Four lessons from the Raytheon ITAR violations

Last week, DDTC released a proposed charging letter and subsequent consent agreement, alleging 125 charges of ITAR violations against Raytheon Company and its subsidiaries. The documents provide some interesting reading for export compliance officers and corporate counsel who are interested in avoiding similar ITAR compliance problems for their companies. Although the alleged Raytheon ITAR violations span many years and cover a wide range of administrative non-compliance issues, there are a few key takeaways we can glean from this case.

Consider these “big-picture issues” that can cause problems for any company, regardless of how sophisticated its compliance efforts may (or may not) be:

1. Details Matter. Many of the alleged violations stem from Raytheon’s failure to properly administer its Technical Assistance Agreements (TAA) and/or Manufacturing License Agreements (MLA) with State. This includes details like: (1) failure to file timely amendments, (2) exceeding authorized quantities to manufacture hardware at foreign subsidiaries, (3) exceeding authorized dollar amounts for some of its agreements, and (4) “inaccurate tracking, valuation and documentation of temporary exports and imports.” In the grand scheme of ITAR compliance, such administrative details are not as egregious as, say, exporting classified blueprints to China. However, the details matter and cannot be overlooked. In this instance, those details will end up costing Raytheon millions. It’s also worth noting that the dollar-value violations caused further problems for the company (and DDTC) pursuant to the Congressional notification requirements in ITAR 123 and 124.
2. Automation Matters. Buried in the pages of Raytheon’s consent agreement is this requirement: “Respondent agrees to continue to implement a comprehensive and reasonably uniform automated export compliance system throughout [its] operating divisions, subsidiaries and business units.” The lesson here is that, for a large company like Raytheon, and even for small/medium sized businesses, a certain level of automation across your compliance program is essential to achieving uniform results. We have discussed the pros and cons of export automation many times on this blog before. (See here and here for some recent examples.) But the fact remains: If you want to achieve consistent compliance results, look for opportunities to automate certain steps in your import/export process. For large companies, this is not just a good idea. It’s a necessity.
3. Disclosures Can Be Good (and Bad … but Mostly Good). I lost count at 60, but it’s safe to say that over the years, Raytheon has submitted a significant number of voluntary disclosures to DDTC admitting violations of the ITAR. This is good in the sense that Raytheon cooperated with State and was transparent in acknowledging its compliance shortcomings. (DDTC certainly considered these disclosures as a mitigating factor in the case.) However, the issue seems to be not so much the quantity of disclosures submitted, as the quality of those disclosures. From the charging letter: “Respondent has also managed its voluntary disclosures inadequately, at times complicating the Department’s reviews of the reported violations.” Disclosures should be factual and honest, but they should also provide State with a clear picture of: (1) what happened, (2) why it happened, and (most importantly), (3) what’s being done to prevent it from happening again. It seems that Raytheon fell short of these goals in its numerous communications with DDTC, and it’s worth noting that State specifically cites the requirements of ITAR §127.12 in the charging letter. Which brings me to my final takeaway from this case …
4. Audits Matter (but Corrective Actions Matter More): No one can fault Raytheon for a lack of export compliance audits over the years. However, it seems DDTC does fault the company for failing to identify – and fix – the root causes uncovered in these audits. From the charging letter: “The Department has concluded that Respondent’s remedial and corrective efforts have been hampered at times by inadequate investigations of root causes … [and] Despite undertakings and efforts by Respondent to identify and address the underlying causes, many of these violations recurred over the years, as corrective measures repeatedly proved insufficient or failed.” This goes to the heart of continual improvement and quality control (and, for that matter, export compliance, too). Audits are great because they help you identify what’s not working with your ITAR/EAR compliance process. However, it takes drilling down to the root causes and developing a workable corrective action plan if you truly want to improve your results. (For more on this, check out my colleague Don Buehler’s recent blog post: What EC can learn from QC ) It seems so simple, but you’d be surprised how many companies audit their trade compliance programs, analyze root causes, develop corrective actions, and then … do nothing.

All in all, these are tough, complicated lessons for any company to learn. However, if you can learn the lessons on your own, it will generally be better than getting slapped with millions of dollars in fines for ITAR violations, followed by years of having DDTC oversee your compliance operation.