(Source: State/DDTC) [Excerpts.]
What is the Company Visit Program?
The Company Visit Program (CVP) entails visits by Directorate of Defense Trade Controls (DDTC) officials to U.S. entities registered with DDTC as manufacturers, exporters, or brokers of defense articles and defense services, as well as others involved in ITAR-regulated activities, to include foreign companies and foreign governments. The CVP is administered by the Office of Defense Trade Controls Compliance (DTCC); however, representatives from DDTC’s Licensing and Policy offices, or other entities in the Department or elsewhere in the U.S. government, may also participate in the visits.
What is the purpose of the Company Visit Program?
The CVP has several purposes. First, the CVP ensures DTCC understands how compliance programs are implemented in accordance with the International Traffic in Arms Regulations (ITAR). Second, the program enables DDTC to gather information to support the Directorate’s development of regulatory policy and practice. Finally, DTCC uses site visits to glean, assess, and disseminate industry best practices, provide feedback to individual companies on their compliance programs, and share information on compliance programs industry-wide. Note that the CVP includes two (2) types of visits:
- CVP-Outreach (“CVP-O”) is an extension of DDTC’s outreach activities, e.g., speaking at conferences. These visits are intended to be a learning exercise for both parties, and provide an opportunity to discuss challenges (such as adapting to changes associated with Export Control Reform) and offer suggestions or best practices. CVP-O site visits are unrelated to specific compliance matters. The purpose of the visit is to understand how companies implement ITAR compliance requirements, not to evaluate compliance failures or violations.
- CVP-Compliance (“CVP-C”) visits are designed for DTCC oversight activities, for example as part of consent agreement monitoring. These visits may include a more in-depth look at a company’s compliance program.
Is a CVP visit considered an audit or inspection? What is DDTC looking for during a CVP visit?
Both CVP-O and CVP-C type visits are neither an audit nor an inspection. Visits do not produce a grade or pass/fail assessment for internal or external use, and generally do not include review of transactional records. DDTC will request information from the company to gain a better understanding of their compliance program. CVP-C visits may require a more in-depth look at a company’s compliance program because the visits are focused on overseeing compliance matters already known to DTCC.
How is the visit not an audit if DDTC provides recommendations for improvements to our program?
DDTC may provide recommendations for improvements to a company’s compliance program during both CVP-O and CVP-C type visits. If we make recommendations, it is an effort to offer assistance, help prevent violations and share best practices. The CVP is intended to serve as a learning tool for both parties.
What happens if the DDTC team discovers or learns of a violation during the visit?
DTCC will recommend that the company review the issue and submit a disclosure, if appropriate.
How many companies does DDTC plan to visit each year?
DDTC plans visits for each quarter based on other engagements requiring travel and available resources. Generally, DDTC aims to conduct between two and four CVP visits per quarter. In 2015, DTCC conducted eight company visits under CVP auspices; three of those visits were pursuant to consent agreement monitoring.
How are companies selected for a CVP visit?
DTCC selects companies based on its CVP goals. DTCC considers a variety of factors when selecting companies to visit, including proximity to other activities DDTC is participating in, registration status, volume of licensed activity, experience conducting ITAR activities, nature of business, type and sensitivity of technology, geographic location, monitoring of an existing consent agreement, and value to ongoing work within the Directorate.
How is the DDTC team staffed for each CVP visit?
A CVP team typically consists of two or more staff from DTCC, depending on the size of the individual company/site being visited and number of companies/facilities visited per trip. On some CVP visits, staff members from the Offices of Defense Trade Controls Licensing and Policy, or other relevant agencies, may participate. One DTCC team member serves as team lead and primary point of contact with the company. This primary contact is responsible for coordinating the site visit with the company.
How is a CVP visit conducted and what should a company expect?
- Once a company is selected for a potential CVP visit, DTCC contacts the company. The company can elect not to participate in the visit. If the company would like to participate, DTCC will propose visit dates and begin planning with the company.
- Once visit dates are finalized, DTCC sends the company a formal visit notification letter outlining the visit. DTCC may request pre-visit materials from the company for review and preparation purposes. Before the visit, DTCC will work with the company to finalize the agenda.
- At the visit’s opening, DTCC meets with senior management to explain the visit’s purpose and the agenda. The company should provide an overview of its operations and export activity during opening discussions. Visits generally last one to two days, depending on the purpose, and occur on the company’s premises in offices and conference rooms, and through tours of business operations within the facility (e.g., business development, contracts, procurement, design, manufacture, security, IT, personnel, and shipping).
- At the visit’s conclusion, the DDTC team briefs company senior management and export control staff to share information the team gathered. DDTC invites the company to provide feedback, ask questions, or raise concerns for follow-up.
- The DDTC team returns to the Department and generates an internal report. The team also follows up on company feedback. DTCC will send a formal close-out letter to the company. Close-out letters summarize the visit, indicate best practices, recommend areas for improvement or suggest best practices, and address feedback, questions, or concerns raised by the company. DTCC also requests feedback on the visit’s quality and usefulness and suggestions for improving the program.
State also published a slideshow overview of the program, which can be found here.