Commodity jurisdiction was discussed in the first article in a 5-part series on US Export Control Compliance, export licenses discussed in the second, license exemptions and exceptions in the third, and agreements in the fourth. The final article in this series culminates with best practice advice on export control compliance programs.
End-users of US controlled technologies won’t need convincing that a rigorous compliance program is an essential safeguard against the range of actions and restrictions available to US enforcement agencies. These include import detentions, imposition of sanctions, Entity List inclusion and civil and criminal prosecution. In fact, some commentators have suggested the strong language used in recent business advisories concerning Xinjiang and Hong Kong supply chains, reflects a heightened interest in US compliance monitoring and a need for even greater diligence. On a positive note, compliance assurance protects Australian access to high end technologies and can create competitive advantage.
These high stakes are an argument for senior management buy-in to compliance programs, to counter the mindset that compliance is the purview of a few key appointments instead an organisation-wide responsibility. A compliance program should be driven by an assessment of the organisation’s regulatory risk exposure (informed by factors such as the extent of its trade in controlled items, employment of foreign nationals, integrity of its supply chain etc). This then guides the allocation of appropriate resources, internal and external controls and documentation of procedures, including Technology Control Plans. The complexity of regulations, including International Trade in Arms Regulations (ITAR) and Export Administration Regulations (EAR), also warrants a suitable investment in maintaining currency and employee training. Training should include both foundational courses aimed at all employees and new starters and detailed practitioner training for those whose roles are more directly linked to controlled technologies or international trade. Like any other business process, to be assured that a compliance program is effective it should be regularly audited and validated.
A compliance program should also clearly set out the procedure for managing a real or suspected breach. The first step in a managing a breach is to limit further damage by segregating the technology involved. ITAR §127.12 (Voluntary Disclosure) and EAR Part 764.5 (Voluntary Self-Disclosure) then provides guidance on reporting suspected breaches, which is considered favourably in the determination of any penalties/corrective actions. In Fiscal Year 2019, 634 ITAR violations were self-reported with 61 Directed Disclosures, many resulting in negotiated Consent Agreements. These Consent Agreements, including most recently a USD13M civil penalty against Honeywell Inc, are then published to further incentivise compliance management.
While these actions represent best practise in proactively managing compliance, US regulatory agencies also impose their own governance requirements. For example, ITAR §122.5 and EAR Part 762 dictate the requirements for record keeping for receipt, retransfer and re-export of controlled technologies. In addition, the US has a number of end-use monitoring programs including Golden Sentry (for Foreign Military Sales cases), Blue Lantern [for Direct Commercial Sales (DCS) of ITAR controlled items] and Department of Commerce Outreach Visits (for EAR technologies). In FY 2020, approximately 1% of all DCS license applications (or 272 in total) were subject to Blue Lantern checks conducted in country by US Embassy and/or Consulate staff. Australia is included in the ‘East Asia and Pacific (EAP)’ region which represented 23% of global checks, a figure which broadly reflects the proportion of licenses approved for the region. Of the 50 EAP licenses reviewed (generally to verify end-use post-shipment), 17 or 34% resulted in unfavourable findings (due to discrepancies in documentation or ‘unresponsiveness of a foreign party’), although Australia reportedly has had a good Blue Lantern record in recent years.
As past violations are a factor in considering future export authorisations and end-use monitoring, Australian end-users are advised to adopt an effective compliance program as evidence of their commitment to safeguarding US controlled technologies.