Whether your business is involved in export or import trade, there are specific regulations with which you must comply. Failure to comply with those regulations can result in fines, restrictions in your ability to export your products and even prison sentences for your company’s officers and responsible parties. Even small companies that operate internationally should have formal policies and procedures to ensure that trade compliance goals are met.
A high quality compliance program should match business procedures and make clear how compliance measures are incorporated into export transaction processing and ongoing business activities. Whether you are a start-up business or a Fortune 500 company, it’s possible to have a program customized for you. The benefits are strong, such as instilling best demonstrated practices from a client professional’s expertise, along with demonstrating commitment to customers and suppliers.
Export Management and Compliance
The U.S. Department of State, Department of Commerce and Department of Treasury strongly recommend developing an export compliance program in order to ensure your compliance with U.S. export laws and regulations. In fact, Supplement No. 1 to Part 766 of the EAR provides for “Great Weight” mitigation in enforcement proceedings where a party has an effective export compliance program and its overall export compliance efforts have been of high quality.
Export Control Compliance Manual
Developing a comprehensive export / ITAR compliance program manual can be an intricate and time consuming task. A high quality program should do more than simply capture a company’s compliance policies. It should correspond to business processes and explain how compliance measures are built into export transaction processing and daily business activities.
Compliance Assurance can help you to develop and maintain industry best demonstrated practices. We’ve developed Export Management and Compliance Programs (EMCP) at organizations ranging from small start-ups to Fortune 500 companies and we are confident that our expertise can help you to quickly and efficiently implement your export / ITAR compliance program.
- Great Weight mitigation of fines and penalties in an enforcement action
- Best demonstrated practices from compliance professional’s expertise
- Demonstrate commitment to compliance to customers and suppliers
- Fast turnaround – have a program manual next month not next year
Technology Control Plan (TCP)
Companies dealing with EAR or ITAR-controlled technical data need an effective Technology Control Plan (TCP) to prevent the unauthorized transfer of technical data to foreign persons in the U.S. or abroad. In fact, DDTC guidelines specify that if a foreign person has access—not actual transfer—to ITAR-controlled defense articles and/or technical data without DDTC authorization, that is a violation and must be reported as a voluntary disclosure in accordance with 22 CFR 127.12.
Today nearly all organizations are global with supply chains, operations, data centers, employees, markets and students spanning the globe. Now consider the fact that information and email are moving at lightning speed, combined with the increased use of cloud computing solutions, and there exists a higher likelihood that export-controlled technical data may end up in the wrong hands. An effective Technology Control Plan provides policies, procedures and IT controls to prevent the transfer of controlled technical data to foreign persons without a Department of State or Department of Commerce license or other required authorization.
Compliance Assurance can evaluate your current level of technical data control and develop a TCP to effectively manage the physical, logical (computer systems) and personnel policies and procedures necessary to ensure that unauthorized transfer does not occur. Having worked in tech-heavy industries, we understand how technology organizations function and can help you develop a TCP with minimal impact on your business operations.
Call us today to find out if your organization requires a Technology Control Plan or if your existing plan meets NISPOM guidelines.