On July 30, 2019, the EU Commission issued guidance on internal compliance programs for dual-use trade controls.1 The guidance consists of non-binding recommendations on seven "core elements" for an effective dual-use trade control internal compliance program. For each core element, the guidance sets out clear expectations for internal compliance, as well as the necessary steps for implementation. These are summarized in the table below.

Core Element What is expected? Steps involved
Top level management commitment to compliance
Written statement of support of internal compliance procedures:
  • It must indicate clear, strong and continuous engagement and support by top-level management.
  • It must foresee sufficient resources to back up this commitment.
Drafting and rolling out a statement of commitment clearly defining the expectations and conveying the importance and value placed on compliance.
Organizational structure, responsibilities and resources Organizational structure to be set out in writing:
  • It must identify and nominate persons with overall responsibility for corporate compliance.
  • It must allow for the setup of internal compliance controls by a properly trained and educated member of staff.
Defining the number of qualified persons needed to carry out these functions and creating an internal structure that enables the performance of these functions.
Training and awareness raising Training to be provided to staff to ensure awareness of the applicable requirements and rules, as well as about the company's internal compliance program. This training can be in the form of external seminars, subscription to information sessions, in-house trainings, etc. Organizing periodic and compulsory training for personnel having trade controls-related functions, as well as awareness training for all staff, including -to the extent possible - on the lessons learnt.
Transaction screening Set up a process - either manual or automatic - to evaluate whether a particular transaction involving dual-use items is subject to trade controls. The process should address the following:
  1. Classification of the item
  2. Risk assessment of the transaction
  3. Determination of license requirements and applications for licenses
  4. Post-licensing controls
Establishing a process which includes:
  • Item classification, i.e. determining whether a given item is listed
  • Transactional risk assessment, including:
    • Checking the destinations and counterparties
    • Screening the stated end-use and the parties involved
    • Mitigating the risk of diversion to another end-use or end-user
    • Informing personnel of the "catch-all" requirement, which means that even the items that are not specifically designated as dual use may nevertheless be treated as such if there is any concern about their stated end-use
  • Identification of the license requirements and applications for licenses; ensuring regular contact with the authority dealing with export controls
  • Post-licensing controls: conducting final checks before shipment is sent and ensuring that all conditions applicable in case of license are observed
Performance review, audits, reporting and corrective actions Performance reviews and audits:
  • Must assess whether the internal compliance program is in fact satisfactory and in-line with the requirements of law
  • Are designed to detect inconsistencies and clarify and revise routines if they are at risk of non-compliance
The program must allow for random controls as part of daily operations, as well as audits covering all aspects of the internal compliance program with corrective actions.
Recordkeeping and documentation Procedures and guidelines for handling the relevant documents, their storage, record management and traceability of activities:
  • They must allow for efficient search and retrieval of information during the day-to-day activities in the area of dual-use trade controls and audits.
The procedure must reflect applicable retention periods as set out in local law and ensure that these are respected by all personnel as well as, if possible, external service providers, by way of an adequate filing and retrieval tools.
Physical and information security Physical and information security measures must be introduced to prevent unauthorized access to or removal of dual-use items. Dual-use items must be physically secured and measures and procedures must be put in place to protect information security.

To assist companies and exporters with the implementation of their internal compliance program as well as with the specific risk assessment for each of the core elements referred to above, Annex I to the guidance provides some practical questions with comments on best practices. Annex II sets out examples of red flags that should help companies and businesses identify and calibrate dual-use risks.

Footnote

1 Commission Recommendation (EU) 2019/1318 of 30 July 2019 on internal compliance programmes for dual-use trade controls under Council Regulation (EC) No 428/2009 (OJ L205, 5.8.2019, p. 15), as amended.

Dentons is the world's first polycentric global law firm. A top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm is committed to challenging the status quo in delivering consistent and uncompromising quality and value in new and inventive ways. Driven to provide clients a competitive edge, and connected to the communities where its clients want to do business, Dentons knows that understanding local cultures is crucial to successfully completing a deal, resolving a dispute or solving a business challenge. Now the world's largest law firm, Dentons' global team builds agile, tailored solutions to meet the local, national and global needs of private and public clients of any size in more than 125 locations serving 50-plus countries. www.dentons.com.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.