foreign person employees (fpes): obtaining authorization and … · 2018. 5. 1. · u.s. department...

Society for International Affairs

Foreign Person Employees (FPEs):Obtaining Authorization and

Implementing Necessary Workplace Restrictions

Anthony DearthChief of StaffOffice of Defense Trade Controls

Rob MonjayOffice of Defense Trade Controls Policy

Laura ForteRUAG Space US

Kelli BullingtonCobham AdvancedElectronic Solutions

Rick LairdThe Boeing Company

U.S. Department of State s Directorate of Defense Trade Controls

Foreign Person Employees

Anthony M. Dearth

DDTC Chief of Staff


FOREIGN PERSON EMPLOYMENT

• Web Guidance Dated 7/18/12

• Applies to foreign person employees of U.S. persons

• ITAR 120.39 defines “Regular Employee”

• Depending on level of defense services, can be licensed via:

• DSP-5 for Unclassified minimal defense services (124.1(a) exception to TAA)

• DSP-85 for Classified minimal defense services (124.1(a) exception to TAA)

• Technical Assistance Agreement (TAA) for extensive defense services

• Application MUST be supported with specific documentation


FOREIGN PERSON EMPLOYMENT

• Required Documentation to support application

• Resume/CV

• Copy of Passport

• VISA or Work Authorization (U.S.-based employees)

• Job Description

• Description of Technical Data employee will receive access to

• Non-Disclosure Agreement (NDA)

• DSP-83 for Classified or SME technical data

NON-US EMPLOYEES ASSIGNED TO US LOCATIONS

Presented by: Rick Laird, Manager, Global Trade Controls, The Boeing Company

SIA Proprietary

HIRING CONSIDERATIONS FOR NON-US EMPLOYEES

AT US LOCATIONS

Hiring or assigning Non-US Employees to positions at a US location . . . do you have a process?

• Early identification!

• Are there questions/prompts in hiring processes that ensure the staffing organization reaches out to the trade control group for guidance?

• What about re-assignment/relocation process for existing employees?

• Checklist/evaluation tool to allow Hiring Manager to assess statement of work for export control purposes?

• Licensing required? If so, what is the lead time needed to obtain proper export authorizations (3-6 months)?

SIA Proprietary

HIRING CONSIDERATIONS FOR FOREIGN PERSON

EMPLOYEES AT US LOCATIONS

Additional Considerations:

• Consultants? Executives? Interns? Critical Hires? Does everyone follow the same process for job assignments?

• Statement of Work may change over time

− Increased Scope

− Technology advances may invalidate existing licenses

− Desire to transition from a commercial “EAR NLR” assignment to an ITAR-controlled one

• Pending US Person status

• Contractual obligations

• Lack of early identification may result in delays due to insufficient export licensing

SIA Proprietary

TECHNOLOGY CONTROL PLANS

Do you have a process for establishing Technology Control Plans (TCP) when non-US Persons are assigned to US facilities?

• Applies to all assigned non-US persons (e.g. employees and non-employees)

Generally . . . TCPs are required when a non-U.S. person will be granted unescorted access in an ITAR controlled area. A TCP may also be required by provisos.

Do you have continuous escort plans when TCPs are not available?

Building Security Control Plans

• Plans that identify export-controlled areas with appropriate and conspicuous signage.

• Helpful in developing TCPs

SIA Proprietary

TCP Considerations

• Badging; Badge Readers; Cyber Locks

• Floor Plans/Maps detailing:

− Access Routes and Emergency Evacuation Routes

− Perimeter of Unescorted Access Areas

− ‘Green areas’, buffer zones, restricted areas, etc.

• Signage

• Telephone Use (e.g. camera limitations?)

• Copier Use

• Certification/TCP briefing acknowledgement

• Training/Briefings to colleagues

• Process to notify and revise, as necessary. Timetable for review/updates (annually?)

SIA Proprietary



What about access to Information Technology Systems?

Does your TCP address access to IT systems (e.g. an IT Access Control Plan)?

• IT systems need to have controls that restrict unauthorized access to export-controlled information by non-US persons.

− Does the system have controls that allow information to be segregated or do users obtain access to all data?

− Does the IT system allow (and require!) the marking of data?

− Can the system be configured so that only information approved for export can be accessed by the non-US person (e.g. under an appropriate license or authorization)?

• Does the TCP allow for alternative methods for transferring approved data if IT systems access is not feasible?

SIA Proprietary

RISK CONSIDERATIONS FOR FOREIGN PERSONEMPLOYEES AND US PERSONS ABROAD

Presented by:

Kelli Bullington, Export Compliance Manager, Cobham Advanced Electronic Solutions

SIA Proprietary

FOUNDATION REQUIREMENTS FOR FPE AND USPE SCENARIOS

Obtain Authorization

Conduct Restricted Party Screening

Restrict/Isolate Controlled Areas

Implement Facility Access/Badging and Escort Policies

Establish Technology Control Plans

Obtain NDA’s and Required Records

Consider Anti-discrimination laws

SIA Proprietary

USPE Working for Foreign Affiliate

(Parent/Sub/Affiliate)

USPE Working for USCO Abroad

FPE Working for USCO

FPE Working for USCO Abroad

NOW WHAT?MAINTAIN AND SUSTAIN

1. Identify the Applicable Risks

• Consider Provisos of Applicable Authorizations

• Review Consent Agreements and Other Lessons Learned

• Consult with Experienced Employees

• Develop “USPE/FPE Categorization Methodology”

2. Quantify the Risks

• Develop “Impact Legend”

• Utilize Experienced Employees

• Be Consistent

SIA Proprietary

3. Establish Risk Threshold

• Develop Heat Map

4. Create a Plan (eliminate or mitigate)

• Document

• Develop “Micro TCP”

• Utilize Automation Tools

• Incorporate “Education and Engagement Plan”

• Develop Change Management Plan

5. Monitor

• Is it Measurable and Effective?

• Is it Efficient? Adaptable?

• Move towards “Predictive Monitoring”

SCENARIO RISK FACTORS FOR CONSIDERATIONUSPE ABROAD

1. Defense Service Type (EX: Field Service Rep., Advisor, Technician, Logistics, etc.,)

2. Authorization Type and Risk of Applicable Restrictions

(EX: FMS, DCS, TAA, TPT, Provisos, etc.,)

3. Directorate/Dept./Program “Export Health”

4. Defense Article/Technical Data Type (EX: SME, EAR, ITAR, etc.,)

5. End User and/or Level of Third Party Interaction

6. Employee Export Knowledge, Specialized Background

SIA Proprietary

Utilize Risk Assessment to Determine:

Frequency and Depth of Export Education Frequency of Engagement Recordkeeping Requirements and Best

Practices Potential Risks Associated with Change

and Ability to Detect

HAVE YOU THOUGHT OF EVERYTHING?USPE OR FPE ABROAD

• Employees should be aware of other countries export/import laws

• Elicitation of employees

• Employees traveling with information from previous employment

• Employees advising each other on regulations

• Advising on foreign origin equipment, technology, programs, etc.,

• Comparing US and foreign technology

• Recommending new technology

SIA Proprietary

• Employee position scope creep

• Employee inadvertently develops technical data abroad

• End User introduces new parties/individuals

• Inability to determine employer of other Parties (contract employee vs. regular employee)

• Foreign party organization restructuring (i.e. mergers, acquisitions)

• Foreign influence

• And more…

EXPORT CONTROL CONSIDERATIONS FOR MANAGING

AUTHORIZATIONS OF FPE AND USPES ABROAD

• Be intentional, creative and keep it simple for employees;

• Be careful with making broad generalizations and assumptions;

• Develop methodology for categorizing employees level of risk;

• Identify the important changes to be made;

• Create export communication structure and account for time difference;

• Provide consistent guidance, training and oversight;

• Utilize technology for automated engagement with employees abroad.

SIA Proprietary

FOREIGN PERSON EMPLOYEES:U.S. SUBSIDIARY OF FOREIGN PARENT

Presented by: Laura Forte, Global Trade Controls Manager, RUAG Space USA

SIA Proprietary

FOREIGN PERSON EMPLOYEES – U.S. SUBSIDIARIES

• FIRST - Must have a documented Technology Control Plan in place.

• What gates and procedures are in place to prevent unauthorized access and/or release of export-controlled technical data and/or the provision of defense services to non-U.S. persons?

• Data Storage – Where and how? How to access? Who controls gates?

• Data Transfers – Secured method?

• Foreign Travel – Who, where, why, and what will be hand-carried?

• Foreign Visitors – Who, where, why, and what will be hand-carried?

• Webinars / Video Conferences – Who is attending? Subject? Recorded? Stored?

• IT structure? ERP system? Intranet controls?

SIA Proprietary


• Must implement a training program explaining U.S. export control regulations and educate employees on the Technology Control Plan, and respective company policies and procedures.• Training to identify and define controlled technical data, defense

services, U.S. persons, non U.S. persons, exports (tangible, intangible), company personnel responsible for compliance oversight and guidance, and recordkeeping requirements (e.g., logs, retention periods).

• Onboard training, annual training, targeted training, all documented.

SIA Proprietary


• Export Challenge – Ongoing collaborative efforts with non-U.S. parent and other non-U.S. subsidiaries in the design, development and manufacture of launcher fairings and structures for launch vehicles.

• Authorization Solution – Manufacturing License Agreement.• Specific to identified and approved signatories, sublicensees,

territories, USML categories and scope of effort defined.

• Dual/Third Party National employee screening.

• Strict recordkeeping requirements and reporting requirements.

SIA Proprietary


• Ongoing export challenges –• Change in scope.

• Expansion of effort – new hardware – new USML.

• New product development spinning off existing product efforts.

• Change in employees, change in DN/TCN status/nationalities.

• Addition of sublicensees and respective territories.

• Recordkeeping.

• Reporting.

• Training.

SIA Proprietary

foreign person employees (fpes): obtaining authorization and … · 2018. 5. 1. · u.s. department...

Documents