By Samuel Greengard
Small and midsize enterprises (SMEs) are not exempt from export controls. In fact, any company, no matter what size, that does research, produces products, or interacts with non-U.S. firms in the fields of science, computing, and engineering, is likely to be affected by international export controls. This includes firms doing business in any of the following areas: military or defense projects and services, high performance computing, encryption technology and certain types of security software, defense systems, select chemical or biological agents and toxins, nuclear technology, space and satellite systems, and medical lasers.
Further complicating matters, according to observers, is that terms and conditions for export controls change all the time. Agencies continually adjust and modify regulations and apply and enforce new laws. There’s also the impact of presidential executive orders, which can instantly change what an export control is, or how certain activities are regulated. Conversely, there are sometimes specific exclusions from export controls, but these exclusions are also subject to specific terms and conditions—and they can be forfeited if an organization fails to abide by stated standards.
Unfortunately, experts say, many SMEs don’t consider the risk of noncompliance seriously enough, and many business leaders believe that they do not have the time, money, or staff resources to address export controls.
Companies, universities, and others that violate international export controls can face fines as high as $1,094,010, while the individuals responsible for violations can face imprisonment for up to 20 years. Not surprisingly, multiple violations can result in even larger fines, prison time, and penalties. Civil penalties increased in July 2016, when the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015 (aka, the FCPIA Act) took effect.3 Additional business risks now include denial of export privileges, reputational damage, and legal fees and/or settlement costs.
Understanding international export controls is essential, say experts. For instance, conducting business overseas might require a specific license.4 In addition, individuals traveling abroad with high tech and/or scientific equipment or devices—as well as with confidential, unpublished, or proprietary data or information—must take steps to ensure that they have adequate protections in place. This could necessitate the use of encryption and specific security protections, such as a virtual private network (VPN). There are also provisions that control certain types of field work and research conducted outside the U.S.
Another important consideration is how business dealings and research are structured between entities. This includes how meetings take place, how groups interact and collaborate, how an organization manages and shares data and intellectual property with certain foreign individuals and groups, and who can enter labs and other sensitive spaces—both online and in the physical world. In addition, rules and regulations exist regarding the participation of foreign nationals in certain types of projects. Similarly, an organization could face restrictions about who can share and publish certain research results—along with selling physical or virtual goods abroad or through U.S.-linked individuals or intermediaries.
Some businesses must also follow payment regulations included in export controls. This includes the international payment of funds to certain individuals and facilities, including business executives, scientists, and university researchers. It can also apply to international consulting firms and consultants, particularly regarding embargoes or sanctioned countries. In some cases, interactions with individuals and institutions in these countries might be prohibited altogether.
It’s important to address all aspects of export controls and develop a clear strategy and framework for potential issues. Here are some ways experts suggest risks can be minimized:
SMEs and other organizations that develop a strategic framework for international export controls position themselves for smoother and lower risk business transactions. Experts make clear that the time and money spent developing a strategic framework—with strong internal and external controls to monitor, manage, and audit both people and IT systems—allow these firms to minimize the risk of problems, disputes, fines, and other penalties.
Samuel Greengard is a veteran journalist who has contributed to many business and technology publications. He is also the author of two books: The Internet of Things (MIT Press, 2015) and the AARP Crash Course in Finding the Work You Love: The Essential Guide to Reinventing Your Life (Sterling, 2008).
1. “Regulations,” Export.gov; https://www.export.gov/article?id=Regulation
2. Innovation for a global future, The Ohio State University; http://orc.osu.edu/regulations-policies/exportcontrol/
3. “U.S. Increases Civil Penalties for Export Controls and Economic Sanctions Violations,” GreenbergTaurig; https://www.gtlaw.com/en/insights/2016/9/us-increases-civil-penalties-for-export-controls-and-economic-sanctions-vio
4. “Export Licenses,” Export.gov; https://www.export.gov/article?id=Export-Licenses