Trade Group Presents Export Compliance, Enforcement Challenges to BIS
The Bureau of Industry and Security recently met with a group of industry and university officials to hear about challenges plaguing export compliance professionals, including problems doing due diligence on foreign parties, lengthy timelines for export license applications and more.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
The meeting was held in late February in Washington and involved BIS, the International Sanctions and Export Control Society and other U.S. agencies, ISECS told Export Compliance Daily. The group used the meeting to present the results of its first member survey on U.S. export enforcement, which asked members about a range of export enforcement risks and the compliance challenges they’re causing.
The survey focused on a joint alert BIS issued with the Treasury Department’s Financial Crimes Enforcement Network in November 2023, which identified red flags that the U.S. government said may signal export control evasion (see 2311060055). ISECS said its members pinpointed another 16 compliance risks not included in those red flags, including issues complying with burdensome contract clauses, unclear regulatory standards for determining beneficial ownership and inconsistent export licensing terms.
ISECS wanted to share its findings with BIS and other agencies to help the government gain a fuller understanding of some of the challenges faced by compliance professionals working both for businesses and in higher education, said Wendy Epley, ISECS secretary and deputy managing director for the society’s American chapter.
While BIS already speaks with “industry leaders” about compliance problems, “sometimes that feedback might not be as encompassing as it could be,” Epley said in an interview this month. She said ISECS presented the "unedited" results of its survey to the government.
“We did not water it down the survey in any way, and so I think that was helpful for BIS to be able to understand more truthfully what the challenges are that industry is facing.” She said the survey was “very well received.”
ISECS asked its members to rank how often they encounter certain red flags, and members said they most often run into issues with customers that have a similar name or address to a party on a U.S. government restricted party list, such as the Entity List. Epley, who works in the governance, risk and compliance team at the University of Arizona’s Information Security Office, said compliance professionals face “a number of false positives” when screening other parties, and it can be difficult to determine whether the person is on the Entity List or just has a similar name or address to a party that is.
Compliance officials can try to convince the customer to sign an attestation that they aren’t the party on the Entity List or to verify certain personal information, Epley said, but she said those can sometimes be sensitive questions to ask. “It starts to become a very touchy situation when you're asking somebody to stand up for themselves that they are not" a party on the Entity List, she said, adding that the process can also take too much time.
“The wheels of opportunity turn so fast, especially in the United States, that sometimes we need a quicker way to do those verifications,” she said.
Epley said compliance professionals want government lists, in some cases, to have more identifying information about the listed parties. “If it's the U.S. government that is putting the names on these lists, then I think it should be the U.S. government's responsibility to ensure that those lists are as complete as possible for industry, and for higher education, who are to be using those lists to ensure that they know who their customer is," she said.
ISECS also said its members reported lengthy license application times. Epley said one of her State Department licenses several years ago was approved within one day, but others have reported licenses taking nine months to over a year. “That is just too long,” she said.
The group recommended that BIS revamp its current licensing system, Simplified Network Application Process-Redesign (SNAP-R), and model it after the State Department’s Defense Export Control and Compliance System. Members also said licensing terms tend to vary for similar applications, and more consistency could help compliance.
Other challenges stem from burdensome clauses in contracts that may not always be necessary. Epley said some parties to a contract may include a clause that requires all the parties to treat certain goods or activities as subject to strict licensing requirements, including those under the International Traffic in Arms Regulations, when they aren't controlled under the ITAR.
Some organizations “may look at this as a good practice because they want to ensure that something is going to be protected really, really well,” Epley said, but “it puts all parties involved in the contract at risk of having to answer for a potential ITAR violation when the subject or subject matter is not subject to the ITAR." She said it’s important for companies that contract with other organizations to scrutinize the contract language to “understand exactly what they're getting into.”
ISECS members gave the U.S. government a range of other suggestions that they said could make compliance easier, including by working closer with allies. The group said the U.S. should better harmonize licensing decisions with other countries and create a global partnership to help manage research activities that may involve military end-uses and end-users.
Epley said ISECS hopes to conduct the survey each year and compare the data over time. “I think the general consensus was they were very appreciative of the insight,” she said of BIS. A BIS spokesperson didn't respond to a request for comment.