Sanctions Update: EU Commission adopts guidance on dual-use internal compliance programs



On July 30, 2019, the EU Commission issued guidance on internal compliance programs for dual-use trade controls.1 The guidance consists of non-binding recommendations on seven “core elements” for an effective dual-use trade control internal compliance program. For each core element, the guidance sets out clear expectations for internal compliance, as well as the necessary steps for implementation. These are summarized in the table below.

Core Element What is expected? Steps involved
Top level management commitment to compliance Written statement of support of internal compliance procedures:
  • It must indicate clear, strong and continuous engagement and support by top-level management.
  • It must foresee sufficient resources to back up this commitment.
Drafting and rolling out a statement of commitment clearly defining the expectations and conveying the importance and value placed on compliance.
Organizational structure, responsibilities and resources Organizational structure to be set out in writing:
  • It must identify and nominate persons with overall responsibility for corporate compliance.
  • It must allow for the setup of internal compliance controls by a properly trained and educated member of staff.
Defining the number of qualified persons needed to carry out these functions and creating an internal structure that enables the performance of these functions.
Training and awareness raising Training to be provided to staff to ensure awareness of the applicable requirements and rules, as well as about the company’s internal compliance program. This training can be in the form of external seminars, subscription to information sessions, in-house trainings, etc. Organizing periodic and compulsory training for personnel having trade controls-related functions, as well as awareness training for all staff, including -to the extent possible - on the lessons learnt.
Transaction screening Set up a process - either manual or automatic - to evaluate whether a particular transaction involving dual-use items is subject to trade controls. The process should address the following:
  1. Classification of the item
  2. Risk assessment of the transaction
  3. Determination of license requirements and applications for licenses
  4. Post-licensing controls
Establishing a process which includes:
  • Item classification, i.e. determining whether a given item is listed
  • Transactional risk assessment, including:
    • Checking the destinations and counterparties
    • Screening the stated end-use and the parties involved
    • Mitigating the risk of diversion to another end-use or end-user
    • Informing personnel of the “catch-all” requirement, which means that even the items that are not specifically designated as dual use may nevertheless be treated as such if there is any concern about their stated end-use
  • Identification of the license requirements and applications for licenses; ensuring regular contact with the authority dealing with export controls
  • Post-licensing controls: conducting final checks before shipment is sent and ensuring that all conditions applicable in case of license are observed
Performance review, audits, reporting and corrective actions Performance reviews and audits:
  • Must assess whether the internal compliance program is in fact satisfactory and in-line with the requirements of law
  • Are designed to detect inconsistencies and clarify and revise routines if they are at risk of non-compliance
The program must allow for random controls as part of daily operations, as well as audits covering all aspects of the internal compliance program with corrective actions.
Recordkeeping and documentation Procedures and guidelines for handling the relevant documents, their storage, record management and traceability of activities:
  • They must allow for efficient search and retrieval of information during the day-to-day activities in the area of dual-use trade controls and audits.
The procedure must reflect applicable retention periods as set out in local law and ensure that these are respected by all personnel as well as, if possible, external service providers, by way of an adequate filing and retrieval tools.
Physical and information security Physical and information security measures must be introduced to prevent unauthorized access to or removal of dual-use items. Dual-use items must be physically secured and measures and procedures must be put in place to protect information security.

To assist companies and exporters with the implementation of their internal compliance program as well as with the specific risk assessment for each of the core elements referred to above, Annex I to the guidance provides some practical questions with comments on best practices. Annex II sets out examples of red flags that should help companies and businesses identify and calibrate dual-use risks.

We will continue to monitor the developments in this space, particularly with respect to eventual guidance on internal sanctions compliance programmes.

  1. Commission Recommendation (EU) 2019/1318 of 30 July 2019 on internal compliance programmes for dual-use trade controls under Council Regulation (EC) No 428/2009 (OJ L205, 5.8.2019, p. 15), as amended

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Dentons | Attorney Advertising

Written by:


Dentons on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.