It’s my long-held position that technology controls present the most challenging export compliance challenge. Last month’s consent agreement between the Directorate of Defense Trade Controls and Honeywell International illustrates my point quite well. As we’ll discuss, Honeywell fell into three of the most common traps for unauthorized exports of controlled information. Companies subject to the International Traffic in Arms Regulations would do well to study the case.
Summary of Charges
According to the DDTC proposed charging letter, the unauthorized exports included documents that “contained engineering prints showing layouts, dimensions, and geometries for manufacturing castings and finished parts for multiple aircraft, military electronics, and gas turbine engines.” As “Information . . . required for the . . . manufacture . . . of defense articles,” the documents constituted “technical data” under section 120.10(a)(1) of the ITAR.
That the DDTC considered the unauthorized exports to be serious is reflected in its issuance of a consent agreement, and assessment of a $13,000,000 civil penalty. Honeywell had voluntarily disclosed the exports and cooperated with DDTC’s investigation, which served to mitigate the penalty amount. On the other hand, DDTC noted a number of aggravating factors: the company’s failure to address deficiencies underlying previous unauthorized exports, harm to U.S. national security, and that some of the technology transfers concerned Significant Military Equipment and some were to China, a proscribed destination.
Compliance Program Failures
First, Honeywell sent product-related drawings to prospective suppliers located outside the U.S., without having obtained the required authorization. It thus made the common mistake of failing to recognize and place adequate controls on, all channels for technical data exports. It may be easy to overlook parts procurement as a possible stage for controlled exports; after all, the products have not yet been manufactured, and the designs and drawings relate to parts that an outside vendor will manufacture, and thus may not be recognized as production technology.
In addition, the company misclassified documents which contained technical data as non-controlled. Honeywell “personnel either failed to review the export control classifications for multiple technical documents or used a classification analysis method that did not properly categorize the documents as described on either the USML or the Commerce Control List (CCL).” Again, misclassification is a common – perhaps the most common – cause for unauthorized exports of controlled information.
Finally, Honeywell had established a file exchange tool which required classification of information prior to transfer. Company personnel bypassed that tool, with the predictable result that controlled documents were exported without authorization. Employees’ failure to follow mandated procedures for technical data transfers is a third common cause of unauthorized exports.
Compounding the situation, Honeywell had already identified possible violations, disclosed them, and attempted to revamp its system to avoid recurrences. That did not work, however, because the same thing happened again. I’ve found that DDTC is generally lenient when exporters come clean about improper exports, as long as remedial measures are put in place. The agency shows far less patience when those measures are either not followed or prove ineffective and learns about subsequent violations.
Lessons to Be Learned?
The takeaway is that technical data compliance requires a company-wide effort. As the Honeywell case shows, the various forms technical data may take, and diffuse ways in which it may be exported, pose multiple challenges. All possible avenues for information transfers must be identified and brought within a mandatory process to determine the control status of particular documents, drawings, diagrams, and other data, and ensure that applicable DDTC authorizations are in place before exports occur.