2. 2 | AEROSPACE & DEFENCE: SEIZE THE OPPORTUNITY FOR EFFICIENT COMPLIANCE
ASK YOURSELF …
What is your biggest vulnerability when considering export compliance?
Are compliance activities currently considered a constraint on the
services you provide?
Do they restrict the ability to react to new market opportunities?
Do you have total visibility of controlled assets across the entire
product life cycle?
Do you provide employees with adequate training and clearance to work
with export-controlled technologies?
Have you prepared for the recent changes to regulatory compliance?
Do you actively assess your suppliers to identify any gaps in capability?
Have you considered the implications of noncompliance?
SUMMARY
How vulnerable is your business to export control regulatory compliance?
Export control regulatory compliance is producing significant change in the Aerospace
& Defence industry. Composed of a complex supplier network, the Aerospace & Defence
industry has the overall responsibility to protect and control the movement of assets
and services from unauthorised users.
Even established businesses often lack the resources to make the kinds of
innovative improvements they need in order to comply in this highly regulated and
changing marketplace.
CSC’s integrated approach helps businesses to understand the challenges, discover
the full potential of existing systems, and focus on innovation to create an efficient
compliance environment.
CONTENTS
Executive Summary……………………………………………………………………………………………………………………… 3
Recent Compliance Performance Failures……………………………………………………………………………… 4
We Understand the Problem……………………………………………………………………………………………………… 5
This Is a Global Challenge…………………………………………………………………………………………………………… 5
Challenges Include Establishing Strategic Vision and Accountability……………………………… 7
We Can Help You Find a Solution……………………………………………………………………………………………… 7
Business Drives Compliance……………………………………………………………………………………………………… 7
Technology Enables Compliance……………………………………………………………………………………………… 8
Looking to the Future: Thought Leadership…………………………………………………………………………… 9
How CSC Can Help You……………………………………………………………………………………………………………… 10
3. 3 | AEROSPACE & DEFENCE: SEIZE THE OPPORTUNITY FOR EFFICIENT COMPLIANCE
A critical step to achieving
compliance is to ensure
effective governance
structures are established to
demonstrate true ownership
and accountability.
EXECUTIVE SUMMARY
Authority to export is a privilege — one that can be removed — and not a right. With
that reality in mind and as a result of emerging technologies, Aerospace & Defence
companies are rethinking their approach to the authority to export, to demonstrate an
increasingly automated and secure level of compliance.
Over the past 5 years, many companies in the industry have been extensively audited
to demonstrate compliance against renewed export control regulations. Some
companies are being fined significantly and required to sign consent agreements to
ensure that export compliance breaches are rectified within a given time period. The
implications of noncompliance are significant:
• Under U.S. law, the ability to export is a privilege, not a right. Failure to comply with
export control regulations can have severe consequences, with penalties reaching up
to $250,000 per occurrence. This can result in fines that run into millions of dollars.
• The U.S. government may impose a “denial of export privileges” as a penalty for
compliance violations, which means that penalised companies may not export
goods or services and may no longer compete for government contracts.
• Sanctions can be imposed on officers, directors, and employees for direct viola-
tions or failure to properly supervise subordinates. Other violations include aiding,
abetting, and conspiring to make a prohibited export. Services such as transporta-
tion, freight forwarding, brokering, and other export facilitation activities are also
subject to the sanctions.
Emerging technologies are enabling government bodies to require a level of process
automation that can segregate controlled data and ultimately provide an “always on”
auditing capability. When considering compliance, organisations face a number of
challenges, including cultural and systematic issues that question the maturity of their
compliance landscape. Traditionally seen as a reactive environment, a localised
quick-fix culture often results in inconsistent delivery of compliance-related activities.
Heroics are often needed by specialist resources to act in response to a violation —
which, at this stage, is often too late.
CSC has demonstrated recent success working with clients around the world to deliver
sustainable business transformation to embed compliance within their organisations.
We have done so by taking our clients through a journey that establishes a firm vision
and standardisation in compliance.
A critical step toward achieving compliance is to ensure effective governance struc-
tures are established, to demonstrate true ownership and accountability. The culture
aspect is about everyone knowing what they need to do and the importance of their
role within the organisation. Transformation to next-generation technology can be
used to enable a standardised way of working that demonstrates compliance.
4. 4 | AEROSPACE & DEFENCE: SEIZE THE OPPORTUNITY FOR EFFICIENT COMPLIANCE
RECENT COMPLIANCE PERFORMANCE FAILURES
Global export regulations have been established as a measure to protect global
security. International governments see regulation of production and distribution of
military technologies as a major priority. These regulations are one of the only external
threats to the defence industry that has the ability to close any manufacturer, regard-
less of scale, by removing their licence to operate.
There are substantial implications for any violation of export regulations. The associ-
ated penalties (often up to $250,000 per violation) could be considered enough to
cripple even an established global organisation. Penalties over the past 6 years are
shown below.
YEAR COMPANY PENALTY (IF KNOWN)
2016
Marc Turi and Turi Defense Group, Inc
Microwave Engineering Corporation
Rocky Mountain Instrument Company
2014
Intersil Corporation
Esterline Technologies Corporation $20 million
2013
Meggitt-USA, Inc
Aeroflex Incorporated
Raytheon Company $8 million (Source: Reuters)
2012
United Technologies Corporation $55 million
Alpine Aerospace Corporation
TS Trade Tech Incorporated
2011 BAE Systems Inc. $78 million
2010
BAE Systems (US) $400 million
BAE Systems (UK) £30 million
Note: Contains information on all consent agreements: https://www.pmddtc.state.gov/compliance/poa.html
5. 5 | AEROSPACE & DEFENCE: SEIZE THE OPPORTUNITY FOR EFFICIENT COMPLIANCE
WE UNDERSTAND THE PROBLEM
At its most basic form, export compliance breaks down into the recording, manage-
ment, and control of who performs the activity, what product or service it concerns,
where in the world the activity takes place, and why they are doing it (i.e., end use).
Only with these pieces of information can you evaluate compliance against regulations
and licence-applicability to make a proceed-or-deny decision.
THIS IS A GLOBAL CHALLENGE
Political landscape, increased security, and threats to national security
Most defence manufacturers operate globally, spanning international borders and
interfacing with multiple regulatory bodies. Recent political and economic changes
have heightened the focus on the regulation of controlled materials.
In the UK, a referendum resulting in the UK’s departure from the European Union has
left the applicability of some EU-derived elements of the UK’s legal and regulatory
framework for arms exports in question. At the point of departure, significant changes
to the regulatory landscape may be necessary. There is also a challenge for UK-based
manufacturers to adopt ITAR, EAR, and UK licencing regulations in an effective way.*
The extent of the challenges they face is expanded upon in the next section.
In Europe, there is a challenge to control the export of dual-use technology and military
goods, which is considered a crucial aspect of national security for each European
country. Companies with European headquarters are grappling with the export regula-
tions at the local, national and global levels. Europe consists of 44 countries, creating a
complex network of internal borders. But it also has many external borders, creating a
complex environment to control the movement of military goods. Membership and
participation in the North Atlantic Treaty Organisation (NATO) adds to this complexity.
The Asia-Pacific region is experiencing increased tension, in particular in the South
China Sea, which is driving increased defence activity and increased government
spending. With this comes a reliance on advanced military technology, a significant
amount of which comes from U.S. companies. Competition in the region is increasing,
and pressures are being applied to Australian defence services companies to be more
cost-effective, innovative and security conscious, with on-time delivery. CSC has
identified capability gaps in local defence organisations to manage and comply with
the strict requirements that arise from DEC, ITAR, EAR and the newly introduced
National Institute of Standards and Technology (NIST) Special Publication 800-171
Protecting Controlled Unclassified Information in Non-Federal Information Systems
and Organisations standard. Government and industry organisations tend to have a
reactionary approach to compliance that creates difficulties and delays with tendering
and project mobilisation, delivery, and problem-solving instances of noncompliance.
Export controls restrict the export of
goods, technology, technical data,
and certain controlled services in
the interest of protecting national
security. The following are examples
of regulatory bodies:
• Export Control Organisation (ECO)
was implemented by the UK
government to control commercial
dual-use and military goods.
• Export Administration Regulations
(EAR) was implemented by the
U.S. Department of Commerce for
items that have both a commercial
and potential military use.
• International Traffic in Arms
Regulations (ITAR) was imple-
mented by the U.S. Department
of State for military items and
defence services.
• Office of Foreign Assets Control
(OFAC), implemented by the U.S.
Treasury Department, administers
and enforces economic trade
sanctions to protect foreign policy
and national security goals.
• Defence Export Controls (DEC)
Australia is responsible to the
Minister for Defence for regulating
the export of defence and strate-
gic goods and technologies.
*More information on the effect of Brexit:
(http://researchbriefings.parliament.uk/ResearchBriefing/Summary/CBP-7551 )
Who? What? Where? Why?
Product
Location
EndUse
Supplier
6. 6 | AEROSPACE DEFENCE: SEIZE THE OPPORTUNITY FOR EFFICIENT COMPLIANCE
A culture of trying to fix
export compliance issues
after they have already
been established is not
what’s required.
Australia-based companies and their respective local supply chains involved in deliver-
ing and supporting U.S.-sourced defence technologies and capabilities have a business
imperative to maintain compliance with local legislation and policies as well as ITAR,
EAR and NIST standards. The business methods they employ to do this are recognised
as critical enablers for organisations to remain engaged in delivering current business
activities as well as winning future work that utilises U.S.-sourced defence technologies
and capabilities.
CHALLENGES INCLUDE ESTABLISHING STRATEGIC VISION
AND ACCOUNTABILITY
Organisations considering export compliance face a number of challenges that involve
cultural and systematic issues that question the maturity of their compliance environment.
Historically, there is a lack of awareness and compliance accountability within organi-
sations often, accentuated by an absence of strategic direction. Visible accountability
needs to be established within an organisation to ensure strategic focus regarding
export compliance as well as continual improvement necessary to stay in control of
compliance regulations.
A culture of trying to fix export compliance issues after they have already been
established as issues is not what’s required. In organisations where compliance experts
are sole providers of compliance mitigations, creating a silo of knowledge, risk
increases significantly. Experts are often distracted by a heavy administrative workload,
ultimately causing time delays and distraction from their total business value.
At the core lies a lack of trust in information and data governance structures, due to
the following issues:
• Strength of data underpins reliable and repeatable export compliance manage-
ment, which involves data validity, completeness, consistency, accuracy, verifiability
and accessibility.
• Licence and agreement information repositories are often outdated, inaccurate
and poorly maintained.
• Asset and location information (tangible and intangible) is often the most mature
part of any organisation. Typically, multiple complex technologies are implemented to
manage information in real time, resulting in a lack of wider integration to maximise
business value as well as a lack of definition of internal electronic boundaries.
• Identity and controls information tools are often disconnected from the core
business, resulting in a lack of visibility of resource movement throughout the
organisation, often leading to ineffective controls or unknown user activity.
7. 7 | AEROSPACE DEFENCE: SEIZE THE OPPORTUNITY FOR EFFICIENT COMPLIANCE
To truly change any
organisation, compliance
must be embedded within
its culture, ensuring there
is shared responsibility or
emotional connection.
WE CAN HELP YOU FIND A SOLUTION
CSC has demonstrated success working with AD clients to deliver sustainable
business transformation to embed compliance within normal working practises.
Through extensive engagement and problem analysis we have identified the following
considerations for compliance-focused transformations.
BUSINESS DRIVES COMPLIANCE
Consistency is key to the performance of any compliance-centric transformation,
establishing a proactive compliance service that follows a standardised process to
deliver a consistent message. A centralised compliance service can unlock a number of
benefits including the release of cost efficiencies, a proactive internal consultation
service, knowledge sharing, a streamlined process of operations, and easily auditable
systems and data.
Establishing strong partnerships throughout the supply chain ensures accuracy of
information, reduces duplication of effort, and checks controlled assets upon entry to
the business. Partnerships throughout the supply chain work together to improve
supplier engagement to demonstrate the importance of compliance, ensuring all
assets are marked at source and tracked throughout their life.
Internal governance structures must be established to drive accuracy and improve
integrity of information, establishing firm accountability and ownership; each function
should be responsible for the maintenance and governance of specific data related to
their area of expertise. For example, Human Resources (HR) should be responsible for
all HR-related identity information including security clearance, nationality, training
records and details of criminal convictions. The governance layer will ensure the data
stored within the systems is fit for purpose and trusted at every occasion.
One of the largest impacting benefits comes when businesses leverage communica-
tion channels to significantly increase awareness and understanding at all levels of the
organisation, using plain language every employee can understand.
Classificati
on
Management Control
Tracking
Supplier
Compliance Legislation
Licence
Management
Investigations Managem
ent Management
Asset
Identity
Asset
SERVICE MANAGEMENT
POLICYMANAG
EM
EN
T
CHAN
G
E
M
ANAGEMENT
RELATIONSHIP MANAGEMENT
OPTIMISATION
O
F
PROCESSES GREATER CUSTO
M
ER
SATISFACTION
RETURN
O
N
INVESTMENT POSITIVE CULTUR
A
L
SHIFT
Central
Supportive
Service
Standard
Approach
Instantly
Available
Information
Always-
On
Auditability
Embedded
Within the
Business
Employee
Under-
standing
8. 8 | AEROSPACE DEFENCE: SEIZE THE OPPORTUNITY FOR EFFICIENT COMPLIANCE
Once the information
is trusted, accurate and
governed, the business
can begin to leverage this
newfound integrity to
create an efficient
compliance culture.
To truly change any organisation, compliance must be embedded within its culture,
ensuring there is shared responsibility or emotional connection. Over time this will increase
awareness, allowing specific vulnerabilities to be targeted by communications campaigns
such as “Do I need a licence?” to explain all possible instances where a licence may be
needed. This can be used to increase the vigilance within the entire organisation and
lighten the load on compliance experts.
TECHNOLOGY ENABLES COMPLIANCE
The true potential of
compliance is unlocked
when a successful business
transformation is combined
with a series of technologies
to improve the accuracy
and agility of the compli-
ance service.
A critical step of this
transformation is to ascertain
that information sources are
accurate, ensuring data
governance is in place.
Identity, Licence, Asset, and
Location Information
sources must be trustworthy
as they hold the key to any
compliance-based decision.
Inclusion of a data manage-
ment system such as an Export Control Dashboard can give compliance teams instant
access to data, supporting effective management and audit control.
Once the information is trusted, accurate and governed, the business can begin to
leverage this newfound integrity to create an efficient compliance culture, using the
accuracy of this information to reduce duplication of effort and eliminate outlying costs.
Examples of the benefits of increased data governance include the following:
• Trusted Licence information allows accurate monitoring, reporting, and mainte-
nance of licence records, which serves as insurance against any violation. This can
be configured to produce a simple “Yes/No” decision-making process for queries
regarding licensable activities.
• Unlocking the true potential in Identity Management and Controls will allow an
organisation to perform necessary screening checks and monitor clearance validity
in real time to create a digital footprint, enabling the organisation to make informed
decisions on access to systems or buildings, or eligibility to work on a particular
product line.
• Asset tracking can be used to unleash the full power of any supply chain, enabling
an organisation to pinpoint any asset’s location at any time, regardless of its
position in the product life cycle. The key is to ensure all assets are marked with
visibility of classification; both physical and electronic marking should be used to
ensure controlled assets are instantly identifiable. This also involves data within ERP,
MRP, PLM and other core business systems.
W
hy?
W
hat?
W
her
e?
Who?
9. 9 | AEROSPACE DEFENCE: SEIZE THE OPPORTUNITY FOR EFFICIENT COMPLIANCE
AUTHORS
Graham Jardine is a Senior
Consultant at CSC specialising in the
Aerospace Defence industry.
Graham has experience working with
some of the industry’s largest clients,
specialising in Compliance and
Transformation Strategy.
gjardine@csc.com
Garry Green is a Managing Consultant
at CSC specialising in the Aerospace
Defence industry. Garry has a
passion for developing transformation
solutions that drive efficiencies and
enable clients to reshape their
businesses to meet changing business
needs. He has a strong background in
customer management, strengthened
by senior leadership positions in
industry-leading companies.
ggreen36@csc.com
LOOKING TO THE FUTURE: THOUGHT LEADERSHIP
Shared Vision and Empowering Workforce
On the surface, compliance appears to be a systematic change involving precise
technological adjustment to adhere to regulatory requirements. However, the greatest
success is achieved when the entire business promotes a compliance culture, develop-
ing a knowledgeable and informed connection with the reason why they need to
comply and fully understanding the responsibilities associated with compliance-related
activities. Establishing a shared vision empowers the workforce, clearly defining roles
and responsibilities to be sure that each employee considers any risk of noncompliance
at every stage of the journey.
Emergence of Digital Compliance
At the heart of this complex problem lies core business data. If an effective combina-
tion of technology and governance is established, any company can unlock an array of
next-generation digital technologies with the potential to significantly disrupt the
industry. Fully integrated licence information can enable an organisation to make
real-time decisions through a business intelligence platform e.g., use digital technolo-
gies such as machine learning to produce increasingly accurate decision-making
functionalities at the touch of a button. In addition, voice recognition technology could
be used as a compliance-focused equivalent.
W
hy?
W
hat?
W
her
e?
Who?
Ques
tion?
An
sw
er?
Initial Inputs Outputs
Vision
Leadership
Buy-in
Interviews with
Key Stakeholders
Vision
Intention Workshop
(Level 1 Enablers)
• Vision Drivers
• Challenges
• Strengths
• Opportunities
(Level 1 Enablers)
Strategy
User Experience
Building Block Construction
(Including Service Analysis)
Business Model Canvas
Strategic Assessment
Maturity Assessment
(Level 2 Enablers)
• Capability Maturity
Assessment
• Desired Outcomes
• Business Model Canvas
• Customer Perception Analysis
Transformation
Preparation
Mobilisation of Team
Engagement and
Communications
Governance Structuring
• Governance Structure
• Commercial Contracts
• Communication Plan
• Engagement Strategy
• Program Setup
10. 10 | AEROSPACE DEFENCE: SEIZE THE OPPORTUNITY FOR EFFICIENT COMPLIANCE
HOW CAN CSC HELP YOU?
To help clients transform with clarity and pace, CSC has created a proven framework of
activities that will add agility to any compliance-focused transformation.
Establishing a Compliance Strategy
CSC’s Compliance Consultancy Framework helps clients shape their compliance
journey through defining their vision, establishing strategic direction, and creating a
robust transformation program. We conduct detailed analysis of the strategic vision
and orchestrate a maturity assessment to help understand exactly where the client is
today and the path to success.
Focus on Transformation
CSC leads each client in establishing a stable transformation program that allows them
to work with existing partners, gain new levels of innovation and efficiency, use
innovative forms of engagement to dramatically increase compliance, control costs
and improve the customer experience.
ìì Learn more at csc.com/aerospace_defense.
REGIONAL CONTACTS
(Australia and New Zealand)
Dean Coughran is an Industry Leader
in Manufacturing/Aerospace
Defence (AD) at CSC. He is focused
on solving the most critical business
issues that affect the industry. Dean
sees this global initiative as a critical
step forward for the AD industry.
dcoughran@csc.com
Simon Aplin is a Senior Consultant at
CSC specialising in Export Compliance
in the Aerospace Defence industry.
Simon has extensive experience across
the defence, ICT and nuclear indus-
tries, managing export compliance
requirements across global trade
markets. He has worked with large
defence companies and government
organisations to facilitate business
solutions that are fully compliant with
complex export controls.
saplin2@csc.com