itar boot camp
Post on 19-Oct-2014
674 views
DESCRIPTION
American Conference Institute’s acclaimed ITAR Boot Camp is an in-depth, practical nuts and bolts course on how to comply with the ITAR.TRANSCRIPT
Steve Tribble FLIR Systems
Jahna Hartwig Williams Mullen
Agenda
Compliance Procedures
Investigations
Criteria for Filing Determination
Structure of Voluntary Disclosure
Post-Disclosure Actions
UTC Consent Agreement
Compliance Procedures Collecting and Reporting Issues Channels for employees to report suspected violations
(e.g., anonymous hotlines, sanitized email addresses, dedicated reporting websites, etc.)
Policy against retaliation for reporting
Procedures for stopping ongoing suspected violations and implementing any urgent mitigating actions
Procedures for conducting a thorough investigation of the suspected violations. Broad enough to reveal related or similar violations with
other shipments, product lines, business units, or geographic areas.
Compliance Procedures (cont’d) Established responsibility for decision making
regarding voluntary disclosure submissions
Criteria to consider when assessing the need to file a voluntary disclosure
Established responsibility for preparing and approving the filing
Procedures for providing notice to other government authorities when required or appropriate, (e.g., government sponsor, DSS, etc.).
What is An Internal Investigation? Company Decision – Not Directed
Fact-Finding Activity
The Five “W’s”
Did a Violation of Law or Company Policy Occur
Must be Perceived as Thorough and Independent
An Extension of the Company’s Compliance Program
Regular Internal Audits
Best if an Established Process
Structuring An Internal Investigation - Scope Specific Event Occurred
What Were the Circumstances?
What is Known About the Issue?
What Was Cause of the Issue?
Criminal Allegations Involved?
Is This a Pre-cursor to a Voluntary Disclosure?
Regular Compliance Audit
Established Process
Introductory or Advanced Audit
In-House or External In-House Pros and Cons
Better Understanding of Company’s Business and Processes and Will Know the Various Players
May Not Be Objective
May Not Be Experienced in ITAR
External Counsel or Consultant
Impartial and Credible
Specific ITAR Experience
Established Relationship and Experience with DDTC to Help Navigate the “Mine Field”
Investigation - Data Collection Determine Type of Issue – Logistics, Technical Data,
Foreign National Access, Use of Authorizations
Unique Documentation Associated with the Issue
Must Collect Complete Documentation Set
More is better than Less
Include referenced documents – drawings, specs, contracts
Emails Are Significant Source of Information
Open emails are subject to discovery
Attorney-Client privilege is not guaranteed but should be invoked
Criteria for Filing Disclosure National security implications
Legal obligation (e.g., 126.1 countries)
Contractual obligation to disclose to business partners
Anticipated activities that may be related to prior violations (e.g., future licenses for same party, ongoing service obligations)
Whether violations were systemic or a less significant “one time” mistake
Whether violations were egregious or non-egregious
Potential reputational damage, especially if the disclosure will or could be made public
Criteria for Filing Disclosure Potential fines with or without disclosure
Risk of nonmonetary penalties, e.g., loss of export licenses or export privileges, debarment from government contracting, placing on watch lists, etc.
Risk of detection by government if not disclosed, including as a result of whistleblowers
Period of time when illegal activities occurred
How recent the activity was, and whether there is an applicable statute of limitations
Previous disclosures or enforcement activity
Relationship with government regulators
Structure of Voluntary Disclosure: Timing Initial filing “immediately” after discovery
Must be filed before USG has knowledge from another source
Final filing within 60 days after “thorough review”
Structure of Voluntary Disclosure: Elements Nature and Exact Circumstances of the Violation
Persons Involved in the Violation
Names, addresses, and contact information for all parties.
Relevant ITAR Authorizations
Relevant Products, Data and Services
Corrective Actions
Determine cause of the violation and design appropriate remedial actions
Enhance compliance procedures if necessary
May include disciplinary action for responsible employees
Structure of Voluntary Disclosure: Elements Mitigating Factors
Whether the violation was intentional or inadvertent
Familiarity with laws and regulations
Past violations
Whether the violations are systemic
Existence of compliance measures, including training, that were in place to prevent such violations
Documentation
Copies of licenses, shipping documents and other relevant documents
Do’s and Don’ts of Voluntary Disclosure Do:
Ensure that the filing is complete and accurate
Accept responsibility
Explain mitigating factors
Fully implement corrective actions
Don’t:
Conduct a sloppy or hurried investigation
File a Voluntary Disclosure if disclosure is Mandatory
Be defensive or argumentative in your filing
Try to hide bad facts
Ignore filing deadlines
Post-Disclosure Actions
Implement Corrective Actions
Assign responsibility and due dates
Take appropriate disciplinary actions against responsible persons, including those who failed to detect or report the violations
Periodically assess remedial actions to confirm implementation
If requested, report status of corrective actions to DDTC
United Technologies Consent Agreement Key Violations— #1
Unauthorized exports and re-exports due to failure to establish jurisdiction of defense articles, defense services and technical data
Engine parts and technology exported from Canadian subsidiary to PRC
Had US modified software (“ITAR taint”)
Was for a PRC military aircraft
Defense services to Venezuela (using NLR parts)
United Technologies Key Violations— #2
Unauthorized exports resulting from failure to exercise internal controls over technical data
Foreign persons co-located in US facilities with access to ITAR technology
US employee laptop with ITAR data left the laptop in the PRC when he departed
United Technologies
Key Violations— #3 and 4
Failure to properly manage TAA’s and MLA’s
Poor Internal process for evaluating and addressing violations and for reporting them timely
“Waiver process”
United Technologies “Systemic, corporate wide failure to maintain effective ITAR controls and require immediate, comprehensive, effective remedial action across [UTC’s] many operating units and subsidiaries”
576 charges of unauthorized export and transfer of defense articles and technical data, and unauthorized provision of defense services, including proscribed destinations
United Technologies
$55M to the State Department ($7M immediately and $7M annually on each anniversary of the order + $20M assessed for remedial compliance measures internally will be suspended if met)
$20M to the Department of Justice, which could be suspended if applied to compliance remediation
Summary to be emailed to Sales Meeting Attendees
Contact Information
Steve Tribble, FLIR Systems, Inc.
Tel: 503-498-3301 Email: [email protected]
Jahna Hartwig, Williams Mullen
Tel: 202-293-8145 Email: [email protected]