1 / 40

The University of Kansas

The University of Kansas. The Challenge for KU Export Compliance: Balancing National Security and Openness in Research, Education and Public Service. THEY ARE THE LAW.

tamerad
Télécharger la présentation

The University of Kansas

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The University of Kansas The Challenge for KU Export Compliance:Balancing National Security and Openness in Research, Education and Public Service

  2. THEY ARE THE LAW US laws that regulate the distribution to foreign nationals and foreign countries of strategically, important technology, services and information for reasons of foreign policy and national security Export control laws apply to all activities — not just sponsored research projects What are export controls?

  3. U.S. Export Controls • Cover any item in U.S. trade (goods, technology, information) • Extended to U.S. origin items wherever located, including U.S. (Jurisdiction follows the item or technology world wide) • Controls have broad coverage and limited exclusions • License may be required to export

  4. U.S. Export Controls • Advance foreign policy goals • Restrict export of goods and technology • that could contribute to the military potential of adversaries • Prevent proliferation of weapons of mass destruction (nuclear, biological, chemical) • Fulfill international obligations

  5. What is an export? Any oral, written, electronic or visual disclosure, shipment, transfer or transmission of commodities, technology, information, technical data, assistance or software codes to Anyone outside the US (including US citizen) A non-US individual (wherever they are) A foreign embassy or affiliate

  6. Export Controls Reflect National Security Concerns • Missile technology • Nuclear nonproliferation • Chemical and biological weapons • Anti-terrorism, crime control, • regional stability, short supply, • UN sanctions • Embargoes and trade sanctions

  7. Agencies that govern export controls There are three principal agencies • U.S. Department of State • U.S. Department of Commerce • U.S. Department of the Treasury

  8. KU Export Control & Compliance • It is KU’s policy to fully abide by federal laws and regulations including the Export Administration Regulations (“EAR”), the International Traffic in Arms Regulations (“ITAR”), Office of Foreign Assets and Control (“OFAC”), and all other applicable export and import regulations, in the U.S. and abroad. • KU Office of Export Compliance (OEC) provides targeted support and advice to departments, committees, project teams, international programs, all others; assesses risk, ensures effective internal controls, conducts tailored training, implements technology control plans, and refers to government regulators.

  9. Controlled Categories at KU • Category 0 - Nuclear Materials, Facilities & Equipment (and Miscellaneous Items) • Category 1 - Materials, Chemicals, Microorganisms, and Toxins • Category 2 - Materials Processing • Category 3 – Electronics • Category 4 - Computers • Category 5 (Part 1) - Telecommunications • Category 5 (Part 2) - Information Security • Category 6 - Sensors and Lasers • Category 7 - Navigation and Avionics • Category 8 - Marine • Category 9 - Propulsion Systems, Space Vehicles and Related Equipment

  10. KU Export Compliance in a Nutshell • The Office of Export Compliance (OEC) reports to the General Counsel and advises KU faculty and staff on international export/import controls, provides procedural guidance, and implements training to support international activity • Empowered Officials (EO) are senior leaders designated by the Chancellor who act to ensure proper controls are in place for protection of technologies. KU EOs: VC Office of Research; AVC Compliance, KUMC; Director, OEC • KU uses an export compliance manual, a risk management system comprised of policies, procedures, processes, export facilitators (export control team) and an export control training program

  11. KU Export Compliance Organization Vice Chancellor Office of Research Sr. Empowered Official KU Chancellor h Assoc Vice Chancellor Compliance Medical Center Empowered Official General Counsel Office of Export Compliance ECO (Empowered Official) Director, Secure Research Export Control Program Manager Export Control Team (on all campuses as appropriate) IT Security, HR, KU Security, Compliance, Internal Audit, Finance, Research Administration, Shared Services Center, Shipping, Purchasing. Legal

  12. Export Control Risks • Deemed Export – Faculty, Students, Contractors, Continuing Education • Travel abroad and hosting international guests • Contracts, Grants, & Material Transfer Agreements • Intangible technology transfers • Restricted research and international collaboration • Shipping Compliance (Supply Chain Risk Management) • Maintaining export risk awareness thru effective training program • GOAL:Use an integrative approach that incorporates program policies, procedures, best practices, internal audits, lessons learned, ongoing training, continuous improvement = A Comprehensive Risk Management System

  13. Export Control Support Functions • Administration of contracts, grants, material transfer agreements, etc. (KUCR,KUIC, OGC, OEC), • International shipments of biological samples, chemical compounds, hardware and software (EHS, KUCR, KUIC, and OEC), • Transfer of technology (“know how”) and sensitive /controlled information (IT Security, OGC, KUIC, Security Management Office ), • Purchasing material or services from international vendors (Finance, Procurement, OGC, OEC)  • Travel abroad (Intl Programs, IT Security, Security Management Office, OGC), • Research and other collaboration involving non U.S. citizens or non-permanent resident aliens here on campus or with foreign entities abroad (KUCR, Intl Programs, IT Security, OEC, Security Management Office), • Hosting international visitors (Intl Programs, HR, Security Management Office). 

  14. Export Control Facilitators • International Programs : Charles Bankart, Angel Perryman • Human Resources : Ola Faucher, Angie Loving • IT Security : Julie Fugett • Office of Research : Joe Heppert, Kevin Teel, Rex Burkhardt • KUIC : Claire Sabin, Laura Irick • EH&S : Mike Russell, Jon Rossillon • Institutional Compliance : Jeff Chasen • Shared Service Centers : Jeff Hornberger • General Counsel : Kim Grunewald • Comptroller : Katrina Yoakum • Procurement : Rick Beattie • KUCE : Ann Marvin • CReSIS : Rick Hale, Jawad Obaid • Secure Research : Shannon Blunt • Security Management : Carl Taylor • Export Control : Matt Battiston • Empowered Official : Jim Tracy

  15. Due Diligence Screening KU uses Visual Compliance to screen foreign nationals and organizations in order to identify restricted or denied parties and other risks such as OFAC sanctions and embargo restrictions. OEC can provide you and your team an account and user training

  16. Export Operations • Includes ALL faculty, postdoctoral fellows, affiliates, administrators, supervisors, coordinators and others involved in export regulated activities or those with authority over foreign nationals or projects involving export controlled information or hardware • WHO ARE • responsible for day to day export compliance, utilizing KU’s export compliance manual & online resources (https://export-compliance.ku.edu/), participating in training, and partnering with OEC and other export control points of contact (https://export-compliance.ku.edu/alumni-friends)

  17. MoreonExport Operations Each person must: • Understand his or her export control obligations and participate in regular training in order to be able to identify export control issues • Determine prior to travel, hiring, int’l collaboration, information transfer, etc., if exports will be subject to export control laws or regulations. • Be aware of red flags and other export control indicators of potential violations. • If undertaking an export controlled project, brief all concerned on their export control obligations and applicable technology control plans. • Understand that any informal agreement or understanding entered into with a sponsor may impose export control restrictions on the project

  18. Even More on Export Operations • KU personnel involved in export, import, shipping transactions must maintain accurate, complete, and consistent records of all exports for at least five years, as required by law. • Records must identify: • Full name and address of recipient • A full description of information, hardware, materials, technology, software involved in the transfer • Export control documents related to these transactions, including licenses, shipping documents, internal correspondents, delivery verification, export analysis and self classifications, etc.

  19. Shipping Compliance • Do you know the export classification control number (ECCN) and associated controls-restrictions for shipments to foreign entities? • Have you determined the 10 digit tariff code for item(s) being shipped (HTS or Schedule B)? • Will your shipment contain technical data or provide technical assistance for the development, production, or use of controlled equipment or technology? • Does your shipment comply with all applicable rules or orders under the Toxic Substance Control Act (TSCA)? • Does the shipment contain dual use items that has both civilian and military applications or can be used for nuclear proliferation, chemical-biological weapons?

  20. Shipping Compliance Cont’d • Is the required Destination Control Statement entered on the invoice and waybill ? • Are the Custom regulations at the destination going to impact your shipment?. • Have you completed Visual Compliance screening on all foreign entities involved in the shipment and confirmed that the shipping route or destination is not restricted due to sanctions or embargoes? • Have you collected all shipping documents (invoice, airway bill, Customs form, EEI, etc.) emails, correspondence associated with your export that must be retained for 5 years?

  21. Export Red Flag Examples • The recipient is reluctant to offer information about use of material • Shipment of a toxic reagent being sent to a liberal arts department. • The recipient is unknown to KU researchers. • The recipient does not want to document the material or information transfer. • The recipient is a middle person for the end user of the material or information to be transferred. • Delivery addresses are not associated with the end user, or deliveries are planned for out-of-the-way destinations. • A freight-forwarding firm or post office box is listed as the product’s final destination. • A requested shipping route is abnormal for the material and destination.

  22. Intangible Technology Transfer (ITT) ITT is the transmission or release of technology through intangible means Intangible transfer of knowledge can be in the form of technical assistance, consultancy, scientific meetings, discussions, exchanges, presentations, demonstrations, visual inspections, lectures and seminars, teaching, training, working knowledge, education of foreign nationals Includes transfer of export controlled technology or technical data by intangible means (electronic means, e-mail, fax, telephone, Internet, publications)

  23. ITT Risk Areas • Cloud computing (data in motion & storage) • Travel abroad and hosting international guests • Publications, lectures, research collaboration, etc. • Deemed Export GOALS: • Maintain ITT risk awareness thru effective training program and risk management plans…..and • Use an integrative approach that incorporates program policies, procedures, best practices, standard review processes, internal audits, lessons learned, ongoing training, continuous improvement = A Comprehensive Risk Management System

  24. Int’lTravel KU employees and students traveling on University business or traveling with KU property are responsible for complying with export control laws and regulations when traveling outside the U.S. Review applicable export control laws, sanctions and embargoes when planning the trip. Individuals should ensure that any information to be discussed or any controlled items are not transferred without U.S. government authorization. The traveler or traveler’s supervisor should contact OEC with any potential export control issues or to request assistance with due diligence screening and risks associated with carrying proprietary & technical data, software, encryption codes, work related information that may be export controlled.

  25. Travel Questions Needed to Assess Risk . • Full Name(s) / Position / Department / Contact Information  •  Destination (include city and country) / Purpose of Visit / Dates of Visit •  Destination hosts (name, title, organization, address, and contact information) •  Travel objectives, contract requirements, project support details, etc. • What electronic devices or electronic media is needed for the travel (laptops, smartphones, USB drives, etc.) • Other location(s) and activities involved in conjunction with travel • If needed, review & follow up by IT Security, OEC, Risk Management/Legal, Supervisors, etc.

  26. It is important to be aware of how you are using your computer network to store and transfer sensitive information. IT Security and OEC can assist you in ensuring appropriate safeguards are planned for your project such as: • Awareness Training: change notifications, security control plans & briefings. • Cybersecurity: “Need to Know” & “Separation of Duties”, controlled access to data centers, compartmentalized storage, hardened networks (physical/virtual controls), cloud certification, risk assessments (ex. NIST 800-53) • Information Security Plan: policies, procedures, consistent processes, cloud computing architecture, emails, faxes, social media, information safeguarding levels, audits, continuous monitoring, advanced computing facility, big data mining. Cloud Control

  27. Deemed Exports Technology (“know how”) is transferred for export on campus when: • it is available to foreign nationals for visual inspection (such as reading technical specifications, plans, blueprints, etc.) • when technology is exchanged orally • when technology is made available by practice or application under the guidance of persons with knowledge of the technology

  28. Who/What is a “Foreign National”? Any foreign government; Any foreign corporation or organization that is not incorporated or organized to do business in the U.S.; Any individual who is not a U.S. citizen or lawful permanent resident of the U.S. (green card holder)

  29. ToManageDeemed Export Risk • Notify OEC when planning for international visitors • OEC can help review activity, assess risk, and access • OEC can assist in due diligence screening • Leadership review & approval includes an export analysis • Long vs short term visit impacts risk mitigation • Complete a deemed export questionnaire for visa applications and forward to OEC • OEC can provide Technology Control Plans (TCP), • export briefs, Non disclosure agreements, and obtain an • export license

  30. Technology Control Plans • TCP is project based risk management • Addresses export controlled technology • Physical & information security guidance • Lists stakeholders and responsible users • Contains export briefing

  31. Technology Control Plans • TCP templates will involve the following security measures: • Laboratory Compartmentalization • Time Blocking to create restricted areas • Marking of materials export controlled • Team Identification • Locked Storage • Electronic Security • Confidential Communications

  32. Fundamental Research Fundamental Research means basic and applied research in science and engineering, the results of whichordinarily are published and shared broadly within the scientific community, as distinguished from proprietary research and from industrial development, design, production, and product utilization, the results of which ordinarily are restricted for proprietary or national security reasons.” Fundamental Research is excluded from export controls *Applies only to the dissemination of research data and information, NOT to the transmission of material goods. http://www.fas.org/irp/offdocs/nsdd/nsdd-189.htm

  33. Fundamental Research Exclusion is destroyed if KU accepts any contract clause that: Forbids the participation of foreign persons Gives the sponsor a right to approve publications resulting from the research; or Otherwise operates to restrict participation in research and/or access to and disclosure of research results. NOTE:“Side deals” between KU and Sponsor destroy the fundamental research exclusion and may also violate university policies on openness in research

  34. Contract Review for Export Control Compliance If any of the following questions apply, additional scrutiny for export risk is needed. Contact the OEC for assistance • Has the topic of export controls come up in any form with this proposal either in undocumented discussions or addressed in contract language? • Will your project involve the shipment of materials, equipment, or software outside of the U.S. or to a foreign entity in the U.S.? • Does the project involve technology or equipment with a strong potential dual-use (civilian and military) application listed on the Commerce Control List (CCL) under the Export Control Regulations (EAR)? • Will the project require the use of another party’s proprietary information or materials with restrictions on release to foreign nationals? • Does the solicitation indicate that any of the following will be included in eventual awards:  approval requirement prior to dissemination/publication; export control restrictions; or a U.S. government security classification/clearance?

  35. Contract Review Cont’d • Will your project require collaboration with any foreign organization or is there a prohibition to use foreign nationals? • Does the proposal involve or use military, space or encryption equipment, software, materials, components, etc. that are not commercial off the shelf items? • Are deliverables other than publicly available publications and presentations anticipated or required (e.g., prototype, hardware components, software, test results, chemical compounds, bio samples)? • Are there any foreign entities involved in the proposed work or any foreign performance sites? Ex. Research involves foreign national faculty, visiting scientists or collaborator(s), or other foreign entities (e.g., non-US Company, University or other organization). • Does the research address or include Homeland Security concerns or advanced technology (Select Agents, disease vectors, toxins, Hazardous or radioactive materials, energetics, specially designed equipment, etc.)? • Is foreign travel by KU/KUMC faculty, staff or students planned or anticipated?

  36. Penalties for Noncompliance • State Department (ITAR) • Criminal violations: up to $1,000,000 per violation, up to 10 years imprisonment • Civil penalties: fines of up to $500,000 per violation • Commerce Department (EAR) • Criminal violations: $50,000-$1,000,000 or five times the value of the export, whichever is greater per violation (range depends on the applicable law), up to 10 years imprisonment • Civil penalties: loss of export privileges, fines $10,000-$120,000 per violation • Treasury Department (OFAC) • Criminal violations: up to $1,000,000 per violation, up to 10 years imprisonment • Civil penalties: $12,000 to $55,000 fines (depending on applicable law) per violation.

  37. OEC Provides Export Controls Training and Awareness Overview of Regulatory Requirements (ITAR, EAR, OFAC, etc.) Risk Management Planning Policies, Procedures, Internal Controls Resources: Export Compliance Manual, Website, Toolkits, etc. Recurring refresher training, classroom (on/offsite), webinars Customized training for high risk centers Successful Compliance (includes sharing best practices & lessons learned

  38. Anti-boycott Law : What you Need to Know • The anti-boycott rules were implemented to prevent U.S. business from participating directly or indirectly in the Arab League’s boycott of Israel. The laws prevent U.S. persons from doing business under terms that would restrict that person’s ability to do business with other countries under a boycott not recognized by the U.S. The Arab League’s boycott has lessened over the years, but still remains in effect in some countries. These restrictions are enforced by U.S. Commerce Dept. The applicable regulations are at 15 C.F.R. § 760. • Anti-boycott restrictions are most likely to appear in dealings with entities in certain Arab League countries. As of this writing, Kuwait, Lebanon, Libya, Qatar, Saudi Arabia, Syria, the United Arab Emirates, and Yemen continue to impose boycott restrictions on Israel and companies that do business with Israel. Iraq is not included in this list, but its status with respect to the future lists remains under review by the Department of Treasury. Egypt and Jordan have ceased participating in the boycott. there are strict reporting requirements even where the U.S. person refuses to participate in a requested boycott action. U.S. law prohibits KU from complying with certain foreign boycotts, most notably the Arab League’s economic boycott of Israel. Prohibited activities include refusing to do business with a boycotted country, responding to boycott questionnaires, and providing negative certificates of origin.

  39. Export Analysis = Managing Risk! Use of subject matter experts Decision to self - assess or seek outside review Ensuring consistent processes Documenting to facilitate reconstructive analysis Plan, Manage, Mitigate Risk Who? Who wants to travel outside the US? Who is the intended recipient of a piece of equipment or technology? Who are the project team members What? What piece(s) of equipment are intended for export? What technology? Where? Where are the individuals traveling? What is the intended destination of the equipment or technology? For a deemed export, what is the nationality of the intended recipient who is a foreign national? When? What is the time frame for export? If it will be returned, when? Has it been sent already? Why? What is the purpose for the export? What is the research project involved? Is there a Statement of Work? Is it the subject of an agreement?

  40. When You Have Questions? Contact the Office of Export Compliance ueco@ku.edu OR OR Office of the General Counsel

More Related