Previously we have written about Compliance Convergence,
which noted Compliance Expert Howard
Sklar, the author of Open Air
Blog, has termed as "the merging of control programs such as anti-bribery
and anti-corruption, with anti-money laundering, and export control.", in
regard to the Foreign Corrupt Practices Act (FCPA) and touched on briefly
with regards to anti-money laundering laws and regulations. Today we will turn
our attention to Howard's third prong in Compliance Convergence, that of Export
Generally speaking, a Company must comply with all
applicable export control laws in the country of origin of the products
including, in some instances, the components contained within the products and
technologies they are exporting; and all applicable international sanctions
that may not be directly addressed in national law (e.g., United Nations
sanctions programs). Witness the recent sanctions entered into by the US, UN
and EU regarding trade with Libya.
What are some of the lists that a company must check for
each overseas transaction? They include the US Department of State's
International Traffic in Arms Regulations (ITAR), which control the export and
re-export of military products and technologies. The ITAR site contains a list
compiled by the State Department of parties who are barred by §127.7 of ITAR
(22 CFR §127.7) from participating directly or indirectly in the export of
defense articles, including technical data or in the furnishing of defense
services for which a license or approval is required by ITAR.
The Bureau of Industry
and Security (BIS) has two lists which a Company must review. These include
1) the Denied Persons List,
which provides a list of individuals and entities that have been denied export
privileges. Any dealings with a party on this list that would violate the terms
of its denial order are prohibited; and 2) the Unverified
List which provides a list of parties where BIS has been unable to verify
the end use in prior transactions. The presence of a party on this list in a
transaction is a "red flag" that should be resolved before proceeding.
The US Treasury Department, Office
of Foreign Assets Control (OFAC) has regulations which may prohibit a
transaction if a party one of these lists. These lists can include both the Specially
Designated Nationals (SDN) list and the General Order 3 to Part 736 (page
9) which sets out the general order which imposes a license requirement for
exports and re-exports of all items subject to the Export Administration
Regulations (EAR) where the transaction involves a party named in the order.
Therefore, a company must ensure that the US government
permits it to export (1) its goods; (2) to the buyer; (3) in a particular
company. But more is required that simply checking the status of to whom a
company might be selling directly to, even if such buyer is located in the US.
Writing in the In-House Texas supplement to the March 7, 2011 edition of the Texas Laywer, Jackson Walker attorney Robert Soza, Jr. in an article
an Effective Export-Compliance Program' noted that "multiple US
export-control requirements come into play if a company's actions indicate that
it knows that its goods will be exported abroad such as delivering a product to
a US port."
Soza goes on to write that the creation and
implementation of an export control policy and program "minimizes the risk of
non-compliance and may reduce penalties in the result of a violation." He sets
forth his guidelines of what an effective export control compliance program
1. Top and Middle
Management Committee. The tone from management must support the
company's overall export control efforts.
2. Continuous Risk
Assessment. If a company does not currently have a
compliance program, it should initiate an evaluation to determine if it has
violated any US export controls laws or regulations in prior transactions.
3. A written policy
back up by a procedures manual. The policy should be
spelled out in writing with the detailed procedures filled in on how to conduct
an effective export control system.
4. Ongoing training
of employees. Training should be provided for all
employees with international sales responsibilities, marketing, export and
those involved with the hiring of foreign nationals. The training can be live
or web-based. The training should be designed to provide employees with the
keys which trigger day-to-day regulatory implications.
5. Ongoing screening
of employees, contractors, customers, products and transactions.
There must mechanism through software or other methods for the continuous
monitoring of these items and individuals. Simply checking any of the above
once only provides a snapshot at the time the review was made. In this current
compliance and enforcement environment such checks must be made on each
transaction and more continually for employees, contractors, customers and
6. Record Keeping (Document,
Document, Document). If you do not keep records and document something you
cannot measure it and if you cannot measure it you cannot improve. However,
when dealing with the government, if you do not document it, you cannot prove
7. Period Audits. After you have
put your export control policy in place, your company should engage in an
effective continuous export controls assessment and regular spot audits will
help to ensure compliance.
8. An internal
program for the reporting of violations and appropriate mechanism for
escalation of any export violations. In addition to some type of
hotline for the reporting of any export control violations, your company should
have a dedicated export control resource expert who can be available to answer
question and generally provide assistance to those employees charged internally
with export control.
corrective actions to hold employees accountable under a progressive
disciplinary program and voluntary self-disclosure. A
policy has no teeth if there are no repercussions to employees who violate the
export control program. If there are violations, the government will expect to
see discipline and training based on event.
(Any of this sounding familiar?)
Soza concluded his article by stating:
While it is often difficult to obtain senior management commitment to an
export-compliance program [a company] simply cannot afford to sell their
products and services internationally without such a program in place.
Penalties for failure to comply with these requirements may result in the loss
of export privileges, fines and imprisonment, not to mention damaging
We do not believe that we could have articulated it
better. Compliance Convergence in these areas demonstrates that the ostrich
days of a sticking your head in the sand regarding export controls are long
gone. But just as convergence demonstrates the widening scope of compliance, we
believe that it provides opportunities for cross-discipline compliance. Export
control needs to talk to the FCPA compliance attorney and let them know the
screening they perform on a regular basis. A company's treasury or finance
department needs to communicate its offshore payment policy regarding its
prohibition of payment of any invoices in countries other than the home country
of the payee or where the work was perform. There is an opportunity to learn
from each of these disciplines so take advantage of the Compliance Convergence
in your company.
Visit the FCPA Compliance and Ethics Blog,
hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and
other forms of risk management for a worldwide energy practice, tax issues
faced by multi-national US companies, insurance coverage issues and protection
of trade secrets.
This publication contains general information
only and is based on the experiences and research of the author. The author is
not, by means of this publication, rendering business, legal advice, or other
professional advice or services. This publication is not a substitute for such
legal advice or services, nor should it be used as a basis for any decision or
action that may affect your business. Before making any decision or taking any
action that may affect your business, you should consult a qualified legal
advisor. The author, his affiliates, and related entities shall not be
responsible for any loss sustained by any person or entity that relies on this
publication. The Author gives his permission to link, post, distribute, or
reference this article for any lawful purpose, provided attribution is made to
the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2011
For more information about LexisNexis
products and solutions connect with us through our corporate site.