BUILD YOUR EXPORT COMPLIANCE MANUAL • Roles • Program elements

Mass Export Center OCT 2011
BUILD YOUR EXPORT
COMPLIANCE MANUAL
• Roles
• Program elements
• Audit tips
Natascha Finnerty
DL Exports International, Inc
www.dlexports.com
1
BIS/DDTC RECOMMEND
AN ECMP
• Published guidelines for
establishing export management
system
– Nunn-Wolfowitz report google nunnwolfowitz
– BIS/DDTC Compliance guidelines Programs are on their websites
– DDTC guidelines
• BIS updated their guidelines in
2010 and have 9 elements
– Includes managerial tasks
– Administrative requirements
www.dlexports.com
2
IMPLEMENTING A
PROGRAM TAKES ...
• Management commitment
• Export Policy
• Regulatory understanding
• Resources
• Time
• Training
www.dlexports.com
AB Tech
EXPORT
POLICY
3
GOOD FOR BUSINESS
• In successful companies,
compliance is part of the corporate
culture
• It can be a competitive asset and
should be listed on your website
• Small investment can save big over
new penalties
www.dlexports.com
4
WHERE TO START?
• Establish an Export Steering
Committee
• Nominate a Focal Point
• Engage kick off training
• Review business and applicable
regulations
www.dlexports.com
5
• Conduct a risk assessment –
see BIS guidelines
• Establish/revise policies &
procedures that address
cradle to grave of hardware
and technology release life
cycle – integrate into quality
SOPs, other compliance
programs
• Train personnel
• Implement & audit
www.dlexports.com
6
EXPORT COMMITTEE
Suggested Members
•Finance
•Legal
•HR
•IT
•Security
•Sales & Marketing
•Sales Admin.
•Contracts/Accounting
•Order Admin
•Manufacturing
•Traffic
www.dlexports.com
7
NEW CONSIDERATIONS
• Effect of Sarb-Ox
• Higher fines and penalties
• New mitigating and aggravating
factors
• Export reform - Mixing of ITAR and
EAR rules?
• Securing of IP from foreign parties
or customers
• Are contractors or outsourced
companies screened?
• Anonymous reporting?
8
www.dlexports.com
SARB-OX
• Upper Management needs to be
informed and verify compliance as
part of corporate governance
• Penalties could adversely affect
financial position of company,
whether public or private
• Could stop a sale or acquisition
• Disclosure requirements
www.dlexports.com
9
Does SOX apply to your
export issues?
• What percentage of your
business is exports? Are you
publicly held?
• What percentage of your
suppliers is foreign?
• Is your company a related
company?
• Do you export to resellers? If
yes, whom do they sell to?
www.dlexports.com
10
COMPLIANCE PROGRAMS
• MUST PREVENT AND DETECT
VIOLATIONS
– DOES YOURS?
• HOW DO YOU USE METRICS TO
MEASURE IT?
www.dlexports.com
11
TEMPLATE FOR PROCESSES
• Are they written in the active
voice?
• Do they describe the
responsible personnel?
• Do you detail the records that
are created by the process?
• Is there a risk assessment and
control process?
www.dlexports.com
12
REVIEW CURRENT
BUSINESS PRACTICES
www.dlexports.com
13
RISK MITIGATION
FOR EXPORT ISSUES
• Level of technology, ITAR?
• Is end-user known?
• Dealings in countries of
concern?
www.dlexports.com
14
RISK ASSESSMENT contd
• Any potential misuse of product
(EPCI)?
• Multiple shipping sites?
• Do you control distribution
channels?
• Do you require licenses and
need to adhere to qty, value,
provisos?
• AES compliance?
www.dlexports.com
15
REVIEW APPLICABLE
REGULATIONS
• EAR (& Antiboycott)
• ITAR
• OFAC
• Foreign Trade Regs
• NISPOM
•CUSTOMS
•CONSENT AGREEMENTS
www.dlexports.com
16
RISK ASSESSMENT
• DO YOU EXPORT CONTROLLED
HARDWARE OR TECHNOLOGY?
(ITAR/EAR)
– Need export license application
procedures, processing, license
management, closing
• Product classification
• Classification of new products
• Purchased Products
www.dlexports.com
17
RISK ASSESSMENT
• Do you know your customers?
– Or sell thru distributors?
– Or you find out about them later
• sw registrations
• repair
www.dlexports.com
18
PROCEDURES
• Compliance Policy and Org chart with
responsibilities
– Time to get management support
– List back-ups to each key position
– Central focal point
• Product matrix
– Ongoing, tie it to new product release
• Country charts
– Automate, where possible
• Denial list screening and managing hits
www.dlexports.com
19
EXPORT MANAGEMENT
SYSTEM
• Duties are cross
functional
• Employees
receive training
on export
procedures
• Use an Action
Plan until
completed
www.dlexports.com
20
DOCUMENT THE PROGRAM
• Borrow from your company’s
procedures templates and use
flow charts
– ISO, TQM, Industry Quality
standards, Sarbanes Oxley
• Upload an International
Compliance website
– Policy, training slides, product
matrix, FAQs
• Coordinate with other compliance
efforts: Quarterly reports to
management
www.dlexports.com
21
Sample
Order
Rec’d
Conduct
screening
•DPL, Entity, SDN
-Country
-High Risk
•Proliferation
Product matrix
Lic determ
Y
Order OK?
Apply for lic.
Cancel Order
Contact ECM
N
Prepare Docs
Ship
www.dlexports.com
22
Export Compliance and
Management Program
1. Administrative Elements:
–
–
–
–
–
–
Management Commitment
Responsible Officials
Record Keeping
Training
Internal Reviews
Notifications
www.dlexports.com
23
Screening Elements
– Denial Orders
– ECCN Classification/License
Determination
– Diversion Risk
– Nuclear End-Users/Uses
– Chemical & Biological End-Users/Uses
– Antiboycott Compliance
– Add’l US Gov’t Agency Requirements
www.dlexports.com
24
STANDARD SCREENING
PROCESS
Check all exports against:
• Restricted Parties and updates
• Product Matrix/Classification
• License requirements
• Restricted/Embargoed Countries
• Antiboycott
www.dlexports.com
25
RESPONSIBILITY #1
Product Matrix
• You need to review all products to
determine if an export license may be
required
• This is done export compliance
manager with the help of IT
• Controlled items can be hw, sw,
technology relating to
– computers,
– software with encryption,
telecommunications products, lasers
– Industrial equipment and chemicals
www.dlexports.com
26
PRODUCT MATRIX
• This process is ongoing, and requires
regular updates as new items are
developed or upgraded.
• You need to determine the export
commodity classification number
(ECCN), countries that may require a
license, and customs numbers (Sch
B).
• The Product Matrix list is included in
the Export Compliance Program.
www.dlexports.com
27
RESPONSIBILITY #2
Denied Parties
• You need to ensure that you do not sell
to prohibited parties identified by the US
Government and, potentially, other
gov’ts.
• Most companies need to get Compliance
Screening Service for this purpose
• These lists are updated regularly by the
government.
• We must determine who is the end-user,
what is the end-use, who are the parties
to the transaction
• Screening must occur before the items
are shipped for exports supporting
particular projects
28
www.dlexports.com
Need to establish a
policy for hits
• Need enough information to
clear hits – what agency, what
are the requirements
• Determine if it is a false hit
• Contact government agency or
get certification from the
person
• Keep records of hits
www.dlexports.com
29
RESPONSIBILITY #3
High Risk Profile
• We need to ensure that we
recognize any unusual
circumstances or “Red Flags”
• Each employee is responsible for
taking appropriate actions if a
transaction seems suspicious
• Report any unusual activity
throughout sales and to the
Export Compliance Manager
WHEN IN DOUBT, CHECK IT OUT!
www.dlexports.com
30
RESPONSIBILITY #4
Country Embargoes
DO NOT SHIP TO THESE COUNTRIES
WITHOUT A LICENSE!
• The following countries are under
General Embargo:
Cuba Iran North Korea Sudan Syria
• The following countries are highly-controlled:
Iraq
Libya
There are many denied parties in these countries:
Banks, Entities (Companies) and Individuals
www.dlexports.com
31
OTHER COUNTRIES
OF CONCERN
Country Groups D
• Military & Terrorist
Rwanda Angola Libya
• Countries of Concern
China
Taiwan
India
Pakistan
Middle East
Former Soviet Bloc
www.dlexports.com
RESPONSIBILITY #5
ANTIBOYCOTT LAWS
• US companies and their subsidiaries
may not participate in the Boycott of
Israel
• Watch for any statements that
include:
- you must “comply with Arab
League Boycott of Israel”, or
- request for certification that
Goods are “not of Israeli Origin”
• Must report all such statements to
33
www.dlexports.com
DOC
RESPONSIBILITY #6
RECORD KEEPING
• We must keep records for 5 years
• Transaction Records include:
–
–
–
–
–
–
–
–
–
Purchase Orders
Quotes
Commercial Invoices
Bills of Lading & Air Waybills Comm
Invoice
AES records
Banking documents & letters of credit
Export checklists
Screening results
Correspondence and contracts
www.dlexports.com
34
Compliance Records
• Acknowledgment of the
Compliance policy
• Notices in contracts with
resellers and websites
• Training records
• Audit Records
• Export licenses and
classifications
• Encryption reports
www.dlexports.com
35
OUR INSURANCE
POLICY
• Apply Due Diligence
• Know your customer
• Follow the system for approving
exports
• Contact the Export Compliance
Manager with ANY QUESTIONS!
www.dlexports.com
36
DEVELOP
COMPLIANCE
PROCEDURES
NO WHITE KNIGHTS
• The entire organization must
implement procedures
• Export Compliance Manager acts
as a focal point
www.dlexports.com
TRAINING OF RELATED
PERSONNEL
• Export Coordinator &
back-up - annual
external sessions
• Upper management
• Related employees - Inhouse annually
• New employee training
• Specific training for
each department
www.dlexports.com
38
Training and Audits
are a must!
– Per the govt – audit, audit ,
audit!
– Is there a schedule?
– Records?
– Internal or External
– Copies of hand-outs?
– Using the latest technology?
www.dlexports.com
39
BE SURE!
Ensure that your subsidiaries
have controls at their site!
•Denied parties screening
•Antiboycott
•Embargoed countries
ABC Sarl
ABC GmbH
www.dlexports.com
40