Preventing the illegal transfer of technology isn't a single event—it's an integrated part of the ongoing human workflow of your company, consisting of numerous individual actions and cooperation between employees and departments at every management level. That's why illegal technology transfer control requires a comprehensive, company-wide solution that can manage compliance effectively at every step of the process.
Consider a case where your company is hosting a potential investor from overseas. She's interested in touring your U.S. facility in order to collect information to make a decision. However, before she even sets foot in the country, your company needs to know how to conduct the visit within the limits of United States law to avoid unintentionally violating export regulations.
STEP 1: First of all, a request must be officially submitted by an employee host for the site visit, and your company must have some means of managing all site visitor requests. This includes knowing the details of any locations within the U.S. that the visitor will be seeing; which of your products, documents, equipment, and other technology to which the visitor may be exposed during their visit; and with which of your personnel they will or may be meeting while on-site. All relevant information must be received in order to accurately assess the potential risk of the visit.
STEP 2: Any employees who will or may be meeting with a foreign national during visit must read and sign tailor-made certification documents to assure they understand the responsibilities and restrictions under U.S. law for interacting with foreign nationals. These legal documents serve as a declaration to prove that your employees have been educated and agree to abide by the laws. Explicit documents for certification, and records of employees’ agreement to abide by them, significantly mitigates your company's risk when hosting foreign nationals. The documents must be available for review by all appropriate parties in your company, with the ability to make comments and append notes.
STEP 3: You must screen the potential visitor's name against all the relevant lists of Denied Parties and Specially Designated Nationals provided by the United States government, the United Nations, and other international bodies. This ensures that the person in question won’t pose a risk to national security if given access to your facilities. Your company's Compliance Officer will review the results of the screening, request additional information if necessary, and then deny the visit if the screening returns any alarming results indicating that the visitor would present a security threat.
STEP 4: If the Denied Party Screening comes back clean, meaning that the potential visitor does not appear on any of the official lists, the Compliance Officer will distribute all the collected information to any other people in the company who need to be involved in the approval process. This includes anyone with whom the visitor would interact, department heads for areas the visitor could see during the site visit, security personnel, and so on. Responses from these personnel must be collected once the information has been distributed and reviewed, and only then can the Compliance Officer go on to either approve or deny the visit based on the risk assessment resulting from all the previous steps. Conditions limiting the visitor’s access or the types or extent of information to be shared with them may be imposed if it is determined to be necessary.
STEP 5: Assuming the site visit request is approved, all visitor activities while on-site must always be logged, and this information must be centrally accessible and modifiable by all relevant management personnel, making sure everyone is on the same page at every step before, during, and after the visit occurs.
STEP 6: Finally, you must maintain a detailed audit record of visitor activity, with extensive documentation, so that in the event of a government investigation your company has conclusive proof of your intent to comply with all applicable regulations.
Deemed Export Risk Manager does all this and more, giving you the freedom to host visitors without the fear of breaking Deemed Export laws. At the same time, it saves you money by automating your export control workflow, dramatically reducing the time your employees would otherwise spend manually checking every last name, list, and regulation.