Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Risk Determination in Export Compliance

1,345 views

Published on

A parallel between HACCP process based risk management and export compliance

Published in: Technology, Business
  • Be the first to comment

Risk Determination in Export Compliance

  1. 1. Risk Determination International Trade Compliance ICPA Jasper Helder, Baker & McKenzie, Amsterdam [email_address]
  2. 2. <ul><li>Introduction </li></ul>
  3. 3. Int. Trade regulatory remit (non-exhaustive) <ul><li>Product related </li></ul><ul><ul><li>Export Controls </li></ul></ul><ul><ul><li>Customs classification & origin </li></ul></ul><ul><ul><li>VAT rate/Excise duties </li></ul></ul><ul><ul><li>Product safety & RoHS </li></ul></ul><ul><ul><li>Labelling & Packaging </li></ul></ul><ul><ul><li>Environmental </li></ul></ul><ul><li>Transaction related </li></ul><ul><ul><li>Sanctions & embargoes </li></ul></ul><ul><ul><li>FCPA </li></ul></ul><ul><ul><li>AML & Forex </li></ul></ul><ul><ul><li>Incoterms </li></ul></ul>
  4. 4. Legal appreciation of compliance programs <ul><li>US: factor for mitigation of consequences of non-compliance </li></ul><ul><li>EU: Authorised Economic Operator demands compliance program and compliance function </li></ul><ul><ul><li>AEO confers benefits for customs processes </li></ul></ul><ul><ul><li>Export Compliance: national requirements for granting general/global licenses </li></ul></ul>
  5. 5. Agenda <ul><li>The compliance function as a risk: organisational challenges </li></ul><ul><li>A systematic approach to risks: comparison with the HACCP model </li></ul><ul><li>An example: Export Controls Compliance in the Defense sector </li></ul>
  6. 6. <ul><li>The compliance function as a risk: organisational challenges </li></ul>
  7. 7. Organisational challenges <ul><li>Allocating resources </li></ul><ul><ul><li>“Fire fighting” or pro active risk management? </li></ul></ul><ul><li>Allocating the right resources </li></ul><ul><ul><li>“Empowered Official” under section 120.25 ITAR </li></ul></ul><ul><ul><ul><li>Authority for policy or management </li></ul></ul></ul><ul><ul><ul><li>Legally empowered </li></ul></ul></ul><ul><ul><ul><li>Understanding export control statutes </li></ul></ul></ul><ul><ul><ul><li>Independent authority to review and verify legality of transactions without adverse recourse </li></ul></ul></ul>
  8. 8. Organisational challenges <ul><li>Internal authority </li></ul><ul><ul><li>Budgets </li></ul></ul><ul><ul><li>To whom does compliance report? </li></ul></ul><ul><ul><li>Internal enforcement of decisions/policies/procedures </li></ul></ul><ul><ul><ul><li>Independent review? </li></ul></ul></ul>
  9. 9. Organisational challenges <ul><li>External authority </li></ul><ul><ul><li>Empowered for external representation </li></ul></ul><ul><li>Understanding the regulatory environment </li></ul><ul><ul><li>Experience is one very good source (but one source besides others) </li></ul></ul><ul><ul><li>“ Train the trainer” </li></ul></ul>
  10. 10. <ul><li>A systematic approach to risks: comparison with the HACCP model </li></ul>
  11. 11. A systematic approach to risks <ul><li>Hazard Analysis Critical Control Point (HACCP) </li></ul><ul><ul><li>“ a systematic preventive approach to food and pharmaceutical safety that addresses physical, chemical and biological hazards as a means of prevention rather than finished product inspection ” </li></ul></ul><ul><ul><li>ISO 22000 </li></ul></ul><ul><ul><li>Process based approach to identifying, monitoring and actioning risks to prevent non-compliance (or reduce chances to acceptable levels) </li></ul></ul>
  12. 12. A systematic approach to risks <ul><li>HACCP Principle 1: Conduct a risk analysis </li></ul><ul><ul><li>A risk is a circumstance which may cause a legal requirement not to be met </li></ul></ul><ul><ul><li>A compliance plan determines the risks and identifies the preventive measures the plan can apply to control these risks </li></ul></ul><ul><ul><li>Identify processes </li></ul></ul>
  13. 13. A systematic approach to risks <ul><li>HACCP Principle 2: Identify critical control points </li></ul><ul><ul><li>A Critical Control Point (CCP) is a point, step, or procedure in a process at which control can be applied and, as a result, a risk can be prevented, eliminated, or reduced to an acceptable level </li></ul></ul>
  14. 14. A systematic approach to risks <ul><li>HACCP Principle 3: Establish critical limits for each critical control point </li></ul><ul><ul><li>A critical limit is the maximum or minimum value to which a risk must be controlled at a critical control point to prevent, eliminate, or reduce that risk to an acceptable level </li></ul></ul>
  15. 15. A systematic approach to risks <ul><li>HACCP Principle 4: Establish critical control point monitoring requirements </li></ul><ul><ul><li>Monitoring to gain control over a process at each critical control point </li></ul></ul><ul><ul><li>Monitoring procedures and frequency incorporated in a compliance plan </li></ul></ul>
  16. 16. A systematic approach to risks <ul><li>HACCP Principle 5: Establish corrective actions </li></ul><ul><ul><li>Actions when monitoring indicates a deviation from an established critical limit </li></ul></ul><ul><ul><li>Corrective actions to be taken if a critical limit is not met </li></ul></ul><ul><ul><li>Corrective actions must prevent reoccurrence </li></ul></ul>
  17. 17. A systematic approach to risks <ul><li>HACCP Principle 6: Establish record keeping procedures </li></ul><ul><ul><li>Risk analysis </li></ul></ul><ul><ul><li>Compliance plan & procedures </li></ul></ul><ul><ul><li>Monitoring of critical control points </li></ul></ul><ul><ul><li>Corrective Actions (?) </li></ul></ul>
  18. 18. A systematic approach to risks <ul><li>HACCP Principle 7: Establish procedures for ensuring the system is working </li></ul><ul><ul><li>Validation to ensure that the compliance procedures are operating in practice </li></ul></ul><ul><ul><li>In itself a critical control point </li></ul></ul>
  19. 19. <ul><li>An example: Export Controls Compliance in the Defense sector </li></ul>
  20. 20. Compliance Layer 1: Product-related Export Controls <ul><li>US Rules </li></ul><ul><ul><li>Military: ITAR (Dept. of Defense Trade Controls) </li></ul></ul><ul><ul><li>Dual Use: EAR (Commerce Dept., BIS) </li></ul></ul><ul><li>EU Rules </li></ul><ul><ul><li>Military Export Controls </li></ul></ul><ul><ul><li>Dual Use Lists </li></ul></ul><ul><li>National Rules </li></ul><ul><ul><li>Military Lists </li></ul></ul><ul><ul><li>Dual Use lists </li></ul></ul>
  21. 21. Compliance Layer 2: Transaction related Export Controls <ul><li>US Rules: </li></ul><ul><ul><li>ITAR “no go countries” (DDTC) </li></ul></ul><ul><ul><li>Sanctions & Embargoes (OFAC) </li></ul></ul><ul><li>EU Rules </li></ul><ul><ul><li>Sanctions & Embargoes </li></ul></ul><ul><li>National Rules </li></ul><ul><ul><li>Sanctions & Embargoes </li></ul></ul><ul><ul><li>National Control Lists of persons/entities etc. </li></ul></ul>
  22. 22. <ul><ul><li>Be self conscious about your supplier’s compliance </li></ul></ul><ul><ul><ul><li>Do not assume your supplier is getting it right </li></ul></ul></ul><ul><ul><ul><li>Make sure your end of the project is reflected in your suppliers compliance steps </li></ul></ul></ul><ul><ul><li>ITAR or EAR classified ? </li></ul></ul><ul><ul><ul><li>Commodity jurisdiction required ? </li></ul></ul></ul><ul><ul><li>US Authorisation needed ? </li></ul></ul><ul><ul><ul><li>Scope for use of ITAR exemptions ? </li></ul></ul></ul><ul><ul><ul><li>Export License: any re-export/retransfer needs ? </li></ul></ul></ul><ul><ul><ul><li>TAA: scope of work clearly identified ? </li></ul></ul></ul>Verify “US Connection”
  23. 23. Determine EU & National Controls <ul><li>Item subject to EU Dual Use Controls or Military Controls ? </li></ul><ul><ul><ul><li>If on Military List </li></ul></ul></ul><ul><ul><ul><ul><li>identify National (and EU) Transaction Controls that may apply </li></ul></ul></ul></ul><ul><ul><ul><ul><li>screen other parties engaged in transactions </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Projects: any intra-EU transfers needed </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>(check if US Authorizations allow this!) </li></ul></ul></ul></ul></ul><ul><ul><ul><li>If not on Military List </li></ul></ul></ul><ul><ul><ul><ul><li>Check Annex I and Annex IV EU Dual Use Reg </li></ul></ul></ul></ul><ul><ul><ul><ul><li>If not on Annex I: check Military End Use and National Controls </li></ul></ul></ul></ul>
  24. 24. Elements of practical implementation <ul><li>Fixed product catalog: implement Export Control status in Item Master Data in SAP or other ERP systems </li></ul><ul><li>Projects: </li></ul><ul><ul><li>Identify Logistics Flows and Tech Data Flows </li></ul></ul><ul><ul><li>“ Compliance Map” </li></ul></ul><ul><li>Before applying for Export Licenses: check the past ! </li></ul>
  25. 25. Risk Determination International Trade Compliance ICPA Jasper Helder, Baker & McKenzie, Amsterdam [email_address]

×