1 / 49

What We’ll Cover

NCMA Workshop International Traffic and Arms Regulations ( ITAR) What you need to know! Natascha Finnerty DL Exports International dlexports@comcast.net 978 368-7940. What We’ll Cover. When and Where ITAR Applies Controlled Items, Activities, and Countries

lilike
Download Presentation

What We’ll Cover

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NCMA WorkshopInternational Traffic and Arms Regulations (ITAR)What you need to know!Natascha FinnertyDL Exports Internationaldlexports@comcast.net978 368-7940

  2. What We’ll Cover • When and Where ITAR Applies • Controlled Items, Activities, and Countries • Security Concerns w/Foreign Employees • Building an Effective Technology Control Plan (TCP)

  3. ITAR Applies to • Your Company, • Your Customers, AND • Your Employees

  4. RECENT TRENDS DFAR requires DOD to state if a contract is “ITAR controlled” Partners and customers are asking if companies are ITAR registered Contracts for SBIRs state that “technology must be transferred only to US persons” Larger fines imposed for ITAR errors – ITT $100M

  5. TRUTHS ABOUT EXPORT REGULATIONS • Directly linked to international events • Not taught in most business curriculums or by managers • They are always changing • You love’em or hate’em

  6. TODAY, THERE ARE SEVERAL REASONS FOR EXPORT CONTROLS • To prevent the increase of military strength of an adversary • To further foreign policy objectives • To protect scarce resources • To implement international arms/weapons bans

  7. EXPORT CONTROLS ARE IMPORTANT TO EXPORTERS • Reach of U.S. Export Controls is broad. Large % of business is military-COTS • Violations can cause you to lose your government contracts • There are Global Alliances to that we must comply with

  8. GLOBALCONTROL REGIMES

  9. GLOBAL COMPLIANCE ISSUES THAT AFFECT EXPORTERS Missile Tech Control Regime Companies must Comply with Requirements of the New International Alliances that Regulate Trade Australia Group NATO MOD Nuclear Supplier Group Wassenaar Arrang

  10. CONSEQUENCES OF FAILURE TO COMPLY • Penalties • Negative publicity • Loss of Government contracts, other business

  11. EXPORTING COMPANIES ARE EXPECTED TO HAVE AN EXPORT COMPLIANCE PROGRAM Goals: • Protect against violations • Control exports and transfers effectively and efficiently • Ensure systematic approach

  12. COMPANIES MUST SHOW DUE DILIGENCE FROM THE FIRST EMAIL OR TELECOM • Licenses can be required to submit a proposal to a foreign party • Licenses can be required to provide detailed technical information to a foreign person • Persons of some countries cannot even get a license!!!

  13. The US Government controls the export of goods, software and technology EVEN In the US ! through the control of -specific items, and • specific activities. • Either as Dual-use or Military. It can be a fuzzy line!

  14. WHAT’S AN “EXPORT” OR REEXPORT? • Ship/send/transmit items on the USML or CCL from U.S. to foreign country • Transferring ownership of a vessel, aircraft or satellite to foreign company • Ship/send/transmit U.S. items from one foreign consignee or country to another • Disclosing by any means to a foreign person in the US • Ship foreign items with U.S. content from one foreign country to another AND …

  15. MORE “EXPORTS” • Release of tech data to a foreign national • Participation in proliferation (nuclear, chemical/biological weapons or missiles) • Dealings with Restricted Parties (TDO/SDNs, debarred list, others) • Transactions involving Embargoed countries

  16. SOME ACTIVITIES ARE OUTSIDE EXPORT REGS Transfer of “Publicly Available” (Public Domain) information • Brochures • Technical information provided freely (even to competitors) at no charge • Fundamental Research • Information in Libraries, newsstands • Patents

  17. Law and the Regulations HOW THE GOVERNMENT CONTROL THE TRANSFER OF MILITARY DATA, ITEMS AND SERVICES

  18. Arms Export Control Act22 U.S.C 2778 TRADING WITH THE ENEMY ACT • Controls Imports and Exports of Defense Articles and Services • Broad authority to approve, deny, suspend, revoke and halt shipments from US ports • Mandates registration and licensing • Requires monitoring and reporting of fees, contributions and commissions

  19. ITAR AND EAR The International Traffic and Arms Regulations (ITAR)-Military Items Export Administration Regulations (EAR)-Commercial Items

  20. YOU NEED TO UNDERSTAND THE SCOPE! • CONTROLLED ITEMS AND • ACTIVITIES

  21. CONTROLLED ITEMS • US Munitions List (USML) • Commerce Control List (CCL)

  22. ITAR CONTROLS ITAR govern munitions items, related tech data and services: • Items designed, configured or adapted for military use • Items that meet listed parameters (radiation resistance, TEMPEST) • Predominant military Use • Classified items and technical data • Defense services

  23. US ML PART 121 21 categories, from firearms to major weapons systems I – Firearms III – Ammunition IV – Launch Vehicles, Guided Missiles VII – Aircraft and associated equipment X – Protective Personnel Equipment XI – Military Electronics XV – Spacecraft and Associated Equipment XVII Classified Articles, Tech Data and Defense Services - catch all

  24. LISTS USML • Broad categories • Specially designed for military catches lots of things • Must apply for a COMMONITY JURISTRICTION (CJ) to get off the list • Need a license for all destinations • China is proscribed

  25. USML vs. CCL USML 22 categories • Item, components, technology CCL • 10 categories • Item, production, material, software, technology

  26. CCL • Technical parameters that the item must meet • Must be high level item • Many license exceptions to Regime members EAR99 4A003 4A994

  27. DEVELOP A PRODUCT MATRIX Communicate to • Project Managers • HR • Sales • Shipping Make it part of your PN or contract processand program a flag • ECCN/Cat No. • Origin • Schedule B

  28. KNOW THE PROSCRIBED COUNTRIES

  29. KNOW THE PROSCRIBED COUNTRIES 126.1 Embargoed UN Embargoes Terrorism Restrictions Belarus Afghanistan CubaCuba Cyprus Burma Iran Congo (DR) China Eritrea North Korea Fiji Iran Sudan Indonesia Haiti Syria Iraq Ivory Coast Liberia Lebanon North Korea Libya Somalia Palestine Syria Thailand Sudan Yemen Venezuela Zimbabwe BEST PRACTICE – limit the ability to book orders or hire individuals from these countries in your system

  30. UNDER THE ITAR – ALL COMPANIES MUST • Register (PART 122) • as a manufacturer, exporter and/or broker • Select Empowered Official (s) • by letter

  31. KNOW THE RED FLAGS! • Customer is little known • Customer is evasive about end-user or end-destination • Customer knows little about the product but wants it anyway • Customer asks for out-of-the-way delivery routing • Customer is willing to pay cash You cannot act with knowledge of a violation or provide advice on how to evade the regulations!

  32. Security Concerns w/Foreign Employees Employing/Contracting Foreign Nationals “non U.S. Persons”

  33. “OK, folks, today we tour the highly classified, top secret areas of our Defense Department.”

  34. ITAR HINT • "Prior approval to use Non-U.S. Citizens to perform on this contract, at either the prime or sub-contract level, must be obtained from the Contracting Officer. If approval is granted, such approval does not grant an exception to U.S. export law (s) and the contractor is responsible for obtaining necessary export licenses."

  35. WHAT IS A TECHNICAL DATAEXPORT (RELEASE)? • Ship IC designs to foreign country • Hire foreign engineers • Plant tour for foreign nationals • Foreign access to host computer • Transfer data/software over the Internet • Phone, FAX, & E-mail • Co-development project with foreign partner • Train foreign nationals

  36. DEFENSE SERVICES • Assistance to foreign persons in activities involving defense articles: • design, development, engineering • testing, manufacturing, production, assembly • repair, maintenance, modification • operation • demilitarization, destruction • Provision of ITAR-controlled tech data to foreign persons

  37. TECHNOLOGY TRANSFERS TO FOREIGN NATIONALS • Foreign nationals = all EXCEPT • U.S. Citizens • U.S. Permanent Residents • Persons granted refugee status or asylum in the U.S. • If the tech data are controlled to the home country AND no License Exception is available, obtain a license • Considered an ITAR “deemed export” • Applies to interns, contract employees, others, anyone who sees ITAR data

  38. IF YOU GOTTA HAVE HIM/HER ON A PROJECT! • Is it an ITAR (DSP-5 or TAA) or BIS license? In either case • Letter of explanation, • Resume • Statement of Work • Passport documents • EAR - Transfer of technology to foreign national per 732.2(b)(ii) • FBI template • End-user – provide immigration status. • End-use - Expiration date tied to H-IB Visa Can be renewed – automatic 6-month extension if renewal is received 45 days prior. Include the previous license number on all applications

  39. Company Policyand ITAR NDA • Statement from Senior Management on importance of TCP • Employee responsibilities • Part of Hiring Process • Need to demonstrate management commitment

  40. ITAR TECHNICAL DATA • Information for design, development, production, assembly, manufacture, use of defense article • Classified technical information • Basic marketing info excluded • “Public domain” material excluded

  41. US Engineer US Engineer Non-US Engineer Mixed Use Server Commercial Project Web or Collaboration Portal 6 1 2 3 4 5 ITAR ? ITAR data Non-US Admin Non-US Partner Overseas Remote US Engineer A Day in the Life of an A&D Engineer (without export control solution) Lack of Information barriers Weak access or flow control ITAR Project File Server Commercial product contamination Transfers not matched to licenses Transfers over unapproved channels Uncontrolled mobile data export

  42. US Engineer US Engineer 1 2 Non-US Engineer Mixed Use Server Commercial Project Web or Collaboration Portal ? 5 ITAR 4 3 ITAR data Non-US Admin Non-US Partner Overseas Remote 6 US Engineer A Day in the Life of an A&D Engineer (with export control solution) Information Barriers Controlled Access and Flow ITAR Project File Server Transfers matched, logged, accountable reporting Non-contamination Controlled Transfers Approved Channels Data Export Control for Mobile Nextlabs Solution

  43. Technical Data US persons authorized to access ITAR project information IdentityManagement ITAR Technical Data US persons and non-US persons not authorized to access ITAR project information Approve/Deny Shipment of Goods Export Control for Technical Data Overview Physical Goods Defense Articles and Third Party Supply Chain Export Control forTechnical Data Import/Export Control Export Licenses,SPL, Embargo List Approve Audit Log Deny/Limit US DoD images and Information NextLabs Products

  44. Composite Application • Export LicenseRequest Mgmt • ITAR/EARProject Mgmt • Technical DataPolicy Mgmt • Technical DataExport Tech Data Policy Management Export Project Management Information Export Solution Information Export Control Tech Data Export Export Audit Reporting Export License Mgmt Identity Management Compliant Enterprise Import/Export Control ITAR Access Provisioning ITAR / EAR Policy Library Export License Mgmt Export Project Assignment Technical Data Activity Journal License, Embargo, SPL, Policy Audit Data Technical Data Policy Enforcement Partner Systems File Server PDM / SCM Collaboration Batch Secure Dropbox (FTP) Laptops Design Workstation Email / Instant Messaging Mobile Users

  45. FACILITIES CONTROLS • Control access to ITAR development and manufacturing areas • Procedures – clean desk, locked storage • Separate areas for ITAR meetings • Different Badges for foreign persons/visitors • Sign In and provide status of person - US?

  46. HR Controls • Deemed exports license for new engineers that are not permanent residents • Unique badges for FN • Notices to employees about non-disclosure to foreign employees, contractors, vendors • Training in rules

  47. NISPOM IS Controls • Chapter 8 • Need to address - Administrative, operational, physical, computer, communications, and personal controls • Appointment of a IS Security Officer • Certification and Accreditation • Regular Auditing of procedures

  48. System Management • Handling, controlling, removing, destroying of backup media. • Control over devices containing ITAR data • Implementation of authentication procedures • Including laptops, PDA’s, removable devices • Privileged and “super users” • Protection of passwords • Tracking of who examines HW and SW • Don’t forget IT maintenance personnel • Physical Security

  49. References • Nunn-Wolfowitz Best practices • SIA: Compliance Insiders – Toolkit for Internal Compliance www.si.ed.org • DL Exports Intl www.dlexports.com

More Related