For anyone subject to ITAR, it is crucial to understand the consequences of a violation and what steps to take with an ITAR attorney should a mistake occur.
The International Traffic in Arms Regulations, known as ITAR, is a federal law that controls the import and export of goods, services, technology, and data related to defense and space within the United States. The full list of relevant items is known as the United States Munition List (USML), and anyone involved in the supply chain for these items is required to comply with ITAR, from manufacturers to contractors.
The basic principle of ITAR sounds simple: items on the USML cannot be sold to or held by anyone who is not a United States citizen. But the processes, licenses, and documentation involved in proper ITAR compliance can be overwhelming for some companies, and registration with the State Department’s Directorate of Defense Trade Controls (DDTC) is required and may seem intimidating.
Not every ITAR violation is done intentionally, but they are all taken very seriously by federal courts.
The range of actions that could lead to non-compliance with ITAR is impossible to list out comprehensively, especially due to the changing nature of ITAR and export controls. However, a number of issues come up frequently in ITAR cases and are good to be aware of as a means of prevention.
In these cases, a company knows they are violating ITAR and chooses to proceed with an action anyway. They may even receive additional compensation or benefits for doing so. These cases are at the highest risk of both criminal and civil penalties, usually receiving the harshest possible consequences, including both fines and imprisonment. If any employee becomes aware of an ITAR violation and does not properly communicate through appropriate channels, they can be considered willfully violating ITAR and punished to the full extent of the law.
Any manufacturers of firearms, ammunition, or other defense services are required to register with the U.S. Department of State, Directorate of Defense Trade Controls ((DDTC) in order to produce these heavily controlled items. If a company fails to register with the appropriate agency, this can lead to export violations.
Within the defense industry, a number of compliance measures exist to prevent unauthorized exports in the interest of national security. Prior to exporting defense services and technical data to a foreign entity, a company must comply with strict ITAR programs and gain prior approval. If this is not done properly, it can lead to a violation.
It is important to note here that exporting does not always require the physical shipment of a defense item, service, or piece of data. Even discussing these items with someone in a foreign country can be considered a violation under these terms.
Oftentimes, ITAR is violated by someone within a company completely unknowingly. The breadth and complexity of the law make it easy for some items to fall through the cracks, especially in large organizations. Someone simply sending an email without realizing a recipient is not a citizen could cause issues.
However, ITAR provides for a process of voluntary disclosure that allows companies to drastically reduce their fines or eliminate them altogether. By being forthcoming and cooperative, as well as making an effort to prevent future occurrences, you can avoid severe penalties.
Some companies or individuals simply get confused about specific aspects of ITAR and what it covers. When an exporter makes a factual omission of information, licensing, or reporting, this could lead to criminal and civil penalties. If this is done in error, it is critical to report that error as soon as possible. ITAR relies on honesty and accuracy, so full disclosure will go a long way.
In addition to following ITAR regulations, companies must also keep updated on amendments and updates to the regulations as the environment changes. The U.S. government is serious about compliance with ITAR and rarely does a violation go unpunished.
Penalties for ITAR violations can be both civil and criminal in nature, depending on the severity, type, and scope of the violation. Some potential consequences include the following:
Because of the harsh consequences, no company wants to end up entangled in an ITAR-related court case. Most companies that are subject to ITAR have internal processes set up to ensure compliance. While these can be designed by the entity itself, the U.S. Federal regulations for federal agencies can offer guidance on how to build a strong preventative program.
Based on NIST SP 800-53, the standards for securing ITAR data include the following principles: