Many clients are surprised when they start working on their export policy by the amount of flexibility there is – particularly when it comes to how they comply with the regulations. This most often occurs during the development or improvement of a company’s export compliance procedures.
The basic goals of ITAR and EAR are relatively straightforward. The complexity arises in trying to create a policy for export compliance that depends on a wide variety of factors, including the potential risks your company is willing to take that a violation may occur.
One example: Most people understand the need for effective denied parties screening. However, I’ve seen policy statements that range from checking the lists every two years to others that perform continuous screening using an automated service. How often should you screen? How will you do it? And how will you document the results?
Here’s another one: What should our visitor policy be with regards to export compliance? I’ve seen procedures that simply ask visitors to identify their status as a U.S. Person or Foreign Person. Other companies make visitors prove this with documentation. Some use badges. Others delineate “visitor only” sections of their facility.
How about this one: Some organizations prohibit cameras altogether. Others allow employees to take mobile phones on the job, but prevent visitors. Others have no camera policy.
Which of these solutions are right? Which are wrong? And how should your export policy be structured? This depends on a variety of factors, including your line of business, customer base, products/services, and more. It also comes down to the inherent risk that your adopted policies will create (and how comfortable your management team is with that risk).
Don Buehler is founder and president of Export Solutions, Inc., a consultancy firm which specializes in helping companies comply with ITAR and EAR.