Risk Determination in Export Compliance

1,162 views
1,039 views

Published on

A parallel between HACCP process based risk management and export compliance

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,162
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
37
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Risk Determination in Export Compliance

  1. 1. Risk Determination International Trade Compliance ICPA Jasper Helder, Baker & McKenzie, Amsterdam [email_address]
  2. 2. <ul><li>Introduction </li></ul>
  3. 3. Int. Trade regulatory remit (non-exhaustive) <ul><li>Product related </li></ul><ul><ul><li>Export Controls </li></ul></ul><ul><ul><li>Customs classification & origin </li></ul></ul><ul><ul><li>VAT rate/Excise duties </li></ul></ul><ul><ul><li>Product safety & RoHS </li></ul></ul><ul><ul><li>Labelling & Packaging </li></ul></ul><ul><ul><li>Environmental </li></ul></ul><ul><li>Transaction related </li></ul><ul><ul><li>Sanctions & embargoes </li></ul></ul><ul><ul><li>FCPA </li></ul></ul><ul><ul><li>AML & Forex </li></ul></ul><ul><ul><li>Incoterms </li></ul></ul>
  4. 4. Legal appreciation of compliance programs <ul><li>US: factor for mitigation of consequences of non-compliance </li></ul><ul><li>EU: Authorised Economic Operator demands compliance program and compliance function </li></ul><ul><ul><li>AEO confers benefits for customs processes </li></ul></ul><ul><ul><li>Export Compliance: national requirements for granting general/global licenses </li></ul></ul>
  5. 5. Agenda <ul><li>The compliance function as a risk: organisational challenges </li></ul><ul><li>A systematic approach to risks: comparison with the HACCP model </li></ul><ul><li>An example: Export Controls Compliance in the Defense sector </li></ul>
  6. 6. <ul><li>The compliance function as a risk: organisational challenges </li></ul>
  7. 7. Organisational challenges <ul><li>Allocating resources </li></ul><ul><ul><li>“Fire fighting” or pro active risk management? </li></ul></ul><ul><li>Allocating the right resources </li></ul><ul><ul><li>“Empowered Official” under section 120.25 ITAR </li></ul></ul><ul><ul><ul><li>Authority for policy or management </li></ul></ul></ul><ul><ul><ul><li>Legally empowered </li></ul></ul></ul><ul><ul><ul><li>Understanding export control statutes </li></ul></ul></ul><ul><ul><ul><li>Independent authority to review and verify legality of transactions without adverse recourse </li></ul></ul></ul>
  8. 8. Organisational challenges <ul><li>Internal authority </li></ul><ul><ul><li>Budgets </li></ul></ul><ul><ul><li>To whom does compliance report? </li></ul></ul><ul><ul><li>Internal enforcement of decisions/policies/procedures </li></ul></ul><ul><ul><ul><li>Independent review? </li></ul></ul></ul>
  9. 9. Organisational challenges <ul><li>External authority </li></ul><ul><ul><li>Empowered for external representation </li></ul></ul><ul><li>Understanding the regulatory environment </li></ul><ul><ul><li>Experience is one very good source (but one source besides others) </li></ul></ul><ul><ul><li>“ Train the trainer” </li></ul></ul>
  10. 10. <ul><li>A systematic approach to risks: comparison with the HACCP model </li></ul>
  11. 11. A systematic approach to risks <ul><li>Hazard Analysis Critical Control Point (HACCP) </li></ul><ul><ul><li>“ a systematic preventive approach to food and pharmaceutical safety that addresses physical, chemical and biological hazards as a means of prevention rather than finished product inspection ” </li></ul></ul><ul><ul><li>ISO 22000 </li></ul></ul><ul><ul><li>Process based approach to identifying, monitoring and actioning risks to prevent non-compliance (or reduce chances to acceptable levels) </li></ul></ul>
  12. 12. A systematic approach to risks <ul><li>HACCP Principle 1: Conduct a risk analysis </li></ul><ul><ul><li>A risk is a circumstance which may cause a legal requirement not to be met </li></ul></ul><ul><ul><li>A compliance plan determines the risks and identifies the preventive measures the plan can apply to control these risks </li></ul></ul><ul><ul><li>Identify processes </li></ul></ul>
  13. 13. A systematic approach to risks <ul><li>HACCP Principle 2: Identify critical control points </li></ul><ul><ul><li>A Critical Control Point (CCP) is a point, step, or procedure in a process at which control can be applied and, as a result, a risk can be prevented, eliminated, or reduced to an acceptable level </li></ul></ul>
  14. 14. A systematic approach to risks <ul><li>HACCP Principle 3: Establish critical limits for each critical control point </li></ul><ul><ul><li>A critical limit is the maximum or minimum value to which a risk must be controlled at a critical control point to prevent, eliminate, or reduce that risk to an acceptable level </li></ul></ul>
  15. 15. A systematic approach to risks <ul><li>HACCP Principle 4: Establish critical control point monitoring requirements </li></ul><ul><ul><li>Monitoring to gain control over a process at each critical control point </li></ul></ul><ul><ul><li>Monitoring procedures and frequency incorporated in a compliance plan </li></ul></ul>
  16. 16. A systematic approach to risks <ul><li>HACCP Principle 5: Establish corrective actions </li></ul><ul><ul><li>Actions when monitoring indicates a deviation from an established critical limit </li></ul></ul><ul><ul><li>Corrective actions to be taken if a critical limit is not met </li></ul></ul><ul><ul><li>Corrective actions must prevent reoccurrence </li></ul></ul>
  17. 17. A systematic approach to risks <ul><li>HACCP Principle 6: Establish record keeping procedures </li></ul><ul><ul><li>Risk analysis </li></ul></ul><ul><ul><li>Compliance plan & procedures </li></ul></ul><ul><ul><li>Monitoring of critical control points </li></ul></ul><ul><ul><li>Corrective Actions (?) </li></ul></ul>
  18. 18. A systematic approach to risks <ul><li>HACCP Principle 7: Establish procedures for ensuring the system is working </li></ul><ul><ul><li>Validation to ensure that the compliance procedures are operating in practice </li></ul></ul><ul><ul><li>In itself a critical control point </li></ul></ul>
  19. 19. <ul><li>An example: Export Controls Compliance in the Defense sector </li></ul>
  20. 20. Compliance Layer 1: Product-related Export Controls <ul><li>US Rules </li></ul><ul><ul><li>Military: ITAR (Dept. of Defense Trade Controls) </li></ul></ul><ul><ul><li>Dual Use: EAR (Commerce Dept., BIS) </li></ul></ul><ul><li>EU Rules </li></ul><ul><ul><li>Military Export Controls </li></ul></ul><ul><ul><li>Dual Use Lists </li></ul></ul><ul><li>National Rules </li></ul><ul><ul><li>Military Lists </li></ul></ul><ul><ul><li>Dual Use lists </li></ul></ul>
  21. 21. Compliance Layer 2: Transaction related Export Controls <ul><li>US Rules: </li></ul><ul><ul><li>ITAR “no go countries” (DDTC) </li></ul></ul><ul><ul><li>Sanctions & Embargoes (OFAC) </li></ul></ul><ul><li>EU Rules </li></ul><ul><ul><li>Sanctions & Embargoes </li></ul></ul><ul><li>National Rules </li></ul><ul><ul><li>Sanctions & Embargoes </li></ul></ul><ul><ul><li>National Control Lists of persons/entities etc. </li></ul></ul>
  22. 22. <ul><ul><li>Be self conscious about your supplier’s compliance </li></ul></ul><ul><ul><ul><li>Do not assume your supplier is getting it right </li></ul></ul></ul><ul><ul><ul><li>Make sure your end of the project is reflected in your suppliers compliance steps </li></ul></ul></ul><ul><ul><li>ITAR or EAR classified ? </li></ul></ul><ul><ul><ul><li>Commodity jurisdiction required ? </li></ul></ul></ul><ul><ul><li>US Authorisation needed ? </li></ul></ul><ul><ul><ul><li>Scope for use of ITAR exemptions ? </li></ul></ul></ul><ul><ul><ul><li>Export License: any re-export/retransfer needs ? </li></ul></ul></ul><ul><ul><ul><li>TAA: scope of work clearly identified ? </li></ul></ul></ul>Verify “US Connection”
  23. 23. Determine EU & National Controls <ul><li>Item subject to EU Dual Use Controls or Military Controls ? </li></ul><ul><ul><ul><li>If on Military List </li></ul></ul></ul><ul><ul><ul><ul><li>identify National (and EU) Transaction Controls that may apply </li></ul></ul></ul></ul><ul><ul><ul><ul><li>screen other parties engaged in transactions </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Projects: any intra-EU transfers needed </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>(check if US Authorizations allow this!) </li></ul></ul></ul></ul></ul><ul><ul><ul><li>If not on Military List </li></ul></ul></ul><ul><ul><ul><ul><li>Check Annex I and Annex IV EU Dual Use Reg </li></ul></ul></ul></ul><ul><ul><ul><ul><li>If not on Annex I: check Military End Use and National Controls </li></ul></ul></ul></ul>
  24. 24. Elements of practical implementation <ul><li>Fixed product catalog: implement Export Control status in Item Master Data in SAP or other ERP systems </li></ul><ul><li>Projects: </li></ul><ul><ul><li>Identify Logistics Flows and Tech Data Flows </li></ul></ul><ul><ul><li>“ Compliance Map” </li></ul></ul><ul><li>Before applying for Export Licenses: check the past ! </li></ul>
  25. 25. Risk Determination International Trade Compliance ICPA Jasper Helder, Baker & McKenzie, Amsterdam [email_address]

×