Steve Tribble FLIR Systems

Jahna Hartwig Williams Mullen

Agenda

Compliance Procedures

Investigations

Criteria for Filing Determination

Structure of Voluntary Disclosure

Post-Disclosure Actions

UTC Consent Agreement

Compliance Procedures Collecting and Reporting Issues Channels for employees to report suspected violations

(e.g., anonymous hotlines, sanitized email addresses, dedicated reporting websites, etc.)

Policy against retaliation for reporting

Procedures for stopping ongoing suspected violations and implementing any urgent mitigating actions

Procedures for conducting a thorough investigation of the suspected violations. Broad enough to reveal related or similar violations with

other shipments, product lines, business units, or geographic areas.

Compliance Procedures (cont’d) Established responsibility for decision making

regarding voluntary disclosure submissions

Criteria to consider when assessing the need to file a voluntary disclosure

Established responsibility for preparing and approving the filing

Procedures for providing notice to other government authorities when required or appropriate, (e.g., government sponsor, DSS, etc.).

What is An Internal Investigation? Company Decision – Not Directed

Fact-Finding Activity

The Five “W’s”

Did a Violation of Law or Company Policy Occur

Must be Perceived as Thorough and Independent

An Extension of the Company’s Compliance Program

Regular Internal Audits

Best if an Established Process

Structuring An Internal Investigation - Scope Specific Event Occurred

What Were the Circumstances?

What is Known About the Issue?

What Was Cause of the Issue?

Criminal Allegations Involved?

Is This a Pre-cursor to a Voluntary Disclosure?

Regular Compliance Audit

Established Process

Introductory or Advanced Audit

In-House or External In-House Pros and Cons

Better Understanding of Company’s Business and Processes and Will Know the Various Players

May Not Be Objective

May Not Be Experienced in ITAR

External Counsel or Consultant

Impartial and Credible

Specific ITAR Experience

Established Relationship and Experience with DDTC to Help Navigate the “Mine Field”

Investigation - Data Collection Determine Type of Issue – Logistics, Technical Data,

Foreign National Access, Use of Authorizations

Unique Documentation Associated with the Issue

Must Collect Complete Documentation Set

More is better than Less

Include referenced documents – drawings, specs, contracts

Emails Are Significant Source of Information

Open emails are subject to discovery

Attorney-Client privilege is not guaranteed but should be invoked

Criteria for Filing Disclosure National security implications

Legal obligation (e.g., 126.1 countries)

Contractual obligation to disclose to business partners

Anticipated activities that may be related to prior violations (e.g., future licenses for same party, ongoing service obligations)

Whether violations were systemic or a less significant “one time” mistake

Whether violations were egregious or non-egregious

Potential reputational damage, especially if the disclosure will or could be made public

Criteria for Filing Disclosure Potential fines with or without disclosure

Risk of nonmonetary penalties, e.g., loss of export licenses or export privileges, debarment from government contracting, placing on watch lists, etc.

Risk of detection by government if not disclosed, including as a result of whistleblowers

Period of time when illegal activities occurred

How recent the activity was, and whether there is an applicable statute of limitations

Previous disclosures or enforcement activity

Relationship with government regulators

Structure of Voluntary Disclosure: Timing Initial filing “immediately” after discovery

Must be filed before USG has knowledge from another source

Final filing within 60 days after “thorough review”

Structure of Voluntary Disclosure: Elements Nature and Exact Circumstances of the Violation

Persons Involved in the Violation

Names, addresses, and contact information for all parties.

Relevant ITAR Authorizations

Relevant Products, Data and Services

Corrective Actions

Determine cause of the violation and design appropriate remedial actions

Enhance compliance procedures if necessary

May include disciplinary action for responsible employees

Structure of Voluntary Disclosure: Elements Mitigating Factors

Whether the violation was intentional or inadvertent

Familiarity with laws and regulations

Past violations

Whether the violations are systemic

Existence of compliance measures, including training, that were in place to prevent such violations

Documentation

Copies of licenses, shipping documents and other relevant documents

Do’s and Don’ts of Voluntary Disclosure Do:

Ensure that the filing is complete and accurate

Accept responsibility

Explain mitigating factors

Fully implement corrective actions

Don’t:

Conduct a sloppy or hurried investigation

File a Voluntary Disclosure if disclosure is Mandatory

Be defensive or argumentative in your filing

Try to hide bad facts

Ignore filing deadlines

Post-Disclosure Actions

Implement Corrective Actions

Assign responsibility and due dates

Take appropriate disciplinary actions against responsible persons, including those who failed to detect or report the violations

Periodically assess remedial actions to confirm implementation

If requested, report status of corrective actions to DDTC

United Technologies Consent Agreement Key Violations— #1

Unauthorized exports and re-exports due to failure to establish jurisdiction of defense articles, defense services and technical data

Engine parts and technology exported from Canadian subsidiary to PRC

Had US modified software (“ITAR taint”)

Was for a PRC military aircraft

Defense services to Venezuela (using NLR parts)

United Technologies Key Violations— #2

Unauthorized exports resulting from failure to exercise internal controls over technical data

Foreign persons co-located in US facilities with access to ITAR technology

US employee laptop with ITAR data left the laptop in the PRC when he departed

United Technologies

Key Violations— #3 and 4

Failure to properly manage TAA’s and MLA’s

Poor Internal process for evaluating and addressing violations and for reporting them timely

“Waiver process”

United Technologies “Systemic, corporate wide failure to maintain effective ITAR controls and require immediate, comprehensive, effective remedial action across [UTC’s] many operating units and subsidiaries”

576 charges of unauthorized export and transfer of defense articles and technical data, and unauthorized provision of defense services, including proscribed destinations

United Technologies

$55M to the State Department ($7M immediately and $7M annually on each anniversary of the order + $20M assessed for remedial compliance measures internally will be suspended if met)

$20M to the Department of Justice, which could be suspended if applied to compliance remediation

Summary to be emailed to Sales Meeting Attendees

Contact Information

Steve Tribble, FLIR Systems, Inc.

Tel: 503-498-3301 Email: steve.tribble@flir.com

Jahna Hartwig, Williams Mullen

Tel: 202-293-8145 Email: jhartwig@williamsmullen.com