I. Export Laws at a Glance
Most U.S. companies are aware at least generally that U.S. export laws regulate activities such as the shipment of tangible products out of the country and that certain countries are subject to strict economic sanctions. But many companies are unaware of the actual breadth and complexity of U.S. export laws and regulations and what impact those laws have on their business — the result being that many companies do not even know that they are in a legal minefield until it is too late.
The problem that many companies run into is that, though U.S. export laws were intended to focus on the export of sensitive goods to hostile countries and keeping potentially dangerous items out of the hands of persons intent on harming the U.S., the regulations that implement these laws — the very dense and complicated Export Administration Regulations (“EAR”) enforced by the Commerce Department — cover virtually every commercial good and technology originating in the U.S. Additionally, as explained below, the EAR cover much more than the shipment of goods from the U.S. to a foreign country. Rather, the EAR cover the re-export of U.S.-origin goods from one foreign country to another, as well as the release of technology to a foreign national located in the U.S. When overlaid with dozens of stand-alone economic sanctions programs enforced by the Treasury Department, such as the U.S. embargoes of Iran and Cuba, these laws and regulations come together to form a complicated web that effects virtually every U.S. company that does business overseas or that has a product for which there is a market overseas.
When these laws and regulations are violated, the sanctions can be severe. At a minimum, goods can be returned or seized by U.S. or foreign customs officials. More ominously, huge fines (up to twice the value of the transaction) can be imposed, willful violations can result in significant jail time for individuals, and resulting internal investigations and/or government investigations can be burdensome, distracting, very expensive, and cause serious reputational harm to a company.
While many companies may take the approach that they do not deal in sensitive or obviously dangerous goods and therefore do not have export law exposure, they do so at their peril. Many of the enforcement actions brought by the Commerce Department in the past several years did not involve what most people would consider “dangerous” exports; rather, they involved products ranging from digital cameras to paint systems to vehicle axles. In many instances these enforcement actions involved cases in which U.S.-origin goods were funneled to countries subject to strict U.S. sanctions, such as Iran, or to countries subject to heightened licensing requirements, such as China. The U.S. government is particularly concerned about vast networks of middle-men and front companies whose sole job is to circumvent the U.S. embargo of Iran and to procure U.S.-origin goods. For foreign policy and national security reasons, the government devotes an enormous amount of resources attempting to locate and break up these mostly Iran-based procurement networks. Publicly available information about Commerce Department investigations reveals a laundry list of cases in which unsuspecting U.S. companies (and companies that ignored clear “red flags”) sold goods to front-companies (mostly in Europe and the Middle East) that immediately turned around and re-exported the items to Iran. In short, the risk of export law violations is much more significant than most companies realize.
This post is intended to give exporters a general overview of the EAR and U.S. sanction programs that impact them, as well as provide guidance concerning what policies and programs U.S. exporters should have in place to avoid violations, respond effectively in the event violations or potential violations are discovered, and demonstrate to regulatory authorities, if the time comes, that the company used best effort to comply with U.S. export laws. In the end, being proactive can mean the difference between a valuable shipment being delivered as scheduled or seized at the border — or the difference between paying a large penalty to the government and being given a slap on the wrist. Having an effective export compliance program is simply good business and a worthwhile investment of company resources.
II. The Export Administration Regulations
At the heart of the U.S. export control system are the EAR, which regulate the export, reexport, and transshipment of most commercial goods and technologies that originate in the U.S. The EAR, which are implemented by the Commerce Department’s Bureau of Industry Security (“BIS”), were intended to focus on the regulation of “dual use” items: items that have commercial application, but can also be used or converted to use for a military, weaponsof- mass-destruction, or terrorist purpose. While the EAR do focus on “dual use” goods to a large extent, virtually every commercial product is subject to the EAR. At the same time, some dual use items such as publicly available technology and software, items subject to the exclusive jurisdiction of another federal agency (mostly weapons regulated by the State Department), and literary publications are not subject to the EAR.
“Dual use” items are not always readily apparent. Items such as cellular phones, garage door openers and hearing aid devices — items that are not dangerous in and of themselves — cannot be exported to some countries because they can be incorporated into improvised electronic devices. Also, electrical switches that are used in many basic medical devices are subject to export controls because they can be used as part of triggering devices for nuclear devices. These few examples demonstrate that companies may be surprised to learn that their products are considered “dual use” and subject to export controls.
To many in the business community this may seem like excessive regulation. Like it or not, however, the EAR are here to stay and regulators, who take the national security implications of their jobs very seriously, are going to continue to interpret and apply the EAR as broadly as possible.
What Is an “Export”?
One of the main problems that companies often run into when dealing with export law compliance issues is they often do not know that their transaction is covered by the EAR in the first place. For example, many companies are unaware that “exporting” includes much more than just the physical shipment of tangible products out of the U.S. and that the EAR regulate all of the following types of transactions:
Direct Exports: A direct export is any item (which includes commodities, software and technology) that is sent from the U.S. to a foreign destination. The method of the transfer can be physical shipment (mail or hand-carried on a plane), electronic transmission (facsimile, email or download), or oral communication of information. Also, an export transaction occurs even if the item is not for sale, the item is only leaving the U.S. temporarily, and/or it was sent to a wholly-owned U.S. subsidiary located abroad.
Re-exports: A re-export is a shipment or transmission of U.S.-origin items from one foreign country to another. Also, foreign-made items that have more than a de minimis amount of U.S. content are also covered by the EAR. In other words, U.S. jurisdiction follows U.S.-origin goods around the world and liability for EAR violations does not cut off at the U.S. border.
Deemed Exports: The release of technology or computer source code subject to the EAR to a foreign national located in the U.S. is a “deemed export” to the foreign national’s country of origin. The “release of technology” can occur through visual inspections (such as reading technical specifications or seeing a demonstration of a product) or the oral exchange of information (such as a business meeting at which a regulated technology is explained to a foreign national).
Example: In 2011, the 6th Circuit Court of Appeals upheld the conviction of a University of Tennessee professor who passed sensitive technical information to research assistants from China and Iran whom he was aware were prohibited from seeing the materials.
Who Is Responsible for Complying with the EAR?
Simply put, the EAR apply to almost every person involved in an export transaction from start to finish — not just the original seller. Indeed, Section 758.3 of the EAR specifically states: “All parties that participate in transactions subject to the EAR must comply with the EAR.”
Parties are free to structure transactions as they wish, and to delegate functions and tasks as they deem necessary, but acting through agents, such as freight-forwarders, or delegating or re-delegating authority, does not in and of itself relieve anyone of responsibility for compliance with the EAR.
Is a License Required for My Export Transaction?
The crux of compliance with the EAR is determining whether a license from the Commerce Department is required before the transaction can proceed. In order to reach that determination, every person involved in an export transaction needs to consider the following 3 main questions:
1. Is the Good or Technology on the Commerce Control List and Subject to Restrictions?
The EAR includes the Commerce Control List (“CCL”), a very lengthy list of all items and related technology that are subject to specifically identified controls. Each of the hundreds of entries on the CCL are identified by Export Classification Numbers (“ECCN”) that are followed by detailed descriptions of the items, technical data, and the reasons for why the item is controlled.
The CCL organizes the covered items into the following ten broad categories, which include not just the following types of items, but also components, testing equipment, production equipment, software and technology relating to each of these types of items:
- Nuclear materials, facilities, equipment and miscellaneous items
- Chemicals, microorganisms and toxins
- Materials processing
- Telecommunications and information security
- Sensors and lasers
- Navigation and avionics
- Propulsion systems, space vehicles, and related equipment
In the event an item is on the CCL, an exporter is then obligated to make sure — by reviewing the entry on the CCL and BIS lists that detail the restrictions placed on every country in the world — to see whether a license is required.
2. Regardless of what the CCL Says, Is the Purchaser or End-User Prohibited from Receiving the Good or Technology?
Regardless of what guidance the above licensing analysis yields, since certain individuals and entities are specifically prohibited from receiving U.S. exports by various government agencies, an export transaction may nonetheless require a license. The Commerce Department maintains various lengthy lists on its website that exporters are obligated to check to make sure the recipient of their good or technology (or another known end-user down the chain) is not a “denied person.” Exporters are obligated to check the following lists, which are consolidated and in a searchable form at www.export.gov.:
- Denied Persons List: Individuals and entities that have been denied export privileges by the Commerce Department.
- Unverified List: Individuals and entities whom BIS has been unable to verify in prior transactions as a permissible end-user.
- Entity List: Parties who are already subject to licensing requirements with which third parties need to comply. This list includes persons and entities for which BIS has a concern regarding the proliferation of weapons of mass destruction or their potential
- Specially Designated Nationals List: Individuals and entities who the Treasury Department’s Office of Foreign Asset Control has identified as “denied persons.”
Regardless of what their products or technologies are, companies must have some mechanism in place to search these lists to make sure they are not dealing with “denied” persons or entities. Additionally, if warranted by the volume of a company’s export activities, some exporters should consider implementing commercially available name-recognition software that can scan company systems for names and entities on government denial lists.
3. Am I Potentially Violating a U.S. Embargo or Economic Sanctions Program and/or Is the Good or Technology Going to Be Used for a Prohibited End-Use?
In addition to the foregoing circumstances in which an export license is required, the EAR impose licensing requirements in the following circumstances:
- Countries Subject to Embargoes or Economic Sanctions: As discussed further below, many countries, including but not limited to Iran, Cuba, and North Korea, are subject to embargoes and/or very strict economic sanctions by the U.S. With respect to these countries, a license almost certainly will be required, even for exports not specifically identified on the Commerce Control List. Of course, an application for a license to export to those countries would almost certainly be denied.
- Improper End-Uses: A license is always required when an exporter knows or has reason to know that the item is going to be used for a nuclear end-use, in unmanned vehicles, or for chemical and biological weapons purposes.
Sanctions for EAR Violations
The three main categories of violations of the EAR are the following:
- Exporting or re-exporting a controlled item to a country for which a license is required for that item.
- Exporting to a “denied person” or for a known prohibited end-use without a license.
- Proceeding with a transaction knowing or having a reason to believe that a violation of the EAR has occurred or is about to occur.
The penalties for violations of the EAR are:
|Civil||Up to the greater of $250,000 or twice the value of the transaction; potential denial of export privileges.||Strict liability offense; knowledge of a violation is not a requirement for a civil penalty to be issued.|
|Criminal||Up to $1 million in fines and/or 20 years in prison.||Criminal liability for anyone who “willfully conspires to commit, or aids or abets in the commission of,” a violation of the EAR.|
The Knowledge Element and Not Ignoring “Red Flags”
Of the utmost importance is that exporters (which includes all persons connected to an export transaction) understand that a person cannot proceed with an export transaction if the person has knowledge that a violation has occurred or is about to occur. This relates to every item subject to the EAR. According to the EAR, “knowledge” includes both (1) actual knowledge and (2) an awareness of a high probability that a circumstance exists or is substantially likely to occur. In other words:
Reason to Know or Reason to Believe = Knowledge
Therefore, a company cannot ignore “red flags.” “Red flags” simply are warning signs that a violation may have occurred or may be about to occur. Red flags can be any abnormal or suspicious circumstances surrounding the export, such as (a) products that do not fit with a buyer’s business, (b) a buyer who is evasive about the destination and/or use of the items, (c) a customer’s unwillingness to sign warranties and representations concerning their compliance with export control laws, and (d) instances in which the source of payment differs from the country of destination of the export.
If There Are No Red Flags
Absent “red flags,” there is no affirmative duty upon a party to inquire, verify, or otherwise “go behind” a customer’s representations.
If There Are Red Flags
If “red flags” are raised, an exporter has an affirmative duty to investigate the suspicious circumstances and take steps to determine the end-use, end-user, and ultimate country of destination of the item being exported.
If “red flags” can be explained or justified, then the party can proceed with the transaction.
If “red flags” cannot be explained or justified and the party proceeds with the transaction, that party runs the risk of having had “knowledge” that would make the action a violation of the EAR. If “red flags” remain after an inquiry, the party should either refrain from the transaction or submit all the relevant information to BIS and request a license or other approval from BIS.
Lastly, don’t self-blind. A party that takes affirmative steps to avoid “bad” information would not insulate itself from liability, and such actions would usually be considered an aggravating factor in an enforcement proceeding.
III. Beware of the Middle-Man Scheme
Recent enforcement actions reflect that the Commerce and Treasury Departments are aggressively pursuing and continually uncovering conspiracies involving “middle men” who create the appearance of a legitimate transaction with U.S. businesses and then re-export the goods or technologies to countries subject to strict U.S. export controls, including Iran, Syria, China, North Korea and Cuba.
In most instances, these conspiracies follow the classic “middle man” structure whereby U.S. exporters are led to believe they are dealing with a legitimate counterparty and that their goods are destined for a country to which there are no prohibitions to the transaction, when in fact their counterparty is a front operation that plans to immediately re-export the goods to a prohibited country. This is especially true with respect to Iran, which is subject to a near total embargo and which has a vast network of middle-men and front companies around the world, including in many countries that are allies of the U.S. and with which U.S. companies have strong trading relationships. These “fronts” exist for the sole purpose of obtaining U.S.-origin goods, including but not limited to goods and technologies that have military capability and/ or are useful for Iran’s nuclear and missile programs.
The implication for all U.S. companies is that they need to be cognizant of “red flags” surrounding their transactions — no matter what they sell or where their customers are located. In the event a company’s good or technology ends up in a country subject to strict export controls (or is seized on its way to that country), the government will undoubtedly want to know what due diligence the U.S. company did on its customers and what red-flags the company saw or should have seen.
In most instances the targets of the Commerce and Treasury Departments will be the “middle men” who are at the heart of covert conspiracies. Investigators usually understand there is no way for exporters to completely guarantee that their goods and technologies will not change hands and end up in the hands of a prohibited end-user or in a prohibited country. Still, when government investigators show up — usually with a subpoena and lots of questions — exporters need to be prepared to demonstrate two main things:
- First, exporters will need to show that they had an export compliance policy in place and attempted to comply with their export law obligations by, among other things, obtaining necessary export licenses and ensuring that there were no prohibitions against selling their export to the original purchaser.
- Second, exporters will need to demonstrate that they had “clean hands” and saw no “red flags” that would have alerted them to likely export law violations.
If exporters cannot satisfactorily demonstrate to the government that sufficient steps were taken to comply with export regulations, they may very well find themselves the target of the government’s investigation.
IV. The Importance of Having an Effective Export Law Compliance Policy
The Basics of an Export Compliance Program
Every U.S. company that deals with foreign customers must have an export compliance program that reinforces compliance with export laws and economic sanctions and seeks to prevent violations before they occur. Though implementing a compliance policy can be expensive and burdensome, it is much less costly than absorbing the financial loss that comes with paying penalties or, in the case of larger violations, the cost of an internal investigation and/or dealing with an investigation by the government. Not only can investigations into actual or suspected violations be extremely expensive, but in the event a violation does occur the existence of a robust policy will demonstrate to the government that the company did all it could to prevent export violations — which could have the effect of causing the government not to charge a company with a violation at all or mitigating any financial penalty levied against it.
In most cases, an exporter who violated the EAR will end up negotiating with BIS concerning what penalty will be assessed. One of the most important factors that BIS will look at is whether the company had an effective policy in place. The existence of a robust policy will signal that the company took complying with export laws seriously, while the non-existence of a policy or the existence of a policy with no teeth will signal that the company paid no attention to its export law responsibilities. Also, since BIS openly acknowledges that it gives “great weight” to the existence of an effective compliance program when assessing what penalties will be levied, every company needs to evaluate what type of compliance program would fit it best.
Generally, a policy needs to focus on the company asking the right questions, ensuring its employees are educated, and following proper procedures. There is no generic, off-the-shelf export compliance policy. Rather, a company must tailor its program to take into account its size, it products and their end-use and sensitivity, and its geographic footprint.
Bureau of Industry Security Policy Guidance
While there is no generic compliance program, Export Policy Compliance Guidelines published by BIS outline the elements that should form the basic structure of every export compliance program. They include:
- Risk Assessment: Assess current export processes (such as performing a detailed breakdown of an export transaction’s life-cycle) to address vulnerabilities, identify potential areas of concern with respect to the company’s customer base, and otherwise identify high-risk areas of a company’s business, such as whether the company is unaware of its product’s dual-use.
- Management Commitment: Ensure that a high-level person in the company is knowledgeable and responsible for the content and operation of the compliance program and has a direct line to the most senior members of the company’s management.
- Written Export Control Policy: Have a clearly delineated export compliance program that underscores the company’s (i.e., management’s) commitment to promoting an organizational culture that encourages ethical conduct and a commitment to complying with export laws.
- Compliance Training: Distribute information and/or conduct export training of employees and agents commensurate with their roles and responsibilities.
- Know Your Customers: Have appropriate know-your-customer procedures in place to adequately assess whether a customer is a “denied person,” what the good or technology is going to be used for, where it is going, and whether a customer raises any “red flags.”
- Audit Program: Implement appropriate standards and procedures designed to prevent and detect criminal conduct and to monitor that the export compliance program is being followed, including by vetting and monitoring third-parties who are considered agents of the company.
- Recordkeeping: The EAR requires companies to maintain export-related records for 5 years. Therefore, a company’s document retention policy needs to take this into account and ensure that export-related documents are maintained, even if other company records are retained for a shorter period of time.
- Internal Reporting: Provide a mechanism for employees and agents to seek guidance regarding export law compliance and confidentially report potential or actual violations.
- Corrective Actions: Set up and enforce appropriate disciplinary measures for engaging in (or failing to stop) export law violations.
V. To Disclose or Not to Disclose?
While no company wants to fall on its sword and report unlawful conduct to the government, since self-reporting will often lead to a warning letter (unless a major violation occurred) or mitigated fine, self-reporting is an option that needs to at least be on the table. Indeed, BIS guidance indicates that on average it grants a reduction of at least 50% of the calculated penalty when a company self-discloses a violation.
In many cases, however, whether to self-report is a complicated decision that requires decision- makers to weigh the short term impacts of such a decision (the imposition of a fine, reputational harm, and the risk that a further government investigation will develop) versus the longer term risk that if the government independently finds out about the conduct the company may be treated much harsher than if it had self-reported and cooperated in the first place. Additionally, companies need to take into consideration, generally, that once they self-report, the Commerce and/or Treasury Departments will be in the driver’s seat and the company will lose control over its destiny to a certain extent.
Lastly, if a company is going to disclose a violation it needs to be prepared to (a) provide the WHOLE truth to BIS, (b) demonstrate that it was proactive and voluntarily took steps to avoid further violations and punish wrongdoers, if applicable, and (c) cooperate with any BIS investigation that results.
VI. Other U.S. Trade Regulations
Embargoes & Economic Sanction Programs
In addition to the EAR, various other country-specific regulations implemented and enforced by the Treasury Department control exports to certain countries around the world. Specifically, the Treasury Department’s Office of Foreign Assets Control (“OFAC”) enforces embargos and economic sanction programs relating to Cuba, Iran, North Korea, Sudan, Syria, and specific targets in the Balkans, Burma, Iraq, Liberia, Libya and Zimbabwe. OFAC also administers regulations prohibiting transaction with known terrorists, narcotics traffickers, and certain persons and entities associated with the rough diamond trade in Africa. These various embargoes and sanction programs apply to all U.S. citizens and permanent residents (wherever located), U.S. companies, foreign branches of U.S. companies, and persons located in the U.S.
Two of the most comprehensive sanction programs deal with Iran and Cuba and include the following restrictions on export transactions:
Iran (the Iranian Transaction Regulations)
- In general, no good, technology or service may be exported from the U.S., directly or indirectly, to the Government of Iran or Iranian companies without a license and no U.S. person (wherever located) can participate in any transaction involving U.S.- origin goods if that person knows or has reason to know that an items is intended for supply, transshipment or re-export to Iran.
- In addition, any U.S. person, wherever located, or any person acting within the U.S. may not approve, facilitate or finance any transaction involving the sale of foreign goods to Iran. This provision impacts U.S. citizens who work overseas for foreign companies that do business with Iran. While foreign companies may not be breaking U.S. law by dealing with Iran, their U.S. employees will break the law if they are involved in transactions involving Iran on behalf of their employer.
Cuba (the Cuban Asset Control Regulations)
- Exports to Cuba, either directly or indirectly, are prohibited unless an OFAC license is obtained. There are certain limited exceptions to this rule related to informational materials, donated food, medicine and related devices, and telecommunications equipment; however, there are many limitations on these exceptions.
- Companies are permitted to do business with Cuban nationals who have become permanent residents or citizens of the U.S. With respect to Cuban nationals who have taken up permanent residence outside of Cuba, however, such individuals must apply to OFAC to seek “unblocked” status before a U.S. person can do business with them. In other words, exporting a good to a Cuban national located in South America could violate the Cuban embargo.
State Department’s Military Export Controls
Applicable to companies that manufacture defense articles are the International Traffic in Arms Regulations (“ITAR”), which set out the licensing policy for exports of items on the U.S. Munitions List. With very few exceptions, a license from the Secretary of State is required for the export of virtually all items on the U.S. Munitions List and companies dealing with items on the U.S. Munitions List are required to register with the State Department on an annual basis.
While no company can guarantee that its goods or technologies will not fall into the wrong hands, in order to limit legal exposure it is imperative for U.S. exporters and companies dealing with U.S.-origin goods overseas to have an effective export law compliance policy that educates employees regarding export laws and regulations, implements adequate know-your-customer protocols, and has processes for dealing with “red flags.” Having such a program in place will prevent violations and, in the event violations occur, go a long, long way to demonstrating to government investigators — who may show up with a subpoena and lots of questions regarding the company’s culpability — that it did all it could to comply with U.S. export laws and regulations. Given the increased enforcement in this area by the Commerce and Treasury Departments, as well as the stiff penalties that can result from violations, no company with international exposure can afford not to have such a program.