This presentation discusses the FLIR Consent Agreement, which stemmed from violations of the International Traffic in Arms Regulations (ITAR). The presentation focuses on what went wrong (the Proposed Charging Letter) and touches on the mandatory requirements (Consent Agreement). This is Part 1 in a multi-part series.
2. Matt Henson is an Export
Compliance Modernization
Specialist working to
address the gap between
the traditional approach to
trade compliance and
virtualization of business
processes. His focus is on
achieving Cyber
Compliance, or compliance
with laws, regulations,
standards and policies in
IT environments.
Scott Edwards is a national
expert and speaker on NIST
800-171, DFARS, and FAR
compliance and
implementation with Office
365 and Azure. Scott’s
technical experience was
honed at NASA as a Senior
Computer Engineer and
the Chief Engineer and
Engineering Manager for
the NASA Datacenter.
PRESENTERS
Follow us on Linked In.
5. REGULATING AUTHORITIES
• Export Compliance – the execution of business transactions in accordance
with the laws and regulations governing exports
EAA / IEEPA AECA
President
Congress
ITAR
USML
EAR
CCL
BIS DDTCRegulators
Regulations
Control Lists
Commercial
/ Dual Use
Items
Military
Items
8. What is a Consent Agreement?
www.pmddtc.state.gov
9. Anatomy of a Consent Agreement
Modern "Penalty and Oversight Agreements" typically include three documents:
• Proposed Charging Letter (PCL)
• The "what went wrong"
• A description of the alleged charges/violations
• Consent Agreement (CA)
• The “thou shalts"
• Commitment to compliance, applicability to mergers/acquisitions/divestitures, remedial measures,
Designated Official (DO) responsibilities (if applicable), audit requirements, whether or not the
Respondent has been debarred, and other legalese
• Order
• A summary of the PCL and CA
• Upon execution, the CA is effective and the alleged charges included in the PCL are addressed (so long as
the Respondent holds-up their end of the bargain)
10. HOW DO CONSENT AGREEMENTS HAPPEN?
AECA
ITAR
USML
DDTC
VSD
Directed Disclosure
• Multiple Repeat Violations
• 126.1 Countries
• SME/MDE
• Willful Violations
• Multiple Repeat Violations
• 126.1 Countries
• SME/MDE
• Willful Violations
• Multiple Repeat Violations
• 126.1 Countries
• SME/MDE
• Willful Violations
• Multiple Repeat Violations
• 126.1 Countries
• SME/MDE
• Willful Violations
DDTC perceives
systemic gaps
Risk
How do you know? Receipt of non-
standard response
BE EXTREMELY
ACCURATE &
FACTUAL IN YOUR
RESPONSES.
11. HOW’D THE FLIR CONSENT AGREEMENT HAPPEN?
• 18 VSDs
• Directed Disclosures
• Multiple corrective action failures
• Repeat discovery and disclosure of violations
• Disclosed activity continued in violation of the ITAR (1 instance of “willful
violation”)
• Significant Military Equipment (SME)
• 126.1 Countries (Iran, Cuba, Iraq*, Lebanon*, & Vietnam*)
• Issues are “not localized to a specific facility, product line, sales territory, or
authorization type. (i.e., “systemic gaps”)
• 347 alleged ITAR Violations “resulting from Respondent’s inadequate internal
controls and commitment to compliance”
• $30 million penalty
12. HOW’D THE FLIR CONSENT AGREEMENT HAPPEN?
In DDTC’s words:
•Significant compliance program and internal control
deficiencies that directly contributed to the violations
•Deficient ITAR expertise and senior leadership oversight
•Failure to effectively investigate, uncover, and disclose
violations
•Frequency and repetitive nature of the same violations
•Failure to implement remedial compliance measures
(“corrective actions”) represented to the Department
13. MITIGATING FACTORS
In DDTC’s words:
•Submitted 18 VSDs
•Entered into an agreement with DDTC
•Instituted a number of self-initiated compliance program
improvements during the course of DDTC’s review
If your company is in DDTC’s crosshairs, you must
stand-up a Trade Compliance Improvement Program
to mitigate Consent Agreement risk.
15. FLIR OVERVIEW
•Positions itself as “the world leader in the design,
manufacture, and marketing of thermal infrared cameras”
•Founded in 1978
•Acquisitions in 1990, 1998 (Sweden), & 2003
•Total Revenue: ~$1.8 billion USD (2017)
•3,000+ employees
•3,740 licenses authorizing $9.9 billion in exports over 5 years
16. MY ASSUMPTIONS ABOUT FLIR
•Highly autonomous businesses
•Limited corporate resources (people/capabilities) and
governance
•Disparate networks and systems
•Decentralized policies, processes, and controls
18. HOW DDTC VIEWED THE VIOLATIONS
•DDTC’s Categorization:
• Foreign Person Employment
• License Management
• Part 130 Payments
• Additional charges for violations resulting from Respondent’s
inadequate controls and commitment to compliance
19. PROPOSED CHARGES
• Cyber Compliance – failures in IT systems
• Licensing – failures in obtaining, using, and
maintaining licenses & exemptions
• Shipping – failures in physical shipments of
items
• Part 130 – failures to provide required
reporting
• Trade Show Security – failure to physically
safeguard items
• Corrective Actions – failure to implement
20. PROPOSED CHARGES – CYBER COMPLIANCE
April 2008 – August 2012 – 4 VSDs
• Disclosed unauthorized exports to DN/TCN employees from over 15 countries (including
Iran, Iraq, and Lebanon)
• Violations occurred at domestic and overseas locations
• In reliance upon reported corrective actions, DDTC closed without further action
June 2014 - VSD
• Full scope of violations not previously reported (Cuba & Vietnam)
• Corrective actions not implemented (confirming nationalities and terminating unauthorized
access)
• Did not collect DN/TCN attributes of personnel at one subsidiary (FLIR AB of Sweden)
• IT Provisioning & Unauthorized Access
Background
21. PROPOSED CHARGES – CYBER COMPLIANCE
June 2014 VSD - IT Provisioning & Access Controls
US Persons Mixed Users
ITAR = No
ITAR = Yes
Low-Mod
Low Low-Mod
High
22. PROPOSED CHARGES – CYBER COMPLIANCE
Illegal Exports
• Unauthorized reexports of technical data in IT
Systems
• Continued to allow unauthorized reexports of
technical data
• Allowed 126.1 nationals to access technical data
Record Keeping
• Failure to maintain technical data
reexport records on IT systems (logs)
23. PROPOSED CHARGES – EXPORT LICENSING
License Application
• Misrepresented and/or omitted material facts
• Failed to disclose citizenship or permanent
Residency
• Attempted use of ineligible party
License Use
• Violation of terms & conditions
• Unauthorized reexport/change of end-use
License Maintenance
• Failure to reflect corporate restructuring
24. PROPOSED CHARGES – SHIPPING
Temporary Export Shipments
• Failure to obtain endorsements by U.S. Customs (temp)
Shipping Statements
• Misidentification as EAR
• Failure to properly incorporate export control statement
• Failure to ensure freight forwarder correctly identified
SME in EEI filings
Illegal Exports
• Exports to foreign person employees from 126.1
countries
• Exported without license
Record-keeping
• Failure to properly maintain records
25. PROPOSED CHARGES – PART 130
License Applications
• Failures to disclose fees & commissions
Record-keeping
• Failure to maintain records
Reporting
• Failure to provide required report updates
26. PROPOSED CHARGES – TRADE SHOWS
Loss or Theft
• Failure to properly safeguard
27. PROPOSED CHARGES – CORRECTIVE ACTIONS
Corrective Actions
• Failure to stop ongoing violation
• Inaccurate information concerning corrective actions
pertaining to foreign person employees
28. MY ASSUMPTIONS ABOUT FLIR’S COMPLIANCE PROGRAM
•Legacy export compliance program designed for
yesterday’s paradigm
•The focus is on Physical Domain Controls:
•Physical Location Controls – e.g. TCPs, Signage, etc.
•Physical Access Controls – e.g. Foreign Person Employment,
Visitor Controls, Badging, Locks, etc.
•Physical Transfer Controls – e.g. Freight Shipments, Courier
Shipments, and Hand-carry
28
29. •Characteristics of FLIR’s Legacy Export Compliance
Program:
•Paper policy dependent
•Tribal knowledge dependent
•User behavior dependent
•Manually executed
•Opaque
• Manual execution leads to lack of visibility, which leads to…
• Lack of oversight
•Geared for Physical Domain Controls
•Decentralized 29
MY ASSUMPTIONS ABOUT FLIR’S COMPLIANCE PROGRAM
30. •They generally don’t know:
• What their data is,
• Its value,
• Where it is located,
• Who has access,
• When it’s being transferred, and to whom, or
• Whether or not location, access, and transfers are export compliant
•They lack visibility into our cyber assets and transactions
•They lack cyber compliance capabilities
30
MY ASSUMPTIONS ABOUT FLIR’S COMPLIANCE PROGRAM
31. Legacy Approach to Export Controls
Business Cycle
Classify & control
time of export
shipment
Data exchanged with Customers
Data exchanged with Vendors
If your external data exchanges
look like this, you have significant
risk.
32. Legacy Approach to Export Controls
Business Cycle
Data exchanged internally
If your internal data exchanges
look like this, you have significant
risk.
Classify & control
time of export
shipment
33. If the previous slides described your compliance program,
you’re company is at risk of becoming the next FLIR.
33
WORD OF CAUTION
35. CONSENT AGREEMENT OVERVIEW
Consent Agreement Terms, Conditions, and Requirements are described in 27 paragraphs:
1. Parties to the CA
2. Department of State (DOS) has jurisdiction
3. Respondent's commitment to compliance & remedial
measures
4. Incorporation of CA requirements into new acquisitions
5. 60 day prior notification of sale/restructuring
/merger/divestiture
6. Ensure adequate staffing for ITAR compliance with clearly
defined lines of authority and career paths
7. Internal Review of ITAR compliance resources (120 days)
8. Appointment of Designated Official & DO Responsibilities
9. Strengthened corporate compliance procedures & training
10. Self-assessment of functional processes (60 day status
report, and final report 120 days after receiving DDTC input)
11. Implementing Policies & Procedures called for paragraph 8
12. Comprehensive automated export compliance system
13. Two external audits required
14. Audit 1 (within 12 months)
15. Audit 2 (within 36 months)
16. Penalty - $30 million
17. Can't charge back to the government or claim as tax
deduction
18. Misappropriation and/or failure to properly track funds
19. Debarment – fulfill CA provisions or face debarment
20. Onsite reviews by DOS
21. Understandings
22. Acknowledgement of nature and seriousness of alleged
offenses
23. Signing resolves civil penalties and administrative
sanctions with respect to civil violations
24. Waiver of rights and additional monetary penalty for
failure to implement CA
25. Written certification to DDTC
26. Documents made public
27. Effective upon execution of the Order
36. 16. PENALTY
$30 million total
• $15 million to be paid in installments
• $15 million to be reinvested in remedial measures
• $5 million credit for work performed
$10 million total / 3000 employees = $3,333.00 per employee
37. CONSENT AGREEMENT OVERVIEW
Consent Agreement Terms, Conditions, and Requirements are described in 27 paragraphs:
1. Parties to the CA
2. Department of State (DOS) has jurisdiction
3. Respondent's commitment to compliance & remedial
measures
4. Incorporation of CA requirements into new acquisitions
5. 60 day prior notification of sale/restructuring
/merger/divestiture
6. Ensure adequate staffing for ITAR compliance with clearly
defined lines of authority and career paths
7. Internal Review of ITAR compliance resources (120 days)
8. Appointment of Designated Official & DO Responsibilities
9. Strengthened corporate compliance procedures & training
10. Self-assessment of functional processes (60 day status
report, and final report 120 days after receiving DDTC input)
11. Implementing Policies & Procedures called for paragraph 8
12. Comprehensive automated export compliance system
13. Two external audits required
14. Audit 1 (within 12 months)
15. Audit 2 (within 36 months)
16. Penalty - $30 million
17. Can't charge back to the government or claim as tax
deduction
18. Misappropriation and/or failure to properly track funds
19. Debarment – fulfill CA provisions or face debarment
20. Onsite reviews by DOS
21. Understandings
22. Acknowledgement of nature and seriousness of alleged
offenses
23. Signing resolves civil penalties and administrative
sanctions with respect to civil violations
24. Waiver of rights and additional monetary penalty for
failure to implement CA
25. Written certification to DDTC
26. Documents made public
27. Effective upon execution of the Order
38. 4. & 5. MAD IMPLICATIONS
4. Acquisitions
• CA requirements incorporated into any acquisition within 6
months
5. Mergers
• CA requirements apply to any merger, restructuring, or
acquisition
• 60 days prior notice with signed acknowledgement of purchaser
39. CONSENT AGREEMENT OVERVIEW
Consent Agreement Terms, Conditions, and Requirements are described in 27 paragraphs:
1. Parties to the CA
2. Department of State (DOS) has jurisdiction
3. Respondent's commitment to compliance & remedial
measures
4. Incorporation of CA requirements into new acquisitions
5. 60 day prior notification of sale/restructuring
/merger/divestiture
6. Ensure adequate staffing for ITAR compliance with clearly
defined lines of authority and career paths
7. Internal Review of ITAR compliance resources (120 days)
8. Appointment of Designated Official & DO Responsibilities
9. Strengthened corporate compliance procedures & training
10. Self-assessment of functional processes (60 day status
report, and final report 120 days after receiving DDTC input)
11. Implementing Policies & Procedures called for paragraph 8
12. Comprehensive automated export compliance system
13. Two external audits required
14. Audit 1 (within 12 months)
15. Audit 2 (within 36 months)
16. Penalty - $30 million
17. Can't charge back to the government or claim as tax
deduction
18. Misappropriation and/or failure to properly track funds
19. Debarment – fulfill CA provisions or face debarment
20. Onsite reviews by DOS
21. Understandings
22. Acknowledgement of nature and seriousness of alleged
offenses
23. Signing resolves civil penalties and administrative
sanctions with respect to civil violations
24. Waiver of rights and additional monetary penalty for
failure to implement CA
25. Written certification to DDTC
26. Documents made public
27. Effective upon execution of the Order
40. 6. & 7. TC RESOURCES
6. TC Resources
• Ensure adequate resources are dedicated to ITAR compliance
• Establish policies and procedures governing TC resources
• Ensure lines of authority, performance evaluations, and career paths
7. Resource Study
• Within 120 days, Respondent and Designated Official (DO) shall
conduct a review and establish an action plan for addressing
resource issues.
Resources
WorkloadsRisks
Conduct a time study
41. CONSENT AGREEMENT OVERVIEW
Consent Agreement Terms, Conditions, and Requirements are described in 27 paragraphs:
1. Parties to the CA
2. Department of State (DOS) has jurisdiction
3. Respondent's commitment to compliance & remedial
measures
4. Incorporation of CA requirements into new acquisitions
5. 60 day prior notification of sale/restructuring
/merger/divestiture
6. Ensure adequate staffing for ITAR compliance with clearly
defined lines of authority and career paths
7. Internal Review of ITAR compliance resources (120 days)
8. Appointment of Designated Official & DO Responsibilities
9. Strengthened corporate compliance procedures & training
10. Self-assessment of functional processes (60 day status
report, and final report 120 days after receiving DDTC input)
11. Implementing Policies & Procedures called for paragraph 8
12. Comprehensive automated export compliance system
13. Two external audits required
14. Audit 1 (within 12 months)
15. Audit 2 (within 36 months)
16. Penalty - $30 million
17. Can't charge back to the government or claim as tax
deduction
18. Misappropriation and/or failure to properly track funds
19. Debarment – fulfill CA provisions or face debarment
20. Onsite reviews by DOS
21. Understandings
22. Acknowledgement of nature and seriousness of alleged
offenses
23. Signing resolves civil penalties and administrative
sanctions with respect to civil violations
24. Waiver of rights and additional monetary penalty for
failure to implement CA
25. Written certification to DDTC
26. Documents made public
27. Effective upon execution of the Order
42. 8., 9., & 11 POLICIES, PROCEDURES, & TRAINING
8. Establishes Designated Official (DO) Requirement
• Appointment within 60 days
• Areas of responsibility
• Specific Duties – oversight of remedial measures/expenditures and
incorporation into business plans at the senior executive level
• Reporting – tracking of violations, 6 mo. status reports, including accounting
• Policies & Procedures
43. POLICY & PROCEDURE
As described in Paragraph 8:
• Staffing
• Integration into business planning
• Supplier vetting (foreign manufacturing facilities)
• Identity management (Foreign Person & DN/TCNs)
• Restricted parties screening
• Identification & classification of defense articles & services
• Identification & classification of technical data
• Export authorization management (scope, terms, conditions,
provisos, & temporary exports)
• Part 130
• Maintenance & protection of and access to technical data on
computer networks or other electronic method of storage or
transfer
• Physical security controls
• Shipping (exports, reexports, and retransfers)
• Record-keeping
• Detect, prevent, & report violations
44. 8., 9., & 11 POLICIES, PROCEDURES, & TRAINING
9. Strengthened Compliance Program & Training (12 months)
• Instituted strengthened corporate compliance procedures
• Training
• All employees engaged in ITAR-regulated activities
• All personnel responsible for supervising employees, including managers of business
units
• Training records (who, what, when, where, how)
11. Requires the company to implement PP8 policies & procedures
45. CONSENT AGREEMENT OVERVIEW
Consent Agreement Terms, Conditions, and Requirements are described in 27 paragraphs:
1. Parties to the CA
2. Department of State (DOS) has jurisdiction
3. Respondent's commitment to compliance & remedial
measures
4. Incorporation of CA requirements into new acquisitions
5. 60 day prior notification of sale/restructuring
/merger/divestiture
6. Ensure adequate staffing for ITAR compliance with clearly
defined lines of authority and career paths
7. Internal Review of ITAR compliance resources (120 days)
8. Appointment of Designated Official & DO Responsibilities
9. Strengthened corporate compliance procedures & training
10. Self-assessment of functional processes (60 day status
report, and final report 120 days after receiving DDTC input)
11. Implementing Policies & Procedures called for paragraph 8
12. Comprehensive automated export compliance system
13. Two external audits required
14. Audit 1 (within 12 months)
15. Audit 2 (within 36 months)
16. Penalty - $30 million
17. Can't charge back to the government or claim as tax
deduction
18. Misappropriation and/or failure to properly track funds
19. Debarment – fulfill CA provisions or face debarment
20. Onsite reviews by DOS
21. Understandings
22. Acknowledgement of nature and seriousness of alleged
offenses
23. Signing resolves civil penalties and administrative
sanctions with respect to civil violations
24. Waiver of rights and additional monetary penalty for
failure to implement CA
25. Written certification to DDTC
26. Documents made public
27. Effective upon execution of the Order
46. 10. SELF-ASSESSMENT
10. Self-Assessment
• Internal assessment of functional processes to evaluate compliance
• Conducted under the review of a functional/process expert who is
independent of Trade Compliance
• Plan do within 60 days of the date of the Order
47. 10. SELF-ASSESSMENT - FUNCTIONS
HR IT Finance Legal
Executive
Mgmt.
Trade
Compl.
Property
Operational Functions
Support and Management Functions
Business
Development
Supply
Chain
QualityProduction Logistics
Aftermarket
Support
Marketing SalesEngineering
48. SUPPORT & MANAGEMENT PROCESSES
Hiring
Onboarding
Recruiting
Job Formulation
Promotions
Transfers
Deployment
Termination
Network Admin
Server Admin
App Admin
Admin Admin
User Admin
Cyber Security
AR
Payments
AP
Bus. Ptnr. Mgmt.
Receipts
Mergers
Acquisitions
Divestitures
JVs
Legal Entity Mgmt.
Support
Comms
Planning
Strategy
Structure Mgmt.
Property Mgmt.
Physical Security
Facility Mgmt.
EAM
TVP
JCM
RPL
IIED
AAM
CAM
TPM
TCPM
HR IT Finance Legal
Executive
Mgmt.
Trade
Compl.
Property
49. SUPPORT & MANAGEMENT SYSTEMS
HR IT Finance Legal
Executive
Mgmt.
Trade
Compl.
Property
EMS
Entity Mgmt.
System EMS
Entity Mgmt.
SystemAR
Accounts
Receivable
AP
Accounts
Payable
HCM
Human
Capital Mgmt.
REM
Real Estate
Mgmt.
AD
Active
Directory
DMZ
De-Militarized
Zone
IDM
Identity
Mgmt.
EPE
Electronic Policy
Engine
EAM
Export Authorization
Mgmt.
JCM
Jurisdiction,
Classification & Marking
RPL
Restricted Party
List Screening
51. OPERATIONAL SYSTEMS
CRM
Customer Rel.
Mgmt.
CMS
Contract
Mgmt.
IWS
Internet
Website ERP
Ent. Res.
PlanningERP
Ent. Res.
Planning
RFX
Request
For X
SRM
Supplier Rel.
Mgmt.
MES
Mfg. Exec.
System
ERP
Ent. Res.
Planning
ERP
Ent. Res.
Planning
QAS
Qual. Ass.
System
LMS
Log. Mgmt.
System
ERP
Ent. Res.
Planning
BPS
Business Purs.
System
QBP
Quotes, Bids,
& Proposal
Business
Development
Supply
Chain
QualityProduction Logistics
Aftermarket
Support
Marketing SalesEngineering
ERP
Ent. Res.
Planning
PLM
Product
Lifecycle
Mgmt.
52. CONSENT AGREEMENT OVERVIEW
Consent Agreement Terms, Conditions, and Requirements are described in 27 paragraphs:
1. Parties to the CA
2. Department of State (DOS) has jurisdiction
3. Respondent's commitment to compliance & remedial
measures
4. Incorporation of CA requirements into new acquisitions
5. 60 day prior notification of sale/restructuring
/merger/divestiture
6. Ensure adequate staffing for ITAR compliance with clearly
defined lines of authority and career paths
7. Internal Review of ITAR compliance resources (120 days)
8. Appointment of Designated Official & DO Responsibilities
9. Strengthened corporate compliance procedures & training
10. Self-assessment of functional processes (60 day status
report, and final report 120 days after receiving DDTC input)
11. Implementing Policies & Procedures called for paragraph 8
12. Comprehensive automated export compliance system
13. Two external audits required
14. Audit 1 (within 12 months)
15. Audit 2 (within 36 months)
16. Penalty - $30 million
17. Can't charge back to the government or claim as tax
deduction
18. Misappropriation and/or failure to properly track funds
19. Debarment – fulfill CA provisions or face debarment
20. Onsite reviews by DOS
21. Understandings
22. Acknowledgement of nature and seriousness of alleged
offenses
23. Signing resolves civil penalties and administrative
sanctions with respect to civil violations
24. Waiver of rights and additional monetary penalty for
failure to implement CA
25. Written certification to DDTC
26. Documents made public
27. Effective upon execution of the Order
53. 12. AUTOMATED SYSTEM
12. Comprehensive Automated Export Compliance System
• Strengthen internal controls and enhance oversight
• Track decision from initiation to conclusion of a request for export,
reexport, or retransfer
• Initial identification of technical data and technical assistance proposed to
be disclosed to any Foreign Persons
• Means of alerting users to ITAR requirements on electronic transmissions of
controlled data
• Training to all employees to ensure all technical data exports are authorized
in accordance with compliance policies & procedures
54. 12. AUTOMATED SYSTEM
There is no silver bullet
System of systems approach is required
• Business Partner Management
• Identity Management
• Restricted Parties Screening
• Jurisdiction, Classification, & Marking
• Export Authorization Management
• Export Transaction Management (visitors, travel, shipments, tech data
transfers, access controls)
• Incident Management
• Corrective Action Management
• Business Intelligence
Export Administration Act (EAA) - International Emergency Economic Powers Act (IEEPA) – Export Administration Regulations (EAR) – Bureau of Industry Security (BIS) - Commerce Control List (CCL)
Arms Export Control Act (AECA) – Directorate of Defense Trade Controls (DDTC) – International Traffic in Arms Regulations (ITAR) – United States Munitions List (USML)
§120.7 Significant military equipment.
(a) Significant military equipment means articles for which special export controls are warranted because of their capacity for substantial military utility or capability.
(b) Significant military equipment includes:
(1) Items in §121.1 of this subchapter which are preceded by an asterisk; and
(2) All classified articles enumerated in §121.1 of this subchapter.
[58 FR 39283, July 22, 1993, as amended at 62 FR 67275, Dec. 24, 1997]
Back to Top
§120.8 Major defense equipment.
Pursuant to section 47(6) of the Arms Export Control Act (22 U.S.C. 2794(6) note), major defense equipment means any item of significant military equipment (as defined in §120.7) on the U.S. Munitions List having a nonrecurring research and development cost of more than $50,000,000 or a total production cost of more than $200,000,000.
U.S. export compliance regimes were designed to address the proliferation threats and risks of the Cold War. Thus, they are geared to enforce controls in the physical domain.
U.S. export compliance regimes were designed to address the proliferation threats and risks of the Cold War. Thus, they are geared to enforce controls in the physical domain.
In summary, the community is ill-equipped to meet either the business or export compliance challenges of our globally-networked, information-driven economy.
In summary, the community is ill-equipped to meet either the business or export compliance challenges of our globally-networked, information-driven economy.