On February 28, 2024, the U.S. Department of State and The
Boeing Company (Boeing) agreed to an administrative settlement
regarding 199 violations by Boeing of the Arms Export Control Act
(AECA) and the International Traffic in Arms Regulations (ITAR). As
a result of that settlement, Boeing was fined $51 million ($27
million to be paid over the next 3 years, plus $24 million
suspended but required to be applied internally to consent
agreement conditions). Boeing will also be subject to a plethora of
other conditions over the next three years, including government
monitoring via a Special Compliance Officer, which will oversee
Boeing’s adherence to the conditions of the settlement.
Given Boeing’s recent, well-publicized issues, this
settlement with the U.S. Government for export violations may seem
somewhat “small potatoes” for a company that tends toward
transactions in the billions of dollars. But the real value here is
what companies of any size that engage in export transactions, and
particularly exports of ITAR-controlled goods, can learn from the
published records of the settlement (referred to as a Consent
Agreement) and thus, prevent the same issues from negatively
impacting company revenue and damaging market reputation.
The violations with which Boeing was charged could be considered
a primer on some essential ITAR compliance basics — 1)
unauthorized exports and retransfers of technical data to
foreign-person employees and contractors; 2) unauthorized exports
of defense articles, including technical data; and 3) violations of
license terms, conditions, and provisos of Department of State
Directorate of Defense Trade Controls (DDTC) authorizations. You
can access the full settlement documents here, but following are some key
take-aways worth highlighting.
What NOT to Do
- Do not transfer ITAR-controlled goods, software, or
technical data to Foreign Persons1 without authorization
from DDTC, even if the Persons are employees or contractors of the
company.
From 2013 to 2020, foreign person
employees at multiple Boeing non-U.S. locations, including China
and Russia, accessed ITAR-controlled technical data via an internal
digital technical document library without a license or
authorization from DDTC to do so. Why is that so important? Because
some of the files downloaded contained technical information on
U.S. military fighter aircraft like the F-18, F-15, F-22, and AH-64
Apache helicopters, as well as technical data on missiles and
missile defense systems. In their findings, DDTC stated the China
downloads “caused harm to U.S. national security” and the
Russia downloads “created the potential” for the same
harm.
- Do not export any commodities (hardware, software, and
technical data) that are not classified accurately prior to
export.
The process of determining which
regulatory agency has jurisdiction over the export of a commodity
is the newel post to export compliance. The jurisdiction
determination (either ITAR or Department of Commerce Export
Administration Regulations (EAR)), and the subsequent commodity
classification under each jurisdiction, dictates the set of
regulatory controls that must be followed for each export
transaction. In the present case, DDTC found that on multiple
occasions Boeing exported military aircraft systems listed on the
United States Munitions List (USML) of the ITAR incorrectly as EAR
controlled items to multiple countries. Exports of commodities
subject to ITAR controls are generally subject to greater
restrictions than EAR controlled items.
- Do not exceed approved value or quantity of exports
made under export authorizations or licenses from
DDTC.
Boeing disclosed to DDTC that it
violated the ITAR in multiple instances by exceeding the authorized
value and authorized quantity of DDTC approved export licenses. All
export licenses issued by DDTC are specific to the exact commodity
and its quantity and related value. It is important to develop an
internal tracking system that supports accurate and timely
decrementation of export licenses to prevent exceeding permitted
limits to avoid violations.
- Do not ignore provisos placed by DDTC on approved
export licenses.
Export authorizations approved and
issued by DDTC to exporters often come with additional conditions
explicitly stated on the license. These additional conditions are
called “provisos” and must be adhered to in the course of
the export transaction, in addition to the applicable regulatory
controls. In the Boeing case, DDTC found that Boeing had multiple
violations of the ITAR related to non-compliance with export
authorization provisos. For example, DDTC issued an export
authorization to Boeing authorizing certain exports of technical
data to Israel; however, the authorization included explicit
prohibitions on exporting technical data controlled under specific
USML categories. Boeing violated the terms of the approved export
licenses by exporting technical data controlled under the
prohibited USML categories.
What You Can Do
- Ensure internal export control programs are adequate to
protect from unauthorized exports.
In its findings against Boeing, the
Department of State claimed the settlement “highlights the
importance of exporting defense articles only pursuant to
appropriate authorization.” The simplicity of this statement
stressing compliance may contrast with the complexity of internal
controls necessary to ensure such compliance. There is no “one
size fits all” internal compliance program. Particularly in
the case of ITAR exports, it is important to establish a level of
control appropriate to your company’s export activities and
necessary to ensure no less than minimum requirements are met.
- Consider making a voluntary disclosure to DDTC when
violations are detected.
In the settlement agreement, DDTC
noted that “Respondent voluntarily disclosed all matters
referenced herein, a considerable majority of which predate 2020,
after which Respondent incorporated numerous improvements to its
compliance program; and that Boeing voluntarily expanded the scope
of its internal investigation into these matters and cooperated
with the Department’s review of these matters.”
Boeing’s willingness to voluntarily disclose violations was a
significant mitigating factor in the settlement of this case. No
internal export controls program is foolproof. When mistakes do
happen and violations occur, it is important to consider the merit
of a voluntary disclosure to DDTC. If the company determines that
voluntary disclosure is warranted, we recommend that you seek the
advice of experienced trade counsel to help guide the process.
The trade professionals at Torres Trade Law are highly skilled
at navigating the often-complex path of ITAR compliance and other
regulatory trade controls. Contact us for assistance. For more
articles like this and information about our firm, check out our
website.
Footnote
1. The ITAR defines Foreign Person as “any
natural person who is not a lawful permanent resident as defined by
8 U.S.C. 1101(a)(20), or who is not a protected individual as
defined by 8 U.S.C. 1324b(a)(3). It also means any foreign
corporation, business association, partnership, trust, society, or
any other entity or group that is not incorporated or organized to
do business in the United States, as well as international
organizations, foreign governments, and any agency or subdivision
of foreign governments (e.g., diplomatic missions).” And
Person means any “corporation, business association,
partnership, society, trust, or any other entity, organization or
group, including governmental entities.”
On February 28, 2024, the U.S. Department of State and The
Boeing Company (Boeing) agreed to an administrative settlement
regarding 199 violations by Boeing of the Arms Export Control Act
(AECA) and the International Traffic in Arms Regulations (ITAR). As
a result of that settlement, Boeing was fined $51 million ($27
million to be paid over the next 3 years, plus $24 million
suspended but required to be applied internally to consent
agreement conditions). Boeing will also be subject to a plethora of
other conditions over the next three years, including government
monitoring via a Special Compliance Officer, which will oversee
Boeing’s adherence to the conditions of the settlement.
Given Boeing’s recent, well-publicized issues, this
settlement with the U.S. Government for export violations may seem
somewhat “small potatoes” for a company that tends toward
transactions in the billions of dollars. But the real value here is
what companies of any size that engage in export transactions, and
particularly exports of ITAR-controlled goods, can learn from the
published records of the settlement (referred to as a Consent
Agreement) and thus, prevent the same issues from negatively
impacting company revenue and damaging market reputation.
The violations with which Boeing was charged could be considered
a primer on some essential ITAR compliance basics — 1)
unauthorized exports and retransfers of technical data to
foreign-person employees and contractors; 2) unauthorized exports
of defense articles, including technical data; and 3) violations of
license terms, conditions, and provisos of Department of State
Directorate of Defense Trade Controls (DDTC) authorizations. You
can access the full settlement documents here, but following are some key
take-aways worth highlighting.
What NOT to Do
- Do not transfer ITAR-controlled goods, software, or
technical data to Foreign Persons1 without authorization
from DDTC, even if the Persons are employees or contractors of the
company.
From 2013 to 2020, foreign person employees at multiple Boeing
non-U.S. locations, including China and Russia, accessed
ITAR-controlled technical data via an internal digital technical
document library without a license or authorization from DDTC to do
so. Why is that so important? Because some of the files downloaded
contained technical information on U.S. military fighter aircraft
like the F-18, F-15, F-22, and AH-64 Apache helicopters, as well as
technical data on missiles and missile defense systems. In their
findings, DDTC stated the China downloads “caused harm to U.S.
national security” and the Russia downloads “created the
potential” for the same harm.
- Do not export any commodities (hardware, software, and
technical data) that are not classified accurately prior to
export.
The process of determining which regulatory agency has
jurisdiction over the export of a commodity is the newel post to
export compliance. The jurisdiction determination (either ITAR or
Department of Commerce Export Administration Regulations (EAR)),
and the subsequent commodity classification under each
jurisdiction, dictates the set of regulatory controls that must be
followed for each export transaction. In the present case, DDTC
found that on multiple occasions Boeing exported military aircraft
systems listed on the United States Munitions List (USML) of the
ITAR incorrectly as EAR controlled items to multiple countries.
Exports of commodities subject to ITAR controls are generally
subject to greater restrictions than EAR controlled items.
- Do not exceed approved value or quantity of exports
made under export authorizations or licenses from
DDTC.
Boeing disclosed to DDTC that it violated the ITAR in multiple
instances by exceeding the authorized value and authorized quantity
of DDTC approved export licenses. All export licenses issued by
DDTC are specific to the exact commodity and its quantity and
related value. It is important to develop an internal tracking
system that supports accurate and timely decrementation of export
licenses to prevent exceeding permitted limits to avoid
violations.
- Do not ignore provisos placed by DDTC on approved
export licenses.
Export authorizations approved and issued by DDTC to exporters
often come with additional conditions explicitly stated on the
license. These additional conditions are called
“provisos” and must be adhered to in the course of the
export transaction, in addition to the applicable regulatory
controls. In the Boeing case, DDTC found that Boeing had multiple
violations of the ITAR related to non-compliance with export
authorization provisos. For example, DDTC issued an export
authorization to Boeing authorizing certain exports of technical
data to Israel; however, the authorization included explicit
prohibitions on exporting technical data controlled under specific
USML categories. Boeing violated the terms of the approved export
licenses by exporting technical data controlled under the
prohibited USML categories.
What You Can Do
- Ensure internal export control programs are adequate to
protect from unauthorized exports.
In its findings against Boeing, the Department of State claimed
the settlement “highlights the importance of exporting defense
articles only pursuant to appropriate authorization.” The
simplicity of this statement stressing compliance may contrast with
the complexity of internal controls necessary to ensure such
compliance. There is no “one size fits all” internal
compliance program. Particularly in the case of ITAR exports, it is
important to establish a level of control appropriate to your
company’s export activities and necessary to ensure no less
than minimum requirements are met.
- Consider making a voluntary disclosure to DDTC when
violations are detected.
In the settlement agreement, DDTC noted that “Respondent
voluntarily disclosed all matters referenced herein, a considerable
majority of which predate 2020, after which Respondent incorporated
numerous improvements to its compliance program; and that Boeing
voluntarily expanded the scope of its internal investigation into
these matters and cooperated with the Department’s review of
these matters.” Boeing’s willingness to voluntarily
disclose violations was a significant mitigating factor in the
settlement of this case. No internal export controls program is
foolproof. When mistakes do happen and violations occur, it is
important to consider the merit of a voluntary disclosure to DDTC.
If the company determines that voluntary disclosure is warranted,
we recommend that you seek the advice of experienced trade counsel
to help guide the process.
Footnote
1. The ITAR defines Foreign Person as “any
natural person who is not a lawful permanent resident as defined by
8 U.S.C. 1101(a)(20), or who is not a protected individual as
defined by 8 U.S.C. 1324b(a)(3). It also means any foreign
corporation, business association, partnership, trust, society, or
any other entity or group that is not incorporated or organized to
do business in the United States, as well as international
organizations, foreign governments, and any agency or subdivision
of foreign governments (e.g., diplomatic missions).” And
Person means any “corporation, business association,
partnership, society, trust, or any other entity, organization or
group, including governmental entities.”
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
#DDTC #BackToBasics #Boeing #Settlement #Export #Controls #Trade #Investment #Sanctions
