The document discusses compliance procedures and voluntary disclosure criteria for export control violations. It provides an overview of how to conduct internal investigations of suspected violations and outlines the elements that should be included in a voluntary disclosure filing, such as a description of the violations and corrective actions. The document advises implementing thorough corrective actions and not trying to hide bad facts when filing a disclosure. It also summarizes a consent agreement between the United States and United Technologies for unauthorized exports and failure to maintain effective export controls.

1. Steve Tribble
FLIR Systems
Jahna Hartwig
Williams Mullen

2. Agenda
 Compliance Procedures
 Investigations
 Criteria for Filing Determination
 Structure of Voluntary Disclosure
 Post-Disclosure Actions
 UTC Consent Agreement

3. Compliance Procedures
Collecting and Reporting Issues
 Channels for employees to report suspected violations
(e.g., anonymous hotlines, sanitized email addresses,
dedicated reporting websites, etc.)
 Policy against retaliation for reporting
 Procedures for stopping ongoing suspected violations
and implementing any urgent mitigating actions
 Procedures for conducting a thorough investigation of
the suspected violations.
 Broad enough to reveal related or similar violations with
other shipments, product lines, business units, or
geographic areas.

4. Compliance Procedures (cont’d)
 Established responsibility for decision making
regarding voluntary disclosure submissions
 Criteria to consider when assessing the need to file a
voluntary disclosure
 Established responsibility for preparing and approving
the filing
 Procedures for providing notice to other government
authorities when required or appropriate, (e.g.,
government sponsor, DSS, etc.).

5. What is An Internal Investigation?
 Company Decision – Not Directed
 Fact-Finding Activity
 The Five “W’s”
 Did a Violation of Law or Company Policy Occur
 Must be Perceived as Thorough and Independent
 An Extension of the Company’s Compliance Program
 Regular Internal Audits
 Best if an Established Process

6. Structuring An Internal
Investigation - Scope
 Specific Event Occurred
 What Were the Circumstances?
 What is Known About the Issue?
 What Was Cause of the Issue?
 Criminal Allegations Involved?
 Is This a Pre-cursor to a Voluntary Disclosure?
 Regular Compliance Audit
 Established Process
 Introductory or Advanced Audit

7. In-House or External
 In-House Pros and Cons
 Better Understanding of Company’s Business and
Processes and Will Know the Various Players
 May Not Be Objective
 May Not Be Experienced in ITAR
 External Counsel or Consultant
 Impartial and Credible
 Specific ITAR Experience
 Established Relationship and Experience with DDTC to
Help Navigate the “Mine Field”

8. Investigation - Data Collection
 Determine Type of Issue – Logistics, Technical Data,
Foreign National Access, Use of Authorizations
 Unique Documentation Associated with the Issue
 Must Collect Complete Documentation Set


More is better than Less
Include referenced documents – drawings, specs, contracts
 Emails Are Significant Source of Information


Open emails are subject to discovery
Attorney-Client privilege is not guaranteed but should be
invoked

9. Criteria for Filing Disclosure
 National security implications
 Legal obligation (e.g., 126.1 countries)
 Contractual obligation to disclose to business partners
 Anticipated activities that may be related to prior
violations (e.g., future licenses for same party, ongoing
service obligations)
 Whether violations were systemic or a less significant
“one time” mistake
 Whether violations were egregious or non-egregious
 Potential reputational damage, especially if the
disclosure will or could be made public

10. Criteria for Filing Disclosure
 Potential fines with or without disclosure
 Risk of nonmonetary penalties, e.g., loss of export licenses





or export privileges, debarment from government
contracting, placing on watch lists, etc.
Risk of detection by government if not disclosed, including
as a result of whistleblowers
Period of time when illegal activities occurred
How recent the activity was, and whether there is an
applicable statute of limitations
Previous disclosures or enforcement activity
Relationship with government regulators

11. Structure of Voluntary Disclosure:
Timing
 Initial filing “immediately” after discovery
 Must be filed before USG has knowledge from another
source
 Final filing within 60 days after “thorough review”

12. Structure of Voluntary Disclosure:
Elements
 Nature and Exact Circumstances of the Violation
 Persons Involved in the Violation
 Names, addresses, and contact information for all parties.
 Relevant ITAR Authorizations
 Relevant Products, Data and Services
 Corrective Actions
 Determine cause of the violation and design appropriate
remedial actions
 Enhance compliance procedures if necessary
 May include disciplinary action for responsible employees

13. Structure of Voluntary Disclosure:
Elements
 Mitigating Factors
 Whether the violation was intentional or inadvertent
 Familiarity with laws and regulations
 Past violations
 Whether the violations are systemic
 Existence of compliance measures, including training,
that were in place to prevent such violations
 Documentation
 Copies of licenses, shipping documents and other
relevant documents

14. Do’s and Don’ts of Voluntary
Disclosure
Do:
 Ensure that the filing is complete and accurate
 Accept responsibility
 Explain mitigating factors
 Fully implement corrective actions
Don’t:
 Conduct a sloppy or hurried investigation
 File a Voluntary Disclosure if disclosure is Mandatory
 Be defensive or argumentative in your filing
 Try to hide bad facts
 Ignore filing deadlines

15. Post-Disclosure Actions
Implement Corrective Actions
 Assign responsibility and due dates
 Take appropriate disciplinary actions against responsible
persons, including those who failed to detect or report
the violations
 Periodically assess remedial actions to confirm
implementation
 If requested, report status of corrective actions to DDTC

16. United Technologies Consent
Agreement
Key Violations— #1
 Unauthorized exports and re-exports due to failure to
establish jurisdiction of defense articles, defense
services and technical data
 Engine parts and technology exported from Canadian
subsidiary to PRC


Had US modified software (“ITAR taint”)
Was for a PRC military aircraft
 Defense services to Venezuela (using NLR parts)

17. United Technologies
Key Violations— #2
 Unauthorized exports resulting from failure to exercise
internal controls over technical data
 Foreign persons co-located in US facilities with access to
ITAR technology
 US employee laptop with ITAR data left the laptop in the
PRC when he departed

18. United Technologies
Key Violations— #3 and 4
 Failure to properly manage TAA’s and MLA’s
 Poor Internal process for evaluating and addressing
violations and for reporting them timely

“Waiver process”

19. United Technologies
“Systemic, corporate wide failure to maintain effective
ITAR controls and require immediate, comprehensive,
effective remedial action across [UTC’s] many operating
units and subsidiaries”
 576 charges of unauthorized export and transfer of
defense articles and technical data, and unauthorized
provision of defense services, including proscribed
destinations

20. United Technologies
 $55M to the State Department ($7M immediately and
$7M annually on each anniversary of the order + $20M
assessed for remedial compliance measures internally
will be suspended if met)
 $20M to the Department of Justice, which could be
suspended if applied to compliance remediation
 Summary to be emailed to Sales Meeting
Attendees

21. Contact Information
Steve Tribble, FLIR Systems, Inc.
Tel: 503-498-3301
Email: steve.tribble@flir.com
Jahna Hartwig, Williams Mullen
Tel: 202-293-8145 Email: jhartwig@williamsmullen.com