On August 6 and 23, 2013, the US Department of State entered into Consent Agreements with Aeroflex, Inc. (Aeroflex) and Meggitt-USA, Inc. (Meggitt) to resolve numerous alleged violations of the Arms Export Control Act (AECA) and the International Traffic in Arms Regulations (ITAR). In both cases, the alleged violations cover a litany of actions over a number of years that evidenced ineffective compliance programs that repeatedly failed to take into account export control requirements.
The alleged violations, in the case of Aeroflex, included (i) multiple exports, without required licenses, of ITAR-controlled electronic and microelectronic items, some of which were satellite-related, to 30 countries, including China, a U.S. arms-embargoed destination, (ii) causing the unauthorized export of ITAR-controlled items by selling them to domestic buyers who exported them without required licenses due to Aeroflex's failure to identify properly items subject to State Department export control jurisdiction, (iii) selling ITAR-controlled items with knowledge that they would be reexported without the required authorization of the Directorate of Defense Trade Controls (DDTC), and (iv) misuse of the Canadian Exemption for the export of ITAR-controlled items to Canada resulting in unauthorized exports.
In addition, the company is alleged to have incorrectly relied on commodity classification guidance from the Department of Commerce for items that were, in fact, subject to State Department export control jurisdiction, instead of seeking classification guidance under the State Department's Commodity Jurisdiction, procedure. Even where Commodity Jurisdiction determinations were requested and received, the company is alleged, in at least one case, not to have appropriately disseminated them within the organization, and to have read them too narrowly. Moreover, it allegedly exported, without a required license, certain items for which a Commodity Jurisdiction request had been submitted, while that request was under review (in contravention of longstanding DDTC guidance to treat items covered in a Commodity Jurisdiction request as ITAR controlled, unless and until DDTC determines they are not ITAR controlled).
In the case of Meggitt, the alleged violations included (i) unauthorized exports, not only of ITAR-controlled products, but also of technical data and defense services, to a variety of countries, including the PRC - - a proscribed destination, (ii) violating the terms, conditions, and provisos of licenses, (iii) failing to notify DDTC that it was exporting ITAR-controlled defense articles to the PRC, (iv) failing to abide by various administrative requirements related to approved licenses, Manufacturing and Technical Assistance Agreements, and (v) not maintaining required license records.The majority of the violations occurred prior to Meggitt acquiring the companies that committed them.
Aeroflex's settlement involved a fine of $8 million (a, per violation, penalty of more than $50,000), $4 million of which is suspended on the condition that Aeroflex spends this amount on pre/post-settlement remedial compliance measures. Meggitt's settlement involved a $25 million fine (a, per violation, penalty of more than $367,000), $22 million of which is suspended if the funds are spent on pre/post-Consent Agreement compliance improvements.
The number of violations charged and the resulting potential penalties would have been higher, but for the facts that Aeroflex and Meggitt voluntarily disclosed some of the violations and, by the time of the settlement, they had already taken remedial compliance measures. An aggravating factor applied to Meggitt's settlement was the long-standing nature of the violations within the subsidiaries it had acquired and their unfamiliarity with, and apparent disregard of, ITAR compliance, providing yet another example of why full export control due diligence is critical for companies making acquisitions.
The Proposed Charging Letters and Consent Agreements not only provide a cautionary tale for exporters of ITAR-controlled items who fail to meet their compliance obligations, but also provide a blueprint for the type of measures companies subject to DDTC's jurisdiction can take to be compliant, including:
- Dedication of sufficient employee staff and adequate resources to ensure proper compliance. Procedures addressing lines of authority for responsible ITAR-compliance employees, adequate staffing/staffing increases, performance evaluations, career paths, promotions and compensation must be established.
- The designation of a qualified individual as a responsible compliance official. While the Consent Agreements require that designated special compliance officials who are to oversee their implementation serve only for the terms of the agreements, most of their mandated functions identify generally applicable compliance measures that should be implemented by a responsible compliance official at all companies subject to ITAR jurisdiction.
- Involvement of senior management. The Consent Agreements require preparation by the compliance official of periodic reports to the company's board of directors, or an appropriate committee thereof, and its Senior Vice President and General Counsel, concerning compliance, resource allocation, ITAR guidance, any compliance findings/recommendations by the official, the company's response thereto/implementation of the same, and the status of AECA and ITAR compliance generally within the company and with the terms of the Consent Agreements.
- The establishment of formal ITAR policies and procedures. The Consent Agreements obligate the compliance official to monitor company policies and procedures, including those for:
- the identification, including export control jurisdiction determination and marking, as necessary, of defense articles, including technical data;
- incorporating AECA and ITAR compliance into the company's management business plans at the senior executive level;
- the management and handling of State Department communications, Commodity Jurisdiction determinations, authorized agreements and licenses, including temporary import and export authorizations;
- the export, re-transfer and re-export of defense articles and services;
- the identification of ITAR-controlled technical data, to include the use of derivative drawings or derivative technical data, and marking thereof;
- the transfer and retransfer of technical data;
- tracking research and development work to ensure that all such work on defense articles, including technical data, is in compliance with the AECA and ITAR from conception to completion of the project;
- preventing, detecting and reporting AECA and ITAR violations; and
- encouraging company employees to report ITAR compliance problems without fear of reprisal.
As set forth in one or both of the Consent Agreements, the companies' export compliance systems should track the decision process from the initiation of a sales order/request for potential export authorization or clarification of an existing authorization to its conclusion that will reflect the exporter's ability to oversee and monitor export activity, and should cover the initial identification of all technical data and technical assistance in any form proposed to be disclosed to any foreign persons.The systems should also provide for automated management of compliance with ITAR Part 124 agreements and Part 123 temporary import and export authorizations, and procedures need to cover the electronic transfer of ITAR-controlled technical data, and the movement of laptops and portable storage devices containing such data.
- Training. The Consent Agreements mandate that Aeroflex and Meggitt provide training to employees responsible for ITAR-regulated activities and to their supervisors.
- Verify export control jurisdiction. Under the Consent Agreements, the companies are to make sure that they establish the proper agency jurisdiction for control over their exports.
- Periodic audits. The Consent Agreements require that outside consultants conduct two audits of ITAR compliance during their term — the first is to assess the overall effectiveness of the companies' ITAR compliance programs/their implementation of the measures set forth in the Consent Agreements, and the second is to confirm whether the companies have addressed the compliance recommendations from the first audit report. Such initial and follow-up audits, conducted on a periodic basis, are a key component of any effective export control compliance program as they promote continuing awareness and accountability.
- Legal Department Support. The Consent Agreements require the companies' Legal Departments to provide proper support for all AECA and ITAR matters.
Exporters would be well advised to review the Consent Agreements. (See United States Department of State Bureau of Political-Military Affairs Washington, D.C 20520, In the Matter of Aeroflex Incorporated and In the Matter of Meggitt-USA, Inc.) and compare them to their existing procedures to make sure their compliance programs meet the department's compliance expectations.