The document discusses compliance procedures and voluntary disclosure criteria for export control violations. It provides an overview of how to conduct internal investigations of suspected violations and outlines the elements that should be included in a voluntary disclosure filing, such as a description of the violations and corrective actions. The document advises implementing thorough corrective actions and not trying to hide bad facts when filing a disclosure. It also summarizes a consent agreement between the United States and United Technologies for unauthorized exports and failure to maintain effective export controls.
2. Agenda
Compliance Procedures
Investigations
Criteria for Filing Determination
Structure of Voluntary Disclosure
Post-Disclosure Actions
UTC Consent Agreement
3. Compliance Procedures
Collecting and Reporting Issues
Channels for employees to report suspected violations
(e.g., anonymous hotlines, sanitized email addresses,
dedicated reporting websites, etc.)
Policy against retaliation for reporting
Procedures for stopping ongoing suspected violations
and implementing any urgent mitigating actions
Procedures for conducting a thorough investigation of
the suspected violations.
Broad enough to reveal related or similar violations with
other shipments, product lines, business units, or
geographic areas.
4. Compliance Procedures (cont’d)
Established responsibility for decision making
regarding voluntary disclosure submissions
Criteria to consider when assessing the need to file a
voluntary disclosure
Established responsibility for preparing and approving
the filing
Procedures for providing notice to other government
authorities when required or appropriate, (e.g.,
government sponsor, DSS, etc.).
5. What is An Internal Investigation?
Company Decision – Not Directed
Fact-Finding Activity
The Five “W’s”
Did a Violation of Law or Company Policy Occur
Must be Perceived as Thorough and Independent
An Extension of the Company’s Compliance Program
Regular Internal Audits
Best if an Established Process
6. Structuring An Internal
Investigation - Scope
Specific Event Occurred
What Were the Circumstances?
What is Known About the Issue?
What Was Cause of the Issue?
Criminal Allegations Involved?
Is This a Pre-cursor to a Voluntary Disclosure?
Regular Compliance Audit
Established Process
Introductory or Advanced Audit
7. In-House or External
In-House Pros and Cons
Better Understanding of Company’s Business and
Processes and Will Know the Various Players
May Not Be Objective
May Not Be Experienced in ITAR
External Counsel or Consultant
Impartial and Credible
Specific ITAR Experience
Established Relationship and Experience with DDTC to
Help Navigate the “Mine Field”
8. Investigation - Data Collection
Determine Type of Issue – Logistics, Technical Data,
Foreign National Access, Use of Authorizations
Unique Documentation Associated with the Issue
Must Collect Complete Documentation Set
More is better than Less
Include referenced documents – drawings, specs, contracts
Emails Are Significant Source of Information
Open emails are subject to discovery
Attorney-Client privilege is not guaranteed but should be
invoked
9. Criteria for Filing Disclosure
National security implications
Legal obligation (e.g., 126.1 countries)
Contractual obligation to disclose to business partners
Anticipated activities that may be related to prior
violations (e.g., future licenses for same party, ongoing
service obligations)
Whether violations were systemic or a less significant
“one time” mistake
Whether violations were egregious or non-egregious
Potential reputational damage, especially if the
disclosure will or could be made public
10. Criteria for Filing Disclosure
Potential fines with or without disclosure
Risk of nonmonetary penalties, e.g., loss of export licenses
or export privileges, debarment from government
contracting, placing on watch lists, etc.
Risk of detection by government if not disclosed, including
as a result of whistleblowers
Period of time when illegal activities occurred
How recent the activity was, and whether there is an
applicable statute of limitations
Previous disclosures or enforcement activity
Relationship with government regulators
11. Structure of Voluntary Disclosure:
Timing
Initial filing “immediately” after discovery
Must be filed before USG has knowledge from another
source
Final filing within 60 days after “thorough review”
12. Structure of Voluntary Disclosure:
Elements
Nature and Exact Circumstances of the Violation
Persons Involved in the Violation
Names, addresses, and contact information for all parties.
Relevant ITAR Authorizations
Relevant Products, Data and Services
Corrective Actions
Determine cause of the violation and design appropriate
remedial actions
Enhance compliance procedures if necessary
May include disciplinary action for responsible employees
13. Structure of Voluntary Disclosure:
Elements
Mitigating Factors
Whether the violation was intentional or inadvertent
Familiarity with laws and regulations
Past violations
Whether the violations are systemic
Existence of compliance measures, including training,
that were in place to prevent such violations
Documentation
Copies of licenses, shipping documents and other
relevant documents
14. Do’s and Don’ts of Voluntary
Disclosure
Do:
Ensure that the filing is complete and accurate
Accept responsibility
Explain mitigating factors
Fully implement corrective actions
Don’t:
Conduct a sloppy or hurried investigation
File a Voluntary Disclosure if disclosure is Mandatory
Be defensive or argumentative in your filing
Try to hide bad facts
Ignore filing deadlines
15. Post-Disclosure Actions
Implement Corrective Actions
Assign responsibility and due dates
Take appropriate disciplinary actions against responsible
persons, including those who failed to detect or report
the violations
Periodically assess remedial actions to confirm
implementation
If requested, report status of corrective actions to DDTC
16. United Technologies Consent
Agreement
Key Violations— #1
Unauthorized exports and re-exports due to failure to
establish jurisdiction of defense articles, defense
services and technical data
Engine parts and technology exported from Canadian
subsidiary to PRC
Had US modified software (“ITAR taint”)
Was for a PRC military aircraft
Defense services to Venezuela (using NLR parts)
17. United Technologies
Key Violations— #2
Unauthorized exports resulting from failure to exercise
internal controls over technical data
Foreign persons co-located in US facilities with access to
ITAR technology
US employee laptop with ITAR data left the laptop in the
PRC when he departed
18. United Technologies
Key Violations— #3 and 4
Failure to properly manage TAA’s and MLA’s
Poor Internal process for evaluating and addressing
violations and for reporting them timely
“Waiver process”
19. United Technologies
“Systemic, corporate wide failure to maintain effective
ITAR controls and require immediate, comprehensive,
effective remedial action across [UTC’s] many operating
units and subsidiaries”
576 charges of unauthorized export and transfer of
defense articles and technical data, and unauthorized
provision of defense services, including proscribed
destinations
20. United Technologies
$55M to the State Department ($7M immediately and
$7M annually on each anniversary of the order + $20M
assessed for remedial compliance measures internally
will be suspended if met)
$20M to the Department of Justice, which could be
suspended if applied to compliance remediation
Summary to be emailed to Sales Meeting
Attendees
21. Contact Information
Steve Tribble, FLIR Systems, Inc.
Tel: 503-498-3301
Email: steve.tribble@flir.com
Jahna Hartwig, Williams Mullen
Tel: 202-293-8145 Email: jhartwig@williamsmullen.com