420 likes | 574 Views
Deemed Exports and Technology Transfers. Challenges for the U.S. Subsidiaries of Multinational Companies. Your Business Can’t Afford to Ignore Export Opportunities. . . . But Your Business Also Can’t Afford to Ignore Export Compliance. What Do We Mean By Export Controls?.
E N D
Deemed Exports and Technology Transfers Challenges for the U.S. Subsidiaries of Multinational Companies
Your Business Can’t Afford to Ignore Export Opportunities . . .
. . . But Your Business Also Can’t Afford to Ignore Export Compliance
What Do We Mean By Export Controls? • Bureau of Industry and Security (BIS) • “Dual-use” commodities, software and technology (collectively “items”) • Export Administration Regulations (EAR) • Directorate of Defense Trade Controls (DDTC) • Defense articles and defense services • International Traffic in Arms Regulations (ITAR) • Office of Foreign Assets Control (OFAC) • Range from total embargoes to more limited sanctions • Various regimes, each unique
Export Controls Enforcement “Each year, billions of dollars in ‘dual-use’ items—which have both commercial and military applications— and defense items are exported from the U.S. To protect national security, foreign policy, and economic interests, the U.S. government controls the export of these items [collectively referring to commodities, software, technology and services]. The Departments of Commerce and State are principally responsible for regulating the export of dual-use and defense items, respectively.” --Government Accountability Office Report, December 2006
Export Controls Enforcement Landscape • National Security Issues: Post-9/11 • Economic Concerns: Global Market Challenges • Customs Enforcement: Munitions • Clearer violations involving weapons and classified technology • Commerce Enforcement: Dual Use • More difficult compliance issues/classification • FBI: Jurisdiction as of 2003 • Resources
Penalties/Consequences • Criminal Prosecution • Denial of Export Privileges/Debarment • Fines • Intrusive Monitorships • Reputational Harm
Corporate Export Enforcement Actions • Increasing Penalties for Violations of the AECA/ITAR • 2003 - Hughes Electronics Corp./ $ 32,000,000 Boeing Satellite Systems • 2004 - General Motors $ 20,000,000 • 2006 - Boeing $ 15,000,000 • 2007 - ITT Corp. $ 100,000,000 • 2008 - Qioptiq $ 25,000,000 • 2008 - Northrop Grumman $ 15,000,000 • Cost of Internal Investigation = ?
Corporate Export Enforcement Actions • Case Study: ITT Corporation(2007) • Illegally exported controlled technical data and defense services related to night-vision optics to China, Singapore, the United Kingdom, Canada, Hong Kong Israel, and India • Stiff penalties • $100 million fine • $2 million criminal penalty • $28 million forfeiture / $20 million administrative penalty • $50 million deferred prosecution penalty • 3-year statutory debarment of ITT Night Vision Value Center • Revocation of 88 licenses from the State Department • External compliance officer required
Recent Dual-Use Enforcement Actions • Balli Group PLC and Balli Aviation (2010) • Conspiracy to export commercial aircraft from the United States to Iran • Joint settlement agreement (BIS/OFAC) • $15,000,000 civil penalty ($2,000,000 Suspended); $2,000,000 criminal fine • Denial Order and unaffiliated third-party export compliance consultant • DPWN Holdings and DHL Express (2009) • Recordkeeping violations and causing, aiding, abetting unlicensed exports to Syria • Joint settlement agreement (BIS/OFAC) (violations involving Iran and Sudan) • $9,444,744 civil penalty; unaffiliated third-party export compliance consultant • BJ Services Co.(2009) • Illegally exported valves to Colombia, Kazakhstan, Kuwait, Libya, Peru, Saudi Arabia, and the United Arab Emirates • $800,000 administrative fine
Drastic Rise in Dual-Use Penalties $250,000 $200,000 $150,000 $100,000 $50,000 1979 2001 2002 2003 2004 2005 2006 2007 2008 2009
Drastic Rise in Dual-Use Penalties • Prior to March 9, 2006, BIS and OFAC (for programs administered under the International Emergency Economic Powers Act) could impose civil penalties of $11,000 per violation (parsing common) • On March 9, 2006, pursuant to the USA PATRIOT ACT Improvement and Reauthorization Act of 2005, the maximum civil penalty was raised to $50,000 per violation • On October 16, 2007, pursuant to the IEEPA Enhancement Act, the maximum civil penalty amount was raised to the greater of $250,000 per violation or twice the value of the underlying transaction • Numerous exceptions and, therefore, a relatively small number of cases have been decided under this relatively new civil penalty structure – considerable mitigation in each, owing in some cases to the submission of a valid voluntary self-disclosure. • Only one company to date, Sirchie Acquisition Company, LLC, has been assessed the maximum civil penalty of $250,000 per violation ($2,500,000). The company also was subject to a $12,600,000 deferred prosecution penalty and agreed to retain an Independent Compliance Monitor.
Drastic Rise in Dual-Use Penalties • BJ Services Co.(2009) • 67 violations / $800,000 civil penalty assessed • 109% of pre-2006 maximum penalty • Falmouth Scientific, Inc. (2009) • 1 violation / $50,000 civil penalty • 454% of pre-2006 maximum penalty • Infineon Technologies (2009) • 3 violations / $70,000 civil penalty • 212% of pre-2006 maximum penalty
What Is an Export? Selling /Shipping Products The Briefcase Export Technical Emails or Faxes Technical Discussions File Sharing
What is a Deemed Export? • “Release” of technology/technical data or source code to a “foreign person” • Can occur in the United States or abroad (deemed reexport) • Deemed to be an export to the home country or countries of the foreign national • “Technology” is defined in 15 C.F.R. pt 772 of the EAR • A “release” includes: • Visual inspection by foreign nationals of U.S.-origin equipment and facilities • Oral exchanges of information • Application to situations abroad of personal knowledge or technical expertise acquired in the U.S.
Who Is a “Foreign Person”? • A “foreign person” is anyone who is not: • A U.S. citizen • A lawful permanent resident of the U.S. (green card holder) • A “protected individual” under U.S. law • U.S.-admitted asylee • U.S.-admitted refugee • Having merely applied for, or been provisionally approved for, the green card or protected status is not sufficient • Persons in the U.S. on any of the various non-immigrant visas (e.g., H-1B, C-1, F-1, L-1) are foreign nationals
When Do Deemed Exports Happen? • Foreign national employee or visitor at your U.S. facility • Involved in developing sensitive/controlled software • Using sensitive/controlled equipment • Repairing a sensitive/controlled part • Observing the production of a sensitive/controlled device • Reviewing blueprints
Why Can Deemed Exports Be More Likely for a U.S. Subsidiary? • Foreign management and technical experts often visit facilities of subsidiaries • Ensure that global quality standards are being met • Collaborate on a technical problem • Install a new production line to mirror overseas production • Headquarters staff are often seconded to subsidiaries • Develop relationships within the global enterprise • Share ideas across entities in a global group • Multinational companies often attract international talent • Parent company employees are unfamiliar with requirements and find them intrusive
Tips for Hiring/Seconding Foreign Nationals • Know the scope of applicable employment laws: • Title VII of the Civil Rights Act prohibits discrimination on the basis of race, color, religion, sex, or national origin • Immigration and Nationality Act prohibits discrimination on the basis of immigration status, nationality, accent or appearance • Immigration Reform and Control Act prohibits discrimination on the basis of national origin or citizenship • Recognize that there is a limited exception for discriminating based on citizenship status • 8 U.S.C. 1324b (unfair immigration-related employment practices) allows for such discrimination where:“otherwise required in order to comply with law, regulation, or executive order, or required by Federal, State, or local government contract”
Tips for Hiring/Seconding Foreign Nationals (cont.) • Identify positions that require access to export-controlled technology/technical data or source code • With respect to these positions: • Use check-the-box method in job applications/HR intake forms to identify foreign nationals • Are you one of the following: U.S. citizen; lawfully admitted permanent resident alien; refugee admitted under Section 1157; or asylee admitted under Section 1158? yes no • Are you the subject of any U.S. government denial of export privileges? yes no • If the answer to the first question is “no” or if the answer to the second question is “yes”: • Reject individual for position (conservative approach) OR • Determine need for license and obtain required license
Tips for Retaining Foreign Nationals • Require employee/secondee to sign export controls acknowledgement form • Condition continued employment/secondment on adherence to export controls, including deemed export rules • Require employee/secondee to inform HR department of changes in immigration status that may trigger changes in applicable export controls • Require employee/secondee to submit to annual review of immigration status by HR department • Use badging system to control physical access as necessary • Work with IT department to limit electronic access to files with export-controlled technology/technical data, as necessary
Tips for Retaining Foreign Nationals (cont.) • Ensure that export controls are part of new employee/secondee orientation • Renew deemed export authorizations on a timely basis • Consider export control implications of promoting or transferring employee/secondee to different position within company • Issue memo to employee documenting any resulting changes in applicable export controls and require acknowledgement
Tips for Hosting Foreign National Visitors • Determine in advance whether visit requires access to controlled technology • Can construct “firewalls” to avoid deemed exports • Determine in advance need for export approvals • Consider creating a standard form for meeting approvals • Obtain visitor’s citizenship and residency information • Condition visit on obtaining necessary export approvals • Require visitor to complete visitor’s log and acknowledgement form explaining applicable export controls • Use badging/escort system to control visitor’s access Obtain buy-in for these measures from parent company management
Other Compliance Tips • Develop a corporate deemed export policy and include it in compliance manual • Include HR department on compliance team • Require proof of identity and residency/citizenship for employees, secondees and visitors • Make receptionist/security guards sensitive to potential application of export controls to unexpected visitors • Review procedures for vendors, contractors, student interns, etc. • Ex: Does your company employ overnight cleaning staff who can see what is in your engineers’ labs or on the production room floor? Are they foreign nationals?
What is a Technology Transfer? • Closely related to deemed exports because typically not characterized by physical shipments • Transfer of controlled technology/technical data to a foreign person abroad • Examples: • Email • Fax • Technical discussions • Electronic file access
When Do Technology Transfers Happen? • Engineering function: • Collaborating with experts located abroad • Outsourcing engineering support • Sourcing function: • Handing-off of product spec to sourcing team located abroad • Marketing/customer service function: • Answering product questions to customers located abroad • IT function: • Storing data abroad (on primary or backup services) • Permitting file access to administrators/users located abroad
Why Can Technology Transfers Be More Likely for a U.S. Subsidiary? • Collaboration with headquarters technical experts is common • Pool resources to develop a new product • Collaborate on a technical problem • Share technical tips to improve global output • Sales territory may extend into Canada, Mexico and/or Central/South America • Sourcing is centralized to achieve economies of scale across the corporate group • IT management is centralized at headquarters to reduce costs and ensure that global systems interface smoothly
Tips for Technical Collaboration • Export controls must always be considered • Fact that technical experts are employed by companies in same corporate group is irrelevant • As inter-company collaboration is typically subject to an internal approval process already, start including export control considerations in that process • Do this at the outset • Do not wait until technology has advanced to prototype stage to consider classification • Review all new collaborators as they join the project • Consider whether the Internet is used to share data among collaborators
Tips for Attending Technical Collaboration Meetings Outside the U.S. • Determine in advance whether meeting involves controlled technology/technical data • Determine in advance need for export approvals (if any) • Obtain citizenship and residency information of all attendees • But be aware of local human rights laws • Condition meeting on obtaining export approvals • Keep log of actual meeting attendees • Adjourn or limit scope of meeting if unexpected attendee is a citizen or resident of a new country
Tips for Sourcing • Sourcing function may involve access to controlled information: • Individuals responsible for sourcing may have access to product specifications that contain controlled data • This is part of the reason why it is important to classify parts and components, as well as finished goods • Providing even partial product specifications to a parent company/affiliate may be a transfer of controlled information • Consider ways to incorporate export control considerations into new product sourcing strategies or sourcing changes that must be approved by or shared with your parent company
Tips for Developing Technical Documentation • Companies typically develop standard documentation to describe their products • Manuals, brochures and FAQ sheets • Even if developed abroad, these documents become subject to U.S. export controls when they enter the United States • Common for parent company to develop standard documentation • Although there are exemptions for returning technical data to its source, modification of these documents in the United States could create need for license to return documents to source • Develop a standard review process for all such documentation
Tips for Fielding Technical Questions • Many companies operate help desks or permit customers to call in with questions concerning products • Where is your call center located? • Provision of technical information in response to such unscripted discussions can implicate export controls • Develop a standard procedure to require customer service representatives to address export controls • Determine first whether caller is a known customer (i.e., determine whether your product has been diverted to an unauthorized and potentially unlawful end user) • Determine whether response requires release of controlled information • Determine citizenship/residency and location of caller • Determine applicable export controls
Tips for Accessing Data • Many companies permit access of their files by: • All employees • All employees of overseas parent and affiliates • All employees of overseas distributors/representatives • Third party IT service technicians • Consider export control implications of such access if files contain controlled U.S. technology • Area of growing concern for U.S. enforcement agencies • DDTC has taken the position that mere access to controlled technical data by a foreign person, without proof of actual access, constitutes a violation of the ITAR
Tips for Accessing Data (cont.) • Access can be controlled by: • Individual file protection (passwords) • File or database access limitations built into user profiles • Segregated servers for controlled information • But must also consider whether IT system administrators (who establish access controls) are also U.S. persons
Tips for Accessing Data (cont.) • U.S. subsidiaries should not assume that their electronic data are administered by U.S. persons • Increasingly common for IT function to be outsourced to vendors, which may be located abroad • But even if administered internally, administrators could be located at parent company • Must incorporate export controls into administration of IT system
Tips for Accessing Data (cont.) • U.S. subsidiaries should not assume that their electronic data are stored in the United States • Increasingly common for parent company to institute centralized IT systems, with systems located abroad • Consider location of: • Document server • Email server • Technical specification database (e.g., MFG/Pro) • Be comprehensive: • Primary server • Backup server • Backup tapes • Must incorporate export controls into physical set-up of IT system
Tips for Accessing Data (cont.) • Note that many parent companies maintain global sales and invoicing databases • Example: U.S. subsidiary has access to all sales files of overseas affiliates • Does not implicate U.S. export controls • This is because data is being transferred to the U.S. • Export controls of other countries may be implicated • But may implicate U.S. economic sanctions (facilitation) • Example: U.S. subsidiary has access to and in some way helps to process sales files from overseas affiliates, which sell products to Iran • Consider need for access controls here as well
Other Export Vulnerabilities • Acquisitions • Buying an Export Problem • Company-Wide Policy Flowing Down to Local Levels and Locations • Lack of Industry Standards • Resources / Training / Background • Structure / Reporting
Questions? Michael Garcia Kirkland & Ellis LLP New York, NY 212-446-4810 michael.garcia@kirkland.com Jill Caiazzo Sidley Austin LLP Washington, DC 202-736-8369 jcaiazzo@sidley.com