Monthly ITAR Compliance Checklist
An application for permanent export, reexport, retransfer, or a temporary import license and supporting documents
Electronic Export Information filing
Declaration of destination
Application for temporary export
Application for registration
Foreign import certificate
Nontransfer and use certificate
Any other document used in the regulation or control of a defense article, defense service, or brokering activity
Any other shipping document that has information related to the export of the defense article or defense service
Are adequate records of the basis of classification for each product maintained?
Are requirements for the proper administration of licenses and agreements followed?
Examples of such requirements include:
* Returning expended, expired or unused licenses to DDTC
* Modifying TAA’s and other agreements in accordance with DDTC provisos
* Executing TAA’s and providing copies to DDTC
* Amending agreements as required due to changes such as scope, value, parties, etc. and submitting amended agreements to DDTC
* Maintaining temporary export and import licenses and related shipment records
* Filing annual reports under Manufacturing License Agreements and Distribution Agreements
Is technical data regarding ITAR-controlled items transferred with a license or applicable exemption to 1) Foreign sales agents or marketing intermediaries; 2) Foreign prospective customers as part of marketing proposals; 3) Prime or subcontractors, suppliers, program partners; and 4) Persons in trade shows, marketing presentations?
Do company employees take ITAR-controlled technical data in overseas travel, including in documents, laptop computers, PDA’s, iPhones, iPads and similar devices with a license?
Employees should avoid taking defense articles and ITAR-controlled technical data and software in foreign travel on laptops, iPhones, iPads, other PDA’s, flash drives and other devices unless a license is obtained or an exemption is available.
Does the company import any items on the USML in temporary import transactions or on the USML in permanent import transactions with a license?
Are all aspects of the import transaction within the terms, conditions, and provisos of such license?
Does the company comply with the export procedures for its exports of ITAR-controlled hardware?
* Depositing license (DSP-5’s, etc.) and license documentation with Customs and Border Protection (“CBP”) at U.S. port of export
* Decrementing licenses based upon the value of each export transaction
* Electronic filing of export information under the Automated Export System (“AES”)
* Applying destination control statement to documents under 22 CFR § 123.9(b)
* Obtaining required documentation including End-Use Statements, DSP-83 Nontransfer and Use Statements (if required), etc.
Does the company comply with the export procedures for exports of ITAR-controlled unclassified technical data?
* Retaining export license document in company’s possession
* Notifying DDTC of the export under 22 C.F.R. § 123.22(b)(3) (Form DS-4071)
* Obtaining required export documentation (Form DSP-83, etc.)
Does the company export, reexport or retransfer an item that incorporates ITAR-controlled parts, components, attachments or accessories or is based upon ITAR-controlled technical data?
If an item contains a part or component that is ITAR-controlled, under the DDTC “See-Through Rule” the entire end-item thereafter becomes subject to ITAR.
If an ITAR-controlled item was properly exported (including ITAR-controlled technical data), was proper authorization obtained for reexports or retransfers of such items?
Does the company face the risk of illegal diversion, transshipment, reexport or retransfer in its transactions?
A U.S. exporter should lawfully export an item to a foreign party, and the foreign party without the knowledge of the U.S. exporter will then transfer the item to a prohibited country, prohibited party or use it for a prohibited or unauthorized end-use. (In certain instances, U.S. exporters can have liability in such transactions for violations under U.S. export control laws.) The company should consider adopting a compliance procedure to reduce the risk of illegal diversion, transshipment, reexport or retransfer.
Does the company perform any services for Foreign Persons related to any items on the USML, or items within the definition of Defense Services, with a Technical Assistance Agreement (“TAA”) or other applicable agreement approved by DDTC? (This includes services performed in the U.S. and overseas.)
Were the services performed by the company within the terms, conditions, and provisos of such agreement?
Does the company perform services for foreign military customers in connection with the sale of items subject to EAR?
Such transactions involve a heightened level of risk for possible ITAR violations due to possibility that the company could also be performing defense services regulated under ITAR and companies should use an extra level of caution in such transactions.
Does the company comply with the export procedures for the performance of Defense Services?
* DDTC approves TAA or other agreement
* Foreign recipient executes TAA
* Fully executed TAA is submitted to DDTC within 30 days after it enters into force
* If agreement not executed within one year of approval, notify DDTC in writing
* Inform DDTC of initiation of export of technical data under 22 C.F.R. § 123.22(b)(3) (Form DS-4071)
* Advise DDTC in writing if the agreement is not concluded
* Advise DDTC of impending termination of TAA not less than 30 days prior to termination
Does the company properly mark all ITAR-controlled products, technical data, and software within the company’s facilities to provide adequate notice that such items are ITAR-controlled?
Does the company provide adequate security within its facilities to prevent unauthorized access to ITAR-controlled items (including access by Foreign Persons)?
Does the company provide adequate notice to customers and other parties to which the company transfers ITAR-controlled items that such items are ITAR-controlled, through the use of destination control statements and other forms of notice such as under 22 CFR § 123.9(b)? (This includes transfers in the U.S. as well as transfers to overseas parties.)
Does the company track ITAR-controlled items if it receives them within its facilities?
Even if a company merely receives, processes, stores, or otherwise handles USML items without providing any other value-added functions, ITAR requirements will arise. Companies should review their supply chain operations and inventory to determine if ITAR-controlled items are received, stored or otherwise handled by the company in its operations and take protective measures including marking, securing and controlling such items.
Does the company maintain adequate controls in its information technology system to protect against unauthorized access, disclosure and transfer of ITAR-controlled technical data and software?
* Adequate security processes to limit access by Foreign Persons to ITAR-controlled technical data and software
* Procedures for prominently marking ITAR-controlled technical data and software such as in e-mails, attachments, Word documents, PowerPoint slides, spreadsheets, electronic drawings
* Limitations on the transfer and copying of ITAR-controlled technical data and software stored in the company’s IT system
Does the company rely on exemptions from requirements under ITAR?
Does the company comply with all of the applicable conditions for use of such ITAR exemptions?
For example, in many instances use of exemptions under ITAR is not permitted in transactions:
(i) involving “proscribed destinations” set forth at 22 CFR § 126.1; (ii) for which
Congressional notification is required pursuant to 22 CFR §123.15; (iii) involving items
designated as Significant Military Equipment (See 22 CFR §120.7); (iv) involving persons
who are ineligible under 22 CFR § 120.1(c); (v) involving the establishment of offshore
procurement arrangements or producing defense articles offshore; and (vi) by parties that are
not registered with DDTC under 22 CFR Part 122. See 22 CFR §§123.16, 125.4, 125.6 and
Does the company maintain adequate records of its reliance on the exemptions in specific transactions as required under ITAR?
If a violation or possible violation has occurred this month, has the company considered submitting a voluntary disclosure to DDTC to reduce or mitigate potential penalties and eliminate past compliance risks?
Penalties for ITAR violations include up to 20 years imprisonment and financial fines of up to $1,000,000 per violation for criminal violations, and lesser amounts for civil violations.