At the most recent meeting of the Institute of Export & International Trade (IOE&IT)’s Export Control Special Interest Group on 25 May, compliance experts answered some of our members’ most pressing questions on export controls, technology and best practice.
The session was focused on intangible technology transfers and how these might be impacted by export controls and sanctions.
An intangible transfer of technology occurs when controlled goods are accessed electronically – e.g. via email – by an overseas-based individual.
Q: What records of intangible transfers of technology does an ECJU (Export Control Joint Unit) inspector expect to see on a compliance inspection?
Stephen McGarrigle, export compliance manager and former government inspector: Legislation requires that you record the transfer of certain technologies. Typically, we would use the Technology for Military Goods OGEL, but you could also transfer technology using various other open general export licences.
You’re required to keep records detailing the recipient, a description of the technology and the date of the transfer.
What an inspector will ask to see is a log of when you have transferred this. It should be centrally controlled so one person has oversight of it, but if it’s all in an Excel spreadsheet that will also be accepted.
Some compliance officers have been known to ask to inspect the technology, but I don’t think this is common and you shouldn’t be cross-examined over it.
As long as you have all the details that are contained in the legislation, you should be ok.
Q: We are a signatory to a US Department of State Technology Assistance Agreement (TAA). Does the US government review our compliance with the agreement?
Roger Arthey, IOE&IT Export Control Profession chair: When you sign a TAA with a US company that is then approved by the US government, it is effectively an export authorisation. You sign up to a whole load of conditions as to how you're going to treat the technology that the US company is going to be sending to you.
This US company might be a part of your own company or completely separate but you're still subject to the conditions of the agreement.
Once you’ve signed a TAA, the US government has the power to check up on you, but it tends not to exercise this unless it really feels that it needs to.
Q: So how does this process work?
Roger: What's most likely to happen is, firstly, your own company will be checking on how you're handling that technology.
Processes like training, education and audits are normal procedures here. I can't stress enough the value of internal audits to make sure that people are complying internally with the regulations.
Secondly, the company that is sending you the data may well feel an obligation to check on your compliance with the conditions of the TAA. US companies that have an UK subsidiary might send over people to make sure that the compliance is being maintained.
Only under severe circumstances – where there's a real suspicion that something has gone wrong – does the US government have the authority to check on your compliance using schemes like the Blue Lantern project, but this power is limited.
Q: What happens if the US government starts asking questions?
Brinley Salzman, director, overseas & exports at ADS Group: The US government will normally ask HMRC to undertake the audits on its behalf. But we’re used to the UK government’s compliance unit and other organisations carrying out inspections.
If you get a request from the US government that it wants to come and inspect your records, alarm bells need to start ringing because it’s picked up on something and therefore you need to look very closely at it.
Once you get a sense that something has gone wrong, don’t try to hide it. Submit a voluntary disclosure to the US government and show that you’ve put in remedial action to stop it happening again.
If you do this, the state department is likely to give you a slap on the wrist. If it gets the sense that you’re trying to hide something, it will have no problem making an example out of you.
Q: I have exported controlled technology without a licence. What should I do?
Roger: The first thing is to go to the ECJU, if you’re based in the UK, and say you’ve got a problem.
You should have some ideas of how to put things right, but the best thing to do is to come clean.
Brinley: You should also approach your compliance inspector and get their opinion on how best to handle it.
Ray Burgin, academy education delivery team lead, IOE&IT academy: While you are going through your compliance officer, you can do some parallel activities whilst the self-declaration process is going on. A company could check and just make sure that if you do have an internal compliance program, you've got all the information there ready to be to be looked at by the ECJU and avoid a mad scramble to get all the evidence together.
Samantha Hodgkins, IOE&IT customs consultant: It's always, always better to self-declare because if a problem is found at audit, inspectors will go through your books with a fine toothcomb. So if you can self-declare and put remedial action in place, it looks far better on you.
The problem is a lot of companies don't have a compliance department or they have several different people who take responsibility for several different parts with no real interaction between them.
Q: We often sell dual use items to China on FCA or CIP Incoterms, and end users cannot act as a as a consignee as you're unable to import the items. So what do they do?
Ray: I would question why the consignee can't do the import to start with.
I’d do a bit of checking first. Question and challenge them in a nice, polite way so that you've got evidence that you could feed back, if necessary, and look into why FCA or CIP terms would be required.
It’s important to find who's actually involved and who's actually going to do the import on behalf of the end user, because there could be a potential gap in your watchlist screening activities there.
Q: Following up on the Incoterms question, are we required to provide evidence for delivery to the end user?
Ray: For really, really good controls, the minimum would be having a signed proof of delivery to the recipient from the consignee.
But if you want to go that extra mile, then potentially you could ask the consignee to get proof that the goods have actually arrived with the end user, because it might be another party that the consignee is selling the goods to.
As part of the licence application process you should know who the end user is anyway, because you have to submit that information, but there's no harm in at least asking.
Q: What examples of best practice compliance process for intangible exports can be shared?
Stephen: Have your procedures in place and have a contact person to handle the back-and-forth that comes with various companies.
For UK controls, the form you submit has all the information you need. Keep this, in a secure folder, for the auditors. I've seen some people keep emails, but that isn’t necessary.
The other thing that's quite useful is, if you're involved in a project and you've got the same person sending the same the same or similar technology to the same company, then you don't have to record each and every transfer.
What you can do is you can provide generic details of the project and of the contract itself. In this way, provided nothing changes with the description of the technology, you can do hundreds of transfers just with that one record.
You can read more about the Export Control Special Interest Group here.
The above article is for educational purposes only and does not constitute legal advice.