In an increasingly complex geopolitical landscape, proactively complying with International Traffic in Arms Regulations (ITAR) is of paramount importance. Rigorous ITAR compliance not only helps prevent the proliferation of military technology that could be used against the U.S. and its allies, but it is also crucial for maintaining an organization’s operational integrity and protecting it from legal and financial repercussions. The 2024 ICPA ITAR Conference reinforced our collective commitment to enhancing ITAR license management and compliance.
In this article I will share the insights and learnings I gleaned from the event, including best practices for complying with ITAR and other export controls such as Export Administration Regulations (EAR).
Key Takeaways
- The 2024 ICPA ITAR conference recorded a strong turnout of defense industry professionals and regulatory officials, with a lineup of sessions that reinforced the importance of ITAR compliance in global security.
- At the forefront of discussions was the transformative role of AI in the industry.
- Other major topics included the proposed ‘AUKUS’ rule, increased regulatory scrutiny on universities and SMBs, and the complexities of the ‘see-through rule’
- Ensuring accurate export classification, implementing robust internal controls, and working with reputable export compliance solutions providers like Descartes, were highlighted as some of the top best practices for ITAR compliance.
Overview of the 2024 ICPA ITAR Conference
Attending the 2024 ICPA ITAR Conference at the historic Hilton Hotel in Fort Worth, TX, was a profound experience. The venue, steeped in history as the place where President John F. Kennedy stayed the night before his assassination, served as a poignant reminder of the significance of ITAR compliance. It was President Kennedy who, through Executive Order 10973, entrusted the Department of State with the authority to control the export and import of defense articles and services, emphasizing the need to prevent military technology from falling into the wrong hands.
Despite severe weather and storms in Texas, the conference drew a strong attendance of defense industry professionals and regulatory officials. Having recently acquired OCR, I was joined by members of our new sister company in representing Descartes at this conference. We had the opportunity to speak on some panel sessions and shared how the combination of Descartes and OCR enhances the export compliance solutions we offer, empowering organizations to effectively navigate their EAR and ITAR license requirements.
Figure 1: Descartes Export Compliance Solutions Experts, Rajeev Malhotra (L) and Max Elias, at the 2024 ICPA ITAR Conference
The engagement from the audience was a testament to the critical importance of ITAR licenses and export compliance. The feedback was overwhelmingly positive, with many participants expressing excitement about the role of automated technologies in enhancing compliance with U.S. and international regulations. The conference agenda covered several important topics in ITAR compliance, export licenses, EAR requirements, and other import/export subjects including:
- Setting up an ITAR Compliance Program
- Understanding ITAR & Exploring the Munitions List
- ITAR Triage
- Classification and Commodity Jurisdiction
- ITAR Compliance for US Allies: Australia, Canada, & UK
- Export Authorizations
- Re-Exports and Re-Transfers
- ITAR and EAR Combos and Conflicts
- How to Partner with IT for ITAR Compliance
Major Highlights and Reflections from the 2024 ICPA ITAR Conference
The recurring theme of the conference echoed the core principles laid out by President Kennedy over 50 years ago in the same building: maintaining tight control over defense-related exports is vital to protect U.S. national security and international stability. Attendees agreed that noncompliance with ITAR and EAR regulations carries serious implications, not only for their companies but also for safeguarding U.S. and allied military personnel and promoting global peace.
I will explore the main highlights and updates from the conference below, along with guidance for businesses engaged in or considering entering sectors where ITAR compliance applies.
Key Proposed Amendments to ITAR: ‘AUKUS’ Rule
One of the most significant developments discussed at the 2024 ICPA ITAR Conference was the Directorate of Defense Trade Controls’ (DDTC) proposed “AUKUS” rule. This amendment to ITAR aims to reduce export authorization requirements for defense articles, defense services, and brokering activities listed on the U.S. Munitions List (USML) when provided to authorized users in Australia and the United Kingdom. This change is designed to streamline ITAR compliance.
The proposed “AUKUS” rule follows the precedent set by similar regulations currently in place with Canada. It marks the second significant action by the U.S. this year to simplify export compliance for its allies. Earlier in April, the Bureau of Industry and Security (BIS) published an interim final rule that removed nearly all controls on items listed under the Commerce Control List (CCL) and subject to EAR when exported to Australia and the UK
This move underscores the ongoing commitment of the U.S. to enhance security cooperation with Australia, Canada, and the United Kingdom, recognizing the critical importance of these partnerships in addressing global security challenges especially with regards to China and Russia.
While the proposed rule is beneficial in many ways for ITAR License management, it also poses several export compliance risks that need to be carefully managed:
- Risk of Misinterpreting the Rule: due to the recency of the “AUKUS” rule, the specific conditions and limitations can be easily misinterpreted, leading to unauthorized exports. It’s essential to have a clear understanding of which defense articles, services, and brokering activities are covered. Leveraging the expertise of tailored compliance programs that address the specific needs and risks of each business, ensuring comprehensive adherence to all regulatory requirements. Additionally, seek vendors who can offer training and resources to ensure your team understands the specifics of the “AUKUS” rule and how to apply it correctly.
- Over-Reliance on Simplified Processes: As the rule simplifies certain export requirements, the risk of becoming complacent and neglecting other important aspects of export compliance, such as due diligence and proper export classification may set in. Therefore, implementing automated compliance solutions for managing export licenses, documentation, and record-keeping, is essential in reducing the risk of human error and ensuring consistency.
- Failing to Ensure End-User Verification: Ensuring that authorized users in Australia and the UK are legitimate and that exported items are used as intended remains a critical compliance requirement. Organizations will require export compliance software providers who offer comprehensive solutions for thorough end-user verification. These solutions should have the capabilities for restricted / denied party screening, export documentation and licensing, and export classification workflow.
The Role of AI in Export Compliance
Another topic that attracted significant attention was the panel session on the transformative role of AI in export compliance. I was invited to speak on this subject due to Descartes’ recognition as an industry leader in providing AI-enabled trade and export compliance software solutions. The discussions with fellow industry experts made it clear that AI will revolutionize both regulatory enforcement and organizational compliance, integrating seamlessly into daily operations.
Figure 2: Descartes’ Max Elias sitting on a Panel Session about AI’s Role in Export Compliance L-R: Lila Landis – Seko Logistics | Aaron Ansel – KYG Trade | Matt Henson -Trade Collaboration Engine | Max Elias – Descartes | Brooke Shiller CEO, Globaleyes
At Descartes, we are already witnessing how our AI-powered solutions enhance the efficiency and accuracy of compliance initiatives by automating complex processes, identifying potential risks, and ensuring real-time adherence to export regulations. However, fully leveraging AI’s capabilities and maintaining a competitive edge in a rapidly evolving regulatory landscape requires a combination of advanced technology and human expertise.
The consensus among experts was clear: to stay ahead of the curve, it is crucial for organizations to partner with reputable compliance technology companies like Descartes.
Growing EAR and ITAR Compliance Responsibilities for Universities
In recent years, the DDTC has ramped up its efforts to ensure that universities and research centers adhere to ITAR guidelines, culminating in the publication of detailed export compliance guidance based on visits to various higher education and research institutions between 2020 and early 2024.
Universities and research centers are pivotal in driving innovation and advancing important technological capabilities. Several of these are sensitive technologies that intersect with national security risks. The discussions at the conference emphasized the need for these institutions to adopt stringent compliance measures. Cases of export control violations were highlighted where professors and academic advisors were found illegally possessing and transferring technical engineering information, which was then reverse-engineered and sent back to restricted parties / sanctioned jurisdictions. Such incidents highlight the critical need for deemed export compliance and the cultivation of a robust compliance culture.
The DDTC’s guidance promotes the implementation of comprehensive export compliance programs, regular training for faculty and staff, and strict controls to monitor and prevent unauthorized access to sensitive information. As universities and research centers take on growing responsibilities in EAR and ITAR compliance, it is crucial that they embrace these best practices and identify the right compliance software partners to help protect their research integrity and comply with export regulations.
Increased ITAR Compliance Audits for Small and Medium Businesses
Another noteworthy development that was discussed at the conference was the increase in ITAR compliance audits targeting small and medium-sized businesses (SMBs). The heightened scrutiny reflects the regulatory obligations that businesses of all sizes must meet the DDTC’s strengthened enforcement efforts.
One of the primary recommendations for SMBs is to act conservatively when dealing with items that could be subject to ITAR regulations. Many ubiquitous items can fall under ITAR’s purview, either requiring an ITAR license or qualifying for an exemption. To navigate this complex landscape, it is best practice for organizations to seek a commodity jurisdiction decision if there is any uncertainty about an item’s USML status. By proactively addressing potential compliance issues and seeking clarification from the DDTC, SMBs can mitigate risks and avoid costly penalties. This conservative approach not only ensures compliance but also reinforces the organization’s commitment to adhering to national security regulations.
SMBs play a crucial role in the defense supply chain, however, they often face unique challenges in maintaining compliance due to limited resources and expertise. From my perspective, implementing robust systems and processes to manage ITAR compliance and other export controls does not need to be costly. Seeking compliance software providers who have scalable and customizable solutions can help SMBs tailor their technology to meet their needs.
Understanding the ‘See-Through’ Rule
Recent updates to the see-through rule were revisited in several conversations at the conference. The rule is designed to maintain the classification of defense articles under ITAR regulations, even when they are incorporated into items that are wholly commercial and only subject to the EAR regulations imposed by the BIS. While the see-through rule plays a vital role in export compliance, it has a reputation of being extremely complex to adhere to.
For instance, an aircraft that is otherwise entirely controlled under EAR but is equipped with an ITAR-controlled camera still necessitates an ITAR license. Conversely, the EAR has a different approach. When an EAR-controlled item includes an ITAR component, the item typically loses its ITAR classification once integrated into the higher EAR item. Understanding and navigating the nuances of the see-through rule is essential for ensuring compliance and avoiding potential violations in the complex landscape of export regulations.
Best Practices for ITAR Compliance
Effectively managing your ITAR compliance objectives requires a systematic approach that incorporates several best practices to cover all aspects of export compliance including policies, procedures, employee responsibilities, and internal controls. The following best practices I recommend below are derived from both the DDTC’s ITAR Compliance guidelines, and my experience helping multiple organizations successfully navigate their ITAR obligations.
- Thoroughly analyze your business operations, products, and services to determine the applicable export regulations and ITAR License requirements.
- Create a comprehensive ITAR compliance manual that incorporates the seven elements outlined by the DDTC.
- Implement robust internal controls to monitor and manage ITAR-related activities such as tracking and controlling the export of defense articles and services.
- Conduct regular ITAR training and awareness programs for employees especially those involved in export activities at every level.
- Ensure all items under ITAR and EAR regulations are screened and classified accurately. Leverage automated export classification solutions that streamline the process and boost accuracy.
- Establish and enforce policies for deemed export compliance. Use advanced denied party screening systems to verify that controlled technology and data are released legally.
- Perform periodic audits to identify and address any vulnerabilities in your ITAR compliance programs.
- Partner with export compliance software providers that can offer valuable guidance and the latest industry best practices to help you successfully navigate the regulatory landscape.
- Include trade show activities in your compliance program to prevent inadvertent violations. Properly check all trade show shipments for compliance with ITAR and EAR.
- Keep up to date with the latest developments in ITAR regulations and adopt compliance solutions that can easily adapt to any new regulatory changes or challenges.
Descartes Provides the Right Capabilities to Enhance Trade Compliance
The consequences of ITAR non-compliance can be severe, highlighting the critical importance of effective compliance programs. Descartes is a provider of an industry-leading suite of export classification, export license management, denied party screening, and 3rd party risk management solutions.
Descartes Visual Compliance and Descartes OCR solutions are flexible and modular, allowing organizations to pick the specific and exact functionality and content they need for their particular compliance needs and scale up later as and when necessary. If you would like to discuss your software requirements to boost ITAR compliance efficiency and productivity, you can book a meeting with me or contact us for a demo.
Find out what our customers are saying about Descartes Denied Party Screening on G2 – an online third-party business software review platform. Additionally, you can read this essential buyer’s guide to denied party screening to help you select a solution that fits your needs.
