure to oversee
compliance personnel
• Individual liability
9
© 2014
10
Select Department of Commerce Enforcement Cases
(2007 through 2014)
Case Name Year Country(ies) Violations
Technical Data
or Technology
SCP Global Technologies,
Inc. 2007 Taiwan; PRC; Israel Acting with knowledge of a violation
No
Biospherical Instruments,
Inc. 2007 India
Acting with knowledge of a violation;
misrepresentation No
Graco Inc. 2007 India; Saudi Arabia;
Taiwan Acting with knowledge of a violation
No
3DSP Corporation 2007 China Unauthorized deemed export to foreign
nationals from a listed entity Yes
Lam Research Corporation 2007 Russia; China Unauthorized deemed exports Yes
Hardinge, Inc 2007 Israel Failure to keep records No
EHI Group USA, Inc. 2007 China Acting with knowledge of a violation No
Ingersoll Machine Tools,
Inc. 2008 Italy; India Unauthorized deemed exports
Yes
Maxim Integrated Products 2008 PRC; Iran Unauthorized deemed exports; acting with
knowledge of a violation Yes
Engineering Physics
Software, Inc. d/b/a COADE,
Inc.
2008 Iran; UAE
Unlicensed export of software to a listed
entity; unauthorized transshipment and
diversion Yes
Reson Inc. 2008 France; UK Unauthorized deemed exports Yes
AMD Austin 2008 Ukraine; China Unauthorized deemed exports Yes
TFC Manufacturing, Inc. 2008 Iran Unauthorized deemed exports Yes
Falmouth Scientific, Inc. 2009 China Misrepresentations to BIS in a formal filing Yes
© 2014
Select Department of Commerce Enforcement Cases
(2007 through 2014)
Case Name Year Country(ies) Violations
Technical Data
or Technology
GE Homeland Protection,
Inc. 2009 South Africa Acting with knowledge of a violation No
Shu Quan-Sheng 2010 China Violations of the AECA, the ITAR and FCPA Yes
Manoj Bhayana 2011 Pakistan
False statements during an investigation;
causing, aiding and abetting in violations of
the EAR
No
ArvinMeritor, Inc. 2011
Brazil; India; China;
Mexico; South Korea;
Italy
Unauthorized deemed exports; unlicensed
exports of technical drawings to FNs outside
the US
Yes
3M Attenti, Ltd. 2012 China; Israel Unauthorized deemed exports Yes
Mattson Technology, Inc. 2012 Israel; Malaysia; China;
Singapore; Taiwan Acting with knowledge of a violation No
PhibroChem, Inc. 2012 Mexico Acting with knowledge of a violation No
Ethan Levander 2012 Iran; UAE False statements to US Government
personnel No
Temrex Corporation 2012 Iran; UAE Acting with knowledge of a violation;
improper transshipment and diversion No
China Nuclear Industry
Hauxing Construction Co.,
Ltd.
2012 China Acting with knowledge of a violation (related
to the PPG Industries cases) No
General Technology
Systems Integration
Corporation
2012 China Acting with knowledge of a violation Yes
Donald V. Bernardo a/k/a
Don Bernardo 2013 Venezuela Violations of the AECA and ITAR; brokering No
11
© 2014
Select Department of Commerce Enforcement Cases
(2007 through 2014)
Case Name Year Country(ies) Types of Violations
Technical Data
or Technology
Afshin (“Sean”) Naghibi 2013 Iran Conspiracy; unauthorized transshipment and
diversion No
Yaming Nina Qi Hanson 2013 China Misrepresentation and concealment of
material facts No
University of Massachusetts
at Lowell 2013 Pakistan Unlicensed exports to a listed entity No
Billy L. Powell, Sr. 2013 Iran Acting with knowledge of a violation No
Aeroships International, Inc. 2013 Pakistan Causing, aiding and abetting a violation
(involving a listed entity) No
Sixing Liu a/k/a Steve Liu 2013 China Violations of the AECA and ITAR;
unlicensed exports Yes
Harold Dewitt Hanson 2013 China Misrepresentations to US Government
personnel No
KMT GmbH 2013 Iran Evasion; unauthorized transshipment and
diversion No
Comasec SAS 2014 Iran Causing, aiding and abetting in a violation;
unauthorized transshipment and diversion No
Intevac, Inc. 2014 Russia; China Unauthorized deemed exports Yes
12
© 2014
Select Department of State Enforcement Cases
(2007 through 2014)
Case Name Year Types of Violations
Technical Data
or Technology
Esterline Technologies Corp. 2014 Unlicensed export of technical data (among other)
charges Yes
Meggett USA Inc. 2013 Unlicensed export of technical data, defense services Yes
Aeroflex, Inc. 2013 Unauthorized export of technical data, defense services
(facts but not charged) Yes
Raytheon 2013 Unauthorized exports of technical data and defense
services; ineffective investigations Yes
United Technologies 2012 Unauthorized exports of modified software and data;
ineffective investigations Yes
XE Services 2010 Unauthorized exports of technical data and defense
services Yes
Analytical Methods, Inc. 2009 Unauthorized exports of technical data and modified
software Yes
Northrup Grumman Corp. 2008
Unauthorized exports of service code to Russia;
unauthorized exports of software to Angola, Indonesia,
China and Ukraine; unauthorized defense services to
various non – 126.1 countries
Yes
Lockheed Martin Corp. 2008 Unauthorized export of performance specifications and
classified information to UAE Yes
Qioptiq SrL 2008 Unauthorized retransfers of technical data to China and
Singapore Yes
ITT Corporation 2007
Unauthorized exports of technical data to China;
misrepresentations and omissions of fact; unauthorized
export of classified technical data
Yes
13
Export Control Compliance: Technology
Transfers and Deemed Exports
Key components of compliance programs
Josephine Aiello LeBeau 15
Topics Covered
Export Compliance Programs Overview
Special Challenges for Technology Transfers and Deemed
Exports
16
A Successful Export Compliance Program
Is…
An organized, integrated system that is established to
Manage export-related decisions and transactions
Ensure compliance with export regulations
Help assess risks
18
A Successful Export Compliance Program…
Has the support of senior management
Clearly demonstrates a company’s commitment to comply with export control
laws and regulations
Establishes accountability for export controls, by identifying persons inside a
company who are responsible for performing daily export control-related
activities and supervising the overall export control compliance process
Implements and maintains compliance safeguards, to ensure that appropriate
levels of due diligence are conducted
Guides employees in the required screening of export transactions
Explains the importance of identifying and clearing red flag indicators that call a
transaction into question
Protect employees, through training and awareness programs, from inadvertently
violating the EAR
19
Contents of a Successful Export Compliance
Program
The substance of an ECP will depend on the
Size of the exporter
Types of customers
Resellers
Distributors
End-users
Government entity
Manufacturers
OEMs
Bank s
End-uses by customers
20
Contents of a Successful Export Compliance
Program
Other considerations which will affect the substance of the Export Compliance Program:
End-user locations
Planned subsequent transfers/reexports
Exporter/Customer Relationships:
Customer is a foreign branch of U.S. company
Customer is a foreign subsidiary or affiliate under effective control of U.S. company
Exporter is the subsidiary/branch of customer
Independent relationship
Company is a new customer
Customer is unknown (i.e., anonymous downloads)
21
Elements of a Successful Compliance
Program
Element 1 Management Commitment Policy
Element 2 Responsible Officials
Element 3 Procedures for responsible parties
Element 4 Record Keeping
Element 5 Training
Element 6 Internal Reviews
Element 7 Notification
22
Element 1 – Management Commitment
Policy
A company establishing an Export Management System (“ECP”) should formulate clear and concise export control policies which outline senior management’s commitment to export compliance
Is the commitment statement from senior management?
Does it explain why corporate commitment is important?
Does it contain a policy statement that no sales will be made contrary to US EAR?
Does the statement contain a description of penalties applied in instances of compliance failure?
Does it contain the name/position & telephone number of the person to contact with questions?
Are there written procedures to address if the statement is updated and reissued? If the statement is communicated on a regular basis?
To whom is the statement distributed?
23
Element 1 – Management Commitment
Policy
Senior management must
Establish written export compliance standards for the organization
Commit sufficient resources for the export compliance program
Ensure appropriate senior company management are
Designated with the overall responsibility for the export compliance program
Responsible to ensure adherence to export control laws and regulations
The commitment must be:
Clear and concise written statement
Prepared on company letterhead
Signed by senior corporate management (president or CEO)
Dated
Outlines commitment to export compliance
Describes penalties for non-compliance
Identifies individuals to contact for further information
Provide to all employees in export-related functions
Updated and redistributed to reflect personnel changes
24
Element 2 – Responsible Officials
Identify those positions within the company whose duties
include the responsibility for export control compliance
and provide those individuals with the necessary level of
authority to stop export transactions as needed.
Is there a list identifying one employee from each export
related function as responsible for compliance?
Have back up personnel been assigned (including e-mail &
telephone numbers)?
Is the person responsible for compliance at each site identified?
How often is this information updated?
25
Element 2 – Responsible Officials
Identify persons and positions primarily responsible and
backups by name, title, and telephone number
Designees should have authority commensurate with
degree of responsibility
Outline formal lines of communication with other
personnel with export-related functions
Provide education and training to all employees with
export-related functions on ongoing basis
Update designations and training to reflect changes to
personnel and regulations
26
Element 3 - Procedures
27
Detailed procedures for those with responsibilities
Broken down by area
Can be separate detailed booklets
Element 4 – Recordkeeping
The EAR requires that records be kept of all export
transactions for a period of at least five years
Develop a program to maintain records of export
transactions in accordance with EAR
What documentation is maintained for export transactions?
What system is used to record such transactions?
Where is the documentation kept?
Who has access to this documentation?
28
Element 4 – Recordkeeping Identify specific documents to be maintained
Describe record maintenance procedures and locations
Documents should be kept in easily retrievable form and location
Filing system should allow easy matching of invoices, shippers export declarations, delivery notes, and air waybills
Specify duration of record maintenance
Minimum of five years for most documents
Original, or reproductions that meet standards of legibility and readability requirements in '762.5
Who keeps records
Principal or agent who participates in transaction.
What to keep Export control documents and related documents listed in '762.2 and 772
Records are subject to inspection by
The Office of Export Enforcement
Immigrations and Customs Enforcement
29
Element 5 – Training
An ECP should include a training program
To keep employees informed of up-to-date regulations, and
Knowledgeable with respect to export control responsibilities
What types of training programs are provided to Export
Compliance employees?
How often is the training provided?
What performance measures are used to monitor activity and
progress?
How do you ensure that employees have a solid understanding
of export regulations and their implications?
30
Element 5 – Training
Maintain up-to-date training modules
Tailor training for employees with different job functions
Establish and keep true to a schedule of training
Subscribe to information regarding legal and regulatory
updates
Appoint someone to monitor this information source
Provide updates to employees as necessary upon changes
in laws and regulations
31
Element 6 – Internal Reviews
The company should dedicate a team to conduct regular internal reviews to ensure that the ECP
Is operating effectively and in compliance with all the applicable export regulations
Particular attention should be given to ensure that there are proper screening procedures and supporting documentation is being maintained
32
Element 6 – Internal Reviews
Establish schedule for each type of audit
Reviews may be conducted by personnel in operating
units and/or outside personnel
Establish procedures to document audit findings
Establish procedures for notification of corporate
management and/or government in cases of
noncompliance
33
Element 6 – Internal Reviews
When conducting a review
Obtain an understanding of the export compliance policies and procedures and related processes.
Evaluate the adequacy and effectiveness of the key internal controls
Evaluate the effectiveness of the export controls compliance process.
Evaluate compliance with corporate policies and procedures.
Identify opportunities for internal control and process improvements.
Evaluate the internal control environment against the elements needed for an effective ECP.
34
Element 6 – Internal Reviews
When conducting a review
Have the Export Compliance Manger introduce the audit
team to key management and personnel and explain the
following:
The purpose of the visit is to improve business controls and
performance as a team.
The nature of the work, including the timing and duration of both
initial and follow-up interviews.
Schedule time for initial interviews with the key individuals
responsible for the following functions:
Any export compliance personnel involved in the process
35
Element 7 – Notification
When questions arise regarding the propriety of specific export transactions, establish a process for consulting with an expert
What is the process when a question regarding export compliance arises?
What is the hierarchy?
Are employees provided with the appropriate contact information? Who do they contact?
Who do you contact?
How is the result of the inquiry handled?
36
Element 7: Notification
Establish an e-mail address or telephone hotline for
reports of potential violations
Have clear guidance on how to handle allegations of
export control violations
Maintain a list of individuals qualified to conduct a review
of any allegations or complaints
Establish a policy regarding internal reviews and self-
disclosures
37
What Is An Intangible Export?
Transfers of U.S.-origin technology/technical data, to a non-U.S.
national via
Written communications, including email and fax
On computer servers, in labs, in shared research facilities
Oral transfers of information
Downloads of software
Emails containing technical information/technology
Reexports of controlled technology, or technical data
Deemed exports / deemed re-exports
39
Non-U.S. National / Non-U.S. Person
Anyone person who is not a citizen or lawful permanent
resident of the U.S. (i.e., green card holders)
Note that F-1 visa holders are not permanent residents
Note that H1-B and S-1 visa holders are not permanent
residents
Any non-U.S. Government Agency
Any non-U.S. Corporation or group that is not currently
incorporated in the U.S. or organized to do business in
the U.S.
40
“Deemed Exports”
Transfer of technology to non-U.S. nationals who are physically located
in the U.S.
May be an employee of a U.S. company
May be a visiting customer, visiting professor, visiting student
May be a non-U.S. partner, affiliate, or research partner
Transfer “deemed” an export to the non-U.S. national’s country of
citizenship
Must determine whether the technology is subject to the regulations and
whether a license is required to “export” to the non-U.S. person
Companies must certify in H1-B visa process that they are in compliance
with U.S. export regulations for non-U.S. person
41
“Deemed Re-Exports”
Transfer of U.S. technology to non-U.S. nationals who are nationals of
one country but physically located in another
Transfer “deemed” a re-export to the non-U.S. national’s country of
citizenship or permanent residence
Must determine whether the technology is subject to the regulations and
whether a license is required to “re-export” to the non-U.S. person
42
ECPs and Technology Deemed Exports
Elements to include to address the special challenges of
deemed exports:
Confidentiality agreements and/or Written Assurances signed by all
employees
Consultations for new employees or employees whose job changes to
determine whether they will have access to controlled technology
Applying for deemed export licenses where required, and waiting until
they are granted to allow the employee to access controlled
technology
Implementation of Information Security measures:
Restricted electronic access
Physical security measures
Restriction on password sharing among employees
43
ECP’s and Technology Transfers
Elements to include to address the special challenges of
technology transfers:
Importance of Screening:
Based on product export classification
Controlled technology and data may not be released until a license is
obtained and foreign nationals may not have access to technical data until a
license is in place.
Screening for embargoed countries
IP address blocking
Screening for prohibited individuals or entities
the Denied Persons List (“DPL”), the Entity List, Unverified Parties List, the
List of Specially Designated Nationals List (“SDN List”), the State
Department’s list of debarred parties, and the Sectoral Sanctions
Identifications List (“SSI List”)
44
ECP’s and Technology Transfers
Elements to include to address the special challenges of
technology transfers:
Restricted Electronic Access
Marking of documents
Passwords
Server security
Physical placement of servers
Challenge of cloud computing
Emails
Classifications
Recordkeeping
Footers
45
ECP’s and Technology Transfers
46
Physical security issues
Internal secure areas
Filing cabinets
Seating arrangements
Training for office talk (elevators, kitchens, etc.)
Guest Security
Color-coded pathways
Registration of guests
Areas of meetings
Best Practices for
Meeting Regulatory
Requirements and
Mitigating Risk
December 10, 2014 Elsa Manzanares, Partner
Gardere Wynne Sewell LLP
Best Practices
49
Identify and Classify Your Inventory of Products, Software and
Technology
Educate Employees About Export Controls
Adopt a Technology Control Plan
Best Practices
Create a classification database of products, software, and
the technology associated with those products and software.
• Include product description, Schedule B, USML/ECCN, technology
classification, reasons for control, potential license exceptions,
verification date, and name of classifier.
• Regulations should be monitored regularly to ensure classifications in
database are up to date.
50
Best Practices
Identify your methods of export/reexport of technology.
• How is your information accessed or released?
Visual inspection/oral exchanges/travel abroad/defense
services
• Who are foreign persons (ITAR)/foreign national (EAR)?
IT staff
U.S. citizens employed by subsidiaries abroad
Interns
Visitors
• Identification is an ongoing process
51
Best Practices
Where is your technology located?
• Servers, drawings, file cabinets, intranet, within U.S., outside U.S.
• Review is an ongoing process
52
Best Practices
Assign priorities based on a risk assessment.
• Start with the highest risk.
o Sensitivity of technology and countries involved
o Likelihood of violation
53
Best Practices
Conduct periodic testing of IT and physical security technology
controls
• Are control groups property populated/permissions set properly?
• Determine level of potential access by FNs within IT system and physical
spaces
Outside party review can help identify gaps.
54
Best Practices
Provide Export Compliance Training to Employees • Many companies require that all new employees attend export
compliance training
Adopt a Technology Control Plan (TCP)
• Outlines company’s formal process to limit unauthorized access to
controlled items and technology.
55
Best Practices
Who is Responsible for Technology Control Plan?
•Designate a Technology Control Officer
• Establish Technology Control Team comprised of:
o Technical staff
o Operations staff
o IT representative
o IP representative
o Security representative
o HR representative
• Create formal process to review products and technologies prior to
release to foreign nationals
56
Best Practices
Content of a Technology Control Plan
• Definitions relating to releases of technology
• Identifies specific information that constitutes “technology”
• Outlines Procedures to Limit Unauthorized Access
o Building Security Procedures
o Information Security Procedures
Structure and Description of IT Security
• Personnel Screening
• Hard Copy Technology
• Training
57
Best Practices
Implementing a Technology Control Plan
•Conduct formal roll-out of TCP with employee training
• Provide copies of TCP to all new employees
• Provide regular training on content and use of TCP
• Modify content of TCP as new situations arise
58
So you’ve tackled the tariff code!
‒ Key Concepts – tariff classification
‒ Duty Rates
‒ Nuts and Bolts of Tariff Classification
‒ Schedule B
‒ Binding Rulings
Elsa Manzanares, Partner
Gardere Wynne Sewell LLP
214-999-4172
Questions?
59