All companies experience the effect of the global economy, but compliance managers have much more to worry about as they assess trade compliance risk rather than just traditional import and export activities. For example, it’s quite likely that your company has U.S.-based employees who are foreign nationals—and that raises the issue of the so-called “deemed export” rule of U.S. export controls laws.
The premise of deemed exports is that the release of sensitive information to a foreign national, wherever he or she is located, is “deemed” to be an export to that individual’s home country. For example, you might disclose details of a controlled technology to foreign nationals employed by your company in the United States. The same concern exists for non-employees, as well, of course; consultants, contractors, and visitors to your company must not be exposed to export-controlled information during the course of their work or visit to your company in any way. That could be anything from a meeting or other presentation to a tour of the facilities, or through other opportunities for visual inspection.
When you think about all the ways even an inadvertent disclosure to a foreign person can occur, especially to your own employee, it’s easy to see the need to safeguard controlled information. Simply sending that employee an e-mail, providing access to labs or manufacturing facilities where controlled products are developed or made, or providing access to special tooling, equipment, or drawings for controlled products or technology—all that can serve as the basis for export controls violations if you don’t secure specific prior approval from the U.S. government.
Just whom should compliance personnel worry about regarding deemed export restrictions? Foreign nationals who are not granted U.S. citizenship or legal permanent residency (a green card) must have their ability to access controlled information restricted to avoid unlawful deemed exports. That means deemed export controls must apply to employees who hold H-1B or other temporary visas—which, of course, is usually the case with many foreign employees performing a variety of technical, engineering, or other specialized functions.
How to Impose Controls
Start by determining how your products and technology are classified and what the level of control is (if any) based on that classification. Products that have either commercial uses or dual uses (meaning the product has both civil and military applications) are controlled under the Export Administration Regulations, which are administered and enforced by the Bureau of Industry and Security of the Department of Commerce. Each product must be reviewed under these regulations to determine its proper export classification, and the extent of any controls based on that classification.
Classifications and controls vary depending on the type of product and technology, how it’s used, where it’s going, and who will use it. It generally makes sense to involve someone who has a thorough understanding of the technology, such as a member of your engineering team, to assist in the review; that lets you reach at least a preliminary determination of the proper classification. (You can also request a ruling from the Commerce Department to confirm the proper classification.)
Alternatively, the product may have been designed, developed, or modified specifically for military use. In that case, it may be controlled under the International Traffic in Arms Regulations, administered and enforced by the Department of State’s Directorate of Defense Trade Controls. If so, your company must register with the State Department and seek its prior approval before export of that product or its technology, including exports of technology through disclosure to foreign national employees.
One additional word about classifying products and technology: At Sensata, we emphasize to engineering and project management personnel that it’s critical to work with compliance staff to determine proper classifications as early in the development process as possible. Injecting compliance issues into the early stages of the development process helps avoid careless violations and needless delays if activities are forced to wait for necessary authorizations.
One recent case provides a very real example of how things can go wrong if export-controlled information is not handled properly. Last September, a federal jury convicted retired University of Tennessee Professor Reece Roth on charges of fraud, conspiracy, and violation of export controls laws stemming from the sharing of controlled information with research assistants from China and Iran. The violations occurred in connection with research being conducted for a U.S. Air Force contract involving guidance systems for unmanned aircraft. Roth is currently awaiting sentencing, with penalties possible of up to 160 years in prison and fines of more than $1.5 million. Earlier in the year, a Knoxville, Tenn. company that Roth worked with on the project pled guilty to similar charges.
Given the possibility of large fines and other significant penalties such as the loss of export privileges or (worse) debarment from government contracts, violations of export controls laws, including deemed export blunders, could have a material impact on your company’s operations. Because Sarbanes-Oxley requires management to certify its responsibility for establishing and maintaining disclosure controls and procedures, an evaluation of export controls should be included in your regulatory compliance program.
Failure to include export controls in your regulatory compliance program may render it ineffective. Your company’s certifying officers could be stuck with insufficient information to determine whether all regulatory matters or risks have been properly disclosed in company filings, or whether the company’s internal control over financial reporting is effective. To put it mildly, these outcomes usually lead to conversations with senior management that the compliance officer doesn’t want to have.
Since trade compliance issues can arise from many sources—both import and export activity, in any location in the world where a company operates—we have found at Sensata that the use of a trade compliance committee, comprised of representatives from our global logistics, legal, finance, and security departments, is an excellent way to ensure new issues are identified and addressed in a timely and consistent manner.
Getting a Grip
Deemed export concerns should be a part of your export compliance program, and you’ll need safeguards to prevent even inadvertent releases of technology. Sensata compliance personnel work closely with our human resources department to identify both new hires and existing personnel who are foreign nationals to ensure that appropriate safeguards can be implemented to prevent access to controlled products and technology until the necessary authorization can be received.
Those necessary safeguards will likely take the form of various IT controls, such as those designed to prevent unauthorized access of controlled drawings and specifications, as well as physical controls to restrict access to locations where controlled items might be stored, developed, or made. Similar controls should be put into place for visitors, including escorts to avoid access to sensitive areas.
Remember, you don’t even need to ship a product overseas from the United States to run afoul of U.S. export controls laws. Merely providing a U.S.-based employee with access to technology necessary to do his or her job could literally be all that it takes.
No comments yet