News & Noteworthy

It is fitting that the first should be last. The long-awaited revisions of USML Categories I, II, and III are now imminent and will bring the Export Control Reform (ECR) initiative, which began under the Obama Administration, very close to completion.

As compliance experts will remember, the ECR initiative began in 2010 to streamline the USML by tightening its definitions and relaxing controls on less-lethal items. The plan was to transfer select items to the CCL where the manufacturers would benefit from less onerous regulations, but the government would still retain significant, but nuanced, controls to ensure that export policy objectives were attained. The objectives were seen as win-win-win: that is: 1) a  USML list of fewer items and reduced licensing burden for DDTC, 2) lower costs and more nuanced licensing requirements for exporters, and 3) retention of  controls for items transferred  to the EAR with identified targeted purposes, notably national security, nonproliferation, anti-terrorism, human rights or other foreign policy purposes.

Last week the Treasury Department’s Office of Foreign Assets Control (OFAC) announced that it had reached an agreement with Apple, Inc., to resolve apparent violations of the Foreign Narcotics Kingpin Sanctions Regulations (“FNKSR”). Apple allegedly violated the FNKSR by hosting, selling, and facilitating the transfer of software applications developed by SIS, d.o.o. (“SIS”), a Slovenian software company. While the $470,000 settlement is the equivalent of a rounding error for the trillion-dollar company, the interesting part of the settlement agreement was the level of detail regarding Apple’s sanctions screening missteps and their resulting commitments to improve. The settlement highlights the importance of detailed screening procedures for the use of sanctions screening software and adequate employee training to resolve potential red flags.

By popular demand, here is the fourth and final installment in our “technology” series. This time we focus on the EAR’s license exceptions related to controlled “technology:” Technology and Software under Restriction (TSR) and Technology and Software—Unrestricted (TSU). Note: This condensed blog post is not a substitute for consulting the actual text of the EAR to determine whether you can use one of these license exceptions.

Before we dive in, let’s have a quick summary of topics covered in this series:

• In Part I, we explored the concept of controlled technology.
• In Part II, we examined the three different types of technology (“development,” “production,” and “use”) and how they are applied in practice.
• In Part III, we explained what it means when an ECCN controls technology that is “required” for the development, production, or use of an item on the Commerce Control List (CCL).

Compliance is a constant challenge. Once you have invested the time and money to develop or update an Export Compliance Program (ECP)—complete with commodity classification, comprehensive policies, effective procedures, and tailored training—you must persistently guard your system against the potential damage of external and internal transitions. To understand these risks, let’s look at the differences.

The goal of all good systems is incremental improvement. This is as true in export control compliance as it is in other corporate activities. Improvement doesn’t happen accidentally but rather as a result of specific steps, regularly and studiously performed. You need to periodically examine the system, identify the weaknesses, design and deploy the remedies, and then test again at regular intervals. This rigor promotes continuous evolution and it enables the system to recover from the inevitable internal and external changes that might otherwise compromise its function.

Of all these steps, the Compliance Assessment is the first and most important. You need to regularly measure your system against its baseline performance indicators, regulatory requirements, and industry best practices. Doing this enables you to determine the effectiveness of the compliance system and, most importantly, identify the gaps that need to be addressed.