490 likes | 673 Views
NCMA Workshop International Traffic and Arms Regulations ( ITAR) What you need to know! Natascha Finnerty DL Exports International dlexports@comcast.net 978 368-7940. What We’ll Cover. When and Where ITAR Applies Controlled Items, Activities, and Countries
E N D
NCMA WorkshopInternational Traffic and Arms Regulations (ITAR)What you need to know!Natascha FinnertyDL Exports Internationaldlexports@comcast.net978 368-7940
What We’ll Cover • When and Where ITAR Applies • Controlled Items, Activities, and Countries • Security Concerns w/Foreign Employees • Building an Effective Technology Control Plan (TCP)
ITAR Applies to • Your Company, • Your Customers, AND • Your Employees
RECENT TRENDS DFAR requires DOD to state if a contract is “ITAR controlled” Partners and customers are asking if companies are ITAR registered Contracts for SBIRs state that “technology must be transferred only to US persons” Larger fines imposed for ITAR errors – ITT $100M
TRUTHS ABOUT EXPORT REGULATIONS • Directly linked to international events • Not taught in most business curriculums or by managers • They are always changing • You love’em or hate’em
TODAY, THERE ARE SEVERAL REASONS FOR EXPORT CONTROLS • To prevent the increase of military strength of an adversary • To further foreign policy objectives • To protect scarce resources • To implement international arms/weapons bans
EXPORT CONTROLS ARE IMPORTANT TO EXPORTERS • Reach of U.S. Export Controls is broad. Large % of business is military-COTS • Violations can cause you to lose your government contracts • There are Global Alliances to that we must comply with
GLOBAL COMPLIANCE ISSUES THAT AFFECT EXPORTERS Missile Tech Control Regime Companies must Comply with Requirements of the New International Alliances that Regulate Trade Australia Group NATO MOD Nuclear Supplier Group Wassenaar Arrang
CONSEQUENCES OF FAILURE TO COMPLY • Penalties • Negative publicity • Loss of Government contracts, other business
EXPORTING COMPANIES ARE EXPECTED TO HAVE AN EXPORT COMPLIANCE PROGRAM Goals: • Protect against violations • Control exports and transfers effectively and efficiently • Ensure systematic approach
COMPANIES MUST SHOW DUE DILIGENCE FROM THE FIRST EMAIL OR TELECOM • Licenses can be required to submit a proposal to a foreign party • Licenses can be required to provide detailed technical information to a foreign person • Persons of some countries cannot even get a license!!!
The US Government controls the export of goods, software and technology EVEN In the US ! through the control of -specific items, and • specific activities. • Either as Dual-use or Military. It can be a fuzzy line!
WHAT’S AN “EXPORT” OR REEXPORT? • Ship/send/transmit items on the USML or CCL from U.S. to foreign country • Transferring ownership of a vessel, aircraft or satellite to foreign company • Ship/send/transmit U.S. items from one foreign consignee or country to another • Disclosing by any means to a foreign person in the US • Ship foreign items with U.S. content from one foreign country to another AND …
MORE “EXPORTS” • Release of tech data to a foreign national • Participation in proliferation (nuclear, chemical/biological weapons or missiles) • Dealings with Restricted Parties (TDO/SDNs, debarred list, others) • Transactions involving Embargoed countries
SOME ACTIVITIES ARE OUTSIDE EXPORT REGS Transfer of “Publicly Available” (Public Domain) information • Brochures • Technical information provided freely (even to competitors) at no charge • Fundamental Research • Information in Libraries, newsstands • Patents
Law and the Regulations HOW THE GOVERNMENT CONTROL THE TRANSFER OF MILITARY DATA, ITEMS AND SERVICES
Arms Export Control Act22 U.S.C 2778 TRADING WITH THE ENEMY ACT • Controls Imports and Exports of Defense Articles and Services • Broad authority to approve, deny, suspend, revoke and halt shipments from US ports • Mandates registration and licensing • Requires monitoring and reporting of fees, contributions and commissions
ITAR AND EAR The International Traffic and Arms Regulations (ITAR)-Military Items Export Administration Regulations (EAR)-Commercial Items
YOU NEED TO UNDERSTAND THE SCOPE! • CONTROLLED ITEMS AND • ACTIVITIES
CONTROLLED ITEMS • US Munitions List (USML) • Commerce Control List (CCL)
ITAR CONTROLS ITAR govern munitions items, related tech data and services: • Items designed, configured or adapted for military use • Items that meet listed parameters (radiation resistance, TEMPEST) • Predominant military Use • Classified items and technical data • Defense services
US ML PART 121 21 categories, from firearms to major weapons systems I – Firearms III – Ammunition IV – Launch Vehicles, Guided Missiles VII – Aircraft and associated equipment X – Protective Personnel Equipment XI – Military Electronics XV – Spacecraft and Associated Equipment XVII Classified Articles, Tech Data and Defense Services - catch all
LISTS USML • Broad categories • Specially designed for military catches lots of things • Must apply for a COMMONITY JURISTRICTION (CJ) to get off the list • Need a license for all destinations • China is proscribed
USML vs. CCL USML 22 categories • Item, components, technology CCL • 10 categories • Item, production, material, software, technology
CCL • Technical parameters that the item must meet • Must be high level item • Many license exceptions to Regime members EAR99 4A003 4A994
DEVELOP A PRODUCT MATRIX Communicate to • Project Managers • HR • Sales • Shipping Make it part of your PN or contract processand program a flag • ECCN/Cat No. • Origin • Schedule B
KNOW THE PROSCRIBED COUNTRIES 126.1 Embargoed UN Embargoes Terrorism Restrictions Belarus Afghanistan CubaCuba Cyprus Burma Iran Congo (DR) China Eritrea North Korea Fiji Iran Sudan Indonesia Haiti Syria Iraq Ivory Coast Liberia Lebanon North Korea Libya Somalia Palestine Syria Thailand Sudan Yemen Venezuela Zimbabwe BEST PRACTICE – limit the ability to book orders or hire individuals from these countries in your system
UNDER THE ITAR – ALL COMPANIES MUST • Register (PART 122) • as a manufacturer, exporter and/or broker • Select Empowered Official (s) • by letter
KNOW THE RED FLAGS! • Customer is little known • Customer is evasive about end-user or end-destination • Customer knows little about the product but wants it anyway • Customer asks for out-of-the-way delivery routing • Customer is willing to pay cash You cannot act with knowledge of a violation or provide advice on how to evade the regulations!
Security Concerns w/Foreign Employees Employing/Contracting Foreign Nationals “non U.S. Persons”
“OK, folks, today we tour the highly classified, top secret areas of our Defense Department.”
ITAR HINT • "Prior approval to use Non-U.S. Citizens to perform on this contract, at either the prime or sub-contract level, must be obtained from the Contracting Officer. If approval is granted, such approval does not grant an exception to U.S. export law (s) and the contractor is responsible for obtaining necessary export licenses."
WHAT IS A TECHNICAL DATAEXPORT (RELEASE)? • Ship IC designs to foreign country • Hire foreign engineers • Plant tour for foreign nationals • Foreign access to host computer • Transfer data/software over the Internet • Phone, FAX, & E-mail • Co-development project with foreign partner • Train foreign nationals
DEFENSE SERVICES • Assistance to foreign persons in activities involving defense articles: • design, development, engineering • testing, manufacturing, production, assembly • repair, maintenance, modification • operation • demilitarization, destruction • Provision of ITAR-controlled tech data to foreign persons
TECHNOLOGY TRANSFERS TO FOREIGN NATIONALS • Foreign nationals = all EXCEPT • U.S. Citizens • U.S. Permanent Residents • Persons granted refugee status or asylum in the U.S. • If the tech data are controlled to the home country AND no License Exception is available, obtain a license • Considered an ITAR “deemed export” • Applies to interns, contract employees, others, anyone who sees ITAR data
IF YOU GOTTA HAVE HIM/HER ON A PROJECT! • Is it an ITAR (DSP-5 or TAA) or BIS license? In either case • Letter of explanation, • Resume • Statement of Work • Passport documents • EAR - Transfer of technology to foreign national per 732.2(b)(ii) • FBI template • End-user – provide immigration status. • End-use - Expiration date tied to H-IB Visa Can be renewed – automatic 6-month extension if renewal is received 45 days prior. Include the previous license number on all applications
Company Policyand ITAR NDA • Statement from Senior Management on importance of TCP • Employee responsibilities • Part of Hiring Process • Need to demonstrate management commitment
ITAR TECHNICAL DATA • Information for design, development, production, assembly, manufacture, use of defense article • Classified technical information • Basic marketing info excluded • “Public domain” material excluded
US Engineer US Engineer Non-US Engineer Mixed Use Server Commercial Project Web or Collaboration Portal 6 1 2 3 4 5 ITAR ? ITAR data Non-US Admin Non-US Partner Overseas Remote US Engineer A Day in the Life of an A&D Engineer (without export control solution) Lack of Information barriers Weak access or flow control ITAR Project File Server Commercial product contamination Transfers not matched to licenses Transfers over unapproved channels Uncontrolled mobile data export
US Engineer US Engineer 1 2 Non-US Engineer Mixed Use Server Commercial Project Web or Collaboration Portal ? 5 ITAR 4 3 ITAR data Non-US Admin Non-US Partner Overseas Remote 6 US Engineer A Day in the Life of an A&D Engineer (with export control solution) Information Barriers Controlled Access and Flow ITAR Project File Server Transfers matched, logged, accountable reporting Non-contamination Controlled Transfers Approved Channels Data Export Control for Mobile Nextlabs Solution
Technical Data US persons authorized to access ITAR project information IdentityManagement ITAR Technical Data US persons and non-US persons not authorized to access ITAR project information Approve/Deny Shipment of Goods Export Control for Technical Data Overview Physical Goods Defense Articles and Third Party Supply Chain Export Control forTechnical Data Import/Export Control Export Licenses,SPL, Embargo List Approve Audit Log Deny/Limit US DoD images and Information NextLabs Products
Composite Application • Export LicenseRequest Mgmt • ITAR/EARProject Mgmt • Technical DataPolicy Mgmt • Technical DataExport Tech Data Policy Management Export Project Management Information Export Solution Information Export Control Tech Data Export Export Audit Reporting Export License Mgmt Identity Management Compliant Enterprise Import/Export Control ITAR Access Provisioning ITAR / EAR Policy Library Export License Mgmt Export Project Assignment Technical Data Activity Journal License, Embargo, SPL, Policy Audit Data Technical Data Policy Enforcement Partner Systems File Server PDM / SCM Collaboration Batch Secure Dropbox (FTP) Laptops Design Workstation Email / Instant Messaging Mobile Users
FACILITIES CONTROLS • Control access to ITAR development and manufacturing areas • Procedures – clean desk, locked storage • Separate areas for ITAR meetings • Different Badges for foreign persons/visitors • Sign In and provide status of person - US?
HR Controls • Deemed exports license for new engineers that are not permanent residents • Unique badges for FN • Notices to employees about non-disclosure to foreign employees, contractors, vendors • Training in rules
NISPOM IS Controls • Chapter 8 • Need to address - Administrative, operational, physical, computer, communications, and personal controls • Appointment of a IS Security Officer • Certification and Accreditation • Regular Auditing of procedures
System Management • Handling, controlling, removing, destroying of backup media. • Control over devices containing ITAR data • Implementation of authentication procedures • Including laptops, PDA’s, removable devices • Privileged and “super users” • Protection of passwords • Tracking of who examines HW and SW • Don’t forget IT maintenance personnel • Physical Security
References • Nunn-Wolfowitz Best practices • SIA: Compliance Insiders – Toolkit for Internal Compliance www.si.ed.org • DL Exports Intl www.dlexports.com