Risk Determination in Export Compliance

Risk Determination International Trade Compliance ICPA Jasper Helder, Baker & McKenzie, Amsterdam [email_address]

Int. Trade regulatory remit (non-exhaustive) Product related Export Controls Customs classification & origin VAT rate/Excise duties Product safety & RoHS Labelling & Packaging Environmental Transaction related Sanctions & embargoes FCPA AML & Forex Incoterms

Legal appreciation of compliance programs US: factor for mitigation of consequences of non-compliance EU: Authorised Economic Operator demands compliance program and compliance function AEO confers benefits for customs processes Export Compliance: national requirements for granting general/global licenses

Agenda The compliance function as a risk: organisational challenges A systematic approach to risks: comparison with the HACCP model An example: Export Controls Compliance in the Defense sector

The compliance function as a risk: organisational challenges

Organisational challenges Allocating resources “Fire fighting” or pro active risk management? Allocating the right resources “Empowered Official” under section 120.25 ITAR Authority for policy or management Legally empowered Understanding export control statutes Independent authority to review and verify legality of transactions without adverse recourse

Organisational challenges Internal authority Budgets To whom does compliance report? Internal enforcement of decisions/policies/procedures Independent review?

Organisational challenges External authority Empowered for external representation Understanding the regulatory environment Experience is one very good source (but one source besides others) “ Train the trainer”

A systematic approach to risks: comparison with the HACCP model

A systematic approach to risks Hazard Analysis Critical Control Point (HACCP) “ a systematic preventive approach to food and pharmaceutical safety that addresses physical, chemical and biological hazards as a means of prevention rather than finished product inspection ” ISO 22000 Process based approach to identifying, monitoring and actioning risks to prevent non-compliance (or reduce chances to acceptable levels)

A systematic approach to risks HACCP Principle 1: Conduct a risk analysis A risk is a circumstance which may cause a legal requirement not to be met A compliance plan determines the risks and identifies the preventive measures the plan can apply to control these risks Identify processes

A systematic approach to risks HACCP Principle 2: Identify critical control points A Critical Control Point (CCP) is a point, step, or procedure in a process at which control can be applied and, as a result, a risk can be prevented, eliminated, or reduced to an acceptable level

A systematic approach to risks HACCP Principle 3: Establish critical limits for each critical control point A critical limit is the maximum or minimum value to which a risk must be controlled at a critical control point to prevent, eliminate, or reduce that risk to an acceptable level

A systematic approach to risks HACCP Principle 4: Establish critical control point monitoring requirements Monitoring to gain control over a process at each critical control point Monitoring procedures and frequency incorporated in a compliance plan

A systematic approach to risks HACCP Principle 5: Establish corrective actions Actions when monitoring indicates a deviation from an established critical limit Corrective actions to be taken if a critical limit is not met Corrective actions must prevent reoccurrence

A systematic approach to risks HACCP Principle 6: Establish record keeping procedures Risk analysis Compliance plan & procedures Monitoring of critical control points Corrective Actions (?)

A systematic approach to risks HACCP Principle 7: Establish procedures for ensuring the system is working Validation to ensure that the compliance procedures are operating in practice In itself a critical control point

An example: Export Controls Compliance in the Defense sector

Compliance Layer 1: Product-related Export Controls US Rules Military: ITAR (Dept. of Defense Trade Controls) Dual Use: EAR (Commerce Dept., BIS) EU Rules Military Export Controls Dual Use Lists National Rules Military Lists Dual Use lists

Compliance Layer 2: Transaction related Export Controls US Rules: ITAR “no go countries” (DDTC) Sanctions & Embargoes (OFAC) EU Rules Sanctions & Embargoes National Rules Sanctions & Embargoes National Control Lists of persons/entities etc.

Be self conscious about your supplier’s compliance Do not assume your supplier is getting it right Make sure your end of the project is reflected in your suppliers compliance steps ITAR or EAR classified ? Commodity jurisdiction required ? US Authorisation needed ? Scope for use of ITAR exemptions ? Export License: any re-export/retransfer needs ? TAA: scope of work clearly identified ? Verify “US Connection”

Determine EU & National Controls Item subject to EU Dual Use Controls or Military Controls ? If on Military List identify National (and EU) Transaction Controls that may apply screen other parties engaged in transactions Projects: any intra-EU transfers needed (check if US Authorizations allow this!) If not on Military List Check Annex I and Annex IV EU Dual Use Reg If not on Annex I: check Military End Use and National Controls

Elements of practical implementation Fixed product catalog: implement Export Control status in Item Master Data in SAP or other ERP systems Projects: Identify Logistics Flows and Tech Data Flows “ Compliance Map” Before applying for Export Licenses: check the past !

Risk Determination in Export Compliance

More Related Content

What's hot

Viewers also liked

Similar to Risk Determination in Export Compliance

More from jasperhelder

Recently uploaded

Risk Determination in Export Compliance