The US Unilateral Export Controls Regime - How one small error can lead to disaster

As a result of the September 11th tragedy, the ensuing global fight against terrorism and the latest war in Iraq, the world has become that much more aware and sensitive to the concepts of Trade Sanctions and overall Export Control Regimes that underpin them, specifically those of the US that are both unilateral and extraterritorial in nature. These are not new but have been reinvigorated by the Bush Administration as an important part of homeland security strategy.

From an international business perspective, however important these security safeguards may be, these export control regulations have a direct cost to doing business – in some instances eliminating American firms from doing business with certain individuals, firms and countries, where other non-American companies may have no such limitation. A great example of this is Cuba, where American firms are banned from participating in opportunities that are open to all others – a real bone of contention between EU, Canada and the US.

Microsoft is not immune from these export restrictions – on the contrary, we are taking these extremely seriously, investing heavily in ensuring compliance not only to the letter, but the spirit of the law, yet somehow creating a value in the process that allows a differentiation in the marketplace – effective, efficient, compliant delivery of solutions.
So what are these Export Control Regulations?

In very simple terms, the US government has enacted various regulations as administered by the Department of Commerce, Bureau of Industry Security (Export Administration Regulations – http://w3.access.gpo.gov/bis/) and the Department of the Treasury, Office of Foreign Assets Control (http://www.treas.gov/offices/eotffc/ofac/index.php) to ensure that American Companies “Do not sell controlled products to denied entities or for prescribed use (weapons of mass destruction) or to a sanctioned/embargoed country”.

In this region (Europe, Middle East and Africa – EMEA) we have most of the bad guys, “Axis of Evil” countries and individuals/entities planning acquisition of weapons of mass destruction (WMD). The regulations require companies such as Microsoft, whose products can be used to support furtherance of WMD, to screen each and every customer and his transactions prior to commencing business – we simply cannot afford to ship to the wrong person, entity or wrong country. “Compliance through Due Diligence” is the name of the game.

Let’s explode a few myths about Export Controls!

A company cannot simply pass on the risk to downstream supply chain service providers or its distribution channel – it’s not that simple. Since 9/11 the US has placed greater onus on OEMs (Original Equipment Manufacturers), such as Microsoft, to “Know One’s Customer” and hence be held directly accountable for any diversion. The emphasis of the regulations is now on “Who is buying and for What purpose” as compared to prior 9/11 where the product was the issue.

The second myth is that the cost and effort of screening every transaction and customer is prohibitive – not so, if implemented with clear legal interpretations. The regulations are based around the concept of “Knowing or having Reason to Know” that a customer is denied or a transaction is possibly being diverted. Legal guidance further expands this to “Knowing or having Reason to Know … within the Normal Course of Business”. This in itself is understood to mean having direct, written information in the supply chain process, from time of quoting to time of final delivery. This clearly bounds the screening activities and associated costs.

What are the real costs to business?

There are two real costs to be aware of:

Inadvertent Violation (Civil Offense)

• Denial of export privileges
• $50,000 fine per violation
• Forfeiture of property
• Seizure and forfeiture of goods and conveyance
• Extremely bad PR

Willful Violation (Criminal Offense)
(includes violations by any officer, director or agent of any corporation knowingly participating)

• Denial of export privileges
• $500,000 fine per violation (propose to raise to $10m)
• Up to 10 years imprisonment
• Seizure and forfeiture of goods and conveyance
• Even worse PR

What is the Business Community doing (complying and lobbying)?

As Export Compliance is now clearly being understood by corporations as a major pillar of Supply Chain Security most are busy ensuring compliance through direct investments in compliance systems; many are turning to 3rd party compliance providers such as Vastera, MK Technologies and OCR (US based) for solutions. Microsoft has implemented a strategy of both vendorising its compliance as well as implementing internal processes/systems.

Some, such as Microsoft, are able to use their ability to interpret regulation, gain favourable rulings from government departments effective/efficient administration of Export Licenses approved by the US government as a positive differentiator during competitive sales situations – lead times for US Export Licenses can be up to 90 days and longer if management of these by a company is not well organised.

In the 90’s industry was pushing liberalisation of regulations; since the advent of the Bush Administration and 9/11 industry has moved away from this position, reflecting the realities of security needs and concerns, now aiming its efforts in ensuring consistency and transparency in the myriad of incremental supply chain security initiatives being drawn up and rolled out by the US and its trading partners … ah! but these are another story altogether – for another time.

***************************************************
Mr Richard Sicard
EMEA Senior Trade Manager in Ireland
rsicard@microsoft.com
Phone: 353-1-7065546
Mobile: 087-2203698
Fax: 353-1-7064110
*******************************************************