Major Australian Defence initiatives such as AUKUS, GWEO, Air 6500 and the Quad, present greater opportunities for interaction and data exchange with the US and other international partners. This increased security collaboration will in turn potentially generate an influx of new technologies into the custodianship of Australian Defence Industry.
The prevalence of US controlled technology and the associated data control responsibility means that the International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR) are a key consideration for the Defence sector. Australian industry is at the forefront of Defence capability enhancement and growth which drives the imperative for strong recordkeeping and fluency across the relevant regulatory requirements.
Australian businesses operating within the ITAR and EAR environments face complex compliance challenges. Mandatory recordkeeping regulations demand full traceability and accountability for controlled technology. In addition to the US compliance requirements, accurate recordkeeping expectations are fundamental to Australia’s Defence Export Controls and the Australia-US Defence Trade Cooperation Treaty.
Businesses within the Australian Defence sector must manage common records such as authorisations (licenses, agreements, permits), staff security and nationality data, breaches/non-compliance events, and export/import tracking. The recordkeeping requirements depend largely on the type of activity, the export regulations invoked and may be subject to the Australian Privacy Act 1988.
Recordkeeping advice is provided under the ITAR and EAR. Compliant recordkeeping practices which form a functional business framework include:
- Maintenance of records for a minimum of five years from the date of shipment, transfer, or upon the expiration of the applicable authorisation, (whichever is longer);
- Documenting recordkeeping processes in relevant policies, including your Technology Control Plan (a mandated ITAR compliance requirement);
- Ensuring your records are consistently maintained and referred to as needed. E.g. identifying details such as license or agreement expirations allows adequate time for extensions (return of items/data); and
- Commencing your recordkeeping from the start of any process involving controlled technology.
Record storage methods are not mandated. They can range from traditional Excel spreadsheets to more complex SharePoint sites. Applications like SharePoint increase flexibility, by allowing interaction between varying users and records, and providing auditing capabilities. Recordkeeping is a vital part of an Export Control audit and compliance program and is crucial to your overall compliance strategy.
Two examples of practical record keeping are:
- ITAR License Tracker - which enables the consolidation and linking of all associated information for ease of reference, and
- Audit Logs - to support Export Control breach investigations if data is inadvertently uploaded to the wrong location.
Well-established recordkeeping practices can significantly reduce the risk of an export control breach. End-user check programs such as ITAR’s Blue Lantern, and to a lesser extent EAR’s Sentinel, will likely examine export control records to establish the baseline of a project’s export control compliance health.
Support and training are available for Australian businesses trying to navigate the requirements and searching for best practice for Export Control recordkeeping and related compliance issues.
Note: Kevin Chenney is an Export Control Specialist with Goal Group, Sydney.