Export controls governing sensitive information and technology
August 2013 | 10QUESTIONS | GLOBAL TRADE
FW speaks to Steven Brotherton, a partner at Fragomen Worldwide, about export controls governing sensitive information and technology.
FW: Broadly speaking, to what extent have the challenges associated with transferring sensitive information, products, people and technology increased in recent years, particularly with regard to the export controls that regulate such movements?
Brotherton: Technologies continue to evolve at a rapid pace and government regulators aren’t able to change the laws quickly enough to avoid over regulation. A common example is encryption which serves as the backbone of secure internet communications and e-business transactions. Even though encryption methods are publicly available and used throughout the world, encryption continues to be heavily regulated. This trend, coupled with more countries implementing export control laws, can complicate moving products and technologies around the world. We’ve seen cases where a supply chain involving the US, Europe, Taiwan, Singapore and Japan requires government approval prior to the export from each country. These inefficiencies can lead to delays in product delivery and time to market.
FW: What export control issues may be triggered when a company shares sensitive information with foreign partners or third parties?
Brotherton: A US government export license may be required prior to sharing US technology with foreign partners or third parties. License requirements are dependent on the ‘classification’ of the technology – for instance, whether the technology is listed on a control list – and the destination country. An export licence may also be required prior to sharing technology with an entity on a US government restricted party list or if the end-use involves nuclear, rocket system, or chemical or biological weapon applications. It’s up to the exporting party to ensure that an export licence is obtained, if required, so it’s important to do your due diligence and get it right. Violations can lead to civil penalties of up to $500,000 per instance, debarment from government contracts, or revocation or temporary suspension of export privileges. Criminal penalties can lead to fines of up to $1m or 20 years imprisonment.
FW: Could you outline some of the specific considerations that a company with national security concerns, such as a military defence contractor, needs to make when it employs foreign nationals in the US? Further, what are the employment law discrimination challenges when controlling access to controlled technology by foreign nationals?
Brotherton: An unusual aspect of US export control regulations is that the release of technology to a foreign national in the US, such as an employee, contractor, or visitor, is considered an export to the individual’s home country. This means that an export licence may be required to share drawings, technical information, or source code with a foreign national. Companies should understand whether they work with controlled technology and, if so, which nationalities trigger export licence requirements as not all are treated the same. But to make an export licence determination companies must identify a foreign national’s home country which can lead to discrimination issues if not done correctly. The balance is to identify the US persons – that is, those not subject to export control requirements – and only ask for detailed citizenship and nationality information from those that are foreign nationals and subject to potential export licence requirements. This method can successfully address Civil Rights Act of 1964, Title VII national origin discrimination as well as citizenship status discrimination, which is prohibited by the Immigration Reform and Control Act of 1986.
FW: In your opinion, do companies need to be more aware of applicable regulations and export control laws? Are there any legislative or regulatory changes on the horizon?
Brotherton: Since 2009, the Obama Administration has placed an emphasis on reforming the US export control system to build ‘higher walls’ around fewer items; increasing interoperability with NATO and close allies; and reducing incentives for foreign companies to design-out or avoid US origin content. This is culminating in a significant change to the regulations, including control lists, with the first changes becoming effective in October 2013. It’s important for companies to evaluate the changes and understand what, if any, impact the changes have on products, technologies and the supply chain. For example, most military aircraft components will not require an export licence to NATO destinations but the technology to develop those items may continue to require an export licence to most countries. Further, companies may need to obtain a different type of export licence under the new regime and it’s important to evaluate those changes now.
FW: Are you seeing an increase in government audits, investigations and enforcement actions related to export controls?
Brotherton: Government investigations and penalty cases continue to increase and this trend is expected to continue for the foreseeable future. The US export control reform effort has a goal to build higher walls around fewer items that are of significance from a national security perspective. Building higher walls includes more export control enforcement. An example of this effort is the establishment of the Export Enforcement Coordination Center (E2C2) to ensure better coordination among federal law enforcement agencies and the intelligence community to investigate and prosecute cases. It’s important that companies get ahead of the curve by ensuring that their export activities are compliant with export control regulations.
FW: What are some of the key challenges involved in preparing export licences and agreements, and adhering to reporting requirements?
Brotherton: Export licences and agreements that involve the transfer of controlled technology to foreign parties are typically the most complex. When preparing an application, it’s important to understand the needs of the business as well as the underlying technology so that you can properly scope the types of technical data proposed for release. We’ve seen situations where companies wait for months while the US government processes an export licence application and discover that the approval, once issued, is too limited in scope. In turn, this can lead to project delays while an amendment or new export licence is obtained. So it’s important to get it right the first time. After approval, it’s critical to understand any reporting requirements and implement a business process to ensure reporting, such as annual sales, occurs when due. A recent State Department settlement involved a situation where a company did not adhere to reporting requirements and exceeded the scope of licences, resulting in an $8m settlement.
FW: How important is it for a company to establish a robust export compliance program throughout its organisation?
Brotherton: One common mistake is that export control requirements only need to be considered at the time of order and the time of shipment. However, transactions that may trigger export control requirements happen at every stage of the product life cycle. The initial R&D may utilise foreign offices or foreign national employees, products may be demonstrated or sampled to customers, and after-delivery services may involve technical support, each of which trigger possible export control issues beyond those raised during the initial order or shipment of product to customers. For these reasons it’s important that export compliance triggers are built into each stage of the product life cycle and, to work well, must be integrated into existing business practices and procedures.
FW: To what extent should an export compliance program include regular internal checks and reviews? What form should this take to be effective?
Brotherton: Nobody is perfect and the US government understands that even good compliance programs may not detect every issue. Efforts to regularly audit, test, and adapt the program can go a long way toward not only ensuring the program is working as intended but also demonstrate that the company is serious about compliance. Over the years we’ve seen that most successful programs include a variety of checks, reviews and audits which range from informal to formal. Informal checks can include weekly spot checks for high risk items – for example, export classification; monthly reviews, such as confirmation that foreign employee screening is working as intended, and more formal yearly audits of broader subject areas such as export licence shipments and licence compliance. This varied approach helps to ensure that issues or process gaps are identified before leading to larger problems or violations.
FW: In your experience, do companies need better training and education in this area, to help them achieve compliance?
Brotherton: Export control regulations are complex and subject to change based on global developments. In fact, we find that many engineers and sales personnel will each have their own interpretation of what’s controlled and how the rules work. It’s important to train employees involved in exporting activities such as engineering, sales, marketing, logistics, and legal, with a basic and consistent message that can be easily understood and remembered. It’s not enough to train just on the rules, but also to train on how their business processes identify possible export control issues and who to turn to when those issues arise. Export compliance personnel should also receive yearly outside training – at conferences or similar forums – to remain updated on the latest developments.
FW: Looking ahead, how will advances in technology and the globalisation of business shape export laws going forward?
Brotherton: Two key developments are likely as globalisation progresses. First, export control laws will only work if they are implemented and enforced internationally. We expect that more countries will enforce existing laws and will partner with allied countries to share intelligence information and investigate and prosecute violations. Second, the advancement of technologies requires that governments continually review export control lists to ensure that the control of only those technologies that are true areas of national security concern. We expect more cooperation and work in this area especially as more countries become engaged in the global export control discussion.
Steven Brotherton is a partner at Fragomen Worldwide. He manages the firm’s Export Controls Practice Group. Mr Brotherton counsels clients on export control laws and regulations, including compliance with the Export Administration Regulations (EAR), International Traffic in Arms Regulations (ITAR), and sanctions regulations administered by the Office of Foreign Assets Control (OFAC). He is a member the US Department of Commerce’s Regulations and Procedures Technical Advisory Committee (RPTAC), which advises the US Department of Commerce on export control regulation and policy. He is also the co-chair of TechAmerica's Export Control Reform Subcommittee. Mr Brotherton can be contacted on +1 415 263 8442 or by email: email@example.com.
© Financier Worldwide