[av_one_full first min_height=” vertical_alignment=” space=” custom_margin=” margin=’0px’ padding=’0px’ border=” border_color=” radius=’0px’ background_color=” src=” background_position=’top left’ background_repeat=’no-repeat’]
[av_textblock size=” font_color=” color=”]
Sunny: Hello everyone. My name is Sunny McCall and I’m Momentum’s Vice President of Content & Experience and Program Director of Momentum’s 9th ACES Compliance Summit. It is my great pleasure to be here today with Jeannette Chu. Hello Jeannette and welcome.
Jeannette: Hi, Sunny, thank you so much. It’s great to be here and speak with you.
Sunny: Thank you so much Jeannette, we are as well. To give our listeners a little bit of background about yourself, I understand that you currently lead PwC’s export controls and trade sanctions team specializing in developing customized compliance solutions for U.S. and multinational companies. In this role, Ms. Chu directs assessments of compliance with export controls, and sanctions, embargo laws for businesses spanning across multiple sectors, industries and countries.
Jumping right in Jeannette, and prior to joining PwC, I understand that you held several prestigious government advisory roles, including having served as a senior policy advisor within the Bureau of Industry and Security at the U.S. Department of Commerce, and then prior to that as a Senior Export Control Attaché to the U.S. embassy in Beijing. Reflecting now on your current role, what experiences do you rely most on from your time as a government advisor in offering guidance to current clients on how to best approach Export Controls compliance?
Jeannette: Thanks Sunny, that’s a really great question. You know, I actually rely on the totality of 31 years in government and I think that so closely mirrors this conference that we are doing together in a few weeks, which brings together anti-corruption, export controls and sanctions which are all top of mind issues for multinational companies today. Any compliance area including of course export controls and sanctions can seem very confusing with all of the acronyms and just the sheer number of regulatory agencies that get involved.
So having worked across seven agencies including the 13 years that you mentioned that I spent as a diplomat in China, has given me a very broad perspective on inter agency processes, including of course export licensing, export enforcement, and what is known as CFIUS, or the Committee on Foreign Investment in the United States.
So Sunny, as you know, I was a special agent for almost 25 years. I try to share that enforcement-minded point of view with companies so that I can help them understand and manage their risks. I would be really remiss though if I didn’t also say that what I also rely on very much every day is the incredible breadth that my colleagues here at PwC bring to these very complicated problems. I don’t think there’s a business issue out there that we have not been able help with. And every single day, I meet a colleague who is just absolutely brilliant, a leader in their field. And it’s that combination of deep expertise that helps us be a force multiplier for the companies that we are so privileged to serve.
Sunny: Thank you so much Jeanette and speaking a little bit now about your current expertise which is leading the export controls and trade sanctions group at PwC, what would you say are the top two challenges your clients face specific to international trade compliance and then what would you say those challenges are driven by?
Jeannette: The very nature of cross-border trade is inherently complex. It brings with it challenges that include keeping up with a fast-pacing regulatory environment that spans the globe. There are a lot of variances that we’ve observed as being challenging to our clients. I would say that two areas I would like to highlight today as being consistently challenging across industries and geographies are managing competing business imperatives and juggling cross-jurisdictional regulatory requirements.
So let me give you a couple of examples: companies may structure their international operations to minimize tax exposure. That’s terrific. But this can sometimes result in unintended consequences. For example by triggering export license requirements. So that’s something that companies need to take into consideration. International operations also present challenges when regulatory requirements are in flux. They’re not necessarily confusing on the face of it or lacking in clarity. It’s just the fast changing nature of today’s regulatory environment.
One example of this is around what we call ‘restricted party screening’. Sometimes called ‘denied party’, or ‘sanctions screening’. Countries maintain lists of individuals, companies, and entities that are restricted for whom they don’t want their own companies and persons to conduct business with. But countries don’t maintain these lists in lock step with one another. So, for example, you could have an individual who is listed by the European Union but not the United States or vice versa. Alternatively, you could have a listed person or a listed company that is then removed, what we refer to as delisting. But maybe the United States removes them from the Treasury Department’s specially designated nationals and blocked persons list but the United Kingdom does not take a similar action until several months later. Companies need to be aware of this dissonance between the two regulatory scapes.
So I hope this underscores how important it is to stay on top of all these different lists wherever your company has operations. Bringing this just a little bit close to the home, assessing and understanding a company’s risk profile helps to prioritize compliance activities which can include how you are going to deploy resources. So, for example, very recently, a European parent company or affiliate could take advantage of the easing of sanctions against Iran resulting from implementation day of the joint comprehensive plan of action. But the United States still maintains primary sanctions against Iran and U.S. companies need to be mindful of this and what their nexus maybe.
Sunny: Thank you so much for that Jeanette. I really appreciate it. Thinking a little bit then about our conference, our upcoming ACES Compliance Summit that you will be speaking at, the conference really seeks to address the overlapping and often intertwined nature of compliance that ties together anti-corruption, export controls, and sanctions as you’ve been talking about a bit here. Given your experience and work with clients, spanning industries and sectors, what would you say the most common threads are that link these three areas together from a compliant standpoint?
Jeannette: I would say that it is that central need to know your customer. Know your customer, know your business partners, know your counterparties. This is a fundamental principle that underscores all three of these very important compliance areas of anti-corruption, export controls and sanctions. As a result, my export controls and sanctions team works really closely with our counterparts that handle FCPA for anti-corruption practice compliance, corporate intelligence, and forensic technology services because of this convergence.
Anti-corruption compliance is all about knowing your counterparties and business practices in every geography in which you operate. But many people don’t realize that U.S. export controls place great importance on understanding end-users and end-uses. Because the U.S. also imposes re-export controls on U.S. origin items and places great importance on who will be the ultimate consignee or end-user of that U.S. origin item or technology and what that will be used for.
It’s not just about the hardware or even this technology that I am speaking about. You have to understand where is it going, to whom, and for what purpose. And then this falls directly into the sanctions arena where it’s important to understand how that specially designated nationals or SDN list that we just spoke of, operates. This is a really good time to note that the Treasury Department’s Office of Foreign Assets Control, requires you to understand ownership and control of your counterparties so that you don’t risk entering into prohibited transactions.
Sunny: Thank you Jeannette. At our upcoming conference you will be leading a session, which will address the evolution of export controls compliance programs post ECR. Utilizing an approach that looks back in hindsight at how corporate compliance programs have had to evolve based on export control reform, could you give us a sneak peek into a few of the topics and themes that we might hear addressed during this session?
Jeannette: Sure. You know it’s really tempting to say, “You’ll just have to come to the conference to find out”. But I think that something that we’re all looking forward to discussing and learning from each other, is one of the key cornerstones of the export control reform or ECR initiative. And that is the movement of items and associated technical data from the U.S. Munitions List, where they’re subject to the International Traffic in Arms Regulations or ITAR, to the Commerce Control List, which is part of the Export Administration Regulations and administered by the Department of Commerce’s Bureau of Industry and Security or BIS. So we’ll talk about some of the lessons learned around what it takes for companies to review and reclassify hundreds, if not thousands of parts, components, and associated technical data. And I’m also hoping that we’re going to share a bit about what it means to keep up with ongoing regulatory changes across and the USML and the CCL.
Sunny: Finally Jeanette, thinking forward for a moment, if you could call out just one issue that you foresee as being most impactful in corporate compliance programs over the coming 6 to 12 months, specifically within the export controls realm? What would you say that issue is and then how would you advise in-house counsel and compliance executives to prepare for dealing with this issue now?
Jeannette: Thanks Sunny. That’s a great question. PwC conducts an annual global economic crime survey. In the 2016 survey, cyber threats have emerged as the second most commonly reported form of economic crime. 54% of our respondents stated that they have been affected by cybercrime within the past two years. But only about half of the companies that responded said that they have an operational cyber security plan in place.
So, at the same time, companies are also looking to leverage technology tools like data storage, the Cloud, and software as a service. Regulators are also increasingly focused on cyber threats. There’s a great deal of discussion going on right now around the collateral impacts such as the potential for damage, resulting from exfiltration of export control data. So, for example, if you get hacked and then some of the information that is accessed is subject to controls, whether that be on the ITAR or through the EAR, that maybe something that would require a good deal of attention and additional resource commitment from you.
There’s a number of ongoing developments in this really interesting and against fast changing space. In 2015, the President issued two executive orders relating to cyber. There was executive order 13687, which was issued on January 2, 2015, which imposed economic sanctions on North Korean persons and then executive order 13 13694, which was issued April 1, 2015. This authorized the use of economic sanctions against persons and entities that engage in malicious cyber enabled incidents. It’s also important to remember that many defense contractors have or handle ITAR-controlled technical data and they are also subject to the Defense Federal Acquisition Regulations, DFARs. Recently this was changed to require contractors and subcontractors to safeguard what is called ‘covered defense information’ that either transmits through or resides on the information system. Cover defense information includes unclassified data that is subject to export controls whether that’s ITAR, EAR or nuclear technology.
Consistent with all of this, are proposed regulatory changes to both the ITAR and the EAR that address cyber. For example, there are proposals to change the definition of an export, to carve out technology in software transfers that you use end to end encryption. And, again, these are proposed, they are not yet final. But it’s indicative of all of the attention and focus that is being placed on this issue.
There have also been proposed changes to the EAR, export administration regulations, that would impose new restrictions for exporting hardware, software, and technology associated with intrusion software. And we really shouldn’t forget that the state department as a matter of long-standing U.S. policy, does requires disclosure any time there’s a release of ITAR controlled technical data to a country subject to U.S. Arms Embargo or a national of such a country. By way of example, this would mean that U.S. companies are required to report to the state department a cyber breech that involves the release of ITAL controlled technical data to China or Chinese nationals.
So Sunny, I think, you can understand why it then becomes so very important for companies to understand what technical data they have and how they mark, store, transmit and export that information. Once again, it’s going back to the fundamentals around who is it going to, when, where, and how? These issues are only going to become even more important and foundational to having an effective and robust compliance program. At PwC, we help companies address these and other related cyber issues not just in my practice group but also in close coordination across the firm. We have a comprehensive range of integrated services that includes government contracting, forensic technology services, IT security, cyber threat response to address these very dynamic security issues.
Sunny: Well, Jeanette, thank you so much for spending this time here with me today. I really enjoy having the opportunity to chitchat with you a bit. And certainly looking forward to hearing more from you at the live conference in a few short weeks.
Jeannette: Thank you Sunny. We are so delighted as PwC to be able to sponsor this conference. I’m personally very excited and very much looking forward to seeing everyone as you said in just a few short weeks. It’s going to be a really great event, thanks to Momentum.
More from PwC: