The Department of State’s Office of Defense Trade Controls Compliance (DTCC) has issued a summary report covering May 2015 through April 2016 for its Company Visit Program (“CVP”), which was re-launched in 2015.  The program includes onsite visits to industry as an extension of DDTC’s outreach initiatives (“CVP-O”) and engagement in existing compliance cases (“CVP-C”).  DDTC states that additional reports will follow.  The reports will share some company best practices, provide recommendations for improving compliance programs, and include firsthand information DDTC learned through our onsite interaction. The information included in the first report is limited to DDTC’s site visits and does not include observations or recommendations identified through disclosures or other enforcement activities. The reports are non-attributional and do not include any data identified as being related to a specific company.

In this report, the following best practices were noted:

  • Requiring suppliers to complete a standardized form identifying the jurisdiction/classification of their products and related technical data. Use of such a form may drive more companies to take an active role in identifying and documenting the export control jurisdiction of their products. The form also serves as a standardized tool for clear and consistent recordkeeping.
  • Integrating export control processes into company quality systems and reviews.
  • Physically segregating ITAR-controlled research (including research using ITAR-controlled articles or technical data) at universities.
  • Providing foreign customers with a summary of TAA requirements, and tying those requirements to the contract with the foreign end-user. This may help expedite the TAA signature process, and can serve as a tool to educate the foreign customer on limitations that may exist when procuring U.S. services and technical data.
  • Incorporating export compliance reviews into IT systems that manage project lifecycles, so that the workflow requires approval from the export compliance function prior to the bid/no-bid business decision.
  • Requiring self-classifications to be reviewed and signed by engineering and technology managers of the cognizant business and a senior technology manager from a separate business unit, serving as an independent peer reviewer.

Using incentive programs, such as internal recognition and/or awards, to recognize employees for compliance activities.

The report also has recommendations/observations for improvement and DTCC takeaways.