;

17-0421 Friday “Daily Bugle”

17-0421 Friday “Daily Bugle”

Friday, 21 April 2017

TOPThe Daily Bugle is a free daily newsletter from Full Circle Compliance, containing changes to export/import regulations (ATF, Customs, NISPOM, EAR, FACR/OFAC, FTR/AES, HTSUS, and ITAR), plus news and events. Subscribe here for free subscription. Contact us for advertising inquiries and rates

  1. President Signs Executive Order “Buy American, Hire American” 
  1. Ex/Im Items Scheduled for Publication in Future Federal Register Editions 
  2. Commerce/BIS: (No new postings.) 
  3. DHS/CBP Releases Reminder on Final Rule Amending the FTR
  4. DHS/CBP Updates ACE PGA Flags for FDA Requirements
  5. DHS/CBP Backs Out of ACE Entry Summary Validation Deployment
  6. State/DDTC Posts Commodity Jurisdiction FAQs
  7. State/DDTC Posts Name Change for Airbus DS S.A.S. and Intespace S.A.
  8. Treasury/OFAC Posts Statement from Secretary Mnuchin on OFAC Sanctions
  9. UK/DIT ECO Seeks Comments on Proposals for Domestic Sanctions Legislation
  1. ST&R Trade Report: “New Requirements for Exports To, Through Hong Kong Further Clarified”
  2. WorldECR News Alert, 20 April
  1. A. Cohn: “Export Controls: The Next Frontier in Cybersecurity?”
  2. M. Scheimer, S. Hadeka & A. Bender: “Top Cybersecurity Developments in 2017 for ADG Companies”
  3. Gary Stanley’s ECR Tip of the Day
  4. R.C. Burns: “OFAC Releases Frequently Misleading Answers to FAQs on SDN Delisting”
  1. Friday List of Approaching Events
  1. Bartlett’s Unfamiliar Quotations 
  2. Are Your Copies of Regulations Up to Date? Latest Changes: ATF (15 Jan 2016), Customs (27 Jan 2017), DOD/NISPOM (18 May 2016), EAR (6 Apr 2017), FACR/OFAC (10 Feb 2017), FTR (15 May 2015), HTSUS (7 Mar 2017), ITAR (11 Jan 2017)
  3. Weekly Highlights of the Daily Bugle Top Stories 

EXIMEX/IM ITEMS FROM TODAY’S FEDERAL REGISTER

EXIM_a1

1. President Signs Executive Order “Buy American, Hire American”

(Source:
Federal Register)
 
82 FR 18837: Executive Order 13788 of April 18, 2017
 
Buy American and Hire American
 
By the authority vested in me as President by the Constitution and the laws of the United States of America, and to ensure the faithful execution of the laws, it is hereby ordered as follows:
 
Section 1.
Definitions. As used in this order:
  (a) ”Buy American Laws” means all statutes, regulations, rules, and Executive Orders relating to Federal procurement or Federal grants-including those that refer to ”Buy America” or ”Buy American”-that require, or provide a preference for, the purchase or acquisition of goods, products, or materials produced in the United States, including iron, steel, and manu- factured goods.
  (b) ”Produced in the United States” means, for iron and steel products, that all manufacturing processes, from the initial melting stage through the application of coatings, occurred in the United States.
  (c) ”Petition beneficiaries” means aliens petitioned for by employers to become nonimmigrant visa holders with temporary work authorization under the H-1B visa program.
(d) ”Waivers” means exemptions from or waivers of Buy American Laws, or the procedures and conditions used by an executive department or agency (agency) in granting exemptions from or waivers of Buy American Laws.
  (e) ”Workers in the United States” and ”United States workers” shall both be defined as provided at section 212(n)(4)(E) of the Immigration and Nationality Act (8 U.S.C. 1182(n)(4)(E)).
 
Sec. 2.
Policy. It shall be the policy of the executive branch to buy American and hire American.
  (a)
Buy American Laws. In order to promote economic and national security and to help stimulate economic growth, create good jobs at decent wages, strengthen our middle class, and support the American manufacturing and defense industrial bases, it shall be the policy of the executive branch to maximize, consistent with law, through terms and conditions of Federal financial assistance awards and Federal procurements, the use of goods, products, and materials produced in the United States.
  (b)
Hire American. In order to create higher wages and employment rates for workers in the United States, and to protect their economic interests, it shall be the policy of the executive branch to rigorously enforce and administer the laws governing entry into the United States of workers from abroad, including section 212(a)(5) of the Immigration and Nationality Act (8 U.S.C. 1182(a)(5)).
 
Sec. 3.
Immediate Enforcement and Assessment of Domestic Preferences According to Buy American Laws.
  (a) Every agency shall scrupulously mon- itor, enforce, and comply with Buy American Laws, to the extent they apply, and minimize the use of waivers, consistent with applicable law.
  (b) Within 150 days of the date of this order, the heads of all agencies shall:
    (i) assess the monitoring of, enforcement of, implementation of, and compli- ance with Buy American Laws within their agencies;
    (ii) assess the use of waivers within their agencies by type and impact on domestic jobs and manufacturing; and
    (iii) develop and propose policies for their agencies to ensure that, to the extent permitted by law, Federal financial assistance awards and Fed- eral procurements maximize the use of materials produced in the United States, including manufactured products; components of manufactured products; and materials such as steel, iron, aluminum, and cement.
  (c) Within 60 days of the date of this order, the Secretary of Commerce and the Director of the Office of Management and Budget, in consultation with the Secretary of State, the Secretary of Labor, the United States Trade Representative, and the Federal Acquisition Regulatory Council, shall issue guidance to agencies about how to make the assessments and to develop the policies required by subsection (b) of this section.
  (d) Within 150 days of the date of this order, the heads of all agencies shall submit findings made pursuant to the assessments required by sub- section (b) of this section to the Secretary of Commerce and the Director of the Office of Management and Budget.
  (e) Within 150 days of the date of this order, the Secretary of Commerce and the United States Trade Representative shall assess the impacts of all United States free trade agreements and the World Trade Organization Agreement on Government Procurement on the operation of Buy American Laws, including their impacts on the implementation of domestic procure- ment preferences.
  (f) The Secretary of Commerce, in consultation with the Secretary of State, the Director of the Office of Management and Budget, and the United States Trade Representative, shall submit to the President a report on Buy American that includes findings from subsections (b), (d), and (e) of this section. This report shall be submitted within 220 days of the date of this order and shall include specific recommendations to strengthen imple- mentation of Buy American Laws, including domestic procurement pref- erence policies and programs. Subsequent reports on implementation of Buy American Laws shall be submitted by each agency head annually to the Secretary of Commerce and the Director of the Office of Management and Budget, on November 15, 2018, 2019, and 2020, and in subsequent years as directed by the Secretary of Commerce and the Director of the Office of Management and Budget. The Secretary of Commerce shall submit to the President an annual report based on these submissions beginning January 15, 2019.
 
Sec. 4.
Judicious Use of Waivers.
  (a) To the extent permitted by law, public interest waivers from Buy American Laws should be construed to ensure the maximum utilization of goods, products, and materials produced in the United States.
  (b) To the extent permitted by law, determination of public interest waivers shall be made by the head of the agency with the authority over the Federal financial assistance award or Federal procurement under consideration.
  (c) To the extent permitted by law, before granting a public interest waiver, the relevant agency shall take appropriate account of whether a significant portion of the cost advantage of a foreign-sourced product is the result of the use of dumped steel, iron, or manufactured goods or the use of injuriously subsidized steel, iron, or manufactured goods, and it shall inte- grate any findings into its waiver determination as appropriate.
 
Sec. 5.
Ensuring the Integrity of the Immigration System in Order to ”Hire American.”
  (a) In order to advance the policy outlined in section 2(b) of this order, the Secretary of State, the Attorney General, the Secretary of Labor, and the Secretary of Homeland Security shall, as soon as practicable, and consistent with applicable law, propose new rules and issue new guid- ance, to supersede or revise previous rules and guidance if appropriate, to protect the interests of United States workers in the administration of our immigration system, including through the prevention of fraud or abuse.
  (b) In order to promote the proper functioning of the H-1B visa program, the Secretary of State, the Attorney General, the Secretary of Labor, and the Secretary of Homeland Security shall, as soon as practicable, suggest reforms to help ensure that H-1B visas are awarded to the most-skilled or highest-paid petition beneficiaries.
 
Sec. 6.
General Provisions.
  (a) Nothing in this order shall be construed to impair or otherwise affect:
    (i) the authority granted by law to an executive department or agency, or the head thereof;
    (ii) the functions of the Director of the Office of Management and Budget relating to budgetary, administrative, or legislative proposals; or
    (iii) existing rights or obligations under international agreements.
  (b) This order shall be implemented consistent with applicable law and subject to the availability of appropriations.
  (c) This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.
 
  (Presidential Sig.)
  THE WHITE HOUSE,
  April 18, 2017.

* * * * * * * * * * * * * * * * * * * *

OGSOTHER GOVERNMENT SOURCES

OGS_a12
. Ex/Im Items Scheduled for Publication in Future Federal Register Editions
 

(Source:
Federal Register)

[No items of interest noted today.]  

* * * * * * * * * * * * * * * * * * * *

* * * * * * * * * * * * * * * * * * * *

(Source:
CSMS# 17-000226, 20 April 2017.)
 
Export
 
Publication Announcement
: The Census Bureau’s International Trade Management Division (ITMD) is announcing the publication of a Final Rule revising several sections of the Foreign Trade Regulations (FTR), Title 15, Part 30. The amendments reflect new export reporting requirements related to the implementation of the International Trade Data System (ITDS), in accordance with the Executive Order 13659, Streamlining the Export/Import Process for American Businesses. The ITDS was established by section 405 of the Security and Accountability for Every (SAFE) Port Act of 2006 (Pub. L. 109-347, 120 Stat. 1884).
 
The changes also reflect the addition of the new original Internal Transaction Number (ITN) field in the Automated Export System (AES), new requirements for authorized agents in routed export transactions, and provides clarity on existing reporting requirements. The Census Bureau made additional revisions and incorporated provisions to the rule to address comments received on the Notice of Proposed Rulemaking. The requirement to report the export of used electronics via a new data element is not included in the Final Rule.
 
The capability to report information in the new original ITN optional data element field will be available in the AES on April 27, 2017. In a routed export transaction, the authorized agent is required to provide the U.S. Principal Party in Interest with two additional data elements, the ITN and the date of export. Therefore, these data elements will be added to the AES-203 Report in the Automated Commercial Environment on April 27, 2017 as well.
 
Please find the Final Rule in its entirety here. For further information or questions about the FTR, contact the Trade Regulations Branch (TRB), ITMD at 800-549-0595, Option 3.
 
  – Email: itmd.askregs@census.gov
  – Online: census.gov/trade
 
The entire FTR along with other information, including a list of frequently asked questions, can be found on this website.
* * * * * * * * * * * * * * * * * * * *

(Source:
CSMS# 17-000227, 20 April 2017.)
 
New ACE Programming
 
CBP and FDA are in the process of updating the ACE PGA flags for FDA requirements. Specifically, the tariff numbers that had flags for ACS OGA of FD0 are getting ACE PGA requirements updates to have either no FDA flag, FD1 (FDA May Be Required) or FD2 (FDA Required).
 
In the meantime, attached is a spreadsheet of the FDA HTS codes and their associated flags in ACE. Trade can use this as a reference in investigating any rejects they may be getting when filing entries. FD0 flags do not exist in ACE.
 
If you have questions about the HTS flags please contact FDAImportsInquiry@fda.hhs.gov or Ted.Poplawski@fda.hhs.gov.
 
Note that supplemental information to this message is available in the form of one or more file downloads.

Please follow the link in this email message to the CSMS web site to access this information.
 
[Editor’s note: a PGA Filing Status Update was posted on CBP.gov and send out on 20 April 2017. Click
here to read the original message (CSMS# 17-000225).]
* * * * * * * * * * * * * * * * * * * *

(Source:
CSMS# 17-000228, 20 April 2017.)
 
The ACE Entry Summary Validation deployment this morning, as mentioned in CSMS# 17-000223, has been backed out. Some trade users who tried to change an entry type on an entry summary while in trade control incorrectly received a B33 error (Entry Type Change Not Allowed Post Acceptance). A re-deployment will be scheduled in the near future once these issues are resolved.

ACE Entry Summary (AE message) Validations backed out — Reverting Back to prior to today’s deployment:

  – CES-6979: Errors when converting ’01’ with Recon/Other Recon to ’03’.

When editing a summary to convert entry type ’01’ with Recon to ’03’, Entry Summary Validations was rejecting the summary updates with error OTHER RECON NOT ALLOWED – ENTRY TYPE (condition code 160) when there was no FTA (Free Trade Agreement) or Other Recon. Converting the entry type is now allowed.

  – CES-7074: Allow change from Temporary In-bond (TIB) 23 to 01 in Entry Summary (ES) Change or Post-Summary Correction (PSC) scenario.

When an ACE ES in CBP Control-Rejected is being corrected or when applying a PSC, or correcting an existing PSC in CBP Control-Rejected, error ENT TYP CHNG NOT ALLOWED POST ACCEPTANCE or PSC ENTRY TYPE CHANGE NOT ALLOWED was received when changing from Entry Type 23 to Entry Type 01. This entry type change is now allowed.

  – Related CSMS No. 17-000223

* * * * * * * * * * * * * * * * * * * *

 
Frequently asked questions (“FAQs”) for general information regarding Commodity Jurisdictions (CJ) and the CJ Application Form (DS-4076) have been uploaded.
* * * * * * * * * * * * * * * * * * * *

(Source:
State/DDTC) [Excerpts.]
 
Effective June 1, 2017, Airbus DS S.A.S. and Intespace S.A. will change as follows: Airbus Defence and Space S.A.S. Due to the volume of authorizations requiring amendments to reflect this change, the Deputy Assistant Secretary for Defense Trade Controls is exercising the authority under 22 CFR 126.3 to waive the requirement for amendments to change currently approved license authorizations. The amendment waiver does not apply to approved or pending agreements. …
* * * * * * * * * * * * * * * * * * * *

OGS_a8
9. Treasury/OFAC Posts Statement from Secretary Mnuchin on OFAC Sanctions

(Source: Treasury/OFAC)
 
In consultation with President Donald J. Trump, the Treasury Department will not be issuing waivers to U.S. companies, including Exxon, authorizing drilling prohibited by current Russian sanctions.

* * * * * * * * * * * * * * * * * * * *

OGS_a9
10
.
UK/DIT ECO Seeks Comments on Proposals for Domestic Sanctions Legislation

(Source:
UK/DIT ECO
)
 
The government has today published a white paper and launched a public consultation on the proposals for domestic sanctions legislation.
 
The white paper sets out our thinking on the overarching legal powers the UK will need to meet our UN obligations to implement UN sanctions and to impose our own domestic sanctions following the UK’s withdrawal from the EU.
 
The public consultation will last 9 weeks and we welcome your input.
 
 
We look forward to hearing your views.

* * * * * * * * * * * * * * * * * * * *

NWSNEWS

 
The Bureau of Industry and Security has provided further information about a regulatory requirement that as of April 19 imposes new support documentation requirements on exports of specific controlled items to or through Hong Kong.
 
Under the newly effective regulation, exporters or reexporters must first obtain a copy of a valid Hong Kong import license (or a written statement from the Hong Kong government that an import license is not required, which may come in the form of a “no license required” notification) before exporting or reexporting to Hong Kong any item subject to the Export Administration Regulations and controlled on the Commerce Control List for national security, missile technology, nuclear nonproliferation, or chemical and biological weapons reasons. The exporter or reexporter must have the copy in its possession and the license must not have expired at the time of the shipment.
 
In addition, reexporters in Hong Kong must first obtain a Hong Kong export license (or a statement from the Hong Kong government that an export license is not required) before reexporting from Hong Kong any item subject to the EAR and controlled for NS, MT, NP column 1, or CB reasons. If a Hong Kong export license is issued, the shipment must be in accordance with the terms and during the validity period of that license.
 
BIS has recently updated a list of Frequently Asked Questions (FAQs) posted to its website (click here for highlights of the original list) to provide the following information about these requirements.
 
  – A statement posted by the Hong Kong Trade and Industry Department on its website constitutes written guidance from the government of the Hong Kong Special Administrative Region to importers that no import license is required for imports of intangible technology into Hong Kong.
  – If an item is merely transiting Hong Kong on its way to another destination and there is no consignee in Hong Kong, the item is considered to be an export or reexport to that destination. Hong Kong law may require the procurement of an import or export license for transit shipments but the U.S. requirement to get a copy of that license prior to shipment would not apply.
  – Publicly available information found on HKTID’s website stating that no import license is required to import an item into Hong Kong is considered a copy of a written statement under the new rule. Records of an NLR notification or “website information” (in either hardcopy or softcopy) confirming the control status of the item in Hong Kong must be retained under the recordkeeping provisions of the rule. The NLR notification or website information may be used for more than one export or reexport to Hong Kong or more than one reexport from Hong Kong provided that the records are current.
 
[Editor’s note: the official BIS alert concerning Hong Kong was published in the Daily Bugle of Wednesday, 19 April 2017, item #4.]
* * * * * * * * * * * * * * * * * * * *

 
  (1) MTCR is 30 Years Old
  (2) US Questions Sanctions Relief Under Nuclear Deal With Iran
  (3) BIS Harmonises Export Rule Concerning Cyber-Goods to Russia with OFAC
  (4) Canada Prepares to Join Arms Trade Treaty
  (5) EU Maintains Human Rights Sanctions Against Iran
 
[Editor’s Note: To subscribe to WorldECR, the journal of export controls and sanctions, please visit
http://worldecr.com/.]
* * * * * * * * * * * * * * * * * * * *

COMMCOMMENTARY

COMM_a113.

A. Cohn: “Export Controls: The Next Frontier in Cybersecurity?”

 
* Author: Alan Cohn, Esq., Steptoe & Johnson LLP, acohn@steptoe.com. Note: this commentary is written on behalf of the Coalition for Responsible Cybersecurity.
 
When it comes to cybersecurity, issues such as data protection or data localization tend to dominate the headlines, as well as regulators’ attention. But a number of other developments are unfolding which have significant repercussions for the sector, even if they have gone largely unnoticed. These relate to two different sets of export control regulations.
 
Last week, governments met in Vienna to once again discuss proposed multilateral export controls on intrusion software proposed under the Wassenaar Agreement. Meanwhile in Brussels, the EU is moving ahead with a proposal for export controls on cyber-surveillance tools, as part of proposed revisions to its trade regulations. Both of these regulatory efforts are a matter of considerable importance for network owners, cyber responders, policymakers, and academics alike – many of whom came together to discuss the topic in Brussels last week, at the invitation of the Coalition for Responsible Cybersecurity and BSA | The Software Alliance.
 
The EU’s proposed controls on cyber-surveillance tools are particularly broad, having been expanded to include not only intrusion software but also monitoring centers, lawful intercept and data retention systems, and digital forensics. In essence, it creates an entirely new area of regulation for “Other Items of Cyber-Surveillance Technology”.
 
Much like the Wassenaar member states’ efforts, the EU’s intentions are focused on protecting human rights. Governments around the world are struggling to balance a range of issues thrown up by technological progress, including the line between technology used to secure and technology used to surveil. Both the Coalition and BSA believe more can and should be done to shore up human rights in the digital era. But many of the technologies which would fall under the scope of these two controls are in fact the solution, not the problem – they can be used to safeguard human rights and protect national security.
 
As MEP Marietje Schaake has said, “the question is how to make sure that stopping such exports is achieved in a targeted way, without unnecessary burdens, and in a way that provides legal clarity and certainty for business as well as authorities. It is absolutely essential that legitimate security research is not hindered. More information exchange, greater transparency, and much clearer guidance on how criteria such as human rights and repression should be interpreted are key.”
 
One of the principal challenges relates to the breadth of the proposed controls. When the definitions of what should be considered as “intrusion software” or “cyber-surveillance tools” are too broad, this not only risks impeding the development of defensive cyber-technologies, it also leaves the door wide open to confusion and misinterpretation. In many instances, there is broad agreement as to the specific systems which are of most concern to governments, but so far definitions and associated control descriptions remain broad, vague, and subject to multiple interpretations. Both industry and academics have expressed concern about this issue, which is only compounded by a lack of transparency into the process by which the Wassenaar member states define their terms.
 
Regulatory challenges of this scale warrant deep engagement with private sector experts, who can help ensure any regulation is logically scoped, sufficiently specific, or even purely sanctions-based. This is the path to providing the clearest guidance; a way to protect individual rights whilst supporting European growth and innovation, and avoiding unintended consequences.
 
The Coalition for Responsible Cybersecurity, along with many others in the sector, encourages governments to continue to address both the intrusion software controls and the proposed controls on cyber-surveillance tools in a thoughtful and targeted manner, and we stand ready to engage in further dialogue on this critical issue.
 
[Editor’s Note: The commentary included the following video.]

* * * * * * * * * * * * * * * * * * * *

COMM_a214
. M. Scheimer, S. Hadeka & A. Bender: “Top Cybersecurity Developments in 2017 for ADG Companies”

 
* Authors: Michael Scheimer, Esq., michael.scheimer@hoganlovells.com; Stacy Hadeka, Esq., stacy.hadeka@hoganlovells.com; and Allison Bender, Esq., allison.bender@hoganlovells.com. All of Hogan Lovells, Washington D.C.
 
While all companies should be concerned with their cybersecurity posture, companies in the aerospace, defense, and government services (ADG) industry are potentially subject to greater risks due to the industry’s highly technical and sensitive nature. The constantly evolving threat means that safeguarding measures that may have been reasonable in the recent past are unlikely to meet government regulators’ expectations in the future. Neither the government nor the private sector can protect systems and networks without extensive and close cooperation. It is critically important that ADG companies stay abreast of the latest safeguarding standards, contractual and regulatory requirements (including incident reporting), threat information sharing, and best cybersecurity practices.  
 
Below we discuss five cybersecurity trends that are likely to affect ADG companies that conduct business with the U.S. Government in 2017.
New Cyber Threat Information Sharing Initiatives
 
The Cybersecurity Information Sharing Act Of 2015 (CISA) [FN/1] created a voluntary process that encourages the private sector to share cyber threat indicators (CTI) and defensive measures (DM) with any other private entity or a federal entity for a cybersecurity purpose. While there is no requirement for ADG companies to share or receive information under CISA, doing so could become increasingly beneficial in light of the increasing number of information safeguarding and incident reporting requirements imposed on the ADG sector.
 
CISA provides a safe harbor from civil liability for private entities that share CTI and DM information in accordance with its provisions. Specifically, CISA provides that “[n]o cause of action shall lie or be maintained in any court against any private entity, and such action shall be promptly dismissed” for the sharing or receipt of a CTI or DM conducted in accordance with CISA procedures. [FN/2] However, CISA’s safe harbor does not shield entities from potential liability for data breaches or other cybersecurity incidents – it only shields them from liability for their act of sharing or receiving such information.
 
On 14 October 2016, the Department of Defense (DOD) issued a final rule for the Defense Industrial Base (DIB) Cybersecurity (CS) Activities program. [FN/3] The DIB CS program has (1) a mandatory incident reporting component (discussed further below), and (2) a voluntary information sharing component that allows eligible DIB companies to “share cyber threat information and cybersecurity best practices” with other program members. Information sharing participants have access to the DOD Cyber Crime Center (DC3), including analyst-analyst exchanges, best practices, and mitigation and remediation strategies. The final rule states that “through cyber incident reporting and voluntary cyber threat information sharing, both DOD and the DIB have a better understanding of adversary actions and the impact on DOD information and warfighting capabilities.”
 
New Federal Cyber Incident Reporting Policies
 
On 27 July 2016, the White House released Presidential Policy Directive 41 (PPD-41) United States Cyber Incident Coordination, to clarify roles and responsibilities in response to a major cyber incident. PPD-41 effectively codifies agency and industry collaboration and best practices that have evolved in response to recent major cyber-attacks. The PPD’s incident response framework, which will apply “irrespective of whether the targeted entity lies in the public or private sector,” assigns lead response roles as follows:
 
  – The Department of Justice (DOJ) will lead the investigative component (acting through the FBI and the National Cyber Investigative Joint Task Force);
  – The Department of Homeland Security (DHS) will lead on asset protection (through the National Cybersecurity and Communications Integration Center (NCCIC)); and
  – The Office of the Director of National Intelligence (DNI) will lead intelligence support activities (through its Cyber Threat Intelligence Integration Center).
 
In the event of a significant cyber incident, the National Security Council (NSC) Cyber Response Group will drive national policy coordination. In responding to the incident, a Cyber Unified Coordination Group (Cyber UCG), composed at minimum of “federal lead agencies for threat response, asset response, and intelligence support,” will be established to serve as the primary method for coordinating between and among federal agencies as well as for integrating private sector partners into incident response efforts, as appropriate. PPD-41 also requires DOJ and DHS to maintain updated contact information for public use to assist entities affected by cyber incidents in reporting incidents to the proper authorities.
 
In 2014, the Federal Information Security Management Act of 2002 (FISMA 2002) [FN/4] was significantly amended by the Federal Information Security Modernization Act of 2014 (FISMA 2014). [FN/5] The Office of Management and Budget (OMB) has historically issued annual FISMA guidance updates to agencies. This year’s FY 2016-2017 Guidance On Federal Information Security And Privacy Management Requirements, OMB Memorandum M-17-05 (4 November, 2016), now defines a “major incident” as “any incident that is likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.” Agencies should determine incident impact level by using the existing incident management process in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61, Computer Security Incident Handling Guide. Notably, an unauthorized modification of, unauthorized deletion of, unauthorized exfiltration of, or unauthorized access to 100,000 or more individuals’ personally identifiable information (PII) is by definition automatically considered a “major incident.”
 
The new OMB guidance reiterates that, although agencies may consult with the DHS United States Computer Emergency Readiness Team (US-CERT) on whether an incident is a “major incident,” ultimately it is the responsibility of the affected agency to make the determination, and agencies must report to US-CERT within one hour of determining an incident to be “major.” After an agency notifies US-CERT, DHS must notify OMB within one hour. An affected agency must also notify Congress within seven days after the date on which the agency determined that it has a reasonable basis to conclude that a “major incident” has occurred. Contractors should expect to find themselves playing a major role in incident response when federal information or information systems are involved.
 
New and Updated Federal Cybersecurity Guidelines and Standards
 
Over the past year the government has continued to release federal-specific information security standards that often differ from industry standards and pose challenges to companies contracting with the government. The approach to protecting information and the responsibilities imposed on contractors is further bifurcated between:
 
  – Systems operated “on behalf of the Government” under FISMA; or
  – Contractor internal systems that simply process federal information incidental to developing a product or service for the government.
 
Systems operated on behalf of the government are generally required by FISMA to implement NIST 800-53 Security and Privacy Controls for Federal Information Systems security controls, and conform to the same information security processes as government systems, including undergoing a detailed security authorization process. As mandated by FISMA 2014, OMB released just this past year the first update since 2000 to OMB Circular A-130, Managing Information as a Strategic Resource (28 July 2016). The new A-130 gathers in one resource a wide range of policy updates for federal agencies regarding cybersecurity, information governance, privacy, records management, open data, and IT acquisitions. One of the key changes to the authorization process requires that agencies now perform ongoing reauthorization of systems (in lieu of the previous reauthorization process every three years).
 
For cloud service providers, the federal authorization process is conducted via the FedRAMP program. Until recently, the FedRAMP program only authorized cloud solutions at the FISMA “Low” or “Moderate” impact levels. This year, FedRAMP released its FedRAMP High Baseline Requirements – these security requirements will be used to protect some of the government’s most sensitive, unclassified data in cloud computing environments. DOD also updated its Cloud Computing Security Requirements Guide (SRG) that provides additional DOD specific requirements (layered on top of FedRAMP standards) for cloud solutions procured by the DOD.
 
The federal government has also updated policies for contractors’ internal systems that incidentally contain government information. A new Federal Acquisition Regulation (FAR) contract clause (discussed in detail below) requires that such systems meet 15 specific security requirements. Separately, as part of the national Controlled Unclassified Information (CUI) program, contractor information systems that contain CUI will be expected to apply at a minimum the safeguards in NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. SP 800-171. Revision 1 was released on 20 December 2016 and includes, among other changes, a new requirement for contractors to develop and implement a System Security Plan (SSP). Currently the only agency that specifically mandates compliance with 800-171 by contractors is the DOD. However, the publication of a FAR clause that applies 800-171 standards to all other federal contracts involving federal CUI is expected later in 2017.
 
New Contractual and Regulatory Requirements for Safeguarding Information
 
On 21 October 2016, the DOD issued its final rule on Network Penetration Reporting and Contracting for Cloud Services. [FN/6] This followed multiple interim rules over the previous year amending Defense Federal Acquisition Regulation Supplement (DFARS) clauses on safeguarding DOD information. The DFARS final rule applies to all DOD contractors and subcontractors, including small business and commercial item contractors, except contracts for the acquisition of COTS items. Covered contractors are required to safeguard Covered Defense Information (CDI) [FN/7] and “rapidly report” cyber incidents on contractor systems with CDI. Contractors are required to provide “adequate security” on all covered contractor information systems which means at a minimum, implementing all of the security requirements in NIST SP 800-171 by no later than 31 December 2017. Rapidly reporting is defined as reporting within 72 hours of the contractor’s discovery of the cyber incident using the reporting fields here.
 
In a related rulemaking, the parallel mandatory cybersecurity incident reporting element of the DIB CS program now requires all DIB organizations that (1) have “agreements” with the DOD and (2) have CDI on their covered defense information systems to report cyber incidents to the DOD. This applies to all forms of DOD agreements, which is defined broadly as “contracts, grants, cooperative agreements, other transaction agreements, technology investment agreements, and any other type of legal instrument or agreement.” The DIB final rule notes that, for DOD procurement contracts, the DIB requirements are implemented through the DFARS rule discussed above. The bottom line for ADG companies is that if you have any type of DOD agreement and handle CDI then you will likely be subject to a DOD cyber incident reporting obligation.
 
On 16 May 2016, more than three years after publication of a proposed rule, the government published the final rule for Basic Safeguarding of Covered Contractor Information Systems. [FN/8] The new contract clause FAR 52.204-21 identifies 15 security requirements, pulled verbatim from NIST SP 800-171, for safeguarding information systems owned or operated by a contractor that process, store, or transmit specified federal contract information (FCI). FCI is broadly defined as information “not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government” but excludes information provided by the Government to the public or simple transactional information. The FAR drafters have stressed that this rulemaking is less about the definition of a certain category of information and more about requiring contractors to have baseline cyber protections that the government believes every business should be implementing as a “best practice.” [FN/9]
 
Increased Federal Government Emphasis on Privacy Concerns
 
As part of the OMB Circular A-130 revision, the former Appendix I (concerning how agencies should comply with the Privacy Act of 1974) was removed from A-130 and moved into the new OMB Circular A-108, Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act, (23 December 2016). [FN/10] A-108 provides guidance to agencies on their responsibilities for “system[s] of records” under the Privacy Act, including a new requirement to establish and maintain an agency-wide privacy continuous monitoring (PCM) program. The Circular notes that the “requirement to establish and maintain a PCM program has replaced the prior OMB requirement for agencies to conduct annual Privacy Act reviews.”
 
On 20 December 2016, the FAR Council issued a final rule requiring certain federal contractor employees to take initial and annual privacy training. [FN/11] Under the new contract clause, FAR 52.224-3, Privacy Training, contractors are responsible for ensuring that training is completed by their contractor employees that:
 
  – Have access to a “system of records” under the Privacy Act of 1974;
  – Create, collect, use, process, store, maintain, disseminate, disclose, dispose, or otherwise handle PII on behalf of the agency; or
  – Design, develop, maintain, or operate a system of records.
 
One of the training topics that must be covered under FAR 52.224-3 is regarding procedures to be followed in the event of a suspected or confirmed breach of a system of records or unauthorized disclosure, access, handling, or use of PII. The FAR clause directs contractors to OMB guidance for Preparing for and Responding to a Breach of Personally Identifiable Information (which was only officially released on 3 January 2017, after the FAR rulemaking, as OMB Memorandum M-17-12). OMB M-17-12 provides the policy for agencies to prepare for and respond to a breach of PII. It also directs agencies to ensure that breach response requirements are included in contracts when a contractor collects or maintains federal information on behalf of the agency or uses or operates an information system on behalf of the agency. Among other things, this includes requiring contractors and subcontractors (at any tier) to:
 
  – Properly encrypt PII;
  – Report a suspected or confirmed breach in accordance with agency procedures; and
  – Allow for inspection, investigation, forensic analysis, and any other actions necessary to comply with OMB M-17-12 and assisting the agency with responding to a breach.
 
Conclusion
 
Over the past year the federal government continued to prioritize cybersecurity, and it does not appear this is going to change any time soon. Despite a proclaimed intent to reduce regulations in other areas, the new presidential administration has given no indication that it intends to modify, rescind, or otherwise roll back any cybersecurity rules (in fact, as of this writing, the industry is still awaiting the final version of this administration’s proposed cybersecurity Executive Order). ADG companies that do business with the U.S. Government are faced with a variety of cybersecurity rules and contractual requirements that are unique to the federal government. We expect cybersecurity for the ADG sector to remain a highly active field for the remainder of 2017.
 
——–
  [FN/1] Pub. L. 114-113.
  [FN/2] CISA Section 106(a), codified at 6 U.S.C § 1505.
  [FN/3] 81 Fed. Reg. 68,312.
  [FN/4] Pub. L. No. 107-347.
  [FN/5] Pub. L. No. 113 – 283
  [FN/6] 81 Fed. Reg. 72,986.
  [FN/7] “CDI” means DOD unclassified controlled technical information (UCTI) or other information identified on the CUI Registry that is either (1) “marked or otherwise identified in an agreement and provided to the contractor by or on behalf of the DOD in support of the performance of the agreement” or (2) “collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the agreement.” A “covered defense information system” means an unclassified information system owned or operated by or for a contractor that process, stores, or transmits CDI.
  [FN/8] 81 Fed. Reg. 30,439.
  [FN/9] The preamble to the final rule states it “…focuses on ensuring a basic level of safeguarding for any contractor system with Federal information, reflective of actions a prudent business person would employ…”.
  [FN/10] 81 Fed. Reg. 94,424.
  [FN/11] 81 Fed. Reg. 93,476.

* * * * * * * * * * * * * * * * * * * *

COMM_a315
. Gary Stanley’s ECR Tip of the Day

 
* Author: Gary Stanley, Esq., Global Legal Services, PC, (202) 352-3059,
gstanley@glstrade.com
 
All parties that participate in transactions subject to the EAR must comply with the EAR. Parties are free to structure transactions as they wish, and to delegate functions and tasks as they deem necessary, as long as the transaction complies with the EAR. However, acting through a forwarding or other agent, or delegating or redelegating authority, does not in and of itself relieve anyone of responsibility for compliance with the EAR.

* * * * * * * * * * * * * * * * * * * *

(Source:
Export Law Blog
. Reprinted by permission.)
 
* Author: R. Clifton Burns, Esq., Bryan Cave LLP, Wash DC,
Clif.Burns@bryancave.com
, 202-508-6067)
 
The Office of Foreign Assets Control today issued FAQs on the process whereby OFAC removes people from its List of Specially Designated Nationals and Blocked Persons. Sadly, the answers to those FAQs don’t really tell the whole story.  You might refer instead to Frequently Mis-Answered Questions.
 
For example, OFAC says that it delists “hundreds” of entities each year. Although that has been the case lately, that has not always been the case, as OFAC’s archive of changes demonstrates. In 2001 and 2002, no entities were delisted and many less than 100 were delisted in 2005. Just over 100 were delisted in 2009
 
And although OFAC says the purpose of designation is not punitive but is to change behavior, this is hard to credit fully given the barriers OFAC erects to make delisting difficult. The principal ground for delisting is, as OFAC says in the FAQs, that the SDN has stopped the behavior that led to designation. The problem is OFAC will not ever reveal the specific basis for any designation. OFAC also makes it difficult to obtain paid legal representation because a license from OFAC is usually required to authorize payments to the lawyer, a lengthy and uncertain process that will lead most lawyers to decline representation. The only reliable way to get off the list is, as OFAC says, to die, but that, as they say, is cold comfort.
 
The 900 pound gorilla in the SDN listing room, of course, is still not addressed by these FAQs. If you are a terrorist or drug dealer that is designated by OFAC there is at least a process for removal. If you, however, aren’t a terrorist or drug dealer, but have a name similar to one, you are out of luck. Even though banks will routinely refuse to deal with people with similar names, there is no avenue for these innocent victims of the designation process to obtain relief from the agency.
* * * * * * * * * * * * * * * * * * * *

TEEX/IM TRAINING EVENTS & CONFERENCES

TE_a217
. Friday List of Approaching Events

(Sources: Event sponsors.) 
 
Published every Friday or last publication day of the week. Send events to
apbosch@fullcirclecompliance.eu
, composed in the below format:

* DATE: PLACE; “TITLE;” SPONSOR; WEBLINK; CONTACT (email and phone number)

#” New listing this week:   
 
Continuously Available Training:
* Executive Masters: “
International Trade Compliance
;” University of Liverpool;
exed@liverpool.ac.uk
;
+44 (0) 20 768 24614
* E-Seminars: “
US Export Controls” / “Defense Trade Controls
;” Export Compliance Training Institute;
danielle@learnexportcompliance.com 
* On-Line: “
Simplified Network Application Process Redesign (SNAP-R)
;” Commerce/BIS; 202-482-2227
* E-Seminars: “
Webinars On-Demand Library
;” Sandler, Travis & Rosenberg, P.A.
 
Training by Date:

* Apr 25: Webinar; ”
Antidumping 101: Minimizing Risk, Maximizing Compliance;” Sandler, Travis & Rosenberg, P.A.;
webinarorganizers@strtrade.com 

* Apr 25: Webinar; “
FCPA Violations – Only a Risk For Big Companies?
;” Robins Kaplan LLP

* Apr 26: London UK; “
Intermediate Seminar
;” UK/BIS Export Control Organisation;
denise.carter@bis.gsi.gov.uk 

* Apr 27: London UK; “
Beginners Workshop
;” UK/BIS Export Control Organisation;
denise.carter@bis.gsi.gov.uk 

* Apr 27: London UK; “
Making Better License Applications
;” UK/BIS Export Control Organisation;
denise.carter@bis.gsi.gov.uk 
* Apr 28: Wash DC; “
Enforce and Protect Act Workshop
;” Dept. of Homeland Security/Customs and Border Protection

* May 1-4: Las Vegas; “EAR Export Controls / ITAR Defense Trade Controls Seminar;” ECTI; jessica@learnexportcompliance.com; 540-433-3977

* May 1-2: Tucson AZ; “2017 Spring Conference;” Society for International Affairs

# May 3: Webinar; “
Free Duty Drawback
;” CITTA Brokerage Co

* May 4-5: Aarhus, Denmark; “
Dual-Use Conference 2017 – Drones & Space
;” European Network of Defence-Related Regions

* May 4: Webinar; “
GTM Webinar Series Part Five: Free Trade Agreements
;” Amber Road

* May 7-9: Toronto; “ICPA Toronto Conference;”
International Compliance Professionals Association;
wizard@icpainc.org 

* May 8-10: San Diego CA; “
Basics of Government Contracting
;” Federal Publications Seminars

# May 9; Fargo ND; “
Export Compliance Training
;” Allocca Enterprises, Inc.; 
admin@alloccaenterprises.com 

* May 9: Webinar; ”
Exports – New Incentives, Old Rules;” Sandler, Travis & Rosenberg, P.A.;
webinarorganizers@strtrade.com 

* May 10: London UK; “
Control List Classification – Military
;” UK/BIS Export Control Organisation;
denise.carter@bis.gsi.gov.uk 

* May 10: Baltimore MD; “
AES Compliance Seminar
;” Dept. of Commerce/Census Bureau;
itmd.outreach@census.gov 

* May 11: London UK; “
Making Better License Applications
;” UK/BIS Export Control Organisation;
denise.carter@bis.gsi.gov.uk 

* May 11: Milwaukee WI; “
Wisconsin International Trade Conference
;” MMAC’s World Trade Association

* May 15-18: London UK; “United States Export Control (EAR/OFAC/ITAR) Seminar in London (for EU and other non-US Companies);” ECTI; jessica@learnexportcompliance.com; 540-433-3977

* May 17-19: Minneapolis MN; “
Basics of Government Contracting
;” Federal Publications Seminars

* May 17: Southampton UK; “
Intermediate Seminar
;” UK/BIS Export Control Organisation;
denise.carter@bis.gsi.gov.uk 

* May 17: The Hague, Netherlands; ”
Exportcontrole en Strategische Goederen” (Event in Dutch); Dutch Ministry of Foreign Affairs

* May 17: Webinar; “
Best Practices for Automating RPS
;” Amber Road

* May 17: Webinar; ”
Preparing for a Customs Investigation;” Sandler, Travis & Rosenberg, P.A.;
webinarorganizers@strtrade.com 

* May 18: Southampton UK; “
Beginners Workshop
;” UK/BIS Export Control Organisation;
denise.carter@bis.gsi.gov.uk 

* May 23: Chicago IL; ”
2017 Global Trade & Commercial Compliance Update;” Baker McKenzie; Eunkyung Kim Shin, +1 312 861 8211,
eunkyung.kim.shin@bakermckenzie.com 

* May 23: Tampa FL; “AES Compliance Seminar;” Dept. of Commerce/Census Bureau; itmd.outreach@census.gov 

* May 24-25: Annapolis MD; “
Advanced ITAR/EAR Compliance: Using Export Controls to Your Advantage
;” 
spalmer@exportcompliancesolutions.com
; 866-238-4018 / 410-757-1919

* May 24-25: Scottsdale AZ; ”
2017 West Coast Trade Symposium;” Dept. of Homeland Security/Customs and Border Protection

* Jun 5-7: Boston MA; “
Basics of Government Contracting
;” Federal Publications Seminars

* Jun 5-8: Wash DC; “
United States Export Control (EAR/OFAC/ITAR) Seminar
;” ECTI;
jessica@learnexportcompliance.com
; 540-433-3977

* Jun 7: London UK; “
Control List Classification – Combined Dual Use and Military
;” UK/BIS Export Control Organisation;
denise.carter@bis.gsi.gov.uk 
* Jul 10-12; Baltimore MD; “
2017 Summer Back to Basics Conference
;” Society for International Affairs

* Jun 11-13: Dublin IRL; “ICPA Dublin Conference;”
International Compliance Professionals Association;
wizard@icpainc.org 


* Jun 12-15: San Francisco; “
United States Export Control (EAR/OFAC/ITAR) Seminar
;” ECTI;
jessica@learnexportcompliance.com
; 540-433-3977

* Jun 12: Shanghai China; “
5th Advanced China Forum on Import Compliance
;” American Conference Institute

* Jun 13: Philadelphia PA; “AES Compliance Seminar;” Dept. of Commerce/Census Bureau; itmd.outreach@census.gov 

* Jun 14: Frankfurt am Main, Germany; “
BAFA / BIS Export Control and Compliance Update 2
;” Bundesamt für Wirtschaft und Ausfuhrkontrolle  

* Jun 14: Kegsworth, Derby UK; “
Intermediate Seminar
;” UK/BIS Export Control Organisation;
denise.carter@bis.gsi.gov.uk 

* Jun 15: Kegsworth, Derby UK; “
Beginners Workshop
;” UK/BIS Export Control Organisation;
denise.carter@bis.gsi.gov.uk 
* Jun 15: Kegsworth, Derby UK; “
Making Better License Applications
;” UK/BIS Export Control Organisation;
denise.carter@bis.gsi.gov.uk 
* Jun 15: Kegsworth, Derby UK; “
Control List Classification – Combined Dual Use and Military
;” UK/BIS Export Control Organisation;
denise.carter@bis.gsi.gov.uk 
* Jun 21: Brussels, Belgium; “
Export Controls and Economic Sanctions: US & EU Update 2017
;” International Chamber of Commerce Belgium

* July 11-12: Seattle WA; “ITAR/EAR Boot Camp;” spalmer@exportcompliancesolutions.com; 866-238-4018 / 410-757-1919

* Jul 17-19: Hilton Head Island SC; “
Basics of Government Contracting
;” Federal Publications Seminars

* Jul 26-27
: Seattle WA; “
2017 Export Controls Conference
;” Dept. of Commerce/U.S. Commercial Service, Dept. of Homeland Security/Homeland Security Investigations, Seattle University, Dorsey & Whitney LLP

* Aug 14-16: McLean VA; “
Basics of Government Contracting
;” Federal Publications Seminars

* Sep 4-9: Galveston TX;
ICPA Conference at Sea;”

International Compliance Professionals Association;
wizard@icpainc.org

* Sep 6: Nashville TN; “AES Compliance Seminar;” Dept. of Commerce/Census Bureau; itmd.outreach@census.gov 

* Sep 12-13: Annapolis MD; “ITAR/EAR Boot Camp;” spalmer@exportcompliancesolutions.com; 866-238-4018 / 410-757-1919

* Sep 12-13: Wash DC; “Interactive Export Controls Workshop;” ECTI; jessica@learnexportcompliance.com; 540-433-3977

* Sep 18-20: Las Vegas NV; “
Basics of Government Contracting
;” Federal Publications Seminars

* Sep 20-22: Houston TX; ”
Advanced Topics in Customs Compliance Conference;” Deleon Trade LLC

* Sep 27-28: Rome, Italy; “
Defence Exports 2017
;” SMi

* Oct 2-5: Columbus OH; “University Export Controls Seminar;” ECTI; jessica@learnexportcompliance.com; 540-433-3977

* Oct 12: Boston MA; “AES Compliance Seminar;” Dept. of Commerce/Census Bureau; itmd.outreach@census.gov 

* Oct 22-24: Grapevine TX; “
Annual ICPA Fall Conference
;” International Compliance Professional Association;
Wizard@icpainc.org 

* Oct 23-24: Arlington VA; “
2017 Fall Advanced Conference
;” Society for International Affairs

* Oct 30-Nov 2: Phoenix AZ; “
ITAR Defense Trade Controls / EAR Export Controls Seminar
;” ECTI;
jessica@learnexportcompliance.com
; 540-433-3977

* Nov 6-8: Chicago IL; “
Basics of Government Contracting
;” Federal Publications Seminars

* Nov 7: Norfolk, VA; “AES Compliance Seminar;” Dept. of Commerce/Census Bureau; itmd.outreach@census.gov 

* Dec 5: San Juan PR; “AES Compliance Seminar in Spanish;” Dept. of Commerce/Census Bureau; itmd.outreach@census.gov 

* Dec 6: Wood Ridge NJ; “
AES Compliance Seminar
;” Dept. of Commerce/Census Bureau;
itmd.outreach@census.gov 

* Dec 7: Laredo, TX; “AES Compliance Seminar in Spanish;” Dept. of Commerce/Census Bureau; itmd.outreach@census.gov 

* Dec 11-13: Sterling VA; “
Basics of Government Contracting
;” Federal Publications Seminars

* * * * * * * * * * * * * * * * * * * *

ENEDITOR’S NOTES

EN_a118
. Bartlett’s Unfamiliar Quotations

(Source: Editor) 

* Charlotte Brontë (21 Apr 1816 – 31 Mar 1855, was an English novelist and poet, the eldest of the three Brontë sisters who survived into adulthood and whose novels have become classics of English literature. She first published her works, including her best known novel, Jane Eyre, under the pen name Currer Bell.)
  – “Prejudices, it is well known, are most difficult to eradicate from the heart whose soil has never been loosened or fertilized by education; they grow firm there, firm as weeds among stones.”
 
* Catherine the Great (Catherine II of Russia; 21 Apr 1729 – 17 Nov 1796, was a Russian monarch. She was the longest-ruling female leader of Russia, reigning from 1762 until her death in 1796 at the age of 67, and arguably the most renowned.)
  – “I praise loudly. I blame softly.”
 
Friday funnies:
One day, a housework-challenged husband decided to wash his sweatshirt.  Seconds after he stepped into the laundry room, he shouted to his wife, “What setting do I use on the washing machine?” “It depends,” she replied. “What does it say on your shirt?” After a moment, he yelled back, “University of Illinois.”
  – Joe Penkrot, Chicago, Illinois
 
Editor’s Note: Susan Radnor, from Louisville, OH, a blonde, offers the following in rebuttal to our occasional Friday blonde jokes:
Q. Why are blonde jokes only one line?
A. So brunettes can understand them.
                                       

* * * * * * * * * * * * * * * * * * * *

EN_a219. Are Your Copies of Regulations Up to Date?
(Source: Editor)

The official versions of the following regulations are published annually in the U.S. Code of Federal Regulations (C.F.R.), but are updated as amended in the Federal Register.  Changes to applicable regulations are listed below.
 
*
ATF ARMS IMPORT REGULATIONS
: 27 CFR Part 447-Importation of Arms, Ammunition, and Implements of War
  – Last Amendment:
15 Jan 2016: 81 FR 2657-2723: Machineguns, Destructive Devices and Certain Other Firearms; Background Checks for Responsible Persons of a Trust or Legal Entity With Respect To Making or Transferring a Firearm
 
*
CUSTOMS REGULATIONS
: 19 CFR, Ch. 1, Pts. 0-199
  – Last Amendment: 27 Jan 2017: 82 FR 8589-8590: Delay of Effective Date for Importations of Certain Vehicles and Engines Subject to Federal Antipollution Emission Standards [New effective date: 21 March 2017.]; and 82 FR 8590: Delay of Effective Date for Toxic Substance Control Act Chemical Substance Import Certification Process Revisions
[New effective date: 21 March 2017.]

* DOD NATIONAL INDUSTRIAL SECURITY PROGRAM OPERATING MANUAL (NISPOM): DoD 5220.22-M
  – Last Amendment: 18 May 2016: Change 2: Implement an insider threat program; reporting requirements for Cleared Defense Contractors; alignment with Federal standards for classified information systems; incorporated and canceled Supp. 1 to the NISPOM  (Summary here.)

* EXPORT ADMINISTRATION REGULATIONS (EAR): 15 CFR Subtit. B, Ch. VII, Pts. 730-774 
  – Last Amendment: 18 Apr 2017: 82 FR 18217-18220: Revision to an Entry on the Entity List)

  
*
FOREIGN ASSETS CONTROL REGULATIONS (OFAC FACR)
: 31 CFR, Parts 500-599, Embargoes, Sanctions, Executive Orders
  – Last Amendment: 10 Feb 2017: 
82 FR 10434-10440: Inflation Adjustment of Civil Monetary Penalties 
 
*
FOREIGN TRADE REGULATIONS (FTR)
: 15 CFR Part 30
– Last Amendment: 
19 Apr 2017: 
82 FR 18383-18393: Foreign Trade Regulations: Clarification on Filing Requirements 
  – HTS codes that are not valid for AES are available 
here.
  – The latest edition (19 Apr 2017) of Bartlett’s Annotated FTR (“BAFTR”), by James E. Bartlett III, is available for downloading in Word format. The BAFTR contains all FTR amendments, FTR Letters and Notices, a large Index, and footnotes containing case annotations, practice tips, and Census/AES guidance.  Subscribers receive revised copies every time the FTR is amended. The BAFTR is available by annual subscription from the Full Circle Compliance 
website.  BITAR subscribers are entitled to a 25% discount on subscriptions to the BAFTR.

 
*
HARMONIZED TARIFF SCHEDULE OF THE UNITED STATES (HTS, HTSA or HTSUSA)
, 1 Jan 2017: 19 USC 1202 Annex. (“HTS” and “HTSA” are often seen as abbreviations for the Harmonized Tariff Schedule of the United States Annotated, shortened versions of “HTSUSA”.)
  – Last Amendment: 7 Mar 2017: Harmonized System Update 1702, containing 1,754 ABI records and 360 harmonized tariff records.
  – HTS codes for AES are available

here
.
  – HTS codes that are not valid for AES are available
here.
 
*
INTERNATIONAL TRAFFIC IN ARMS REGULATIONS (ITAR)
: 22 C.F.R. Ch. I, Subch. M, Pts. 120-130
  – Latest Amendment: 11 Jan 2017: 82 FR 3168-3170: 2017 Civil Monetary Penalties Inflationary Adjustment
  – The only available fully updated copy (latest edition 8 Mar 2017) of the ITAR with all amendments is contained in Bartlett’s Annotated ITAR (“BITAR”), by James E. Bartlett III.  The BITAR contains all ITAR amendments to date, plus a large Index, over 750 footnotes containing case annotations, practice tips, DDTC guidance, and explanations of errors in the official ITAR text.  Subscribers receive updated copies of the BITAR in Word by email, usually revised within 24 hours after every ITAR amendment.  The BITAR is available by annual subscription from the Full Circle Compliance website.  BAFTR subscribers receive a 25% discount on subscriptions to the BITAR, please contact us to receive your discount code.  

* * * * * * * * * * * * * * * * * * * *

EN_a320
. Weekly Highlights of the Daily Bugle Top Stories

(Source: Editor)
 

Review last week’s top Ex/Im stories in “Weekly Highlights of Daily Bugle Top Stories” posted here.

* * * * * * * * * * * * * * * * * * * *

EPEDITORIAL POLICY

* The Ex/Im Daily Update is a publication of FCC Advisory B.V., edited by James E. Bartlett III and Alexander Bosch, and emailed every business day to approximately 8,000 readers of changes to defense and high-tech trade laws and regulations. We check the following sources daily: Federal Register, Congressional Record, Commerce/AES, Commerce/BIS, DHS/CBP, DOJ/ATF, DoD/DSS, DoD/DTSA, State/DDTC, Treasury/OFAC, White House, and similar websites of Australia, Canada, U.K., and other countries and international organizations.  Due to space limitations, we do not post Arms Sales notifications, Denied Party listings, or Customs AD/CVD items.

* RIGHTS & RESTRICTIONS: This email contains no proprietary, classified, or export-controlled information. All items are obtained from public sources or are published with permission of private contributors, and may be freely circulated without further permission. Any further use of contributors’ material, however, must comply with applicable copyright laws.

* CAVEAT: The contents cannot be relied upon as legal or expert advice.  Consult your own legal counsel or compliance specialists before taking actions based upon news items or opinions from this or other unofficial sources.  If any U.S. federal tax issue is discussed in this communication, it was not intended or written by the author or sender for tax or legal advice, and cannot be used for the purpose of avoiding penalties under the Internal Revenue Code or promoting, marketing, or recommending to another party any transaction or tax-related matter.

* SUBSCRIPTIONS: Subscriptions are free.  Subscribe by completing the request form on the Full Circle Compliance website.

* TO UNSUBSCRIBE: Use the Safe Unsubscribe link below.

Scroll to Top