Last week the Treasury Department’s Office of Foreign Assets Control (OFAC) announced that it had reached an agreement with Apple, Inc., to resolve apparent violations of the Foreign Narcotics Kingpin Sanctions Regulations (“FNKSR”). Apple allegedly violated the FNKSR by hosting, selling, and facilitating the transfer of software applications developed by SIS, d.o.o. (“SIS”), a Slovenian software company. While the $470,000 settlement is the equivalent of a rounding error for the trillion-dollar company, the interesting part of the settlement agreement was the level of detail regarding Apple’s sanctions screening missteps and their resulting commitments to improve. The settlement highlights the importance of detailed screening procedures for the use of sanctions screening software and adequate employee training to resolve potential red flags.
By popular demand, here is the fourth and final installment in our “technology” series. This time we focus on the EAR’s license exceptions related to controlled “technology:” Technology and Software under Restriction (TSR) and Technology and Software—Unrestricted (TSU). Note: This condensed blog post is not a substitute for consulting the actual text of the EAR to determine whether you can use one of these license exceptions.
Before we dive in, let’s have a quick summary of topics covered in this series:
- In Part I, we explored the concept of controlled technology.
- In Part II, we examined the three different types of technology (“development,” “production,” and “use”) and how they are applied in practice.
- In Part III, we explained what it means when an ECCN controls technology that is “required” for the development, production, or use of an item on the Commerce Control List (CCL).
Compliance is a constant challenge. Once you have invested the time and money to develop or update an Export Compliance Program (ECP)—complete with commodity classification, comprehensive policies, effective procedures, and tailored training—you must persistently guard your system against the potential damage of external and internal transitions. To understand these risks, let’s look at the differences.
Topics: Export Compliance
The goal of all good systems is incremental improvement. This is as true in export control compliance as it is in other corporate activities. Improvement doesn’t happen accidentally but rather as a result of specific steps, regularly and studiously performed. You need to periodically examine the system, identify the weaknesses, design and deploy the remedies, and then test again at regular intervals. This rigor promotes continuous evolution and it enables the system to recover from the inevitable internal and external changes that might otherwise compromise its function.
Of all these steps, the Compliance Assessment is the first and most important. You need to regularly measure your system against its baseline performance indicators, regulatory requirements, and industry best practices. Doing this enables you to determine the effectiveness of the compliance system and, most importantly, identify the gaps that need to be addressed.
As technical specialists, we often get asked about Commodity Jurisdiction. The questions are simple but important and the answers are invaluable for newcomers to export control.
What is a Commodity Jurisdiction (CJ) determination? The first and most basic step in export control is determining if your item (be it a physical product, software, technology, or service) requires an export license. To ascertain this, you must first verify which set of regulations pertain to that item. It may be the International Traffic in Arms Regulations (ITAR) or it may be the Export Administration Regulations (EAR). Since the ITAR is administered by the State Department and the EAR is overseen by the Department of Commerce, you are trying to determine which jurisdiction your product belongs to, based on its technical characteristics or capabilities.