The U.S. export control system has undergone major reform in recent years, and companies have experienced both increased enforcement of export control laws and fines for violations, with more changes on the way. Skadden partners Jeff Gerrish and Mike Loucks and counsel Nate Bolin discuss developments in export control laws and how companies can stay ahead of the changes.

What are export controls and how do they affect companies?

Mike: The U.S. has a thicket of laws and regulations applicable to exports to a broad array of countries. These include not only countries that are subject to comprehensive embargoes, such as Iran, Syria and Cuba, but also close U.S. allies and countries such as China that are substantial trading partners. Accordingly, all companies that export products, technology, technical data or services must be cognizant of the rules, as violations, depending on intent, can result in criminal prosecutions of the business and of specific employees. Over the past decade, the U.S. Department of Justice (DOJ) has substantially increased its resources to prosecute export control violations; businesses that have been prosecuted range from defense contractors to transportation companies to banks. The need to comply with export control laws and regulations arises not only when companies are exporting, re-exporting, and transferring controlled items and services, but also when they acquire companies that are engaged in such activities. This is a complex arena with different federal enforcers than the norm, including the U.S. Departments of Commerce and State, as well as the DOJ.

In 2009, the Obama administration began reviewing the system and implementing changes to make it more efficient. These have been described as some of the most far-reaching changes since the end of the Cold War. Where does this process stand today?

Click here to view table.

Jeff: The process can be divided into three phases. Phase I laid the regulatory ground rules for the reform process, consistent with congressional notification requirements. In Phase II, the two main export control agencies — the Department of State’s Directorate of Defense Trade Controls (DDTC) and the Department of Commerce’s Bureau of Industry and Security (BIS) — are cooperating to revise the lists of items each agency controls. Phase II is nearly complete. Phase III, which has not yet begun, will involve a transition to a single control list, a single licensing agency, a unified information technology backbone for licensing and compliance, and more closely coordinated enforcement.

Nate: One goal of this reform effort was to facilitate U.S. companies’ engagement and trade with our NATO and other allies by moving certain items from the U.S. Munitions List (USML), which covers defense articles and defense services controlled by the International Traffic in Arms Regulations (ITAR), to the somewhat less restrictive Commerce Control List (CCL) under the Export Administration Regulations (EAR), which govern mainly items with both civilian and military applications (so-called “dual-use” items). The idea was to reduce the licensing burden on U.S. exporters and rationalize the system. Previously, certain fairly run-of-the-mill components like aircraft tires were on the USML, forcing companies to get an ITAR license in order to export those to, say, our NATO allies’ air forces around the world.

Another goal of the reform is to place tighter controls around the so-called crown jewels in the U.S. defense industry and critical technologies for our national security. So in Phase II of the reform, we have seen enhancements to those controls and enforcement efforts related to certain critical national defense items, as well as controls being imposed or clarified on cutting-edge materials and techniques such as nanotechnology materials and 3-D-printable technology. And finally, the agencies recently have begun talking in more detail about their plans to move toward having a single licensing and enforcement agency that can handle both the defense articles and services under ITAR and the dual-use and other articles under the EAR. The public likely will be asked to comment on at least some of these plans in a proposed rulemaking in the near future.

What trends in enforcement actions and penalties are you seeing?

Mike: In the last two years, there have been prosecutions across the country of defense contractors, optical systems manufacturers, foreign manufacturers and major financial institutions for conducting financial transactions related to export control violations. These cases have been related to illegal exports to various countries. There were a couple of Chinese nationals who were prosecuted for exporting sensors. One was in the U.S. on a student visa and was enlisted by his brother to acquire the sensors under the guise that he planned to use them at a U.S. university where he was a graduate microbiology student. Another company was prosecuted for essentially lying about where its production took place. It stated that it made products in the U.S. but was in fact sending the technical data and samples of the military articles to plants in China to be made there, then importing them into the U.S. to sell to customers here, including Department of Defense prime contractors. Another prosecution stemmed from a company called Robbins & Myers' acquiring a Belgian subsidiary. In a routine check, an auditor spotted that the Belgian subsidiary had been shipping a particular controlled item to a customer in Syria. The auditor kicked it upstairs to management, but the practice continued for a while, with the Belgian subsidiary hiding the transactions to Syria with fake documents.

Jeff: Criminal penalties can be severe, potentially reaching $1 million for a single transaction and resulting in up to 20 years’ imprisonment for individuals. Additionally, each event or other action can be charged as a separate offense, so these penalties can quickly get up into the tens and hundreds of millions of dollars. There also is the possibility of losing export privileges, which can be the most severe penalty of all for companies relying on exports. Violators also can be subject to denial orders that prevent other U.S. persons from doing business with them and be debarred from federal government contracting. Of course, there is always the possibility of reputational damage and qui tamlawsuits against such companies.

Are individual company employees subject to criminal prosecution?

Mike: The short and clear answer is yes, and clients should expect, given the recent issuance of the Yates memorandum by the deputy attorney general, that in any investigation of an alleged violation of the export control laws, the DOJ will strongly consider whether any individual corporate employee should be prosecuted.

At the outset, Mike mentioned that companies also can run into violations when acquiring another company. What should be considered when evaluating a target for acquisition?

Nate: Because there is successor liability for past export control violations, you should learn everything you can about a target’s track record in this area, including the target’s business lines and the products that the company manufactures. Sometimes companies may unwittingly have become manufacturers, exporters or brokers of defense articles or other controlled articles or technology. For example, a software startup may rely on high-level encryption for its software products but, because it didn’t know better, never have gotten around to applying for export licenses. Similarly, a company may be making defense articles or defense services but be unaware of the ITAR registration and licensing requirements. A fundamental understanding of the business lines and how the company has been operating over the applicable statute of limitations period, which is five years, is critical.

Jeff: The U.S. government enforcement agencies take the position that it doesn’t matter whether it’s a merger or asset purchase. In their view, as long as there is substantial continuity of the business, successor liability can be imposed. A classic example is the 2002 Sigma-Aldrich case, in which there was an asset purchase of a company that had committed export control violations. BIS took the position that successor liability applied, and the case was ultimately settled for $1.76 million. DDTC also takes the position that successor liability applies in the ITAR context. Here, the classic case is Hughes Space and Communications, which settled charges of violating the U.S. arms embargo against China. The Hughes assets were subsequently sold several times, and the purchasers were required to pay the remaining unpaid amounts of the $32 million settlement.

So from the perspective of U.S. enforcement authorities, even if a company has gone through a merger, acquisition or asset purchase, that isn’t going to eliminate liability for past violations. Regardless of the type of investment or transaction, export control issues and compliance with the export control laws need to be addressed appropriately in purchase agreements and through representations, warranties and indemnification provisions. They have to, in some circumstances, be factored into your valuation decisions. And you may even have to simply walk away from a transaction.

What should companies governed by export laws do when they learn of a potential violation? Should they make a voluntary disclosure?

Jeff: First, such companies need to stop the conduct that is the source of the potential violation. They then need to make sure they preserve all the relevant documents and records, put a legal hold on them and get an investigation going. At that point, they have to decide whether to make a voluntary disclosure or not.

If it turns out that there was a violation and the company decides to disclose it, they want to be in a position to say, "We did something about this right away." Also, if a voluntary disclosure is made, it needs to be accurate and complete. BIS has indicated that it gives great weight to voluntary disclosures as a mitigating factor. However, if a voluntary disclosure is not accurate and complete, most, if not all, of the benefit of that mitigating factor will be lost, and the problem could be exacerbated by an inaccurate or false statement in the voluntary disclosure that could lead to additional violations.

An effective compliance program is key to addressing weaknesses before they become violations. It’s an obvious point, but compliance policies can’t just sit on a shelf. Regular training is critical because changes in this area are frequent. Also, it’s not enough to do spot checks on an ad hoc basis. If you don’t conduct regular audits, there’s no way of knowing if your policies and procedures are working until it’s too late.

What do you see in the short-term future for export control reform?

Jeff: The Obama administration has devoted an enormous amount of resources and time to this issue, and they are going to want to get as much done as possible in the president’s last year in office. We may see some accelerated activity in areas like proposed and final rules on the remaining USML categories. Companies should be reviewing their licenses and registrations and updating their procedures and policies, given all the changes that have occurred on the licensing front. Lastly, it’s important for companies to track agency efforts to update and improve regulations and weigh in on issues that are relevant to what they do.