Honeywell International, Inc. Reaches 3 Year Consent Agreement With the Department of State
By Jenny Hahn, President
The U.S. Department of State's Directorate of Defense Trade Controls (DDTC) has announced that Honeywell International, Inc. has entered into a 3-year Consent Agreement to resolve charges that it committed 34 violations of the Arms Export Control Act and the ITAR between July 2011 and July 2018 involving unauthorized exports or retransfers of technical data resulting from the failure to exercise appropriate internal controls.
In December 2015, Honeywell initially disclosed to the Department of State that its Integrated Supply Chain (ISC) organization had sent Requests For Quotation (RFQs) to U.S. and foreign suppliers via its DEXcenter (file exchange program) requesting pricing for parts. The RFQs generally included drawings.
In its initial notice of the disclosure, Honeywell identified that there had been multiple exports of ITAR-controlled drawings without authorization via DEXcenter to Taiwan and the People's Republic of China (PRC) in July 2015. It was subsequently determined that 51 of the drawings exported had been to unaffiliated suppliers in the PRC, an ITAR sanctioned country. Honeywell had exported 20 of the drawings to its affiliates in the PRC.
In Honeywells' September 2016 filing of the final report regarding the voluntary disclosure, Honeywell informed the Department of State of multiple corrective actions it had taken to prevent the types of violations it disclosed from recurring. The actions included:
1) a mandatory second-level review requirement for all international document transfers through DEXcenter;
2) mandatory training measures to address the risk of human error due to misidentifying export classification or authorizations, especially in the RFQ context; and
3) enhancing DEXcenter to further reduce the risk of human error by limiting the user's ability to select an export authorization that does not match a drawing's export classification and by providing additional warnings, reminders, and training resources and requirements.
By March 2017, based on an internal investigation and additional analysis conducted at the Department of States request, Honeywell ultimately identified 71 ITAR-controlled drawings that had been exported without authorization between July 2011 and October 2015 had exported via DEXcenter to Canada, Ireland, the PRC, and Taiwan, 65 of which form the basis of the alleged violations.
The 71 drawings, which Honeywell identified in its first voluntary disclosure and supplemental correspondence with the Department of State are controlled under Categories VIII(i), XI(d), and XIX(g) of the United States Munitions List (USML), contained engineering prints showing layouts, dimensions, and geometries for manufacturing castings and finished parts for multiple aircraft, military electronics, and gas turbine engines, including the F-35 Joint Strike Fighter, F-22 Aircraft, B-1B Lancer bomber, C-130, A-7H Corsair, A-10 Aircraft, Apache Longbow Helicopter, the M1A1 Abrams Tank, the Tactical Tomahawk Missile and the T55 Turboshaft Engine.
Some of the drawings contained technical data designated as Significant Military Equipment under the ITAR. The SME designation has significance because the USG has determined that special export controls are warranted because of the capacity for substantial military utility or capability.
In October 2018, Honeywell submitted a second voluntary disclosure describing how personnel in the same organization within Honeywell Aerospace, ISC, committed another series of ITAR violations between June and July 2018 that were similar to the violations disclosed in the first voluntary disclosure.
According to the second voluntary disclosure, a team of ISC personnel invented what Honeywell referred to as "an alternative process, which the team believed complied with export compliance requirements," for soliciting RFQs.
Under the alternative process, ISC personnel either failed to review the export control classifications for multiple technical documents or used a classification analysis method that did not properly categorize the documents as described on either the USML or the Commerce Control List (CCL).
Additionally, ISC personnel without authorization exported technical drawings using a different file exchange tool than DEXcenter called Daptiv. The reasoning for the use of Daptiv was to increase the efficiency and speed of a procurement project.
There were a total of 27 additional exports using this system, 2 to Canada, 2 to the PRC, and 23 to Mexico. The drawings were classified on the USML as Category VIII(i) and XIX(g) and contained the same type of information as before for the manufacture of castings and finished parts for the following platforms:
- F35 Joint Strike Fighter
- F/A-18 Hornet
- F135 turboshaft engine
- F414 turboshaft engine
- T55 turboshaft engine
- CTS800 turboshaft engine
Like the first disclosure, some of the drawings contained technical data designated as SME.
Lastly, the two drawings to the PRC were to an employee at one of Honeywells' subsidiaries and that employee retransferred one of the drawings to another employee at its subsidiary in the PRC.
(i) Civil penalty of $13,000,000, with $8,000,000 payable in three installments and the remaining $5,000,000 assessed for remedial compliance measures
(ii) appointment of a Special Compliance Officer or Internal Special Compliance Officer
(iii) implementation of an automated export compliance system
(iv) a minimum of one external audit
(v) on-site reviews by DDTC with minimum advance notice, and
(vi) other strengthened makeup Compliance Policies, procedures, and training, including legal department support to all divisions for all matters involving the AECA and the ITAR.
DDTC posted the following documents in connection with this settlement: Draft Charging Letter, Consent Agreement, and Order.
What is the lesson learned?
Beyond the clear national security violations that this case presented because of the exports to China which triggered the fine amount imposed, the voluntary disclosures revealed a startling lack of consideration of export jurisdiction and classification, the failure to follow company guidelines, processes, and procedures, and that even in the largest of companies exports of technical data via established processes and procedures can go easily go astray.
The most rigorous of processes installed to ensure secure transfer of the companies valued technical data was not a foolproof mechanism and the trade compliance team bears the responsibility to routinely investigate, test, and validate exports are compliant to the ITAR or EAR and the associated licensing and other authorizations within the ITAR or EAR.
A lack of detailed training is often attributable to these types of export violations. It is critical for defense contractors, large and small to ensure functional department training is provided along with detailed written processes/work instructions that include specific export compliance obligations for that department to make clear the expectation for the department before they make exports of technical data, controlled or non controlled. Following such training regular auditing of department processes is necessary to validate compliance.
As this case demonstrates it is imperative that all company personnel shares the same corporate objective of trade compliance and understanding of all the fundamental elements to export compliance when exporting technical data.
In all instances before company personnel make an export of technical data, they must know export jurisdiction, export classification, and licensing responsibilities under the ITAR or the EAR for the release of that data.
Small, medium and large companies all have the same responsibilities and the same risks.
Best practices include (not a comprehensive list)
- Dedicated personnel assigned to determine export jurisdiction and export classification for all items or technical data being exported
- Having a single point of export for a program, a license, or a department that minimizes that number of humans involved in the export of technical data and allows for an assessment of whether the technical data is properly within the scope of the export authorization and whether the export classification is correct
- Use of secure portal for sharing export-controlled data
- IT tools that restrict/quarantine exports to China or any other prohibited destination (ITAR 126.1) before release after a trade compliance review
- Trade compliance follow up on export activity for licensed and non-licensed exports made by individual functional departments
- Regular audits, both internal and external, of export activities
- Follow up of compliance actions resulting from any matter of non-compliance
- Training, training, training
- Employee certifications and acknowledgment of responsibilities
- Consequences up to and including termination for violations of the company policies and procedures causing export violations
DUE DILIGENCE CONSIDERATIONS WHEN EXPORTING TO CHINA
by Keil J. Ritterpusch
Senior Compliance Associate
Jenny A. Hahn
The current climate between the U.S. Government and China related to export controlled commodities is quite hostile and is not likely to change in the near term, even with a new U.S. President in place. The U.S. Government, concerned with national security threats, human rights abuses, military modernization, theft of U.S. technology, and theft of U.S. personal information by Chinese actors, has gone on the offensive from an export regulatory perspective to attempt to prevent parties supportive of the Chinese Government and Chinese military from acquiring US-origin products, including, in some cases, products that are EAR99.
The U.S. Government, acting through the U.S. Department of Commerce's Bureau of Industry & Security ("BIS"), has recently added a large number of Chinese companies, including companies that are predominantly involved with commercial enterprises, to the Entity List under the Export Administration Regulations ("EAR"). By being added to the Entity List, any export from the U.S. to a listed party is subject to an export license requirement under the EAR, with a presumption of denial applicable in most cases. Listed parties cannot receive U.S. exports indirectly either, such as by buying through intermediary parties. These intermediary parties know that it is not lawful for U.S. exporters to engage in transactions involving ultimate end use by parties on the Entity List. Thus, in many cases, they disguise the intended end-use, end-users, and parties to the export transactions.
Beyond the expansion of the Entity List, BIS has taken steps to expand the EAR's Foreign Direct Product Rule at EAR Section 736.2(b)(3) to specifically target Chinese telecommunications giant, Huawei Technologies Group Co. Ltd. ("Huawei") and affiliates in China and worldwide. The EAR's Foreign Direct Product Rule was expanded so that foreign origin products built in plants with U.S.-origin equipment and technology that are exported from abroad or re-exported to Huawei and affiliates are subject to the EAR and prohibited without a license from BIS.
In addition to the broad prohibitions that have been placed on numerous Chinese companies, preventing them from receiving exports of any commodity from the United States, a large number of Chinese companies and organizations have recently been identified under the EAR as Military End Users ("MEUs"). The action to formally identify companies as MEUs, in China, as well as Russia and Venezuela, follows their identification by the U.S. Department of Defense as parties with strong ties to military end-users and military end-uses. By adding entities as MEUs under the EAR, U.S. exporters are officially on notice that any export transaction involving these entities where an item on the EAR's Commerce Control List ("CCL") -- meaning any item with an Export Control Classification Number ("ECCN") requires an export license approved by BIS.
Given the extensive expansion of export restrictions involving China (as well as Russia and Venezuela), it is more important than ever for parties exporting from the United States to carefully identify the parties to their export transactions and the export classifications of products being exported. Even items that are EAR99 or are otherwise No License Required ("NLR") to most worldwide destinations now require licensing for export to certain end-users and for certain end uses in China. Thus, exporters must take formalized steps to document their export due diligence for transactions involving China, as well as Hong Kong and Macau (which are now treated as part of China by the U.S. Government).
BIS has published "Know Your Customer Guidance and Red Flags" as a supplement to the Ten Prohibitions listed in EAR Part 736. The guidance explains the appropriate due diligence required for U.S. export transactions and provides context as to how to sufficiently establish "knowledge" of the particulars of export transactions, including the proper identification of parties, end uses, and end-users. The General Prohibitions cover a gamut of export-related matters but generally prohibit exporters and re-exporters from engaging in export transactions involving prohibited end uses and prohibited end-users. In order to comply with the EAR's General Prohibitions, exporters and re-exporters must establish "reasonable " knowledge regarding the parties to their export transactions and the ultimate end-use and end-users of the exports.
The industry standard for validating this information is through the End User Statement ("EUS")/End User Certification ("EUC"). Without a EUS/EUC, an exporter is arguably self-blinding with respect to compliance with the EAR General Prohibitions, as well as overall export compliance with EAR requirements. Companies that fail to establish sufficient "knowledge" of the details of export transactions can be hit with substantial fines when export transactions result in end uses or end users that are prohibited.
What is Reasonable Due Diligence?
An array of documentation can be used by exporters and re-exporters to validate the parties, end uses, and end users involved with export transactions. The following are tools that should be used by exporters and re-exporters in varying degrees as part of the due diligence to validate export transactions.
- End-Use and End-User Statements
- Denied Party Screening
- Internet research validating the parties to the export transaction
- Business licenses and other documents validating the bona fides of the parties, should information regarding the entities to the transaction not be easily discovered through internet searches.
Of these tools for performing due diligence, the most important, by far, is the End User Statement/End-Use Certification. In our opinion, this document should be obtained for all export transactions. After receipt of the EUS/EUC, the U.S. exporter should perform Denied Party Screening on the names of the parties to the export transactions, including the purchaser, intermediate consignees, ultimate consignee, and end-user, doing "fuzzy" searches of company names and variations on the company name. In addition, the Denied Party Screening should search for companies at the same or similar addresses. Widely scoped Denied Party Screening is crucial to the overall due diligence, as it demonstrates to the U.S. Government that the exporters (and re-exporters) took steps to validate that the parties to the transaction are not prohibited from receiving U.S. exports.
Following the Denied Party Screening, we recommend that exporters and re-exporters perform an internet search to ensure that the parties named on the EUS/EUC exist and are in a business with a connection to the product to be exported. Should information on the parties not be able to be readily found on the internet, the exporter or re-exporter should contemplate getting a more detailed EUS/EUC and having it signed both by their customer and the ultimate consignee/end-user. Even in cases where a multi-party signed EUS/EUC is received. It may be necessary to receive copies of business formation documents if the exporter or re-exporter cannot find information on a party to the export transaction after an internet search, particularly the stated end-user/ultimate consignee.
What Flags Should a Prospective Exporter Look For?
Exporters and re-exporters are responsible under the EAR for engaging in lawful export transactions and not engaging in export transactions where they "know" or have "reason to know" that the export transaction may involve an unauthorized party, end-use, or end-user. When evaluating the due diligence collected in relation to prospective export transactions, exporters and re-exporters should highlight any facts where there is missing information or where answers to questions about the parties, end-use, and end-users do not "add up."
For example, if a party receives a completed EUS/EUC that lists a distributor as an end-user, the entire export transaction is a red flag since details regarding the true end-use and end-user are not being provided. Similarly, if a party receives a completed EUS/EUC that lists various parties, including the purchaser, ultimate consignee, and end-users, that cannot be validated through an internet search, there is a red flag to the export transaction, and additional due diligence should be performed.
Liability In the Event that a Party to An Export Transaction Provides Incorrect Information?
Entities in China that have been placed on the Entity List or designated as MEUs still need to receive components to manufacture their products. Companies like Huawei and Semiconductor Manufacturing International Corporation ("SMIC") have not slowed their production of products for the commercial marketplace or for the Chinese Government. As a result, we fully expect that "front" companies will be formed solely for the purpose of diverting goods to companies like Huawei and SMIC in contravention of the EAR. Exporters and re-exporters cannot afford to completely stop exporting to China and Hong Kong (and other destinations) solely because there are a possibility that their shipments will be diverted for unauthorized end uses or unauthorized end users.
To mitigate the risks associated with diversions downstream in export transactions, exporters and re-exporters need to be able to rely on certifications made by legitimate parties to export transactions. There is no requirement to perform post-delivery validation of export transactions involving products that are EAR99 or controlled by the EAR for Anti-Terrorism ("AT) reasons alone. However, exporters and re-exporters need to be able to validate before shipment that the parties to export transactions are legitimate legal entities and that other red flags are overcome.
Therefore, a critical burden on exporters and re-exporters is to ensure that the parties who sign EUS/EUC for prospective export transactions are legitimate legal entities. Once the EUS/EUC is received and the bona fides of the parties have been established and export classifications validated, exporters and re-exporters can export/re-export freely, whether under an export license, under a license exception, or as NLR, if applicable. If an exporter or re-exporter learns after the fact that there has been a diversion, the matter should be reported to BIS, and steps taken internally to document concerns with the pertinent parties to the export transaction resulted in diversion should be undertaken to avoid any recurrence of the diversion.
* * * *
**FD Associates notes that there are financial sanctions applicable to other parties to export transactions that do not relate to the EAR but rather are implemented under U.S. Department of Treasury regulations. This article does not address such requirements, but parties engaged in export transactions with a nexus with the United States should consult the U.S. Department of Treasury regulations and website to validate that other parties to export transactions, including freight forwarders, banks, and issuers of credit, are not debarred from engaging in transactions involving U.S. jurisdiction.