FAQ: Compliance Policies & Procedures Manual

Why do I need Compliance Policies & Procedures?

If your company has licensable items (hardware, software, or “technology”), it is a best practice to establish an
export control compliance system. Failure to do so could lead to fines, damaging publicity, and the loss of exporting privileges. Your compliance system should address three major goals:

1. Provide procedures to ensure that all compliance requirements are addressed.
2. Provide training to ensure that the procedures are understood and performed correctly.
3. Conduct regular assessments of procedures and overall system to gauge effectiveness.

What kind of documentation is required?

There should be written policies to address the various compliance requirements, complemented by templates and procedures as appropriate to ensure the accurate, efficient, and comprehensive completion of all necessary steps.

While some are general documents and some are location/ task specific, they should be bundled together in a Compliance Manual for several reasons:

1. To serve as the absolute reference and repository for compliance guidance.
2. To ease the processes of future updating and auditing.
3. To facilitate the process of integrating with other company systems, as needed.

How do I develop and implement them?

It is important to address the issues methodically, developing policies and procedures (P&P) systematically for each requirement and in all departments. It is also important that these new (or updated) P&Ps work in conjunction with existing company guidance so as to avoid confusion, conflict, and inefficiency. As with all new procedures, compliance procedures should be developed, deployed, tested, and refined. Ideally, the stakeholders in each department will be involved in all these steps so as to harvest their experience and gather their “buy in.”

Can we develop these in-house or should we hire 3rd party experts?

While an in-house solution may look attractive on the surface, there are significant drawbacks:

• Internal POCs may be stretched already or ill-equipped for the task
• Internal experts are often the source of the problem
• Insiders are often overly aware of company dynamics and sometimes fearful of backlash

By contrast, outside experts (like CTP) have many advantages.

• We have extensive experience creating and customizing P&P manuals
• We have an enormous amount of tools, templates and guidance in our copyrighted Manual Maker, giving us
  an enormous head start on all new P&P projects
• We are well familiar with the USG requirement and will ensure that all needs are met

How Can CTP Help?

The backbone of the Export Compliance System is the Compliance Manual, where the policies provide the “What to do” and the procedures describe the “How to do it.” Properly done, this manual saves implementation time, prevents confusion amongst employees, and reduces the risk of violations. Distilling these policies and procedures is a critical but challenging task for companies. To help them, the CTP Compliance team has created its Customizable Compliance Manual with small to mid-sized companies in mind and an emphasis on specific criteria that are critical to success:

• Concise: We constructed the Compliance Manual to be comprehensive yet succinct. We kept it to 55 pages using hyperlinks within the document to provide a wealth of background material just a click away. These linked resources include CTP-provided templates, samples, and explanations, as well as government references and internal client sites.
• Customizable: The Manual is designed to be modified, with color-coded text to differentiate between removable instructions in red, customizable sections in blue, and permanent text in black. From the outset, CTP experts will consult with the client on a weekly basis, working section by section through the manual template to tailor the text and templates to satisfy the client’s specific requirements.
• Comprehensive: The Compliance Manual addresses export compliance issues involving the ITAR, EAR and OFAC regulations. Additional emphasis can be added as needed during the customization phase.
• Current: The recent changes introduced by Export Control Reform are reflected in templates and guidance provided in the Compliance Manual template.
• Cross-referenced: The respective sections of the Compliance Manual are cross-referenced to CTP’s suite of web- based training. CTP’s training portal offers 21 modules, which are organized in three categories to promote “as- needed” training. These essential topics are also covered in the CTP Internal Audit Tool. Viewed together, these three tools comprise a complete suite of compliance solutions offered by CTP.

Tailored Approach

Regardless of project size, we collaborate with your experts to determine the best approach for your company. Usually we work remotely, using email, secure transfers, and phone conferences, but we will come to your sites if needed, typically for audits. We adhere to schedules and have the depth of expertise to keep large projects moving. In all instances, we format our reports and deliverables to your exact preferences.

Easy Procurement / Ongoing Relationship

We start with a simple engagement letter, a Non-Disclosure Agreement, and a Time Account. We work by the hour, at highly competitive rates, so you pay only for those services that you utilize. After the initial task, most of our new clients retain us on a long term/ongoing basis. Even if you don’t use CTP for months, even years, the account is left open so your access to our experts is always just a phone call away. Working with CTP Compliance is like having adjunct staff in perpetual readiness at zero cost.

If you have any other topics or questions in mind, please visit www.ctp-inc.com or reach out directly to Rick Phipps at rphipps@ctp-inc.com.