 Courses

 Records

 CEUs

 Support

Ryan Enos
ID 7857684

Introduction to Export
Compliance
University of Connecticut - Storrs & Regional Campuses - CITI Export
Controls Course

Introduction to Export Compliance

Content Author

 Wendy M. Epley, MSc-RTC, ECoP® - EAR & ITAR

University of Arizona
This module is for educational purposes only. It is not designed to provide legal advice or legal
guidance. You should consult with your organization's attorneys if you have questions or
concerns about the relevant laws and regulations discussed in this module.

Introduction
Export controls are an ever-growing area of compliance for universities and research institutions
across the United States and around the world. Export control laws and regulations affect a
variety of activities, including many activities that take place physically within the U.S. and its
territories. The word "export" is often misapplied, misinterpreted, and/or misunderstood causing
many to ignore the restrictions to which they are subject, and that can result in costly
consequences.

This module provides a basic overview of export controls, helping to understand how to identify
when certain items and activities may be subject to these federal regulations that control the
export of goods and services. This understanding allows you to be proactive in ensuring that
compliance is achieved and maintained at all times. It is equally important to keep in mind that
export control is not just about moving product, it is also about services such as consulting,
training, speaking at conferences, and more. While this module will give you an awareness of
how export controls can affect your day-to-day activities, you should always consult with your
institution's export control office (ECO) before engaging in any activity that could be controlled
and allow that expert to help you maintain compliance.

Three primary agencies oversee export controls within the U.S.:

However, there are other U.S. federal agencies, such as the Customs and Border Protection
(CBP), Department of Homeland Security (DHS), Food and Drug Administration (FDA),
Alcohol Tobacco and Firearms (ATF), Nuclear Regulatory Commission (NRC), and U.S.
Department of Energy (DoE), just to name a few, who also have jurisdiction over certain items
and/or activities subject to export controls.

Learning Objectives

By the end of this module, you should be able to:

 Identify the differences between the three primary U.S. regulatory agencies.
  Recognize when export controls may be applicable to various research activities.
 Evaluate actions and processes needed when export controls may be involved.

Regulations

Department of Commerce Regulations

BIS is responsible for overseeing and enforcing the
Export Administration Regulations (EAR). Items that are
under the jurisdiction of the EAR are categorized on the
Commerce Control List (CCL). Items on the CCL are
considered commercial or dual-use. Dual-use as defined
in the EAR (2016) means "items that have both
commercial and military or proliferation applications."
While this term is used informally to describe items that
are subject to the EAR, purely commercial items are also
subject to the EAR (see 15 CFR 734.2-5). Subject to the
EAR is a term used in the EAR to describe those items and activities over which BIS exercises
regulatory jurisdiction under the EAR. Examples of dual-use items include satellites, gas turbine
engines, and drones (unmanned aerial vehicles [UAVs]). Items on the CCL are categorized with
an alphanumeric sequence referred to as an export control classification number (ECCN). The
sequence has three primary parts: the category (the first digit), the product group (the second
digit), and the level of restriction or type of control (the last 3 digits). The ECCN may also
include subparts that identify detailed characteristics of the item. Examples of ECCNs are:
7A994, 0A980, 3D001.a. Items that appear on the CCL may require obtaining an export license
prior to exporting or “releasing” the technology or software, depending upon the country of
destination and reason for control. Releasing as defined in the EAR means visual or other
inspection, oral or written exchanges, or other forms of access. It is important to be familiar with
terms and definitions used within the EAR as they can differ from common vernacular or
understandings. Consult with your institution's ECO for assistance in understanding terms,
determining ECCNs, and license applicability.

EAR can affect day-to-day activities within your institution, such as:
 Department of State Regulations
DDTC is responsible for overseeing and enforcing the International Traffic in Arms Regulations
(ITAR). Items that are under the jurisdiction of the ITAR are categorized on the U.S. Munitions
List (USML). Products and services listed on the USML are designed for and/or directly applied
to military purposes. Items on the USML are categorized by a Roman numeral sequence, such as
XII(h), IV(j). There are 21 categories within the USML. Items that appear on the USML will
require obtaining an export license prior to exporting, releasing defense articles, or providing
defense services.
Items can be controlled under the EAR or ITAR, and not limited to tangible objects. It is also
possible for the same item to be controlled under both the EAR and ITAR, though there are
typically characteristics that distinguish which regulations the item is subject to. For items
potentially subject to both the EAR and ITAR, the ITAR takes precedence. When it is difficult to
determine with certainty where a product or service falls within the EAR or ITAR, your
institution's ECO will be able to submit a classification request.

ITAR can affect day-to-day activities within your institution, such as:

Department of Treasury Regulations

OFAC oversees and enforces the economic and trade sanctions that are based on U.S. foreign
policy and national security goals. These economic and trade sanctions are typically designed to
target foreign countries, regimes, terrorists, international narcotics traffickers, those engaged in
activities related to the proliferation of weapons of mass destruction, and others who constitute
threats to the national security, foreign policy, or economy of the U.S. OFAC acts under
presidential national emergency powers, as well as the authority granted by specific legislation to
impose controls on transactions and freeze assets under U.S. jurisdiction. United Nations and
other international mandates serve as the basis for many sanctions, are multilateral in scope, and
involve close cooperation with allied governments.

OFAC regulations can affect day-to-day activities within your institution, such as:

What is an export?
15 CFR 734.13 (EAR 2016) defines export as, "an actual shipment or transmission of items out
of the United States." It also includes releasing or transferring. Many often think that the term
“export” only covers an item in a box shipped physically overseas. While this is one example of
an export, there are many other ways in which something can be exported, such as: auditory,
visually, verbally, or electronically. These types of exports can occur in innocent ways such as
glancing at design specifications on someone's desk, emailing data or specifications to a foreign
collaborator, eavesdropping on a conversation, meetings or conferences with foreign persons in
attendance, sharing data on a shared drive, uploading files to the cloud, instruction, training, and
so on. If the item is exported (or released) to an unauthorized foreign person or foreign
destination, a violation against the Arms Export Control Act (AECA) (22 USC 2778) may have
occurred.

To minimize the potential for unauthorized exports, it is critical to take certain reasonable steps
to protect the items or the data from access by or disclosure to those who are unauthorized. These
steps may be as simple as covering the papers on your desk, encrypting files or emails, or
locking materials in a file cabinet. However, compliance requirements could go further by
securing the item in an access-controlled area and maintaining a log every time someone
accesses the area and/or any controlled items. The security measures that are to be taken is a
combination of common sense, directives that are given based on the classification of the item,
and/or the terms of an agreement for which you or your employer are parties to. These measures
may also be specific to the “National Industrial Security Program Operating
Manual (NISPOM)” or the “Nunn-Wolfowitz Task Force Report: Industry ‘Best Practices’
Regarding Export Compliance Programs.”

The Deemed Export Rule

The deemed export rule is an area of export controls that some institutions worry about the most
because it can be easily overlooked; yet, the cost for a deemed export violation may be very
high. For example, a company based in California was fined $115,000 in 2014 because of
deemed export violations.
As mentioned earlier, exporting can happen in as many ways as communication can be
exchanged. Therefore, visual inspection by a foreign person at engineering specifications or
formulae can be considered an export. When the formulae or engineering specs are for research
that has been identified as export-controlled the deemed export rule becomes a factor and it may
be probable that a deemed export license is needed for that foreign person to have access to view
such technology or work on the project. Another example is an engineering school that is
working on developing an innovative atmospheric sensor for detecting hurricanes. The
researchers are using an accelerometer in the scientific device, which requires an export license
to deploy the device into waters off the coast of Taiwan, but a deemed export license is also
required for a foreign doctoral student who will be working on the device.

An export of technology or source code (except encryption source code) is "deemed" to take
place when it is released to a foreign person within the U.S. (15 CFR 734). Technology is
"released" for export when it is available to foreign persons for visual or other inspection (such
as reading technical specifications, plans, or blueprints); when technology is exchanged orally or
in writing; or when technology or software, through “access information” is made available (15
CFR 734).

The deemed export rule is of special concern to those who work with source code that is export-
controlled. Publicly available source code would not be export-controlled. However, let us say
for example that you are working on a facial recognition software program for the Federal
Bureau of Investigation (FBI). Even if the source code is publicly available, the project itself
may be restricted to foreign national participation due to reasons of national security. Although,
there are exceptions to the rule. The sharing of source code with foreign persons is permitted if
such persons are employees, contractors, or interns for the company. Unfortunately, this does not
include students. However, one might argue that a student, compensated for example with a
tuition stipend, would be considered an employee. In such situations, it is best to work with your
ECO and have them seek an advisory opinion from the appropriate U.S. government agency.
Note, however, that an advisory opinion in one case may not be the same for every case and thus
you will need to obtain authorization for each unique occurrence.
The deemed export rule can also be troublesome for institutions that hire foreign persons in the
areas of engineering, physics, chemistry, marine and atmospheric sciences, bio-informatics, and
nanotechnology, just to name a few, because these disciplines often require the use of export-
controlled technology. Even though these persons would be considered employees, a deemed
export license may still be required in order for them to have access to the technology they need
to perform their responsibilities. Your institution’s ECO is best at helping to determine when a
deemed export license may be required.

It is important to note that in 15 CFR 772 (EAR 2016) use is defined as "operation, installation
(including on-site installation), maintenance (checking), repair, overhaul and refurbishing."
Therefore, all six elements must be applicable to the situation unless an ECCN specifies one or
more of the six elements of use in the heading or control text; then only those elements specified
are applicable. Work with your institution’s ECO to determine the aptness of these elements for
any particular event.

Who is a foreign person?

A foreign person, or foreign national, is a term that is
used interchangeably. The EAR and the ITAR both use
the term foreign person and refer to the definition under
8 USC 1324b(a)(3). These are persons who are not any of
the following:

This term is also used to describe any foreign entities, such as corporations, businesses,
associations, partnerships, trusts, societies, or other groups that are not incorporated or organized
to do business in the U.S. It may also apply to international organizations, foreign governments,
and any agency or subdivision of foreign governments (for example, diplomatic missions). Any
person, for example, a tourist, student, businessperson, scholar, teacher, technical expert, sailor,
airline personnel, salesperson, military personnel, or diplomat, that is in the U.S. and is a citizen
or permanent resident of another country other than the U.S., and does not fall into one of the
three categories noted above, is considered a foreign person. Individuals working for a foreign
company in a foreign country would assume the nationality of that foreign entity regardless of
citizenship or residence. For example, a former colleague, a U.S. citizen, takes employment with
Mercedes-Benz in Germany. The former colleague asks to have some engineering designs that
he did for the U.S. Air Force while at your institution sent to him. A transfer of technical data to
the former colleague would be considered an export to Germany.

Even when a foreign person is in the U.S., the individual may still be subject to export control
restrictions, regardless of their employment status or visa type. This is the deemed export rule as
discussed above.

Where can an export occur?

As mentioned previously, exporting can occur inside or outside of the U.S. or its territories. This
includes international waters. An export-controlled item or activity that is released to a foreign
person who is located in the U.S. is referred to as a deemed export and is subject to the same
regulations as if the item were sent to the foreign person in their home country.

Releasing U.S. export-controlled items to foreign nationals, regardless of their location, is still
subject to restrictions of such items and treated as if they were in their home country. Releasing
such items is “deemed” to have been exported to the country for which the individual or entity is
a national of. For example, an export from the United States to an Israeli national in the United
Kingdom is a physical export to the United Kingdom, and a deemed export to Israel.

How do I get an export license?

The short answer to this question is work with your institution's ECO. What you need to be
mindful of is regardless of whether you need a license from OFAC, BIS, DDTC, or other
government agency, obtaining an export license, deemed export license, advisory opinion, or
other government authorization can be a timely process and can only be conducted by your
institution's ECO and Empowered Official. An average period from submission to approval
might be three to four months. However, some applicants have waited six months or more for a
response. One institution waited 16 months for an advisory opinion, while another institution
received an approved export license in two days. The waiting time can be frustrating on many
levels, but it is an element of the operation that cannot be rushed or requested to be expedited.
Therefore, planning and preparation as early as possible in the process is critical. Having your
ECO review proposals prior to submission is a great way to identify potential export control
issues. There are steps that your ECO can take while you wait for a notice of award to help
minimize the time that is needed to prepare and submit for government authorization once the
award is granted.
Receiving a license is a privilege and also comes with great responsibility."

Receiving a license is a privilege and also comes with great responsibility. The regulations at 15
CFR 750.7(d) of the EAR (2016) note “it is the licensee’s responsibility to communicate in
writing the specific license conditions to the parties to whom those conditions apply.” It also
notes it is the licensee’s responsibility to obtain writing acknowledgement of those conditions
from the party(ies) involved. Any changes to the purpose or even the parties identified in the
original application will require additional authorization from BIS.

All manufacturers, exporters, and brokers of defense articles, related to technical data and
defense services as defined on the USML (22 CFR 121 [ITAR 2016]) are required to register
with the DDTC. Registration is primarily a means to provide the U.S. government with
necessary information on who is involved in certain manufacturing, exporting, and brokering
activities. Registration does not confer any export rights or privileges but is a pre-condition for
the issuance of any ITAR license or other DDTC approval for export. The registration fee
adopted a three-tier structure in 2008 and modified it in 2013 to account for amendments to
ITAR (22 CFR 129). A university or research institution conducting research or working with
technology or technical data that is subject to the ITAR must register with DDTC. For example,
if a scientist is using an accelerometer with QRS-11 technology in oceanographic research, the
institution must first register with the DDTC. Once approved, the institution may then apply for a
license from DDTC.

How do I know if my item is export-controlled?

Probably the biggest issue many face is knowing with certainty whether or not items are export-
controlled. Just because an item is considered to be used all over the world, does not mean that
export controls do not exist. In addition, what may be okay in many parts of the world could still
be restricted to a few, such as embargoed countries. If you are unsure whether you have export-
controlled items, consult with your ECO for assistance. Reviewing the CCL and USML can be
daunting and confusing for many and thus it is best to leave this process to those more
experienced and knowledgeable with determining classifications.

Another way to identify the classification of items is to have the manufacturer or vendor provide
the classification at the time of quotation. If you notice the item has a USML classification, ask if
there is an EAR equivalent. Do not be surprised, however, if the EAR item initially costs more
than the ITAR item. Your justification for accepting this additional cost is that the cost of the
ITAR licenses that may be required, year after year, would ultimately result in an overall higher
cost for the item. This is not even going into the operational/administrative burdens of any access
or usage restrictions that an ITAR item may create for you, your project, and your institution.

If the item is coming from another country is it still controlled?

It very well could be. Just because an item may not be controlled in one country does not mean
that it will not be controlled in the U.S. Once an item enters the U.S., even with transshipments,
it is subject to U.S. laws and regulations. A CryoCooler from the Netherlands is not controlled
there, but in the U.S., it could require an export license and/or deemed export license - depending
on the circumstances. Sometimes, items purchased abroad and imported into the U.S. may
require licenses or other approvals for return shipment to the original source location (for
example, repairs). Much like the discussion of ITAR/EAR items above, the additional costs and
administrative burdens created may justify paying slightly more for a domestically sourced item
over a similar (or identical) foreign sourced item.

Importing items, such as medical equipment, may also require certification from the FDA in
order to clear customs. Another example could be obtaining approval from the Animal and Plant
Health Inspection Service (APHIS) to import species of plants from India. Maybe you are
shipping water extracted from caves in Iran back to the U.S. for research in studying climate
change; it is important to make sure that you have the necessary approval from OFAC first. Do
not rely on the party shipping the item to you from overseas to know what certifications or
authorizations are needed to import the item into the U.S. As stated many times already, work
with your institution's ECO to ensure you have a smooth transaction.

Why is the "cloud" an issue with export controls?

Cloud service providers (CSPs) help businesses minimize costs with managing their own
network and server systems. Unfortunately, if you upload data that is considered export-
controlled to such CSPs several possible scenarios could occur that might result in a violation of
the AECA. One such scenario is that the CSP is hacked and your data was compromised. You
have no idea who has seen the controlled data or who now has obtained a copy of your file(s).
Another scenario is you travel to a foreign country, log into your cloud account, and retrieve
your controlled data to review. You have just exported the data to the country you are visiting
because the information crossed that country’s communication lines. Yet another possible
situation is your chosen CSP has its servers and routers in locations outside of the U.S., which
means your controlled data has been exported to those foreign locations.

BIS has posted three advisory opinions between 2009 and 2014 regarding the cloud, and in all
three instances they have stated very clearly that the user is 100 percent responsible for the
content that is uploaded onto these sites. If the CSP is hacked, they will not be liable for the
release of the export-controlled data; the account holder will. Therefore, it is the responsibility of
the user to ensure that the technology or technical data stored is not accessible by foreign persons
(such as the cloud provider's foreign IT administrators). Remember that no contractual
arrangement with a cloud provider, no matter how carefully drafted, will shift the burden of
export compliance to the provider. If you work with export-controlled information and need
electronic access to share or retrieve it, please work with your institution’s ECO to find an
appropriate solution.
Does the Fundamental Research Exclusion (FRE) help universities
avoid restrictions of export controls?
Issued in 1985, National Security Decision Directive (NSDD)-189 established a definition of
fundamental research, which has been incorporated into numerous regulations (in other words,
EAR and ITAR), internal compliance regimes, and guidance documents. Per 15 CFR 734.8
(EAR 2016), fundamental research means “research in science, engineering, or mathematics,
the results of which ordinarily are published and shared broadly within the scientific community,
and for which the researchers have not accepted restrictions for proprietary or national security
reasons.” The focus of this term is “the results of which ordinarily are published.” This refers to
the techniques used during the research are normally publicly available or are part of the
published information. The FRE is something that many universities and research institutions
strive to maintain. The role of the EAR is not to regulate fundamental research as such; it is to
regulate the transfer of technology and software. Research may give rise to export control issues
if:

While research results developed or generated under the FRE are exempt from export controls
and can be freely shared with foreign persons both in the U.S. and abroad, any materials, items,
technology, technical data, or software developed or provided for conducting the research may
not be exempt.
One condition that typically negates the FRE by researchers is research that constitutes
development. 15 CFR 772 (EAR 2016) defines development as being "related to all states prior
to serial production, such as: design, design research, design analyses, design concepts, assembly
and testing of prototypes, pilot production schemes, design data, process of transforming design
data into a product, configuration design, integration design, layouts." A few examples of where
research can easily step into "development" and therefore negate the FRE are:

Consult with your institution’s ECO for guidance with applying the FRE to any research project.
Do export controls affect dual use research of concern (DURC)?
Yes, they can. DURC is a policy that was released in 2012 as a result of fundamental research
that developed into something that could potentially be turned into a biological weapon. Though
the research was funded by the National Institutes of Health (NIH) and had no publication
restrictions, the governments of the countries for which the scientists were from stepped in to
evaluate whether such research should be made publicly available. After several months of
reviewing, one of the governments said it is okay to publish but the other still restricted it and
required an export license to be obtained in order to share the data. The full story can be
reviewed here.

The U.S. Government Policy for Oversight of Life Sciences Dual Use Research of Concern was
released in March 2012. On 24 September 2014, the U.S. government released the U.S.
Government Policy for Institutional Oversight of Life Sciences Dual Use Research of Concern.
These two policies are complementary and emphasize a culture of responsibility by reminding all
involved parties of the shared duty to uphold the integrity of science and prevent its misuse.

The scopes of the policies are limited to a well-defined subset of life sciences research that
involves 15 agents and toxins and seven categories of experiments. If research activities using
any of these agents or the toxins go above the minimum allowable amounts, you will need to
work with your institution's ECO to obtain an export license to work with the materials. This is
above the other requirements for working with hazardous materials.

Life sciences researchers should be familiar with DURC and speak with their institution's
biosafety officer and ECO.

Can humanitarian assistance be affected by export controls?

Yes. While OFAC is supportive of the broader U.S. government approach to facilitating
humanitarian assistance, certain export controls may apply to the provision of humanitarian
assistance. Non-governmental organizations may provide humanitarian assistance in countries
that are not subject to comprehensive sanctions (such as Yemen, Iraq, Somalia, South Sudan, or
Côte d'Ivoire) without the need for a license from OFAC, so long as they are not dealing directly
with persons blocked by sanctions or any entities owned 50 percent or more by blocked persons.
For countries that are subject to comprehensive sanctions (for example, Iran and Syria), a license
from OFAC may be required before engaging in any humanitarian activities. Consult with your
institution's ECO to apply for licenses or to see if your activity may be covered under an existing
OFAC general license or other exclusion.

Why is traveling for business affected by export controls?

For starters, many of the devices we use in our day-to-day activities
contain encryption technology. Many institutions have anti-virus
software installed on all institution-owned devices or other
software with encryption capabilities in order to comply with other
internal policies or federal regulations, such as the Health
Insurance Portability and Accountability Act (HIPAA). Regardless
of the reasons why such software is on the device, importing this
technology may be restricted or prohibited by either the U.S. or the
country for which the technology is being imported into.

For example, when Haiti was devastated in 2010 by a 7.0

magnitude earthquake near the capital of Port-au-Prince, many
institutions from the U.S. stepped in to provide humanitarian
medical relief. For one institution, the idea of leaving one set of laptops in Haiti to be used by
medical personnel that would come and go had to be forgone because U.S. regulations restricted
the export. However, under 15 CFR 740.9 (EAR 2016), License Exception TMP (Temporary)
was available for use, which provided employees to bring an institution-owned laptop for their
sole use during their stay in Haiti. The individuals also had to keep the laptop in their effective
control at all times. Effective control per 15 CFR 772.1 (EAR 2016), is defined as "You
maintain effective control over an item when you either retain physical possession of the item, or
secure the item in such an environment as a hotel safe, a bonded warehouse, or a locked or
guarded exhibition facility. Retention of effective control over an item is a condition of certain
temporary exports and reexports." While some viewed this as an inconvenience, it was an easily
workable solution that did not result in the substantial delays that could arise as part of the
process to get formal license approval to leave the devices in-country as a temporary or
permanent export.

If your travel takes you to destinations such as Vietnam, Tunisia, South Korea, Poland, Morocco,
Israel, or Egypt you may be required to obtain approval to import certain technology from that
country's government prior to arriving. While the countries listed here is not inclusive, all
travelers should verify with their institution's ECO as to any restrictions with exporting, as well
as importing, the encryption technology on their institution-owned or personally-owned devices
that are used for business purposes for their proposed destinations. Obtaining approval to export
from the U.S. government can be a lengthy process, as can the process for obtaining
authorization to import restricted items from a foreign government agency. When time is of the
essence, travelers should consider a loaner laptop from their institution that is free of encryption
technology. Speak with your institution’s ECO about this option for travel.

When traveling, if you access your cloud-account you have exported the information into the
country where you are at the time. If any of that information is export-controlled, a violation may
have occurred. This holds true even if you are a U.S. citizen and you uploaded the information
while in the U.S. and you are accessing your account from your institution-owned laptop or
personally-owned tablet. It is advised not to access any information from a cloud account during
international travel unless you are 100 percent certain the information is not export-controlled or
considered proprietary.

While this section focused mostly on laptops, other items that are used as a tool-of-trade may
also be affected. For example, a geologist whose luggage includes a GPS device that is used for
their field research in Venezuela may need to obtain an export license for the GPS before
traveling; or, a neurosurgeon who will be demonstrating using a Gamma Knife may also require
a license to give such instruction at a conference in Cuba.

Speaking of Cuba, since the 17 December 2014 announcement by President Obama of re-
establishing diplomatic relations with Cuba, there have been numerous amendments to the
Cuban Assets Control Regulations (CACR). These changes include greater flexibility in financial
transactions and the ability to book flights directly with commercial airlines. Despite these
improved conditions, Cuba remains an embargoed country under U.S. laws. As such, under 31
CFR 515 (Cuban Assets Control Regulations 2016), activities are still limited to 12 specific
categories. Tourism is still prohibited. Therefore, while traveling to Cuba under an authorized
category, the schedule is prohibited from engaging in tourism activities. More changes in the
CACR are likely, so it is important to work with your institution's ECO to stay apprised of the
changes that will affect university business transactions concerning Cuba.

Prohibited Parties
Many federal agencies publish lists that contain names of individuals and entities prohibited
from certain activities. The lists are referred to in various ways:
If a party to your transaction matches a party name on any of these lists, you are required to do
your due diligence to ensure full compliance with all the terms and conditions of the restrictions
placed on the parties on the list. Engaging in a transaction with prohibited parties could result in
a violation for you and your institution. Parties on these lists are not just foreign nationals; they
can also be U.S. persons.

Some lists, such as those from the NRC, will list individuals and entities but it may not mean that
you cannot engage in business activities with them. You must read the citation in order to
determine the restrictions. There are instances where the party appears on a list because the
citation is a matter of public record, but not because they have been restricted or otherwise
denied privileges.

Some of the lists published by the U.S. Department of State, U.S. Department of Commerce, and
the U.S. Department of Treasury have been consolidated into one spreadsheet as an aide to
industry in conducting electronic screenings of potential parties to regulated transactions. This
consolidated screening list can be found here. These lists that have been consolidated are the
minimum of what should be checked. If your institution does human subject testing or provides
medical care, you will also be required to check certain lists from the Office of Inspector General
(OIG), the FDA, and certain state lists that are not included in the consolidated list noted above.
Additionally, some foreign sponsors may require you check restricted party lists that are
produced by their government agencies (for instance, Canada and the United Kingdom).

There are service providers of restricted party screening software who can provide a consolidated
resource for all available lists. Some providers have over 230 lists worldwide that their system
checks in a matter of seconds. Such services can be integrated to your institution's network,
which in turn builds a more robust screening process to the compliance program. Speak with
your institution's ECO for assistance with screening for prohibited and restricted parties.

Penalties
Violations of the Export Administration Act of 1979 - as amended (EAA), 50 USC app. 2401-
2420 (2013), and the EAR, may be subject to both criminal and administrative penalties. When
the EAA is in effect, criminal penalties can reach 20 years imprisonment and $1,000,000 USD
per violation. Administrative monetary penalties can reach $11,000 USD per violation, and
$120,000 USD per violation in cases involving items controlled for national security reasons.
When the EAA is in lapse, the criminal and administrative penalties are set forth in the
International Emergency Economic Powers Act (IEEPA). The EAA has been in lapse since 21
August 2001, and President Bush, through Executive Order 13222 on 17 August 2001 (which
has been extended by successive Presidential Notices), has continued the EAR under the IEEPA.

The IEEPA of 2007 significantly increased penalties for export violations, including deemed
export violations. The penalty increase applies to almost all economic sanctions programs
administered by OFAC, and the anti-boycott and export control rules in the EAR. Under the
IEEPA:
Section 11A(h) of the EAA (2013) provides that, at the discretion of the Secretary of Commerce,
no person convicted of a violation of the EAA, IEEPA, or Section 38 of the AECA (2014) (or
any regulation, license, or order issued under any of these laws), or one of several espionage-
related statutes will be eligible to apply for or use any export license issued under the EAA for
up to ten years from the date of the conviction. In addition, Section 11A(h) provides that the
Secretary of Commerce may revoke any export license that the party had at the time of the
conviction.

Under the ITAR, violations and penalties are defined in 22 CFR 127 (ITAR 2016):

Any person who willfully: (a) violates any provision of section 38 or section 39 of the Arms
Export Control Act (22 U.S.C. 2778 and 2779), or any undertaking specifically required by part
12 of this subchapter; or (b) in a registration, license application or report required by section 38
or section 39 of the Arms Export Control Act (22 U.S.C. 2278 and 2279) or by any rule or
regulation issued under either section, makes any untrue statement of a material fact or omits a
material fact required to be stated therein or necessary to make the statements therein not
misleading, shall, upon conviction, be subject to a fine or imprisonment, or both, as prescribed
by 22 USC 2778(c).

Case Law

USA v. John Reece Roth, 6th Circuit, No. 09-5808, Jan. 5, 2011

The court held that in order to prove a willful violation of the ECA, the
government only needs to prove the defendant acted with knowledge that
his conduct was unlawful; not the specific items that were on the USML.

Summary from the Case

"Defendant-appellant John Roth worked as a consultant on a United

States Air Force defense research project, which had been awarded to
Atmospheric Glow Technologies, Inc. in Knoxville, Tennessee. The
project entailed developing plasma technology for use on military
aircraft. The government charged Roth with exporting data from the
project on a trip to China and allowing two foreign nationals in Knoxville
access to certain data and equipment in violation of the Act. A jury in
United States District Court for the Eastern District of Tennessee
convicted him of one count of conspiracy, fifteen counts of exporting
defense articles and services without licenses, and one count of wire
fraud" (John Reece 2011).

Former University of Tennessee professor, Dr. Roth’s petition for a writ

of certiorari was denied in July 2011. On October 3, 2011, the U.S.
 Supreme Court decided not to hear the case and thus the 2009 conviction
and four-year sentence was upheld.

Recordkeeping
The records and recordkeeping requirements for OFAC (31 CFR 501), ITAR (22 CFR 123), and
EAR (15 CFR 762) allow for the destruction of records after five years. If your institution
governs records be retained for a longer period of time, then the greater time period would be
applied. Exceptions would be documents that were requested by the governing agency and
records related to a voluntary self-disclosure, which would require written approval from the
governing agency. However, there are instances when retention of records may require extended
periods due to the nature of the transaction or product. For example, an institution procures an
inertial navigational unit (INU) for their research vessel from a supplier in Canada. The life
expectancy of the INU is ten years. If the INU needs to be returned to Canada for repair,
paperwork showing the legal procurement of the item may need to be provided to U.S. Customs
and Border Protection for the export to Canada, as well as for import back to the U.S. once the
item has been repaired.

U.S. Researcher Conducting Export-

Controlled Research Abroad

Summary
Today's global regulatory and fast-paced business environments transcend geographical and
institutional borders and present new compliance challenges. Export control laws and regulations
around the globe are constantly in flux, and as conditions in other countries change so too can the
conditions in which business is conducted in those areas. Thus, what was true today may not
necessarily be true tomorrow. Compliance with export control laws and regulations is not an
option; it is mandatory and can pose serious consequences for all individuals involved as well as
the institution they represent. A "knowing and willing" condition is not the only way a violation
can be weighed and thus it is essential to work with your institution's export control officer or
other responsible delegate to ensure that compliance is achieved.