For Aerospace and Defense (A&D) manufacturers and contractors doing business globally, the International Trafficking in Arms Regulations (ITAR) is a long-recognized cost of doing business. . The latest rules from the US Departments of State and Commerce require companies that manufacture, export, or re-export ITAR-controlled items to assess and modify their authorizations and restructure compliance. Compliance failures can be extremely costly – in January 2020, Airbus agreed to pay over $3.9 billion to resolve an ITAR and corruption case.
Some organizations manage this complex regulatory landscape through manual internal processes or third-party compliance bodies. However, enterprise software for business operations can be integrated with ITAR principles to mitigate compliance issues and make products, data, and services securely available to a global audience.
Despite some recent streamlining, the ITAR complexity faced by A&D manufacturers is significant. Manufacturers must adhere to several regulatory documents, including the Commerce Control List (CCL) and the United States Munitions List (USML), which cover a variety of items.
To complicate matters further, different agencies are responsible for different application procedures – the Department of Commerce controls CCL items and the Department of State controls USML items. Each agency has different titles for the same items and different meanings for the same titles. Manufacturers should keep abreast of the multiple Denied Lists or Specially Designated Nationals and Blocked Lists published by various government departments, including the Treasury Department.
The ideal end goal would be a single point of control with a lead executing and coordinating body, a single information technology (IT) system and a single licensing body. But for now, A&D manufacturers must accept that many items are under ITAR control while others are covered by Export Administration Regulations (EAR), while the Department of Treasury monitors sanctions against foreign countries.
One compliance option is to hire export control compliance officers who monitor orders and deliveries to ensure prohibited materials are not shared with anyone on the control lists. This can be extremely time consuming and expensive. A second option is to hire a service agency to provide and consolidate the analysis of denied party lists into a database accessible for a fee.
Regardless of the compliance model, export control regulations will also have implications for underlying business systems, including enterprise resource planning (ERP). Therefore, it is important to ensure that any ERP solution used for defense manufacturing has export control functionality.
A company dealing with regulated materials needs to quickly and efficiently gather this information into its ERP system and combine it with external regulatory data to ensure compliance when processing orders and transactions. They must also be able to share it with foreign partners in a frictionless environment.
Main Components of ITAR Compliance
Without a fully integrated suite of applications that enables seamless data flow between different functions – such as supply chain management, manufacturing, engineering, customer relationship management (CRM) – it is difficult to know which products, parts or transactions may put an A&D manufacturer at risk.
Rather than integrating complex third-party solutions between export control functions and ERP, a streamlined approach uses ERP to perform checks against third-party lists and manage orders, transactions, and other activities. Consequently.
Factors to keep in mind when considering an ERP solution to facilitate ITAR compliance:
- Denied Party Checks – When committing a customer order, the ERP must ensure that the order is not going to a Denied Party by referencing a link to a compiled and updated Denied Party Database regularly by an agency or third party. You must be sure that you have checked the list of refused parties before processing the order.
- Managing Part-Specific Regulatory Schemes – The parts catalog should contain information on items that may be subject to export control, and the ERP should indicate which regulation and regulatory body covers the item and the classification or the notation within that schema that applies to it.
- Assembly-level management – If a manufacturer is managing an order for an assembly, the ERP must record the parts in that assembly and the extent to which they are covered by different export regulations and product jurisdictions.
- License Request, Usage Reports – ERP users need to identify, escalate and resolve licensing issues; report and track license consumption by order; and manage license consumption.
- Secure document management – Some documents for control items have licenses that can only be viewed by certain authorized persons. An ERP with integrated and native document management will be best suited for export control. User permissions used in ERP to control access to sensitive data can be applied to the document management solution.
- Export Control of Data and Intangible Assets – ERP must offer some support in controlling processes such as shipping a controlled product for display or exchanging data with foreign suppliers.
- International requirements – Regardless of location, exporters often have operations in other countries, each with their own set of export control regulations.
No second chance
A&D manufacturers and contractors can ill afford costly and dangerous litigation due to poor export controls of materials and equipment. Rather than paving the way for human error or paying for a third-party agency, ERP helps A&D manufacturers prepare for and meet ITAR legal requirements.