Job Opening: Export Compliance Coordinator for Mercury Systems in California

November 24th, 2014 by Brooke Driver

Source: Mercury Systems

Who We Are:

Mercury Systems (NASDAQ:MRCY) is a best-of-breed provider of commercially developed, open sensor and Big Data processing systems, software and services for critical commercial, defense and intelligence applications.

We deliver innovative solutions, rapid time-to-value and world-class service and support to our prime contractor customers. Mercury Systems has worked on over 300 programs, including Aegis, Patriot, SEWIP, Gorgon Stare and Predator/Reaper.

Our innovative capabilities span three strategic areas: Mercury Commercial Electronics, Mercury Defense Systems and Mercury Intelligence Systems.

Job Description:

Ensures legal compliance and provides export administration and control within government rules and regulations, including appropriate licensing for shipments. Reviews contracts for required clauses and identifies omissions. Interfaces with internal and external customers, Global Sales Order administration, freight forwarders, customs officers and other functional areas to ensure coordination and logistics of shipments.

Works with Export Compliance Manager/Empowered Official to ensure legal compliance, preparation, submission, and tracking of ITAR and EAR export licenses. Provides export administration and control within government rules and regulations. Acts as Point of Contact for local facility in determining compliance issues.

• Exercises judgment within defined procedures and practices to determine appropriate action.

• Assists with Preparation, submission, and tracking of ITAR and EAR export licenses.

• Prepare, submit and administer records of exports under Technical Assistance Agreements

• Interact with State and Commerce Departments to track license and agreement progress and issues

• Interact with Purchasing on Import Administration and Compliance Issues

• Prepare International Invoices for Shipments of Hardware and Technical Data Against Contract Deliverables

• Review Requests for International Travel and Foreign Visitors

• Export Compliance Experience

• Familiarity with the Department of State and Department of Commerce regulations

• Knowledge of Customs and Border Processes

• Experience with DTrade and SNAP-R Systems

• Excellent Communication Skills, Accuracy and Attention to Detail Required

Qualifications:

• Bachelor’s Degree in related field or equivalent years of work experience

• 3 plus years’ experience with Export Administration, Preferably within Defense Industry

• Security Clearance (secret)

Applicants must be a U.S. citizen or a “U.S. Person”. A U.S. Person is defined as a person who is a lawful permanent resident “Green Card holder” as defined by 8 U.S.C. 1101 (a)(20) or who is a “Protected Individual” as defined by 8 U.S.C. 1324b(a)(3).

Mercury Systems is the better alternative for affordable, secure processing subsystems designed and made in the USA. These capabilities make us the first commercially based defense electronics company built to meet rapidly evolving next generation defense challenges. Specifically, we have key capabilities in three areas:

• Secure sensor/mission processing

• Digital, RF and microwave subsystems

• EW/EA subsystems and solutions

We are proud to be an EOE of Minorities/Females/Vets/Disability.

Candidates may apply directly online using the following link:

https://www4.recruitingcenter.net/Clients/Mercury/PublicJobs/controller.cfm?jbaction=JobProfile&Job_Id=11165&esid=az

BIS Adds New Controls in the CCL on Integrated Circuits, Helicopter Landing Systems Radars, Seismic Detection Systems and Technology for IR Up-Conversion Devices

November 24th, 2014 by Brooke Driver

Source: Federal Register

The Bureau of Industry and Security (BIS) amended the Export Administration Regulations (EAR) to impose foreign policy controls on read-out integrated circuits and related “software” and “technology,” radar for helicopter autonomous landing systems, seismic intrusion detection systems and related “software” and “technology”, and “technology” “required” for the “development” or “production” of specified infrared up-conversion devices.

The read-out integrated circuits and related “technology” are controlled under new Export Control Classification Numbers (ECCNs) on the Commerce Control List. An existing ECCN has been amended to control the related “software” for those items.

New paragraphs have been added to certain existing ECCNs to control radar for helicopter autonomous landing systems, seismic intrusion detection systems, and the “technology,” as mentioned, for specified infrared up-conversion devices. Specified existing “software” and “technology” ECCNs have been amended to apply to helicopter autonomous landing systems and seismic intrusion detection systems.

The items are controlled for regional stability reasons Column 1 (RS Column 1) and Column 2 (RS Column 2), and antiterrorism reasons Column 1 (AT Column 1).  For more information, go to http://www.bis.doc.gov/index.php/regulations/federal-register-notices#79fr66288.

 

BIS Imposes $750,000 Fine on Intel Sub Wind River Inc. for Violations of Encryption Export Rules—Really?

November 24th, 2014 by Brooke Driver

By: Felice Laird

I must admit to a shudder of excitement and disbelief when I visited the BIS homepage recently and noticed a banner ad announcing a fine against an “Intel subsidiary for violations of encryption export regulations.”  I am one of the original crypto export geeks, having followed the tortured evolution of the controls from the late 1990′s through the creation and mutations of License Exception ENC, to today’s largely self-policing paradigm.  And I had never heard of a company being investigated or fined for violations in connection with an encryption export–until now.  And so, I wonder, why this, why now?

First, let me give the standard disclaimer;  I have no knowledge of this case other than what I have read in the documents released by BIS, namely, the Press Release, the Proposed Charging Letter, the Settlement Agreement and the Order.  These documents were prepared and issued by BIS, and they reflect only Commerce’s side of the story.  In fact, BIS has ordered the companies involved not to say anything publicly about the case, especially not to deny any of the charges, so we will never get the other side of the story.  The documents give clues as to what the violations were, when they occurred, how the Department found out about them and what the specific punishment is.  What is not clear is why, for the first time in 15 years, BIS came out with a public and painful punishment of a large U.S. company for encryption software exports.

For the export compliance professional, there are several really important things to note when reading the documents.  Here are some of them:

  • Wind River Systems is a subsidiary of Intel that was formed after Intel bought Wind River’s assets (and liabilities!) in 2009.  So, the important take away is that there is “successor liability,” and the government will go after a company for an acquisition’s export violations.  So, ask to be at the table in M&A talks.
  • The statute of limitations for the early violations had run out, but BIS made the company waive the statute somewhere along the line, so that the violations count.
  • The company submitted a Voluntary Self Disclosure that up until now (when done in connection with an encryption violation) usually leads to a nasty gram from BIS but no fines.
  • BIS issued a gag order in the Settlement Agreement prohibiting Wind River from saying anything about the case.
  • The Settlement agreement states that Wind River has to pay up in 30 days, or else they won’t be allowed to use any licenses or exceptions.

From my perspective, enforcement actions are useful training tools.  It is always a “better sell” when I am talking to companies about the risks involved in non-compliance when I have a good enforcement case to present as an example.  And indeed, I have had more than one awkward moment when talking with tech executives and developers who ask me to come up with evidence that the encryption controls are worth compliance measures.  Sometimes, I have to appeal to their patriotism as a last resort.  It is good to know that BIS cares enough about encryption export controls to go after non-compliant companies.

Lately though, I have been seriously questioning the rationale for maintaining export controls on commercial products that use encryption, since the disclosures made regarding NSA surveillance by Edward Snowden last year.  If NSA can intercept and decipher 99 percent of data transmissions, how can the USG continue to maintain that the encryption regs are necessary to support the intelligence community?

The better answer is that Category 5 Part II is synced in most respects to the Wassenaar list and the U.S. is obligated to maintain controls to honor commitments made to the Wassenaar member states.  And it is clear that efforts have been made by at least three of the most powerful delegations (U.S., France and the UK) to shore up controls on “cyber security” products, as they actively considered this at the December 2013 Plenary. (BIS deferred publication of CCL changes, affecting “cyber security” products, agreed to at the December 2013 plenary – indicating that these would be published in September, which has come and gone with no reg in sight.)

So, Wassenaar member states have had controls on encryption too.  But no country has a byzantine regulatory scheme comparable to that maintained by the U.S.  Over the years, License Exception ENC has morphed into a virtually inexplicable licensing loophole.  And so we wonder–should companies really have to continue funneling information to BIS and NSA by way of Classification Requests and Classification reports?  Does NSA really use any of the information?  Does anyone actually read the self-classification reports? ENC shipping reports?

In the few cases over the years that someone from NSA has shown up in daylight to an industry meeting, I always ask the question and get the answer that, yes, the information it gleans from the classification requests and reporting process is still necessary.  I must admit, I have never really bought that story, but that remains part of the answer to the why question.

That brings us back to the timing issue.  The press has widely reported the steps that the information technology industry has been taking to harden products and networks using cryptography and other security technologies to protect customer information from access by government agents.  Perhaps the Wind River case was meant to be a reminder to the industry that the U.S. Government still has the power to regulate which technologies are deployed internationally.

Update Your AESPcLink Software

November 24th, 2014 by Brooke Driver

Source: AES Broadcast #2014082

Have you updated your AESPcLink software yet?

If you are having issues with the new Foreign Trade Regulations data fields; Ultimate Consignee Type and License Value not being visible in AESPcLink, please update your AESPcLink software.

To update:

a. Login to AESPcLink

b. Go to ‘Tools’ section

c. Click on Update AESPcLink Software

If you are still having trouble updating your software, please contact the AESDirect Helpdesk at 1-877-715-4433.

For further information or questions, contact the U.S. Census Bureau’s Data Collection Branch.  Telephone: (800) 549-0595, select option 1 for AES.

Email: askaes@census.gov

DDTC Requires Foreign Applicants to Submit New Certification

November 24th, 2014 by Brooke Driver

By: John Black

On October 1, 2014, DDTC noted on its website a new requirement for applications submitted by foreign parties for reexports or retransfer of USML items.  Foreign applications must include a certification statement that is similar to the long-standing ITAR 126.13 certification that U.S. applicants must provide with each application. To the relief of these foreign parties, the added requirement is minimal—just an extra piece of paperwork to remember.

The foreign party certification letter must comply with these requirements:

1. The letter must state if the applicant or any senior officer of the company has been charged with ITAR violations or is otherwise ineligible to receive a license to temporarily import or export USML items.

2. The letter must also state if any party involved in the transaction has been charged with ITAR violations or is otherwise ineligible for the proposed licensure.

3. The letter must be signed by a responsible official empowered by the applicant.

While the ITAR requires that the party signing the certification by U.S. parties must be an “empowered official,” as defined in the ITAR, DDTC did not provide a similar definition for “responsible official empowered by the applicant.”  Lacking specific guidance of a definition, it would be reasonable to have the certification signed by someone similar to a U.S. “empowered official.”

For more details on this new requirement, go to the website guidance here.

 

Foreign Subsidiary of Robbins & Myers Pleads Guilty to Illegal Export of Drilling Equipment to Syria

November 24th, 2014 by Brooke Driver

By: Brooke Driver

Robbins & Myers Belgium S.A., a subsidiary of Myers & Robbins Inc. has agreed to pay a total of $1 million in criminal fines and to serve a term of corporate probation for four separate violations of the International Emergency Economic Powers Act and the Export Administration Regulations.

Around the date of May 2006, an internal auditor of the U.S. parent company to the Belgium branch discovered that Robbins & Myers Belgium had illegally shipped stators made from U.S. steel to a Syrian customer. Although, after this discovery, the parent company informed the foreign branch of the violation and ordered that it stop these shipments, the subsidiary to do business with the Syrian customer between August and October 2006 and attempted to hide related documents from government investigators.

Under Secretary of Commerce Eric L. Hirschhorn said of the case that it:

“…shows that the United States will vigorously enforce its export laws against companies doing business with Syria, a state-sponsor of terrorism and home to one of the most brutal regimes on earth…The Department of Justice will hit companies that do business with Syria where it hurts most: the bottom line. This company will pay fines, penalties, and forfeitures more than 50 times greater than the proceeds of the sales.”

“The significant civil and criminal penalties in this case show our resolve to pursue and prosecute those who flout our export control laws. We will continue to work in concert with our partner agencies to ensure that U.S. technology stays out of the wrong hands.”

Kintetsu World Express Agrees to $30,000 Fine for Exporting to Chinese Entity on the SDN List

November 24th, 2014 by Brooke Driver

By: Brooke Driver

Kintetsu World Express of East Rutherford, New Jersey, has settled for $30,000 with BIS for a violation taking placing in May 2010. The settlement agreement states that KWE stands accused of acting as a freight forwarder for the China National Precision Machinery Import/Export Corporation locating in Beijing.  Apparently, KWE transported three spiral duct production machines and related accessories to the CNPMIEC, an entity placed on the Specially Designated Nationals and Blocked Persons List in 2006 for supplying Iran’s military and Iranian proliferators with missile-related dual-use items, without performing the proper screening—or, in fact, any screening at all.

It seems that BIS chose to enforce only a fairly low fine due to the facts that there was only one charge against KWE and the violation appears to have been purely a mistake, rather than an intentional avoidance of U.S. law. However, this case acts as an example to exporters everywhere that you will be held accountable and suffer the consequences for mistakes resulting purely from ignorance. It is essential that you incorporate regular screening against blocked parties lists into your compliance program.

Hong Kong Company Pays $4.5 Million for Violations

November 24th, 2014 by Brooke Driver

By: Brooke Driver

In September, BIS announced its decision to settle with Hong Kong’s United Sources Industrial Enterprises over its 39 charges of reexport violations. According to the Department of Commerce, between June 2006 and June 2007, USIE reexported illegally items subject to the regulations to Atlinx Electronics and Mayrow General Trading on ten occasions; any export transaction with either of these entities requires a license.

To make matters worse, USIE purposely evaded the regulations between the dates of July 9, 2007 and November 5, 2007 by sharing U.S. supplier and transaction information with affiliate Creative Electronics, also located in Hong Kong. USIE was aware of the fact that it was a designated company in General No. 3, and therefore, penalties would be imposed for U.S. companies that chose to do business with USIE. The company committed 29 separate violations by sharing U.S. transaction and supplier information with Creative Electronics and allowing that entity to act for USIE.

Based on these charges, BIS demanded a $400,000 civil settlement, withholding the additional (and significantly scarier) $4.1 million fine, assuming that USIE commits no more export violations in the next five years.

Chinese Man Attempts to Smuggle 51 Turtles in His Pants across the Canadian Border

November 24th, 2014 by Brooke Driver

By: Brooke Driver

Now here’s one you don’t hear every day, folks. Recently, Kai Xu, a Chinese-born Canadian citizen and engineering student at the University of Waterloo, attempted—unsuccessfully, of course—to smuggle 51 turtles of various species across the Detroit-Windsor border into Canada…in his pants.

And while the incident sounds more like a Road Runner episode than an export enforcement case, turtle smuggling is apparently a more common problem than you’d think, with a high demand for turtles as food or pets and one species—which was represented in the unfortunate hostages in Xu’s sweatpants—worth as much as $800 a pop.

And apparently, this is not the first time Xu has attempted to smuggle these animals (although, for his sake, we hope this was the first time the turtles were strapped to his legs and groin—ouch!). This is one in a series of incidents involving the 26-year-old Xu, who was also recently arrested, along with accomplice Lihua Lin, for attempting to fly to Shanghai with over 200 turtles hidden in Lin’s suitcase.

And while the crime is rather funny, the potential consequences aren’t. Xu, charged with smuggling, illegal trading and exporting could serve up to ten years behind bars for his crimes.

The (assuredly traumatized) turtles in question have been seized and placed with Fish and Wildlife Service agents, where they will hopefully lead a peaceful and pants-free life from now on.

OFAC’s 50% Rule Hypocrisy Shines in Stark Contrast to Export Control Reform

November 24th, 2014 by Brooke Driver

Editorial by: John Black

I certainly do not know if it is poor government, irresponsible government, superficial government or naïve government.  I do know that OFAC’s 50% Aggregation Rule cannot be complied with, as a practical matter.  Some observers have assumed that Export Control Reform means that the US Government is committed to putting in place export control and trade sanction rules that are practical and practicable and focus on the most important issues to promote US national security and foreign policy.  If that is true, OFAC’s 50% Aggregation Rule is a glaring exception.  I cannot remember any worse rule in my 11,130 plus days in export compliance.

In August, 2014, OFAC issued a notice on its website informing those who frequent the OFAC site or those who subscribe to the OFAC email service, that it has a new interpretation of the 50% rule.  Prior to August, OFAC said that if Company A is not on one of its prohibited party lists but another entity, Entity B, is on an OFAC list and owns 50% or more of Company A, then everybody has to apply the same rules that apply to Entity B to Company A.  The pre-August interpretation irritated me a bit, because it reflected an OFAC policy based on the premise that OFAC is not going to do the work to gather the information, or, if it has the information, is not going to share the information with compliance oriented parties that Company A needs to be subject to OFAC controls.  OFAC, with the vast resources of the US Government at its disposal, decided to dump the burden of figuring out the status of Company A on those of us who want to comply.  And, as a result, each individual compliance company does its own private research on Company A, so, if there are one-hundred compliant companies, then the same research is done 100 times to yield the same result (or almost the same results).

That is without a doubt a ridiculous waste of the limited compliance resources and budgets of companies who want to comply.  If OFAC thinks it is important that rules apply to Company A, it should do the research instead of forcing compliant companies to waste compliance resources they could apply elsewhere to serve US national security and US foreign policy interests that are at stake with non-superficial export controls and sanctions.  Every dollar companies spend on redundant research about Company A’s status is a dollar that is not spent protecting US national security and foreign policy.  OFAC is selfishly requiring companies to waste money on OFAC’s programs when OFAC itself could just publish a list of everybody it wants to be caught by the controls.  If OFAC does not think it is important to list a party, it shouldn’t make compliant companies list them.

But, so far I have just been talking about the pre-August 50% Rule.  In August, OFAC announced that unlisted Company A should be treated as being on a list if listed parties in aggregate own 50% or more of Company A.  For example, Ukraine SDN Entity B owns 32% of Company A and Ukraine SDN Entity C owns 19% of Company A.  Since the combined ownership is greater than 50%, you have to treat unlisted Company A as a Ukraine SDN.  Wow.  I lack the vocabulary to describe what I think about the 50% Aggregate Rule.  It was one thing to require compliant companies to spend money trying to find a single owner of 50% or more.  It is many multiples worse to require compliant companies to search far and wide to find an unknown number of minority owners on a list and add together their ownership shares to see if it reaches 50%.

Note:  I use the words “compliant companies,” because many companies do not comply with any version of the 50% Rule, which gives them an advantage over compliant companies, unless they get caught.  As we all know, the odds are they will not get caught, even though a few might.  Thus is the life of those who tried the hardest to comply.

Frankly, I do not know how much it costs to research Company A to find out if an aggregate of one or more listed entities own 50% or more.  In talking to people who are doing this, it is an expensive endeavor.  It is not just the price per search, but is also the fact that any unlisted entity anywhere in the world could be caught by the 50% Aggregate Rule, so there is almost an infinite number of entities that need to be researched.  This is a compliance burden with which compliant companies cannot comply.  Even the most compliant of the compliant have to decide to comply only partially with the 50% Aggregate Rule, because they simply do not have sufficient resources.

Of course, if we found that we had researched 1000 unlisted entities and found only two caught by the 50% Aggregate Rule, maybe we would all agree that the money spent researching is not worth the miniscule compliance risk.  The trouble is the relatively new Russia/Ukraine OFAC sanctions mean that the compliant companies are finding many hits on unlisted entities.  One person told me that there are 260 listed Ukraine/Russia entities and their research has discovered 1,500 unlisted parties that are caught by only the 50% Single Party Rule (not including the 50% Aggregate Rule).  We see more unlisted parties caught now, because the Russia/Ukraine lists include large and important Russian companies and wealthy Russian oligarch-types who are involved in many, wide ranging business activities.  Many of the previously created lists did not include a lot of entities that are likely to be involved in significant global business activities.

OFAC’s Ukraine/Russia policy is this: There are far more than 1760 parties OFAC does not want you to deal with, but OFAC will tell you the names of only 260.

That is poor government if OFAC has intentionally shifted to compliant companies the compliance burden with which they cannot comply, which forces companies to divert their resources from compliance with other important aspects of US export controls and sanctions.

That is irresponsible government if it is critical to US national security and foreign policy that we not deal with the unlisted entities, but OFAC decides not to list them.

That is superficial government if OFAC really does not care if we deal with most or some of the unlisted parties, or if OFAC just wants to be able to apply the 50% Aggregate Rule in certain cases when it sees fit.

That is naïve government if OFAC does not understand the burden it is creating.

I do not know why OFAC decided not to list all of the parties and to shift the expensive, risky and wasteful burden to compliant companies, but I do see a long list of better approaches.  Heck, OFAC could just constantly put updates on its websites with the names of parties as it discovers them and informally say they are subject to the sanctions, and we (compliant companies and less than compliant companies) would follow their informal advice.

If OFAC is worried about some kind of official regulatory review process according US legal requirements before it names a party, I find that to be hypocritical.  It is hypocritical, because OFAC can impose an expensive and impossible to comply with burden on compliant companies with a simple website notice such as the 50% Aggregate Rule, but it cannot name people against which it wants to apply its important US trade sanctions.  All apologies to OFAC if hypocritical is not the correct word to describe the government’s willingness to impose burdens on the compliant with website notices, but not to name the problem entities with the same less-than-formal process.

Compliant companies would be better off if OFAC just charged a 50% Aggregate Rule research tax on all US persons to fund OFAC’s research to find unlisted entities and then named the entities on its website.  Even if they just taxed the compliant companies, it would probably cost compliant companies less and they would have confidence they are being compliant.  Or, perhaps, the US Government could look at its resources and decide how much of its vast resources should be spent to research unlisted entities and add them to the list in order to promote US policy interests that the prohibited party listings are designed to serve.  Once the US Government decides it should spend X, it could list all of the parties it discovered and we all could comply with the list.  If the US Governments thinks the US policy at stake justifies using only X amount of its resources, it should stick with that and not dump an unquantifiable burden on compliant companies.

By the way, speaking of OFAC lists, stay tuned to the OFAC website and email service for the upcoming SDOC list.  I expect I will be the first “Specially Designated OFAC Critic.”  Fortunately, for compliant companies, nobody owns 50% or more of me.