BIS Imposes $750,000 Fine on Intel Sub Wind River Inc. for Violations of Encryption Export Rules–Really?

October 24th, 2014 by Brooke Driver

By: Felice Laird

I must admit to a shudder of excitement and disbelief when I visited the BIS homepage recently and noticed a banner ad announcing a fine against an “Intel subsidiary for violations of encryption export regulations.”  I am one of the original crypto export geeks, having followed the tortured evolution of the controls from the late 1990′s through the creation and mutations of License Exception ENC, to today’s largely self-policing paradigm.  And I had never heard of a company being investigated or fined for violations in connection with an encryption export–until now.  And so, I wonder, why this, why now?

First, let me give the standard disclaimer;  I have no knowledge of this case other than what I have read in the documents released by BIS last week, namely, the Press Release, the Proposed Charging Letter, the Settlement Agreement and the Order.  These documents were prepared and issued by BIS, and they reflect only Commerce’s side of the story.  In fact, BIS has ordered the companies involved not to say anything publicly about the case, especially not to deny any of the charges, so we will never get the other side of the story.  The documents give clues as to what the violations were, when they occurred, how the Department found out about them and what the specific punishment is.  What is not clear is why, for the first time in 15 years, BIS came out with a public and painful punishment of a large US company for encryption software exports.

For the export compliance professional, there are several really important things to note when reading the documents.  Here are some of them:

*    Wind River Systems is a subsidiary of Intel that was formed after Intel bought Wind River’s assets (and liabilities!) in 2009.  So, the important take away is that there is “successor liability,” and the government will go after a company for an acquisition’s export violations.  So, ask to be at the table in M&A talks.

*    The statute of limitations for the early violations had run out, but BIS made the company waive the statute somewhere along the line, so that the violations count.

*    The company submitted a Voluntary Self Disclosure that up until now (when done in connection with an encryption violation) usually leads to a nasty gram from BIS but no fines.

*    BIS issued a gag order in the Settlement Agreement prohibiting Wind River from saying anything about the case.

*    The Settlement agreement states that Wind River has to pay up in 30 days, or else they won’t be allowed to use any licenses or exceptions.

From my perspective, enforcement actions are useful training tools.  It is always a “better sell” when I am talking to companies about the risks involved in non-compliance when I have a good enforcement case to present as an example.  And indeed, I have had more than one awkward moment when talking with tech executives and developers who ask me to come up with evidence that the encryption controls are worth compliance measures.  Sometimes, I have to appeal to their patriotism as a last resort.  It is good to know that BIS cares enough about encryption export controls to go after non-compliant companies.

Lately though, I have been seriously questioning the rationale for maintaining export controls on commercial products that use encryption, since the disclosures made regarding NSA surveillance by Edward Snowden last year.  If NSA can intercept and decipher 99 percent of data transmissions, how can the USG continue to maintain that the encryption regs are necessary to support the intelligence community?

The better answer is that Category 5 Part II is synced in most respects to the Wassenaar list and the US is obligated to maintain controls to honor commitments made to the Wassenaar member states.  And it is clear that efforts have been made by at least three of the most powerful delegations (US, France and the UK) to shore up controls on “cyber security” products, as they actively considered this at the December 2013 Plenary. (BIS deferred publication of CCL changes agreed to at the December 2013 plenary affecting “cyber security” products – indicating that these would be published in September, which has come and gone with no reg in sight.)

So, Wassenaar member states have had controls on encryption too.  But no country has a byzantine regulatory scheme comparable to that maintained by the US.  Over the years, License Exception ENC has morphed into a virtually inexplicable licensing loophole.  And so we wonder–should companies really have to continue funneling information to BIS and NSA by way of Classification Requests and Classification reports?  Does NSA really use any of the information?  Does anyone actually read the self-classification reports? ENC shipping reports?

In the few cases over the years that someone from NSA has shown up in daylight to an industry meeting, I always ask the question and I get the answer that, yes, the information it gleans from the classification requests and reporting process is still necessary.  I must admit I have never really bought that story, but that remains part of the answer to the why question.

That brings us back to the timing issue.  The press has widely reported the steps that the information technology industry has been taking to harden products and networks using cryptography and other security technologies to protect customer information from access by government agents.  Perhaps the Wind River case was meant to be a reminder to the industry that the US Government still has the power to regulate which technologies are deployed internationally.

Upstream Assessment of Downstream Export Issues

October 13th, 2014 by Brooke Driver

By: Stephen Wagner

Your company is a midsize manufacturer of computer network hardware and software, some of which is really cutting-edge technology.  A significant portion of your products is exported overseas, either by you directly or by your U.S. distributors.  For these U.S. distributors, you ensure that product labeling and literature is in the language of the final user.

You just received a phone call from one of your distributors in Los Angeles.  Their customer in Hong Kong just called and told them that officials from the U.S. Department of Commerce just conducted an “end-use check” there in Hong Kong and found “major problems” involving your products.  Your distributor is letting you know, so that you can take what your distributor called “appropriate action.”

You don’t know what to do.  If there are any problems in Hong Kong, it’s not your problem, right?  Especially because this distributor is here in the United States.  Should your company be doing something?

Your company needs to take immediate action as a result of this reported “problem.”

If you do nothing, when – not “if,” but “when” – special agents from the Office of Export Enforcement, Bureau of Industry and Security (BIS/OEE) come calling, you will not be prepared and that could result in higher sanctions if they find any export compliance issues at your company.

What risks and/or liabilities do you face?

End-use checks are physical, on-location verifications with the recipient of exported U.S. goods to determine if the party is a reliable recipient of those goods and that items are, or will be, used in accordance with the Export Administration Regulations (EAR).  These checks are conducted by the Departments of Commerce, State and Defense, and take place every day in dozens of countries around the world.

If an end-use check found a “major problem” with respect to your company’s merchandise, it could arise from numerous sources.  For example, the end-user may have misrepresented itself to the seller or may be transshipping the merchandise illegally.  Provided that your company did everything it was supposed to do under the regulations – including investigating red flags, knowing your customer, etc. – you may face little-to-no scrutiny.  However, an end-use check could unearth one or more export violation(s) that your company – the manufacturer – may be committing.  Depending upon how you manufacture, describe and sell the product, there may be issues with commodity classifications (through CCATS), licenses, etc.  Is your company publishing inaccurate Export Control Classification Number (ECCN) or license information on its website and inviting your distributors and customers to rely on such data?  This could lead to problems for you.

Moreover, you state that you are aware that your products are being exported.  Remember that under export regulations, “All parties that participate in transactions subject to the EAR must comply with the EAR” (15 C.F.R. § 758.3).  Are you taking the steps required to ensure that your distributors and customers are compliant with export regulations?  Furthermore, if your company is the exporter of record (aka, the U.S. Principal Party in Interest or “USPPI”), you are ultimately responsible for the electronic export information (EEI) that is being filed through the Automatic Export System (AES) and for all classification and license matters.

What should your company do?

Knowing that there is a downstream problem with your exports, it is highly prudent that your company conduct an immediate self-assessment of its export compliance activities—but remember that time is of the essence; if BIS is aware of issues with your exports, it is only a matter of time before they come to call.

You should start by examining the particular transaction(s) involved with this customer.  You should be looking to ensure that any export information (e.g., ECCNs, license information) you provided to the customer and/or the distributor was accurate and complete.  Expanding your assessment radially, you should examine any and all transactions with this customer, this distributor, and the product(s) involved to ensure that transaction is being performed in accordance with your export compliance management program (ECMP).  Then, as time allows, you can review your overall ECMP and perform audits on other, randomly selected export transactions to ensure compliance.  An excellent resource to help organize and conduct your company’s self-assessment is the audit module tool developed by BIS.  (Click here to view the tool.)

Once you have conducted a thorough self-assessment, you will know if there are any issues with your export compliance program and the export of this product, through this distributor, to this end-user.  At that point, you can assess whether any issues you find are systematic problems with your export compliance plan or anomalies that need to be isolated.  Regardless of their nature, any issues you find need to be well documented and fixed at once.

As you are remediating any issues you find, your company can decide whether it wants to make any voluntary self-disclosures (VSDs) to BIS.  BIS strongly encourages VSDs from exporters, and such disclosures usually result in significant mitigation of any monetary penalties or other sanctions.  That said, there are risks to a company making a voluntary self-disclosure and these risks need to be weighed against the benefits.

Also, because your company’s technology is “cutting edge,” your products may embody proprietary, “trade secret” information (such as product materials, designs, and algorithms).  Moreover, the end-user and/or your distributor may have commercially sensitive information belonging to your company, such as pricing, training and use information.  Because some of this trade secret or commercially sensitive information could be made public during the course of an investigation, you may need to notify BIS/OEE of the need to protect this information from disclosure.  Generally, BIS can take steps to help ensure that any disclosure of protected information is tightly controlled.  But certainly, the more your company propounds the need for confidential treatment with BIS, the more likely it is that such information will be protected to your satisfaction.

In short, when it comes to export transactions, whether you are the manufacturer, the distributor, the freight forwarder, any other “middle man” or the end-user, compliance with export regulations is always your responsibility, and any “problems” in these transactions should always be addressed as if they were your problems.

*   *   *

For more information on preparing for enforcement matters, conducting self-assessments, and working with enforcement officials, be sure to join us in Washington, DC on November 5 – 6, 2014, for the Advanced Issues in Export Controls Interactive Workshop to be held at the Embassy Suites hotel in Old Town Alexandria, Virginia.  Click here to register for this workshop.

Also, for more information on voluntary self-disclosure of export compliance issues, please join us for “Voluntary Disclosure:  The Messy Issues on ‘Coming Clean’,” a Webinar to be held on December 4, 2014.  Click here for more information and to register.

U.S. Russia Sanctions—What You Need to Know and Do Now

October 7th, 2014 by Brooke Driver

By: John Black

As U.S. trade sanctions on Russia continue to evolve and expand, they are beginning to have an increasingly significant impact on U.S. and non-U.S. exporters and financial institutions.  As the rules expand, their complexity increases a bit.  Nonetheless, the current rules remain focused on a small number of important Russian entities and on Russian military end uses and military end users.  It’s high time for a summary of where the rules stand today.

As a result of the Russian invasion and military actions in Ukraine, the U.S. imposed its first round of trade sanctions against Russia in March 2014.  As Russian military forces continue at least to stay in, if not be active in, Ukraine (depending on the state cease-fire at any given moment), the U.S. is continuing to expand its trade sanctions and export/reexport controls on Russia.  Canada, the European Union and other countries that have export controls also have imposed ever-expanding sanctions and export controls on Russia—in some cases, these other countries have restrictions that are broader than the U.S. restrictions.

While the initial round of U.S. actions might not have had a significant impact on exporters and reexporters, each subsequent expansion of U.S. restrictions is gradually and significantly expanding the impact.  At one level, the U.S. rules are complex, but before digging into the complex details (and in order to know if you should dig into the complex details), take a look at the following breakdown of current U.S. restrictions aimed at Russia.

1)  General Focus on Russia Defense, Financial and Energy Sectors:  The U.S., along with many other countries, is focusing its restrictions on the defense, financial and energy sectors in the Russian economy.  The U.S. has put some significant Russian entities in these sections on special restricted parties lists.

2) Export/Reexport License Review Policy:  The United States has a stricter license approval policy for Russia.  In short, if you apply for a license for a listed party or for activities involving the Russian defense, energy and financial sectors, you should expect that there is a good chance it will not be approved.  There certainly may be some cases where licenses will be approved, but those likely are the exceptions to the rule.  License applications for other exports/reexports to other sectors of the Russian economy will be reviewed on a case-by-case basis, which means that certain applications that were routinely approved in the past may not be approved now.

3) It Starts with Russian Parties Added to Restricted Parties Lists:  Both the Office of Foreign Assets Control and the Bureau of Industry and Security have added Russian entities that are primarily in the defense, energy and financial sectors to their respective restricted parties list.   OFAC new rules are largely focused on its new list known as the Sectoral Sanctions Identification (SSI) List.  BIS added Russian parties of concern to its Entities List.

While U.S. prohibited parties lists include a wide range of obscure persons, companies and entities around the world, the newly added Russian entities include leading Russia energy, defense and financial entities.  This means that the odds of you dealing with a newly listed Russia entity are significantly higher than the odds of you dealing with an obscure terrorist entity located in remote areas of Yemen.  If you are using a third party screening tool, such as mkdenial.com or a constantly updated internal prohibited parties list, you are already in a position to ensuring you are screening all known names of all known parties you do business with against the most up-to-date lists.  That is the critical first step.

The critical second step is to go to the OFAC and BIS websites and look at the names of the newly listed parties to see if they are parties with which you have done business or you may soon do business.  Share the lists of the new parties with other people in your organization that should know about the new listings.   Compare the lists to what you are doing in Russia, especially in light of OFAC’s rule that its restrictions apply to entities that are not listed if one or more listed entities owns a combined 50% or more of the unlisted entity.

If you find out you are dealing (or might soon deal or have dealt) with a new listed party, you need to know what the new rules are for those parties.

4) OFAC Rules for the SSI Parties:  The rules are not as simple as “you may not do business with a newly listed SSI.”  Operating under several executive orders OFAC has issued directives that describe its new, limited restrictions on dealing with these parties.  In short:

  • SSI Financial Services Entities:  You may not be involved in financing for debt longer than 30 days maturity or new equity to listed financial sector entities according to the July 16, 2014 amended Directive 1.  You may not be involved in activities prohibited by the prior version of Directive 1 which had a 90 day rule.
  • SSI Energy Entities:  You may not be involved in financing for debt longer than 90 days maturity to listed energy sector entities according to the July 16, 2014 amended Directive 2.  You may not be involved in activities prohibited by the prior Directive 2.In addition, Directive 4 says you may not export or reexport anything in support of exploration or production for deep water, Artic offshore, or shale projects that have the potential to produce oil in the Russian Federation when listed energy section entities are involved.
  • SSI Defense and Related Materiel Entities:  You may not provide financing for debt longer than 30 days maturity to listed defense and related material entities according to Directive 3.

As you see, the OFAC directives do not prohibit all exports or reexports.  In some cases, a problem would involve making an otherwise legitimate export with a problematic 90 day payment term that would exceed the 30 day limit.  In other cases, the comprehensive ban on exports and reexports to energy sector entities applies only when the activities involve deep water, Arctic offshore or shale projects.

5) BIS Rules for Parties on the Entities List:  BIS rules for its newly listed entities depend on the entity.  For many certain newly listed entities, all items subject to the EAR require an export/reexport license.  For other newly listed items, such as Gazprom OAO, a license is required only when items are destined for deep water, Arctic offshore, or shale oil or gas exploration or production operations in Russia as described in 746.5.  When you find a listed entity, the Entity List will give you the rules applicable to that entity.

6)  BIS Controls on Certain Items to Certain Energy Activities:  The EAR has new rules that prohibit the export, reexport or in-country transfer of items in ECCNs 0A988, 1C992, 3A229, 3A231, 6A991, 8A992 or 8D999, or items in the new Supplement No. 2 to 746 when those items are destined to either unknown end use or for use directly or indirectly related to the exploration or production of oil or gas in Russian deep water, Arctic offshore or shale formations.  Supplement No. 2 to 746 uses Schedule B Numbers to identify the items it controls.  Importantly, these new rules apply even when the items are not destined for a Russian energy entity on a BIS or OFAC list.

7)  BIS Imposes Military End-Use Export/Reexport Controls on Russia:  BIS now applies the long standing 744.21 China military end use rule to Russia.  As with China, this rule requires a license for normally NLR items in ECCNs in Supplement No. 2 to 744 when destined for certain limited “military end use” activities as defined in 744.21.  These uses include delivery to activities involving the production of military items, but do not include a complete ban on delivery to military entities, as it focuses on the nature of the end use, not on the end user.

BIS also created a military end user rule for Russia in 744.21 that does not apply to China.  This rule is a complete ban on delivery of the Supp. 4 ECCNs to military end users in Russia, which include national armed services (army, navy, marine, air force or coast guard), as well as the national guard and national police, government intelligence or reconnaissance organizations, or any person or entity whose actions or functions are intended to support “military end uses” as defined in 744.21.

Finally, a license is required for Russia, like China, for all items controlled in 9X515 and 600 series ECCNs including the y. paragraphs that are No License Required for most other countries.

8)   What Should You Do?  The first thing you need to do is make sure you take a close and thorough look at the new rules to determine the extent to which you are involved in activities with the listed parties or subject to the new energy sector end use restrictions, the military end-use restrictions, or the military end user restrictions.  Take immediate measures to comply with the current rules as they apply to your current activities.  This includes non-traditional export compliance issues, such as looking at payment terms when dealing with OFAC listed entities.

Next, take a look at your current and near future activities in Russia to see which things you are doing that might be hit by future expansions of U.S. restrictions.  I do not know what is next, but certain potential areas where we could see new restrictions come to mind.  For example, you might want to consider what you would do if future restrictions would apply to one or more of the following that you are currently engaged in:

  • Activities with currently unlisted parties in the defense, energy or financial sectors
  • Non-military business with Russian entities who are engaged in both military and non-military activities
  • Dealings with the Russian Government
  • Russian energy activities that are not currently the targeted activities
  • Russian entities that are not listed but are related to listed entities or are similar to listed entities

8)  The Future of U.S. Sanctions and Export/Reexport Controls on Russia:  It looks like Russia might be moving ahead of China on the list of U.S. export controls biggest concerns.  I don’t know what is next or who is next, but I did give some ideas about potential areas where the U.S. could expand restrictions.   Right now the U.S. and other countries seem to be ratcheting up trade sanctions as Russian forces continue to stay in, or be active in, Ukraine.  If Russia does not change its actions, it is reasonable to expect the United States to continue to expand its sanctions and export/reexport controls on Russia.  It is not likely that the United States will impose on Russia sanctions and export/reexport controls similar to U.S. rules for Cuba, Iran, North Korea, Sudan and Syria.

On the other hand, the United States very well could lift all of its sanctions and controls on Russia if Vladimir Putin and the leaders of the United States, Canada and the EU make amends and sit down around the campfire singing Kumbayah while President of the United States John Black plays accompaniment on guitar.

BIS Adapts December 2013 Wassenaar List Changes

October 7th, 2014 by Brooke Driver

By: Brooke Driver

BIS announced on the 25th of July that it was making changes to the CCL to incorporate revisions to the Wassenaar Arrangement’s List of Dual-Use Goods and Technologies that took place at the plenary meeting last December. This rule harmonizes the CCL with the changes made to the WA List by revising ECCNs controlled for national security reasons in each category of the CCL, amending the General Technology Note, WA reporting requirements and definitions section in the EAR. BIS stated that it intends to publish a separate rule this month regarding changes to the Commerce Control List related to WA agreements for cybersecurity. The rule came into effect August 4.

OFAC Releases Revised Guidance on Entities Owned by Persons Whose Property and Interests in Property are Blocked

October 7th, 2014 by Brooke Driver

Source: Federal Register

In response to inquiries, the Office of Foreign Assets Control released revised guidance regarding OFAC’s position on entities owned 50 percent or more in the aggregate by more than one blocked person. According to OFAC, “Property blocked pursuant to an Executive order or regulations administered by OFAC is broadly defined to include any property or interest in property, tangible or intangible, including present, future or contingent interests. A property interest subject to blocking includes interests of any nature whatsoever, direct or indirect.

Persons whose property and interests in property are blocked pursuant to an Executive order or regulations administered by OFAC (blocked persons) are considered to have an interest in all property and interests in property of an entity in which such blocked persons own, whether individually or in the aggregate, directly or indirectly, a 50 percent or greater interest. Consequently, any entity owned in the aggregate, directly or indirectly, 50 percent or more by one or more blocked persons is itself considered to be a blocked person. The property and interests in property of such an entity are blocked regardless of whether the entity itself is listed in the annex to an Executive order or otherwise placed on OFAC’s list of Specially Designated Nationals (“SDNs”). Accordingly, a U.S. person generally may not engage in any transactions with such an entity, unless authorized by OFAC. In certain OFAC sanctions programs (e.g., Cuba and Sudan), there is a broader category of entities whose property and interests in property are blocked based on, for example, ownership or control.

U.S. persons are advised to act with caution when considering a transaction with a non-blocked entity in which one or more blocked persons has a significant ownership interest that is less than 50 percent or which one or more blocked persons may control by means other than a majority ownership interest. Such entities may be the subject of future designation or enforcement action by OFAC. Furthermore, a U.S. person may not procure goods, services, or technology from, or engage in transactions with, a blocked person directly or indirectly (including through a third-party intermediary).”

Commerce/Census: “Tips on How to Resolve AES Fatal Errors”

October 7th, 2014 by Brooke Driver

Source: AES Broadcast #2014069

When a shipment is filed to the AES, a system response message is generated and indicates whether the shipment has been accepted or rejected. If the shipment is accepted, the AES filer receives an Internal Transaction Number (ITN) as confirmation. However, if the shipment is rejected, a Fatal Error notification is received.

To help you resolve AES Fatal Errors, here are some tips on how to correct the most frequent errors that were generated in AES for this month.

- Fatal Error Response Code: 120

Narrative: Carrier Unknown
Reason: The Carrier ID (SCAC/IATA) reported is not known in AES
Resolution: For vessel, rail or truck shipments the carrier must be identified with an active SCAC code issued by the National Motor Freight Traffic (NMFTA). For air shipments, the carrier must be identified with an active IATA code issued by the International Air Transport Association.

If the Carrier ID (SCAC/IATA) as known at the time of filing is not valid in AES and a valid Carrier ID (SCAC/IATA) cannot be obtained from the carrier, as a last resort, report the Carrier ID as UNKN for vessel, rail or truck shipments. For an unknown air carrier, report one of the acceptable “unknown” codes as follows:

*F or 99F for Unknown Foreign Air Carrier
*U or 99U for Unknown U.S. Air Carrier
*C or 99C for Unknown Canadian Air Carrier
**or 99O for flyway aircraft reported under Chapter 88.

- Fatal Error Response Code: 123

Narrative: Conveyance Name Missing
Reason: The Conveyance Name was not reported.
Resolution: The name of the transport conveyance must be reported for the major transport modes (vessel, air, rail, and truck). For vessel shipments, report the name of the vessel. For air, rail and truck shipments report the carrier name.

Verify the Mode of Transportation Code and the Conveyance Name/ Carrier Name, correct the shipment and resubmit.

DDTC Requires ITAR § 126.13 Style Certification from Foreign Persons Requesting Reexport/Retransfer Authorization

October 7th, 2014 by Brooke Driver

By: Brooke Driver

From now on, foreign persons requesting reexport/retransfer authorization of defense articles pursuant to §123.9(c) must provide a certification similar to what US persons must provide when they apply for ITAR licenses or agreements.  The letter from foreign persons must address the following:

- Whether the applicant or the chief executive officer, president, vice-presidents, secretary, partner, member, other senior officers or officials (e.g., comptroller, treasurer, general counsel) or any member of the board of directors is the subject of an indictment or has been otherwise charged, convicted of, violating any of the U.S. criminal statutes enumerated in §120.27 of ITAR; or is ineligible to contract with, or to receive a license or other approval to temporarily import or export defense articles or defense services from any agency of the U.S. Government;

- Whether, to the best of the applicant’s knowledge, any party to the export as defined in §126.7(e) has been convicted of violating any of the U.S. criminal statutes enumerated in §120.27 of this subchapter, or is ineligible to contract with, or to receive a license or other approval to temporarily import or export defense articles or defense services from any agency of the U.S. government.

DDTC’s guidance, which it posted on www.pmddtc.state.gov, also requires that the foreign party signing the statement must be a responsible official empowered by the applicant.  Typically, an ITAR empowered official is a US person in a US entity.  This new guidance indicates that DDTC wants foreign applicants to have something like a foreign version of a US empowered official to sign certifications and applications to DDTC.

Census Reinstates AES Exemptions for Temporary Exports, Carnets and TIBs

October 7th, 2014 by Brooke Driver

By: Brooke Driver

Effective September 12, 2014, the Census Bureau amended its Foreign Trade Regulations by eliminating the AES reporting requirement for temporary exports, including items moving with a carnet and goods previously imported on a Temporary Importation Under Bond. The change also reinstates exemptions for temporary exports/carnets and for goods that were imported under a TIB for return in the same condition as when imported. These shipments are once again exempt from AES filing, except as noted in the Foreign Trade Regulations.

BIS Lets ECCN 0Y521 Controls on Biosensor Systems Lapse

October 7th, 2014 by Brooke Driver

By: Brooke Driver

BIS announced a final rule amending the EAR by removing biosensor systems and related software and technical data from the list of items controlled in 0Y521.  The 0Y521 ECCNs are intended to temporarily control items the h the Commerce Department has determined should be controlled but for which there are no existing ECCNs.  Generally speaking, BIS gives itself one year to create a new ECCN or a new paragraph in an existing ECCN to control 0Y521 items—this is not a hard due date, as BIS reserves the right to create a rule postponing the date of reclassification, if necessary. However, if BIS neglects to reclassify these items within the time frame or release a rule allowing more time, they will automatically be designated as EAR99. BIS, finally, points out that this rule removes references to biosensor systems and related “software” and “technology” from the supplement, as these items have already been designated EAR99. The rule came into effect August 4, 2014.

Exporter Liability for Freight Forwarder Issues

October 3rd, 2014 by Brooke Driver

By: Stephen Wagner

You are a small company that exports a wide variety of merchandise all over the world. Years ago, to save money, you contracted out all of your logistics functions to a third-party company which also serves as your warehouse and freight forwarder for export shipments. They take care of all the details of exports for you: licenses, government filings, paperwork…

Today, however, you had a visit from Homeland Security Investigations and the agents said that YOU may have broken the law with regard to certain shipments that were improperly exported. You have a very detailed Services Agreement with your logistics provider and they are responsible for everything. You don’t understand how your company could now be liable for something that your freight forwarder has done!

The question of who is responsible for export compliance, and who may be liable for violations, is very simple and yet may be very complex at the same time. Typically, the “exporter” is responsible for export compliance, but figuring out who exactly is the “exporter” depends on the roles that the various parties in a transaction may play and who may have accepted the mantel of the “exporter” under a contract or agreement.

The EAR defines an exporter as the “person in the United States who has the authority of a principal party in interest to determine and control the sending of items out of the United States” (15 C.F.R. § 772.1). That is why the EAR talks about U.S. Principal Parties in Interest (USPPI) and Foreign Principal Parties in Interest (FPPI). The ITAR does not formally define the term “exporter,” but imposes license and other compliance requirements on “any person who intends to export … a defense article” (22 C.F.R. § 123.1(a)). The FTR adopts the term “USPPI” as the “exporter” of merchandise (15 C.F.R. §30.1(c)). For our purposes here, we will just use the term “exporter.”

In traditional export transactions – and most situations except for “ex works” sales (Incoterms 2012) – the seller of the goods is the exporter. However, both the USPPI/exporter and the FPPI can authorize an agent in the United States to represent them in export transactions; this is where most logistics providers and freight forwarders most often enter the picture.

These agents – which can only act with a proper power of attorney from the exporter – can take over many export responsibilities for the exporter. An authorized agent can enter electronic export information (EEI) into AES and can request and obtain licenses for export. In “routed transactions” the agent can even serve as the “exporter” for export compliance purposes.

However, in all cases except certain routed transactions, using such authorized agents does not relieve an exporter of its legal responsibilities for export compliance or its potential liabilities in the case of most export violations.

The exporter of merchandise from the United States (the USPPI/FPPI) ultimately bears the responsibility for:

  • providing the agent with accurate EEI for the merchandise being exported;
  • determining the commodity jurisdiction of the merchandise;
  • determining the export classification (under the CCL and USML) of the goods;
  • determining license requirements (BIS/DDTC/OFAC); and
  • keeping all required export records.

Even a detailed Services Agreement that may shift all of these duties onto a freight forwarder does not mean that the exporter is not still responsible and liable for these obligations under U.S. export laws. In our experience, federal export enforcement officials truly frown on exporters that try to make their freight forwarder solely responsible for export compliance. This practice usually results in higher sanctions for exporters when violations are found.

Given that you can never relieve yourself of export compliance responsibilities and liabilities, what should exporters do to effectively manage their third-party freight forwarders and mitigate their compliance risks?

  1. Own your company’s export compliance. Your company – and not your agent – should be responsible for jurisdiction, classification and license determinations, as well as for consignee/end-user screening. Also, you should know exactly who has powers of attorney to act on your behalf in export transactions.
  2. Accurately convey information regarding each shipment. Using an old-school Shipper’s Letter of Instruction (SLI) (or providing the equivalent information in another form) for each export transaction helps ensure that your freight forwarder has the most recent, accurate, and complete information for export shipments.
  3. Ensure you receive export documentation, then audit transactions. You must ensure that you receive copies of shipping documents, AES entry summaries and supporting documents (licenses, special certifications, etc.) for every export shipment. Then, you must periodically audit the shipment information against your invoices, purchase orders and the SLI to make sure that exports are being correctly handled.
  4. Do your due diligence, and keep it up. From the moment you select your freight forwarder, until the day the relationship ends, you should be in constant contact with your agent to understand their business, assess their general compliance posture and ensure that they are taking export compliance as seriously as you are.

While an exporter can never totally relieve itself of liability for the acts and omissions of its authorized agent in export transactions, following the steps above should greatly mitigate any potential risks and liabilities that your company may face in the event that there are problems.