usdoc, bis, empc - compliance plan templates (word...

© Prepared by Prep4Audit, LLCVersion 2: 2015

www.prep4audit.com

U.S. DEPARTMENT OF COMMERCEBUREAU OF INDUSTRY & SECURITY, OFFICE OF EXPORTER SERVICES, EXPORT MANAGEMENT & COMPLIANCE DIVISION

Audit Module: Self-Assessment Tool

Export Management and Compliance Program (“EMPC”)Released March, 2006

BIS: Export Management and Compliance Program (“EMPC”)

Our Acknowledgement of the Rights of Others and Our Disclaimers

With the exception of governmental providers of guidelines, check-lists and standards, most providers have some copyright specifications on their guidelines, check-lists and/or standards.

The form sets we provide do not contain any content of a guidelines, check-lists and standards except for the requirements themselves. In other words the full content of any specific guidelines, check-lists and/or standards is not reproduced. It should be noted that a significant number of requirements that address any particular issue (e.g. the use of seals, perimeter security, facility cleanliness, data security) are contained within a variety of guidelines, check-lists and/or standards and are worded in similar (or exact) manners. Any purchaser of our forms should review the statements of the provider. If an organization has already purchased a particular standard, as we have, then that organization already has the right to use the requirement statements, if such right is in fact required.

We have: 1) reformatted and/or reworded certain requirements for purposes of clarity; and, 2) separated multiple requirements as stated within a single paragraph and/or multiple requirements as stated within a single sentence into single statement requirements that allow for operational responses. We have made every effort to properly restate requirements and avoid typographical and grammatical errors. You must assume responsibility to ensure your responses are responsive to the intent of the original statements.

We are not affiliated with any provider of any guideline, check-list or standard or with any certified body licensed to audit the guideline, check-list or standard. We are not, nor will we become, licensed to perform audits. We receive no fees of any sort from any provider, seller, auditor, or any other party related to the sale of our forms.

Terms of Sale You Accept and Will Honor

Your Usage Rights: We offer our forms in editable Word and Excel formats, not in secured PDF format. We sell you a license to make an unlimited number of copies of our forms for use only in your business unit.

Any recognized industry standard requires you to modify its requirement to reflect your business model. You need to add requirements, delete requirements, and modify requirements. The way we sell our forms allow you to do that.

Your organization is responsible, to various degrees, for the compliance of your entire supply chain to specific requirements. To reflect this responsibility you may want to enforce the importance of this responsibility by incorporating your company’s image (e.g. add your logo, change colors, font, headers and footers). The way we sell our forms allow you to do that.

Your Responsibilities: You agree to use the forms only within your organization and only at your specific site. You agree not resell the documents or spreadsheets. You agree that if your subsidiaries, divisions, sites of your organization desire to utilize the documents or spreadsheets they are required to purchase their own sets. You agree that if your business partners desire to utilize the documents or spreadsheets, they are required to purchase their own sets.

Are We Really All That Trusting? Actually, “Yes”. The supply chain professionals we have ever met honor terms of sale. Unfortunately, there are always the bad guys. So, we have inserted specific words, phrases, or punctuation that do not alter the meaning of a requirement but will uniquely identify our copyrighted work. We will enforce our copyrights.

1 U.S. DEPARTMENT OF COMMERCE © Restatement and Document Preparation by Prep4Audit, LLC



U.S. DEPARTMENT OF COMMERCEBUREAU OF INDUSTRY & SECURITY, OFFICE OF EXPORTER SERVICES, EXPORT MANAGEMENT & COMPLIANCE DIVISION

Audit Module: Self-Assessment Tool

Export Management and Compliance Program (“EMPC”)Released March, 2006


Export Management and Compliance Program (“EMPC”)

1.0.0 EXPORT MANAGEMENT & COMPLIANCE PROGRAM..................................................................4

1.1.0 INTRODUCTION.................................................................................................................................41.2.0 METHODOLOGY................................................................................................................................4

2.0.0 PRE- AND POST-AUDIT CHECKLISTS............................................................................................5

2.1.0 PRE-AUDIT CHECKLIST........................................................................................................................52.2.0 POST-AUDIT CHECKLIST......................................................................................................................5

3.0.0 ELEMENT 1: MANAGEMENT COMMITMENT...............................................................................6

3.1.0 MANAGEMENT COMMITMENT.............................................................................................................6

4.0.0 ELEMENTS 2 AND 5: RISK ASSESSMENT & CRADLE-TO-GRAVE EXPORT COMPLIANCE SECURITY AND SCREENING.................................................................................................................................. 10

4.1.0 PROCESSES AND PROCEDURES...........................................................................................................104.2.0 DENIED PERSONS LIST (“DPL”) SELECT COMMENT...............................................................................134.3.0 DIVERSION RISK PROFILE (DRP)........................................................................................................154.4.0 PROHIBITED NUCLEAR END-USES/USERS SELECT COMMENT...................................................................154.5.0 PROHIBITED MISSILE END-USES/USERS...............................................................................................174.6.0 PROHIBITED CHEMICAL AND BIOLOGICAL WEAPONS (CBW)...................................................................184.7.0 ANTIBOYCOTT COMPLIANCE RED FLAGS..............................................................................................194.8.0 ENTITY LIST....................................................................................................................................19

5.0.0 ELEMENT 3: A FORMAL WRITTEN EMCP...................................................................................20

5.1.0 WRITTEN EMCP.............................................................................................................................20

6.0.0 ELEMENT 4: TRAINING............................................................................................................. 22

6.1.0 EMPT TRAINING............................................................................................................................22

7.0.0 ELEMENT 6: RECORDKEEPING..................................................................................................25

7.1.0 EMPC RECORDKEEPING...................................................................................................................25

8.0.0 ELEMENT 7: EMPC AUDITS AND ASSESSMENTS........................................................................29

8.1.0 AUDIT AND ASSESSMENT..................................................................................................................29

9.0.0 ELEMENTS 8 AND 9: REPORTING, ESCALATION, AND CORRECTIVE ACTIONS.............................32

9.1.0 EMPC REPORTING, ESCALATION, AND CORRECTIVE ACTION...................................................................32




1.0.0 EXPORT MANAGEMENT & COMPLIANCE PROGRAM1.1.0 Introduction

1.1.1 This self-assessment tool is created for exporters to aid in the development of an Export Management and Compliance Program (“EMPC”).

1.1.2 It may be used to create a new program or to assess whether internal controls have been implemented within an existing program with the purpose of eliminating common vulnerabilities found in export compliance programs.

1.1.3 Each company has unique export activities and export programs; therefore, this is an example to build upon and does not include all export administration regulations, restrictions, and, prohibitions.

1.1.4 This tool is a combination of best compliance practices implemented by U.S. companies, auditing practices, and Export Administration Regulations requirements.

1.2.0 Methodology

1.2.1 An effective EMCP consists of many processes that connect and intersect.

1.2.2 The connections and intersections must be planned, and then, clear directions must be given to those who are to follow the rules of the program.

1.2.3 Without maps (instructions), chances are that personnel will all go in their own directions, leaving them vulnerable to getting lost on the way and chancing that key connections are missed, resulting in violations of the intended rules of the program.

1.2.4 To use this self-assessment, first look to see if your program includes written instructions that create the connections and intersections needed to maintain compliance.



2.0.0 Pre- and Post-Audit Checklists2.1.0 Pre-Audit Checklist

2.1.1 Identify business units and personnel to be audited.

2.1.2 Send e-mail notification to affected parties.

2.1.3 Develop a tracking log for document requests.

2.1.4 Prepare audit templates such as interview questions, transactional review checklist, audit report format, etc.

2.1.5 Each business unit should provide their written procedures related to export compliance before the audit.

2.1.6 Personnel at all levels of the organization, management and staff, should be interviewed to compare written procedures with actual business practices.

2.1.7 Identify gaps and inconsistencies.

2.2.0 Post-Audit Checklist

2.2.1 Write draft audit report in the format of: Executive Summary [Purpose, Methodology, Key Findings]; Findings and Recommendations [Organize in Priority Order]; and, Appendices [Interview List, Document List, Process Charts]

2.2.2 Conduct post-audit briefing for affected business units to discuss audit findings and recommendations.

2.2.3 Provide draft report. This is an opportunity for business units to address inaccuracies in report.

2.2.4 Obtain commitment from business units for corrective action. Include in audit report.

2.2.5 Brief executive management on audit findings and recommendations.

2.2.6 Track corrective actions.

2.2.7 Within the year, audit corrective actions.



3.0.0 ELEMENT 1: Management Commitment3.1.0 Management Commitment

3.1.1 Management's commitment is communicated on an ongoing basis by the use of Company publications.

3.1.2 Management's commitment is communicated on an ongoing basis by the use of Company awareness posters.

3.1.3 Management's commitment is communicated on an ongoing basis by Daily operating procedures.

3.1.4 Management's commitment is communicated on an ongoing basis by other mean (e.g., bulletin boards, in meetings, etc.).

3.1.5 Management issues a formal Management Commitment Statement (“Statement”) that communicates clear commitment to export controls.

3.1.6 The Statement is distributed to all employees and contractors.

3.1.7 The person responsible for distribution of the Statement has been identified.

3.1.8 There is a distribution list of those who should receive the Statement.

3.1.9 The method of communication used includes letter, email, intranet, and other methods as appropriate.

3.1.10 The distribution of the Statement includes employees signed receipts and personal commitment to comply.

3.1.11 The Statement from current senior management is communicated in a manner consistent with management priority correspondence.

3.1.12 The Statement explains why corporate commitment is important from the Company’s perspective.

3.1.13 The Statement contains a policy statement that no sales will be made contrary to Export Administration Regulations.

3.1.14 The Statement conveys the dual-use risk of the items to be exported.



3.1.15 The Statement emphasizes End- Use/End-User prohibitions.

3.1.16 The Statement specifically emphasizes End- Use/End-User prohibition concerns against the proliferation of Nuclear.

3.1.17 The Statement specifically emphasizes End- Use/End-User prohibition concerns against the proliferation of Missile Systems and Unmanned Air Vehicles.

3.1.18 The Statement specifically emphasizes End- Use/End-User prohibition concerns against the proliferation of Chemical and Biological Weapons.

3.1.19 The Statement contains a description of penalties applied in instances of compliance failure as imposed by the Department of Commerce.

3.1.20 The Statement contains a description of penalties applied in instances of compliance failure as imposed by the Company.

3.1.21 The Statement includes the name, position, and contact information, such as: e- mail address & telephone number of the person(s) to contact with questions concerning the legitimacy of a transaction or possible violations.

3.1.22 The Statement includes what management records will be maintained to verify compliance with procedures and processes (including the Statement).

3.1.23 The Statement includes the person(s) responsible for keeping each of the management records.

3.1.24 The Statement includes how long the records must be retained.

3.1.25 The Statement includes where records will be maintained.

3.1.26 The Statement includes in what format the records be retained.

3.1.27 Adequate resources (e.g. time, money, people) are dedicated to the implementation and maintenance of the EMCP.



3.1.28 Management is directly involved through regularly scheduled meetings with various units responsible for roles within the EMCP.

3.1.29 Management is involved in the auditing process.

3.1.30 Management has implemented a team of EMCP managers who meet frequently to review challenges, procedures and processes and who serve as the connection to the employees who perform the EMCP responsibilities.

3.1.31 The Statement describes where employees can locate the EMCP Manual (on the company intranet or specific person, and location of hard copies).

3.1.32 There are written procedures to ensure consistent, operational implementation of the Management Commitment Element.

3.1.33 A person has been designated to update the Management Commitment Element, including the Management Commitment Statement, when management changes, or at least annually.

3.1.34 The name of the person designated to update the Management Commitment Element has been recorded.

3.1.35 Other employees who are held accountable for specific responsibilities under this Element have been designated.

3.1.36 Specifically, the Company Official charged with EMCP oversight and ongoing commitment to the program has been designated.

3.1.37 Specifically, Management Team Members who are responsible for connecting with all responsible employees in the EMCP have been designated.

3.1.38 Specifically, Persons charged with ensuring the EMCP is functioning as directed by management have been designated.

3.1.39 A secondary person has been designated to back up the primary designee if the primary responsible person is unable to perform the responsibilities.



3.1.40 If a secondary person is not designated or is unable to back up the primary designee, a procedure is in place to eliminate vulnerabilities of an untrained person proceeding with tasks that might lead to violations of the Export Administration Regulations (“EAR”).

3.1.41 Responsible persons understand the interconnection of their roles with other EMCP processes and where they fit in the overall export compliance system.

3.1.42 The message of management commitment is conveyed in employee training through Orientation programs.

3.1.43 The message of management commitment is conveyed in employee training through Refresher training.

3.1.44 The message of management commitment conveyed in employee training through Electronic training modules.

3.1.45 The message of management commitment is conveyed in employee training through Employee procedures manuals.

3.1.46 The message of management commitment is conveyed in employee training through other means as appropriate.

3.1.47 Management is involved in EMCP training to emphasize management commitment to the program.



4.0.0 ELEMENTS 2 and 5: Risk Assessment & Cradle-to-Grave Export Compliance Security and Screening

4.1.0 Processes and Procedures

4.1.1 There are written procedures for ensuring compliance with product and country export restrictions.

4.1.2 Procedures include re-export guidelines or any special instructions.

4.1.3 A written procedure describes how items are classified under Export Control Classification Numbers (“ECCNs”) on the CCL.

4.1.4 A technical expert within the Company classifies the items under ECCNs on the Commerce Control List (“CCL”).

4.1.5 If the Company does not manufacture the item, the manufacturer of the item classifies it under ECCNs on the Commerce Control List (“CCL”.

4.1.6 There is a written procedure that describes when a classification will be submitted to BIS and who is responsible for submitting the classification.

4.1.7 There is a written procedure that describes the process for seeking commodity jurisdiction determinations.

4.1.8 An individual has been designated to ensure that product/country license determination guidance is current and updated.

4.1.9 A distribution procedure has been implemented to ensure all appropriate users receive the guidance and instructions for use.

4.1.10 A list has been established that indicates the name of the persons responsible for using the guidance.

4.1.11 A Matrix or Decision Table for product/country license determinations is used.

4.1.12 The instructions provided for using the Matrix or Decision Table are easily understood and applied.

4.1.13 The instructions provided specify who, when, where, and how to check each shipment against the matrix.



4.1.14 The matrix/table displays ECCNs and product descriptions.

4.1.15 The matrix/table displays appropriate shipping authorizations, License Required, License Exception (specifies which), or NLR.

4.1.16 The matrix communicates License Exception parameters/restrictions.

4.1.17 License conditions and restrictions are included within the matrix/table.

4.1.18 The matrix/table cross references items to be exported with license exceptions normally available (based on item description and end destination).

4.1.19 The matrix/table clearly defines which license exceptions are normally available for each item (also clearly states which license exceptions may not be used due to General Prohibitions).

4.1.20 Embargoed destinations are displayed.

4.1.21 Country information in the table is up-to-date.

4.1.22 Item restrictions (i.e., technical parameter limitations, end-user limitations) are displayed.

4.1.23 The matrix is automated.

4.1.24 A person has been designated for updating the tool.

4.1.25 Reporting prompts are built into the matrix/table.

4.1.26 Wassenaar reports are required.

4.1.27 The matrix/table denotes when Wassenaar reports are required.

4.1.28 The matrix denoting when Wassenaar reports are required is manually implemented.

4.1.29 A person has been designated to update the tool.

4.1.30 There a “hold” function to prevent shipments from being further processed, if needed.



4.1.31 There is a procedure to distribute and verify receipt of license conditions.

4.1.32 A person has been designated to distribute and follow-up with acknowledgment verification.

4.1.33 There is a response deadline defined when conditions are distributed.

4.1.34 Written procedures ensure that checks and safeguards are in place within the internal process flows, and there are assigned personnel responsible for all checks.

4.1.35 The order process and all linking internal flows are displayed visually in a series of flow charts.

4.1.36 A narrative describes the total flow process.

4.1.38 The internal process contains a check for pre-order entry screen checks (i.e., know your customer red flags).

4.1.39 The internal process contains a check for Denied Persons.

4.1.40 The internal process contains a check for Entity List.

4.1.41 The internal process contains a check for Unverified List.

4.1.42 The internal process contains a check for Specially Designated Nationals List.

4.1.43 The internal process contains a check for Boycott language.

4.1.44 The internal process contains a check for Nuclear End-Uses.

4.1.45 Does the internal process contains a check for Missile Systems and Unmanned air Vehicles End-Uses.

4.1.46 The internal process contains a check for Chemical and Biological Weapons End-Uses.

4.1.47 The internal process contains a check for Product/Country Licensing Determination.



4.1.48 The internal process contains a check for Diversion Risk Check.

4.1.49 The order process and other linking processes includes a description of administrative document control over Shipper’s Export Declarations (SED)/AES Records.

4.1.50 The order process and other linking processes include a description of administrative document control over Shipper’s Letter of Instruction (SLI).

4.1.51 The order process and other linking processes include a description of administrative document control over Airway bills (AWB) and/or Bills of Lading and Invoices.

4.1.52 The procedure explains the order process and other linking processes from receipt of order to actual shipment.

4.1.53 The procedure includes who is responsible for each screen/check throughout the flow.

4.1.54 The procedure describes when, how often, and what screening is performed.

4.1.55 Hold/cancel functions are implemented.

4.1.56 The procedure clearly indicates who has the authority to make classification decisions.

4.1.57 Supervisory or EMCP Administrator sign-off procedures are implemented at high risk points.

4.1.58 The Company has an on-going procedure for monitoring compliance of consignees, end-users and other parties involved in export transactions.

4.2.0 Denied Persons List (“DPL”) Select Comment

4.2.1 There is a written procedure to ensure screening of orders/shipments to customers covering servicing, training, and sales of items against the DPL.

4.2.2 Personnel/positions have been identified who are responsible for DPL screening (consider domestic and international designee).



4.2.3 There is a procedure to stop orders if a customer and/or other parties are found on the DPL.

4.2.4 There is a procedure to report all names of customers and/or other parties found on the DPL.

4.2.5 The procedures include a process for what is used to perform the screening, and if distribution of hard copies is required, who is responsible for their update and distribution.

4.2.6 The DPL is checked against the customer-base.

4.2.7 The DPL is checked against the customer base, and both the customer name and principal are checked.

4.2.8 The DPL is checked against the customer base and there a method for keeping the customer-base current.

4.2.9 The DPL is checked against the customer base and there is a method for screening new customers.

4.2.10 The DPL is checked on a transaction-by-transaction basis.

4.2.11 The DPL is checked on a transaction-by-transaction basis and the names of the ordering party’s firm and principal are checked.

4.2.12 The DPL is checked on a transaction-by-transaction basis and the end-user’s identity is available.

4.2.13 If the DPL is checked on a transaction-by-transaction basis and if the end-user’s identity is available, the DPL check is done on the end-user.

4.2.14 The DPL is checked on a transaction-by-transaction basis and the check is performed at the time an order is accepted and/or received.

4.2.15 The DPL is checked on a transaction-by-transaction basis and the check performed at the time of shipment.

4.2.16 The DPL is checked on a transaction-by-transaction basis and the check is performed against backlog orders when a new or updated DPL is published.



4.2.17 The documentation of screen (whether hard copy or electronic signature) includes the names of individuals performing the checks.

4.2.18 Documentation of screen (whether hard copy or electronic signature) includes the dates screen-checks are performed.

4.2.19 Documentation of screen (whether hard copy or electronic signature) includes the date of current denied person’s information used to perform the check.

4.2.20 Documentation of screen (whether hard copy or electronic signature) includes the date of the DPL used to check the transaction documented and whether or not it is current.

4.2.21 Trade-related sanctions, embargoes, and debarments imposed by agencies other than the Department of Commerce are checked.

4.2.22 Specifically, trade-related sanctions, embargoes, and debarments imposed by Department of Treasury (Office of Foreign Assets Control) are checked for Designated Terrorists.

4.2.23 Specifically, trade-related sanctions, embargoes, and debarments imposed by Department of Treasury (Office of Foreign Assets Control) are checked for Designated Nationals and Foreign Terrorist Organizations.

4.2.24 Specifically, the trade-related sanctions, embargoes, and debarments imposed by the U.S. Department of State for Trade-related sanctions (Bureau of Politico-Military Affairs) checked.

4.2.25 Specifically, trade-related sanctions, embargoes, and debarments imposed by the U.S. Department of State for Suspensions & debarments (Center for Defense Trade, Office of Defense Trade Controls) are checked.

4.2.26 Domestic transactions are screened against the DPL.

4.3.0 Diversion Risk Profile (DRP)

4.3.1 Procedures to screen orders for diversion risk red flag indicators have been implemented.



4.3.2 A checklist is used based upon the red flag indicators.

4.3.3 A written screening procedure identifies the responsible individuals who perform the screen checks.

4.3.4 The DRP considered at all phases of the order processing system.

4.3.5 A transaction-based DRP is performed.

4.3.6 A customer-based DRP is performed.

4.3.7 A checklist is documented and maintained on file for each and every order.

4.3.8 A checklist is documented and maintained on file in the customer profile.

4.3.9 The customer base is checked at least annually against the red flag indicators or when a customer’s activities change.

4.3.10 Embargoed-destinations prohibitions are communicated on the product/country matrix and part of the red flag indicators.

4.3.11 Transactions are terminated if there is anything suspect regarding the legitimacy of a transaction that has or is about to occur.

4.4.0 Prohibited Nuclear End-Uses/Users Select Comment

4.4.1 There are written procedures for reviewing exports and reexports of all items subject to the EAR to determine, prior to exporting, whether they might be destined to be used directly or indirectly in any one or more of the prohibited nuclear activities.

4.4.2 Personnel/positions are identified who are responsible for ensuring screening of customers and their activities against the prohibited end-uses.

4.4.3 A procedure describes when the nuclear screen should be performed.

4.4.4 A nuclear screen is completed on a transaction-by-transaction basis.

4.4.5 A nuclear screen conducted against an established customer base.



4.4.6 There a procedure for screening each new customer before the new customer is added to the established customer base.

4.4.7 A nuclear screen is completed before a new customer is approved.

4.4.8 There a list of all employees responsible for performing nuclear screening.

4.4.9 The check includes documentation with the signature/initials of the person performing the check, and the date performed, to verify consistent operational performance of the check.

4.4.10 The customer base is checked at least annually in the Customer Profiles.

4.4.11 The customer base check is documented.

4.4.12 It is clear who is responsible for the annual check.

4.4.13 A procedure has been implemented to verify that all responsible employees are performing the screening.

4.4.14 Nuclear checklists (and/or other tools) are distributed to appropriate export-control personnel for easy, efficient performance of the review.

4.4.15 Export/sales personnel have been instructed on how to recognize situations that may involve prohibited nuclear end-use activities.

4.4.16 The procedure includes what to do if it is known that an item is destined to a nuclear end-use/user.

4.5.0 Prohibited Missile End-Uses/Users

4.5.1 Procedures have been implemented for reviewing exports and re-exports of all items subject to the EAR to determine, prior to exporting, whether the items are destined for a prohibited end-use.

4.5.2 Personnel/positions have been identified who are responsible for ensuring screening of customers and their activities against the prohibited end- users/users.

4.5.3 The procedure describes when the missile systems and unmanned air vehicles screen should be performed.



4.5.4 The procedure includes a check against the Entity List.

4.5.5 If checked against the Entity List, there is a procedure to maintain documented Entity List screen decisions on file to verify consistent operational review.

4.5.6 The missile screen is completed on a transaction-by-transaction basis.

4.5.7 The screen is conducted against an established customer base and there is a procedure for screening each new customer before the new customer is added to that customer base.

4.5.8 The missile screen is completed before the new customer is approved.



4.5.11 Information about the customer base check is documented.


4.5.13 There a list of all employees responsible for the annual check.

4.5.14 A procedure has been implemented to verify that all responsible employees are performing the screening.

4.5.15 Missile systems and unmanned air vehicles checklists (and/or other tools) are distributed to appropriate export-control personnel for easy, efficient performance of the review.

4.5.16 Export/sales personnel have been instructed on how to recognize prohibited missile systems and unmanned air vehicles end-use activities.

4.5.17 The procedure includes what to do if it is known that an item is destined to a prohibited end-use/user.

4.6.0 Prohibited Chemical and Biological Weapons (CBW)



4.6.1 There are written procedures for reviewing exports and reexports of all items subject to the EAR for license requirements, prior to exporting, if the item can be used in the design, development, production, stockpiling, or use of chemical or biological weapons.

4.6.2 Personnel/positions have been identified who are responsible for ensuring screening of customers and their activities against the prohibited end-use/users.

4.6.3 The procedure describes when the chemical & biological weapons screen should be performed.

4.6.4 The chemical & biological weapons screen is completed on a transaction-by-transaction basis.

4.6.5 If the screen is conducted against an established customer base there a procedure for screening each new customer before the new customer is added to that customer base.

4.6.6 The chemical & biological weapons screen is completed before the new customer is approved.



4.6.9 The customer-base check is documented at least annually in the Customer Profiles.


4.6.11 There a list of all employees responsible for performing chemical & biological weapons screening.

4.6.12 There is a procedure to verify that all responsible employees are performing the screening.

4.6.13 Chemical & biological weapons checklists (and/or other tools) are distributed to appropriate export-control personnel for easy, efficient performance of the review.



4.6.14 Export/sales personnel have been instructed on how to recognize prohibited chemical & biological weapons end-use activities.

4.6.15 The procedure includes what to do if it is known that an item is destined to a prohibited end-use/user.

4.7.0 Antiboycott Compliance Red Flags

4.7.1 There is a written procedure to screen transactions and orders/shipping documents for restrictive trade practice or boycott language included in Part 760 of the EAR.

4.7.2 Personnel/positions have been identified who are responsible for performing this screen.

4.7.3 The antiboycott screening is performed by using a profile check list.

4.7.4 The profile check list includes the firm’s name? (As “Consignee”)

4.7.5 The profile check list includes the name/initials of personnel performing the screen check.

4.7.6 The profile check list includes the date screen check is performed.

4.7.7 There a procedure to “hold” orders if there is a red flag during the processing of orders.

4.7.8 A person has been designated to resolve red flags or report them to the BIS Office of Antiboycott Compliance.

4.7.9 All units that might possibly come into contact with the red flags have been trained to identify the red flags.

4.7.10 Antiboycott red flags are included in training materials.

4.8.0 Entity List

4.8.1 There is a written procedure to screen transactions against the Entity List to determine whether there are any license requirements in addition to normal license requirements for exports or re-exports of specified items to specified end-users, based on BIS’ determination that



there is an unacceptable risk of use in, or diversion to, prohibited proliferation activities.

4.8.2 The written procedure to screen transactions against the Entity List includes the firm’s name.

4.8.3 The written procedure to screen transactions against the Entity List includes Names/initials of individuals performing the check.

4.8.4 The written procedure to screen transactions against the Entity List includes that date checks are performed.

4.8.5 The screen check is combined and performed with another check (e.g., Denied Persons List check).

4.8.6 The Federal Register is monitored daily for the addition of new entities to the Entity List.

4.8.7 If matches occur, there is a “hold” function implemented within the order processing system that stops the order until a decision is made as to license requirements.

5.0.0 ELEMENT 3: A Formal Written EMCP5.1.0 Written EMCP

5.1.1 There are written procedures that describe how information will flow among all the Elements to help ensure EMCP effectiveness and accountability.

5.1.2 The written EMCP is developed and maintained with input from all the corporate stakeholders in the export process.

5.1.3 Written procedures clearly describe detailed step-by-step processes that employees are expected to follow, and contingencies are addressed.

5.1.4 Written procedures are reviewed for update at least annually and when major changes occur.

5.1.5 The written and operational procedures are consistent.

5.1.6 An Administrator has been designated for oversight of the EMCP.



5.1.7 There is a table that identifies individuals, their positions, addresses, telephone numbers, e-mail addresses, and their respective export transaction and compliance responsibilities.

5.1.8 The table includes all domestic sites.

5.1.9 The table includes all international sites.

5.1.10 A person has been designated as responsible for management and maintenance of this Element.

5.1.11 A person has been assigned responsibility for distribution of information related to this Element.

5.1.12 A person has been assigned to retain the records.

5.1.13 The length of time the records are to be retained is included.

5.1.14 The location of where the records are to be retained is included.

5.1.15 The format of the records to be retained is included.

5.1.16 Secondary persons have been designated to back-up the primary designees in the event the primary responsible persons are unable to perform the assigned responsibilities.

5.1.17 Where there are no backup designees, there are procedures in place to prevent untrained/unauthorized personnel from taking action.

5.1.18 All EMCP tasks are clearly summarized in this Element and are consistent with detailed information in other corresponding Elements.

5.1.19 Each employee designated with tasks understands the importance of his/her role related to the overall export compliance system.

5.1.20 The responsible persons understand how the processes they are responsible for connect to the “next” process. (“...and then what happens next?”)

5.1.21 All appropriate personnel have the ability to hold a questionable transaction.



5.1.22 Systems necessary to allow employees to perform their tasks are readily available to them.

5.1.23 Training for understanding and use of the EMCP is provided on a regular basis to the necessary employees, and records of the training are kept.

5.1.24 Based on an organization chart and assignment of tasks, it does not appear that there are conflicts of interest in the chain of command and the tasks to be performed.



6.0.0 ELEMENT 4: Training6.1.0 EMPT Training

6.1.1 There are written procedures that describe an ongoing program of export transaction/compliance training and education.

6.1.2 The written procedures clearly describe detailed step-by-step processes that employees are expected to follow.

6.1.3 A qualified individual has been designated to conduct training and to update the training materials. (Note in comments the name of the person.)

6.1.4 If the primary responsible person is unable to perform the responsibilities, a secondary person has been designated to back-up the primary designee.

6.1.5 If not, a procedure is in place to eliminate vulnerabilities of an untrained person proceeding with tasks that might lead to violations of the EAR.

6.1.6 There is a schedule to conduct training (including date, time, and place).

6.1.7 The training component of the EMCP includes what training materials are used (module, videos, and manuals).

6.1.8 Training materials are accurate, consistent and current with operational company policy, procedures and processes. (If not, it is noted in the comments section what corrective actions are needed.)

6.1.9 Attendance logs are used for documentation which include agenda, date, trainer, trainees, and subjects.

6.1.10 Frequency of training is defined.

6.1.11 A list of employees/positions defines who should receive export control/compliance training.

6.1.12 Responsible persons are trained to understand the interconnection of their roles with other EMCP processes and where they fit in the overall export transaction/compliance program.

6.1.13 The list of employees/positions to be trained is consistent with other Elements.



6.1.14 A person has been identified that is responsible for keeping the training records.

6.1.15 The location of where these training records are to be maintained is included.

6.1.16 The format of how these training records will be maintained is noted.

6.1.17 Training methods include orientation for new employees.

6.1.18 Training methods include formal (structured setting, agenda, modules used).

6.1.19 Training methods include informal (less structured basis, verbal, daily, on- the-job exchanges).

6.1.20 Training methods include circulation of written memoranda and e-mails to a small number of personnel, (usually group specific instruction).

6.1.21 Training methods include refresher courses and update sessions scheduled.

6.1.22 Training methods include employee desk procedure manuals.

6.1.23 Training methods include back-up personnel training.

6.1.24 Content of training materials includes organizational structure of export-related departments and functions.

6.1.25 Content of training materials includes message of management commitment - Policy Statement.

6.1.26 Content of training materials includes the role of the EMCP Administrator and Key Contacts.

6.1.27 Content of training materials includes U.S. export/re-export regulatory requirements.

6.1.28 Content of training materials includes EMCP Company operating procedures.

6.1.29 Content of training materials includes the purpose and scope of export controls.



6.1.30 Content of training materials includes Licenses & Conditions/License Exceptions & parameters.

6.1.31` Content of training materials includes regulatory changes and new requirements.

6.1.32 Content of training materials includes destination restrictions.

6.1.33 Content of training materials includes item restrictions.

6.1.34 Content of training materials includes End-Use and End-User Prohibitions.

6.1.35 Content of training materials includes how to perform and “document” screens and checklists.

6.1.36 Content of training materials includes various process flows for each element.

6.1.37 Content of training materials includes new customer review procedures.

6.1.38 Content of training materials includes identification and description of non-compliance.



7.0.0 ELEMENT 6: Recordkeeping7.1.0 EMPC Recordkeeping

7.1.1 There are written procedures to comply with recordkeeping requirements.

7.1.2 The written procedures clearly describe detailed step-by-step processes that employees are expected to follow.

7.1.3 All records in each process are included in the records maintained.

7.1.4 The written procedures are reviewed for update at least annually and when significant changes occur.

7.1.5 The written and operational procedures are consistent.

7.1.6 There is a designated employee responsible for management and maintenance of this Element. The name and contact information is provided.

7.1.7 All other employees have been identified who are held accountable for specific responsibilities under this Recordkeeping Element.

7.1.8 The designated employees know who is responsible for the next action to be taken in the process.

7.1.9 If the primary responsible person is unable to perform the responsibilities, a secondary person has been designated to back up the primary designee.

7.1.10 Where there are no backup designees, there are procedures in place to prevent untrained/unauthorized personnel from taking action.

7.1.11 Employees understand the importance of their roles related to the overall recordkeeping requirement.

7.1.12 Employees have the appropriate budgetary, staff, and supporting resources to perform their responsibilities.

7.1.13 Employees have access to all the appropriate systems, tools, databases, and records to perform their responsibilities and ensure compliance with recordkeeping procedures.



7.1.14 Appropriate and specific training is provided regarding this Element.

7.1.15 The training included is on an annual schedule of employee training.

7.1.16 Appropriate parties have been identified who will retain records.

7.1.17 The names and contact information is provided.

7.1.18 The length of time for record-retention been identified.

7.1.19 Secure physical and electronic storage locations for records have been identified for the retention of records.

7.1.20 Determinations have been made regarding the formats that all of the different types of records will be retained in.

7.1.21 There is a list of records that are to be maintained.

7.1.22 The list of records to maintain includes Commodity Classification records.

7.1.23 The list of records to maintain includes Commodity Jurisdiction letters.

7.1.24 The list of records to maintain includes Advisory Opinion letters.

7.1.25 The list of records to maintain includes a Copy of the EMS.

7.1.26 The list of records maintained includes the BIS 748P, Multipurpose Application Form.

7.1.27 The list of records to maintain includes BIS 748P-A, Item Appendix.

7.1.28 The list of records to maintain includes BIS 748P-B, End-User Appendix.

7.1.29 The list of records to maintain includes BIS 711 Statements of Consignee and Purchaser.



7.1.30 The list of records to maintain includes Electronic version BIS 748P, Simplified Network Application Process (SNAP) ACCN Number.

7.1.31 The list of records to maintain includes accompanying attachments, rider or conditions.

7.1.32 The list of records to maintain includes International Import Certificates.

7.1.33 The list of records to maintain includes End-user Certificates.

7.1.34 The list of records to maintain includes License Exception TSR Written Assurance.

7.1.35 The list of records to maintain includes AES Electronic Filing Authorization.

7.1.36 The list of records to maintain includes High Performance Computer Records.

7.1.37 The list of records to maintain includes transmittal and acknowledgement of license condition.

7.1.38 The list of records to maintain includes log administering control over use of Export/Reexport license.

7.1.39 A log is maintained to ensure return or commodities previously exported under License Exception TMP.

7.1.40 A log is maintained to ensure License Exception LVS limits are not exceed.

7.1.41 The list of records to maintain includes Humanitarian Donations GFT Records.

7.1.42 There are instructions for the accurate completion and filing of Commercial Invoices.

7.1.43 There are instructions for the accurate completion and filing of AES electronic filing authorization.

7.1.44 There are instructions for the accurate completion and filing of Shippers Export Declarations.

7.1.45 The Shippers Export Declarations includes the Description of items(s).



7.1.46 The Shippers Export Declarations include ECCN(s).

7.1.47 The Shippers Export Declarations include the License Number.

7.1.48 The Shippers Export Declarations include License Exception Symbols or Exemptions.

7.1.49 The Shippers Export Declarations include Schedule B number(s).

7.1.50 There are instructions for the accurate completion and filing of Air Waybills and/or Bills of Lading Value of shipments.

7.1.51 There is conformity regarding the above documents.



8.0.0 ELEMENT 7: EMPC Audits and Assessments8.1.0 Audit and Assessment

8.1.1 Written procedures have been established to verify ongoing compliance.

8.1.2 A qualified individual (or auditing group) has been designated to conduct internal audits.

8.1.3 There is not a potential conflict of interest between the auditor and the division being audited.

8.1.4 There is a schedule for audits.

8.1.5 Internal reviews are performed annually, every six months, or quarterly as appropriate.

8.1.6 There a step-by-step description of the audit process.

8.1.7 A standard audit module or self-assessment tool is used.

8.1.8 Implemented audit modules or self-assessment tools evaluate corporate management commitment in all aspects of the audit, not just the Written Policy Statement Element.

8.1.9 Implemented audit modules or self-assessment tools evaluate formalized, written EMCP procedures compared to operational procedures.

8.1.10 Implemented audit modules or self-assessment tools evaluate accuracy and conformity of export transaction documents by random sampling or 100% verification.

8.1.11 Audit modules or self-assessment tools evaluate whether there is a current, accurate product/license determination matrix consistent with the current EAR and Federal Register notices.

8.1.12 Implemented audit modules or self-assessment tools evaluate whether correct export authorizations were used for each transaction.

8.1.13 Implemented audit modules or self-assessment tools evaluate maintenance of documents, as required in the written EMCP.



8.1.14 Implemented audit modules or self-assessment tool evaluate whether internal control screens were performed and documented as required in the EMCP.

8.1.15 Implemented audit modules or self-assessment tools evaluate whether there are flow charts of the various processes for each Element.

8.1.16 Implemented audit modules or self-assessment tools evaluate what is used to provide verification that the audits were conducted.

8.1.17 Implemented audit modules or self-assessment tools evaluate whether there is a procedure to stop/hold transactions if problems arise.

8.1.18 Implemented audit modules or self-assessment tools evaluate whether all key export-related personnel are interviewed.

8.1.19 Implemented audit modules or self-assessment tools evaluate whether there are clear, open communications between all export-related divisions.

8.1.20 Implemented audit modules or self-assessment tools evaluate whether there is daily oversight over the performance of export control checks.

8.1.21 Implemented audit modules or self-assessment tools include a sampling of the completed screens performed during the order processing and/or new (or annual) customer screening.

8.1.22 Implemented audit modules or self-assessment tools evaluate whether export control procedures and the EMCP manual are consistent with EAR changes that have been published.

8.1.23 Do implemented audit modules or self-assessment tools evaluate whether the Company’s training module and procedures are current with EAR and Federal Register notices.

8.1.24 There is a written report of each internal audit.

8.1.25 There are written results of the reviews.

8.1.26 The appropriate manager is notified, if action is needed.



8.1.27 Spot checks/informal self-assessments are performed.

8.1.28 Spot checks/informal self-assessments performed are documented.

8.1.29 There is no evidence of a conflict of interest between the reviewer and the division being reviewed.

8.1.30 Records of past audits are maintained to monitor repeated deficiencies.

8.1.31` There is a “best practice” that is shared with other divisions in the company to improve effectiveness and efficiency of export controls and promote consistency of procedures.

8.1.32 Other departments aware of their export-control-related responsibilities, e.g., legal dept., human resources, information management, etc.



9.0.0 ELEMENTS 8 and 9: Reporting, Escalation, and Corrective Actions9.1.0 EMPC Reporting, Escalation, and Corrective Action

9.1.1 Internal procedures are in place to notify management within the company if a party is determined to be in non- compliance.

9.1.2 Contact information is provided for each official in the chain.

9.1.3 Company policy/guidelines address accountability and consequences for noncompliant activity.

9.1.4 Appropriate incentives, rewards, requirements, and penalties are in place.

9.1.5 An appropriate business culture of compliance is fostered to facilitate notification of any possible noncompliance.

9.1.6 Internal procedures are in place to notify the appropriate U.S. Government officials (e.g., Export Administration’s Office of Exporter Services (OEXS), Export Enforcement, etc.) when non-compliance is determined.

9.1.7 A central corporate point-of-contact has been defined for all communications with the U.S.G.

9.1.8 The management chain is clearly defined for Voluntary Self- Disclosures (VSDs).

9.1.9 There are clear guidelines for VSDs.

9.1.10 All employees receive export control awareness training (including for potential deemed exports and hand-carry scenarios).

9.1.11 Export control training details reporting, escalation, and corrective action requirements.

9.1.12 There is a 24-hour mechanism for notifying compliance management of possible export violations or problems.

9.1.13 The Company has an anonymous reporting mechanism for employees.

9.1.14 Compliance guidelines provide defined criteria for when a formal internal investigation is required.



9.1.15 Compliance guidelines provide defined criteria for when a formal internal investigation is required and the procedures to be followed are defined.

9.1.16 Reporting and documentation requirements are defined.

9.1.17 Compliance guidelines include policy and procedures for follow-up reporting to management and the reporting employee.

9.1.18 There a process for evaluating lessons learned.


usdoc, bis, empc - compliance plan templates (word...

Documents