Compliance Solutions

Deemed Export Risk Manager Workflow

Preventing the illegal transfer of technology isn't a single event—it's an integrated part of the ongoing human workflow of your company, consisting of numerous individual actions and cooperation between employees and departments at every management level. That's why illegal technology transfer control requires a comprehensive, company-wide solution that can manage compliance effectively at every step of the process.

Consider a case where your company is hosting a potential investor from overseas. She's interested in touring your U.S. facility in order to collect information to make a decision. However, before she even sets foot in the country, your company needs to know how to conduct the visit within the limits of United States law to avoid unintentionally violating export regulations.

STEP 1: First of all, a request must be officially submitted by an employee host for the site visit, and your company must have some means of managing all site visitor requests. This includes knowing the details of any locations within the U.S. that the visitor will be seeing; which of your products, documents, equipment, and other technology to which the visitor may be exposed during their visit; and with which of your personnel they will or may be meeting while on-site. All relevant information must be received in order to accurately assess the potential risk of the visit.

STEP 2: Any employees who will or may be meeting with a foreign national during visit must read and sign tailor-made certification documents to assure they understand the responsibilities and restrictions under U.S. law for interacting with foreign nationals. These legal documents serve as a declaration to prove that your employees have been educated and agree to abide by the laws. Explicit documents for certification, and records of employees’ agreement to abide by them, significantly mitigates your company's risk when hosting foreign nationals. The documents must be available for review by all appropriate parties in your company, with the ability to make comments and append notes.

STEP 3: You must screen the potential visitor's name against all the relevant lists of Denied Parties and Specially Designated Nationals provided by the United States government, the United Nations, and other international bodies. This ensures that the person in question won’t pose a risk to national security if given access to your facilities. Your company's Compliance Officer will review the results of the screening, request additional information if necessary, and then deny the visit if the screening returns any alarming results indicating that the visitor would present a security threat.

STEP 4: If the Denied Party Screening comes back clean, meaning that the potential visitor does not appear on any of the official lists, the Compliance Officer will distribute all the collected information to any other people in the company who need to be involved in the approval process. This includes anyone with whom the visitor would interact, department heads for areas the visitor could see during the site visit, security personnel, and so on. Responses from these personnel must be collected once the information has been distributed and reviewed, and only then can the Compliance Officer go on to either approve or deny the visit based on the risk assessment resulting from all the previous steps. Conditions limiting the visitor’s access or the types or extent of information to be shared with them may be imposed if it is determined to be necessary.

STEP 5: Assuming the site visit request is approved, all visitor activities while on-site must always be logged, and this information must be centrally accessible and modifiable by all relevant management personnel, making sure everyone is on the same page at every step before, during, and after the visit occurs.

STEP 6: Finally, you must maintain a detailed audit record of visitor activity, with extensive documentation, so that in the event of a government investigation your company has conclusive proof of your intent to comply with all applicable regulations.

Deemed Export Risk Manager does all this and more, giving you the freedom to host visitors without the fear of breaking Deemed Export laws. At the same time, it saves you money by automating your export control workflow, dramatically reducing the time your employees would otherwise spend manually checking every last name, list, and regulation.

Why Comply?

Organizations must comply

The Law

If foreign nationals ever visit your U.S. locations, you may be violating export restrictions and not even know it. One glance of your operations by an unauthorized person, or a slip of the tongue by an employee can constitute a breach of export regulations— even if the contact occurs on U.S. soil. This is because the definition of "controlled goods and technology" isn't solely restricted to referring to physical products, just as "exporting" does not consist exclusively of moving an item beyond the borders of the United States. Any company that has dealings with foreign nationals requires strict oversight to ensure that they do not commit export violations.

Under United States export regulations, an export is deemed to have occurred if any controlled good or technology is made available for inspection, when its use has been demonstrated or explained, and even when documentation has been presented or related information has been discussed verbally.

Penalties are severe

The Risks

The penalties for violating U.S. export regulations, including the rules for Deemed Exports, are severe. Companies found to be in violation of deemed export laws face all the same penalties as they would for physically delivering, or allowing to be delivered, controlled goods to any denied, restricted, or debarred party—penalties which can include millions of dollars in monetary fines, restrictions on business activities such as the temporary or even permanent revocation of export licenses, and—for violations deemed to have been willful—criminal prosecution, potentially including imprisonment.

That's not to mention the certain and irreparable damage to the reputation of any company found to be aiding America's enemies, even if only through negligence.

Employees and organizations have been convicted

The Penalties

In FY 2011 combined U.S. Government Export Compliance Enforcement resulted in penalties of $732.8 MILLION and criminal prosecutions of 50 individuals and businesses.


OFAC Penalties

In FY 2011, settlements with 11 businesses were reached for a total of $623,000,000 in penalties as compared to 21 settlements in FY 2010 for a total of $91,000,000.

Since FY 2008, OFAC investigations resulted in settlements with 339 businesses for a total of $2,670,000,000. ( that's $2.6 BILLION ! )

BIS Penalties

BIS investigations in FY 2011 resulted in the criminal conviction of 39 individuals and businesses for export violations, as compared to 31 convictions in FY 2010. The penalties for these convictions came to $20,214,000 in criminal fines, more than $2,100,000 in forfeitures, and more than 572 months of imprisonment; compared to $12,298,900 in criminal fines, more than $2,000,000 in forfeitures, and more than 522 months of imprisonment in FY 2010.

In FY 2011, BIS investigations resulted in the completion of 47 administrative cases against individuals and businesses and $ 8,508,300 in administrative penalties, as compared to 53 cases and more than $ 25,400,000 in administrative penalties in FY 2010.

DDTC Penalties

In FY 2011 DOS entered into 1 consent agreement for a total of $79,000,000 in fines, as compared to 3 consent agreements in FY 2010 for $43,000,000. The Department also pursued in FY 2011 a total of 11 criminal prosecutions, as compared to 51 criminal prosecutions in FY 2010.