Company Level

Changes in Export
Compliance
Programs
An exploratory case study

Stephen Hudson
12/6/2013

Introduction
During the Cold War, the threat of nuclear war kept U.S and soviet forces in a state of constant
tension. To prevent adversaries from gaining military advantages, each side poured immense
resources into growing their strength, racing to match and exceed the advances of the other
side. The technological advantage held by U.S. military forces counterbalanced the numerical
superiority of Soviet military forces. It was a dangerous struggle for the U.S. to maintain this
balance, for technological advantage could be lost more easily than size and strength could be
gained. In response to this pressure, the U.S. established safeguards against the leakage of
military hardware and information.1 These safeguards involved creating the International
Traffic in Arms Regulations (ITAR) to govern military and defense trade, preventing advanced
weapons technology from falling into enemy hands. Today, the ITAR remains the
core/foundation of U.S. arms control policy.
The ITAR provided an appropriate response to Cold War threats, but the world has changed
drastically in the last few decades. The ITAR is designed to prevent the physical
transfer/exchange of defense items. While this is still a relevant goal, the ITAR now has to
address increasingly diverse modern threats to national security. Due to the amazing
technological advances in the last few decades, arms control policy must adapt beyond
controlling the physical exchange of goods, to the electronic exchange of information and

National Research Council of the National Academies, Beyond Fortress America,

http://ud4cl8nx8h.search.serialssolutions.com/?ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF8&rfr_id=info:sid/summon.serialssolutions.com&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=book&rft.title=
Beyond+%27Fortress+America%27&rft.au=Committee+on+Science%2C+Security%2C+and+Prosperity+Staff&rft.au
=Committee+on+Scientific+Communication+and+National+Security&rft.au=National+Research+Council&rft.date=2
008-12-01&rft.pub=National+Academy+Press&rft.isbn=9780309130271&paramdict=en-US (accessed Nov 05,
2013), 2.

data. This challenge is complicated further by the increasing access and ease of electronic
communications.
Broadening the definition of ITAR standards to apply to modern times has led to complications
with enforcement. According to enforcement officials, they face a number of challenges
associated with arms export enforcement including limited resources to conduct inspections
and investigations and other difficulties in obtaining a criminal conviction for export
violations.2Even though the Directorate of Defense Trade Controls (DDTC) acknowledges their
inability to track and record intangible transfers of technical data, they maintain that the
voluntary disclosure process is an effective enforcement tool. This may be true, but sharp
increases in global trade, international supply chains, and cyber threats may outpace the
DDTCs ability to enforce the ITAR. With this in mind, it is easy to see the need for change. If the
DDTC hopes to stay ahead of ITAR violators they will have to adapt to the rapidly changing
environment. However, achieving this goal through regulatory change presents several
problems. ITAR reform has been the focus of numerous debates. Professionals within defense,
aerospace, and space industries claim that the ITAR is too restrictive and the extra costs
associated with compliance stifle American businesses. On the other side, regulators and
nonproliferation groups claim that easing restrictions will endanger national security interests.
While numerous difficulties surround the issue of regulatory reform, this study explores an
alternative method. Rather than approach reform with a top-down mentality, changes at
company level could make ITAR compliance more efficient. The first aim, of this study, is to

Government Accountability Office Government Accountability Office. Defense Trade: Arms Export Control System
in the Post 9/11 Environment. (Washington D.C.: Government Accountability Office, 2005), 2.

explore the question: what changes can be made at a company level to make ITAR compliance
more efficient? The second, aim of this study, is to explore how efficient compliance programs
can reduce the impact of regulatory burdens.

Literature Review
Most research on ITAR reform is focused specifically on manufacturers within the space
industry. These studies provide excellent recommendations for reform, but no literature could
be found on changes at a company level. This section will highlight: an overview of U.S. arms
trade controls, trends in international trade, ITAR criticisms, and automated compliance.
Overview of U.S. Arms Trade Controls
Prior to 1976, the United States policy for controlling the arms trade was insufficient. During
the Kennedy and Nixon administrations, a flood of arms were shipped to anti-communist
nations. As the Vietnam War dwindled, criticism grew over the export of arms.3 This led to the
Arms Export and Control Act of 1976 (AECA). The AECA grants the President authority to control
defense and military trade. Eventually, this authority was delegated to the State Department,
and the International Traffic in Arms Regulations (ITAR) was created.
The Directorate of Defense Trade Controls (DDTC) is the organization, within the State
Department, responsible for administering and enforcing the ITAR. The ITAR controls any item
classified as a defense article, defense service, or technical data.4

Jeffrey Nosanov, Viewpoint: International Traffic in Arms Regulations-Controversy and Reform, Astropolitics:
The International Journal, 7:3, 210.
4
Matthew Henson, e-mail message to author, May 18, 2013.

Most ITAR violations are reported through a process known as Voluntary Disclosure.
Anytime a company believes they have violated the ITAR they are responsible for reporting it to
the State Department. Voluntary disclosures are considered a normal part of doing business
and the State Department will only act if the violation reflects: a risk to national security or
foreign policy, systemic compliance problems, or intentional violations.5 The State Department
levies penalties through consent agreements. The consent agreements are Department issued
documents outlining punitive measures and compliance requirements a company must honor.
Once a company has been cited they will face fines, remedial compliance requirements, and
possibly the forfeiture of export privileges.
Trends in International Trade
Over the past few decades there has been unprecedented growth in global trade. World trade
has grown on average nearly twice as fast as world production.6 The World Trade Organization
attributes this growth to improvements in transport, telecommunications, information
technology, economic integration, and trade openness.7 This has resulted in greater
technological diffusion and increased mobility among companies and workers. Many U.S.
businesses view this trend as a positive force for growth, but there are significant drawbacks.
Agencies responsible for enforcing arms trade regulations may find it difficult to contain the
diffusion of defense related technology and information.

Henson, e-mail, 2013.

World Trade Organization. "World Trade Report 2013." World Trade Organization. 2013.
http://www.wto.org/english/res_e/booksp_e/anrep_e/anrep13_e.pdf (accessed 10 4, 2013), 5.
7
WTO, World Trade Report, 7-8.
6

ITAR Criticism
Over the past decade the ITAR has become the target of criticism. Complaints have cited
problems ranging from the exclusion of foreign scientists to the strict controls on space craft
tape recorders.8 These criticisms also raise larger concerns over the ITARs ability to adapt. In
2005, the Government Accountability Office (GAO) reported, Since the 2001 terror attacks, the
arms export control system has not undergone fundamental changes.9
The Obama Administration alleviated industry concerns by implementing the Export Control
Reform initiative in 2009. The focus has now shifted towards security concerns. A former Justice
Department Official, Steven Pelak, states that reforms have made it easier for Iranian and
Chinese companies to subvert U.S. arms embargoes without being vetted.10 The lack of
flexibility within the ITAR could lead to major problems moving forward. With the
unprecedented increase in world trade and the prominence of electronic data transfers, the
State Departments ability to enforce the ITAR will undoubtedly be tested.
Automated Compliance
Automated export compliance is not a new concept, but companies should determine if they
are getting the maximum benefit from their current program. If not, there are other industries
that have achieved success in this area. Companies that must comply with environmental
regulations have drastically different circumstances, but they have found ways to achieve cost
savings and better compliance through automated processes.
8

Nosanov, ITAR Controversy and Reform, 206.

GAO, DEFENSE TRADE, 3.
10
Jefferson Morley, Obama Eases Rules on Arms Exports, Arms Control Association, November 2013,
http://www.armscontrol.org/act/2013_11/Obama-Eases-Rules-on-Arms-Exports.
9

One example of this can be found within an aluminum manufacturer. Alcoa operations in
Tennessee introduced automated solutions for monitoring manufacturing: processes,
conditions, outputs, and destinations.11 A study revealed that these measures produced reliable
compliance, reduced regulatory burdens, and reduced inspection times. If companies within the
defense and aerospace industry emulate this model, they may increase efficiency within their
compliance programs.

Method
The cases for this study were selected from consent agreements issued between 2003 to
2013. Due to the large number of documents and to control for State Department leniency on
first offenses, the sample was narrowed down to consent agreements that were issued to
repeat offenders. These consent agreements are Raytheon (2003), Raytheon (2013), Lockheed
Martin (2006), Lockheed Martin (2008), Boeing (2006), Boeing (2008), ITT (2004), and ITT
(2007).
Once the cases were established, each one was analyzed for permanent requirements for
remedial compliance. Permanent requirements are designed to improve a companys export
compliance program. The remedial compliance requirements that met this criteria were:
Employee Training , Employee Reporting, and Automated Export Compliance System
Requirements. This study defines these requirements as follows:

11

Stephanie Sparkman, Saving on Compliance, Pollution Engineering 39, no.6 (Jun. 2007), 47,
http://search.proquest.com.argo.library.okstate.edu/docview/220974352

Permanent Requirement- Requirements mandated within the consent agreement, that are
designed to improve a companys export compliance program, and last beyond the expiration
of the consent agreement. These include: Employee Training, Employee Reporting, and
Automated Export Compliance System Requirements.
Employee Training Requirement- Any requirement that mandates additional measures to train
employees. This includes: the training of all employees and managers to a certain level of ITAR
proficiency, the hiring of expert trainers, and the implementation of ITAR training records
keeping.
Employee Reporting Requirement- Any requirement that pertains to employee reporting
mechanisms such as: the promotion and publication of employee reporting mechanisms, the
submission of status reports, and additional oversight of employee reporting.
Automated Export Compliance Requirement (AEC)- Any requirement that consists of export
compliance or automated export compliance actions to be taken including; the hiring of
additional staff or experts, structural changes, or conducting internal studies Any requirement
that mandates the implementation or improvement of automated export compliance systems.
This includes controls on electronic technical data through physical and intangible means.
Some permanent requirements are repeated in multiple sections throughout the consent
agreement. In order to avoid double counting, this study did not count the number of
permanent requirements. If a permanent requirement was mandated within the consent
agreement, it was marked as being present. To provide context on permanent requirements,
the requirements text was noted.

Results
Table 1- Permanent Requirements
Consent Agreement ID
Raytheon 2003
Raytheon 2013
Boeing 2006
Boeing 2008
Lockheed Martin 2006
Lockheed Martin 2008
ITT 2004
ITT 2007

Employee Training
X
X
X
X
X
X
X
X

Employee Reporting

AEC Systems

X
X
X

X
X

X
X

This section discusses each requirement separately and examines the overall trends,
requirement guidelines, and cases with other guidelines.
Employee Training Requirements
Employee training requirements were present in every consent agreement. Since most
violations involve employee negligence, the DDTCs emphasis on training is less than surprising.
A deeper analysis, into each requirement, revealed a pattern of enforcement.
After analyzing specific training requirements, three general guidelines frequently appear.
Using the Raytheon (2013) consent agreement as an example of these guidelines, the training
requirements are:
1.

All Respondent employees engaged in ITAR regulated activities are familiar with the

AECA and the ITAR, and their own and Respondent's responsibilities thereunder;

2.

All persons responsible for supervising those employees, including senior managers of

those units, are knowledgeable about the underlying policies and principles of the AECA and
the ITAR;
3.

There are records indicating the names of employees, trainers, and level and area of

training received (e.g., identification, classification, and provision of technical data, applicability
of ITAR to foreign origin defense articles, export, re-export, and re-transfer requirements, etc.).
The analysis found that most training requirements had variations of these guidelines. On some
occasions, the training was targeted at one group of employees operating in specific capacities.
This generally appeared in cases where a single business unit, department, or subsidiary was
responsible for the bulk of violations.
There were three cases that lacked general guidelines. In the Lockheed Martin (2006),
Lockheed Martin (2008), and Raytheon (2003) consent agreements, the training requirements
were different from the other consent agreements. Both Lockheed Martin consent agreements
had very specific training requirements that were tailored to their violations. However, the
Raytheon (2003) consent agreement had very general requirements.

Consent Agreement ID
Raytheon 2003
Raytheon 2013
Boeing 2006
Boeing 2008
Lockheed Martin 2006
Lockheed Martin 2008
ITT 2004
ITT 2007

Table 2- Employee Training Guidelines

Training For All Employees Training for Supervisors
X
X
X
X
X
X
X

Training Records

X
X
X

X
X
X

X
X

X
X

AEC System Requirements

AEC system requirements revealed a general trend in enforcement. With the exception of one
case, all repeat offenses contained requirements for implementation AEC systems. However, a
comparison of each requirement yielded two common guidelines.
When looking at the pool of AEC system requirements there are a total of seven guidelines.
The guidelines associated with AEC system requirements are:
1.

This system will track the decision process from the initiation of a request for potential

export authorization or clarification of an existing authorization to its conclusion.

2.

This system will cover the initial identification of all technical data and technical

assistance in any form proposed to be disclosed to any foreign persons and will be accessible to
DTCC upon request.
3.

Must develop email system a means of alerting users to the AECA and ITAR

requirements on electronic transmissions of ITAR technical data. This alert system will include a
login banner that is displayed when any employee logs onto the system, which will describe
AECA and ITAR requirements and offer contact information for anyone who has further
questions.
4.

In order to prevent unintentional or accidental transmissions to unauthorized recipients,

training must be provided to all employees to ensure that any type of electronic transmissions

of ITAR controlled technical data are sent in accordance with ITT' s export compliance policies
and procedures.
5.

Respondent will develop and implement policies, procedures, and training to ensure

accurate identification and tracking of ITAR- controlled technical data that is transferred
electronically via Respondent's information technology infrastructure, including by email, or
through tangible transfers outside of Respondent's information technology networks. These
measures will also control the movement of laptops and portable storage devices containing
ITAR-controlled technical data.
6.

This system will provide for automated management of compliance with ITAR Part 124

agreements and Part 123 temporary import and export authorizations.

7.

Implement measures that will track, control, and record access to ITAR-controlled

technical data by all users, including transfers onto laptops and portable storage devices,
consistent with foreign privacy laws and any other technology or legal limitations.
Two guidelines were consistently found in most of the cases involving repeat offenders. These
involved tracking the export authorization process and identifying the disclosure of technical
data to foreign persons. These guidelines appear in every case involving AEC System
Requirements.
Employee Reporting
Surprisingly, employee reporting requirements were only found in three cases. As seen in
Table 1, employee reporting requirements appeared in the Raytheon (2013), ITT (2004), and ITT

(2007) consent agreements. Within these requirements there is only one guideline that can be
identified, and it appears in each requirement. The only guideline for employee reporting
programs is: The company must promote and publicize the availability of its employee
reporting mechanism to ensure violations may be reported without fear of recrimination or
retaliation. Overall, employee reporting requirements are minor in comparison to other
requirements.

Discussion
The results of our review suggest several trends in ITAR enforcement and commonly mandated
requirement guidelines. Our review finds that the DDTC places a high priority on training. There
is also an emphasis on AEC systems, but in most cases these systems are only mandated when
previous attempts to correct compliance problems have failed. This could be related to DDTC
leniency on first time offenders or the specific circumstances surrounding the consent
agreements. The DDTC directed guidelines for employee training and AEC systems provide a
blueprint of compliance program enhancements that every company should consider. While
employee training on compliance/reporting could be integrated at many levels as a
preventative measure, well planned AEC systems serve as an efficient way to document and
report compliance.
The guidelines within AEC system requirements have the greatest potential to increase
compliance efficiency. These guidelines enhance compliance programs in two areas. First, is
the enhancement of export and import authorizations. If automated systems effectively
identify, track, and control export authorizations, DDTC officials will be able to easily monitor

compliance. The second area is focused on controlling intangible transfers of technical data.
Automated systems could bring clarity and accountability to this area, and allow the DDTC to
finally provide accurate and reliable oversight.

Conclusion

If defense and aerospace companies take necessary steps towards creating effective
compliance programs, regulators may feel that reforms can be implemented without fear of
endangering national security or placing an unmanageable burden on companies. The answer
may lie with automation, but reform will definitely take cooperation. By effectively
communicating, companies and regulators can assure that their needs will be considered during
the process of reform. In order to produce lasting and meaningful reform there must be
benefits for both sides.
This study attempts to identify common themes in compliance mandates to highlight some
effective initial steps towards better compliance, but every situation is unique. Though
common themes emerged, there is no way to determine causality with so little previous
research. Most of the studies that consider ITAR reform are focused at the regulatory level and
they do not mention bottom up reforms.
Moving forward, research in this area could examine specific company processes and
determine the level of automation that can be achieved. Study on this level could produce

measurable steps that companies and regulators could make to truly enact reforms. In addition,
there could be an in-depth examination on the methods used to evaluate company compliance
from a regulatory standpoint. This could provide companies with insight into how they are
being evaluated.
While research on company compliance could provide many insights for regulators and
companies, there are many barriers in this field because of the lack of available data. The
documents available lack specific information to provide context for each companys situation.
Without knowing the exact forces at work on a company level there can only be broad
suggestions given. The companies within the defense and aerospace industry represent a
diversified field of supply chains, corporate structures, and customer bases. Hopefully, future
research will gather the missing contextual data and we can begin building a more complex
model of effective compliance interventions. Applying automated export compliance systems
to these companies may prove difficult, but the benefits are priceless.

Bibliography
Fried Frank's Aerospace and Defense Practice. ITAR Enforcement Digest. Digest, Fried Frank, 2012.
Government Accountability Office. Defense Trade: Arms Export Control System in the Post 9/11
Environment. Briefing, Washington D.C.: Government Accountability Office, 2005.
Henson, Matthew, interview by Stephen Hudson. Statement of Work (May 8, 2013).
Morley, Jefferson. Arms Control Association. 12 1, 2013.
http://www.armscontrol.org/act/2013_11/Obama-Eases-Rules-on-Arms-Exports (accessed
November 7, 2013).
Nosanov, Jeffrey P. "Viewpoint: International Traffic in Arms." Astropolitics: The International Journal,
2009: 206-227.
Sparkman, Stephanie. "Saving on Compliance." Pollution Engineering. June 2007.
http://search.proquest.com.argo.library.okstate.edu/docview/220974352 (accessed 11 8, 2013).
World Trade Organization. "World Trade Report 2013." World Trade Organization. 2013.
http://www.wto.org/english/res_e/booksp_e/anrep_e/anrep13_e.pdf (accessed 10 4, 2013).