EU Issues Guidance on Internal Compliance Programs for Dual-Use Trade Controls
- Background and Principles
The European Commission recently published a non-binding guidance with recommendations on internal compliance programs (ICPs) for dual-use trade controls under Council Regulation (EC) No 428/2009 (EU Dual-Use Regulation).
The guidance aims to provide a framework to help exporters identify, manage and mitigate risks associated with dual-use trade controls and to ensure compliance with the relevant EU and national laws and regulations. It is also intended to support Member States competent authorities in their assessment of risks, in the exercise of their responsibility for deciding on export authorizations, authorizations for brokering services, transshipments of non-EU dual-use items or on authorizations for the transfer within the EU of the particularly sensitive items listed in Annex IV of the EU Dual-Use Regulation.
- The Seven Core Elements of an ICP
The guidance lists seven core elements that are essential for an effective dual-use trade control ICP but stresses that this list is not exhaustive:
- Top-level management commitment to compliance;
- Organization structure, responsibilities and resources;
- Training and awareness raising;
- Transaction screening process and procedures;
- Performance review, audits, reporting, and corrective actions;
- Recordkeeping and documentation; and
- Physical and information security.
For each of these core elements, the section “What is expected?” describes the ICP related objective(s). The section “What are the steps involved?” further specifies the actions and outlines possible solutions for developing or implementing compliance procedures.
- Annexes to the Guidance: Helpful questions, “red flags” and EU Member States competent authorities
The guidance comes with three annexes. Annex 1 contains a non-exhaustive list of “helpful questions pertaining to a company’s ICP”. The questions relate to all core elements, but not necessarily to every step described. They can either be useful when developing an ICP, or at a later stage to review an existing ICP, but do not serve as a substitute for assessing an ICP against the details of the main part of the guidance.
Annex 2 provides for a non-exhaustive list of “red flags relating to suspicious inquiries” or orders. Companies should be vigilant if one or more of these “red flags” are detected. Moreover, it is recommended and sometimes may be mandatory under EU and national laws to share information about suspicious inquiries with the competent authority. The third Annex contains a link with a list of EU Member States competent export control authorities.
The guidance provides help for companies on how to set up an adequate and effective ICP. Certain Member States already require an ICP for global export authorizations and it is reasonable to assume that ICPs will be viewed more and more as best practice. Although the guidance is explicitly non-binding and there is no obligation to implement an ICP, it is likely that certain competent authorities will take the implementation of an adequate and effective ICP into account when assessing applications to export, transit or broker dual-use items.