Is Your Company’s Understanding of ITAR Procedures Flawed?
Earlier this month, I was reading some articles online and found the following statement about a company and its ITAR requirements (bold emphasis mine):
“Export-controlled technical data has a unique set of rules designed to ensure that it is not inadvertently released or “exported” to foreign persons either inside or outside the United States.”
As an ITAR-registered company, [company name redacted] is required to have procedures in place to trace the processing steps of ITAR-controlled transactions from the time it receives controlled parts to the time they are shipped.
Savvy readers of this blog and experienced U.S. export control and trade compliance practitioners will immediately notice the flaw in this bolded statement.
What Does ITAR Mean?
ITAR stands for International Traffic in Arms Regulations. Its purpose is to assist the U.S. government in preventing the sale, transfer, or disclosure of sensitive information or controlled items to a foreign national.
Take a look at some specific qualities of ITAR, like:
- Regulates technology and goods that are designed to defend against death or cause death with a military application
- Sets restrictions on items appearing on the U.S. Munitions List
- Applies to military items or articles of defense to ensure national security
- Covers technical data related to defense services and defense articles
- Offers strict regulatory licensing for dual-use exports
- Doesn’t address research or commercial objectives
- Includes technology related to space
It is up to the exporter or manufacturer to take the required precautions and actions to certify that their practices are compliant with ITAR regulations and their products, services, or information is meeting the appropriate end-use.
What Is ITAR Compliance?
The U.S. Department of State mandates that all exporters, importers, defense articles brokers, service brokers, or related brokers of technical data must comply with ITAR.
This means companies are mandated to ensure their supply chain participants are ITAR compliant and stay ITAR compliant with their business processes.
If your company is involved in the sale, distribution, or the manufacturing of goods and services controlled under the U.S. Munitions List, or USML, this means you must be registered with your State Department’s Directorate of Defense Trade Controls, or DDTC, to qualify as ITAR certified.
In other words, your company must be registered with the DDTC and have an expansive knowledge of what is required of them to be considered ITAR compliant.
Required ITAR Procedures Are Complicated (And Hard To Understand)
Simply put, there is no legal “requirement” for an ITAR-registered company to have procedures that trace processing steps for ITAR transactions.
For that matter, there’s no legal requirement that an ITAR-registered company has any procedures at all!
With that being said, are procedures necessary? The answer is a definite “yes!”
The importance of having policies, procedures, and regulatory requirements for ITAR and Export Administration Regulations or EAR-controlled transactions cannot be understated. Violating U.S. export laws can result in a variety of penalties.
- Denied License Applications
- Loss of Export License
- Appear on the ITAR Debarred List
- Break in the Supply Chain
- Loss of Profits
- Federal Charges and Penalties
This is true for any company engaged in controlled work, regardless of size and whether the company ships items to foreign locations.
As we all know, deemed export violations can occur just as quickly within the United States as you work with U.S. persons as they can outside of our borders.
Know ITAR Requirements For Your Company & Employees
Not only will a documented compliance program – we call it an Export Management and Compliance Program, or EMCP – help your employees know what to do for ITAR/EAR-controlled work, but it will also go a long way if a government agency starts asking questions or investigating your company’s transactions.
Is simply having ITAR procedures enough? No! Your company needs a clear ITAR compliance plan that will ensure every aspect of your business complies.
Once you have a system in place, training your employees on following it is the next logical step. Having a training program in place will ensure that all team members, from the shipping facility to the CEO’s office, work in tandem to assess risk and meet all compliance requirements.
After that, we suggest periodic audits, whether internal or external or a combination of both, to ensure that your EMCP is operating effectively and avoiding violations.
Good recordkeeping practices will help ensure these audits run smoothly. It will also help in instances where voluntary self-disclosures are necessary to avoid significant issues.
You Need To Update & Assess Your ITAR Procedures Throughout The Year
These follow-on audits or assessments can also help you refine your company’s procedures to improve continually. That’s because simply having procedures isn’t enough. You must ensure that all company members participate in a high-quality ITAR compliance program.
Following those procedures is the critical step that many companies overlook. ITAR regulations aren’t something to take lightly, even if you think your items qualify for an exemption.
Bottom Line: Your company is not legally required to have ITAR procedures. There is no such thing as being ITAR certified- only ITAR compliant.
There is one caveat: if you’re under a consent agreement with DDTC, part of that agreement will likely require you to have a documented compliance program.
That being said, having a compliance program is still a really, really good idea.
Export Solutions has extensive experience in helping companies become compliant, as well as designing cutting-edge training programs that range from in-person training sessions to on-demand webinars employees can access at their own pace.
Trade Compliance F.A.Q.
Tom Reynolds is the President of Export Solutions, a consultancy firm which specializes in helping companies with import/export compliance.