Recent comments from the top leadership of both the Directorate of Defense Trade Controls (“DDTC”) and Bureau of Industry and Security (“BIS”) during a government and defense industry conference last week should give all organizations engaged in any export activity a legitimate cause for a reassessment of the program’s overall effectiveness—particularly in relation to the foundational elements of jurisdiction and classification, as well as the post-classification treatment of related technical data.
As Jae Shin, the Acting Director of DDTC noted, his agency received nearly 600 voluntary self disclosures last year, the vast majority of which implicated unauthorized exports of technical data and hardware that was improperly classified. Adding salt into the proverbial wound, DDTC’s dual use regulatory counterpart, BIS, reported receiving a multitude of disclosures of a similar nature. Notably, however, these disclosures often included references to “deemed exports”—the transfer of “technology” or technical data by U.S. Persons to foreign nationals irrespective of where the foreign national remains physically present. According to Eric Longnecker, Director of BIS’s Office of Strategic Industries and Economic Security, exports of this nature were occurring with increasing frequency by companies wholly unfamiliar with the concept of a “deemed export” to begin with.
Jurisdiction and Classification 101
The comments made by Shin and Longnecker point to a number of glaring deficiencies in the trade compliance programs of many organizations involved in the export of both defense articles (regulated by the International Traffic in Arms Regulations (“ITAR”)) and dual use items (regulated by the Export Administration Regulations (“EAR”))—namely, the lack of a formal protocol surrounding both the initial classification of new commodities and the post-classification treatment of related technical data.
With respect to the first, organizations operating in an increasingly advanced technological environment often lack the expertise needed to appropriately determine jurisdiction (in layman’s terms, whether a commodity should be treated as ITAR or EAR controlled), and consequently, under which articles or categories. This initial step is crucial in allowing the trade compliance function to advise the organization with respect to both the treatment of the commodities subject to classification and the viability of broader strategic initiatives that often implicate the export and re-export of these items to multiple foreign jurisdictions. If the initial classification of the commodity is incorrect, then regulatory restrictions surrounding the treatment of that item and others similarly situated are wholly undermined—to the detriment of carefully aligned U.S. foreign policy and national security objectives.
This is especially true where—operating under the EAR—organizations rely on the default classification of “EAR99” as a means of avoiding regulatory burdens and/or more freely disseminating the product in question contrary to governmental restrictions. This classification approach, however, is completely inimical to the standard methodology employed by competent trade practitioners to appropriately scrutinize and classify a commodity. Under that methodology, classification as “EAR99” is a last resort in ascertaining what controls may be applicable. Recourse is first made to the Commerce Control List (“CCL”), the specific category under which the commodity is likely to appear, and a complete examination of the characteristics of the commodity in question against all relevant export control classification numbers (“ECCN”) within that category. Classification as “EAR99” should follow only after it is clear to the trade compliance official that all other alternatives have been exhausted.
It seems self-evident but necessary to say that all of this requires the involvement of an experienced trade compliance officer with significant classification experience to ensure that a commodity is appropriately classified. Too often, the modern tendency is for even the most sophisticated organizations to self-classify their items as quickly as possible utilizing personnel that may or may not be equipped with the specific skillset needed to deal accurately with a more exacting classification exercise. This tendency requires a complete course correction in light of the latest remarks from DDTC and BIS. Indeed, these remarks make it clear that recourse must now be made by the organization to either DDTC or BIS itself for a formal jurisdiction and classification decision (in the form of a commodity jurisdiction and/or CCATS request) or outsourced altogether to a third party thoroughly familiar with jurisdiction and classification processes. Organizations that fail to heed this advice risk exposing themselves to concrete repercussions—having now been put on notice that these agencies have seen a troubling pattern they want industry itself to address.
(Mis-) Treatment of Technical Data
Additional comments made by Shin and Longenecker point to the ubiquitous practice of allowing controlled “technical data” (in the case of the ITAR) and “technology” (in the case of the EAR) to be disseminated externally without restriction. This seemingly innocuous violation of existing export control regulations often occurs when a U.S Person transmits controlled information of a technical nature to a non-U.S. Person, whether by electronic means or otherwise—irrespective of whether the foreign person is present domestically or abroad. In export compliance terminology, such transfers are referred to as “deemed exports.”
A common scenario encountered by many organizations today is the wholly unintentional transfer of controlled technical information by an uninformed internal party to an external party that employs a similar uninformed foreign national. While recent enforcement actions have highlighted more flagrant and intentional violations involving the “deemed export” rule, companies frequently encounter less intentional and more unwitting violations implicating this rule in the conduct of normal business activities. This phenomenon is primarily attributable to a lack of knowledge by those with key operational responsibilities of export compliance considerations. While such personnel may have been initially trained to be familiar with concepts like the deemed export rule, too many organizations lack formal mechanisms to consistently reiterate the observance of export compliance principles by a company’s rank-and-file. Adding insult to injury, the majority of these infractions occur when technical information related to controlled technology is inappropriately marked or unmarked altogether—pointing to a lack of coordination between relevant stakeholders in ensuring that technical publications related to controlled commodities remain appropriately accounted for and controlled.
The panacea to this problem is obvious. Faced with an increase in export violations arising from deemed exports, trade compliance personnel—with the backing of senior organizational leadership—should ensure that all employees have a basic familiarity with export controls as those controls relate to their specific functions. Second, the principles articulated in any initial export compliance training must be communicated consistently for them to serve as an effective safeguard against a potential infraction. Weekly email reminders, quarterly newsletters, team meeting discussions, and conspicuous intranet notices are all ways that the compliance function can leverage modern technology to engage with frontline employees who are ultimately the guardians of the company’s controlled technical information. Finally, the company must ensure that all documents related to a properly classified and controlled commodity are themselves designated as controlled. In this regard, a best practice is marking the document in question with a conspicuous notice apprising the reader that the information contained therein is subject to specific export controls and should not be exported (emailed or otherwise) to any party without the specific authorization of the trade compliance team. Document marking is a simple but effective tool that encourages an employee to stop and recognize that the information they are dealing with is more tightly controlled than other material. Over time, this self-recognition becomes yet another line of defense the trade compliance team can rely on to mitigate the potential for regulatory infractions.
While proper classification of commodities and handling of technical information are by no means novel issues in the realm of export compliance, a precipitous increase in the number of disclosures related to these issues merit serious attention by the organization to the effectiveness of its export compliance practices. Organizations lacking sufficient export compliance expertise should be encouraged to engage experienced trade compliance professionals to identify systemic problems and ensure that they are properly remediated. Merely turning a blind eye to the issues raised by both DDTC and BIS is virtually a guarantee of a future regulatory infraction.
