Two of President Barack Obama’s initiatives are on a collision course – with many manufacturers potentially being caught in the middle. One is the U.S. government’s support for re-shoring manufacturing and the build-up of next generation manufacturing. The other is the increasingly aggressive enforcement of U.S. export controls which, as part of a reform initiative designed to “build higher walls around fewer items,” promises increasingly rigorous oversight and enhanced penalties.
These two initiatives collide because U.S. export regulations are designed before the age of distributed production and digitized, real-time collaboration. As a result, they do not account for the realities of twenty-first century production and global supply chain models. They also neglect the growing number of non-U.S. persons involved in design and production processes within the United States itself. With U.S. export controls covering both the export of goods and the communication of controlled technical data to non-U.S. persons – even if the information is communicated within the United States – these old rules can be problematic even for companies operating entirely within the United States.
Goods produced in the United States are primarily governed by two sets of export control regulations. They are the Export Administration Regulations (EAR), which control the export of commercial products, and the International Traffic in Arms Regulations (ITAR), which control the export of defense articles and services. The government also maintains economic sanctions – including those recently imposed on Russia – administered by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC). These regulations prohibit U.S. persons from dealing with banned individuals, countries, and governments. With the U.S. government imposing more than $2 billion in export controls and economic sanctions penalties last year, compliance is a priority for any business that sells abroad, even if it manufactures here at home.
An additional concern is the Foreign Corrupt Practices Act, which forbids bribery of foreign officials (which is a category that includes anyone who works for a state-owned entity). As this law is interpreted by the Department of Justice, U.S. companies are responsible for any payments made by third parties acting on their behalf, including in situations where they only “knew” about the payments because they failed to perform sufficient due diligence. With the FCPA regularly seeing annual assessed penalties of $1 billion a year or so, supervision of the supply chain and selling operations in the anti-bribery context is at a premium as well.
Consider the implications for a hypothetical business which, in honor of Golden Age cartoons, we will call the Acme Corporation. Now, while Wily E. Coyote was always able to purchase even highly customized anti-Road Runner rocket launchers without considering any export control implications, our own Acme Corporation is operating in a new era of regulatory enforcement. As a U.S. corporation on the cutting edge of the re-shoring trend, Acme Corporation has carefully considered the cost savings – reducing energy consumption, lower logistics costs, improving coordination, maintaining close proximity to customers, and tapping a high-quality, U.S. labor force. Acme believes that it has considered all relevant cost factors, and that everything appears to favor re-shoring operations. What it has not considered, however, are the export control and other regulatory implications of its reshoring initiative.
This oversight reflects the fact that re-shoring generally does not involve bringing all production back to the United States. Most companies find that “right-sizing” the organization involves re-shoring some manufacturing and design work while continuing to rely on other production from selected offshore affiliates and suppliers. The result is a new and more complicated supply chain that places an even greater premium on coordination and the sharing of technical data across borders.
Brace yourself for the complications that are to follow. Although the journey is one that encapsulates the difficulties of complying with thousands of pages of regulations, at the end, there is a happy ending—if the term “happy” is evaluated on a risk-adjusted basis.
Acme has also failed to consider the role of automation, cloud computing, and other drivers of next generation manufacturing in its updated production processes. Although this manufacturing allows rapid, small batch production that is highly tailored to customer needs, it also means that a lot of company information and components may be going to a lot of different people and places. In some cases, export controlled technical data must be shared across the organization or even with foreign business partners. By failing to consider these issues, Acme is unaware that its re-shoring initiatives are raising its regulatory risk profile.
Acme is going to find that it can be much more difficult to keep tabs on its global supply chain after re-shoring. The company’s diffuse manufacturing using overseas affiliates, joint ventures, and other partners makes it more difficult to monitor the actions of foreign counterparts. Acme has also not considered that when companies are operating on its behalf, the U.S. Government often will attribute these actions to Acme, such as through claims that Acme “knew” about or “facilitated” its partners’ violations of the law, such as where it conducted insufficient due diligence. Nor has Acme realized that prudent risk management means implementing enhanced compliance measures and internal controls to help ensure that its business partners across its supply chain are not violating anti-bribery, export controls, economic sanctions, and other laws that can be applied outside the United States. As a result, Acme is not meeting regulators’ “know your partner” expectations, which require that companies examine their partners for these and other risk points.
What else is missing in Acme’s plans? Well for one thing, Acme’s re-shoring exercise will sharply increase its production of U.S.-origin goods. And because export controls directly apply to all U.S.-origin goods, even when incorporated into downstream products, more manufacturing at home means that these laws are more likely to govern company’s export patterns. The increased involvement of U.S. persons in production, sales, and export activity that comes with re-shoring also means greater liability for Acme’s officers, directors, and others that fail to comply.
Acme also needs to consider how the export control laws will shape its re-shored work environment. Under the EAR and ITAR, the “deemed export” rule prohibits the unlicensed transfer of controlled articles, technology, and technical data to non-U.S. persons – including those living and working in the United States. This means that Acme cannot share any information related to the production, servicing, maintenance, or use of a controlled item with any foreign persons unless they are U.S. Permanent Residents or have a specific license from the relevant agency. So Acme needs to survey its work force, identify any non-U.S. nationals, and determine whether these particular nationalities are cleared for the controlled technical data and items that the company produces. If not, then it needs specific licenses for the non-U.S. persons in its workforce. Until that occurs, it needs to wall off any persons who are not supposed to access the controlled technical data at issue.
Acme also needs to re-examine its plans to bring non-U.S. employees from its formerly offshore operations to help with its newly repatriated U.S. production. While this is a common tactic for companies engaged in re-shoring, it could increase the number of potential deemed export control violations. For example, a violation of U.S. export rules can occur when non-U.S. persons, including Canadians and Europeans, gain access to blueprints, designs, product specifications, and other controlled information on the shop floor or otherwise. They may use design technology and production equipment subject to the EAR controls, especially in cases involving high tech products or certain types of next-generation manufacturing techniques. Even the storage of EAR or ITAR-controlled information on Acme’s computer network can pose problems. Because government regulators draw no distinction between the ability to access controlled information and actually doing it, failing to segregate this kind of information can violate U.S. law, even if there is only a single non-U.S. person on the network.
So what should companies like Acme do? A company seeing these issues for the first time could become frustrated, because the rules can be frustratingly complex. Nonetheless, companies do not need to abandon their re-shoring and next-generation initiatives. In most cases, the business justifications for doing so outweigh the potential regulatory drawbacks. Although the risk profile of the company may increase, compliance measures that appropriately identify and control for these risks can often neutralize much of the increased risk, even taking into account the potentially heavy penalties at stake.
These are the kinds of risk-mitigation steps that companies like Acme can take:
- They should perform a global risk assessment and create a company risk profile. Key issues to evaluate include the types of products sold (with sales of controlled goods increasing risk), the ways in which the organization conducts business (with the use of distributors and third parties further increasing risk), and the countries of operation and sales (with countries with a reputation for corruption or for diversion of goods posing the most significant risk).
- They should survey current compliance measures to determine whether they adequately address the company’s changing risk profile. Common failure points include inconsistent global standards; neglecting to translate compliance measures into local languages; deficient training for relevant personnel; inadequate due diligence on agents, affiliates, and prospective acquisitions; and the failure to update materials to reflect changes in the laws (especially for economic sanctions, which change regularly).
- They should review existing compliance training programs to determine whether they are conducted regularly, appropriately address identified risk areas, and cover the relevant personnel.
- They should determine whether the company’s screening of shipments adequately control the risk of shipping to the “bad guys” and the “bad places,” i.e., whether they adequately screen for OFAC’s Specially Designated Nationals and Blocked Persons, the Commerce Department’s Denied Parties, Entity, and Unverified, and the State Department’s Debarred Persons Lists. The primary focus should be on whether there is sufficiently comprehensive screening (including for non-U.S. affiliates) and whether the organization sufficiently investigates and resolves potential matches.
- They should evaluate whether the organization adequately identifies, and follows up on, red flags.
- They should evaluate all of its high-tech equipment, in the form of next-generation equipment or otherwise, to determine whether any of it is controlled, especially under the EAR.
- They should re-evaluate its training protocols and training materials to determine how they should be changed to reflect the company’s new manufacturing footprint and the application of U.S. regulations to its new manufacturing paradigm.
- And they should determine whether the company’s compliance program is operating effectively, including through regular compliance audits.
Acme may be fictional, but the trade-off of balancing the advantages of re-shoring and next generation manufacturing with the risks posed by the aggressive application of U.S. laws to exports and international conduct is not. Whether in the re-shoring paradigm or otherwise, companies cannot eliminate all regulatory risk. But a combination of regular risk checks, candid assessments of the state of compliance, and close examination of the resources invested in compliance will pay significant dividends. Most significantly, these efforts will minimize the impact of the aggressive enforcement of U.S. laws on exports and international conduct—a compliance risk much closer to home than many manufacturers realize.
Greg Husisian is a partner in international law firm Foley & Lardner’s Washington D.C. office and a leader of the firm’s Legal Innovation Hub® for NextGen Manufacturers, which counsels manufacturers on the unique issues facing the industry as technology and manufacturing continue to converge. He focuses on export controls and economic sanctions, the Foreign Corrupt Practices Act (FCPA), corporate risk management and compliance, and issues arising from international trade. The author can be reached at firstname.lastname@example.org. Email for a copy of a white paper on “U.S. Regulation of Exports and International Conduct: An International Compliance Guide,” which provides detailed coverage of the topics contained in this article.