www.dlexports.com Copyright © 2011 DL Exports
1
Mass Export Center OCT 2011
BUILD YOUR EXPORT COMPLIANCE MANUAL
• Roles• Program elements• Audit tips
Natascha FinnertyDL Exports International, Inc
www.dlexports.com 2
BIS/DDTC RECOMMEND AN ECMP
• Published guidelines for establishing export management system– Nunn-Wolfowitz report google nunnwolfowitz– BIS/DDTC Compliance guidelines Programs are on their websites– DDTC guidelines
• BIS updated their guidelines in 2010 and have 9 elements– Includes managerial tasks– Administrative requirements
www.dlexports.com 3
IMPLEMENTING A PROGRAM TAKES ...
• Management commitment • Export Policy• Regulatory understanding• Resources• Time• Training
AB Tech
EXPORT POLICY
GOOD FOR BUSINESS• In successful companies,
compliance is part of the corporate culture
• It can be a competitive asset and should be listed on your website
• Small investment can save big over new penalties
www.dlexports.com 4
www.dlexports.com 5
WHERE TO START?
• Establish an Export Steering Committee
• Nominate a Focal Point• Engage kick off training• Review business and applicable
regulations
www.dlexports.com 6
• Conduct a risk assessment – see BIS guidelines
• Establish/revise policies & procedures that address cradle to grave of hardware and technology release life cycle – integrate into quality SOPs, other compliance programs
• Train personnel• Implement & audit
www.dlexports.com 7
EXPORT COMMITTEESuggested Members •Finance
•Legal
•HR
•IT
•Security
•Sales & Marketing
•Sales Admin.
•Contracts/Accounting
•Order Admin
•Manufacturing
•Traffic
www.dlexports.com 8
NEW CONSIDERATIONS• Effect of Sarb-Ox• Higher fines and penalties• New mitigating and aggravating factors• Export reform - Mixing of ITAR and EAR
rules?• Securing of IP from foreign parties or
customers• Are contractors or outsourced
companies screened?• Anonymous reporting?
www.dlexports.com 9
SARB-OX
• Upper Management needs to be informed and verify compliance as part of corporate governance
• Penalties could adversely affect financial position of company, whether public or private
• Could stop a sale or acquisition• Disclosure requirements
www.dlexports.com
10
Does SOX apply to your export issues?
• What percentage of your business is exports? Are you publicly held?
• What percentage of your suppliers is foreign?
• Is your company a related company?
• Do you export to resellers? If yes, whom do they sell to?
www.dlexports.com 11
COMPLIANCE PROGRAMS
• MUST PREVENT AND DETECT VIOLATIONS– DOES YOURS?
• HOW DO YOU USE METRICS TO MEASURE IT?
www.dlexports.com 12
TEMPLATE FOR PROCESSES
• Are they written in the active voice?
• Do they describe the responsible personnel?
• Do you detail the records that are created by the process?
• Is there a risk assessment and control process?
www.dlexports.com 14
RISK MITIGATION FOR EXPORT ISSUES• Level of technology, ITAR?• Is end-user known?• Dealings in countries of
concern?
RISK ASSESSMENT contd• Any potential misuse of product
(EPCI)?• Multiple shipping sites?• Do you control distribution
channels?• Do you require licenses and
need to adhere to qty, value, provisos?
• AES compliance?
www.dlexports.com 15
www.dlexports.com 16
REVIEW APPLICABLE REGULATIONS
• EAR (& Antiboycott)
• ITAR
• OFAC
• Foreign Trade Regs
• NISPOM
•CUSTOMS
•CONSENT AGREEMENTS
RISK ASSESSMENT• DO YOU EXPORT CONTROLLED
HARDWARE OR TECHNOLOGY? (ITAR/EAR)– Need export license application
procedures, processing, license management, closing
• Product classification• Classification of new products• Purchased Products
www.dlexports.com 17
RISK ASSESSMENT
• Do you know your customers?– Or sell thru distributors?– Or you find out about them later
• sw registrations • repair
www.dlexports.com 18
www.dlexports.com 19
PROCEDURES• Compliance Policy and Org chart with
responsibilities– Time to get management support– List back-ups to each key position– Central focal point
• Product matrix– Ongoing, tie it to new product release
• Country charts– Automate, where possible
• Denial list screening and managing hits
www.dlexports.com 20
EXPORT MANAGEMENT SYSTEM
• Duties are cross functional
• Employees receive training on export procedures
• Use an Action Plan until completed
www.dlexports.com 21
DOCUMENT THE PROGRAM• Borrow from your company’s
procedures templates and use flow charts– ISO, TQM, Industry Quality standards,
Sarbanes Oxley
• Upload an International Compliance website– Policy, training slides, product matrix,
FAQs
• Coordinate with other compliance efforts: Quarterly reports to management
www.dlexports.com
22
SampleOrder Rec’d
Conductscreening
Product matrixLic determ
Order OK?
•DPL, Entity, SDN-Country-High Risk
•Proliferation
Apply for lic.Cancel OrderContact ECM
Prepare DocsShip
Y
N
www.dlexports.com 23
Export Compliance and Management Program
1. Administrative Elements:– Management Commitment– Responsible Officials– Record Keeping– Training– Internal Reviews– Notifications
www.dlexports.com 24
Screening Elements
– Denial Orders– ECCN Classification/License
Determination– Diversion Risk– Nuclear End-Users/Uses– Chemical & Biological End-Users/Uses– Antiboycott Compliance– Add’l US Gov’t Agency Requirements
www.dlexports.com 25
STANDARD SCREENING PROCESS
Check all exports against:• Restricted Parties and updates• Product Matrix/Classification• License requirements• Restricted/Embargoed Countries• Antiboycott
www.dlexports.com 26
RESPONSIBILITY #1Product Matrix
• You need to review all products to determine if an export license may be required
• This is done export compliance manager with the help of IT
• Controlled items can be hw, sw, technology relating to – computers, – software with encryption, telecommunications
products, lasers– Industrial equipment and chemicals
www.dlexports.com 27
PRODUCT MATRIX
• This process is ongoing, and requires regular updates as new items are developed or upgraded.
• You need to determine the export commodity classification number (ECCN), countries that may require a license, and customs numbers (Sch B).
• The Product Matrix list is included in the Export Compliance Program.
www.dlexports.com 28
RESPONSIBILITY #2Denied Parties
• You need to ensure that you do not sell to prohibited parties identified by the US Government and, potentially, other gov’ts.
• Most companies need to get Compliance Screening Service for this purpose
• These lists are updated regularly by the government.
• We must determine who is the end-user, what is the end-use, who are the parties to the transaction
• Screening must occur before the items are shipped for exports supporting particular projects
www.dlexports.com 29
Need to establish a policy for hits
• Need enough information to clear hits – what agency, what are the requirements
• Determine if it is a false hit• Contact government agency or
get certification from the person
• Keep records of hits
www.dlexports.com 30
RESPONSIBILITY #3High Risk Profile
• We need to ensure that we recognize any unusual circumstances or “Red Flags”
• Each employee is responsible for taking appropriate actions if a transaction seems suspicious
• Report any unusual activity throughout sales and to the
Export Compliance Manager
WHEN IN DOUBT, CHECK IT OUT!
www.dlexports.com 31
RESPONSIBILITY #4Country EmbargoesDO NOT SHIP TO THESE COUNTRIES WITHOUT A
LICENSE!• The following countries are under General
Embargo:Cuba Iran North Korea Sudan Syria
• The following countries are highly-controlled:
Iraq Libya
There are many denied parties in these countries: Banks, Entities (Companies) and Individuals
www.dlexports.com
OTHER COUNTRIES OF CONCERN
Country Groups D
• Military & Terrorist
Rwanda Angola Libya
• Countries of Concern
China Taiwan India Pakistan Middle East Former Soviet Bloc
www.dlexports.com 33
RESPONSIBILITY #5 ANTIBOYCOTT LAWS
• US companies and their subsidiaries may not participate in the Boycott of Israel
• Watch for any statements that include:- you must “comply with Arab League Boycott of Israel”, or- request for certification that Goods are “not of Israeli Origin”
• Must report all such statements to DOC
www.dlexports.com 34
RESPONSIBILITY #6 RECORD KEEPING
• We must keep records for 5 years• Transaction Records include:
– Purchase Orders– Quotes– Commercial Invoices– Bills of Lading & Air Waybills– AES records– Banking documents & letters of credit– Export checklists– Screening results– Correspondence and contracts
Comm Invoice
www.dlexports.com 35
Compliance Records• Acknowledgment of the Compliance
policy• Notices in contracts with resellers
and websites• Training records• Audit Records• Export licenses and classifications• Encryption reports
www.dlexports.com 36
OUR INSURANCE POLICY
• Apply Due Diligence• Know your customer• Follow the system for approving exports• Contact the Export Compliance Manager
with ANY QUESTIONS!
www.dlexports.com
DEVELOP
COMPLIANCE PROCEDURES
• The entire organization must implement procedures
• Export Compliance Manager acts as a focal point
NO WHITE KNIGHTS
www.dlexports.com 38
TRAINING OF RELATED PERSONNEL
• Export Coordinator & back-up - annual external sessions
• Upper management• Related employees - In-
house annually• New employee training• Specific training for
each department
www.dlexports.com 39
Training and Audits are a must!
– Per the govt – audit, audit , audit!
– Is there a schedule?– Records?– Internal or External– Copies of hand-outs?– Using the latest technology?