ITAR

Your U.S. Export Controls Roadmap: A Review of Key Concepts, Agencies, Their Jurisdictions and Roles – and Who to Contact for What

As a primer for the day ahead, speakers will review key agencies for ITAR and other export-controlled goods and technologies, their roles, and key tips for staying on their “good sides.”

• Jurisdiction: ITAR vs. EAR
• What is covered by the U.S. Munitions List (USML)
• BIS, DDTC, DTSA, OFAC, DOJ, and HSI: Which agency does what?
• What is an "export" and "re-export"?

The Essentials of Classification for “Defense Articles”, “Technical Data” and “Defense Services”: Key Pitfalls and Lessons Learned

• Identifying when foreign commercial products and technology can become ITAR-controlled
• Considerations for classification of sensitive technologies that are not on the USML

I. Defense Articles

• Definition of “defense articles”
• Clarifying ITAR application to commercial and “dual-use” items
• How original design intent, government funding, specifications, underlying technology, and intended market can affect jurisdiction
• Definition of “public domain” and of ITAR’s “See Through” rule
• Integrating commercial and defense technologies

II. Technical Data

• Defining “technical data” and “export” of technical data under the ITAR
• Determining whether technical data is in the “public domain” under 120.11
• Identifying whether technical data is ITAR-controlled
• Recent DDTC guidance on how to control technical data
• Reducing the risk of technical data export violations
• Complying with restrictions governing “technical” discussions

III. Defense Services

• What are “defense services” under the ITAR? Common examples and pitfalls to avoid
• How the broad definition of “defense services” affects commercial business
• How U.S. persons can engage in ITAR-controlled “defense services” by simply providing public domain information
• How “defense services” can cover technical data related to ITAR-controlled items

ITAR Parts 120 & 121: The “Specially Designed” Definition: Where Exporters Have Gone Right and Wrong in Determining ITAR Jurisdiction

• What is the “specially designed or modified” reach of the ITAR?
• What are the qualifiers for a “specially designed” designation?
• A review of the most common mistakes by industry when making this determination
• The do’s and don’ts for self-classifying items as “specially designed”
• How to ensure adequate documentation to support your position

Classification/Re-Classification in Practice: A Step-by-Step Guide to Structuring Your Classification Approach, and the Most Common Missteps to Avoid

• The fundamental importance of jurisdiction and classification
• Ensuring self-classification follows a proper analysis through the order of review and uses essential sources
• What is the approach to take for self-classification, compared with writing a Commodity Jurisdiction (CJ) request?
• Handling situations where an item meets the control criteria of multiple entries by determining the correct classification
• Understand how to approach self-classifications for hardware, technical data, software, and services
• How do companies design and maintain jurisdiction and classification systems (e.g., creating databases to store the classifications, creating bucket classification groups)?
• How to create defendable self-classification assessments, especially when it is determined the item is not subject to the ITAR
• The use of engineers and other subject-matter experts to perform self-classifications
• What to do if there is an error in self-classification? Does it mean there is a violation?
• ITAR jurisdiction and classification issues concerning foreign made products
• Addressing the ITAR see-thru rule and other important rules
• Relying on supplier and manufacturer self-classifications
• When to revisit previous self-classifications

ITAR Sections 120.3 and 120.4 – When to Use the Commodity Jurisdiction Process, and How to Draft a CJ Request

Through a review of sample CJs, best practices and common pitfalls, you will gain comprehensive guidance for preparing CJ requests- and deciding when to file a CJ instead of conducting a self-determination. You will also benefit from insight on how DDTC and DTSA review CJ requests, and recent trends in jurisdictional determinations.

• Preparing a CJ request: What you need to submit, what supporting material to include and other key elements
• DDTC Guidelines for preparing CJ requests: What the State Department expects and how to expedite the process
• Who should prepare CJ requests and when
• Key factors affecting CJ determinations: Recent trends in rulings and lessons learned
• How to interpret CJ determinations, and what you can do with them
• The consequences of filing a CJ determination: Pre-filing, while awaiting a decision, and afterwards
• Strategic uses of the commodity jurisdiction procedure
• Alternatives to using the commodity jurisdiction process

Hypothetical Exercises, Q&A and Review

Toward solidifying your understanding of this session, the instructors will take you through a series of hypothetical scenarios, sample license applications, and how to put the “rubber to the road.” Ample time will be left for Q&A. As a closing segment, instructors will provide additional clarification and guidance, and take your questions.

ITAR Sections 120.10, 120.17, 124.1, 125.2, 125.3 and 126.18 – How to Comply with Foreign, Dual and Third Country National Rules

• How DDTC defines “foreign national”, “dual national”, “third country national”, “U.S. person” and “access”: Impact of dual and third country national requirements under 126.18, and available exemptions
• How the ITAR addresses the sharing of technology with foreign persons inside and outside the U.S.
• Screening and interviewing foreign nationals without discriminating on the basis of national origin: Reconciling the ITAR with EU, Australian and Canadian human rights and privacy laws
• Incorporating export controls language into your offer letters, employment agreements and using non-disclosure agreements (NDAs)
• Assigning foreign persons to ITAR sensitive areas: Avoiding deemed export/re-export violations, and to how to badge non-U.S. persons

Technology Transfers Under the ITAR

• How to define “technology transfer”
• Special considerations for IT access: Key ITAR risks associated with your networks, servers, cloud applications, mobile devices and social media activity
• Flagging R&D and engineering that can pose ITAR compliance risks
• Examples of technology transfers in the cloud, on social media and via email

Hypothetical Exercises, Q&A and Review

Toward solidifying your understanding of this session, the instructors will take you through a series of hypothetical scenarios, sample license applications, and how to put the “rubber to the road.” Ample time will be left for Q&A. As a closing segment, instructors will provide additional clarification and guidance, and take your questions. quote-left Already the first module was a great

A Deep Dive Into Required Technology Controls: Managing Visitor and IT Access to ITAR-Controlled Technical Data

• Controlling foreign nationals’ access to ITAR-controlled data: When a password, absolute lockdown and/or email controls are required
• Managing access risks posed by offshore IT support, cloud computing and e-rooms for electronic collaboration
• Protecting U.S. origin data on laptops and servers
• Managing email transfers of technical data: Tracking and marking sensitive communications, and designating emails
• Protecting hardware and servers: When to create separate servers for controlled information and/or partition drives
• Cloud computing do’s and don’ts
• Requirements for recordkeeping, storage, data maintenance, preservation and retrieval procedures
• Working with your IT Department, and conducting reviews of your IT program
• Controlling visitor access to restricted areas and physical access to your facility

Special Considerations for Laptops, E-Mails, Mobile Devices and Employee Travel

• How to use IT security software such as DLP to pull data back onto U.S. servers
• Which countries have import/use restrictions on encryption items?
• Concerns about accessing company networks and downloading while abroad
• Reconciling BIS and ITAR license exemptions
• Practical examples of travel procedures and clean device requirements

Due Diligence of Cloud Service Providers, ITAR-Controlled Data and Your Compliance Plan: How Far You Need to Go

• Key ITAR compliance risks in the cloud
• Traversing considerations for infrastructure as a service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS)
• Reconciling Commercial vs. Government Cloud
• DFARS, National Institute of Standards & Technology (NIST) 800-171, and U.S. Export Controls.
• Practical examples of how companies are navigating compliance with these types of solutions

The Nuts and Bolts of TCPs & TTCPs: Your Step-by-Step Checklist

Through a review of sample TCPs and TTCPs, the speakers will take you through the essentials and address, among other issues:

• How to control access by foreign nationals and other unauthorized persons to controlled data
• How to “right size” compliance for your organization
• Identifying tailored facility concerns for your organization (e.g., screening visitors, requiring sign-in, badges and accompanied hosts, etc.)
• Best practices for IT controls and network access rights
• Tips for Facility Management and Technology Control Plans

Hypothetical Exercises, Q&A and Review

Toward solidifying your understanding of this session, the instructors will take you through a series of hypothetical scenarios, sample license applications, and how to put the “rubber to the road.” Ample time will be left for Q&A. As a closing segment, instructors will provide additional clarification and guidance, and take your questions.

How to Prepare and Secure an ITAR License, TAA and MLA, and Reduce the Risk of RWAs: A Deep Dive into the Electronic Filing Process, License Application and Supporting Documentation

I. ITAR Licenses: A Deep Dive into Requirements for Securing a DSP-5, DSP-73, or DSP-61 and DSP-85

• When a DSP-5, DSP-73, or DSP-61, DSP-85 is required: The approvals process, how to expedite the process, timeframes and how to reduce the risk of delay
• Ensuring you get hardware and tech data included on a single license
• Returns: Special considerations
• Licenses in furtherance of agreements
• Constructing an accurate scope of export in your license application
• Drafting a license application: What to include, how to fill out the forms using DTrade2, and how to submit the application
• When to use a letter of intent to support a license request
• What DDTC expects beyond the written guidelines
• Structuring and valuing license authorizations
• Key reasons for RWA (Returns without Action) or license denials, and how to prevent them

II. ITAR Agreements: Demystifying TAAs, MLAs and WDAs

• Overview of the different types of ITAR agreements, what is required, the timeline, and how to reduce the risk of delay
• When and how to get TAAs, TAA Amendments, Re-Baselined TAAS and MLAs
• When to cover foreign nationals under MLAs and TAAs
• Degree of information expected by DDTC and DTSA in TAA scope of export and statement of work
• What DDTC and DTSA expect beyond the written guidelines
• Analysis of sample TAAs and MLAs

Hypothetical Exercises, Mock License Applications, Q&A and Review on the Do’s and Don’ts

Toward solidifying your understanding of licensing requirements and exemptions, the instructors will take you through a series of hypothetical scenarios, sample license applications, and how to put the “rubber to the road.” Ample time will be left for Q&A. As a closing segment, instructors will provide additional clarification and guidance, and take your questions.

Open General Licenses (OGLs)

• What types of transfers do OGLs No. 1 & No. 2 authorize?
• How to use OGLs No. 1 & No. 2
• How to interpret the requirements of OGLs No. 1 & No. 2
• What you can’t use OGLs No. 1 & No. 2 for
• When a separate DDTC authorization is required for exports by US companies to the ultimate consignees under the OGLs
• When parties using the OGLs must notify all end-users and consignees that the defense articles are subject to US export control laws and regulations
• Recordkeeping Requirements:
• How to maintain records of all reexports and retransfers, and identifying the OGL in any export documentation
• Description of the defense article, including technical data and more required records
• When DDTC may request to see your records to verify proper use of the OGLs
• When a separate DDTC authorization is required for exports by US companies to the ultimate consignees under the OGLs
• When to request an ITAR license or agreement to cover a U.S. party
• When parties using the OGLs must notify all end-users and consignees that the defense articles are subject to US export control laws and regulations and include the destination control statement specified in the ITAR
• Recordkeeping Requirements:
  • How to maintain records of all reexports and retransfers, and identifying the OGL in any export documentation.
  • Description of the defense article, including technical data and more required records
  • When DDTC may request to see your records to verify proper use of the OGLs
    

Brokering Requirements

• Which activities constitute “brokering”? Who is considered a “broker”?
• When and how to register as a broker
• When and how to get brokering approval
• How to comply with reporting requirement
• How to interpret and use brokering exemptions
• Best practices for broker agreements and activities
• Monitoring compliance by agents and representatives

The Lengths and Limits of ITAR Exemptions-and the Costs of Getting Them Wrong

• U.S. person abroad/U.S. subsidiary
• U.S. Government exemption
• Canadian exemption
• Return and repair exemption
• Temporary Imports
• FMS exemption
• Re-exports to NATO, Australia or Japan
• UK and Australia ITAR exemptions
• University fundamental research exclusion

Open Q&A with Faculty and Review of ITAR Licensing & Exemptions

Toward solidifying your understanding of licensing requirements and exemptions, the instructors will take you through a series of hypothetical scenarios, sample license applications, and how to put the “rubber to the road.” Ample time will be left for Q&A. As a closing segment, instructors will provide additional clarification and guidance, and take your questions

Review of ITAR Enforcement Cases and Practical Takeaways

Experts will take you through the most important compliance lessons learned from key enforcement actions, and how exporters are updating their ITAR compliance programs and supply chain management in response.

The Nuts and Bolts of an ITAR Compliance Program

• Key elements and best practices for effective ITAR compliance
• Identifying and empowering the right internal resources and personnel
• Developing and updating your compliance manual, procedures and processes, including policy statements and message from senior management
• Creating an anonymous reporting tool and compliance hotline
• Ensuring that your program can adapt to new, evolving ITAR compliance risk factors

Third Party Due Diligence and Exporters’ Liability Risks: Supply Chain, End-Use and End-User Screening

• Where the exporter’s responsibility for third party compliance begins and ends
• Vetting third parties, including subcontractors, freight forwarders, distributors, customs brokers, customers, re-sellers and others:
• What to look for and ask at the due diligence stage
• Monitoring ITAR compliance of third parties
• Recordkeeping: What documents/information to collect from foreign third parties, and how to review them
• Building an effective end use/end user screening program
• Safeguards to implement for orders and shipments, and when to terminate the relationship because of export enforcement risks

What to Do If You Suspect or Discover an ITAR Violation: Real-World Guidance

• What pushes a case from a DDTC warning letter to a penalty, and what can lead to a criminal prosecution
• Top mistakes to avoid during a government and internal investigation
• Examples of how to strengthen an ITAR compliance program to meet agency expectations

In advance of this last unit, participants will complete an assignment on the life cycle of an export. The questions will be based on a case study of an ITAR export transaction from A to Z. During this last session, participants will share their responses to the assignment questions, followed by feedback from the expert instructors. There will also be ample time for additional, extended Q&A to address any questions from the assignment and beyond.