Risk DeterminationInternational Trade Compliance

ICPA

Jasper Helder, Baker & McKenzie, AmsterdamJasper.Helder@bakermckenzie.com

2

Introduction

3

Int. Trade regulatory remit (non-exhaustive)

– Product related– Export Controls

– Customs classification & origin

– VAT rate/Excise duties

– Product safety & RoHS

– Labelling & Packaging

– Environmental

– Transaction related– Sanctions & embargoes

– FCPA

– AML & Forex

– Incoterms

4

Legal appreciation of compliance programs

– US: factor for mitigation of consequences of non-compliance

– EU: Authorised Economic Operator demands compliance program and compliance function

– AEO confers benefits for customs processes

– Export Compliance: national requirements for granting general/global licenses

5

Agenda

– The compliance function as a risk: organisational challenges

– A systematic approach to risks: comparison with the HACCP model

– An example: Export Controls Compliance in the Defense sector

6

The compliance function as a risk: organisational challenges

7

Organisational challenges

– Allocating resources– “Fire fighting” or pro active risk management?

– Allocating the right resources- “Empowered Official” under section 120.25 ITAR

- Authority for policy or management- Legally empowered - Understanding export control statutes- Independent authority to review and verify legality of

transactions without adverse recourse

8

Organisational challenges

– Internal authority

– Budgets

– To whom does compliance report?

– Internal enforcement of decisions/policies/procedures

– Independent review?

9

Organisational challenges

– External authority

– Empowered for external representation

– Understanding the regulatory environment

– Experience is one very good source (but one source besides others)

– “Train the trainer”

10

A systematic approach to risks: comparison with the HACCP model

11

A systematic approach to risks

– Hazard Analysis Critical Control Point (HACCP)

– “a systematic preventive approach to food and pharmaceutical safety that addresses physical, chemical and biological hazards as a means of prevention rather than finished product inspection”

– ISO 22000

– Process based approach to identifying, monitoring and actioning risks to prevent non-compliance (or reduce chances to acceptable levels)

12

A systematic approach to risks

– HACCP Principle 1: Conduct a risk analysis

– A risk is a circumstance which may cause a legal requirement not to be met

– A compliance plan determines the risks and identifies the preventive measures the plan can apply to control these risks

– Identify processes

13

A systematic approach to risks

– HACCP Principle 2: Identify critical control points

– A Critical Control Point (CCP) is a point, step, or procedure in a process at which control can be applied and, as a result, a risk can be prevented, eliminated, or reduced to an acceptable level

14

A systematic approach to risks

– HACCP Principle 3: Establish critical limits for each critical control point

– A critical limit is the maximum or minimum value to which a risk must be controlled at a critical control point to prevent, eliminate, or reduce that risk to an acceptable level

15

A systematic approach to risks

– HACCP Principle 4: Establish critical control point monitoring requirements

– Monitoring to gain control over a process at each critical control point

– Monitoring procedures and frequency incorporated in a compliance plan

16

A systematic approach to risks

– HACCP Principle 5: Establish corrective actions

– Actions when monitoring indicates a deviation from an established critical limit

– Corrective actions to be taken if a critical limit is not met

– Corrective actions must prevent reoccurrence

17

A systematic approach to risks

– HACCP Principle 6: Establish record keeping procedures

– Risk analysis

– Compliance plan & procedures

– Monitoring of critical control points

– Corrective Actions (?)

18

A systematic approach to risks

– HACCP Principle 7: Establish procedures for ensuring the system is working

– Validation to ensure that the compliance procedures are operating in practice

– In itself a critical control point

19

An example: Export Controls Compliance in the Defense sector

20

Compliance Layer 1: Product-related Export Controls

– US Rules– Military: ITAR (Dept. of Defense Trade Controls)– Dual Use: EAR (Commerce Dept., BIS)

– EU Rules – Military Export Controls – Dual Use Lists

– National Rules – Military Lists – Dual Use lists

21

Compliance Layer 2: Transaction related Export Controls

– US Rules:

– ITAR “no go countries” (DDTC)

– Sanctions & Embargoes (OFAC)

– EU Rules

– Sanctions & Embargoes

– National Rules

– Sanctions & Embargoes

– National Control Lists of persons/entities etc.

22

– Be self conscious about your supplier’s compliance– Do not assume your supplier is getting it right– Make sure your end of the project is reflected in your suppliers

compliance steps

– ITAR or EAR classified ?– Commodity jurisdiction required ?

– US Authorisation needed ?– Scope for use of ITAR exemptions ?– Export License: any re-export/retransfer needs ?– TAA: scope of work clearly identified ?

Verify “US Connection”

23

Determine EU & National Controls

– Item subject to EU Dual Use Controls or Military Controls ?– If on Military List

– identify National (and EU) Transaction Controls that may apply

– screen other parties engaged in transactions– Projects: any intra-EU transfers needed

– (check if US Authorizations allow this!)

– If not on Military List– Check Annex I and Annex IV EU Dual Use Reg– If not on Annex I: check Military End Use and National

Controls

24

Elements of practical implementation

– Fixed product catalog: implement Export Control status in Item Master Data in SAP or other ERP systems

– Projects:

– Identify Logistics Flows and Tech Data Flows

– “Compliance Map”

– Before applying for Export Licenses: check the past !

Risk DeterminationInternational Trade Compliance

ICPA

Jasper Helder, Baker & McKenzie, AmsterdamJasper.Helder@bakermckenzie.com