Successfully reported this slideshow.

ITAR Boot Camp

1,315 views

Published on

American Conference Institute’s acclaimed ITAR Boot Camp is an in-depth, practical nuts and bolts course on how to comply with the ITAR.

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

ITAR Boot Camp

  1. 1. Steve Tribble FLIR Systems Jahna Hartwig Williams Mullen
  2. 2. Agenda  Compliance Procedures  Investigations  Criteria for Filing Determination  Structure of Voluntary Disclosure  Post-Disclosure Actions  UTC Consent Agreement
  3. 3. Compliance Procedures Collecting and Reporting Issues  Channels for employees to report suspected violations (e.g., anonymous hotlines, sanitized email addresses, dedicated reporting websites, etc.)  Policy against retaliation for reporting  Procedures for stopping ongoing suspected violations and implementing any urgent mitigating actions  Procedures for conducting a thorough investigation of the suspected violations.  Broad enough to reveal related or similar violations with other shipments, product lines, business units, or geographic areas.
  4. 4. Compliance Procedures (cont’d)  Established responsibility for decision making regarding voluntary disclosure submissions  Criteria to consider when assessing the need to file a voluntary disclosure  Established responsibility for preparing and approving the filing  Procedures for providing notice to other government authorities when required or appropriate, (e.g., government sponsor, DSS, etc.).
  5. 5. What is An Internal Investigation?  Company Decision – Not Directed  Fact-Finding Activity  The Five “W’s”  Did a Violation of Law or Company Policy Occur  Must be Perceived as Thorough and Independent  An Extension of the Company’s Compliance Program  Regular Internal Audits  Best if an Established Process
  6. 6. Structuring An Internal Investigation - Scope  Specific Event Occurred  What Were the Circumstances?  What is Known About the Issue?  What Was Cause of the Issue?  Criminal Allegations Involved?  Is This a Pre-cursor to a Voluntary Disclosure?  Regular Compliance Audit  Established Process  Introductory or Advanced Audit
  7. 7. In-House or External  In-House Pros and Cons  Better Understanding of Company’s Business and Processes and Will Know the Various Players  May Not Be Objective  May Not Be Experienced in ITAR  External Counsel or Consultant  Impartial and Credible  Specific ITAR Experience  Established Relationship and Experience with DDTC to Help Navigate the “Mine Field”
  8. 8. Investigation - Data Collection  Determine Type of Issue – Logistics, Technical Data, Foreign National Access, Use of Authorizations  Unique Documentation Associated with the Issue  Must Collect Complete Documentation Set   More is better than Less Include referenced documents – drawings, specs, contracts  Emails Are Significant Source of Information   Open emails are subject to discovery Attorney-Client privilege is not guaranteed but should be invoked
  9. 9. Criteria for Filing Disclosure  National security implications  Legal obligation (e.g., 126.1 countries)  Contractual obligation to disclose to business partners  Anticipated activities that may be related to prior violations (e.g., future licenses for same party, ongoing service obligations)  Whether violations were systemic or a less significant “one time” mistake  Whether violations were egregious or non-egregious  Potential reputational damage, especially if the disclosure will or could be made public
  10. 10. Criteria for Filing Disclosure  Potential fines with or without disclosure  Risk of nonmonetary penalties, e.g., loss of export licenses      or export privileges, debarment from government contracting, placing on watch lists, etc. Risk of detection by government if not disclosed, including as a result of whistleblowers Period of time when illegal activities occurred How recent the activity was, and whether there is an applicable statute of limitations Previous disclosures or enforcement activity Relationship with government regulators
  11. 11. Structure of Voluntary Disclosure: Timing  Initial filing “immediately” after discovery  Must be filed before USG has knowledge from another source  Final filing within 60 days after “thorough review”
  12. 12. Structure of Voluntary Disclosure: Elements  Nature and Exact Circumstances of the Violation  Persons Involved in the Violation  Names, addresses, and contact information for all parties.  Relevant ITAR Authorizations  Relevant Products, Data and Services  Corrective Actions  Determine cause of the violation and design appropriate remedial actions  Enhance compliance procedures if necessary  May include disciplinary action for responsible employees
  13. 13. Structure of Voluntary Disclosure: Elements  Mitigating Factors  Whether the violation was intentional or inadvertent  Familiarity with laws and regulations  Past violations  Whether the violations are systemic  Existence of compliance measures, including training, that were in place to prevent such violations  Documentation  Copies of licenses, shipping documents and other relevant documents
  14. 14. Do’s and Don’ts of Voluntary Disclosure Do:  Ensure that the filing is complete and accurate  Accept responsibility  Explain mitigating factors  Fully implement corrective actions Don’t:  Conduct a sloppy or hurried investigation  File a Voluntary Disclosure if disclosure is Mandatory  Be defensive or argumentative in your filing  Try to hide bad facts  Ignore filing deadlines
  15. 15. Post-Disclosure Actions Implement Corrective Actions  Assign responsibility and due dates  Take appropriate disciplinary actions against responsible persons, including those who failed to detect or report the violations  Periodically assess remedial actions to confirm implementation  If requested, report status of corrective actions to DDTC
  16. 16. United Technologies Consent Agreement Key Violations— #1  Unauthorized exports and re-exports due to failure to establish jurisdiction of defense articles, defense services and technical data  Engine parts and technology exported from Canadian subsidiary to PRC   Had US modified software (“ITAR taint”) Was for a PRC military aircraft  Defense services to Venezuela (using NLR parts)
  17. 17. United Technologies Key Violations— #2  Unauthorized exports resulting from failure to exercise internal controls over technical data  Foreign persons co-located in US facilities with access to ITAR technology  US employee laptop with ITAR data left the laptop in the PRC when he departed
  18. 18. United Technologies Key Violations— #3 and 4  Failure to properly manage TAA’s and MLA’s  Poor Internal process for evaluating and addressing violations and for reporting them timely  “Waiver process”
  19. 19. United Technologies “Systemic, corporate wide failure to maintain effective ITAR controls and require immediate, comprehensive, effective remedial action across [UTC’s] many operating units and subsidiaries”  576 charges of unauthorized export and transfer of defense articles and technical data, and unauthorized provision of defense services, including proscribed destinations
  20. 20. United Technologies  $55M to the State Department ($7M immediately and $7M annually on each anniversary of the order + $20M assessed for remedial compliance measures internally will be suspended if met)  $20M to the Department of Justice, which could be suspended if applied to compliance remediation  Summary to be emailed to Sales Meeting Attendees
  21. 21. Contact Information Steve Tribble, FLIR Systems, Inc. Tel: 503-498-3301 Email: steve.tribble@flir.com Jahna Hartwig, Williams Mullen Tel: 202-293-8145 Email: jhartwig@williamsmullen.com

×