Last winter, Hewlett-Packard’s Chinese distributor, Huawei Technologies, offered to sell HP telecommunications equipment to Mobile Telecommunication Co. of Iran (MCI) through Huawei’s Hong Kong partner,Skycom Tech Co Ltd. Although neither Skycom nor Huawei actually sold the equipment to Iran, the incident shows the difficulty of enforcing U.S. export laws in other nations.
This concern extends to countries not normally associated with trade violations, too. Take Canada, for instance. It ranks higher on Transparency Internationals’ Transparency Index than the U.S., yet companies doing business there can still run afoul of U.S. law. America’s Cuban sanctions are a case in point. Canada trades with Cuba. Therefore, American retailers may find their goods in Cuba via Canada, and may find Cuban goods in their inventories unless they expressly forbid it. Western journalists travelling to Cuba report major American brands in the government stores and hotels. An NBC News report a few years ago quoted Christopher Padilla, then U.S. assistant secretary of commerce for export administration, saying Cuban “buying missions” search other nations for American products to resell in Cuba. The companies, none-the-less, are responsible.
“In the United States, the principal party of interest is responsible for the goods (to ensure they aren’t transferred to a prohibited nation or individual) as long as the goods are out of the country,” explains Pete Mento, director of global customs and trade policy, CH Robinson. “Most companies aren’t fully aware of that responsibility.”
That’s the first pitfall. Exporters generally are less aware than importers of their responsibilities. The export regulations, however, are shorter and less complicated than import requirements, “so it’s easier to know them,” Mento says.
The second pitfall is that exporters don’t understand their level of risk. Because firms in high-risk industries tend to be quite good at navigating complicated export controls, the chief risks are to exporters between either the high or low extremes of risk.
Know Your Customer
The most viable strategy to minimize risk is to, “Know your customer and your market. Where is your device likely to end up?” asks Susan Kohn Ross, international trade counsel, Mitchell Silberberg + Knupp LLC.
When a company finds itself in hot water regarding export controls, Ross says the reason usually relates the corporate philosophy. “Being driven by sales and sales alone gets companies in trouble.” If a company has a philosophy of compliance and accepts that compliance sometimes comes at the cost of not making a deal, they’re less likely to make mistakes, she says.
Even small companies need clear internal controls. “Many owners say, ‘I make the final decision,” Ross says. But, companies need contingencies that cover events when the key decision-maker is unavailable for any reason. “You must satisfy regulatory agencies that decisions are handled responsibly and that the key decision-maker can be reached easily. With email and cell phones, that’s not difficult to establish. Small companies also tend not to document their internal controls, saying ‘everybody here knows that.’ That’s valid, but written controls are better. Regulatory agencies look for written controls,” Ross says.
“In terms of best practices to prevent export control violations, the starting point is the contract with the distributors,” notes F. Amanda DeBusk, chair of the international trade practice at Hughes Hubbard and former U.S. Commerce Department assistant secretary for export enforcement. “The US government expects to see a clause saying: this product is subject to U.S. export controls. Exports and re-exports are subject to U.S. jurisdictions and you must comply with all applicable export controls.”
Additionally, Mento says, “Include a destination control statement on invoice. It merely says what was sold, to whom and the intended use of the items.” Such control statements won’t necessarily prevent the goods from being transferred into the wrong hands but, when coupled to due diligence, they do provide legal protection by showing that reasonable efforts were made and that the company has a culture of compliance.
Performing due diligence to meet “Know Your Customer” requirements enables shippers to prove they are examining customers to determine whether they have appropriate controls in place to ensure U.S. requirements are met. This involves ensuring the distributor knows the regulations, doesn’t sell to prohibited parties and has systems to ensure that is so.
Part of knowing the customer involves tracking the export. Mento recommends developing a flowchart of the export process for each specific items, from acceptance of the purchase order all the way through to payment. “Determine who comes in contact with the export inside your company and, to the extent possible, outside your company,” he says.
“Vetting customers must be handled very delicately,” DeBusk says. “Distributors don’t want suppliers involved in their business for fear that suppliers could go around them, directly to their customers.” That concern can be minimized by explaining that the shipper has no choice. Customer vetting is U.S. law, and shippers can point to executives who were jailed for willful lapses. Additionally, “Some countries refuse to accept the extra-territorial reach of the U.S. The middle East and Asia are the biggest problems,” she says, citing government reports.
The export landscape has changed dramatically in the past 10 years,” Ross says. “Before 9/11, companies could make deals at trade shows and walk away. You knew the salient details – obligations, costs, shipping times, etc. Now you must properly vet your customer and distributor, and be very clear about what they are and are not permitted to do. This routinely includes the right to audit them. You must exercise that right for it to be meaningful. Obviously, audits are more effective when they occur unannounced,” she points out.
Without such controls in place (and sometime despite them), many companies’ first indication that export controls were ignored comes when customers request warranty service. To vet those inquiries, shippers need strong IT controls to enable them to scrutinize the email addresses and, to the extent possible, determine their real point of origin. “If you have online sales, you also need the ability to block certain ISPs,” Ross says, that are associated with spammers and malware.
Cloud computing further complicates regulatory controls because data moves among multiple servers seemingly at random. Data center hosts spin servers up or down depending upon data flow, storage and security needs. Therefore data that begins the morning in one server may reside in another before the day ends. When the cloud is based in a single country, that’s usually not an issue. When the computing environment spans borders, however, regulatory controls can be a concern. Therefore, when data is stored in a cloud computing environment, companies must ensure the agreement with the cloud provider includes a provision guaranteeing the data will never be hosted on a server located in a country on the prohibited list because the laws differ. Jurisdiction is clearer if the company and the servers are in the same country.
Export reforms have been underway the past few years and are seeing results. “If they’re even modestly successful, they can help,” Ross says.
Export control lists from multiple agencies are being updated and streamlined. In March, for example, President Obama signed an executive order moving the US Munitions list to the administration of the Secretary of State. The list also was updated to allow the State Department to authorize the sale of spare parts for the munitions. Some items also were moved from the State list to that of Commerce.
“This is a huge accomplishment and is very good news for the export community,” DeBusk says. It will actually simplify export controls and make items for which control is no longer needed available for export.
In another streamlining move, the Systems for Award Management (SAM) portal went active last November. It consolidates the capabilities of the Central Contractor Registry (CCR), Federal Agency Registration (Federal Register), Online Representations and Certifications Application (ORCA), and Excluded Parties List System (EPLS). Proposed reforms are listed in theFederal Register along with calls for public comment. They are organized by category.
The export control lists from the U.S. Departments of Commerce, State and Treasury are consolidated onto one list here. Other agencies also maintain export control lists that, eventually, are expected to be consolidated into one master list. Other countries also have their own export control lists. To protect yourself, before exporting, “Check the lists and document the fact that you checked them,” Ross says. “If something goes wrong, that’s a mitigating factor.”
The public lists are easy to use, DeBusk says. The most common problem is identifying the product’s classification and which department governs it. Beyond that, the problem is researching soft hits. Soft hits, she explains, are hits that may or may not be the company or individual in question. Common names, for example, are a problem. You must, therefore, conduct research to determine whether the name on the “prohibited individuals” list is your would-be customer or some other individual.
Exporting is becoming easier, but would-be exporters must do their homework to vet the potential buyer and to identify any potential conflicts.