ITAR compliance gaps in two real-world use cases
22 Jan 2020
When it comes to ITAR compliance, organizations need to run a tight ship.
Stringent rules paired with complex operations can make compliance a tall order, but failing to adhere means opening the door to extremely harsh penalties. Two recent cases illustrate this. Compliance problems for two large organizations resulted in $13 million USD and $30 million USD in civil fines and remedial compliance measures respectively. Administration, documentation, and communication mistakes contributed to these penalties, and unfortunately, these are categories of errors that we often see organizations encounter.
In this piece, we examine the errors that led to these penalties and discuss what organizations can do to reduce the possibility of repeating them.
ITAR for manufacturing and supply chain organizationsInternational Traffic Control Regulations (ITAR) control the export of goods, services, and data listed on the United States Munitions List. Manufacturers, exporters, and brokers of these items must adhere to wide-ranging and detailed regulations. It is expected that leaders and employees in organizations subject to ITAR are fully educated and trained regarding the requirements. Violations can lead to significant civil and criminal consequences. Our companion article on ITAR explains this in greater detail and illustrates how a visitor management system can support compliance.
“Violations caused by systemic administrative issues”The charging letter against one information technology services provider and defense contractor listed a number of ITAR violations, including some related to “systemic administrative issues.” These issues specifically involved the handling of DSP-73 licenses, which permit the temporary export of controlled goods.
Many of the infractions were related to information management. Issues included the presentation of incorrect license numbers, insufficient record maintenance related to licenses, and the incorrect listing of item quantities and values on import and export paperwork.
The resulting agreement with the U.S. Department of State required the company to come into compliance, and to accept a penalty of $13 million USD in fines and resources devoted to remedial measures.
Failure to collect citizen information: A second example involves a technology company that did not collect citizenship information about some employees. Collection of this information is required in some cases for licensing purposes. In a voluntary disclosure, the company admitted that due to this oversight, permission to access sensitive technical data may have been improperly provided to some employees.
The penalty in this case: $30 million USD in fines and remedial compliance measures.
ITAR compliance in facility security: As we’ve seen, human error and spotty recordkeeping can be costly. The types of errors that led to millions of dollars in penalties can also be made when documenting visitors to a facility containing sensitive equipment, products, and information.
Well-designed processes combined with automation and training can help to streamline and strengthen an ITAR compliance program and demonstrate the existence of processes to regulators. A visitor management system can support compliance best practices by:
Screening all parties and verifying citizenshipMaintaining complete, detailed, and uniform records on guestsProviding easily accessible visitor audit documentsEnsuring visitor identification badge issuance is included in check-in processesNotifying hosts of guest arrival or alerting relevant parties of visitor-related risks and issuesWith a VMS, visitor data can be exported and records can be kept and retrieved as needed. Just as importantly, the system automates steps to reduce human error or single points of failure when one person is responsible for collecting and inputting visitor data. This means that processes can be established to decrease the odds that small, avoidable oversights and omissions will result in hefty, publicly-listed fines and penalties.
VMS can make compliance processes faster and more seamless by simplifying steps for users, arranging required actions in one smooth workflow, and reducing the kinds of administrative, documentation, and communication errors that lead to massive penalties like the ones highlighted above. Awareness of these examples and exploration of how automated systems can enhance compliance programs can help organizations avoid similar, costly outcomes.
ITAR compliance gaps in two real-world use cases
See Traction Guest at IFSEC International 2022
Traction Guest will be exhibiting on Stand IF3620 at IFSEC International 2022, 17 - 19 May 2022, ExCeL, London, UK
Product
Enterprise Visitor Management: Go beyond the lobby.
A leading cloud-based visitor management system that enables enterprises to control who enters their sites, delivering better security, data analytics and guest experiences. Designed to manage multiple locations at scale, Traction Guest offers unrivalled customizability and integrations that address complianc...
Product
Faster ID Verification
Empower security or reception personnel with airport-grade ID scanners, allowing them to instantly verify government-issued ID. Or enable visitors to scan their own driver’s licenses or passports with an iPad – speeding up the sign-in process and improving the accuracy of visitor data.
Product
Integrated Parking Management Module
Transform the parking experience and provide your guests with designated parking details ahead of arrival or at check-in. With our integrated parking module, you can digitize your parking inventory and designate zones for different types of visitors and vehicles such as handicap or VIP. Monitor parking usage ...
List your business for free
Create a business listing on the UK's leading security and fire directory
Get the IFSEC Global newsletter
The latest security and fire news, trends and insights
