Jeff Grody, Executive Director of Orchid Advisors’ Export Services Practice, interviewed former DDTC chief compliance official, Sue Gainor, about export compliance program best practices. The interview provides firearm and ammunition industry executives with her perspective on the ITAR compliance practices of DDTC registrants.
Grody: Sue, your former position gives you unique perspective on the compliance risks faced by industry. At a high level, what are DDTC’s expectations regarding registrants’ ITAR compliance programs?
Gainor: Put simply, DDTC expects registrants to comply with the ITAR. DDTC communicates this expectation and expresses the importance of having well-functioning compliance programs in many ways, such as industry outreach at conferences/speaking engagements, the company visit program, and through all its interactions with the regulated industry. DDTC conducts well over 120 industry outreach events annually and highlights the importance of a good compliance program at most, if not all, of those events. The regulatory goal is for registrants to develop compliance programs that suit their business model not for the government to dictate what these programs should look like. DDTC doesn’t seek to tell the regulated industry how to comply just that it must comply.
Grody: From your perspective, how much does an exporter need to know about the foreign consignees and end users with whom it does business? What can you share about DDTC’s perspective on vetting of international counterparties as an element of exporters’ compliance programs?
Gainor: Regulators encourage exporters to develop sufficient relationships with their distributors, intermediate consignees, and end-users to be confident those parties are able and willing to comply with the ITAR. Given that they are responsible under Section 127.1(c) of the ITAR for what happens to defense articles and technical data once they’re exported, authorized exporters would be wise to minimize their exposure by ensuring they are dealing with reputable and compliant distributors, intermediaries, and end-users. DDTC encourages exporters to conduct denied party screening as an element of their compliance programs, but such screening shouldn’t be the sum total of exporters’ due diligence. Periodic post-sale checks, for example, are a prudent way to ensure recipients are meeting their obligations. Exporters would be wise to retain records of all due diligence efforts, as DDTC will request those records should it learn of a violation.
Grody: Part of the Government’s enforcement of the ITAR involves checking on end users who receive ITAR-controlled defense articles and technical data from the U.S. to confirm they have not been diverted and are being used in a manner consistent with the export license. The Government calls this the “Blue Lantern” program. How can an exporter, as a private party, uncover problems with its overseas counterparties?
Gainor: Blue Lantern is the Government’s program for monitoring a small percentage of transactions in the defense trade enterprise. Data gathered through this program allows the Government to have confidence in the overall level of regulatory compliance overseas. DDTC submits an annual Blue Lantern report to Congress. To develop confidence in foreign parties to exports, exporters should develop relationships with foreign parties so they can gauge those parties’ willingness and ability to comply with the ITAR. Exporters may also engage U.S. embassy personnel (e.g., foreign commercial service representatives) for information about local distributors, intermediaries, or end-users. Exporters may also seek similar information from business associations located abroad (e.g., chambers of commerce). Such efforts help exporters ‘know their territory’ and minimize interactions with potential violators.
Grody: Sue, I want to turn now to technology control, in other words, the portion of a registrant’s export compliance program that primarily involves protecting technical data. With technical data, one export compliance risk is exposing technical data to foreign persons in the United States. Even if a manufacturer has good compliance procedures in place for its own employees, the component suppliers, finishing houses, tooling vendors and other third parties who receive technical data to perform their functions may expose the technical data to foreign persons without the manufacturer’s knowledge. What does DDTC expect of manufacturers in this regard?
Gainor: DDTC encourages registrants to help their suppliers (and distributors, intermediaries, end-users) comply with the ITAR. The ways registrants help their suppliers vary widely, but can include formal or informal information-sharing processes, cooperative discussions about or reviews of supplier compliance programs, and registrant-conducted supplier training. Some registrants are reluctant to help suppliers, fearing such help makes them more liable for any supplier violations. As the regulatory system’s compliance goal is protecting foreign policy and national security, DDTC hopes registrants would contribute to the effort to ensure their suppliers comply.
Grody: Sue, I can’t thank you enough for spending some time with us and allowing us to share your perspective with our readers. We will be looking at these issues in more detail, along with related questions, on May 10 at the Firearms Industry Compliance Conference. I know that you cannot attend this year, but we will be exploring this topic in detail with another former DDTC official, Candace Goforth, and with Ray Ruthen, Export Compliance Manager at the Pratt & Whitney division of United Technologies Corporation.
One last thing. We at Orchid Advisors like to remind the industry that our export services practice provides solutions for the compliance challenges we’ve discussed. I assume you consult on these matters, too. Correct?
Gainor: Correct. Thanks, Jeff. People seeking compliance advice can reach me at firstname.lastname@example.org.