Twelve steps to an effective compliance program

Feb. 14, 2006
Export compliance for shipments coming out of the U.S. and the re-export of items containing U.S. content will continue to remain one of the manufacturing

Export compliance for shipments coming out of the U.S. and the re-export of items containing U.S. content will continue to remain one of the manufacturing world's greatest challenges. The Bureau of Industry and Security’s statistics for fiscal year 2005 show 31 criminal convictions, $7.7 million collected in criminal fines, 69 administrative or civil penalties, and $6.8 million collected for those violations. When you look at the various cases, it is clear BIS is expanding enforcement to include conspirator liability between corporations in the supply chain, primary liability of reexporters, those who store goods and those who facilitate their export, such as freight forwarders.

When things go wrong and companies find out they have done business with a prohibited destination, end use, party, or a party that diverts the item, the first and most problematic question asked by regulatory officials is, “Do you have a file describing the due diligence you performed before the export or re-export?” If the answer is yes, there still may be a per se violation that will prompt the enforcement authorities to impose an administrative fine. If the answer is no, there are more serious civil and possibly criminal liability risks. The next steps are expensive, time consuming, and reputation damaging.

Companies and individuals are obligated not to do business with illegal parties or entities, destinations, and end uses. They are also expected to take steps to ensure they do not commit such violations. Due to our experience, we wish to share with you the key steps that should be taken to ensure compliance failures do not stop your supply chain in its tracks.

1. Obtain board-level commitment. Before any compliance program can be successful, buy-in from the board of directors and senior level staff must be secured. The U.S. Government Sentencing Guidelines state that corporate officers and board members must be knowledgeable about the content of their compliance program, exercise reasonable oversight, and give compliance officers direct access to the Board. Increasingly around the world, we see governments imposing a standard of care on the board and or senior management. Senior officers risk personal liability should your compliance program fail.

2. Assess processes. Hire outside trade experts to perform a compliance gap analysis on your current compliance processes. Then fill the gaps. What gates and stops have been and can be established? How are compliance records stored and located?

3. Embargoed countries. Your company is not allowed to trade with certain countries. Make sure that you have established a list of embargoed countries and created effective stop measures that ensure items are not shipped to those countries directly or indirectly.

4. Electronically screen names and addresses in your master customer/partner files against the various government black lists. With more than 40 international restricted party lists in existence, it is important to work with a firm that organizes these ever-changing lists into a central database that is monitored and updated daily.

5. Establish an on-going name and address screening process. Just because you have screened a customer once does not mean your name screening is done forever. Governments constantly add and delete names from the various restricted lists. In 2004, more than 14,000 updates were made to the restricted party lists, while more than 162,000 updates were made since September 11, 2001. It is vital that you remain current with list updates and modifications.

6. Perform end use and diversion risk screening. Take steps beyond mere name screening by collecting end use information from customers and other parties in the supply chain that work with you. Be certain that your product is being purchased for its intended use. In addition to end use screening, perform diversion risk screening. Collect information about the nature of your customer's business to determine whether your product or service is consistent with the business of your customer. Make sure that your customer is not diverting your product to another party.

7. Obtain jurisdiction and classification information from each supplier. Perform jurisdiction and classification when that information is not easily obtained from a reliable supplier with a good reputation for compliance.

8. Perform license determination. Develop a license determination process for list-based license requirements and perform license determination prior to each export and each reexport.

9. Write and implement processes and procedures that are part of each business function. Compliance must be a key concern across the company. Processes should be in place for IT, R&D, engineering, manufacturing, sales, order entry, fulfillment, shipping, comptroller, legal, the board of directors, and compliance to ensure that the proper measures are taken to control the export and reexport of goods, technology and software.

10. Train, train, train. Do not develop processes and procedures only to file them away in a cabinet. Procure training for the whole company with different levels of training based upon each job function. Train on your processes and on the ever-changing substantive rules. Train your staff until they understand how an effective compliance program can make or break a company, and then train them again.

11. Follow ISO 9000 and Sarbanes-Oxley standards as well as the export control best practices recommended in the Nunn-Wolfowitz report.

12. Perform audits every year. Make sure that your compliance engine is running smoothly by performing annual audits. Alternate by performing an internal audit one year and an external audit the next. It is better to be safe than sorry, and every process breaks down over time unless it is audited. LT

Larry E. Christensen is vice president of export controls for JPMorgan Chase Vastera (www.jpmorganchasevastera.com) and adjunct professor of law at Georgetown University Law Center. He has worked in export controls and trade sanctions since 1979. A 1972 graduate of Duke Law School, Christensen served the Department of Commerce for 11 years in the Office of Chief Counsel of Export Administration and as Director of the Office of Regulatory Policy. In that role, he headed the complete redrafting of the Export Administration Regulations (EAR) in 1995-1996, the first such rewrite since 1949. Mr. Christensen participates in the consulting practice and managed services offerings of JPMorgan Chase Vastera. He trains on virtually all U.S. export control topics and certain elements of foreign export controls.