FRA Director, Rob Wilson and Associate, Emerson Siegle of Ropes & Gray joined Partner, Elsa Arbrandt of Cederquist to discuss Export Controls in relation to service industries at Cederquist’s Compliance Day seminar. The one day workshop discussed an investigator’s perspective on the role of digitalization in proactive monitoring as well as investigations.
Key discussion points included:
- Companies have tended to focus on regulated and dual-use goods. Less attention has been paid to provision of services.
- Consideration needs to be given to knowledge and data transfer.
- Enforcement of US regulations is well developed and has global reach.
There are two US export control regimes:
- The Export Administration Regulations (“EAR”), administered by the Bureau of Industry and Security (“BIS”) within the U.S. Department of Commerce, apply to “dual-use” items.
- The International Traffic in Arms Regulations (“ITAR”), administered by the Directorate of Defense Trade Controls (“DDTC”) within the U.S. Department of State, apply to defense articles and services.
Most people are aware of ITAR but EAR is broader in scope, covering items located in the US and US originated items.
- Exports (broadly defined to include physical shipment or transfer of goods, software or technology);
- Re-exports (transfers of regulated goods from one third country to another); and
- Deemed exports (the disclosure of controlled technology—such as software, technology, or source code — to a foreign national within the United States or outside the United States. If the export of technology to a foreign national’s home country would require a license, a license must be obtained before the foreign national is granted access to the technology (even within the United States).)
- Deemed Exports can be difficult to identify and involve many complexities, for example open source code as part of a software transfer.
- EAR also regulates associated “technology” – information necessary for the “development,” “production,” or “use” of an item.
- Similar transfer of knowledge is covered by European regulations.
- Industries providing professional services, IT development and implementation, education and finance (especially Trade Finance and Correspondent Banking) may be particularly exposed to the regulations.
- Risk assessments should be carefully considered to identify US nexus and potentially regulated transfers.
- Understanding of business partners, relationships along the supply chain and identification of the end user is essential.
- Due diligence should be done to an appropriate level of detail based on the assessed risk.
- US regulations have strict liability but discounts may be available for self-reporting and it will do no harm to be able to demonstrate a strong compliance programme was in place and how it will be enhanced if things do go wrong.
- Regulators frequently collaborate and what may start as an Export Control issue may expand to become an FCPA or sanctions issue.
For further details or for more information, email FRA Director, Rob Wilson.