Issues that every import/export compliance program should address include:
Ensure active involvement by management, sufficient resources for the maintenance of the program and the creation of a corporate culture of compliance. At a minimum, affirm the company’s commitment to controls compliance and direct all to comply.
- The role and responsibility of management should be specified. A controls compliance program should detail training for employees and management, who is responsible for training, what training will include, and how often retraining will be conducted.
- If failure to follow the policy may result in disciplinary action including dismissal, the policy should say so. It should also encourage anyone uncertain about the compliance of a transaction or is aware of a violation to contact the appropriate company official.
Before a program can be developed, a company must identify its controls vulnerabilities. Those responsible for identifying a company’s vulnerabilities must have knowledge of the relevant products or technology, familiarity with the company’s marketing and sales, and an understanding of Canada’s controls requirements. They should consider:
- Whether any of the company’s production, imports or exports of products or technology are covered? Is the product of U.S. origin? If the company is a reseller, it should consider whether an outside consultant should make this assessment.
- If the company deals with controlled goods, does it know the end-users? Does it ship to intermediary consignees who deliver to an end-user? Does it deal in “intangible” products such as training in the use of a product or technology? Does it have temporary exports such as products for exhibitions or trade shows? Regardless of whether or not the product is controlled, is the sale to a restricted country or person?
- Are the company’s standard form contracts if any; adequate?
Every compliance program should address the following:
- How will controlled products be identified and tracked from planning through manufacture and through delivery to end-user?
- What continuous monitoring will there be to ensure compliance?
- What procedure is used to screen customers?
- Who is responsible for controls permit applications?
- Who is responsible for ensuring compliance with any permit conditions?
- How are orders tracked or shipped to ensure products arrive to the proper end-user?
- What records are maintained, in what format, and how long are they are to be retained?
- Who is responsible for keeping records?
- Will there be spot audits or other verification procedures?
Internal monitoring, review and training
Changes to laws, products, business models, customers and management structures may require program modifications. The program should state who is responsible for regular reviews, how often, and what material changes within or outside the company will trigger automatic review. Plans detailing training, who is responsible and how often it occurs should be specified.
Non-compliance procedures and reporting
A compliance program should include procedures to address the event of a non-compliant event, including notifying proper officials within the company and the relevant regulatory body.