On April 25, 2018 the Directorate of Defense Trade Controls (“DDTC”) announced another major enforcement case for violations of the International Traffic In Arms Regulations (“ITAR”). The case, involving FLIR Systems, Inc. (“Respondent”), involved a wide range of alleged violations and resulted in a $30,000,000 civil penalty. This case is a sobering reminder of DDTC’s serious commitment to investigate ITAR violations and provides an important compliance lesson for U.S. and foreign companies.
The Respondent is a manufacturer of advanced sensors used to protect borders, gather intelligence and protect critical infrastructure. DDTC alleged that the Respondent engaged in multiple violations of the Arms Export Control Act (“AECA”) and ITAR Part 127 including:
DDTC also identified significant alleged violations by the Company for permitting certain of its employees who are foreign or dual nationals to have access to ITAR-controlled technical data stored in the Company’s computer system. DDTC alleged that the Company failed to have adequate controls in the data system to prevent foreign national employees from accessing controlled files through their use of the system. In addition, DDTC stated that the Respondent failed to collect citizenship information necessary to determine licensing requirements for its foreign-person employees, including employees holding nationalities from more than one country.
DDTC identified a number of aggravating factors including significant compliance program deficiencies and “deficient ITAR expertise and senior leadership oversight.” As part of the proceedings, the Respondent entered an agreement with DDTC to toll the statute of limitations.
As referenced above, as part of the settlement the Respondent agreed to $30 million in civil fines and remedial compliance measures – of this amount $15 million will be suspended on the condition that the Respondent applies the suspended amount to pay for remedial compliance measures. The Respondent also agreed to appoint a “special compliance officer” to monitor ITAR compliance for a minimum of three years in consultation with DDTC. In addition, the Consent Agreement requires the Respondent to adopt policies and procedures to address the following:
The Proposed Charging Letter, Consent Agreement and Order are available through these links.
This case is an important reminder to U.S. companies of the importance of following basic principles of ITAR compliance in their day-to-day business activities. The basic “blocking and tackling” in ITAR-compliance, of course, includes conducting classifications of the company’s products and services, obtaining requisite licenses and TAA’s, protection of controlled technical data, complying with terms and conditions of authorizations, proper use of license exemptions, proper license administration, denied party screening, employee training and compliance with ITAR recordkeeping requirements. Adopting an ITAR compliance program can assist in reducing violations and provide a basis for reducing penalties if violations do occur.
This case confirms that what may initially appear to be mere “routine” ITAR violations can turn out to be a $30 million problem very quickly.
 Of this amount $15 million will be suspended on the condition that the Respondent applies the suspended amount to pay for self-initiated remedial compliance measures.