10 minute read
WEEK
WEEK 1 MODULE 1 | PART 1
Compliance Roadmap & Classification
Sikorsky, a Lockheed Martin Company
Lawrence Ward Partner
Dorsey & Whitney LLP
Your U.S. Export Controls Roadmap: A Review of Key Concepts, Agencies, Their Jurisdictions and Roles — and Who to Contact for What
As a primer for the day ahead, speakers will review key agencies for ITAR and other export-controlled goods and technologies, their roles, and key tips for staying on their “good sides.”
• Jurisdiction: ITAR vs. EAR • What is covered by the U.S. Munitions List (USML) • BIS, DDTC, DTSA, OFAC, DOJ, and HSI: Which agency does what? • What is an "export" and "re-export"?
The Essentials of Classification for "Defense Articles", "Technical Data" and "Defense Services": Key Pitfalls and Lessons Learned
• Identifying when foreign commercial products and technology can become ITAR-controlled • Considerations for classification of sensitive technologies that are not on the USML
I. Defense Articles
• Definition of “defense articles” • Clarifying ITAR application to commercial and “dual-use” items • How original design intent, government funding, specifications, underlying technology, and intended market can affect jurisdiction • Definition of “public domain” and of ITAR’s “See Through” rule • Integrating commercial and defense technologies
II. Technical Data
• Defining “technical data” and “export” of technical data under the ITAR • Determining whether technical data is in the “public domain” under 120.11 • Identifying whether technical data is ITAR-controlled • Recent DDTC guidance on how to control technical data • Reducing the risk of technical data export violations • Complying with restrictions governing “technical” discussions
III. Defense Services
• What are “defense services” under the ITAR? Common examples and pitfalls to avoid • How the broad definition of “defense services” affects commercial business • How U.S. persons can engage in ITAR-controlled “defense services” by simply providing public domain information • How “defense services” can cover technical data related to
ITAR-controlled items
ITAR Parts 120 & 121: The “Specially Designed” Definition: Where Exporters Have Gone Right and Wrong in Determining ITAR Jurisdiction
• What is the “specially designed or modified” reach of the ITAR? • What are the qualifiers for a “specially designed” designation? • A review of the most common mistakes by industry when making this determination • The do’s and don’ts for self-classifying items as “specially designed” • How to ensure adequate documentation to support your position
Larry Fink Vice President, Senior Assistant General Counsel
Leidos
Chris Stagg Partner
Miller & Chevalier
Classification/Re-Classification in Practice: A Step-by-Step Guide to Structuring Your Classification Approach, and the Most Common Missteps to Avoid
• The fundamental importance of jurisdiction and classification • Ensuring self-classification follows a proper analysis and use essential sources of information • What is the approach to take for self-classification, compared with writing a Commodity Jurisdiction (CJ) request? • My item meets the control criteria of multiple entries; which is the correct classification? • Differences between classifications for hardware, technical data, software, and defense services • How are companies updating their classification and re-classification approaches to account for new and proposed DDTC and DTSA guidelines? • How do companies design and maintain jurisdiction and classification systems (e.g., creating databases to store the classifications, creating bucket classification groups)? • Ensuring and documenting when the ITAR does not apply to commercial and “dual-use” and even military items • The use of engineers and other subject-matter experts to perform self-classifications • What to do if there is an error in self-classification? Does it mean there is a violation? • ITAR jurisdiction and classification issues concerning foreign made products • Addressing the ITAR see-thru rule and other important rules • What is the effect of re-classification on suppliers? How can you mitigate them?
ITAR Sections 120.3 and 120.4 – When to Use the Commodity Jurisdiction Process, and How to Draft a CJ Request
Through a review of sample CJs, best practices and common pitfalls, you will gain comprehensive guidance for preparing CJ requests—and deciding when to file a CJ instead of conducting a self-determination. You will also benefit from insight on how DDTC and DTSA review CJ requests, and recent trends in jurisdictional determinations.
• Preparing a CJ request: What you need to submit, what supporting material to include and other key elements • DDTC Guidelines for preparing CJ requests: What the State Department expects and how to expedite the process • Who should prepare CJ requests and when • Key factors affecting CJ determinations: Recent trends in rulings and lessons learned • How to interpret CJ determinations, and what you can do with them • The consequences of filing a CJ determination: Pre-filing, while awaiting a decision, and afterwards • Strategic uses of the commodity jurisdiction procedure • Alternatives to using the commodity jurisdiction process
Hypothetical Exercises, Q&A and Review
Toward solidifying your understanding of this session, the instructors will take you through a series of hypothetical scenarios, sample license applications, and how to put the “rubber to the road.” Ample time will be left for Q&A. As a closing segment, instructors will provide additional clarification and guidance, and take your questions.
WEEK 2 MODULE 2 | PART 1
Foreign, Dual and Third Country Nationals, and Technology Transfers
Christine Martinez Senior Compliance Counsel
Precision Castparts
Daniel Fisher-Owens Partner
Berliner Corcoran & Rowe LLP
ITAR Sections 120.10, 120.17, 124.1, 125.2, 125.3 and 126.18 – How to Comply with Foreign, Dual and Third Country National Rules
• How DDTC defines “foreign national”, “dual national”, “third country national”, “U.S. person” and “access”: Impact of dual and third country national requirements under 126.18, and available exemptions • How the ITAR addresses the sharing of technology with foreign persons inside and outside the U.S. • Screening and interviewing foreign nationals without discriminating on the basis of national origin: Reconciling the ITAR with EU, Australian and
Canadian human rights and privacy laws • Incorporating export controls language into your offer letters, employment agreements and using non-disclosure agreements (NDAs) • Assigning foreign persons to ITAR sensitive areas: Avoiding deemed export/re-export violations, and to how to badge non-U.S. persons
Technology Transfers Under the ITAR
• How to define “technology transfer” • Special considerations for IT access: Key ITAR risks associated with your networks, servers, cloud applications, mobile devices and social media activity • Flagging R&D and engineering that can pose ITAR compliance risks • Examples of technology transfers in the cloud, on social media and via email
Hypothetical Exercises, Q&A and Review
Toward solidifying your understanding of this session, the instructors will take you through a series of hypothetical scenarios, sample license applications, and how to put the “rubber to the road.” Ample time will be left for Q&A. As a closing segment, instructors will provide additional clarification and guidance, and take your questions.
I had fun and it was nice to engage with others in the field who are having similar challenges. It was a great session. I plan to dial in to future sessions.
Director – International Trade Compliance, Gulfstream Aerospace Corporation
WEEK 2 MODULE 2 | PART 2 Technology Transfers
Lila Landis Global Compliance and Import Services
SEKO Logistics
General Atomics Aeronautical Systems
Jahna Hartwig Senior Counsel
Wilson Sonsini Goodrich & Rosati PC
A Deep Dive into Required Technology Controls: Managing Visitor and IT Access to ITAR-Controlled Technical Data
• Controlling foreign nationals’ access to ITAR-controlled data: When a password, absolute lockdown and/or email controls are required • Managing access risks posed by offshore IT support, cloud computing and e-rooms for electronic collaboration • Protecting U.S. origin data on laptops and servers • Managing email transfers of technical data: Tracking and marking sensitive communications, and designating emails • Protecting hardware and servers: When to create separate servers for controlled information and/or partition drives • Cloud computing do’s and don’ts • Requirements for recordkeeping, storage, data maintenance, preservation and retrieval procedures • Working with your IT Department, and conducting reviews of your IT program • Controlling visitor access to restricted areas and physical access to your facility
Special Considerations for Laptops, E-Mails, Mobile Devices and Employee Travel
• How to use IT security software such as DLP to pull data back onto
U.S. servers • Which countries have import/use restrictions on encryption items? • Concerns about accessing company networks and downloading while abroad • Reconciling BIS and ITAR license exemptions • Practical examples of travel procedures and clean device requirements
Due Diligence of Cloud Service Providers, ITAR-Controlled Data and Your Compliance Plan: How Far You Need to Go
• Key ITAR compliance risks in the cloud • Traversing considerations for infrastructure as a service (IaaS),
Platform as a Service (PaaS), Software as a Service (SaaS) • Reconciling Commercial vs. Government Cloud • DFARS, National Institute of Standards & Technology (NIST) 800-171, and U.S. Export Controls • Practical examples of how companies are navigating compliance with these types of solutions
The Nuts and Bolts of TCPs & TTCPs: Your Step-by-Step Checklist
Through a review of sample TCPs and TTCPs, the speakers will take you through the essentials and address, among other issues:
• How to control access by foreign nationals and other unauthorized persons to controlled data • How to “right size” compliance for your organization • Identifying tailored facility concerns for your organization (e.g., screening visitors, requiring sign-in, badges and accompanied hosts, etc.) • Best practices for IT controls and network access rights • Tips for Facility Management and Technology Control Plans
Hypothetical Exercises, Q&A and Review
Toward solidifying your understanding of this session, the instructors will take you through a series of hypothetical scenarios, sample license applications, and how to put the “rubber to the road.” Ample time will be left for Q&A. As a closing segment, instructors will provide additional clarification and guidance, and take your questions.
WEEK 3 MODULE 3 | PART 1
Licensing Requirements and Exemptions
Michelle Schulz Partner
Schulz Trade Law, PLLC
Dan Miller Senior Trade Compliance Officer for Licensing, Sanctions and Regulatory Compliance
Gulfstream Aerospace Corporation
How to Prepare and Secure an ITAR License, TAA and MLA, and Reduce the Risk of RWAs: A Deep Dive into the Electronic Filing Process, License Application and Supporting Documentation
I. ITAR Licenses: A Deep Dive into Requirements for Securing a DSP-5, DSP-73, or DSP-61 and DSP-85
• When a DSP-5, DSP-73, or DSP-61, DSP-85 is required: The approvals process, how to expedite the process, timeframes and how to reduce the risk of delay • Ensuring you get hardware and tech data included on a single license • Returns: Special considerations • Licenses in furtherance of agreements • Constructing an accurate scope of export in your license application • Drafting a license application: What to include, how to fill out the forms using DTrade2, and how to submit the application • When to use a letter of intent to support a license request • What DDTC expects beyond the written guidelines • Structuring and valuing license authorizations • Key reasons for RWA (Returns without Action) or license denials, and how to prevent them
II. ITAR Agreements: Demystifying TAAs, MLAs and WDAs
• Overview of the different types of ITAR agreements, what is required, the timeline, and how to reduce the risk of delay • When and how to get TAAs, TAA Amendments, Re-Baselined TAAS and MLAs • When to cover foreign nationals under MLAs and TAAs • Degree of information expected by DDTC and DTSA in TAA scope of export and statement of work • What DDTC and DTSA expect beyond the written guidelines • Analysis of sample TAAs and MLAs
Hypothetical Exercises, Mock License Applications, Q&A and Review on the Do’s and Don’ts
Toward solidifying your understanding of licensing requirements and exemptions, the instructors will take you through a series of hypothetical scenarios, sample license applications, and how to put the “rubber to the road.” Ample time will be left for Q&A. As a closing segment, instructors will provide additional clarification and guidance, and take your questions.
Provides in-depth, practical knowledge and experience that I will be able to take back to improve our processes and program.
Oshkosh Corporation
