US export compliance enforcement continues to escalate. The recent US$9.4m export compliance and economic sanction penalty violation levied against DHL freight forwarding is a good indication that the US government has no problem issuing costly penalties, even in these difficult times.
Inexplicably, with an increasingly active compliance enforcement environment, some companies continue to scale back financial and workforce resources related to export compliance, which isn’t consistent with basic corporate risk mitigation policies. Corporate executives are best served to balance the risk of violating basic trade regulations with the need to keep an effective export compliance programme. Having a compliance programme on ‘paper’ is not enough to prevent a company from being subject to penalties and operational risk. The challenge is creating the right compliance environment for each business.
Steps to an Effective Compliance Programme
An effective compliance programme can be maintained on a reduced budget if the essential core practices are clearly defined and followed. The following steps, when properly implemented, can help a company mitigate the risk associated with cross-border trade:
1. Capture senior commitment, globally
Corporate senior management must broadly and emphatically sponsor the export policy in order for it to be successful. It is critical that senior leaders in all locations are very vocal in their support. Export compliance policy should be a concise and clearly written statement issued by management and reiterated annually to all employees around the world. The policy should emphasise the need to comply with regulations and enumerate the risks of non-compliance – for the business as well as individual employees.
2. Create standardised policies, procedures and processes
Best practice guidelines require establishing company-wide processes and procedures that integrate export compliance requirements into daily business practices. They should be developed and documented for the business’s entire global community – policies and procedures should not be single-country centric. Effective, streamlined procedures ought to document the day-to-day desktop activities that support the export transaction process. Procedures should have defined inputs that result in expected outputs. They should start in the concept stage of the product design and continue through to the recordkeeping phase. In addition, procedures need to be reviewed periodically to reflect any regulatory or business-process changes.
3. Conduct education and training
Targeting at-risk employees for in-depth training can stretch today’s limited budgets. To leverage resources, join previously organised training efforts hosted by other departments such as internal audit, health and safety, and personnel. Tailor training to the different employee job functions – more detailed for shipping, more high-level for sales, etc. Create and stick to a regular schedule for employee training. The world of export regulations is intricate and constantly changing. In addition, subscribe to information services to keep critical employees informed of recent regulation changes and how they impact employee functions.
4. Empower employees
Employ experienced and trained export professionals who have current knowledge of the ever-evolving regulatory environment. Identify employees whose job roles subject them to enacting some form of export compliance. Provide those individuals with the authority to stop suspect export transactions and scrutinise documentation to ensure compliance with the legal requirements of the organisation. Document the organisation’s primary and backup staff and include their name, title, e-mail and telephone numbers so that they may easily be contacted to discuss suspect transactions. Establish formal lines of communication with other personnel exposed to the export process – sales, operations, shipping and customer service.
5. Determine jurisdiction and classification
Jurisdiction and classification of an organisation’s products must be completed in a timely and accurate manner to avoid derailing the supply chain. The correct US government agency jurisdiction determination is essential in reaching a proper export classification and license authorisation. There is no clearly defined regulatory requirement for jurisdiction or classification; nevertheless, the business must report the correct information in export documents. Critically, a fundamental requirement is documenting and substantiating rationale for how items are classified.
6. Design cradle-to-grave license authorisation management
Integrating the export compliance organisation within a company’s product development process is the start to creating an effective authorisation management programme. Assigning responsibility not only to export compliance but also to the associated business function ensures a more accurate outcome. Using tools with software-based solutions either obtained externally or developed internally helps eliminate inaccuracies in tracking the limitations of the authorisations. These tools will also assist in establishing a corporate repository for all export authorisations.
7. Formalise comprehensive documentation and recordkeeping
It is important to make sure export control retention guidelines are part of your overall corporate retention programme. All export transaction-related documents are required to be retained for at least five years from the date of the transaction. Regulations stipulate that all records be kept, especially those reflecting the export and temporary import of defence articles, defence services, dual-use commodities and related technologies. Managing documentation may require a technology control plan (TCP) that delineates how a company will control its technology. The plan establishes procedures to protect proprietary and export-controlled information.
8. Conduct periodic audits
Establish periodic external and internal evaluation programmes to systematically audit export control processes and procedures, as well as tangible and intangible export transactions. Theses audit will help pinpoint programme flaws and could also be a mitigating factor should federal authorities catch a violation. Audit procedures and timetables should be pre-established and part of the overall compliance programme.
9. Establish non-compliance guidelines
A business should publish guidelines for determining when and how to investigate potential violations or non-compliance events. Export compliance personnel should have the authority to investigate and stop export transactions. Enact an investigation plan that collects information, preserves documentation and details an escalation process that should include the legal department. The resolution should include follow up with corrective actions.
Even in challenging economic times, a business can mitigate the risk of cross-border trade. Using well-defined and repeatable processes that are documented and creating metrics and audit measures tailored to meet your organisation’s unique needs will help your business comply with regulatory requirements and avoid the pitfalls of international trade. Implementing effective business processes will be money well spent. Investment in a sound compliance programme could mean the difference between a slap on the hand and multimillion dollar penalties.
We have been witness to a series of significant security events recently around payment execution, from Leoni in Germany through to ABB in South Korea and SWIFT in Bangladesh to name a few of the major headlines.
When Mark Cuban declared that "Data is the new gold" he highlighted why information is possibly the most valuable asset a business has. APIs are the unsung heroes that make it possible to extract that value.
Europe’s opening banking regulation is finally here. After months of preparation across the continent, the Revised Payment Services Directive comes into effect on January 13.
The revised Payment Services Directive regulation, regarded as one of the most disruptive in Europe’s financial services sector, will begin to make an impact on January 13, 2018.