22 Jan 2020
When it comes to ITAR compliance, organizations need to run a tight ship.
Stringent rules paired with complex operations can make compliance a tall order, but failing to adhere means opening the door to extremely harsh penalties. Two recent cases illustrate this. Compliance problems for two large organizations resulted in $13 million USD and $30 million USD in civil fines and remedial compliance measures respectively. Administration, documentation, and communication mistakes contributed to these penalties, and unfortunately, these are categories of errors that we often see organizations encounter.
In this piece, we examine the errors that led to these penalties and discuss what organizations can do to reduce the possibility of repeating them.
ITAR for manufacturing and supply chain organizationsInternational Traffic Control Regulations (ITAR) control the export of goods, services, and data listed on the United States Munitions List. Manufacturers, exporters, and brokers of these items must adhere to wide-ranging and detailed regulations. It is expected that leaders and employees in organizations subject to ITAR are fully educated and trained regarding the requirements. Violations can lead to significant civil and criminal consequences. Our companion article on ITAR explains this in greater detail and illustrates how a visitor management system can support compliance.
“Violations caused by systemic administrative issues”The charging letter against one information technology services provider and defense contractor listed a number of ITAR violations, including some related to “systemic administrative issues.” These issues specifically involved the handling of DSP-73 licenses, which permit the temporary export of controlled goods.
Many of the infractions were related to information management. Issues included the presentation of incorrect license numbers, insufficient record maintenance related to licenses, and the incorrect listing of item quantities and values on import and export paperwork.
The resulting agreement with the U.S. Department of State required the company to come into compliance, and to accept a penalty of $13 million USD in fines and resources devoted to remedial measures.
Failure to collect citizen information: A second example involves a technology company that did not collect citizenship information about some employees. Collection of this information is required in some cases for licensing purposes. In a voluntary disclosure, the company admitted that due to this oversight, permission to access sensitive technical data may have been improperly provided to some employees.
The penalty in this case: $30 million USD in fines and remedial compliance measures.
ITAR compliance in facility security: As we’ve seen, human error and spotty recordkeeping can be costly. The types of errors that led to millions of dollars in penalties can also be made when documenting visitors to a facility containing sensitive equipment, products, and information.
A leading cloud-based visitor management system that enables enterprises to control who enters their sites, delivering better security, data analytics and guest experiences. Designed to manage multiple locations at scale, Traction Guest offers unrivalled customizability and integrations that address complianc...
Empower security or reception personnel with airport-grade ID scanners, allowing them to instantly verify government-issued ID. Or enable visitors to scan their own driver’s licenses or passports with an iPad – speeding up the sign-in process and improving the accuracy of visitor data.
Transform the parking experience and provide your guests with designated parking details ahead of arrival or at check-in. With our integrated parking module, you can digitize your parking inventory and designate zones for different types of visitors and vehicles such as handicap or VIP. Monitor parking usage ...
Create a business listing on the UK's leading security and fire directory
The latest security and fire news, trends and insights