17-1005 Thursday “Daily Bugle”

17-1005 Thursday “Daily Bugle”

Thursday, 5 October 2017

The Daily Bugle is a free daily newsletter from Full Circle Compliance, containing changes to export/import regulations (ATF, Customs, NISPOM, EAR, FACR/OFAC, FTR/AES, HTSUS, and ITAR), plus news and events.  Subscribe 
here for free subscription.  Contact us
for advertising inquiries and rates.

[No items of interest noted today.] 

  1. Ex/Im Items Scheduled for Publication in Future Federal Register Editions
  2. Commerce/BIS: (No new postings.)
  3. State/DDTC: (No new postings.)
  4. Treasury/OFAC: “BD White Birch Investment LLC Settles Apparent Violations of the Sudanese Sanctions Regulations”
  5. EU Amends Dual-Use Control List
  1. Reuters: “U.S. Poised to Lift Sanctions on Sudan” 
  2. Washington Post: “Trump Plans to Declare That Iran Nuclear Deal Is Not in the National Interest” 
  1. J. Rapuano: “To Be Cyber Secure – May Not Mean You Are Export Secure”
  2. M. Volkov: “The FCPA Compliance Defense – Don’t Wish for It, You Just Might Get It”
  3. M. Feider, T. Levine & J. Graas: “Luxembourg Space Resources Act: Paving the Legal Road to Space”
  4. W. Shahid, R. Cook, R. Giambalvo: “Separating Signal from Noise: A Framework for Monitoring Compliance Program Performance” (Part 3 of 3)
  5. Gary Stanley’s ECR Tip of the Day
  1. Bartlett’s Unfamiliar Quotations 
  2. Are Your Copies of Regulations Up to Date? Latest Changes: ATF (15 Jan 2016), Customs (28 Sep 2017), DOD/NISPOM (18 May 2016), EAR (3 Oct 2017), FACR/OFAC (16 Jun 2017), FTR (20 Sep 2017), HTSUS (25 Jul 2017), ITAR (30 Aug 2017) 
  3. Weekly Highlights of the Daily Bugle Top Stories 


* * * * * * * * * * * * * * * * * * * *


OGS_a11. Ex/Im Items Scheduled for Publication in Future Federal Register Editions
(Source: Federal Register

* Census; PROPOSED RULES; Foreign Trade: Standard and Routed Export Transactions [Publication Date: 6 October 2017.]  

* * * * * * * * * * * * * * * * * * * *

* * * * * * * * * * * * * * * * * * * * 

* * * * * * * * * * * * * * * * * * * *


BD White Birch Investment LLC (“White Birch USA”), a company headquartered in Greenwich, Connecticut, has agreed to pay $372,465 to settle its potential civil liability for three apparent violations of the Sudanese Sanctions Regulations, 31 C.F.R. part 538 (SSR). Specifically, White Birch USA appears to have violated §§ 538.205 and 538.206 of the SSR when it facilitated the sale and shipment of 543.952 metric tons of Canadian-origin paper from Canada to Sudan with a value of $354,602.26. The export transactions occurred in April and December 2013. Various personnel within White Birch USA and its Canadian subsidiary, White Birch Paper Canada Company NSULC (“White Birch Canada”), were actively involved in discussing, arranging, and executing the export transactions to Sudan.
OFAC determined that White Birch USA did not voluntarily disclose the apparent violations to OFAC, and that the apparent violations constitute a non-egregious case. The statutory maximum civil monetary penalty amount for the apparent violations was $853,746, and the base civil monetary penalty amount for the apparent violations was $445,000.
This settlement agreement reflects OFAC’s consideration of the following facts and circumstances pursuant to the General Factors under OFAC’s Economic Sanctions Enforcement Guidelines, 31 C.F.R. part 501, app. A. OFAC considered the following to be aggravating factors:
  (1) White Birch USA exhibited reckless disregard for U.S. sanctions requirements by failing to exercise a minimal degree of caution or care with regard to the apparent violations;
  (2) White Birch Canada personnel appear to have attempted to conceal the ultimate destination of the goods from its bank (a U.S. financial institution serving as the confirming bank on a letter of credit) with respect to two of the apparent violations;
  (3) multiple White Birch USA personnel, including individuals in supervisory or managerial positions, had actual knowledge of and were actively involved in, or had reason to know of, the conduct that led to the apparent violations;
  (4) White Birch USA is a large and commercially sophisticated company;
  (5) White Birch USA’s compliance program was either non-existent or inadequate at the time of the apparent violations; and
  (6) White Birch USA did not initially cooperate with OFAC’s investigation into the apparent violations, particularly when it submitted materially inaccurate, incomplete, and/or misleading information to OFAC.  
OFAC found the following to be mitigating factors in this case:
  (1) White Birch USA has no prior OFAC sanctions history, and has not received a penalty notice or Finding of Violation in the five years preceding the earliest date of the transactions giving rise to the apparent violations; and
  (2) White Birch USA has reported to OFAC that it has taken remedial steps in response to the apparent violations, including by updating the company’s employee manual to include additional information concerning economic sanctions, implementing new compliance policies, and administering company-wide OFAC compliance training.  
This enforcement action reinforces certain compliance obligations for U.S. persons, including U.S. parent corporations that maintain subsidiaries located outside of the United States, as well as their U.S. person employees. Unless authorized by OFAC or otherwise exempt by statute, foreign subsidiaries of U.S. parent corporations must act independently from their parent corporations and any other U.S. person with respect to all transactions and activities that would be prohibited if the transactions were engaged in by a U.S. person or in the United States. In addition, any persons who submit information to OFAC regarding potential violations should take steps to ensure that such information is both accurate and complete.  
For more information regarding OFAC regulations, please go to: http://www.treasury.gov/ofac.

* * * * * * * * * * * * * * * * * * * * 

OGS_a065. EU Amends Dual-Use Control List

(Source: European Commission) [Excerpts.]
The current EU dual-use control list was last updated by Commission Delegated Regulation (EU) No 2016/1969 of 12 September 2016, taking account of the control list changes adopted by the international non-proliferation regimes and export control arrangements until the end of 2015. The changes to the control lists adopted by the international non-proliferation regimes and export control arrangements in 2016 now require another amendment of Annex I to Council Regulation (EC) No 428/2009. The delegated act therefore presents a variety of amendments to the Union dual-use control list concerning the control parameters, the technical definitions and descriptions and the removal or addition of dual-use items. The amendments to the Union dual-use control list in Annex I also necessitate consequential amendments to Annexes IIa to IIg and Annex IV. …
The entire text can be found here.

* * * * * * * * * * * * * * * * * * * * 


NWS_a16. Reuters: “U.S. Poised to Lift Sanctions on Sudan”

(Source: Reuters)
The United States is preparing to lift longstanding economic sanctions against Sudan, citing improvement on human rights and progress on counter-terrorism, a U.S. official said on Thursday.
President Donald Trump’s administration is expected to announce its decision as early as Friday, the official said, speaking on condition of anonymity.
Shortly before leaving office, former U.S. President Barack Obama temporarily eased penalties that had been in place for two decades against the African nation. In July, the Trump administration postponed for three months a decision on whether to remove the sanctions completely, setting up an Oct. 12 deadline.
Lifting the sanctions would suspend a trade embargo, unfreeze assets and remove financial restrictions that have hobbled the Sudanese economy.
It will also mark a major turnaround for the government of President Omar Hassan al-Bashir, who once played host to Osama bin Laden and is wanted by the International Criminal Court on charges of orchestrating genocide in Darfur.
Sudan will remain, for now, on the U.S. list of state sponsors of terrorism, alongside Iran and Syria.
But the sanctions decision reflects a U.S. assessment that Sudan has made progress in meeting Washington’s demands, including cooperation on counter-terrorism, working to resolve internal conflicts and allowing more humanitarian aid into Darfur and other rebellious border areas.
The White House declined comment. The State Department did not immediately respond to a request for comment.
Sudan’s State Minister for Foreign Affairs Hamed Momtaz told Reuters on Wednesday in Khartoum: “Sudan has fulfilled all the necessary conditions relating to the roadmap, and the U.S. administration is a witness to that and therefore we expect the sanctions to be lifted.”
Some rights groups have raised concerns, saying the lifting of sanctions could lead to further abuses.
  “We’re afraid lifting the sanctions could pave way for the government to … violate rights,” Al-Buraq al-Nazir al-Warraq, the executive manager of the Sudanese Observatory for Human Rights, a group suspended by the government, said before word of the Trump administration’s decision.
The United States first imposed sanctions on Sudan in 1997, including a trade embargo and blocking the government’s assets, for human rights violations and terrorism concerns.
The United States layered on more sanctions in 2006 for what it said was complicity in the violence in Sudan’s Darfur region.

* * * * * * * * * * * * * * * * * * * *

NWS_a27. Washington Post: “Trump Plans to Declare That Iran Nuclear Deal Is Not in the National Interest”

(Source: Washington Post) [Excerpts.]
President Trump plans to announce next week that he will “de-certify” the international nuclear deal with Iran, saying it is not in the national interest of the United States and kicking the issue to a reluctant Congress, people briefed on an emerging White House strategy for Iran said Thursday.
The move would mark the first step in a process that could eventually result in the resumption of U.S. sanctions against Iran, which would blow up a deal limiting Iran’s nuclear activities that the country reached in 2015 with the U.S. and five other nations.
Trump is expected to deliver a speech, tentatively scheduled for Oct. 12, laying out a larger strategy for confronting the nation it blames for terrorism and instability throughout the Middle East. …

* * * * * * * * * * * * * * * * * * * *


8. J. Rapuano: “To Be Cyber Secure – May Not Mean You Are Export Secure”

* Author: Joanne Rapuano, Esq., Robinson+Cole, jrapuano@rc.com, 860-275-8317.
Ensuring that technical data is compliant with both export regulations and cybersecurity requires an understanding of what export controlled technical data/technology relate to and how they work together. The two major export control regulations, The International Traffic In Arms Regulations (ITAR) and the Export Administration Regulations (EAR), define controlled technical data/technology differently. Click for the ITAR definition and for the EAR definition.
An effective approach requires incorporating export regulations into cybersecurity protocols. This means the IT architecture needs to embrace not only the encryption requirements and authentication protocols in order to access a company’s systems, files, share drives, but also to analyze what “employees” have access to once they have validly entered their companies domain.
Even though the environment is secure by cybersecurity standards – it may not be “export” compliant.
Example – if a company has export controlled data, which could be cyber security compliant (i.e., encrypted) –  a potential export violation could occur if the person accessing the data (or potentially able to access it) doesn’t have the proper export authority based on their nationality/location. A U.S. company sets up an office in the United Kingdom (U.K.) and hires a U.K. citizen to work in that location. The U.K. citizen then gains access to the company’s server, which has export controlled technical data/technology located on it, another words, the U.K. citizen has not be firewalled out of the location where the controlled data is located. If the employee accessed the data or not (potential access) may constitute a potential export violation.
The recent trend is to have more cybersecurity measures identifying the “export controlled data” – and how it is being identified, controlled, and tracked.

* * * * * * * * * * * * * * * * * * * * 

9. M. Volkov: “The FCPA Compliance Defense – Don’t Wish for It, You Just Might Get It”

(Source: Volkov Law Group Blog. Reprinted by permission.)
* Author: Michael Volkov, Esq., Volkov Law Group, mvolkov@volkovlaw.com, 240-505-1992.  
Sometimes a bad idea just will not die. Sometime commentators like to return to simplistic solutions that sound good on paper. These same commentators have failed to address the practical concerns that outweigh any possible rational for enacting the so-called FCPA compliance defense.
This debate has been going on for a while and I expected the idea to die out. Recently, I saw renewed discussion of the idea. Yikes!! Here we go again.
As an alternative, I have proposed a different solution – offer companies a declination with disgorgement on condition that it presents and turns over all evidence to support indictment of culpable individuals. Companies would have to turn over evidence needed to prosecute these individuals. Companies would have an incentive to disclose an FCPA violation to avoid indictment and limit financial exposure to disgorgement of ill-gotten gains. My proposal is not much different than the current FCPA Pilot Program except that instead of a 50 percent reduction from the bottom of the sentencing guideline range applicable to a cooperating company, the company could earn a declination.
Going back to the FCPA compliance defense – as I understand the proposal, a company could raise the defense at a criminal trial for FCPA violations. The company would be indicted and have to spend the money, suffer the reputational harm, and then raise the defense at trial as a full defense to criminal liability.
Unfortunately, the proposal suffers from a number of serious infirmities.
First, companies do not want to wait to raise a defense at trial. Companies often settle criminal cases pre-indictment, and prosecutors have been regularly avoiding trials for fear of what is called the “Arthur Andersen” effect, referring to the conviction of Arthur Anderson which resulted in the collapse of the company and loss of thousands of jobs in the Houston, Texas community.
Compliance defense proponents respond that the compliance defense is only intended to provide companies with increased leverage during pre-indictment negotiations with the government. In this scenario, proponents claim that the compliance defense will not necessarily mean increased criminal trials of corporations but more reasonable settlements. Such a claim borders on pure speculation since government prosecutors may be inclined to test the corporation’s compliance defense.
Second, from a practical standpoint, if there is a compliance defense, prosecutors will be more likely to conduct grand jury investigations that focus on a company’s compliance program. Companies will rue the day when they receive a grand jury subpoena requesting broad access and review of documents and witnesses relating to the operation of a company’s compliance program.
In this situation, prosecutors may learn about other corporate violations and internal investigations in order to assess the overall performance of a company’ compliance program. A grand jury investigation focused on FCPA violations could quickly uncover corporate misconduct resulting in separate criminal investigations. In this situation, companies will be reluctant to raise the compliance defense for fear of the government discovering separate but unrelated criminal violations (e.g. antitrust) that the company uncovered in an internal investigation or internal enforcement matter.
Third, it is not clear how the compliance defense would work. In order to raise the defense and secure a jury instruction on the issue, how much and what type of evidence would a company be required to raise? If a company raised the compliance defense would it have to show that its compliance program was “effective” and only as to FCPA violations or as a whole as to all or some potential risks? These issues can be resolved but it is not clear that proponents have thought through how these issues would be resolved. Proponents who argue for the defense have an obligation to address these specific issues.

* * * * * * * * * * * * * * * * * * * * 

M. Feider, T. Levine & J. Graas: “
Luxembourg Space Resources Act: Paving the Legal Road to Space”

(Source: Allen & Overy LLP)
* Authors: Marc Feider, Esq., marc.feider@allenovery.com; Tom Levine, Esq., tom.levine@allenovery.com; and Jacques Graas, Esq., jacques.graas@allenovery.com. All of Allen & Overy LLP, Luxemburg, London, and Luxemburg, respectively.
Luxembourg Sets out to Become a Global Hub for the Utilization of Space Resources
“Art.1. Space resources are capable of being owned.”
By recognizing this legal principle through the adoption on 20 July 2017 of the Act on the Exploration and Use of Space Resources (the Space Resources Act), Luxembourg has drawn significant international attention. It is the first adopter in Europe of a legal and regulatory framework for the space mining industry, describing in particular the authorization and supervision procedures for missions aiming to explore and use natural resources in space. These procedures have been largely inspired by those applicable to the financial sector. [FN/2]
While the Space Resources Act also recognizes – at least implicitly – the rights that companies acquire during their space missions, the question of ownership in space will need additional clarification, as the domestic legislation will ultimately have to be complemented by international accords and cooperation.
Spaceresources.lu is an Open and Global Oriented Approach to Commercial Space Utilization
Luxembourg is a pioneer in regulating and investing in the utilization of space resources. To date only the United States provides for a legal regime on space resources with the U.S. Commercial Space Launch Competitiveness Act of 2015 (the U.S. Space Act). Other countries, such as the United Kingdom and Russia, have wide-ranging statutes on the licensing of space activities, but none of them have specific provisions governing the utilization of natural resources in outer space. [FN/3] Moreover, the United Arab Emirates is also planning to enact a statute on commercial activities in space, including space mining. [FN/4]
Contrary to the U.S. framework, however, Spaceresources.lu presents itself as a more open and global oriented approach to commercial space utilization. First, the Space Resources Act is not nationality-bound, unlike the U.S. Space Act, whose provisions pertaining to ownership and other rights to an asteroid resource or a space resource only apply to United States citizens. [FN/5] Second, export controls on space technology in Luxembourg and in the European Union are generally considered to be less stringent and less costly than their American counterparts. [FN/6] In particular ITAR (International Traffic in Arms Regulations) has been repeatedly criticized for stifling the U.S. space industry by making it difficult for U.S. companies to sell their products, such as commercial satellites or spacecraft components, outside the United States or to employ non-U.S. citizens to work on their complex and highly-technical projects. [FN/7] The growing market for “ITAR-free” technologies indicates that governments and companies are increasingly trying to find ways to lawfully address the long arm of U.S. export controls. [FN/8] The Luxembourg framework should hopefully open new market opportunities and ease the hiring process for spaceflight companies.
Legal Clarification Through International Cooperation
The Space Resources Act is, however, not without controversy. As noted by the Luxembourg Council of State, it is not clear whether international space law allows for a country to grant property rights to natural resources extracted in space. [FN/9] The governing treaty in that regard is the 1967 Outer Space Treaty, [FN/10] which has been ratified by all the major spacefaring nations and is legally binding on 105 countries, including Luxembourg. [FN/11] While the Outer Space Treaty does not explicitly forbid the appropriation of space resources by private actors, Article II nevertheless raises concerns as to what extent a country may permit such appropriation by providing that “[o]uter space, including the moon and other celestial bodies, is not subject to national appropriation by claim of sovereignty, by means of use or occupation, or by any other means.” [FN/12]
The academic literature is split on the question of ownership of space resources. While some authors consider private property rights in space to be legal by application of what seems to be the Lotus principle (i.e. what is not explicitly prohibited is permitted), [FN/13] others conclude that the appropriation of space resources may only make sense if the purported right is enforced, which would inevitably entail a national claim of sovereignty over a celestial body. [FN/14] Other authors again try to resolve the apparent contradiction by trying to draw parallels with the legal regime applicable to natural resources in the high seas. [FN/15] Either way, most seem to agree that the utilization of space resources needs a legal clarification on an international level. [FN/16]
In that regard, Luxembourg has already signed several memoranda of understanding with other countries on the legal aspects of space mining and participates in numerous other international initiatives, such as “The Hague Space Resources Governance Working Group.” [FN/17] Furthermore, since the United States has taken a clear position – although with a slightly more nationalistic vision – in favour of private ownership of space resources with the adoption of the U.S. Space Act, Luxembourg should not be alone it its efforts to promote commercial space utilization.
Luxembourg Ready to Further Invest in the Space Industry
Besides the legal framework set by the Space Resources Act and Luxembourg’s political engagements on an international level, space companies should also benefit from the unique ecosystem the Grand Duchy has to offer. As early as the 1980s, Luxembourg decided to invest in space by taking a major share in Société Européenne des Satellites (SES). Today, SES is one of the world’s leading communication satellite providers and owns over 50 satellites presently on orbit. In continuation of the country’s existing expertise in the sector, Luxembourg intends to launch, under the aegis of the Spaceresources.lu initiative, a fund offering financial support for innovative start-ups, as well as more mature companies in the space resources industry, with a commitment of 100 million euros. [FN/18] A number of industry players, such as Planetary Resources, Deep Space Industries, Kleos Space, GomSpace or ispace have to date availed of this possibility and have entered various agreements with the Luxembourg government. Further collaborations are expected and with the new legal framework provided by the Space Resources Act, it increasingly appears that in Luxembourg not even the sky is the limit.
  [FN/1] Loi du 20 juillet 2017 sur l’exploration et l’utilisation des ressources de l’espace [Law of July, 20 2017 on the Exploration and Use of Space Resources], Mémorial A, n° 674, July 28th 2017, art. 1 (Lux.) (emphasis added).
  [FN/2] Rapport de la commission de l’économie précédant la loi du 20 juillet 2017 sur l’exploration et l’utilisation des ressources de l’espace [Report of the commission of economy preceding the Law of 20 July, 2017 on the Exploration and Use of Space Resources],
Doc. parl.
7093/06, 2016-2017, p. 2 (Lux.).
Ram S. Jakhu, Joseph N. Pelton, Yaw O.M. Nyampong,
Space Mining and Its Regulation
, 138-143 (Springer, 2017).
  [FN/4] Lucy Barnard,
UAE to finalise space laws soon
, The National (March 7, 2016, 4:00 AM), available here.
  [FN/5] See in particular Section 51303 which grants any “United States citizen engaged in commercial recovery of an asteroid resource or a space resource” the right to “possess, own, transport, use, and sell the asteroid resource or space resource obtained in accordance with applicable law, including the international obligations of the United States.” 51 U.S.C. § 51303 (emphasis added).
N. Tushe,
US Export Controls: do they undermine the competitiveness of U.S. companies in the transatlantic defense market?
, 41 Pub. Cont. L. J. 57, 67-69 (Fall 2011).
  [FN/7] See
, at 70-72; P.J. Blount,
The ITAR treaty and its implications for U.S. space exploration policy and the commercial space industry
, 73 J. of Air L. and Com. 705 (Fall 2008); Jeff Foust,
One Nation, Over Regulated: Is ITAR Staling the New Space Race?
, 17 Ad Astra 14 (Fall 2005).
Sandra I. Erwin,
Export Rules Under Fire for Eroding U.S. Space Industry
, National Defense (June 1, 2009), available here.
Conseil d’État [C.E.] [Council of State] April 7, 2017, No. 51.987, available here (Lux.), p. 5.
  [FN/10] Treaty on Principles Governing the Activities of States in the Exploration and Use of Outer Space, including the Moon and Other Celestial Bodies, Jan. 27, 1967, 610 U.N.T.S. 205 [hereinafter Outer Space Treaty].
  [FN/11] The 1979 Moon Agreement, on the other hand, should only provide marginal reference as it has neither been signed by Luxembourg, nor indeed by any major spacefaring nation. The Moon Agreement has only been ratified by 17 countries (Australia, Austria, Belgium, Chile, Kazakhstan, Kuwait, Lebanon, Mexico, Morocco, the Netherlands, Pakistan, Peru, Philippines, Saudi Arabia, Turkey, Uruguay and Venezuela) versus the 1969 Outer Space Treaty which has been ratified by 105 countries, including the U.S., Russia, and China.
Comm. on the Peaceful Uses of Outer Space, Status of Int’l Agreements relating to activities in outer space as at 1 January 2017, U.N. Doc. A/AC.105/C.2/2017/CRP.7 (2017); Richard B. Bilder,
A Legal Regime for the Mining of Helium-3 on the Moon: U.S. Policy Options
, 33 Fordham Int’l L.J. 243, 269 (2009-2010) (“[T]he agreement should be given little weight as evidence of developing customary law.”); C.E.,
note 9, at 1 (“The Moon Agreement should be considered a failure.”).
  [FN/12] Emphasis added.
Richard B. Bilder,
note 11, at 275; Int’l Inst. of Space Law, Position Paper on Space Resource Mining (December 20th, 2015), at 3.
Virgiliu Pop,
Who Owns the Moon? – Extraterrestrial Aspects of Land and Mineral Ownership
, 72 (Springer, 2009);
Andrew R. Brehm,
Private Property in Outer Space: Establishing a Foundation for Future Exploration
, 33 Wis. Int’l L.J. 353, 361 (2015);
Ram S. Jakhu, Joseph N. Pelton, Yaw O.M. Nyampong,
note 3.
Ian B. Perry,
Law of Space Resources and Operations on Celestial Bodies: Implications for Legislation in the United States, Astropolitics
, 15 The Int’l. Journal of Space Politics & Policy 1, 5-8 (2017);
Ram S. Jakhu, Joseph N. Pelton, Yaw O.M. Nyampong,
note 3, at 126.
Andrew R. Brehm,
note 14, at 378; Richard B. Bilder,
note 11, at 297-299.
note 2, p. 2.
  [FN/18] Luxembourg Ministry of the Economy, Luxembourg to Launch a Fund Offering Financial Support for the Space Resources Industry, Press release (April 13, 2017), available here.

* * * * * * * * * * * * * * * * * * * * 

11. W. Shahid, R. Cook, R. Giambalvo: “Separating Signal from Noise: A Framework for Monitoring Compliance Program Performance” (Part 3 of 3)

* Authors: Waqas Shahid, Esq., waqas.shahid@ankuraconsulting.com, 646-291-8546; Randy Cook, Esq., randy.cook@ankuraconsulting.com, 646-291-8545; and Rosanne Giambalvo, Esq., rosanne.giambalvo@ankuraconsulting.com, 646-291-8575. All of Ankura Consulting Group LLC.
[Editor’s Note: Due to space limitations, this article is divided into three parts. Parts 1 & 2 were published in the Daily Bugle of Tuesday 3 October, and the Daily Bugle of Wednesday 4 October, respectively.]
In Parts 1 and 2 of this article, we laid out a case for compliance analytics, introduced a coherent framework for monitoring compliance program performance, and discussed the Planning Cycle in detail.  In this part, we continue the discussion of the Execution Cycle and how to extract insight from data you collect to drive business success.
Now that you have completed a Planning Cycle and created a roadmap for what data to collect, you are ready to start running your data analysis machine. We describe the three steps of the Execution Cycle below:
The first step in feeding the analytics machine is to create a process for the regular, periodic collection of relevant data from the various systems identified in the previous step into a central data store (i.e., a database or even an Excel workbook). Centrally collecting this data has several benefits, including allowing you to:
  – Interconnect, cross-reference, and manipulate data from multiple systems without worrying about how such manipulations will affect live enterprise systems. Doing so allows for richer insights into your compliance program.
  – Evaluate trend data over time and conduct advanced data analysis.
  – Utilize a single analysis tool (Excel or other commercial data analytics tools) for your analysis.
  – Record the basis for your metrics and KPIs, allowing traceability.
In addition to collecting the data, you should also make sure you have a process for sanitizing and transforming the data. Bad, duplicate, or incomplete data can disrupt your analysis efforts, or worse, result in misleading metrics and KPIs. Accordingly, before you start slicing and dicing your data, it is important to ensure that your data is “clean.” Sanitizing the data involves identifying and removing/flagging duplicate, incomplete, and irrelevant data records. Of course, this requires a high level of familiarity with the systems from which the data originated and is another reason why the “Build a Map” step above is critical.
After you’ve cleaned your data, you may also need to do a bit of transformation. Basically, this step involves creating/calculating data points you need for your metrics but which may not be readily available. This can be as simple as creating a new calculated field (e.g., to track the hours to complete a task if what you have are the start and end times for a task) or a complex transformation such as connecting sets of records from different systems into a new set of records (e.g., combining data from shipping and export classifications systems for a fuller picture).
Although the collection, sanitization, and transformation steps may seem daunting, many commercially available tools can help you efficiently achieve these tasks through scripting. Once set up, such scripting will help you quickly and efficiently collect “clean” data sets for analysis.
One final thing to keep in mind is that not all data you will want is in a technology system. For example, to collect data regarding company culture, level of awareness, or effectiveness of communication campaigns, you may need to conduct personal interviews and survey company personnel. Collecting such data is vital to arriving at a complete picture regarding the health of your company’s compliance programs, and you should consider making surveys and sensing sessions a regular and recurring part of your compliance programs.
However, be careful when collecting such data to avoid inadvertently introducing bias into the equation. Consider the difference between the following two questions:
  – This data shows that reports to the compliance hotline have dropped in the last year. Do you think employees are afraid to report violations?
  – This data shows that reports to the compliance hotline have dropped in the last year. Why do you think this may have occurred?
  – The first question requires merely a “yes” or “no” response from the interviewee and suggests a reason for the decline of hotline reports. The second question is open-ended, which may elicit more diverse, detailed information or reasons the interviewer had not considered.
“Bottom Line Up Front” and “Keep It Simple, Sam.” One of your primary goals in monitoring your compliance program is to effectively communicate its performance to critical stakeholders. Accordingly, always state your conclusions up front and do not let your audience wrestle with raw data on their own, struggling to answer the question, “Yes, but what does this all mean?” Along these same lines, the most compelling ideas are often the ones presented most simply and clearly. Make sure your presentations are clean, crisp, and to the point. Save the razzle-dazzle (e.g., advanced statistical evaluation methods or newly released Excel features) for when absolutely necessary and generally after you have made your fundamental points.
 Keep charts and graphs clean, visually appealing, and consistent. Draw attention to what is important and away from what is not through thoughtful use of colors (do not use crimson red unless you absolutely want to call attention to something; do not use very similar colors in legends, etc.), organizing charts along dimensions that make sense for the metric (e.g., from highest to lowest; alphabetically by BU), and obfuscating unnecessary detail – for example, in a pie chart, do you really need to separately represent 15 different data points, each representing less than 1 percent of the pie? Lump these smaller slices together into a slice labeled “Others” with some detail in the legend. Also, make sure you keep your presentation language consistent. That is, use colors, chart types, and other visual elements consistently from one presentation to the next so the audience can quickly digest the presented information.
 Metrics that represent snapshots in time rarely give the full picture. For most metrics/KPIs, you should ensure that you are tracking, evaluating, and presenting trends over time rather than just the latest measurement. Doing so will allow you to see current performance in context and give you and your audience a better idea of whether your program is improving, stagnating, or in need of course correction.
 The devil is in the details. Good-looking averages can often mask worrisome performance in specific areas or by specific business units or persons. Accordingly, when looking at a KPI, it is useful to break down the KPI along multiple dimensions to ferret out details. For example, in addition to determining the company’s overall license application cycle time, you should also consider breaking down this metric by product family involved, business units involved, or even licensing specialists involved. Doing so will allow you to better understand if there are any significant deviations from the average that warrant further attention. Of course, if you find nothing interesting in the details, you do not need to include such a breakdown in your presentations.
 In preparing your charts and metrics, make sure you also look at the underlying data to identify any outliers. An outlier is any data point that is well outside of the mean. For example, if most business units approve exports within three days, but one unit’s average approval time is 20 days, you should investigate why this is the case. It could be that the outlier merely shows unaccounted-for complexity or unique circumstances within that business unit (e.g., it sells particularly complex technology that requires a close analysis before each export can be approved). However, it also could be that the outlier business unit has been improperly siloed from other business units and has not received the same training as other units. The outlier could also indicate some other distinctive attribute for that specific business unit. The important thing is (i) to understand why the outlier occurred and (ii) to either confirm that it does not indicate a compliance gap or, if it does, to remedy the issue.
To make the best use of your monitoring efforts, it is important to ensure that you run your metrics on a recurring, scheduled basis. We have found that doing so monthly is usually sufficient, although you can adjust that cycle time depending on your resources and needs. Even when the metrics are not used for critical stakeholder presentations, it is still important to have them available for your own planning and compliance program prioritization, and for potential future use (e.g., in trends analysis).
The final step in this framework is to act. Your monitoring efforts will often lead to the identification of problem areas or efficiency opportunities. When you find such golden nuggets of opportunity, make sure you have an action plan to address the issue. Once implemented, make sure the action taken has the desired effect by closely monitoring relevant metrics in subsequent iterations of the Execution Cycle.
In the larger picture, you should leverage the metrics to enrich your understanding of program priorities, risks, and opportunities. In the scarce economics of compliance resourcing, it is vital to use your data-based insights to prioritize your existing work backlog, identify efficiency opportunities, allocate and prepare your budget, and plan your compliance program’s next steps.
* * *
Compliance programs are inevitably under the scrutiny reserved for company overhead. The constant trend is to be asked to do more with less. In this lean operating environment, a systematic data monitoring program is a critical enabler. Done properly, it will give you needed insight into your program’s performance, risks, opportunities, and priorities. Moreover, it provides the quantitative basis to both demonstrate value to business stakeholders and to justify continued investments in your program. You can use your methodically analyzed data and reports to communicate the direct relationship between compliance program performance and your company’s most important assets, relationships, and reputation. Effectively used data can shift the discussion around your compliance budget from the downward ratchet of overhead costs to a more rewarding analysis of risk, value, and investment.

* * * * * * * * * * * * * * * * * * * * 

12. Gary Stanley’s ECR Tip of the Day

(Source: Defense and Export-Import Update; available by subscription from
* Author: Gary Stanley, Esq., Global Legal Services, PC, (202) 352-3059,
Where a foreign end user is not certain of the original procurement method (FMS v. Direct Commercial Sale), the U.S. Department of State’s Office of Regional Security and Arms Transfer (RSAT) (
PM_RSAT-TPT@state.gov) is the appropriate office for the foreign end user to submit a request for a third party transfer or rexport/retransfer authorization. In such cases, RSAT will process the request and coordinate with DDTC. Information on RSAT and the third party transfer process can be found at https://www.state.gov/t/pm/rsat/c14021.htm. Whether for RSAT or DDTC, to facilitate adjudication of the request, DDTC that the foreign end user provide a best-faith statement as to what it believes to be the original acquisition method (i.e., via DCS or FMS), a summary of steps taken to investigate the acquisition of the article(s), and any other information that may be helpful. 

* * * * * * * * * * * * * * * * * * * * 


* Ray Kroc (Raymond Albert “Ray” Kroc; 5 Oct 1902 – 14 Jan 1984; was an American businessman. He joined the Californian chain McDonald’s in 1954 and built it into a nationwide and eventually global franchise, making it the most successful fast food corporation in the world.)
  – “The two most important requirements for major success are: first, being in the right place at the right time, and second, doing something about it.”
* John Erskine (5 Oct 1879 – 2 Jun 1951; was an American educator and author, pianist and composer. He was an English professor at Amherst College from 1903 to 1909, followed by Columbia University from 1909 and 1937. During his tenure at Columbia University he formulated the General Honors Course-responsible for inspiring the influential Great Books movement.)
  – “There’s a difference between beauty and charm. A beautiful woman is one I notice. A charming woman is one who notices me.”
  – “Luck is a dividend of sweat. The more you sweat, the luckier you get.”


* * * * * * * * * * * * * * * * * * * *

. Are Your Copies of Regulations Up to Date?
(Source: Editor)

The official versions of the following regulations are published annually in the U.S. Code of Federal Regulations (C.F.R.), but are updated as amended in the Federal Register.  Changes to applicable regulations are listed below.
: 27 CFR Part 447-Importation of Arms, Ammunition, and Implements of War
  – Last Amendment: 15 Jan 2016: 81 FR 2657-2723: Machineguns, Destructive Devices and Certain Other Firearms; Background Checks for Responsible Persons of a Trust or Legal Entity With Respect To Making or Transferring a Firearm. 
: 19 CFR, Ch. 1, Pts. 0-199
  – Last Amendment: 28 Sep 2017: 82 FR 45366-45408: Changes to the In-Bond Process [Effective Date: 27 Nov 2017.]

  – Last Amendment: 18 May 2016: Change 2
: Implement an insider threat program; reporting requirements for Cleared Defense Contractors; alignment with Federal standards for classified information systems; incorporated and cancelled Supp. 1 to the NISPOM (Summary 

: 15 CFR Subtit. B, Ch. VII, Pts. 730-774

  – Last Amendment: 3 Oct 2017: 82 FR 4 5959-45962: Updated Statements of Legal Authority for the Export Administration Regulations

: 31 CFR, Parts 500-599, Embargoes, Sanctions, Executive Orders
  – Last Amendment: 16 Jun 2017: 82 FR 27613-27614: Removal of Burmese Sanctions Regulations 
: 15 CFR Part 30
  – Last Amendment: 20 Sep 2017: 82 FR 43842-43844: Foreign Trade Regulations (FTR): Clarification on Filing Requirements; Correction  
  – HTS codes that are not valid for AES are available
  – The latest edition (20 Sep 2017) of Bartlett’s Annotated FTR (“BAFTR”), by James E. Bartlett III, is available for downloading in Word format. The BAFTR contains all FTR amendments, FTR Letters and Notices, a large Index, and footnotes containing case annotations, practice tips, Census/AES guidance, and to many errors contained in the official text. Subscribers receive revised copies every time the FTR is amended. The BAFTR is available by annual subscription from the Full Circle Compliance website.  BITAR subscribers are entitled to a 25% discount on subscriptions to the BAFTR.
, 1 Jan 2017: 19 USC 1202 Annex. (“HTS” and “HTSA” are often seen as abbreviations for the Harmonized Tariff Schedule of the United States Annotated, shortened versions of “HTSUSA”.)
  – Last Amendment: 25 Jul 2017: Harmonized System Update 1706, containing 834 ABI records and 157 harmonized tariff records.
  – HTS codes for AES are available
  – HTS codes that are not valid for AES are available
  – Last Amendment: 30 Aug 2017: 82 FR 41172-41173: Temporary Modification of Category XI of the United States Munitions List
  – The only available fully updated copy (latest edition: 12 Sep 2017) of the ITAR with all amendments is contained in Bartlett’s Annotated 

, by James E. Bartlett III. The BITAR contains all ITAR amendments to date, plus a large Index, over 800 footnotes containing amendment histories, case annotations, practice tips, DDTC guidance, and explanations of errors in the official ITAR text. Subscribers receive updated copies of the BITAR in Word by email, usually revised within 24 hours after every ITAR amendment.
 The BITAR is available by annual subscription from the Full Circle Compliance
. BAFTR subscribers receive a 25% discount on subscriptions to the BITAR, please
contact us
to receive your discount code.

* * * * * * * * * * * * * * * * * * * *

Weekly Highlights of the Daily Bugle Top Stories

(Source: Editor) 

Review last week’s top Ex/Im stories in “Weekly Highlights of the Daily Bugle Top Stories” published 

* * * * * * * * * * * * * * * * * * * *


* The Ex/Im Daily Update is a publication of FCC Advisory B.V., compiled by: Editor, James E. Bartlett III; Assistant Editors, Alexander P. Bosch and Vincent J.A. Goossen; and Events & Jobs Editor, John Bartlett. The Ex/Im Daily Update is emailed every business day to approximately 8,000 readers of changes to defense and high-tech trade laws and regulations. We check the following sources daily: Federal Register, Congressional Record, Commerce/AES, Commerce/BIS, DHS/CBP, DOJ/ATF, DoD/DSS, DoD/DTSA, State/DDTC, Treasury/OFAC, White House, and similar websites of Australia, Canada, U.K., and other countries and international organizations.  Due to space limitations, we do not post Arms Sales notifications, Denied Party listings, or Customs AD/CVD items.

* RIGHTS & RESTRICTIONS: This email contains no proprietary, classified, or export-controlled information. All items are obtained from public sources or are published with permission of private contributors, and may be freely circulated without further permission. Any further use of contributors’ material, however, must comply with applicable copyright laws.

* CAVEAT: The contents of this newsletter cannot be relied upon as legal or expert advice.  Consult your own legal counsel or compliance specialists before taking actions based upon news items or opinions from this or other unofficial sources.  If any U.S. federal tax issue is discussed in this communication, it was not intended or written by the author or sender for tax or legal advice, and cannot be used for the purpose of avoiding penalties under the Internal Revenue Code or promoting, marketing, or recommending to another party any transaction or tax-related matter.

* SUBSCRIPTIONS: Subscriptions are free.  Subscribe by completing the request form on the Full Circle Compliance website.

* TO UNSUBSCRIBE: Use the Safe Unsubscribe link below.

Scroll to Top