Many of you are in the midst of long days and increased shipping volumes, and probably finished Q3 with not a moment to spend reading the seemingly daily regulatory changes impacting global trade.

While you were buried in imports/exports of product, the U.S. government went and made some fairly significant changes that impact most U.S. companies. The U.S. Bureau of Industry and Security revised almost every section of the U.S. Export Administration Regulations (“EAR”) on September 20th.

Although you may not all sell product that would be defined as hardware, software or technology under the U.S. Export Administration Regulations, it is most certain that for those of you that conduct global business you most certainly use telecommunications and information security hardware, software, or technology to support your business activities.

With this in mind, I’d like to share some key information so you are prepared to export telecommunications and information security items. Often these kinds of shipment requests just show up on the shipping dock, facilitated by your IT department, facilities, or operations, and are urgent to export to support some kind of business activity. Whether the item is a server, router, switch, security appliance, test equipment, manufacturing equipment, or software, the item was, and is, controlled under the U.S. Export Administration Regulations. The challenge is understanding the new rules and identify exactly what has changed.

Here is an overview of key changes:

• The Commerce Control List - Category 5 Part 2 Telecommunications and Information Security previously was only for items with encryption. Now there are three subsections:
  • Cryptographic information security
  • Non-cryptographic information security – New Export Control Classification Number(“ECCN”) 5A003
  • Defeating, Weakening, or bypassing information security – New ECCN 5A004
• Removed ECCNS 5A992/5D992 a & b, as well as 5E992.a
• Keeps “mass market” ECCNs 5A992/5D992.c and 5E992.b
• Changes to license exception “ENC”, “TSU”, “TMP” with increased use of license exception “ENC”, instead of licensing, for certain encryption products and end-users.
• New definition of “More sensitive government end-users” and “Less-sensitive government endusers.” Under EAR Part 772.

Staying Compliant

Finally, consider including some informal benchmarking or research that would allow you to do a comparative analysis with how your compliance program is structured and operating compared to your industry peers. Comparing how your compliance program maturity rates against others may help you identify where you have achieved successes and where you may need to focus, catch up, or move ahead. Your audit results will become more compelling if you know where you stand amongst others.

Ensure your organization conducts a review of these changes. Include the hardware, software and technology that you may export included as part of that review, along with the end-users/end-use, and take appropriate related steps. You may have items currently pending fulfillment that are impacted. Remember, it’s the law!

There are several steps you can take to ensure compliance with these new regulations, including:

1. Conduct an ECCN review.
2. Update product classifications on export matrices.
3. Keep systems where the ECCN classifications are stored - so they are printed on export documents, and used for reporting – up to date. Don’t only check your ERP system, but also CRM, TM, GTM, shipping systems (FedEx, UPS, DHL), etc.
4. Evaluate active export licenses and check them against pending shipments. Determine if a license exception now applies. Update all systems from order/request to shipment reflect any changes. There are cases where licenses will need to be inactivated, and a license exception or “EAR99”, the basket designation, may apply.
5. Make sure your company is prepared for annual reporting on Feb. 1, 2017 and semi-annual encryption reporting on Aug. 1, 2017 with the new information.

U.S. exporters have an affirmative obligation to review the facts surrounding export transactions. Thus, companies should conduct careful due diligence reviews of their export transactions, and in most companies, there is not just one person, but many people facilitating and conducting those transactions.

Ensure compliance with the U.S. Export Administration Regulations by spending time understanding and implementing regulatory changes properly and strategically.

If you have any questions, or need help with the latest changes to Category 5, Part 2, Telecommunications and Information Security export controls, BPE Global is here to help!

BPE Global is a global trade consulting and training firm. Renee Roe is a Director at BPE Global. You can reach Renee by email at renee@bpeglobal.com.

View/Download PDF version here