Archive for the ‘DOJ’ Category

U.S. Department of Justice (DOJ) – Enhanced Security Plan Sets Best Practices for Use of Cloud Services for Sensitive Data

2018/04/04

By:  Pablo LeCour, Partner, plecour@deloitte.co.uk; Tina Carlile, Senior Manager, ticarlile@deloitte.co.uk; and Ziyu Chin, Senior Consultant, ziyu.chin@deloitte.co.uk. All of Deloitte.

In December 2017 a global software company serving the telecommunications industry settled charges with the U.S. Department of Justice for violating U.S. controls on foreign access to sensitive data, including export controlled information. As part of the settlement, the company agreed to implement an Enhanced Security Plan designed to increase information security by regulating remote access to company networks and transfers of sensitive data.

The Enhanced Security Plan is a helpful benchmark for network providers seeking to protect sensitive information about U.S. telecommunications networks and other critical infrastructure.

Many tech companies develop software using foreign technical personnel both inside and outside of the U.S. The use of a global technical workforce increases the risk of unauthorized access to U.S. controlled information, including sensitive network data and data critical to the U.S. domestic communications infrastructure. Unauthorized access has consequences from an export controls perspective – under the U.S. Export Administration Regulations (EAR) and U.S. International Traffic in Arms Regulations (ITAR) licenses might be required to store U.S. sensitive data in overseas servers or for non-U.S. persons to handle, transmit or access controlled software, technology or technical data that is subject to U.S. jurisdiction. The Enhanced Security Plan provides an example of how these information security requirements can be met by:

  • Requiring authentication and tracking of changes to systems software through code-signing and other means;
  • Restricting access, transmission and storage of certain sensitive data to U.S.-based servers and U.S.-based network infrastructure; and
  • Controlling access by non-U.S. persons and implementing procedures for the proper vetting and licensing of non-U.S. employees and agents.
  • Additionally, the Enhanced Security Plan recommends an effective compliance program that includes the following:
  • Appointing a Security Director with appropriate authority, reporting lines, independence, skills, and resources to ensure compliance;
  • Implementing a Security Policy that describes the management of user identity and access, and building systems that monitor unauthorized attempts to access and screen personnel;
  • Conducting periodic third-party audits of the security procedures and their implementation; and
  • Engaging a third-party auditor to ensure compliance.

Companies doing business with the U.S. government or in connection with critical U.S. infrastructure, as well as companies that handle or use export-controlled technology, software, technical data, and cloud or network services, should review the DOJ Enhanced Security Plan requirements and consider including them within their own compliance programs.


Justice Publishes Summary of Major U.S. Export Enforcement, Economic Espionage, Trade Secret, and Embargo-Related Criminal Cases

2017/03/30

2017/03/30

(Source: Justice)

The U.S. Department of Justice (DoJ) has published its Summary of Major U.S. Export Enforcement, Economic Espionage, Trade Secret, and Embargo-Related Criminal Cases, (January 2014 to the present: updated February 17, 2017), available at here.

The list contains a brief description of some of the major export enforcement, economic espionage, theft of trade secrets, and embargo-related criminal prosecutions by the Justice Department since January 2014. These cases resulted from investigations by the Homeland Security Investigations (HSI) [formerly Immigration and Customs Enforcement (ICE)], the Federal Bureau of Investigation (FBI), the Department of Commerce’s Bureau of Industry and Security (BIS), the Pentagon’s Defense Criminal Investigative Service (DCIS), and other law enforcement agencies.


DOJ Publishes “Guidance Regarding Voluntary Self-Disclosures, Cooperation, and Remediation in Export Control and Sanctions Investigations Involving Business Organizations”

2016/11/15

(Source: Department of Justice, National Security Division)

The subject Guidance document is available for download HERE.  Below is a reprint of the Introduction of the 11-page document.

Foreign governments and other non-state adversaries of the United States are engaged in an aggressive campaign to acquire superior technologies and commodities that are developed, manufactured, and controlled in, and by, the United States. Such acquisitions – when conducted in contravention of U.S. law and policy – undermine the comparative and competitive advantages of U.S. industries and warfighters and, consequently, the national and economic security of the United States.

Thwarting these unlawful efforts is a top priority for the National Security Division (NSD) of the Department of Justice (DOJ). Working in partnership with U.S. Attorneys’ Offices, law enforcement and regulatory agencies, other U.S. government stakeholders, and our foreign government counterparts, NSD utilizes an “all-tools” approach to prevent and combat the unlawful export of commodities, technologies, and services, as well as to block trade and transactions with sanctioned countries and designated individuals and entities.

In particular, NSD has made it a priority to pursue willful export control and sanctions violations by corporate entities and their employees. Working with the U.S. Attorneys’ Offices, NSD aggressively directs and supports investigations of corporate criminal misconduct through grand jury subpoenas, search warrants, witness interviews, and other mechanisms to obtain evidence from multinational corporations operating in U.S. markets or utilizing the U.S. financial system. Where appropriate, NSD pursues international assistance to obtain the necessary evidence to build criminal cases. Where such investigations reveal willful violations of U.S. export controls and sanctions, NSD and U.S. Attorneys’ Offices seek to hold corporate entities criminally liable and prosecute culpable employees individually.Consequently, business organizations and their employees are at the forefront of our enforcement efforts. As the gatekeepers of our export-controlled technologies, business organizations play a vital role in protecting our national security. However, when NSD learns of willful violations of U.S. export controls and sanctions, NSD is committed to using all of its tools to protect our national security and deter similar criminal misconduct.

This Guidance memorializes the policy of NSD to encourage business organizations to voluntarily self-disclose criminal violations of the statutes implementing the U.S. government’s primary export control and sanctions regimes – the Arms Export Control Act (AECA), 22 U.S.C. § 2778, and the International Emergency Economic Powers Act (IEEPA), 50 U.S.C. § 1705.

This Guidance applies only to export control and sanctions violations. It sets forth the criteria that NSD, through the Counterintelligence and Export Control Section (CES) and in partnership with the U.S. Attorneys’ Offices, uses in exercising its prosecutorial discretion in this area and in determining the possible benefits that could be afforded to an organization that makes a voluntary self-disclosure (VSD), as defined below. This Guidance also implements in export control and sanctions cases the memorandum of the Deputy Attorney General dated September 9, 2015, promoting greater accountability for individual corporate defendants (DAG Memo on Individual Accountability), as well as the November 2015 revisions to the Principles of Federal Prosecution of Business Organizations set forth in the U.S. Attorneys’ Manual (USAM Principles). See USAM 9-28.000 and USAM 9-28.900.

Almost all criminal violations of U.S. export controls and sanctions harm the national security or have the potential to cause such harm.  This threat to national security informs how NSD and U.S. Attorneys’ Offices arrive at an appropriate resolution with a business organization and distinguishes these cases from other types of corporate wrongdoing. In determining what credit to give an organization that voluntarily self-discloses illegal export control or sanctions conduct, fully cooperates, and remediates flaws in its controls and compliance program, federal prosecutors must balance the goal of encouraging such disclosures and cooperation with the goal of deterring these very serious offenses. If successful, this Guidance will serve to further deter individuals and companies from engaging in export control and sanctions violations in the first place, encourage companies to implement strong export control and sanctions compliance programs to prevent and detect such violations, and, consistent with the DAG Memo on Individual Accountability, increase the ability of NSD and U.S. Attorneys’ Offices to prosecute individual wrongdoers whose conduct might otherwise have gone undiscovered or been impossible to prove.

This Guidance aims to provide greater transparency about what is required from companies seeking credit for voluntarily self-disclosing potential criminal conduct, fully cooperating with an investigation, and remediating. Accordingly, the Guidance first explains what constitutes a VSD, full cooperation, and timely and appropriate remediation. Second, the Guidance provides examples of aggravating factors that, if present to a substantial degree, could limit the credit an organization might otherwise receive, though the company would still find itself in a better position than if it had not submitted a VSD, cooperated, and remediated. Third, the Guidance explains the possible credit that may be afforded to a business organization that complies with the mandates set out below, including the disclosure of all relevant facts about the individuals involved in the wrongdoing. Finally, the Guidance provides sample scenarios that demonstrate the application of this policy.

Ordinarily, when an organization voluntarily self-discloses violations of U.S. export controls and sanctions, it presents its VSD to the appropriate regulatory agency under the procedures set forth in the agency’s regulations. It is not the purpose of this Guidance to alter that practice. Business entities should continue to submit VSDs to the Department of State, Directorate of Defense Trade Controls (DDTC) for violations of the International Traffic in Arms Regulations (ITAR); to the Department of Commerce, Bureau of Industry Security (BIS) for violations of the Export Administration Regulations (EAR); and to the Department of the Treasury, Office of Foreign Assets Control (OFAC), for violations of U.S. sanctions regulations. However, as discussed further below, when an organization, including its counsel, becomes aware that the violations may have been willful, it should within a reasonably prompt time also submit a VSD to CES.

This Guidance does not supplant the USAM Principles. Prosecutors must consider the ten factors set forth in the USAM when determining how to resolve criminal investigations of organizations. However, this Guidance does set forth the way that NSD and U.S. Attorneys’ Offices will evaluate credit for companies that voluntary self-disclose, fully cooperate, and remediate in export control and sanctions cases.

Full Document: http://files.constantcontact.com/4545a8d7301/6536ffe2-60e6-451c-991a-6c6f6c1cdb17.pdf?ver=1476300088000


Justice Department Publishes Major Export Enforcement Cases

2016/08/09

(Source: Justice)

The link below provides a brief description of some of the major export enforcement, economic espionage, theft of trade secrets, and embargo-related criminal prosecutions by the Justice Department since January 2008. These cases resulted from investigations by the Homeland Security Investigations (HSI) [formerly Immigration and Customs Enforcement, (ICE)], the Federal Bureau of Investigation (FBI), the Department of Commerce’s Bureau of Industry and Security (BIS), the Pentagon’s Defense Criminal Investigative Service (DCIS), and other law enforcement agencies. This list of cases is not exhaustive and only represents select cases.

The Department of Justice, National Security Division, has posted its “SUMMARY OF MAJOR U.S. EXPORT ENFORCEMENT, ECONOMIC ESPIONAGE, TRADE SECRET AND EMBARGO-RELATED CRIMINAL CASES (January 2009 to the present: updated August 12, 2015)” at the DOJ website.


Compliance Professionals: The Federal Government is Coming for You!

2015/10/01

By: Stephen Wagner

In my article on Personal Liability for Export Violations, originally published in February 2015, I warned that a federal appellate court had recently decided in United States v. Trek Leather, Inc., 767 F.3d at 1288, 96-99 (Fed. Cir. 2014) (en banc), that corporate officers may be held personally liable for civil penalties in cases in which import laws were violated.  I speculated that export enforcement agencies may use the ruling in Trek Leather to increase their assessments of civil penalties against the principals of export companies.

That speculation just turned into a virtual certainty.

In a move that will have far-reaching effect on exporters – as well as importers and any company whose activities are regulated by the federal government – the U.S. Department of Justice (DoJ) issued a memorandum dated September 9, 2015, on Individual Accountability for Corporate Wrongdoing.

The new guidelines prioritize the Justice Department’s focus on individual responsibility in cases involving both civil and criminal corporate wrongdoing, and set forth six steps that will strengthen the DoJ’s “pursuit of individual corporate wrongdoing”:

  1. In order to qualify for any [consideration for cooperation under the DoJ’s Principles of Federal Prosecution of Business Organizations], corporations must provide to the Department all relevant facts relating to the individuals responsible for misconduct.
  2. Criminal and civil corporate investigations should focus on individuals from the inception of the investigation.
  3. Criminal and civil attorneys handling corporate investigations should be in routine communication with one another.
  4. Absent extraordinary circumstances or approved departmental policy, the Department will not release culpable individuals from civil or criminal liability when resolving a matter with a corporation.
  5. Department attorneys should not resolve matters with a corporation without a clear plan to resolve related individual cases, and should memorialize any [decision not to bring civil claims or criminal charges against the individuals who committed the misconduct] in such cases.
  6. Civil attorneys should consistently focus on individuals as well as the company and evaluate whether to bring suit against an individual based on considerations beyond that individual’s ability to pay.

(Emphasis added.)

What does all of this mean for executives and employees working in export compliance?

It is important to understand that whenever a U.S. government enforcement agency such as the Office of Export Enforcement (OEE) in the Bureau of Industry and Security or Homeland Security Investigations (HSI) (on behalf of the Directorate of Defense Trade Controls) initiates an investigation, it follows DoJ guidelines with an eye toward bringing civil and/or criminal charges against the violators.  While individuals have always been subject to charges for criminal violations of export laws, rarely before have individual executives or compliance professionals in an export company faced civil charges and monetary penalties for export violations.

And then came Trek Leather, which put individuals on notice that they could be held personally liable for export violations and made to pay civil penalties in such cases.  (Over $570,000 for the president of Trek Leather.)  Now, these DoJ guidelines make clear that compliance professionals at all levels will be in the crosshairs when federal enforcement officials investigate a potential violation.

In fact, the DoJ memo makes it a prosecutorial requirement that formal consideration of potential charges against individuals be part of any process of resolving claims against the company in general.  Moreover, in the event that an investigation concludes with criminal or civil charges against a corporation and the investigators do not want to press charges (criminal or civil) “against the individuals who committed the misconduct,” such a decision must be approved in writing by the United States Attorney (the senior lawyer in every judicial district) or an Assistant Attorney General.  This high standard will make it incredibly difficult for charges to be brought against an exporter without charges being brought against the individual who is responsible for the violation.

These new Justice Department guidelines also create a two-way incentive for companies to offer up to investigators the individuals responsible for violations and for individuals to spill everything on their superiors who also knew of the behavior.  As seen in the first of the “six steps” above, companies cannot obtain leniency under federal charging (and sentencing) guidelines unless they provide “all relevant facts” regarding the individuals involved.  Turning to the individuals, the DoJ comments as follows:

“by focusing our investigation on individuals, we can increase the likelihood that individuals with knowledge of the corporate misconduct will cooperate with the investigation and provide information against individuals higher up the corporate hierarchy.”

(Emphasis added.)

This language clearly implies that – going forward – the initial focus of federal investigators will be not only presidents and chief compliance officers of the company, but also those employees who are responsible for day-in day-out export compliance matters and who, most likely, actually committed the violation.

As I and my colleague, Andrew Ittleman, discussed in our March 2015 webinar on personal liability for export violations, there are steps that companies and compliance professionals should take to help mitigate the risk of personal liability for civil penalties.  These steps include reviewing and updating company policies, indemnifications, insurance, and governance documents (e.g., bylaws or operating agreements) so as to address the new risks to individual employees presented by these DoJ guidelines.  However, as the new DoJ guidelines make clear (and as we discussed in the webinar), the best overall protection for compliance professionals is still to have a robust export compliance program and to faithfully execute that program every day.


Justice is Blind…Unless You’re a Native of China—In That Case, Assume the Position!

2015/10/01

By: Danielle McClellan

Earlier this year (May 2015) a Chinese-American Physics Professor at Temple University was dragged from his home in handcuffs accused of emailing design schematics for a pocket heater to a colleague in China.  This pocket heater is not the device you put in your coat pocket at chilly November football games but is a sensitive piece of equipment used in superconductor research.  Dr. Xiaoxing Xi, Chairman of the Physics Department, was arrested in front of his daughters, stripped of his professional position, and restricted from having any communications with anyone at Temple University. DOJ Press Release: http://www.justice.gov/usao-edpa/pr/university-professor-charged-wire-fraud-scheme.

Fast forward to last week…the government has dropped all charges against Dr. Xiaoxing Xi after finding out that the design schematics that they thought were for a pocket heater were actually for something else. Apparently, the prosecutors and FBI agents did not understand the design and jumped the gun when they saw the email with the blueprints. The US government is aggressively combating against outside and inside employees trying to steal government and corporate secrets…but that doesn’t excuse this.

Dr. Xi said this to the New York Times: I don’t expect them to understand everything I do. … But the fact that they don’t consult with experts and then charge me? Put my family through all this? Damage my reputation? They shouldn’t do this. This is not a joke. This is not a game.

Dr. Xi’s lawyer, according to the Times, went further and suggested that the prosecution targeted Dr. Xi because he was Chinese. If he was Canadian-American or French-American, or he was from the U.K., would this have ever even got on the government’s radar? I don’t think so.

It should also be noted that a similar case was dismissed a few months ago…seems that following the rules may not keep you out of trouble anymore if you are an American citizen of Chinses ancestry.

More Information: http://www.nytimes.com/2015/09/12/us/politics/us-drops-charges-that-professor-shared-technology-with-china.html?_r=4


Export Compliance Training? Important? You betcha!

2011/04/04

By: John Black

The risks of fines of hundreds of thousands — or even millions — of dollars for violations make export compliance important.  The complicated, arcane, and voluminous regulations that impose incredible burdens on your day-to-day business activities make export compliance difficult.  A thorough and effective multi-level company training program makes a reasonable level of export compliance achievable.

A company needs three levels of training

1)      Expert training: The core export compliance experts need to be experts on the rules

2)      Awareness training:  A wide range of company personnel need to trained to know what issues export rules create and how to handle them or whom to ask for help

3)      Executive training:  Top level management needs to understand the risks of violation and how export rules impact the company’s business activities so management can decide how much money and resources to spend on compliance.

This article will focus on expert training.  I will write articles later to discuss the other training.

A starting point for any company export compliance program is for the company to figure out what the rules are and how they apply they apply to the company’s products, technologies and activities.  This usually means that the company, depending on its size and export issues, appoints one or two, or maybe a few people to be the export compliance experts.  While someone new to export compliance theoretically could learn the rules by reading the rules, it is usually much better for the newbie to be taught what the rules say and how they work before digging into the voluminous, arcane, and complicated regulations.  There are various export control regulations—the Export Administration Regulations (EAR), the International Traffic in Arms Regulations (ITAR), the Foreign Trade Regulations (FTR), plus the various Office of Foreign Assets Control (OFAC) regulations—and the company needs to know if and how each of these regulations impacts the company.

And, unfortunately, a quick glance is not enough and common sense won’t help—who would think the ITAR regulates exports of items involved in sending TV signals for the Sunday football game to your house?  You need to learn what the rules actually say.  Beware of company folk lore—“we’ve always done it this way,” or “if we sell to the military its ITAR, but if we sell to somebody else it is not ITAR,” or “the ITAR does not let you put technical data in the ‘public domain.’”  You need to focus on learning the rules themselves.

Beware of oral information that contradicts the rules—whether from a government or other source.  Sure, maybe today the government interprets the word “green” to include “yellow” because yellow is a precursor to green.  But if the rules do not say that, and you act as if green does not include yellow, you have put yourself in a defendable position, to say the least.  Most of us do not talk to every government official in Washington so that we know the interpretation of the day — and we don’t know if 99% or only 0.01% of the government interprets green to include yellow.  Learn how to read the rules — then do what they say!

Once you start on the long path to becoming an expert on the rules, you have to figure out what procedures you will implement to help your company follow the rules.  Technically, in most cases, implementing procedures is optional because it is not a violation to fail to have compliance procedures.  It certainly is prudent, however, to implement compliance procedures if you want to do a good job on compliance.

Going to a live seminar is the best form of training.  There is nothing better than being able to interrupt a knowledgeable speaker and ask a question when it pops into your head.  A key part of live training may be the 5 minutes you spend at a break talking to the instructor about a specific issue.  Electronic or online training is better than nothing if your company is not willing to pay for live training, or if live training is otherwise not an option.

In any event, you need to make sure the people giving the training are experts on the rules.  They need to be able to give practical advice on the many different approaches you can take in implementing company procedures to follow the rules.  Verify the expertise of the trainers.  A person’s title or pay grade is not a key factor, nor is whether the person works in or outside of the government.  The best thing to do is talk to industry experts who actually have received training from the person giving the training you are considering.

Your goal should be to become an expert on the rules, or perhaps an expert on the rules that specifically impact your company.  This is a difficult task but you can do it.  (If I can do it, anybody can, trust me.)  To be an expert, you need regular and repeated training.  The first training you get to introduce you to the topic may be overwhelming, so just try to pick the most important issues—for example, take away the fact that you need to do export jurisdiction determinations and classifications for all of your hardware, technical data and software, but don’t worry if you didn’t memorize the second exception to the first prohibition in the antiboycott regulations.

Go to each training after the first with two objectives.  First, to hear people validate that what you think is true is true.  These export rules are often illogical and hard to believe so you might start doubting your understanding.  You will get value from just listening to somebody say that a convoluted rule means what you think it means.  You second objective is to learn more.  Eventually you need to understand the second exception to the first prohibition in the antiboycott regulations.  I know people who are experts and continue to attend the same seminar 5 – 10 times because they always get something new out of it.

If you are an export compliance professional, you need to embrace this reality:  The more you learn about the export compliance rules, the more difficult it becomes to comply with the rules.  Think about it:  A novice thinks export controls just mean taking care of exports of products.  As that person learns more he realizes that export compliance applies to hundreds of emails leaving his facility daily, and then that his employees with work visas present export compliance issues.  More and more training will not make your life easier, but will likely just add more things to your list of things do to as you learn about a rule you did not know about, or as you notice a different aspect of a rule.

As you can see, training is not a onetime event.  You should be training at least once a year, and I recommend twice a year in most cases.  I already discussed how the complexity of the rules calls for repeated training.  These rules also change.  The government procedures often change (hmm, the ITAR Agreement Guidelines come to mind!).  You need to stay up to date with changes and continue to grow and build your expertise.

Having well trained export compliance experts is good for your company.  Being a well-trained export compliance expert is good for you.  As your expertise grows, so does your confidence in your knowledge, and that puts you in a better position to tell your engineer “yes, it is true that we have to treat the employee with a work visa as an export issue.”  You will encounter people who want to comply with what the rules ought to say or what they would like for them to say.  You argue against those people by showing them what the rules say.  Your expertise will enable you to point to the rules as the basis for the positions you take so you can say “maybe it does not make sense, but this is what it says.”

And, of course, being well trained on export compliance is a valuable addition to your resume!

***************************************

John Black has been in the field of export controls since 1984, is a consultant with BSG Consulting and a regular speaker for The Export Compliance Training Institute (ECTI).  ECTI offers live seminars for US Companies and companies located overseas.  The current schedule of their seminars can be found at http://learnexportcompliance.com/schedule


The Check’s in the Mail (Export Control Reform [Again])

2010/06/09

Editorial Analysis by John Black

I am old.  I can’t even count the number of times I have heard well intentioned high level government officials tell us that they plan to make significant reforms in the US export control system.  Some government officials have told me that they are going to make the system so transparent and user friendly that they will put consultants like me out of business.

It’s been 26 years for me in this business and numerous government pledges to make things better.  As far as I can tell, I am still here and there is still a huge demand for assistance in dealing with the infinite number of problems that US export controls create for companies who try to comply with the rules.  Yes, this reform could be different.

So, I apologize (for a change) in advance for being the cynic as a good number of my peers spout enthusiastically about Defense Secretary Gates’ call for comprehensive reform to the US export control system.  Reform certainly makes sense.  Comprehensive reform could both promote national security and make compliance a bit easier for companies.

Comprehensive reform is highly unlikely.  Adjustments to certain aspects of US export controls might be the better-than-nothing result we should hope for.  And, changes to the current system that will create a lot of extra work for us without actually improving anything is what we should fear.   (Well, this last scenario will probably be a gold mine for my seminar and consulting businesses.)

On behalf of the Obama Administration, Secretary Gates called on Congress to make sweeping reforms.  There are four pillars of the reform:

1)      Create a single export control list.

2)      Create a single export licensing government agency.

3)      Designate a single agency to coordinate the currently dispersed export enforcement resources.

4)      Create a single, unified IT infrastructure for the US export control system

Items 1 and 2 seem to be the focus of most of joyful exporter discussions.  Item 3 seems to be closely related to item 2, except I guess the licensing agency and the enforcement agency could be separate agencies.  Item 4 is the least talked about and would be a relatively natural consequence of item 2.

I once again apologize in advance. Something I do now that I am old.  Here is my editorial view of the 4 pillars.

Single Control List

The number of export control lists we have is not as big a problem as a) the US imposing severe military product type controls on non-military products such as satellites; and b) the difficulty determining where an item is controlled.

We could get a single list and keep those two problems.  We could have bombs, satellites, and machine tools on the same list.  But if the new single list says that satellites are subject to the same ITAR-type requirements as bombs, we have we gained nothing.  If in the current structure, satellites were moved from the ITAR to the EAR but that move included creating EAR MLAs, TAAs, exclusion from the de minimis rule, etc. for satellites and the US continued to deny all licenses involving countries such as China, the list switch doesn’t benefit satellite companies.

READ THIS:  And, worse yet, unfortunately, a single list could increase the risk that items currently controlled by the friendly EAR rules could be made subject to ITAR type export controls.  Right now, the EAR structure is not set up to impose ITAR type controls on, let’s say, a super duper machine tool.  But if both military and commercial items exist in the same list, that implies that some items will be covered by ITAR type controls and some will be covered by EAR type controls.  So, if that machine tool is covered by regulations that include ITAR type controls, the government could much more easily  apply ITAR type controls to machine tools because the ITAR type controls would be part of the regulations that apply to that single list.

On to problem b):  A significant problem companies face is determining whether an item is controlled by the ITAR’s USML or the EAR’s CCL.  (The fact that companies might not like their commercial items being subject to ITAR-type controls is discussed above.)  For example, let’s say a single list merges renames ITAR Category XI as ECCN 6A881 and Category XII as 6A882 and puts those ECCNs into EAR Category 6.  If the new ECCNs use the words from the former ITAR categories, then the difficulty in figuring out whether something is controlled by 6A881, 6A882 or 6A003 is the same as the current problem of figuring out if something is Category XI, Category XII, or 6A003.

The difficulty in determining jurisdiction/classification is due to the words used in categories XI and XII—these words are sometimes ambiguous and open to interpretation, and perhaps that is a naturally unavoidable problem that a single control list will make neither better nor worse.  But a bigger problem might be the fact that DDTC is willing to say an item is controlled by categories XI or XII even if there are no words in the ITAR that says that item is controlled by either of those categories.  (The ITAR says DDTC can put USML controls on things not mentioned in the USML, and DDTC says the USML is “illustrative” of the things subject to ITAR jurisdiction.)  So, some exporters live in a world where DDTC imposes ITAR controls on a thing not described by the ITAR—that is a world where “white” might mean “black” so some companies live in fear that their product, that they treat under the EAR could be the next “QRS-11 case,” a case where DDTC imposed ITAR controls on a commercial aircraft part, just because it wanted to.  So, some companies err on the conservative side and treat items as being ITAR controlled because maybe DDTC would want to control them.  Since the new regulations that apply to the single list will be able to apply ITAR-type controls to some items and EAR-type controls to other items, the implications of making the wrong classification decision in the single list could be as serious as the current risk associated with making the wrong ITAR vs. EAR jurisdiction determination.

But, at least, if you classify an item as being 6A003 when, in fact, the government thinks it is 6A882, you won’t make the current mistake of getting an EAR license for an ITAR item.  But the new single list rules could still impose an extremely harsh penalty if you export a 6A882 item under the 6A003 rules—say you export a 6A003 item under an EAR-type license exception to China when in fact it is subject to ITAR-type military rules..  The penalties might be described in a different way, but why would we assume that mistake will be subject to lesser penalties?

Single Agency

If there is going to be a single control list, there probably will first have to be a single agency.  Some agency will have to take the lead in combining the control lists and the regulations that go around them.  If that single agency is transparent, customer-service oriented, efficient, and friendly, life will be good.  If that single agency is the opposite, life will be bad.  I won’t make any stereotypical statements about the current State and Commerce department export licensing agency strengths and minuses.

If I am a company who exports only items classified as 9A991 and EAR99, the last thing I want is a single agency and a single set of regulations because I am thinking that things can only get worse than they are now.  If I am a company who makes satellites, maybe I think a single agency can only make things better.  But, ultimately, it is the rules and policies that are the issue, not the number of agencies who administer them.  Sure, at the margin a single agency may improve consistency of interpretation (perhaps) and there might be benefits to the one-stop-shop export licensing agency.  But, it is ultimately the regulations, rules, policies and procedures that are the biggest issue, not the number of agencies involved.

And I didn’t even talk about the fierce turf wars that will be involved in deciding what government department gets to have the single export control agency.  The turf wars make take so long that by the time they are resolved, President Palin won’t favor the single agency idea anyway.

Conclusion

Don’t get me wrong. I support export control reform.  And I know that reforms, if possible, could enhance our national security and make compliance a bit easier for exporters.

Obama’s reform plan is based on good ideas.  I see the biggest challenge as being reforming the rules and policies that underlie the multi-control list and multi-agency structure we have.  So many organization, agencies, and people have a vested interested in the current rules and policies—maybe of those entities and people created the system we have now, and they did it for what they see to be good reasons.  And those entities, even at the lowest level of government, have an enormous capability to prevent real reform, even if the White House supports reform.  (Remember when President Clinton’s Administration announced the Defense Trade Security Initiative and decided to create the special bulk ITAR authorizations (“Global Project,” etc.)  for certain trade with our allies?  DDTC ended up setting up those bulk authorizations in a way that no company wanted to use them.  To prevent the White House from reforming the ITAR, DDTC had to implement the idea, but DDTC maintained the status quo by implementing that reform idea in a way that effectively blocked reform.  We did get the allies maintenance exemption out of that, which was a decent improvement, but not a sweeping reform.)

Export control reform is a great idea.  It is long overdue.  But pardon me for wondering if real reform is possible.  Who among you remember these labels for past reforms:  “China Green Zone,” “The Core List” (and “The Bikini List”), the Defense Capabilities Initiative, and the ever popular “Higher Fences around Fewer Products,” and, of course, the above mentioned “DTSI.”

When I use the word reform, I mean significant and meaningful changes to the current system, not just superficial changes made that result in marginal improvements.  Marginal changes to the system are not reform.  They are adjustments.  Adjustments can be good, and they are certainly possible.

At the end of the day, the White House is going to have to invest a great deal of time, effort and political capital into achieving its objectives, and even more if those objectives end up being beneficial for national security and exporters.  US companies will have to invest a great deal of their resources into this too if they want to get beneficial reform.  I think ultimately, most companies believe they have better places to spend their government relations budgets and ultimately the White House and Congress will decide they have better places to spend their time.  Many of those with vested interests in the current system do not have a better place to invest their time and resources and they are willing to fight a slow war of attrition against reforming what they have created.

I do not think significant reform will happen.

I hear that most people in Washington disagree with me.   Somebody just told me that Washington insiders are convinced real reform will happen.

I rest my case.


Businessman Pleads Guilty to Illegal Bribes

2009/10/22

By: Danielle McClellan

Joseph T. Lukas, a partner in Nexus Technologies Inc., has pled guilty in connection with a conspiracy to bribe Vietnamese government officials. Nexus was a privately owned export company that found US vendors for Vietnamese government contracts that involved underwater mapping equipment, bomb containment equipment, helicopter parts, chemical detectors, satellite communication parts and air tracking systems. Lukas was in charge of the negotiations of these contracts with US suppliers. The Vietnamese officials included the commercial branches of Vietnam’s Ministries of Transport, Industry and Public Safety.

Lukas admitted that from 1999 to 2005, he and other Nexus employees agreed to, and paid, bribes to Vietnamese government officials in order to obtain contracts. These bribes were covered up as “commissions” in Nexus’s accounting records. Court records indicate that Nexus paid over $150,000 to Vietnamese officials over the 6 year period.

Lucas has been indicted for one count of conspiracy to bribe Vietnamese public officials, in violations of the Foreign Corrupt Practices Act (FCPA) along with Nexus and co-conspirators Nam Nguyen, Kim Nguyen and An Nguyen. Cases are still pending against the other defendants and Nexus. Lukas is scheduled for sentencing on April 6, 2010 and faces a maximum sentence of 10 years in prison and $350,000 fine.

More information:


Man Arrested for Smuggling Military Aircraft Engines to Iran

2009/09/02

By: Danielle McClellan

A suspected international arms dealer has been arrested on charges that he and an accomplice conspired to illegally export F-5 fighter jet engines and parts from the US to Iran. Jacques Monsieur, a Belgian national and resident of France has been a suspected arms dealer for decades and may have finally smuggled his last shipment.

Monsieur and his accomplice, Dara Fotouhi, an Iranian citizen living in France, were indicted on August 27, 2009 for conspiracy, money laundering, smuggling and for violations of the AECA, and IEEPA. The two have been working with the Iranian government to procure military items for the Iranian government for years. Monsieur was arrested immediately after his plane landed in New York after the indictment and Fotouhi remains at large. Both face up to 65 years in prison if charged with the maximum for each sentence.

The indictment alleges that in February 2009, Monsieur contacted an undercover agent seeking to purchase engines for the F-5 fighter jet and/or the C-130 military transport aircraft for export to Iran. These engines are on the US Munitions List and require a license for export; the engines are also controlled under the Iran embargo and require an OFAC license for export. Monsieur met with the undercover agent in Paris and London along with Fotouhi to discuss the illegal transaction and the logistics of getting the engines and parts from the US to the UAE and then into Iran.

Over the course of several months Monsieur sent the undercover agent purchase orders for the engines and parts and wired $110,000 from Dubai to the agent’s bank account in Alabama and assured the undercover agent that he would deposit another $300,000 as down payment for 2 F-5 fighter jet engines.

We will continue to follow this story for updates.

More information: DOJ News Release