White paper

Master ITAR, Export Control, with ERP

Content Current situation.................................................................................................... 2 Technology Solutions............................................................................................. 2 Selecting ERP............................................................................................................ 4 Conclusion............................................................................................................... 8 About IFS .................................................................................................................. 9

Master ITAR, Export Control, with ERP

Master ITAR, Export Control, with ERP B y K e vi n D e a l V i ce P r es id e n t, D e f e n s e , IFS N o rth A m e ri c a

Ever since the 1976 enactment of the Arms Export Control Act (AECA) and the International Traffic in Arms Regulations (ITAR), manufacturers in the aerospace and defense industry have had to avoid selling items listed on the U.S. Munitions List to non-US parties unless authorized by the Department of State or by special exemption. But when the U.S. Department of State in 1999 stepped up enforcement efforts, executives have a lot more to worry about. Then, a Presidential Executive Order on Export Control Reform, issued on March 8, 2013, caused the Departments of State and Commerce to issue important new rules which take effect on October 15, 2013. These rules require companies around the world that manufacture, export or reexport ITAR-controlled items to evaluate and amend their current authorizations and restructure compliance activities. In this whitepaper, we’ll discuss how correct application of the right enterprise software including enterprise resource planning (ERP) can keep your manufacturing business in the good graces of regulators, preventing heavy fines that result from even inadvertent violations of these rapidly changing requirements. Specifically, we will discuss the export control burdens placed on aerospace and defense manufacturers in the US and abroad, and how to select software that can facilitate and automate compliance to these rapidly changing regulations.

Export Control Basic Data ERP must be able to register basic data about export control schemes relevant to your enterprise. This means ERP must be configurable to deal adequately with the export controls which are pertinent for you and ensure data integrity on transactions.

1

Master ITAR, Export Control, with ERP

Current situation The complexity faced by aerospace and defense manufacturers is significant, starting with the multiple regulatory documents with which manufacturers are confronted. The Commerce Control List (CCL), and the United States Munitions List (USML). Both mention different items which must be controlled. To confuse matters more, different agencies are responsible for different types of application procedures; the Department of Commerce for the CCL items and the Department of State controlling the USML items. Each agency has different ways of wording things, and different meanings for the same words. Manufacturers need to keep abreast of multiple denied party lists, or Specially Designated Nationals and Blocked Persons Lists, and these are issued by various departments of government including the Department of the Treasury – all in an environment where it is hard to understand why the government wants to restrict particular items. One day, the regulatory environment might be streamlined to a single control point, with a single primary enforcement and coordination agency, a single IT system and a single licensing agency. But into the foreseeable future, we have to live with the fact that a lot of items are under ITAR control, other items are covered by the Export Administration Regulations (EAR), all while Department of the Treasury keeps track of sanctions that are in force against foreign nations. Compliance is information-intensive and mission critical. And that means that your enterprise system of record ought to be brought to bear. Apart from data directly from regulators including lists of controlled items and sanctioned nations, much of the data necessary to comply already exists in various places and modules of an ERP system … in manufacturing, engineering, supply chain, procurement processes and sales. A business dealing in these regulated materials must be in a position to quickly and efficiently marshal this information from within their ERP system and combine it with external regulatory data to ensure compliance as they process orders and other transactions. They also must be able to share it with overseas partner companies. US regulations apply equally to overseas companies that purchase US parts or materials for incorporation into their own products. This means the compliance challenge touches every area of the business; engineering, sales, procurement and beyond.

Technology Solutions This degree of complexity suggests that some third party intervention or technological solution is required to ensure compliance, and there are various software and service options available. There are service agencies that provide analysis of the denied party listings from a myriad of agencies, and consolidate that information into a database which can be accessed for a fee. In essence, you share your part and

2

Master ITAR, Export Control, with ERP

transaction data with them through an application program interface (API) and they can confirm that your orders are not from denied parties so you can proceed. You can also put manual controls in place by hiring export control compliance officers that try to keep tabs on orders and deliveries you are making to ensure you are not sharing forbidden materials with anyone on the control lists. This of course can be an extremely time consuming and therefore a costly activity. Regardless of which compliance model you select, export control regulations will also have implications for your underlying enterprise systems, including ERP. In particular, organizations subject to export control will need a well-integrated application suite rather than a collection of point solutions. It will become more and more important to ensure an ERP solution used by your defense manufacturing organization has functionality specifically designed for export control. Without a fully integrated application suite where data can flow seamlessly between different functions like supply chain management, manufacturing, engineering and customer relationship management (CRM), it is difficult to know which products, parts or transactions may put you in jeopardy. At a minimum, an enterprise application must be comprehensive enough to help you answer some basic questions: • Within the parts catalog, which set of regulations does each part fall under? Is a part regulated by a control list rating or the US Munitions list rating, and if so, which rating and therefore which controls apply? • Are you sending the items to an overseas partner or customer who is operating under warehousing and distribution agreements, which would then resell them to an approved sales territory? • Are the particular orders that you are accepting and committing to in a contract for these items subject to these controls? If they are on the list, do you have a license? If you haven’t got a license, you shouldn’t be exporting it. If you do have a license, are you actually complying with the terms of that license? A modern ERP product built on a service-oriented architecture (SOA) will enable a company to plug in a third party compliance solution or service. These third party solutions are often designed to integrate with various ERP packages, but that means they cannot do a very thorough job of integrating with any one application. And even then, managers and executives need to move between two systems rather than manage export controlled items directly in ERP. We find our customers prefer a streamlined approach with ERP that is already enabled to do the checks against third party lists and manage orders, transactions and other activities accordingly. Export control functionality is used directly in the system that is already being used to process the regulated transactions, materials and activities. Data already native in the ERP is used, along with third party lists accessed virtually, to:

3

Master ITAR, Export Control, with ERP

• Identify a part as a control part right in the part catalog. • Check for controlled parts in the bill of material of what you are just delivering. • Prompt you when you need a license, offer information on the type of license required and check on license availability. If you don’t have the license available at the moment, it can determine if you can still proceed to the next stage in processing but hold delivery until you actually get the license in place. • Compare order quantity or dollar value for licensed items against available licences and verify there is sufficient unused cover after netting of consumed coverage by previous orders. Licenses typically cover limited quantities or limited dollar values or specific end usages to specific end users. In order to achieve this level of compliance automation, a business absolutely needs support within their ERP to capture and present this data in an appropriate way while they are processing transactions and working within the ERP application itself.

Selecting ERP ERP vendors know export control is a serious challenge facing companies in the industry, and will typically claim to offer some level of compliance functionality. In selecting a new system of record in an aerospace and defense manufacturing or contracting environment, however, there are specific and granular types of functionality to look for to ensure your new system will meet your export control needs. Denied Party check. When committing to a sales order, the ERP software needs to check

to ensure the order isn’t going to a denied party. This might be achieved through a link to a database of denied parties that is compiled and updated regularly by an agency or third party. But you need to have confidence that you have checked the denied parties list before processing the order. Management of part specific regulatory schema. For items that might be export controlled,

the ERP system needs to indicate which regulation and regulatory body covers the part or material and the classification or rating within that schema that applies to it. Are there specific end usages that are allowed for export and other end usages that are not? The parts catalog needs to hold that information about each part. Management on the assembly level. If you are handling an order for an assembly, an ERP

application needs to record the parts within that assembly and the extent to which they are covered by different export regulations and commodity jurisdictions. The overall assembly might need one license or several licenses from different agencies. So the application needs to analyze the bill of material (BOM) and register:

4

Master ITAR, Export Control, with ERP

• Which licenses for regulatory parts are in place? • What commodities do they cover? • Which end usages are they allowed for? • What dollar value does the license allow for? • What quantity of the parts does the license permit?

Master Part Export Control You will need ERP that can register details within about which export control schemes and control codes apply to each part in the part catalog. you should also be able to analyze for or register details of sub-components requiring licensing and expected end usages that you should need each part ordered to satisfy.

License Application. If it turns out that the assembly requires a license the company does not have in place, the ERP software needs to record that license amendment request by pulling in email traffic with the outside parties. If the license application or application to increase coverage of the license is not progressing in a timely manner, ERP needs to escalate that matter up the organization automatically. The order will need to be halted before regulations are broken, and this requires some forced order connections between licenses and orders for controlled parts. License Usage Reporting. The software needs to report on usage of licenses from various

government agencies. These licenses are both a valuable commodity and a potential constraint on sales, and executives will need to use ERP to monitor the consumption of licenses by orders and manage that consumption. Secure Document Management. Some documents having to do with control items have

licenses that can only be viewed by certain people. Ideally, the same user permissions the ERP software uses to control access of sensitive data within the enterprise software can be made to apply to the document management solution. This means ERP with embedded, native document management functionality will be more desirable for export control.

5

Master ITAR, Export Control, with ERP

3 APPS8 DDTC ERP should hold contact information for government licensing offices and contact details of the officers relevant to your license applications.

Control of the export of data and intangibles. The ERP system must offer at least some support in controlling the export of technical data or intangibles. This includes ad hoc data exchanges like the shipping of a controlled piece of equipment to an overseas trade exposition. That event will not be on a sales order, BOM, or other formal document subject to other control points in ERP. But this shipping of a sample or display model will probably require a license, so ERP must offer functionality to identify and manage these situations that fall outside of established controls. Data may also require a license if a company is working collaboratively with a partner company overseas. If, for instance, that overseas partner needs one of our parts or assemblies so they can create the interfacing part, it may require a license. Again, there is no sales order involved, and the ERP application must offer functionality to help link these ad-hoc events to export licenses. Other countries’ requirements. This whitepaper largely focuses on US requirements, but

US exporters often have overseas divisions who might be working in the UK, other countries in the European Union, Australia, and other countries worldwide, each

6

Master ITAR, Export Control, with ERP

with export controls requirements. Just within the US, regulatory control over items is moving from one regulatory body to the other. And doing business overseas makes it even more important to have the ability to fluidly move your items and control types from one regulatory schema to another. Various international agreements and regulations that bear close attention include: • The Nuclear Suppliers Group —“The Nuclear Suppliers Group (NSG) is a group of nuclear supplier countries which seeks to contribute to the non-proliferation of nuclear weapons through the implementation of guidelines for nuclear exports and nuclear related exports. The NSG guidelines are implemented by each participating government in accordance with its national laws and practices. Decisions on export applications are taken at the national level in accordance with national export licensing requirements.” www.nuclearsuppliersgroup.org/

• UN Security Council Sanctions Committees—“Under Chapter VII of the Charter, the Security Council can take enforcement measures to maintain or restore international peace and security. Such measures range from economic and/or other sanctions not involving the use of armed force to international military action.” www.un.org/sc/committees/

• The Wassenaar Arrangement on export controls for conventional arms and dual-use goods and technologies. www.wassenaar.org

• Australia Group—“The Australia Group (AG) is an informal forum of countries which, through the harmonization of export controls, seeks to ensure that exports do not contribute to the development of chemical or biological weapons.” www.australiagroup.net

• The Missile Technology Control Regime—“The Missile Technology Control Regime is an informal and voluntary association of countries which share the goals of nonproliferation of unmanned delivery systems capable of delivering weapons of mass destruction, and which seek to coordinate national export licensing efforts aimed at preventing their proliferation.” www.mtcr.info/english/index.html

• Zangger Committee—“... was formed following the coming into force of the Nuclear Non-Proliferation Treaty (NPT) to serve as the ‘faithful interpreter’ of its Article III, paragraph 2, to harmonize the interpretation of nuclear export control policies for NPT Parties.” www.zanggercommittee.org

7

Master ITAR, Export Control, with ERP

Conclusion Export control regulations are changing rapidly, and will continue to do so. Keeping abreast of regulation on each and every order and transaction is not a process that can be effectively handled manually – at least not on a level that ought to inspire confidence from management. Manufacturers and contractors involved in the aerospace and defense industries as well as other industries dealing with materials and equipment of strategic importance will need to rely on more automated systems to they can profitably and efficiently meet customer demands without exposing themselves to legal repercussions. ERP software that is designed specifically for export control may offer the most direct route to an export control process that inspires confidence while protecting the company and its Directors.

Kevin Deal is vice president for aerospace and defense at IFS North America. Previously, he has held management positions at Broadvision, Cincom, and The Battelle Memorial Institute. Deal holds a Master of Science in Administration from Central Michigan University and a Bachelor degree in Mechanical Engineering from Wright State University.

8

About IFS IFS is a public company (OMX STO: IFS) founded in 1983 that develops, supplies, and implements IFS Applications™, a component-based extended ERP suite built on SOA technology. IFS focuses on agile businesses where any of four core processes are strategic: service & asset management, manufacturing, supply chain and projects. The company has more than 2,000 customers and is present in 50+ countries with 2,800 employees in total. More details can be found at www.IFSWORLD.com. For further information, e-mail to [email protected]

Americas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . +1 888 437 4968 Argentina, Brazil, Canada, Mexico, United States Asia Pacific . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . +65 63 33 33 00 Australia, Indonesia, Japan, Malaysia, new Zealand, Philippines,  PR China, Singapore, Thailand Europe east and central asia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . +48 22 577 45 00 BALKANS, Czech Republic, GEORGIA, Hungary, Israel, KAZAKHSTAN, Poland, RUSSIA and cis, Slovakia, Turkey, UKRAINE Europe Central . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . +49 9131 77 340 AUSTRIA, Belgium, GERMANY, ITALY, netherlands, SWITZERLAND Europe West . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . +44 1494 428 900 France, Ireland, Portugal, Spain, United Kingdom Middle East and africa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .+971 4390 0888 India, South Africa, Sri Lanka, United Arab Emirates Nordic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . +46 13 460 4000 Denmark, Norway, Sweden Finland and the Baltic area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . +358 102 17 9300

www.ifsworld.com This document may contain statements of pos sible future functionalit y for IFS’ sof t ware products a n d t ec h n o l o gy. Su c h s tat e m e n t s o f f u t u r e f u n c t i o n a l i t y a r e f o r i n f o r m at i o n pu r p o s e s o n ly a n d s h o u l d n o t b e i n t e r p r e t e d a s a n y c o m m i t m e n t o r r e p r e s e n tat i o n . IFS a n d a l l IFS p r o du c t n a m e s a r e t r a d e m a r k s o f IFS . T h e n a m e s o f a c t u a l c o m pa n i e s a n d p r o du c t s m e n t i o n e d h e r e i n m ay b e t h e t r a d e m a r k s o f t h e i r r e s p ec t i v e o w n e r s .

IFS AB © 2013

En2345-1 Production: IFS Corporate Marketing, May 2013.

Estonia, Finland, Latvia, Lithuania