Page 1

Principles of

AUDIT: EXPORT

Compliance Series By Clement Key

copyright c.m. key 2018

i


EXPORT AUDIT The scope of this book is to guide the importer in measuring their efforts in exercising reasonable care. A compliance manual sets the tone of organizational spirit in meeting the requirements. It is needed with the required tools to effectively administer regulatory and commercial duties. A skilled person must use his/her knowledge to apply assets in the best interest of the company. Compliance Manual Tools - references Training Application Internal Audit A lack of communication and poor record keeping are cited as major deficiencies in audit findings. Officer support is required and must be clearly stated in policy. All involved must have centralized focus to carry out the demanding requirements. Recognizing that many complicated factors may be involved in Export issues, an exporter may wish to obtain a ruling.You should obtain advice from an expert (such as a licensed Customs Broker, attorney or consultant) who specializes in EXPORT matters. Reliance on the general information in this book may not be considered reasonable care. Federal Register controls! This is for training only.

Written for the reader to understand audit procedures and elements that are needed in an active Exporter’s internal audit plan.

Writer – Clement Key, 33 years government service; U.S. Customs Service positions in every area of import and export. Trained at Hofstra University 1971, Valuation training Federal Law Enforcement Center, Glynco, Ga. 1980, Transfer Price Training, Chicago, IL 1993. Holder of Customs Broker License. Given awards including the prestigious Hammer Award by Vice President Gore in 1994. Author of several books on Import and Export matters. Import and Export Compliance reference/training software. www.exportimportcompliance.com

copyright c.m. key 2018

ii


TOC Compliance Factors Best Practices

5

Assessment of Compliance Image

6

Image Objectives Components Entity

7

System of internal control. Benefits of Internal Control Assessments Assessing Risk

7 7

Evaluating Internal Controls

8

Access Export Control Environment

9

Audit Module: Self-Assessment Tool

10

PRE-AUDIT CHECKLIST POST-AUDIT CHECKLIST

11

ELEMENT 1: Management Commitment

12-15

ELEMENTS 2 & 5: Risk Assessment & Cradleto-Grave Export Compliance Security & Screening

16

ELEMENTS 2 & 5: Risk Assessment & Cradle-to-Grave Export Compliance Security & Screening Review orders/transactions against the Denied Persons List (DPL)

19

ELEMENTS 2 & 5: Risk Assessment & Cradle-to-Grave Export Compliance Security & Screening Diversion Risk Profile (DRP) See EAR Part 732, Supplements 1 & 3

21

ELEMENTS 2 & 5: Risk Assessment & Cradle-to-Grave Export Compliance Security & Screening Prohibited nuclear end-uses/users, EAR, Section 744.2

22

ELEMENTS 2 & 5: Risk Assessment & Cradle-to-Grave Export Compliance Security & Screening Rocket Systems & Unmanned Air Vehicles Prohibited missile end-uses/users, EAR, Section 744.3

23

ELEMENTS 2 & 5: Risk Assessment & Cradle-to-Grave Export `` 24 Compliance Security & Screening Prohibited chemical & biological weapons (CBW) end-uses/users, EAR, Section 744.4 ELEMENTS 2 & 5: Risk Assessment & Cradle-to-Grave Export `` Compliance Security & Screening Review orders/transactions against Antiboycott Compliance Red Flags.

25

ELEMENTS 2 & 5: Risk Assessment & Cradle-to-Grave Export

26

copyright c.m. key 2018

3


Compliance Security & Screening

Review customers & other parties against the Entity List. ELEMENT 3: A Formal Written EMCP

27

ELEMENT 4: Training

29

ELEMENT 6: Recordkeeping (EAR, Part 762)

31-32

ELEMENT 7: Audits/Assessments

33-34

Classification

36

Value

39

736.2 General prohibitions and determination of applicability.

42

DATA – Acquire

43

Shipper’s letter of Instruction

46

AES Record

47

Example of Shipper’s Letter of Instruction Form

48

SLI Instructions (SED Instructions)

49

CCL Classification Example

57

Records

64

copyright c.m. key 2018

4


Compliance Factors BACK • Perform a Meaningful Import / Export risk analysis. • Have a formal written import / Export compliance program! • An officer must be responsible for overseeing the import / Export compliance program. • Adequate training must be provided for employees. • A company must adequately screen their customers and transactions. • Your company must meet the compliance program’s Record keeping requirements. • The existence and operation of an internal audit system for reporting Import / Export violations must be in place. • Your company must keep on file the documented results of Internal / External reviews or audits. • Proof of remedial activity that has been taken in response to import / Export violations. Best Practices Best Practice #1. Each Company should develop a written policy against allowing its exports or services to contribute to terrorism or programs of proliferation concern. Best Practice #2. Each Company should identify one person, who reports to the Company’s Chief Executive Officer, General Counsel, or other senior management official (but not to an official whose only or primary function in addition to export control compliance is sales or marketing), as the ultimate party responsible for oversight of the Company’s export control compliance program. Best Practice #3. Each Company should create an export control compliance program. A Company should integrate this compliance program into its overall regulatory compliance, security, and ethics programs. Best Practice #4. Each Company should ensure that relevant Company personnel receive regular training in export control compliance responsibilities. Best Practice #5. An Exporter/Reexporter should seek to utilize only those Trade Facilitators/Freight Forwarders that also observe these best practices. Best Practice #6. An Exporter/Reexporter should communicate the appropriate Export Control Classification Number (ECCN) or other classification information for each export/reexport to the end-user and, where relevant, to the ultimate consignee. An Exporter/Reexporter should also make such ECCN available to the Trade Facilitator/Freight Forwarder, if it is not otherwise accessible by the Trade Facilitator/Freight Forwarder. Best Practice #7. A Company should screen all parties to proposed transactions for the presence of parties who are: are subject to an order denying export privileges; on the Unverified List; on copyright c.m. key 2018

5


the Entity List; or on any list of U.S. Government sanctioned parties, and should maintain a record of such screening. Best Practice #8. A Company should screen all exports/reexports against a list of embargoed destinations, and should maintain a record that such screening was performed. Best Practice #9. With respect to transactions to, from, or through transshipment hubs, Exporters/Reexporters should take appropriate steps to know who the end-user is and to determine whether the item will be reexported or incorporated in an item to be reexported. BACK Best Practice #10. With respect to transactions to, from, or through transshipment hubs, Companies should have in place compliance and/or business procedures to be immediately responsive to theft or unauthorized delivery. This include procedures to ensure that the item exported has reached the proper end-user, such as documented confirmation. Best Practice #11. With respect to transactions to, from, or through transshipment hubs, Companies should pay heightened attention to the Red Flag Indicators on the BIS Website (see http://www.bis.doc.gov/Enforcement/redflags.htm) and in the “Know Your Customer Guidance” set forth in Supplement 3 to Part 732 of the EAR. Best Practice #12. When a Company encounters a suspicious transaction, such as those outlined in the “Know Your Customer” Guidance and Red Flags (Supplement No. 3 to Part 732 of the EAR), it should inquire further and attempt to resolve any questions raised by the transaction. If the circumstances can be explained or justified, then it may proceed with the transaction. If there continue to be reasons for concern after the inquiry, the Company should refrain from the transaction. If the transaction is determined to involve a potential or actual violation of the EAR, the Company should contact BIS or another U.S. law enforcement agency immediately and maintain all relevant records. DATED: November 24, 2003

Assessment of Compliance

copyright c.m. key 2018

6


Generally, controls that are relevant to an audit pertain to the entity’s objective of preparing financial statements for external purposes. Controls relating to operations and compliance are particularly relevant to compliance audits because they pertain to the Audit team’s evaluation of the risk to BIS that the company’s exporting process may result in significant noncompliance with laws and regulations (Sarbanes-Oxley noted) Objectives BACK • *financial reporting • *operations • *compliance Components • *control environment • *risk assessment • *control activities • *information & communication • *monitoring Entity • *functions • *units System of internal control. The five components of internal control are applicable to assessments of compliance with BIS requirements. The components should be considered in the context of the following: • The entity’s size. • The entity’s organization and ownership characteristics. • The nature of the entity’s business. • The diversity and complexity of the entity’s operations. • The entity’s methods of transmitting, processing, maintaining, and accessing information. • Applicable legal and regulatory requirements.

Benefits of Internal Control Assessments Internal control assessments can help auditors perform assignments more quickly and work with greater assurance that objectives are achieved. Such assessments help to: • Determine when internal controls can be relied on to reduce audit testing, copyright c.m. key 2018

7


• Focus on areas of weakness for emphasis during the assignment, and • Identify potential causes of problems or deficiencies to which recommendations for corrective action can be directed. Internal controls, no matter how well designed and implemented, can provide only reasonable assurance regarding achievement of an entity’s control objectives. The likelihood of achievement is affected by limitations inherent to internal control, such as human judgment in decision making and human errors or mistakes. In addition, the cost of internal controls should not exceed the expected benefits. Usually, precise measurement of costs and benefits is not possible. Accordingly, management makes both quantitative and qualitative estimates and judgments in evaluating cost-benefit relationships. The steps taken to assess controls may simultaneously help attain other objectives, such as resolving the overall assessment objective or assessing compliance with applicable laws and regulations. The audit objective determines the extensiveness of internal control assessment as well as the scope and methodology of the audit. Assignments with broad objectives are generally more difficult and require more resources and time than assignments with limited objectives. Therefore, objectives should be defined as precisely as possible to preclude unnecessary work while meeting the assignment’s purpose. Assessing Risk The following guidance should be used for assessing risk: • If the Audit team concludes that transaction testing can be limited because the company has an acceptable level of internal controls, the Audit team must document the controls and tests of those controls made to assure their operation and effectiveness. • The Audit team can use a combination of different types of tests to get sufficient evidence of a control’s effectiveness. • Inquiries alone generally will not support an assessment that internal controls are adequate and effective. BACK • Observation provides evidence about a control’s effectiveness only at the time observed it does not provide evidence about its effectiveness during the rest of the period under audit. • The Audit team can use evidence from tests of controls done in prior audits, but it has to obtain evidence about the nature and extent of significant changes in policies, procedures, and personnel since it last performed those tests. Evaluating Internal Controls The first step in evaluating internal controls is to determine the risk exposure, which is the likelihood of significant noncompliance with laws and regulations. The next step in the process is to review the system of internal control. The relationship of risk exposure to the system of internal control determines the nature and extent of audit tests. The audit tests provide an evaluation of the effectiveness of internal controls. The combined results from the risk exposure, review of the design of the internal control system, and tests of internal controls are the basis for an opinion on the adequacy of internal controls. The extensiveness of tests of internal controls is illustrated Determining Extensiveness of Audit Test Risk Exposure + System of Internal Control = Extensiveness of Audit Test High Weak High Adequate Moderate to High Strong Low to Moderate Moderate Weak Moderate to High Adequate Moderate Strong Low Low Weak Low to Moderate Adequate Low Strong Very Low Table adapted from the GAO Gray Book. AICPA SAS 78 (paragraphs 19–21) provides the following internal control guidance: In all audits, the auditor should obtain an understanding of each of the five components of internal control sufficient to plan the audit by performing procedures to understand the design of controls relevant to an audit of financial statements, and whether they have been placed in operation. In planning the audit, such knowledge should be used to— copyright c.m. key 2018

8


• Identify types of potential misstatements. • Consider factors that affect the risk of material misstatement. • Design substantive tests. The nature, timing, and extent of procedures the auditor chooses to perform to obtain the understanding will vary depending on the size and complexity of the entity, previous experience with the entity, the nature of the specific controls involved, and the nature of the entity’s documentation of specific controls. For example, the understanding of risk assessment needed to plan an audit for an entity operating in a relatively stable environment may be limited. Also, the understanding of monitoring needed to plan an audit for a small, noncomplex entity may be limited. Whether a control has been placed in operation is different from its operating effectiveness. In obtaining knowledge about whether controls have been Focused Assessment Program Exhibit 3B placed in operation, the auditor determines that the entity is using them. Operating effectiveness, on the other hand, is concerned with how the control was applied, the consistency with and by whom which it was applied. For example, a budgetary reporting system may provide adequate reports, but the reports may not be analyzed and acted on. This Statement does not require the auditor to obtain knowledge about operating effectiveness as part of the understanding of internal control.

Access Export Control Environment Y Performed a Meaningful Import /Export risk analysis. Has Risk Analysis been performed? Have a formal written Export compliance program! Is there a written compliance program? An officer must be responsible for overseeing the Export compliance program. Is there designated officer responsibility? Adequate training must be provided for employees. Has adequate training been given? Is there an internal training program? A company must adequately screen their customers and transactions. Is there a record of screening? Is it adequate? Your company must meet the compliance program’s Record keeping requirements. Is recordkeeping requirement kept? The existence and operation of an internal audit system for reporting Export violations must be in place. Is there a program to report mistakes/export violations? copyright c.m. key 2018

9

N

BACK initial/date


Your company must keep on file the documented results of Internal/External reviews or audits. Is there a record of audits and results? Proof of remedial activity that has been taken in response to Export violations. What action was taken where violations occurred?

Refer back to page 5. Record Findings to above questions and overall assessment.

U.S. DEPARTMENT OF COMMERCE BUREAU OF INDUSTRY & SECURITY OFFICE OF EXPORTER SERVICES EXPORT MANAGEMENT & COMPLIANCE DIVISION www.bis.doc.gov

EXPORT MANAGEMENT & COMPLIANCE PROGRAM

Audit Module: copyright c.m. key 2018

10

BACK


Self-Assessment Tool July, 2011 Introduction This is a tool created for exporters to aid in the development of an Export Management and Compliance Program. It may be used to create a new program or to assess whether internal controls have been implemented within an existing program with the purpose of eliminating common vulnerabilities found in export compliance programs. Each company has unique export activities and export programs; therefore, this is an example to build upon and does not include ALL Export Administration Regulations restrictions and prohibitions. This tool is a combination of best compliance practices implemented by U.S. companies, auditing practices, and Export Administration Regulations requirements. Methodology An effective EMCP consists of many processes that connect and intersect. The connections and intersections must be planned, and then, clear directions must be given to those who are to follow the rules of the program. Without maps (instructions), chances are that personnel will all go in their own directions, leaving them vulnerable to getting lost on the way and chancing that key connections are missed, resulting in violations of the intended rules of the program. To use this self-assessment, first look to see if your program includes written instructions that create the connections and intersections needed to maintain compliance. BACK Within the self-assessment columns, “Y/N/U” stands for Yes/No/Uncertain or Indeterminate. PRE-AUDIT CHECKLIST • Identify business units and personnel to be audited. • Send e-mail notification to affected parties. • Develop a tracking log for document requests. • Prepare audit templates such as interview questions, transactional review checklist, audit report format, etc. • Each business unit should provide their written procedures related to export compliance before the audit. • Personnel at all levels of the organization, management and staff, should be interviewed to compare written procedures with actual business practices. • Identify gaps and inconsistencies.

POST-AUDIT CHECKLIST • Write draft audit report. - Executive Summary [Purpose, Methodology, Key Findings] - Findings and Recommendations [Organize in Priority Order] - Appendices [Interview List, Document List, Process Charts] • Conduct post-audit briefing for affected business units to discuss audit findings and recommendations. Provide draft report. This is an opportunity for business units to address inaccuracies in report. • Obtain commitment from business units for corrective action. Include in audit report. • Brief executive management on audit findings and recommendations. copyright c.m. key 2018 11


• Track corrective actions. Within the year, audit corrective actions.

BACK Initials ______ Date ____________ Comments

ELEMENT 1: Management Commitment

Y Is management commitment communicated on an ongoing basis by: Company publications? Company awareness posters? Daily operating procedures? Other means, e.g., bulletin boards, in meetings, etc.? Does management issue a formal Management Commitment Statement that communicates clear commitment to export controls? Is the formal Statement distributed to all employees and contractors? Who is responsible for distribution of the Statement? Is there a distribution list of those who should receive the Statement? What method of communication is used (letter, email, intranet, etc.)? Does the distribution of the Statement include employee signed receipt and personal commitment to comply? Is the formal Statement from current senior management communicated in a manner consistent with management priority correspondence?

copyright c.m. key 2018

12

N

U


Does the formal Statement explain why corporate commitment is important from your company’s perspective? Does the formal Statement contain a policy statement that no sales will be made contrary to the Export Administration Regulations? Does the formal Statement convey the dual-use risk of the items to be exported?

BACK Initials ______ Date ____________ Comments

ELEMENT 1: Management Commitment

Y Does the formal Statement emphasize End-Use/End-User prohibitions? Proliferation activities of concerns: Nuclear? Certain Rocket Systems and Unmanned Air Vehicles? Chemical and Biological Weapons?

Does the formal Statement contain a description of penalties applied in instances of compliance failure? Imposed by the Department of Commerce? Imposed by your company?

Does the formal Statement include the name, position, and contact information, such as: e-mail address & telephone number of the person(s) to contact with questions concerning the legitimacy of a transaction or possible violations?

What management records will be maintained to verify compliance with procedures and processes (including the formal Statement)? Who is responsible for keeping each of the management records? How long must the records be retained? Where will the records be maintained?

copyright c.m. key 2018

13

N

U


In what format will the records be retained? Are adequate resources (time, money, people) dedicated to the implementation and maintenance of the EMCP? Is management directly involved through regularly scheduled meetings with various units responsible for roles within the EMCP? Is management involved in the auditing process?

BACK Initials ______ Date ____________ Comments

ELEMENT 1: Management Commitment

Y Has management implemented a team of EMCP managers who meet frequently to review challenges, procedures and processes and who serve as the connection to the employees who perform the EMCP responsibilities?

Does the Statement describe where employees can locate the EMCP Manual (on the company intranet or specific person and location of hard copies)?

Are there written procedures to ensure consistent, operational implementation of this Element? Is a person designated to update this Element, including the Management Commitment Statement, when management changes, or at least annually? (Note in comments the name of the person.)

Who are other employees who are held accountable for specific responsibilities under this Element? For example: Company Official charged with EMCP oversight and ongoing commitment to the program. Management Team Members who are responsible for connecting with all responsible employees in the EMCP. Persons charged with ensuring the EMCP is functioning as directed by management.

copyright c.m. key 2018

14

N

U


If the primary responsible person is unable to perform the responsibilities, is a secondary person designated to backup the primary designee? (If not, is a procedure in place to eliminate vulnerabilities of an untrained person proceeding with tasks that might lead to violations of the EAR?)

Do responsible persons understand the interconnection of their roles with other EMCP processes and where they fit in the overall export compliance system?

BACK Initials ______ Date ____________ Comments

ELEMENT 1: Management Commitment

Y Is the message of management commitment conveyed in employee training through: Orientation programs? Refresher training? Electronic training modules? Employee procedures manuals? Other?

Is management involved in EMCP training to emphasize management commitment to the program?

Determination:

copyright c.m. key 2018

15

N

U


BACK ELEMENTS 2 & 5: Risk Assessment & Cradle-to-Grave Export Compliance Security & Screening

Initials ______ Date ____________ Comments Y

Are there written procedures for ensuring compliance with product and country export restrictions? Do procedures include reexport guidelines or any special instructions? Is there a written procedure that describes how items are classified under ECCNs on the CCL? A. Does a technical expert within the company classify the items? B. If your company does not manufacture the item, does the manufacturer of the item classify it? C. Is there a written procedure that describes when a classification will be submitted to BIS and who will be responsible? D. Is there a written procedure that describes the process for seeking commodity jurisdiction determinations?

Is an individual designated to ensure that product/country license determination guidance is current and updated? Is there a distribution procedure to ensure all appropriate users receive the guidance and instructions for use? Is there a list that indicates the name of the persons responsible for using the guidance? Is a Matrix or Decision Table for product/country license determinations used? Are the instructions provided easily understood and applied? Do the instructions provided specify who, when, where, and how to check each shipment against the matrix? Does the matrix/table display ECCNs and product descriptions? Appropriate shipping authorizations, License Required, License Exception (specify which), or NLR? Does the matrix communicate License Exception parameters/restrictions?

copyright c.m. key 2018

16

N

U


Are license conditions and restrictions included within the matrix/table? Does the matrix/table cross reference items to be exported with license exceptions normally available (based on item description and end destination)?

.

BACK ELEMENTS 2 & 5: Risk Assessment & Cradle-to-Grave Export Compliance Security & Screening

Initials ______ Date ____________ Comments Y

Does the matrix/table clearly define which license exceptions are normally available for each item (also clearly state which license exceptions may not be used due to General Prohibitions)? Are embargoed destinations displayed? Is country information in the table up-to-date? Are item restrictions displayed? (i.e., technical parameter limitations, enduser limitations) Is the matrix automated? Is a person designated for updating the tool? Are reporting prompts built into the matrix/table? Are Wassenaar reports required? Does the matrix/table denote when they are required? Is the matrix manually implemented? If so, is a person designated to update the tool? Is there a “hold� function to prevent shipments from being further processed, if needed? Is there a procedure to distribute and verify receipt of license conditions? Is there someone designated to distribute and follow-up with acknowledgment verification? Is there a response deadline defined when conditions are distributed?

copyright c.m. key 2018

17

N

U


BACK ELEMENTS 2 & 5: Risk Assessment & Cradle-to-Grave Export Compliance Security & Screening

Initials ______ Date ____________ Comments Y

N

U

Are there written procedures to ensure that checks and safeguards are in place within the internal process flows, and are there assigned personnel responsible for all checks? Is the order process and all linking internal flows displayed visually in a series of flow charts? Is there a narrative that describes the total flow process? Are the following checks included in the internal process?

• Pre-order entry screen checks performed (i.e., know your customer red flags)

• Denied Persons

• Entity List

• Unverified List

• Specially Designated Nationals List

• Boycott language

• Nuclear End-Uses

• Certain Rocket Systems and Unmanned Air Vehicles End-Uses

• Chemical and Biological Weapons End-Uses

• Product/Country Licensing Determination

• Diversion Risk Check Do the order process and other linking processes include a description of administrative control over the following documents: Shipper’s Export Declarations (SED)/AES Records, Shipper’s Letter of Instruction (SLI)? Airway bills (AWB) and/or Bills of Lading, Invoices?

copyright c.m. key 2018

18


Does the procedure explain the order process and other linking processes from receipt of order to actual shipment? Does the procedure include who is responsible for each screen/check throughout the flow? Does the procedure describe when, how often, and what screening is performed? Are hold/cancel functions implemented?

BACK ELEMENTS 2 & 5: Risk Assessment & Cradle-to-Grave Export Compliance Security & Screening

Initials ______ Date ____________ Comments Y

N

U

Does the procedure clearly indicate who has the authority to make classification decisions? Are supervisory or EMCP Administrator sign-off procedures implemented at high risk points? Does the company have an on-going procedure for monitoring compliance of consignees, end-users and other parties involved in export transactions? Determination:

ELEMENTS 2 & 5: Risk Assessment & Cradle-to-Grave Export Compliance Security & Screening Review orders/transactions against the Denied Persons List (DPL) Is there a written procedure to ensure screening of orders/shipments to customers covering servicing, training, and sales of items against the DPL? Are personnel/positions identified who are responsible for DPL screening (consider domestic and international designee)?

Is there a procedure to stop orders if a customer and/or other parties are found on the DPL?

copyright c.m. key 2018

19

Initials ______ Date ____________ Comments Y

N

U


Is there a procedure to report all names of customers and/or other parties found on the DPL?

Do the procedures include a process for what is used to perform the screening, and if distribution of hard copies is required, who is responsible for their update and distribution?

Is the DPL checked against your customer-base? A.) Are both the customer name and principal checked? B.) Is there a method for keeping the customer-base current? C.) Is there a method for screening new customers? Is the DPL checked on a transaction-by-transaction basis? A.) Is the name of the ordering party’s firm and principal checked? B.) Is the end-user’s identity available? If so, is a DPL check done on the end-user C.) Is the check performed at the time an order is accepted and/or received? D.) Is the check performed at the time of shipment? E.) Is the check performed against backlog orders when a new or updated DPL is published?

Does documentation of screen (whether hard copy or electronic signature) include: A.) Name of individuals performing the checks? B.) Dates screen-checks performed? C.) Date of current denied person’s information used to perform the check? D.) Is the date of the DPL used to check the transaction documented? Is it current?

copyright c.m. key 2018

20

BACK


Are other trade-related sanctions, embargoes, and debarments imposed by agencies other than the Department of Commerce checked?

BACK

A.) Department of Treasury (Office of Foreign Assets Control): 1.) Specially Designated Terrorists? 2.) Specially Designated Nationals and Foreign Terrorist Organizations? B.) Department of State: 1.) Trade-related sanctions (Bureau of Politico-Military Affairs)? 2.) Suspensions & debarments (Center for Defense Trade, Office of Defense Trade Controls)?

Are domestic transactions screened against the DPL? Determination:

ELEMENTS 2 & 5: Risk Assessment & Cradle-to-Grave Export Compliance Security & Screening Diversion Risk Profile (DRP) See EAR Part 732, Supplements 1 & 3

Y

Are there procedures to screen orders for diversion risk red flag indicators? Is a checklist used based upon the red flag indicators? Does the written screening procedure identify the responsible individuals who perform the screen checks? Is the DRP considered at all phases of the order processing system? Is a transaction-based DRP performed? Is a customer-based DRP performed? Is a checklist documented and maintained on file for each and every order? Is a checklist documented and maintained on file in the customer profile?

copyright c.m. key 2018

Initials ______ Date ____________ Comments

21

N

U


Is the customer base checked at least annually against the red flag indicators or when a customer’s activities change? General Prohibition 6 - Prohibits export/reexports of items to embargoed destinations without proper license authority. Are embargoeddestinations prohibitions communicated on the product/country matrix and part of the red flag indicators?

BACK

General Prohibition 10 - Prohibits an exporter from proceeding with transactions with knowledge that a violation has occurred or is about to occur. Is there anything that is suspect regarding the legitimacy of the transactions? Determination:

ELEMENTS 2 & 5: Risk Assessment & Cradle-to-Grave Export Compliance Security & Screening

Initials ______ Date ____________ Comments

Prohibited nuclear end-uses/users, EAR, Section 744.2 Y Are there written procedures for reviewing exports and reexports of all items subject to the EAR to determine, prior to exporting, whether they might be destined to be used directly or indirectly in any one or more of the prohibited nuclear activities? Are personnel/positions identified who are responsible for ensuring screening of customers and their activities against the prohibited enduses? Does the procedure describe when the nuclear screen should be performed? A.) Is your nuclear screen completed on a transaction-by-transaction basis? B.) Is the screen conducted against an established customer base? If yes, is there a procedure for screening each new customer before the new customer is added to that customer base? C.) Is the nuclear screen completed before a new customer is approved? Is there a list of all employees responsible for performing nuclear screening?

copyright c.m. key 2018

22

N

U


Does the check include documentation with the signature/initials of the person performing the check, and the date performed, to verify consistent operational performance of the check? Is the customer base checked and the check documented at least annually in the Customer Profiles? (See EMCP Guidelines, Diversion Risk Screen).

BACK

Is it clear who is responsible for the annual check? Is there a procedure to verify that all responsible employees are performing the screening? Are nuclear checklists (and/or other tools) distributed to appropriate export-control personnel for easy, efficient performance of the review?

Have export/sales personnel been instructed on how to recognize situations that may involve prohibited nuclear end-use activities? Does the procedure include what to do if it is known that an item is destined to a nuclear end-use/user?

Determination:

ELEMENTS 2 & 5: Risk Assessment & Cradle-to-Grave Export Compliance Security & Screening Rocket Systems & Unmanned Air Vehicles Prohibited missile end-uses/users, EAR, Section 744.3 Are there written procedures for reviewing exports and reexports of all items subject to the EAR to determine, prior to exporting, whether the items are destined for a prohibited end-use? Are personnel/positions identified who are responsible for ensuring screening of customers and their activities against the prohibited end-users/users?

Does the procedure describe when the missile systems and unmanned air vehicles screen should be performed? Does the procedure include a check against the Entity List?

copyright c.m. key 2018

23

Initials ______ Date ____________ Comments Y

N

U


If yes, is there a procedure to maintain documented Entity List screen decisions on file to verify consistent operational review? A.) Is your rocket/UAV screen completed on a transaction-by-transaction basis? B.) Is the screen conducted against an established customer base? If yes, is there a procedure for screening each new customer before the new customer is added to that customer base? C.) Is the rocket/UAV screen completed before the new customer is approved?

BACK

Does the check include documentation with the signature/initials of the person performing the check, and the date performed, to verify consistent operational performance of the check? Is the customer base checked and the check documented at least annually in the Customer Profiles? Is it clear who is responsible for the annual check? Is there a list of all employees responsible for the annual check? Is there a procedure to verify that all responsible employees are performing the screening? Are missile systems and unmanned air vehicles checklists (and/or other tools) distributed to appropriate export-control personnel for easy, efficient performance of the review?

Have export/sales personnel been instructed on how to recognize prohibited missile systems and unmanned air vehicles end-use activities? Does the procedure include what to do if it is known that an item is destined to a prohibited enduse/user? Determination:

ELEMENTS 2 & 5: Risk Assessment & Cradle-to-Grave Export Compliance Security & Screening Prohibited chemical & biological weapons (CBW) end-uses/users, EAR, Section 744.4 Are there written procedures for reviewing exports and reexports of all items subject to the EAR for license requirements, prior to exporting, if the item can be used in the design, development, production, stockpiling, or use of chemical or biological weapons? Are personnel/positions identified who are responsible for ensuring screening of customers and their activities against the prohibited enduse/users? copyright c.m. key 2018

24

Initials ______ Date ____________ Comments Y

N

U


Does the procedure describe when the chemical & biological weapons screen should be performed? A.) Is your chemical & biological weapons screen completed on a transaction-by-transaction basis? B.) Is the screen conducted against an established customer base? If yes, is there a procedure for screening each new customer before the new customer is added to that customer base? C.) Is your chemical & biological weapons screen completed before the new customer is approved?

BACK

Does the check include documentation with the signature/initials of the person performing the check, and the date performed, to verify consistent operational performance of the check? Is the customer base checked and the check documented at least annually in the Customer Profiles? Is it clear who is responsible for the annual check? Is there a list of all employees responsible for performing chemical & biological weapons screening? Is there a procedure to verify that all responsible employees are performing the screening? Are chemical & biological weapons checklists (and/or other tools) distributed to appropriate export-control personnel for easy, efficient performance of the review? Have export/sales personnel been instructed on how to recognize prohibited chemical & biological weapons end-use activities? Does the procedure include what to do if it is known that an item is destined to a prohibited end-use/user? Determination:

ELEMENTS 2 & 5: Risk Assessment & Cradle-to-Grave Export Compliance Security & Screening Review orders/transactions against Antiboycott Compliance Red Flags. Is there a written procedure to screen transactions and orders/shipping documents for restrictive trade practice or boycott language included in Part 760 of the EAR? Are personnel/positions identified who are responsible for performing this screen? Is the antiboycott screening performed by using a profile check list?

copyright c.m. key 2018

25

Y

N

U

Initials ______ Date ____________ Comments


Does the checklist include the following: A.) The firm’s name? (as “Consignee”) B.) Name/initials of personnel performing the screen check? C.) Date screen check is performed? Is there a procedure to “hold” orders if there is a red flag during the processing of orders? Is a person designated to resolve red flags or report them to the BIS Office of Antiboycott Compliance?

BACK

Have all units that might possibly come into contact with the red flags been trained to identify the red flags? Are antiboycott red flags included in training materials? Determination:

ELEMENTS 2 & 5: Risk Assessment & Cradle-toGrave Export Compliance Security & Screening

Y

Review customers & other parties against the Entity List. Is there a written procedure to screen transactions against the Entity List to determine whether there are any license requirements in addition to normal license requirements for exports or reexports of specified items to specified endusers, based on BIS’ determination that there is an unacceptable risk of use in, or diversion to, prohibited proliferation activities?

Is the screening documented, including the following? A.) The firm’s name? B.) Names/initials of individuals performing the check? C.) Date checks are performed? D.) Is screen check combined and performed with another check (e.g., Denied Persons List check)?

Is the Federal Register monitored daily for the addition of new entities to the Entity List?

copyright c.m. key 2018

26

N

U

Initials ______ Date ____________ Comments


If matches occur, is there a “hold� function implemented within the order processing system that stops the order until a decision is made as to license requirements? Determination:

BACK

ELEMENT 3: A Formal Written EMCP Y

Are there written procedures that describe how information will flow among all the Elements to help ensure EMCP effectiveness and accountability? Is the written EMCP developed and maintained with input from all the corporate stakeholders in the export process? Do the written procedures clearly describe detailed step-by-step processes that employees are expected to follow, and are contingencies addressed? Are the written procedures reviewed for update at least annually and when major changes occur? Are the written and operational procedures consistent? Has an Administrator been designated for oversight of the EMCP? Is there a table that identifies individuals, their positions, addresses, telephone numbers, e-mail addresses, and their respective export transaction and compliance responsibilities? Does it include all domestic sites? Does it include all international sites?

Is a person designated as responsible for management and maintenance of this Element? Is a person assigned responsibility for distribution of information related to this Element? Is a person assigned to retain the records?

copyright c.m. key 2018

27

N

U

Date

Initials ______ ____________ Comments


Is the length of time the records are to be retained included? Is the location of where the records are to be retained included? Is the format of the records to be retained included? If the primary responsible persons are unable to perform the assigned responsibilities, are secondary persons designated to backup the primary designees? Where there are no backup designees, are there procedures in place to prevent untrained/unauthorized personnel from taking action?

Are all EMCP tasks clearly summarized in this Element and consistent with detailed information in other corresponding Elements? Does each employee designated with tasks understand the importance of his/her role related to the overall export compliance system? Do the responsible persons understand how the processes they are responsible for connect to the “next” process? (“...and then what happens next?”) Do all the appropriate personnel have the ability to hold a questionable transaction? Are the necessary systems to allow employees to perform their tasks readily available to them? Is training for understanding and use of the EMCP provided on a regular basis to the necessary employees, and are records of the training kept? Based on an organization chart and assignment of tasks, does it appear that there are conflicts of interest in the chain of command and the tasks to be performed? Determination:

copyright c.m. key 2018

28

BACK


BACK Initials ______ Date ____________ Comments

ELEMENT 4: Training Y Are there written procedures that describe an ongoing program of export transaction/compliance training and education? Do the written procedures clearly describe detailed step-by-step processes that employees are expected to follow? Is a qualified individual designated to conduct training and to update the training materials? (Note in comments the name of the person.) If the primary responsible person is unable to perform the responsibilities, is a secondary person designated to back-up the primary designee? (If not, is a procedure in place to eliminate vulnerabilities of an untrained person proceeding with tasks that might lead to violations of the EAR?)

Is there a schedule to conduct training (including date, time, and place)? Does the training component of the EMCP include what training materials are used (module, videos, and manuals)? Are training materials accurate, consistent and current with operational company policy, procedures and processes? (If not, note in the comments section what corrective actions are needed.) Are attendance logs used for documentation which includes agenda, date, trainer, trainees, and subjects? Is frequency of training defined? Is a list of employees/positions defined who should receive export control/compliance training? Are responsible persons trained to understand the interconnection of their roles with other EMCP processes and where they fit in the overall export transaction/compliance program? Is the list of employees/positions to be trained consistent with other Elements? Is a person identified and responsible for keeping the training records? Is the location of where these training records are to be maintained included? Is the format of how these training records will be maintained noted?

copyright c.m. key 2018

29

N

U


Do training methods include: • Orientation for new employees? • Formal (structured setting, agenda, modules used)? • Informal (less structured basis, verbal, daily, on- the-job exchanges)? • Circulation of written memoranda and e-mails to a small number of personnel, (usually group specific instruction)? • Refresher courses and update sessions scheduled? • Employee desk procedure manuals? • Back-up personnel training?

Does content of training materials include: • Organizational structure of export-related departments and functions? • Message of management commitment - Policy Statement • The role of the EMCP Administrator and Key Contacts? • U.S. export/reexport regulatory requirements? • EMCP Company operating procedures? • The purpose and scope of export controls? • Licenses & Conditions/License Exceptions & parameters? • Regulatory changes and new requirements? • Destination restrictions? • Item restrictions? • End-Use and End-User Prohibitions? • How to perform and “document” screens and checklists? • Various process flows for each element? • New customer review procedures? • Identification and description of non-compliance?

Determination:

copyright c.m. key 2018

30

BACK


ELEMENT 6: Recordkeeping (EAR, Part 762) Y

N

U

Initials ______ Date ____________ Comments

Are there written procedures to comply with recordkeeping requirements?

BACK Do the written procedures clearly describe detailed step-by-step processes that employees are expected to follow? Are all records in each process included in the records maintained?

Are the written procedures reviewed for update at least annually and when significant changes occur? Are the written and operational procedures consistent?

Is there a designated employee responsible for management and maintenance of this Element? Is name and contact information provided? Identify all other employees who are held accountable for specific responsibilities under this Recordkeeping Element? Do the designated employees know who is responsible for the next action to be taken in the process? If the primary responsible person is unable to perform the responsibilities, is a secondary person designated to backup the primary designee? Where there are no backup designees, are there procedures in place to prevent untrained/unauthorized personnel from taking action?

Do employees understand the importance of their roles related to the overall recordkeeping requirement? Do employees have the appropriate budgetary, staff, and supporting resources to perform their responsibilities? Do employees have access to all the appropriate systems, tools, databases, and records to perform their responsibilities and ensure compliance with recordkeeping procedures? Is appropriate and specific training provided regarding this Element?

Is the training included on an annual schedule of employee training?

Have appropriate parties been identified who will retain records? Are names and contact information provided? Has the length of time for record-retention been identified?

copyright c.m. key 2018

31


ELEMENT 6: Recordkeeping (EAR, Part 762) Y

N

U

Initials ______ Date ____________ Comments

Have secure physical and electronic storage locations for records been identified for the retention of records?

BACK Have determinations been made regarding the formats that all of the different types of records will be retained in? Is there a list of records that are to be maintained (see Guidelines and below for checklists)? Does the procedure include a list of records to maintain, including the following: Administrative Records: Commodity Classification records? Commodity Jurisdiction letters? Advisory Opinion letters? Copy of the EMCP BIS 748P, Multipurpose Application Form BIS 748P-A, Item Appendix BIS 748P-B, End-User Appendix BIS 711 Statement by Ultimate Consignee and Purchaser? Electronic version BIS 748P, Simplified Network Application Process (SNAP) ACCN Number? Accompanying attachments, rider or conditions? International Import Certificates? End-user Certificates? License Exception TSR Written Assurance? AES Electronic Filing Authorization? High Performance Computer Records? Transmittal and acknowledgement of license condition Log administering control over use of Export/Reexport license? Is a log maintained to ensure return or commodities previously exported under License Exception TMP? Is a log maintained to ensure License Exception LVS limits are not exceed? Humanitarian Donations GFT Records? Are there instructions for the accurate completion and filing of the following Transaction Records: 1) Commercial Invoices? 2) AES electronic filing authorization? a) Description of items(s) b) ECCN(s) c) License Number d) License Exception Symbols or Exemptions e) Schedule B number(s) 3) Air Waybills and/or Bills of Lading Value of shipments Is there conformity regarding the above documents? Determination

copyright c.m. key 2018

32


ELEMENT 7: Audits/Assessments Y Are written procedures established to verify ongoing compliance? Is there a qualified individual (or auditing group) designated to conduct internal audits? Is there a potential conflict of interest between the auditor and the division being audited? Is there a schedule for audits? Are internal reviews performed annually, every six months, quarterly, etc.?

Is there a step-by-step description of the audit process? Is a standard audit module or self-assessment tool used? If yes, does the audit module or self-assessment tool evaluate: Corporate management commitment in all aspects of the audit not just the Written Policy Statement Element? If yes, does the audit module or self-assessment tool evaluate: Formalized, written EMCP procedures compared to operational procedures? If yes, does the audit module or self-assessment tool evaluate: Accuracy & conformity of export transaction documents by random sampling or 100% verification? If yes, does the audit module or self-assessment tool evaluate: Whether there is a current, accurate product/license determination matrix consistent with the current EAR and Federal Register notices? If yes, does the audit module or self-assessment tool evaluate: Whether correct export authorizations were used for each transaction? If yes, does the audit module or self-assessment tool evaluate: Maintenance of documents, as required in the written EMCP. If yes, does the audit module or self-assessment tool evaluate: Whether internal control screens were performed and documented as required in the EMCP? If yes, does the audit module or self-assessment tool evaluate: Whether there are flow charts of the various processes for each Element?

If yes, does the audit module or self-assessment tool evaluate: What is used to provide verification that the audits were conducted?

copyright c.m. key 2018

33

N

U

Initials ______ Date ____________ Comments

BACK


ELEMENT 7: Audits/Assessments Y

N

U

Initials ______ Date ____________ Comments

If yes, does the audit module or self-assessment tool evaluate: Whether there is a procedure to stop/hold transactions if problems arise?

BACK If yes, does the audit module or self-assessment tool evaluate: Whether all key export-related personnel are interviewed? If yes, does the audit module or self-assessment tool evaluate: Whether there are clear, open communications between all export-related divisions? If yes, does the audit module or self-assessment tool evaluate: Whether there is daily oversight over the performance of export control checks? If yes, does the audit module or self-assessment tool evaluate: Does it include sampling of the completed screens performed during the order processing and/or new (or annual) customer screening?

If yes, does the audit module or self-assessment tool evaluate: Whether export control procedures and the EMCP manual are consistent with EAR changes that have been published? If yes, does the audit module or self-assessment tool evaluate: Whether the company’s training module and procedures are current with EAR and Federal Register notices? Is there a written report of each internal audit? Are there written results of the review? Is the appropriate manager notified, if action is needed? Are spot checks/informal self-assessments performed? Are they documented? Is there evidence of a conflict of interest between the reviewer and the division being reviewed? Are records of past audits maintained to monitor repeated deficiencies? Is there a “best practice� that should be shared with other divisions in the company to improve effectiveness and efficiency of export controls and promote consistency of procedures? Are other departments aware of their export-control-related responsibilities, e.g., legal dept., human resources, information management, etc.? Determination:

copyright c.m. key 2018

34


ELEMENTS 8 & 9: Reporting, Escalation, and Corrective Action Y

N

U

Initials ______ Date ____________ Comments

Are there internal procedures in place to notify management within the company if a party is determined to be in non-compliance? Is contact information provided for each official in the chain?

BACK Does the company policy/guidelines address accountability and consequences for noncompliant activity? Are the appropriate incentives, rewards, requirements, and penalties in place, & is an appropriate business culture of compliance being fostered to facilitate notification of any possible noncompliance? Are there internal procedures in place to notify the appropriate U.S. Government officials (e.g., Export Administration’s Office of Exporter Services (OEXS), Export Enforcement, etc.) when non-compliance is determined?

Has a central corporate point-of-contact been defined for all communications with the U.S.G.? Is the management chain clearly defined for Voluntary Self-Disclosures (VSDs) & are there clear guidelines for VSDs? Do all employees receive export control awareness training (including for potential deemed exports and hand-carry scenarios)? Does this training detail reporting, escalation, and corrective action requirements? Is there a 24-hour mechanism for notifying compliance management of possible export violations or problems? Does the company have an anonymous reporting mechanism for employees?

Do compliance guidelines provide defined criteria for when a formal internal investigation is required? If yes, are the procedures to be followed defined? Are the reporting and documentation requirements defined? Do compliance guidelines include policy and procedures for follow-up reporting to management and the reporting employee? Is there a process for evaluating lessons learned? Determination:

copyright c.m. key 2018

35


PURPOSE: To determine whether Classification risk is acceptable. The completion of this worksheet provides evidence that the five components of internal control: Control Environment, Risk Assessment, Control Activities, Information and Communications, and Monitoring were evaluated. During this phase of the process, an internal control review will be completed and factors for internal control related to an assessment of Risk Exposure including Internal Control Red Flags, Susceptibility, Management Support and Competent Personnel will be considered. The completion of this worksheet provides evidence that these factors were evaluated. All answers must be linked to supporting documentation.

BACK

OBJECTIVES: Section 1 - Internal Control Questions Consolidate information learned about internal control through interviews and document reviews to form a preliminary assessment of internal control before testing. For work paper reference column titled “Is Implementation of Control Supported by Documentation and/or Interviews,” confirm that the control is implemented through: • Interviews and requesting evidence from the company and • Reviews of documents that provide evidence that the company completed the activity. Section 2 - Preliminary Internal Control Assessment Use information consolidated in Section 1 to make a preliminary assessment whether internal control is strong, adequate, weak or nonexistent. Section 3 - Sample sizes Use the Preliminary Assessment of Risk (PAR) Level and the Preliminary Internal Control Assessment to determine the sample size for each sample. Section 4 - Results of Sample Testing Use information in Section 4 to record the results of PAS testing to evaluate whether internal control is effective to provide reasonable assurance of compliance. Section 5 - Risk Opinion Use information in section 1-4 to record the PAS opinion that risk is acceptable or unacceptable

Section 1-Internal Control Questions

Internal Control Comments

Work Paper Reference Is Implementation IC of Control Manual Supported by Documentation Page Yes No Number and/or Interviews?

1. Does the company have formally documented internal control to assure that classification is correctly declared? 2. Does management approve written policies and procedures? 3. Does the company review and update written policies and procedures periodically? 4. Is internal control over classification periodically tested and results documented? (This should include post-entry reviews to verify correctness of classification.) 5. If the company found weaknesses during internal control testing of copyright c.m. key 2018

36


classification, did the company correct internal control procedures and entries when appropriate? 6. Do written internal control procedures assign classification of merchandise to a position rather than an individual? 7. Does one individual have authority to ensure that internal control procedures for classification of imports are established and followed by all company departments? 8. Do personnel responsible for classifying merchandise have adequate knowledge and training in classification? 9. Does the company have adequate interdepartmental communication about classification? 10. Does the company have procedures to request Customs assistance classifying merchandise when needed and is advice followed when given (e.g., requesting binding rulings)? 11. Does the company identify, analyze, and manage risks related to classification? 12. Has the company identified any risks related to classification and implemented control mechanisms? 13. Do suppliers, engineers, the purchasing department, laboratory and others provide adequate descriptive information to the Import Department to ensure proper classification? 14. Does the company have policies and procedures in place to ensure the proper classification of new items? 15. Does the company maintain product classifications in a database that is provided to brokers and updated when necessary? 16. If the company provides the broker with the classification is the broker required to obtain company concurrence prior to making classification changes? 17. Does the company provide adequate broker oversight of classification issues? 18. List company-specific procedures below (if applicable)

Section 2 - Preliminary Internal Control Assessment Use information obtained in section 1 above to make a preliminary assessment of internal control as strong, adequate, weak, or nonexistent. Strong Adequate Weak None *Internal Control * If the team concludes that the company does not have internal control, risk is not acceptable so proceed to Section 5 below.

copyright c.m. key 2018

37


Section 3 Sample Sizes Use the matrix for determining Extensiveness of Audit Tests in section 3.3 of TIPS to determine the extensiveness of audit tests to confirm that internal control is effective. Multiple samples are possible. Samples and sample items should concentrate on risk. Determining Extensiveness of Audit Tests Risk + System of Exposure Internal Controls

BACK =

Extensiveness of Audit Test

Testing Limit

High

Weak Adequate Strong

High Moderate to High Low to Moderate

Moderate

Weak Adequate Strong

Moderate to High Moderate Low

5–15

Low

Weak Adequate Strong

Low to Moderate Low Very Low

1–10

10–20

Section 4 - Results of Sample Testing Use the results of sample testing to determine if internal control is effective.

Results of Testing Is IC effective to provide reasonable assurance to preclude significant risk?

Yes or No

Section 5 - Risk Opinion Use the information developed in Sections 1-4 to record the PAS opinion that risk is acceptable or unacceptable.

Risk Opinion Acceptable

copyright c.m. key 2018

Yes or No

Comments

38


OBJECTIVES: VALUE Section 1 - Internal Control Questions BACK Consolidate information learned about internal control through interviews and document reviews to form a preliminary assessment of internal control before testing. For work paper reference column titled “Is Implementation of Control Supported by Documentation and/or Interviews,” confirm that the control is implemented through: • Interviews and requesting evidence from the company and • Reviews of documents that provide evidence that the company completed the activity. Section 2 - Preliminary Internal Control Assessment

Use information consolidated in Section 1 to make a preliminary assessment whether internal control is strong, adequate, weak or nonexistent. Section 3 - Sample sizes Use the Preliminary Assessment of Risk (PAR) Level and the Preliminary Internal Control Assessment to determine the sample size for each sample. Determining Extensiveness of Audit Tests Risk + System of = Extensiveness Testing Exposure Internal Controls of Audit Test Limit

High

Weak Adequate Strong

High Moderate to High Low to Moderate

Moderate

Weak Adequate Strong

Moderate to High Moderate Low

5–15

Low

Weak Adequate Strong

Low to Moderate Low Very Low

1–10

10–20

Section 4 - Results of Sample Testing Use information in Section 4 to record the results of PAS testing to evaluate whether internal control is effective to provide reasonable assurance of compliance. Section 5 - Risk Opinion Use information in section 1-4 to record the PAS opinion that risk is acceptable or unacceptable

Section 1-Internal Control Questions

Internal Control

Work Paper Reference Is Implementation IC of Control Manual Supported by Documentation Page and/or Interviews? Yes No Number Comments

1.Does the company have formally documented internal control to assure that the value of imports is properly declared? 2.Does management approve written policies and procedures? 3.Does the company review and copyright c.m. key 2018

39


update written policies and procedures periodically? 4.Is internal control of value periodically tested and results documented? (This should include post-entry reviews to verify value was properly declared.) 5.If the company found weaknesses during internal control testing on declared value, did the company correct internal control procedures and entries when appropriate? 6.Do written internal control procedures assign duties for ensuring the accuracy of declared value to a position rather than a person? 7.Does one individual have authority to ensure that internal control procedures are established and followed by all company departments? 8.Do personnel responsible for ensuring the accuracy of declared value have adequate knowledge and training in Customs valuation? 9.Does the company have adequate interdepartmental communication about Customs value? 10.Does the company have procedures to obtain Customs assistance for value issues when needed and is advice followed when given (e.g., requesting binding rulings)? 11.Does the company identify, analyze, and manage risks related to value? 12.Has the company identified any risks related to value and implemented control mechanisms? 13.Does the company have procedures to ensure pro forma invoices are reconciled to actual invoices and corrections are reported to Customs? 14.Does the company have procedures to link specific purchase orders, invoices, and payment records to Customs entry numbers? 15.Does the company have procedures to ensure that price actually paid or payable is accurately reported, including: Indirect payments? Quota/visa? Price adjustments? Transportation costs? Currency exchange adjustments? All payments to seller? 16.Does the company have procedures to ensure that additions to price actually paid or payable are included for: Packing? Assists? Proceeds? Royalties? Selling commissions? 17.Do the purchasing department, legal department, engineers and others provide adequate information to the Import Department to ensure value is declared correctly? copyright c.m. key 2018

40


18.Does the company have procedures to ensure that there are no limitations on the use of transaction value? 19.Does the company have procedures to ensure that correct conversion rates are used? 20.Does the company have procedures to ensure that non-dutiable charges are accurately reported? 21.Does the company require the broker to have written approval prior to making changes to value? 22.Does the company provide adequate broker oversight? 23.List company-specific procedures below (if applicable)

copyright c.m. key 2018

41


Automated Export System pdf somewhere40 pages Census

teresa gordon

What is the item Where is it going Who is the End-User What is the End-Use TOC § 736.2 GENERAL PROHIBITIONS AND DETERMINATION OF APPLICABILITY (a) Information or facts that determine the applicability of the general prohibitions The following five types of facts determine your obligations under the ten general prohibitions and the EAR generally: (1) Classification of the item. The classification of the item on the Commerce Control List (see part 774 of the EAR); (2) Destination. The country of ultimate destination for an export or reexport (see parts 738 and 774 of the EAR concerning the Country Chart and the Commerce Control List); (3) End-user. The ultimate end user (see General Prohibition Four (paragraph (b)(4) of this section) and Supplement No. 1 to part 764 of the EAR for references to persons with whom your transaction may not be permitted; see General Prohibition Five (Paragraph (b)(5) of this section) and part 744 for references to end-users for whom you may need an export or reexport license). (4) End-use. The ultimate end-use (see General Prohibition Five (paragraph (b)(5) of this section) and part 744 of the EAR for general end-use restrictions); and (5) Conduct. Conduct such as contracting, financing, and freight forwarding in support of a proliferation project as described in part 744 of the EAR. (b) General prohibitions The following ten general prohibitions describe certain exports, reexports, and other conduct, subject to the scope of the EAR, in which you may not engage unless you either have a license from the Bureau of Industry and Security (BIS) or qualify under part 740 of the EAR for a License Exception from each applicable general prohibition in this paragraph. The License Exceptions at part 740 of the EAR apply only to General Prohibitions One (Exports and Reexports in the Form Received), Two (Parts and Components Reexports), and Three (ForeignProduced Direct Product Reexports); however, selected License Exceptions are specifically referenced and authorized in part 746 of the EAR concerning embargo destinations and in §744.2(c) of the EAR regarding nuclear end-uses. (1) General Prohibition One — Export and reexport of controlled items to listed countries (Exports and Reexports). copyright c.m. key 2018

42


(2) General Prohibition Two - Reexport and export from abroad of foreign-made items incorporating more than a de minimis amount of controlled U.S. content (U.S. Content Reexports). (3) General Prohibition Three — Reexport and export from abroad of the foreignproduced direct product of U.S. technology and software (Foreign-Produced Direct Product Reexports). GP 1-3 are list based – means based on CCL conditions (4) General Prohibition Four (Denial Orders) — Engaging in actions prohibited by a denial order. https://www.bis.doc.gov/index.php/policy-guidance/lists-of-parties-of-concern/deniedpersons-list (5) General Prohibition Five — Export or reexport to prohibited end-uses or end-users (End-Use End-User). Check previous hyperlink lists (6) General Prohibition Six — Export or reexport to embargoed destinations (Embargo). https://bis.doc.gov/index.php/documents/regulation-docs/420-part-746embargoes-and-other-special-controls/file (7) General Prohibition Seven — Support of Proliferation Activities (U.S. Person Proliferation Activity). (8) General Prohibition Eight — In transit shipments and items to be unladen from vessels or aircraft (Intransit). (9) General Prohibition Nine — Violation of any order, terms, and conditions (Orders, Terms, and Conditions). 10) General Prohibition Ten — Proceeding with transactions with knowledge that a violation has occurred or is about to occur (Knowledge Violation to Occur).

RETRIEVE DATA REPORT

TOC

https://www.census.gov/foreign-trade/aes/documentlibrary/bp/aes_bestpractices.html Data Request Information for Customers A best practice for companies involved in export reporting is to conduct an annual audit of their filings. A company is able to request 12 months of data that they filed or that was filed on their behalf free of charge every 365 days. If a company requests more than 12 months of data in a 365-day time period, the company will be charged $125/month for every extra month outside of the twelve. If you are requesting more than 12 months’ worth of data, please make the check payable to Commerce/Census/FTD and send to the address below. When making a data request you must submit a request letter on your company letterhead addressed to: Mr. Joe A. Cortez Chief, Regulations, Outreach, and Education Branch U.S. Census Bureau 4600 Silver Hill Road - Room 6K125 Suitland, MD 20746 (if sent by FedEx) or Washington DC 20233 (Regular Mail) The request must include: • Reason for request (i.e. internal company audit); copyright c.m. key 2018

43


• • •

EIN(s) (company name including company names of its subsidiaries. If the name and the EIN submitted do not match what is in our database, we will not release the information); Indication of whether your company is a USPPI or the Authorized Agent (see Foreign Trade Regulations section 30.6 (a)(1) and 30.6(b)(1)) ; and Contact Information: name, address, phone number, fax number, email address, and signature

The letter can also be faxed to 301-763-8835 (If faxing please fax to the attention of Mr. Joe A. Cortez) but we must receive the original by mail. In addition to the request letter you must also sign and return the Certification of Authority found on the Foreign Trade Division’s website at: Internal Audit is best begun with a copy of the Shipper's Letter of Instructions from you as Exporter. What instructions were provided determines the quality of outcome of filing record. Also signifies level of control. BIS audit if any would look at more than a year probably 3.... https://www.census.gov/foreign-trade/aes/tradesource_jan2017.pdf?eml=gd Export Compliance Tips 101 By Shannon Barley, Survey Statistician, U.S. Census Bureau We all want to follow the rules, right? This article is going to help you stay between the lines in order for you to remain compliant with the Foreign Trade Regulations (FTR) when you are exporting your goods from the United States. Below are several tips to help you on your exporting journey. If you have ever participated in any of the many seminars and Webinars the International Trade Management Division (ITMD) presents, chances are, you have heard one of the speakers say, “DOCUMENT, DOCUMENT, DOCUMENT!” In Section 30.10 of the FTR, it states that all parties to the export transaction are responsible for maintaining documents pertaining to the export shipment for 5 years from the date of export. You can maintain the export documents electronically or in paper form. It is also important that you perform internal audits to stay on top of your exports. There are two ways that you may access Electronic Export Information (EEI) submitted to the Automated Export System (AES). The first way is via your Automated Commercial Environment (ACE) Export Reports. This access is free. Theresa Gordon wrote a great blog about the different types of Export Reports. Instructions for accessing these reports are available here. The second way that you can obtain your EEI is to submit a data request directly to the U.S. Census Bureau. Through this process, companies are able to receive 12 months of their filed EEI every 365 days free of charge. When you are performing your internal audits, you may wonder what you need to do if you find any mistake or if you failed to file the EEI. You are required to make corrections as soon as they are known, as stated in Section 30.9 of the FTR. In addition, if appropriate, you may want to submit a Voluntary Self-Disclosure to the Census Bureau detailing what led to the mistake. Take advantage of the various training opportunities offered by the ITMD to help avoid future violations. Lastly, in order to stay compliant with the FTR, it is ideal to have a sound understanding of the FTR. The Census Bureau has developed several resources for the trade community to utilize. We offer free Webinars on topics, such as filing requirements, how to use ACE, types of export transactions, and much more. Any previously recorded Webinar is accessible on our outreach page. Our Web site contains several other resources, such as our FAQs. These FAQs, along with the Export Compliance Flipper, are great tools to have on hand for both new and experienced employees. After reading through this, I hope you found these tips helpful and your company stays in compliance with export regulations. For more information, visit our Web site or call the copyright c.m. key 2018

44


ITMD at 800-549-0595, option 3 for Regulations or option 5 for Outreach. You can also email Regulations at itmd.askregs@census.gov, or Outreach at itmd.outreach@census.gov.

https://census.gov/newsroom/blogs/global-reach/2017/09/automated_commercial.html Automated Commercial Environment Export Reports… What’s New? Tue Sep 19 2017 Written by: Theresa Gordon, Chief, Trade Outreach Branch, International Trade Management Division With more than 128,000 Automated Commercial Environment (ACE) export reports run since deployment mid-2015 and more than 6,762 reports run during the month of June 2017 alone, it’s evident that the trade community is using the export reports feature in ACE, and its popularity is ever increasing. CENSUS received a lot of positive feedback and information on ACE Export Reports by EIN that helped us improve the utility of the feature, as well as enhance our training resources library. https://www.census.gov/foreign-trade/compliance/aesvetting.html?eml=gd And, here are just a few reminders: The three available reports include: AES 201 (Filer), AES 202 U.S. Principal Party in Interest (USPPI) and AES 203 (Agent-Filed Routed). The AES 201 and AES 202 will initially return a smaller universe of data elements (25). Learn how to add or remove data elements by watching the “Modifying Report Queries” video available on the CBP Export Reports resource page and in the Training Resources area in the ACE Portal. The AES 203 report will only return the handful of data elements that are authorized by the Foreign Trade Regulations. ACE Importer accounts automatically have access to export reports for Employer Identification Numbers (EINs) already vetted by CBP on the import side. ACE Exporter accounts must be vetted by the U.S. Census Bureau. Exporters are able to run comprehensive reports based on their EIN and review the Electronic Export Information that has been filed internally and externally. Authorized agents are able to run reports across the universe of filings they have transmitted, as well as run individual reports at the client level. The benefits of having this type of on-demand access is revolutionary to the export compliance landscape and gives the trade community a powerful auditing capability. We highly recommend that you obtain authorization to access reports if you have not done so already, and if you have access, to explore the functionality that is available to you. Until the next update, happy reporting! P.S. There is even a “Late Filing Indicator” data element that can be added to customized reports … how beneficial is that to your compliance pursuit? AT THIS POINT OBTAIN DATA TO AUDIT EXPORT ACTIVITY!

copyright c.m. key 2018

45


YOU CAN GATHER DATA FROM YOUR RECORDS. This could be more difficult if not organized. Request to Census accesses an existing electronic data base of your activity. With DATA analyze EXPORTS for Records and content of the filing.

Shipper’s Letter of Instruction -START WITH Compare instructions to actual filing.

TOC

Shipper’s Letter of Instruction (SLI) is the exporter’s instruction letter to the freight forwarder. These can be furnished electronically or by paper. Exporter should prepare for each shipment made using a freight forwarder. This document : • Provides written instruction from exporter to forwarder on how shipment is to be handled; • Identifies the attached documents and to whom the docs are to be sent; • States the method of preferred ship,emt and references any quotation freight forwarder has provided; • Furnishes information necessary for AES filing and may authorize authorization to act as forwarding agent for export control and CBP purposes; This is an important document for the shipper since it is the shipper’s written record of information furnished to the forwarder. If the SLI doesn’t contain an informal power of attorney authorizing signature of documents on behalf of exporter for this shipment should be added. Exporter authorizes the forwarder named above to act as forwarding agent for export control and CBP purposes. Authorized Officer or Employee:______________ Export Manager

copyright c.m. key 2018

46


AES RECORD

copyright c.m. key 2018

backTOC

47


BACK TOC USE SED as Shipper’s letter of Instruction or similar form with content

WHILE SED HAS BEEN REPLACED WITH AES, CAN BE USED AS TOOL. copyright c.m. key 2018

48


BACK TOC SLI Instructions (SED Instructions) 1(a) U.S. Principal Party In Interest (USPPI) 1(b) USPPI Employer Identification Number (EIN) or ID Number 1(c) Parties To Transaction 2 Date of Exportation 3 Transportation Reference Number 4(a) Ultimate Consignee 4(b) Intermediate Consignee 5 Forwarding Agent 6 Point (State) of Origin or Foreign Trade Zone (FTZ) Number 7 Country of Ultimate Destination 8 Loading Pier 9 Method of Transportation 10 Exporting Carrier 11 Port of Export 12 Foreign Port of Unloading 13 Containerized 14 Carrier Identification Code 15 Shipment Reference Number 16 Entry Number 17 Hazardous Materials 18 In Bond Code copyright c.m. key 2018

49


19 Routed Export Transaction 20 Schedule B Description of Commodities 21 "D" (Domestic) , "F" (Foreign) or M (Foreign Military Sales) 22 Schedule B Number 23 Quantity (Schedule B Units) 24 Shipping Weight (kilograms) 25 VIN/Product Number/Vehicle Title Number (For used self-propelled vehicles only) 26 Value (U.S. dollars) 27 License No./License Exception Symbol/Authorization 28 Export Control Classification Number (ECCN) 29 Duly authorized officer or employee 30 Signature/Certification 31 Authentication

copyright c.m. key 2018

50


BACK to 49

U. S. Customs = CBP now (ALL BLOCKS CAN BE PROBLEMS) Preparing a Shipper's Export Declaration Form (SED) 7525-V AS SLI INFORMATION TO BE REPORTED ON THE SHIPPER'S EXPORT DECLARATION FORM 7525-V Block Number and Data Required 1(a) U.S. Principal Party In Interest (USPPI) (can be problem) Provide the name and address of the U.S. exporter (U.S. principal party in interest). The USPPI is the person in the United States that receives the primary benefit, monetary or otherwise, of the export transaction. Generally that person is the U.S. seller, manufacturer, order party, or foreign entity. The foreign entity must be listed as the USPPI if in the United States when the items are purchased or obtained for export. Report only the first five digits of the ZIP code. (See ยง 30.4, 30.7) 1(b) USPPI Employer Identification Number (EIN) or ID Number Enter the USPPI's Internal Revenue Service Employer Identification Number (EIN) or Social Security Number (SSN) if no EIN has been assigned. Report the 9-digit numerical code as reported on your latest Employer's Quarterly Federal Tax Return, Treasury Form 941. The EIN is usually available from your accounting or payroll department. If an EIN or SSN is not available a border crossing number, passport number, or a Customs identification number must be reported. (See ยง 30.7(d)(2)) 1(c) Parties To Transaction Indicate if this is a related or non-related party transaction. A related party transaction is a transaction between a USPPI and a foreign consignee, (e.g., parent company or sister company), where there is at least 10 percent ownership of each by the same U.S. or foreign person or business enterprise. 2 Date of Exportation copyright c.m. key 2018

51


Enter the date the merchandise is scheduled to leave the United States for all methods of transportation . If the actual date is not known, report the best estimate of departure. The date format should be indicated by MM/DD/YYYY. BACK TO 49 3 Transportation Reference Number Report the booking number for ocean shipments. The booking number is the reservation number assigned by the carrier to hold space on the vessel for the cargo being shipped. For air shipments the airway bill number must be reported. For other methods of transportation leave blank.

4(a) Ultimate Consignee Enter the name and address of the foreign party actually receiving the merchandise for the designated end-use or the party so designated on the export license. For overland shipments to Mexico, also include the Mexican state in the address. 4(b) Intermediate Consignee Enter the name and address of the party in a foreign country who makes delivery of the merchandise to the ultimate consignee or the party so named on the export license. 5 Forwarding Agent Enter the name and address of the forwarding or other agent authorized by a principal party in interest. 6 Point (State) of Origin or Foreign Trade Zone (FTZ) Number a. If from a FTZ enter the FTZ number for exports leaving the FTZ, otherwise enter the: b. two-digit U.S. Postal Service abbreviation of the state in which the merchandise actually starts its journey to the port of export, or c. State of the commodity of the greatest value, or d. State of consolidation. 7 Country of Ultimate Destination (can be issue) Enter the country in which the merchandise is to be consumed, further processed, or manufactured; the final country of destination as known to the exporter at the time of shipment; or the country of ultimate destination as shown on the export license. Two-digit (alpha character) International Standards Organization (ISO) codes may also be used. 8 Loading Pier (For vessel shipments only) Enter the number or name of the pier at which the merchandise is laden aboard the exporting vessel. copyright c.m. key 2018

52


9 Method of Transportation

BACK to 49

Enter the method of transportation by which the merchandise is exported (or exits the border of the United States). Specify the method of transportation by name, such as, vessel, air, rail, truck, etc. Specify "own power" if applicable.

10 Exporting Carrier Enter the name of the carrier transporting the merchandise out of the United States. For vessel shipments, give the name of the vessel. 11 Port of Export a. For Overland Shipments - Enter the name of the U.S. Customs port at which the surface carrier (truck or railcar) crosses the border. b. For Vessel and Air Shipments - Enter the name of the U.S. Customs port where the merchandise is loaded on the carrier (airplane or ocean vessel) that is taking the merchandise out of the United States. c. For Postal (mail) Shipments - Enter the U.S. Post Office from which the merchandise is mailed. 12 Foreign Port of Unloading For vessel shipments between the United States and foreign countries, enter the foreign port and country at which the merchandise will be unloaded from the exporting carrier. For vessel and air shipments between the United States and Puerto Rico, enter the Schedule C code, "U.S. Customs District and Port Code". 13 Containerized (For vessel shipments only) Check the YES box for cargo originally booked as containerized cargo and for cargo that has been placed in containers at the vessel operator's option. 14 Carrier Identification Code Enter the 4-character Standard Carrier Alpha Code (SCAC) of the carrier for vessel, rail and truck shipments, or the 2- or 3-character International Air Transport Association (IATA) Code of the carrier for air shipments. In a consolidated shipment, if the ultimate carrier is unknown, the consolidators carrier ID code may be reported. The National Motor Freight Traffic Association (703) 838-1831 or www.nmfta.org issues the SCAC's for ocean carriers, trucking companies and consolidators. The American Association of Railroads, Railinc (919) 651-5006 issues the SCAC codes for rail carriers. The International Air Transportation Association (IATA) issues the air carrier codes. The IATA codes are available on the Foreign Trade Division web site under "Air Carrier Codes" at www.census.gov/foreign-trade. 15 Shipment Reference Number

copyright c.m. key 2018

53


Enter the unique reference number assigned by the filer of the SED for identification purposes. This shipment reference number must be unique for five years. For example, report an invoice number, bill of lading or airway bill number, internal file number or so forth. 16 Entry Number

BACK TO 49

Enter the Import Entry Number when the export transaction is used as proof of export for import transactions, such as In-Bond, Temporary Import Bond or Drawback's and so forth. Also, an Entry Number is required for merchandise that is entered as an import (CF 7501 or Automated Broker Interface (ABI) entries) and is then being exported out of the United States. 17 Hazardous Materials Check the appropriate "Yes" or "No" indicator that identifies the shipment as hazardous as defined by the Department of Transportation. 18 In Bond Code Report one of the 2 - character In-Bond codes listed in Part IV of Appendix C of the FTSR (15 CFR Part 30) to include the type of In-Bond or not In-Bond shipment. 19 Routed Export Transaction

BACK TO 50

Check the appropriate "Yes" or "No" indicator that identifies the transaction as a routed export transaction. A routed export transaction is where the foreign principal party in interest authorizes a U.S. forwarding or other agent to export the merchandise out of the United States. 20 Schedule B Description of Commodities (Classification Number ISSUE?) Use columns 22 - 24 to enter the commercial description of the commodity being exported, its schedule B number, the quantity in schedule B units, and the shipping weight in kilograms. Enter a sufficient description of the commodity as to permit verification of the Schedule B Commodity Number or the commodity description as shown on the validated export license. Include marks, numbers, or other identification shown on the packages and the numbers and kinds of packages (boxes, barrels, baskets, etc.) 21 "D" (Domestic) , "F" (Foreign) or M (Foreign Military Sales) a. Domestic exports (D) - merchandise that is grown, produced, or manufactured in the United States (including imported merchandise which has been enhanced in value or changed from the form in which imported by further manufacture or processing in the United States). b. Foreign exports (F) - merchandise that has entered the United States and is being reexported in the same condition as when imported. c. Foreign Military Sales (M) - exports of merchandise that are sold under the foreign military sales program. 22 Schedule B Number (Classification proper number)

copyright c.m. key 2018

54


Enter the commercial description of the commodity being exported and the ten-digit commodity number as provided in Schedule B - Statistical Classification of Domestic and Foreign Commodities Exported from the United States. See item 5 (page 2) for a discussion of not repeating the same Schedule B numbers on the SED. If necessary, the Harmonized Tariff Schedule (HTS) number can be reported on the SED. See the Appendix showing a list of telephone numbers for assistance with Schedule B numbers. 23 Quantity (Schedule B Units) (Can be problem area)

BACK TO 50

Report whole unit(s) as specified in the Schedule B commodity classification code. Report also the unit specified on the export license if the units differ. See the Appendix showing a list of telephone numbers for assistance with units of quantity. 24 Shipping Weight (kilograms) (problem area) (For vessel and air shipment only) Enter the gross shipping weight in kilograms for each Schedule B number, including the weight of containers but excluding carrier equipment. To determine kilograms use pounds (lbs) Multiplied by 0.4536 = kilograms (report whole units.) 25 VIN/Product Number/Vehicle Title Number (For used self-propelled vehicles only) Report the following items of information for used self-propelled vehicles as defined in Customs regulations 19 CFR 192.1: (1) Report the unique Vehicle Identification Number (VIN) in the proper format; (2) Report the Product Identification Number (PIN) for those used self propelled vehicles for which there are no VINs; and (3) the Vehicle Title Number. 26 Value (U.S. dollars)

(Problem area)

Enter the selling price or cost if not sold, including freight, insurance, and other charges to U.S. port of export, but excluding unconditional discounts and commissions (nearest whole dollar, omit cents). The value to be reported on the SED is the exporter's (U.S. principal party in interest) price or cost if not sold, to the foreign principal party in interest. Report one value for each Schedule B number. 27 License No./License Exception Symbol/Authorization (Problem area) Whenever a SED or AES record is required: a. Enter the license number on the SED or AES record when you are exporting under the authority of a Department of Commerce, Bureau of Export Administration (BXA) license, a Department of State, Office of Defense Trade Controls (ODTC) license, a Department of the Treasury, Office of Foreign Assets Control (OFAC) license (enter either the general or specific OFAC license number), a Department of Justice, Drug Enforcement Agency (DEA) permit, or any other export license number issued by a Federal government agency. For the BXA license the expiration date of the license must be entered on the paper version of the SED only. b. Enter the correct License Exception symbol (e.g. LVS, GBS, CIV) on the SED or AES record when you are exporting under the authority of a License Exception. See ยง 740.1, ยง 740.2, and ยง 758.1 of the Export Administration Regulations (EAR). copyright c.m. key 2018

55


c. Enter the "No License Required" (NLR) designator when you are exporting items under the NLR provisions of the EAR: 1. When the items being exported are subject to the EAR but not listed on the Commerce Control List (CCL) (i.e. items that are classified as EAR99); and 2. When the items being exported are listed on the CCL but do not require a license. 28 Export Control Classification Number (ECCN) (REAL Problem area)

BACK 50

Whenever a SED or AES record is required, you must enter the correct Export Control Classification Number (ECCN) on the SED or AES record for all exports authorized under a license or License Exception, and items being exported under the "No License Required" (NLR) provisions of the EAR that are listed on the CCL and have a reason for control other than antiterrorism (AT). 29 Duly authorized officer or employee Provide the signature of the exporter (U.S. principal party in interest) authorizing the named forwarding or agent to effect the export when such agent does not have a formal power of attorney or written authorization. 30 Signature/Certification Provide the signature of the exporter (U.S. principal party in interest) or authorized forwarding or other agent certifying the truth and accuracy of the information on the SED, the title of exporter (U.S. principal party in interest) or authorized agent, the date of signature, the telephone number of the exporter (U.S. principal party in interest) or authorized agent preparing the SED and who can best answer questions for resolving problems on the SED, and the email address of the exporter (U.S. principal party in interest) or authorized agent. 31 Authentication For Customs use only.

copyright c.m. key 2018

56


BRIEF RECAP OF APPLYING CCL TO PRODUCT

See below the CCL List 0-9 also 5 Product Groups Commerce Control List (CCL)

Back148

A key in determining whether an export license is needed from the Department of Commerce is knowing whether the item you intend to export has a specific Export Control Classification Number (ECCN). The ECCN is an alpha-numeric code, e.g., 3A001, that describes the item and indicates licensing requirements. All ECCNs are listed in the Commerce Control List (CCL) (Supplement No. 1 to Part 774 of the EAR) which is available on the Government Printing Office website. The CCL is divided into ten broad categories, and each category is further subdivided into five product groups. Commerce Control List Categories Five Product Groups

0

Nuclear & Miscellaneous

A

1

Materials, Chemicals, Microorganisms and Toxins

Systems, Equipment and Components

B

Test, Inspection and Production Equipment

2

Materials Processing

C Material

3

Electronics

D Software

4

Computers

E Technology

5 Part 1

Telecommunications

5 Part 2

Information Security

6

Sensors and Lasers

7

Navigation and Avionics

8

Marine

9

Aerospace and Propulsion

copyright c.m. key 2018

57


If your item falls under U.S. Department of Commerce jurisdiction and is not listed on the CCL, it is designated as EAR99. EAR99 items generally consist of low-technology consumer goods and do not require a license in many situations. However, if you plan to export an EAR99 item to an embargoed country, to an end-user of concern, or in support of a prohibited end-use, you may be required to obtain a license.

Exporting Basics

Back148

An Introduction to U.S. Export Controls Overview This part is designed to help people who are new to exporting, and, in particular, new to export controls, gain a basic understanding of what they need to do in order to comply with U.S. law. The Bureau of Industry and Security (BIS) is responsible for implementing and enforcing the Export Administration Regulations (EAR) which regulate the export and reexport of dual use items, defined as items that have a civilian application but which can also be used for military or strategic uses such as weapons of mass destruction. The BIS does not control all goods, services and technologies. For example, the U.S. Department of State controls exports of weapons and military related items. A list of other agencies involved in the export control arena can be found on this Web site or in Supplement No. 3 to part 730 of the EAR available on the Government Printing Office Web site. Please note, this summary is designed to help exporters get a general understanding of our regulations and how to use them. However, nothing provided here can substitute for checking the Regulations themselves, which can be found on the Government Printing Office Web site. The regulations include answers to frequently asked questions, detailed step-by-step instructions for determining if a transaction is subject to the regulations, how to request a commodity classification or advisory opinion, and how to apply for a license. In using the EAR, you may want to first look at part 732 for the steps you follow to determine your obligations. To determine whether you need a license, consider, in order, the scope of the EAR in Part 734, classifying your item based on the Commerce Control List in Part 738, the ten general prohibitions in Part 736, and the license exceptions in Part 740. What Is an Export? Any item that is sent from the United States to a foreign destination (e.g., foreign organization or an individual) is an export. This could include sending an item to a foreign embassy in the United States. How an item is transported outside of the United States does not matter in determining export license requirements. For example, an item can be sent by regular mail or hand-carried on an airplane. A set of schematics can be sent via fax to a foreign destination, software can be downloaded from an Internet site, or technology can be transmitted via e-mail or during a telephone conversation. Regardless of the method used for the transfer, the item is considered an export for export control purposes. An item is also considered an export even if it is leaving the United States temporarily, if it is leaving the United State but is not for sale, or if it is going to a wholly-owned U.S. subsidiary in a foreign country. Even a foreign origin item exported from the United States, transmitted or transhipped through the United States, or being returned from the United States to its foreign country of origin is considered an export. Finally, release of technology or source code subject to the EAR to a foreign national in the United States is "deemed" to be an export to the home country of the foreign national under the EAR. copyright c.m. key 2018

58


How to Determine If You Need a Commerce Export License A relatively small percentage of total U.S. exports and reexports require the submission of an export license application to BIS. License requirements are dependent upon an item's technical characteristics, the destination, the end use, and the end user. When determining whether a license is required for your export, consider: 1. What you are exporting; 2. Where your export is going; 3. Who will receive your export; and 4. What will your export be used for. 1. What are you exporting?

Back148

A key in determining whether an export license is needed from BIS is knowing whether the item you are intending to export is on the Commerce Control List. The first step in making this determination is to "classify" your item- that is, finding its place on the Commerce Control List (See page 4269). The proper classification of your item is essential in determining any licensing requirements under the Export Administration Regulations. You can classify the item on your own, ask BIS for assistance by sending a request for a commodity classification through BIS's automated Simplified Network Application Process - SNAP, or by sending a written request to: By mail: Office of Exporter Services P.O. Box 273 Washington, D.C. 20044 By courier: Office of Exporter Services Room 2705 14th & Pennsylvania Ave., N.W. Washington, D.C. 20230

The Export Control Classification Number The key to classifying your item is the Export Control Classification Number (ECCN). ECCNs are listed in the Commerce Control List (Supplement No. 1 to Part 774 of the EAR) which is available on the Government Printing Office Web site. In order to determine the ECCN for your item you will first need to determine in which of the ten broad categories (see next page) your item is included and then dig deeper into the category to identify the specific ECCN. The ECCN is an alpha-numeric code, e.g., 3A001, that describes a particular item or type of item, and shows the controls placed on that item.

copyright c.m. key 2018

59


copyright c.m. key 2018

60


CONTROLS

AT Anti-Terrorism

Back148

CB Chemical & Biological Weapons CC Crime Control EI Encryption Items MT Missile Technology NS National Security NP Nuclear Nonproliferation RS Regional Stability SI Significant Items SS Short Supply UN United Nations XP Computers The Commerce Control List (CCL) Once you have classified the item, the next step is to start determining whether you need an export license. This is done by comparing the CCL with the Country Chart. The CCL and the Country Chart (Supplement No. 1 to part 738 which is available on the Government Printing Office Web site) taken together, define the items subject to export controls based solely on the technical parameters of the item and the country of ultimate destination. Below the main heading for each ECCN entry on the CCL, you will find the "Reason for Control" e.g., for National Security (NS), Anti-Terrorism (AT), etc. (See the sample entry provided here) and the "Country Chart" designation which shows the specific export control code(s) applied to your item (e.g., NS Column 2, AT Column 1, etc.). These specific control codes must be crossreferenced against the Commerce Country Chart.

crime

copyright c.m. key 2018

61


If Your Item is Not on the Commerce Control List

Back148

If your item does not appear anywhere on the CCL, you should check to see if it could be controlled for export by one of the other federal agencies. If your item falls under U.S. Department of Commerce jurisdiction and is not listed on the CCL, it will be classified as EAR99 (see page 3336 as an example) and, to most destinations will not require a license. The designation "NLR," which stands for "no license required," may be used for these exports. However, if you are exporting an EAR99 item to an embargoed country, to a prohibited end user, or in support of a prohibited end-use, you may be required to obtain a license. 2. Where are you exporting? The country of ultimate destination for an export or reexport also determines the licensing requirements. Different countries present different national security, nonproliferation, or foreign policy considerations and therefore may be treated differently. Although a relatively small percentage of exports and reexports require an application for an export license, virtually all exports to embargoed destinations and countries designated as supporting terrorist activities require a license. These countries include Cuba, Iran, Iraq, Libya, North Korea, Sudan, Syria, and the Taliban controlled areas of Afghanistan. Part 746 of the EAR describes embargoed destinations and refers to certain additional controls imposed by the Office of Foreign Assets Control of the Treasury Department. How to cross-reference the ECCN against the Commerce Country Chart

Back148

Once you know your ECCN and the Reasons for Control, you should cross-reference the information against the Country Chart (see example above). Countries are listed in alphabetical order down the left-hand side of the chart, by row. Control codes are listed along the top of the chart, by column. Find the country to which you are exporting, then read across the row to where that country intersects with the control code column(s) specified under your ECCN. If there is an "X" in the specified control code column(s) for that country, you are required to obtain an export license prior to export. Unlike the example shown above, if there is no "X" in ANY of the control code columns specified under your ECCN, you do not need an export license (unless you are exporting to a prohibited end user or end use) and you may export under the designation "No License Required" (NLR) provisions of the EAR. Additional Examples on how to cross-reference the ECCN Controls against the Commerce Country Chart are at the end of this document. copyright c.m. key 2018

62


3. Who will receive your item? The ultimate end user of your item cannot be an inappropriate/prohibited end user. Certain individuals and organizations are prohibited from receiving U.S. exports. You will need to request authorization to export, regardless of your item, if you want to export to an end user on one of the following list. Denied Persons List-EAR Part 764, Supplement 2 - A list of individuals and organizations who have had their export privileges suspended either for violating export controls or posing a risk of violation. Note that some of the parties on this list are located within the United States. If you believe one of these parties wants to buy your product in order to export it you should report this to BIS's Office of Export Enforcement. (See case example) If you have questions about the Denied Persons List, you may contact BIS's Office of Enforcement Analysis at (202) 482-4255. Entity List - EAR Part 744, Supplement 4 - A list of organizations involved in the proliferation of weapons of mass destruction. Treasury Department Specially Designated Nationals and Blocked Persons List - EAR Part 764, Supplement 3 - A list maintained by the Department of Treasury's Office of Foreign Assets Control comprising individuals and organizations deemed to represent restricted countries or known to be involved in terrorism and narcotics trafficking. You may also wish to check the Unverified List found on this BIS Web site.

4. What will your item be used for? The ultimate end use of your item cannot be an inappropriate/prohibited end use. The item you are exporting determines whether you will need an export license. Some end uses are prohibited while others may require a license. For more information on prohibited end uses, please refer to Part 744 of the EAR which is available on the Government Printing Office Web site.

Authorizations to Export

Back148

There are two types of authorization to export: A. Export License If your item requires a license to be exported, you must apply to the BIS for an export license. If your application is approved, you will have a license number and expiration date to use for your shipping documents. A Department of Commerce issued export license is usually valid for two years. B. License Exception If cross-referencing the ECCN against the Commerce Country Chart shows a license requirement, represented by an "X" to the country of destination, you may still be eligible to export without a license by using a license exception. License exceptions are set forth in Part 740 of the EAR and are authorizations to export or reexport commodities, technologies, or software under certain conditions. A license exception gives you the authority to ship certain items subject to the EAR that would otherwise require a license. Although you are not required to submit a license application, you must still meet all the terms of the license exception found in part 740 of the EAR. By using a license exception, you certify you have met copyright c.m. key 2018

63


RECORDS TO BE REVIEWED WITH/AGAINST AES RECORD COPY. BACK TOC 772 Definitions Export Control Documents Export control document. A license; application for license; any and all documents submitted in accordance with the requirements of the EAR in support of, or in relation to, a license application; application for International Import Certificate; Delivery Verification Certificate or similar evidence of delivery; Electronic Export Information (EEI) on the Automated Export System (AES) presented in connection with shipments to any country; a Dock Receipt or bill of lading issued by any carrier in connection with any export subject to the EAR and any and all documents prepared and submitted by exporters and agents pursuant to the export clearance requirements of Part 758 of the EAR; a U.S. exporter's report of request received for information, certification, or other action indicating a restrictive trade practice or boycott imposed by a foreign country against a country friendly to the United States, submitted to the U.S. Department of Commerce in accordance with the provisions of Part 760 of the EAR; Customs Form 7512, Transportation Entry and Manifest of Goods, Subject to Customs Inspection and Permit, when used for Transportation and Exportation (T.& E.) or Immediate Exportation (I.E.); and any other document issued by a U.S. Government agency as evidence of the existence of a license for the purpose of loading onto an exporting carrier or otherwise facilitating or effecting an export from the United States or any reexport of any item requiring a license. 762.2 Records to be Retained (a) Records required to be retained The records, required to be retained, under this part 762 include the following: (1) Export control documents as defined in part 772 of the EAR, except parties submitting documents electronically to BIS via the SNAP-R system are not required to retain copies of documents so submitted; (2) Memoranda; (3) Notes; (4) Correspondence; (5) Contracts; (6) Invitations to bid; (7) Books of account; (8) Financial records; (9) Restrictive trade practice or boycott documents and reports; (10) Notification from BIS of an application being returned without action; notification by BIS of an application being denied; notification by BIS of the results of a commodity classification or encryption review request conducted by BIS; and, (11) Other records pertaining to the types of transactions described in ยง762.1(a) of this part, which are made or obtained by a person described in ยง762.1(b) of this part. ALSO NOTE OFTEN OMITTED IS THE REQUIRED STATEMENT: ยง758.6

DESTINATION CONTROL STATEMENT and Other Information Furnished to Consignees

(a) The exporter must incorporate the following information as an integral part of the commercial invoice whenever items on the Commerce Control List are shipped (i.e., exported in tangible form), unless the shipment (i.e., the tangible export) may be made under License Exception BAG or GFT (see part 740 of the EAR) or the item is designated as EAR99: (1) The following statement: These items are controlled by the U.S. Government and authorized for export only to the country of ultimate destination for use by the ultimate consignee or end-user(s) herein identified. They may not be resold, transferred, or otherwise disposed of, to any other country or to any person other than the authorized ultimate consignee copyright c.m. key 2018

64


or end-user(s), either in their original form or after being incorporated into other items, without first obtaining approval from the U.S. government or as otherwise authorized by U.S. law and regulations and (2) The ECCN(s) for any 9x515 or 600 series items being shipped (i.e., exported in tangible form). Note 1 to paragraph (a). In paragraph (a)(1), the term authorized includes exports, reexports and transfers (in-country) designated under No License Required (NLR). Note 2 to paragraph (a). The phrase country of ultimate destination means the country specified on the commercial invoice where the ultimate consignee or end user will receive the items as an export. Note 3 to paragraph (a): The phrase or as otherwise authorized by U.S. law and regulations is included because the EAR contain specific exemptions from licensing (e.g., EAR license exceptions and NLR designations) and do not control the reexport of foreign-made items containing less than a de minimis amount of controlled content. See ยง 734.4 and Supplement No. 2 to part 748. (b) [Reserved]

copyright c.m. key 2018

65


Title

Date Last Modified

Table of Contents for the EAR

2017-04-24 BACK

Commerce Control List Index

2017-08-15

CCL Categories 0-9

2017-08-15

Category 0 - Nuclear Materials Facilities & Equipment [and Miscellaneous Items] 2018-01-08 Category 1 - Materials Chemicals Microorganisms and Toxins

2017-08-15

Category 2 - Materials Processing

2017-12-27

Category 3 - Electronics Design Development and Production

2017-08-15

Category 4 - Computers

2017-08-25

Category 5 Part 1 - Telecommunications

2017-08-15

Category 5 Part 2 - Information Security

2017-08-15

Category 6 - Sensors and Lasers

2017-08-15

Category 7 - Navigation and Avionics

2017-08-15

Category 8 - Marine

2018-01-08

Category 9 - Aerospace and Propulsion

2017-12-27

Legal Authority for the Export Administration Regulations

2017-06-26

Part 730 - General Information

2017-01-04

Part 732 - Steps for Using the EAR

2017-12-27

Part 734 - Scope of the Export Administration Regulations

2017-12-27

Part 736 - General Prohibitions

2016-03-16

Part 738 - Commerce Control List Overview and the Country Chart

2017-12-27

Supplement No. 1 to Part 738 - Commerce Country Chart

2016-11-04

Part 740 - License Exceptions

2017-12-27

Supplement No. 1 to Part 740 - Country Groups

2016-12-27

Part 742 - Control Policy -- CCL Based Controls

2017-07-07

Part 743 - Special Reporting Requirements

2016-09-20

copyright c.m. key 2018

66


Part 744 - Control Policy: End-User and End-Use Based

2017-07-07

Supplement No. 4 to Part 744 - Entity List

2018-1-29 BACK

Part 745 - Chemical Weapons Convention Requirements

2016-06-07

Part 746 - Embargoes and Other Special Controls

2017-12-27

Part 747 - [RESERVED]

2004-07-30

Part 748 - Application Classification Advisory and License

2017-04-19

Supplement No. 7 to Part 748 - VEU List

2017-10-23

Part 750 - Application Processing Issuance and/or Denial

2017-01-15

Part 752 - [RESERVED]

2015-09-25

Part 754 - Short Supply Controls

2016-05-12

Part 756 - Appeals

2014-01-21

Part 758 - Export Clearance Requirements

2016-11-15

Part 760 - Restrictive Trade Practices or Boycotts

2016-10-14

Part 762 - Recordkeeping

2017-04-19

Part 764 - Enforcement and Protective Measures

2013-10-15

Part 766 - Administrative Enforcement Proceedings

2016-07-22

Part 768 - Foreign Availability Determination Procedures and Criteria

2012-03-12

Part 770 - Interpretations

2016-12-31

Part 772 - Definitions of Terms

2017-08-15

Part 774 - The Commerce Control List

2017-08-15

copyright c.m. key 2018

67

Export Audit  

export audit, export training, export compliance, export compliance audit, export audit seminar, export audit training,

Export Audit  

export audit, export training, export compliance, export compliance audit, export audit seminar, export audit training,