Skip to main content
Top Button
Data Transfers Raise Serious Export Control Risk—Defense Manufacturer Faces $13 Million Penalty for Data Transfers Raise Serious Export Control Risk—Defense Manufacturer Faces $13 Million Penalty for

Data Transfers Raise Serious Export Control Risk—Defense Manufacturer Faces $13 Million Penalty for Unauthorized Exports

Exporters often find it easier to focus on export compliance for items that are shipped internationally, which may be easier to track, than the flow of data or services, which in cloud computing environments, can be quite challenging to understand. This can create a regulatory compliance challenge because data and services are also subject to export controls— and in the defense sector, to controls flowing from the Arms Export Control Act (AECA), 22 U.S.C. § 2751 et seq. and International Traffic in Arms Regulations (ITAR), 22 C.F.R. Parts 120-130. The ITAR specifically controls technical data, such as drawings and specifications, required to design, develop, and manufacture defense articles. A recently announced enforcement settlement serves as a useful reminder that ITAR-controlled technical data can trigger liability, in the recent matter involving $13 million in civil penalties.
 
Background

On May 3, 2021, the Department of State, which is the primary regulator for ITAR, announced the conclusion of its investigation into the defense manufacturer’s alleged violations of the AECA and ITAR for exporting and retransferring engineering drawings showing layouts, dimensions, and geometries for manufacturing castings and finished parts for aircraft, military electronics, and gas turbine engines used in, among other systems:
 
  • F-35 Joint Strike Fighter,
  • F/A-18 Hornet,
  • F135 turboshaft engine,
  • F414 turboshaft engine,
  • T55 turboshaft engine, and
  • CTS800 turboshaft engine.
According to the Proposed Charge, the alleged violations involved the manufacturer’s efforts to send Requests for Quotations (RFQs) to U.S. and foreign suppliers that contained drawings of the parts for which the suppliers were asked to provide quotes on prices. The same manufacturer had previously self-disclosed violations in 2016 involving ITAR-controlled drawings that were sent to suppliers across the globe, including affiliates and separate companies in China. Although the manufacturer undertook to take corrective action to prevent future violations, in 2018 it discovered that employees were, again, exporting similar technical data to Chinese and other foreign companies as part of the RFQ process.

Having self-reported the matter, the manufacturer has agreed to pay a civil penalty of $13 million, of which $5 million will be suspended if the manufacturer uses those funds to take remedial compliance measures to strengthen its compliance program.
 
Lessons Learned for Defense Manufacturers & Exporters
 
  1. Technical data is equally controlled, but harder to track and more challenging to protect in your export-control compliance program: ITAR § 120.10 includes technical data, i.e., information required for the design, development, manufacturer, etc. of defense articles, along with defense articles and services, in the list of items that require the State Department’s approval before exporting or retransferring. A solid internal compliance program around technical data needs to focus on IT systems and internal workflows to ensure that the data is technically protected while employees understand their obligations.
  2. Be aware of general policies that restrict exports to certain countries like China: As the State Department highlighted in its Proposed Charge, the U.S. is taking stricter, and broader, measures to prohibit exports and imports of defense articles and defense services, destined for or originating in certain countries, including China. See § 126.1. Companies should identify prohibited countries in their compliance plans and train employees accordingly.
  3. Conduct regular reviews of and training for compliance program policy and execution: During the investigation, the State Department noted that some of the employees were not following the manufacturer’s own compliance plan that it promised to implement after it first disclosed violations in 2016. One challenge that emerged was that the some of the manufacturer’s employees began using a different document sharing system than the one controlled by the manufacturer—a not uncommon scenario when employees choose to use IT services that may not be approved but work better. Tellingly, the manufacturer’s own internal investigation determined that personnel used the alternative system to speed up the procurement process. While companies strive to increase efficiency, they should conduct regular reviews of compliance programs and train employees to prevent people from sacrificing compliance for speed.
  4. Self-report violations: The State Department indicated that it considered the manufacturer’s voluntary disclosure of its violation, along with its cooperation with document requests and agreements to toll statutory enforcement periods, when the State Department assessed the civil penalties to impose. Enforcement actions such as these underscore the advantages that often arise when a company self-reports and does so after conducting a thorough internal investigation.
 
Connect with Ice Miller for More Details

If you have questions concerning the export controls, national security, or compliance investigations, Ice Miller has extensive experience assisting companies to comply with laws governing the export of goods, technology, software, and services, and helping companies navigate ITAR and dual-use export inquiries. Our team includes Guillermo Christensen, office managing partner of the Washington, D.C. office and a former CIA officer with national security experience in the intelligence community and internationally with the U.S. Department of State; and Christian Robertson, a former U.S. Air Force intelligence officer who regularly advises clients on international supply chain matters.

This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader should consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstances.
 
View Full Site View Mobile Optimized