BIS Proposes a License Exception for Intra-Company Transfers
On October 2, 2008, the U.S. Commerce Department’s Bureau of Industry and Security (BIS) announced a proposed rule that would establish a new license exception that would allow approved parent companies and their approved wholly-owned or controlled entities to export, reexport or transfer in-country many items on the Commerce Control List (CCL) for internal company use. To qualify to use the new license exception (entitled License Exception ICT or “Intra-Company Transfer”), the parent company must first obtain prior authorization from BIS and take on a number of significant commitments.
A company considering applying for approval to use License Exception ICT should carefully consider both the costs and benefits of this program, including the following—
- potential elimination of the need to obtain, track and report on individual licenses for intra-company commodity and technology transfers
- greater flexibility to plan and conduct cross-border research and development and collaboration activities with subsidiaries and controlled affiliates based on a one-time approval
- requirement to maintain robust internal controls subject to BIS review
- all covered facilities become subject to BIS audit
- annual reporting requirement
- mandatory, rather than voluntary, disclosure of violations to BIS.
We expect the new proposed rule to be published in tomorrow’s Federal Register and comments on the rule will due by 45 days from the date of publication (or November 17).
Eligibility For Prior Approval
Who can apply?
To apply, a parent company must be incorporated or have its principal place of business in the United States or one of 36 other countries listed in the proposed rule. Colleges and universities generally may not apply for the ICT exception.
Who will be covered?
The license exception allows the export, reexport and in-country transfer to and between eligible “users” and “recipients.” Eligible users are the parent company and its wholly-owned and controlled in fact entities identified in the application. This group does not embrace a parent company of the primary applicant. Eligible recipients include the eligible users and also non-U.S. national employees (which for purposes of this rule would include contractors and interns) receiving technology and source code.
Internal Control Plan.
To obtain prior authorization, a company must maintain an internal control plan and submit the plan for BIS review. The mandatory elements of this plan include—
- a corporate commitment to export compliance
- a physical security plan
- an information security plan
- personnel screening procedures – Any non-U.S. national employees who are not nationals of the country in which they are employed must be screened against lists of end-user concern.
- a training and awareness program
- a self-evaluation program – This element requires the creation and performance of regular internal audits, the creation of a checklist of critical areas and items to review, and development of corrective procedures or measures implemented to remedy identified deficiencies. If any deficiencies rise to the level of EAR violations, the company should make voluntary self-disclosures.
- a letter of assurance for software and technology
- non-disclosure agreements – All non-U.S. national employees must sign non-disclosure agreements before receiving technology or source code under the ICT.
- end-user list reviews.
BIS will review this plan and also require documentation of its implementation.
BIS requires a list of wholly-owned and controlled in fact entities that are intended to be eligible users and recipients. The company must also submit the Export Commodity Classification Numbers of the items it plans to export, reexport and transfer under License Exception ICT and describe how and by whom the commodities will be used.
Commodities not included.
ICT does not apply to all commodities. It cannot be used for items controlled for missile technology reasons or certain items that are “space qualified.” Moreover, items controlled for Encryption Item (EI) and Significant Items (SI) reasons are ineligible for export, reexport or transfer under ICT.
The parent company must submit an annual report to BIS on how the parent company and approved entities are using the license exception. For technology transfers, the report must include personal information of any employees who are not nationals of the U.S. or the country in which they are employed and who have received technology or source code under ICT. The parent company must also certify that it and its approved entities are in compliance with the terms and conditions of the ICT. Additionally, BIS requires that the company keep records of the ICT control plan and associated materials.
As a condition to approval for the program, all covered entities must be subject to audit by BIS. On a biennial basis, BIS will conduct audits of the parent company and other approved entities to ensure compliance with ICT. BIS will typically give notice before conducting an audit, but in cases where it believes that an entity is improperly using ICT, BIS can conduct an unannounced audit that is separate from the biennial audit.
Under the proposed rule, BIS expects approved users to disclose deficiencies and violations identified in their internal compliance with License Exception ICT. Failure to disclose could result in revocation.
Companies that may benefit from a one-time authorization for intra-company transfers should carefully consider the proposed rule during the comment period. In its current form, the proposed rule could substantially eliminate the costs of one-time licensing for such intra-company transfers. However, it also entails potentially significant costs, including costs required to ensure compliance with the terms and conditions of an approval, and the risks associated with exposing the company to regular BIS audits and reporting requirements.
If you have questions regarding this alert, please contact—