ITAR

Your U.S. Export Controls Roadmap: A Review of Key Concepts, Agencies, Their Jurisdictions and Roles – and Who to Contact for What

As a primer for the day ahead, speakers will review key agencies for ITAR and other export-controlled goods and technologies, their roles, and key tips for staying on their “good sides.”

• Jurisdiction: ITAR vs. EAR
• What is covered by the U.S. Munitions List (USML)
• BIS, DDTC, DTSA, OFAC, DOJ, and HSI: Which agency does what?
• What is an "export" and "re-export"?

The Essentials of Classification for “Defense Articles”, “Technical Data” and “Defense Services”: Key Pitfalls and Lessons Learned

• Identifying when foreign commercial products and technology can become ITAR-controlled
• Considerations for classification of sensitive technologies that are not on the USML

I. Defense Articles

• Definition of “defense articles”
• Clarifying ITAR application to commercial and “dual-use” items
• How original design intent, government funding, specifications, underlying technology, and intended market can affect jurisdiction
• Definition of “public domain” and of ITAR’s “See Through” rule
• Integrating commercial and defense technologies

II. Technical Data

• Defining “technical data” and “export” of technical data under the ITAR
• Determining whether technical data is in the “public domain” under 120.11
• Identifying whether technical data is ITAR-controlled
• Recent DDTC guidance on how to control technical data
• Reducing the risk of technical data export violations
• Complying with restrictions governing “technical” discussions

III. Defense Services

• What are “defense services” under the ITAR? Common examples and pitfalls to avoid
• How the broad definition of “defense services” affects commercial business
• How U.S. persons can engage in ITAR-controlled “defense services” by simply providing public domain information
• How “defense services” can cover technical data related to ITAR-controlled items

ITAR Parts 120 & 121: The “Specially Designed” Definition: Where Exporters Have Gone Right and Wrong in Determining ITAR Jurisdiction

• What is the “specially designed or modified” reach of the ITAR?
• What are the qualifiers for a “specially designed” designation?
• A review of the most common mistakes by industry when making this determination
• The do’s and don’ts for self-classifying items as “specially designed”
• How to ensure adequate documentation to support your position

Classification/Re-Classification in Practice: A Step-by-Step Guide to Structuring Your Classification Approach, and the Most Common Missteps to Avoid

• The fundamental importance of jurisdiction and classification
• Ensuring self-classification follows a proper analysis and use essential sources of information
• What is the approach to take for self-classification, compared with writing a Commodity Jurisdiction (CJ) request?
• My item meets the control criteria of multiple entries; which is the correct classification?
• Differences between classifications for hardware, technical data, software, and defense services
• How are companies updating their classification and re-classification approaches to account for new and proposed DDTC and DTSA guidelines?
• How do companies design and maintain jurisdiction and classification systems (e.g., creating databases to store the classifications, creating bucket classification groups)?
• Ensuring and documenting when the ITAR does not apply to commercial and “dual-use” and even military items
• The use of engineers and other subject-matter experts to perform self-classifications
• What to do if there is an error in self-classification? Does it mean there is a violation?
• ITAR jurisdiction and classification issues concerning foreign made products
• Addressing the ITAR see-thru rule and other important rules
• What is the effect of re-classification on suppliers? How can you mitigate them?

ITAR Sections 120.3 and 120.4 – When to Use the Commodity Jurisdiction Process, and How to Draft a CJ Request

Through a review of sample CJs, best practices and common pitfalls, you will gain comprehensive guidance for preparing CJ requests- and deciding when to file a CJ instead of conducting a self-determination. You will also benefit from insight on how DDTC and DTSA review CJ requests, and recent trends in jurisdictional determinations.

• Preparing a CJ request: What you need to submit, what supporting material to include and other key elements
• DDTC Guidelines for preparing CJ requests: What the State Department expects and how to expedite the process
• Who should prepare CJ requests and when
• Key factors affecting CJ determinations: Recent trends in rulings and lessons learned
• How to interpret CJ determinations, and what you can do with them
• The consequences of filing a CJ determination: Pre-filing, while awaiting a decision, and afterwards
• Strategic uses of the commodity jurisdiction procedure
• Alternatives to using the commodity jurisdiction process

Hypothetical Exercises, Q&A and Review

Toward solidifying your understanding of this session, the instructors will take you through a series of hypothetical scenarios, sample license applications, and how to put the “rubber to the road.” Ample time will be left for Q&A. As a closing segment, instructors will provide additional clarification and guidance, and take your questions.

ITAR Sections 120.10, 120.17, 124.1, 125.2, 125.3 and 126.18 – How to Comply with Foreign, Dual and Third Country National Rules

• How DDTC defines “foreign national”, “dual national”, “third country national”, “U.S. person” and “access”: Impact of dual and third country national requirements under 126.18, and available exemptions
• How the ITAR addresses the sharing of technology with foreign persons inside and outside the U.S.
• Screening and interviewing foreign nationals without discriminating on the basis of national origin: Reconciling the ITAR with EU, Australian and Canadian human rights and privacy laws
• Incorporating export controls language into your offer letters, employment agreements and using non-disclosure agreements (NDAs)
• Assigning foreign persons to ITAR sensitive areas: Avoiding deemed export/re-export violations, and to how to badge non-U.S. persons

Technology Transfers Under the ITAR

• How to define “technology transfer”
• Special considerations for IT access: Key ITAR risks associated with your networks, servers, cloud applications, mobile devices and social media activity
• Flagging R&D and engineering that can pose ITAR compliance risks
• Examples of technology transfers in the cloud, on social media and via email

Hypothetical Exercises, Q&A and Review

Toward solidifying your understanding of this session, the instructors will take you through a series of hypothetical scenarios, sample license applications, and how to put the “rubber to the road.” Ample time will be left for Q&A. As a closing segment, instructors will provide additional clarification and guidance, and take your questions. quote-left Already the first module was a great

A Deep Dive Into Required Technology Controls: Managing Visitor and IT Access to ITAR-Controlled Technical Data

• Controlling foreign nationals’ access to ITAR-controlled data: When a password, absolute lockdown and/or email controls are required
• Managing access risks posed by offshore IT support, cloud computing and e-rooms for electronic collaboration
• Protecting U.S. origin data on laptops and servers
• Managing email transfers of technical data: Tracking and marking sensitive communications, and designating emails
• Protecting hardware and servers: When to create separate servers for controlled information and/or partition drives
• Cloud computing do’s and don’ts
• Requirements for recordkeeping, storage, data maintenance, preservation and retrieval procedures
• Working with your IT Department, and conducting reviews of your IT program
• Controlling visitor access to restricted areas and physical access to your facility

Special Considerations for Laptops, E-Mails, Mobile Devices and Employee Travel

• How to use IT security software such as DLP to pull data back onto U.S. servers
• Which countries have import/use restrictions on encryption items?
• Concerns about accessing company networks and downloading while abroad
• Reconciling BIS and ITAR license exemptions
• Practical examples of travel procedures and clean device requirements

Due Diligence of Cloud Service Providers, ITAR-Controlled Data and Your Compliance Plan: How Far You Need to Go

• Key ITAR compliance risks in the cloud
• Traversing considerations for infrastructure as a service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS)
• Reconciling Commercial vs. Government Cloud
• DFARS, National Institute of Standards & Technology (NIST) 800-171, and U.S. Export Controls.
• Practical examples of how companies are navigating compliance with these types of solutions

The Nuts and Bolts of TCPs & TTCPs: Your Step-by-Step Checklist

Through a review of sample TCPs and TTCPs, the speakers will take you through the essentials and address, among other issues:

• How to control access by foreign nationals and other unauthorized persons to controlled data
• How to “right size” compliance for your organization
• Identifying tailored facility concerns for your organization (e.g., screening visitors, requiring sign-in, badges and accompanied hosts, etc.)
• Best practices for IT controls and network access rights
• Tips for Facility Management and Technology Control Plans

Hypothetical Exercises, Q&A and Review

Toward solidifying your understanding of this session, the instructors will take you through a series of hypothetical scenarios, sample license applications, and how to put the “rubber to the road.” Ample time will be left for Q&A. As a closing segment, instructors will provide additional clarification and guidance, and take your questions.

How to Prepare and Secure an ITAR License, TAA and MLA, and Reduce the Risk of RWAs: A Deep Dive into the Electronic Filing Process, License Application and Supporting Documentation

I. ITAR Licenses: A Deep Dive into Requirements for Securing a DSP-5, DSP-73, or DSP-61 and DSP-85

• When a DSP-5, DSP-73, or DSP-61, DSP-85 is required: The approvals process, how to expedite the process, timeframes and how to reduce the risk of delay
• Ensuring you get hardware and tech data included on a single license
• Returns: Special considerations
• Licenses in furtherance of agreements
• Constructing an accurate scope of export in your license application
• Drafting a license application: What to include, how to fill out the forms using DTrade2, and how to submit the application
• When to use a letter of intent to support a license request
• What DDTC expects beyond the written guidelines
• Structuring and valuing license authorizations
• Key reasons for RWA (Returns without Action) or license denials, and how to prevent them

II. ITAR Agreements: Demystifying TAAs, MLAs and WDAs

• Overview of the different types of ITAR agreements, what is required, the timeline, and how to reduce the risk of delay
• When and how to get TAAs, TAA Amendments, Re-Baselined TAAS and MLAs
• When to cover foreign nationals under MLAs and TAAs
• Degree of information expected by DDTC and DTSA in TAA scope of export and statement of work
• What DDTC and DTSA expect beyond the written guidelines
• Analysis of sample TAAs and MLAs

Hypothetical Exercises, Mock License Applications, Q&A and Review on the Do’s and Don’ts

Toward solidifying your understanding of licensing requirements and exemptions, the instructors will take you through a series of hypothetical scenarios, sample license applications, and how to put the “rubber to the road.” Ample time will be left for Q&A. As a closing segment, instructors will provide additional clarification and guidance, and take your questions.

Open General Licenses (OGLs)

• Impact of DDTC’s issuance of two open general licenses (OGLs):
  • Authorizing the reexports and retransfers of most unclassified defense articles (including software and some technical data) to preapproved parties in or among Australia, Canada, and the United Kingdom
  • Ensuring the ultimate end user of the defense article is the government of one of those countries
• Interpreting OGL No. 1: Defining “retransfers” of ITAR-controlled items within Australia, Canada, and the United Kingdom to certain parties
• Interpreting OGL No. 2: Defining “reexports” of ITAR-controlled items and data between or among certain parties in Australia, Canada, and the United Kingdom.
• Which ITAR-controlled items are excluded?
• Duration of the OGLs and how to renew them (if possible)
• Limits on OGLs pertaining to projects requiring the transfer of technical data:
  • Unclassified technical data for organizational-level, intermediate-level, or depot-level maintenance, repair, or storage of a defense article
  • No usage for projects involving the transfer of design or production technical data
• When a separate DDTC authorization is required for exports by US companies to the ultimate consignees under the OGLs
• When to request an ITAR license or agreement to cover a U.S. party
• When parties using the OGLs must notify all end-users and consignees that the defense articles are subject to US export control laws and regulations and include the destination control statement specified in the ITAR
• Recordkeeping Requirements:
  • How to maintain records of all reexports and retransfers, and identifying the OGL in any export documentation.
  • Description of the defense article, including technical data and more required records
  • When DDTC may request to see your records to verify proper use of the OGLs
    

Brokering Requirements

• When and how to register as a broker
• Which activities constitute “brokering”? Who is considered a “broker”?
• “Broker” and “Brokering”: What is now required for screening and monitoring
• Review of the current requirements and how they impact industry
• When and how to get ITAR license approvals for brokers and meet reporting requirements
• Satisfying “prior notification” requirements, and exemptions for large exporters and SMEs
• Best practices for broker agreements and activities
• Monitoring compliance by agents and representatives

The Lengths and Limits of ITAR Exemptions-and the Costs of Getting Them Wrong

• U.S. person abroad/U.S. subsidiary
• U.S. Government exemption
• Canadian exemption
• Return and repair exemption
• Temporary Imports
• FMS exemption
• Re-exports to NATO, Australia or Japan
• UK and Australia ITAR exemptions
• University fundamental research exclusion

Open Q&A with Faculty and Review of ITAR Licensing & Exemptions

Toward solidifying your understanding of licensing requirements and exemptions, the instructors will take you through a series of hypothetical scenarios, sample license applications, and how to put the “rubber to the road.” Ample time will be left for Q&A. As a closing segment, instructors will provide additional clarification and guidance, and take your questions

Review of ITAR Enforcement Cases and Practical Takeaways

Experts will take you through the most important compliance lessons learned from key enforcement actions, and how exporters are updating their ITAR compliance programs and supply chain management in response.

The Nuts and Bolts of an ITAR Compliance Program

• Key elements and best practices for effective ITAR compliance
• Identifying and empowering the right internal resources and personnel
• Developing and updating your compliance manual, procedures and processes, including policy statements and message from senior management
• Creating an anonymous reporting tool and compliance hotline
• Ensuring that your program can adapt to new, evolving ITAR compliance risk factors

Third Party Due Diligence and Exporters’ Liability Risks: Supply Chain, End-Use and End-User Screening

• Where the exporter’s responsibility for third party compliance begins and ends
• Vetting third parties, including subcontractors, freight forwarders, distributors, customs brokers, customers, re-sellers and others:
• What to look for and ask at the due diligence stage
• Monitoring ITAR compliance of third parties
• Recordkeeping: What documents/information to collect from foreign third parties, and how to review them
• Building an effective end use/end user screening program
• Safeguards to implement for orders and shipments, and when to terminate the relationship because of export enforcement risks

What to Do If You Suspect or Discover an ITAR Violation: Real-World Guidance

• What pushes a case from a DDTC warning letter to a penalty, and what can lead to a criminal prosecution
• Top mistakes to avoid during a government and internal investigation
• Examples of how to strengthen an ITAR compliance program to meet agency expectations

In advance of this last unit, participants will complete an assignment on the life cycle of an export. The questions will be based on a case study of an ITAR export transaction from A to Z. During this last session, participants will share their responses to the assignment questions, followed by feedback from the expert instructors. There will also be ample time for additional, extended Q&A to address any questions from the assignment and beyond.