ITAR Compliance: How Software Can Help

By Kevin Deal

Although the regulations have been around for decades, the latest rules from the U.S. Departments of State and Commerce required companies around the world that manufacture, export or re-export ITAR (International Traffic in Arms Regulations)-controlled items to evaluate and amend their current authorizations and restructure compliance activities.

Compliance failures can be extremely costly—in January 2020, Airbus agreed to pay more than $3.9 billion to resolve an ITAR and bribery case.

A Complex State of Affairs

Despite some recent streamlining, the ITAR complexity facing aerospace and defense manufacturers is significant, starting with the multiple regulatory documents with which manufacturers must meet, including the Commerce Control List (CCL), and the United States Munitions List (USML)—which both cover a variety of different items.

To confuse matters more, different agencies are responsible for different types of application procedures—the Department of Commerce for the CCL items and the Department of State controlling the USML items. Each agency has different ways of wording things, and different meanings for the same words. Manufacturers need to keep abreast of multiple Denied Party Lists, or Specially Designated Nationals and Blocked Persons Lists, and these are issued by various departments of government including the Department of the Treasury.

The ideal end goal would be a single point of control, with a primary enforcement and coordination agency, a single IT system and a single licensing agency. But for now, A&D manufacturers must live with the fact that a lot of items are under ITAR control, other items are covered by the Export Administration Regulations (EAR), all while Department of the Treasury keeps track of sanctions that are in force against foreign nations.

The Compliance Challenge

One option to stay compliant is to put manual controls in place, by hiring export control compliance officers that try to keep tabs on orders and deliveries you are making to ensure you are not sharing forbidden materials with anyone on the control lists. This, of course, can be an extremely time-consuming and therefore a costly activity. A second option is to employ a service agency to provide analysis of the denied party listings and consolidate that information into a database which can be accessed for a fee.

Regardless of which compliance model you select, export control regulations will also have implications for your underlying enterprise systems, including enterprise resource planning (ERP). It will become more and more important to ensure any ERP solution used for defense manufacturing has functionality specifically designed for export control.

A business dealing in regulated materials must be able to quickly and efficiently marshal this information from within their ERP system and combine it with external regulatory data to ensure compliance as they process orders and other transactions. They also must be able to share it with overseas partner companies in a frictionless environment.

Key Components

Without a fully integrated application suite allowing data to flow seamlessly between different functions such as supply chain management, manufacturing, engineering and customer relationship management (CRM), it is difficult to know which products, parts or transactions may put an A&D manufacturer in jeopardy.

Rather than complex third-party solutions integrated between export control functions and ERP, a streamlined approach can be obtained with ERP that is already enabled to do the checks against third-party lists and manage orders, transactions and other activities accordingly.

There are a number of key factors which should form a checklist of functionality when an A&D manufacturer is considering an ERP solution to aid with ITAR compliance.

Denied party checks – When committing to a sales order, the ERP software needs to check to ensure the order isn’t going to a denied party. This can be done through a link to a database of denied parties that is compiled and updated regularly by an agency or third-party. But you need to have confidence that you have checked the denied parties list before processing the order.

Management of part-specific regulatory schema – For items that might be export controlled, the parts catalog needs to hold that information and the ERP system needs to indicate which regulation and regulatory body covers the part or material and the classification or rating within that schema which applies to it.

Management on the assembly level – If a manufacturer is handling an order for an assembly, an ERP application needs to record the parts within that assembly and the extent to which they are covered by different export regulations and commodity jurisdictions.

License application & usage reporting – ERP must help enable you to identify, escalate and resolve licensing issues. The software must report on and monitor the consumption of licenses by orders and manage license consumption.

Secure document management – Some documents for control items have licenses that can only be viewed by certain authorized people. ERP with embedded, native document management functionality will be best suited to export control. Ideally, the same user permissions used in the ERP software to control access of sensitive data within the enterprise can be applied to the document management solution.

Control of the export of data and intangibles – The ERP system must offer at least some support in controlling processes such as shipment of a controlled product for display at an exposition, or exchange of data with overseas vendors.

International requirements – Regardless of where they are based, exporters often have operations in other countries, each with their own set of export controls regulations.

ITAR Compliance as a Must

Manufacturers and contractors in the aerospace and defense sector can ill afford expensive and jeopardizing litigation due to poor materials and equipment export control. Rather than opening up room for human error or paying for a third-party agency, ERP has come to the fore as a strategic enabler to unequivocally help A&D manufacturers prepare for, and meet, the legal requirements of ITAR.

Kevin Deal is Vice President, Americas, Aerospace and Defense, IFS