Military Embedded Systems

ITAR compliance and the great regulatory maze


September 03, 2020

Substantial penalties wait for global defense and aerospace manufacturers and contractors that fail to comply with International Traffic in Arms Regulations (ITAR), which exist to track military- and defense-sensitive material and to keep that material out of the hands of adversaries. Many organizations opt to mitigate this regulatory-heavy environment by using manual, labor-intensive internal processes or employing third-party compliance entities. Another approach: Enterprise software built on ITAR principles can help organizations overcome compliance concerns and ensure data, supply-chain information, products, and services are available to a global audience.

Despite International Traffic in Arms Regulations (ITAR) regulations being in place for decades, the latest rules from the U.S. Departments of State and Commerce require companies across the world that manufacture, export, or re-export ITAR-controlled items to assess and modify their existing authorizations and restructure compliance activities. Compliance failures can result in severe punishment: As recently as January 2020, Airbus agreed to pay almost $4 billion to resolve an ITAR and bribery case.

A tough environment to navigate

Even with some recent streamlining, the ITAR complexity facing defense manufacturers is significant. This starts with several regulatory documents which manufacturers must meet, such as the Commerce Control List (CCL) and the United States Munitions List (USML), which both cover a number of different items.

To further add to the complexity, different agencies are responsible for different types of application procedures – the Department of Commerce for the CCL items and the Department of State controlling the USML items. Each agency has its own way of wording things and may even have different meanings for the same words. Due to these differences, manufacturers must keep abreast of multiple Denied Party Lists or Specially Designated Nationals and Blocked Persons Lists; these no-go lists are issued by various departments of government, including the Department of the Treasury.

The ideal end outcome would be a single point of control, with a primary enforcement and coordination agency, one IT system, and a single licensing agency. As it stands currently, however, manufacturers must come to grips with the fact that while many items are under ITAR control, other items are covered by the Export Administration Regulations (EAR), all while the Department of the Treasury keeps track of sanctions that are in force against foreign nations.

Maintain compliance – but how?

One way to remain compliant is to implement manual controls, such as hiring export-control compliance officers that attempt to keep tabs on orders and deliveries in progress to ensure that forbidden materials are not shared with anyone on the control lists. These moves, however, can be extremely time-consuming and expensive. Another option is to hire a service agency to provide analysis of the denied-party listings and consolidate that information into a database which can be accessed for a fee.

Whichever compliance model is in force, export-control regulations will also have consequences for underlying enterprise systems, including enterprise resource planning (ERP). It is increasingly crucial for companies to ensure that any ERP solution used for defense manufacturing has functionality specifically designed for export control.

Any business working with regulated materials needs to be able to quickly and efficiently extract this information from within its ERP system and link it with external regulatory data to stay compliant as it processes orders and other transactions. Such companies also must be able to share the data with overseas partner companies in a frictionless environment.

The ITAR compliance puzzle

Defense manufacturers need a fully integrated application suite which enables data to flow seamlessly between different functions including supply-chain management, manufacturing, engineering, and customer relationship management (CRM). Without access to the data, it is difficult to establish which products, parts, or transactions could put the company in jeopardy.

Instead of complex third-party solutions integrated between export control functions and ERP, a streamlined approach can be achieved with ERP that has the functionality to complete the necessary checks against third-party lists and manage orders, transactions, and other activities accordingly. (Figure 1.)

[Figure 1 | Integrated ERP systems can help defense and aerospace manufacturers manage ITAR compliance. IFS photo.]

There are several key functions defense and aerospace manufacturers should weigh when looking for an ERP solution to support ITAR compliance:

  • Denied-party checks: When committing to a sales order, the ERP software must check to ensure the order isn’t going to a denied party. This certainty can be achieved through a link to a database of denied parties which is compiled and updated regularly by an agency or third-party. The software must ensure that the denied-parties list is cross-checked before the order is processed.
  • Management of part-specific regulatory schema: For items that might be export-controlled, the parts catalog needs to contain that information; in addition, the ERP system must indicate which regulation and regulatory body covers the part or material and the classification or rating within that schema which applies to it.
  • Management on the assembly level: If a manufacturer is handling an order for an assembly, an ERP application needs to record the parts within that assembly and the extent to which they are covered by different export regulations and commodity jurisdictions.
  • License application & usage reporting: ERP must aid in identifying, escalating, and resolving licensing issues. In addition, the software must report on and monitor the consumption of licenses by orders and manage license consumption.
  • Secure document management: Some documents for control items have licenses that can only be viewed by certain authorized people. ERP with embedded, native document-management functionality will be best suited to export control. Ideally, the same user permissions used in the ERP software to manage access of sensitive data within the enterprise can be applied to the document-management solution.
  • Control of the export of data and intangibles: The ERP system must provide some level of support in controlling processes such as shipment of a controlled product for display at an exposition or exchange of data with overseas vendors.
  • International requirements: Regardless of where they are based, exporters typically have operations in other countries, each with their own set of export controls regulations.

ITAR compliance – there is no hiding place

Costly and damaging litigation as a result of inadequate materials and equipment export control is an outcome defense manufacturers and contractors simply cannot afford. By implenting an all-encompassing ERP system, the reliance on inaccurate manual processes or expense of spending large sums on third-party agencies can be avoided.

Kevin Deal is vice president for Aerospace and Defense, IFS North America. Kevin is responsible for all aspects of IFS in aerospace and defense within North America and has been in the A&D IT business for more than 25 years. Prior to joining IFS, Kevin held a number of roles as director of Mid-Americas and Federal at BroadVision, as well as director of national sales at Cincom. Kevin was also a logistics war modeler and former director of the DoD’s Supportability Investment Decision Analysis Center (SIDAC). Readers may reach the author at [email protected].

IFS North America