No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Beyond the Fines: The Risks of Violating ITAR Compliance

by William O'Brien
April 13, 2015
in Compliance
military defense

Every day, employees share sensitive information with external parties and don’t realize the risks of these routine actions. While this level of collaboration may not seem like a serious threat, the inadvertent or unintended export of technical data to the wrong person, such as someone in a foreign country or a non-US citizen, could result in serious consequences for both the employee and his/her employer.

The U.S. government’s International Traffic in Arms Regulations (ITAR) controls the export and import of defense-related articles, services and technical data. Under these regulations, all technical data must be stored in an environment physically and logistically accessible to U.S. persons only, subject of course to exports of technical data permitted under ITAR. Companies and individuals that fail to comply with these regulations face severe consequences that not only include paying a hefty fine, but often expand far beyond it.

There are a number of risks that companies and individuals face by failing to monitor the movement of their technical data in violation of ITAR. If the data were to fall into the wrong hands, the accidental or intentional leakage of sensitive information could result in:

  • Significant Accrual of Fines – In recent years, failure to comply with ITAR has resulted in fines ranging from $20,000 to $78 million. The amount penalized depends on the number and severity of the violations committed.
  • Denial of Export Privileges – Companies who fail to comply with ITAR are subject to the loss of export privileges. If this occurs, organizations are prohibited from participating directly or indirectly in the export of technical data and defense services. As a result, their ability to conduct business regularly will likely suffer.
  • Mandatory Increase in Staffing – Penalties may also include the need to hire a special compliance officer (SCO). The SCO’s role is to monitor the company’s progress in enhancing compliance programs and must be compensated out-of-pocket. The time required for a SCO to be with a company depends on the severity of company’s violation(s).
  • Regular External Audits – A company found in violation of ITAR may be required to submit to a series of comprehensive audits. These audits must occur at least once each year, and will examine ITAR policies and procedures, while identifying compliance gaps and risks within a company’s ITAR program.
  • Loss of, or Completely Damaged, Public Reputation – In addition to the monetary, logistical and privilege-specific penalties, a company that has violated ITAR will be forced to sign a consent agreement requiring them to enhance compliance programs. Companies will be placed on a list and the details of their agreement will be made available to the public. This may hurt the company image and current business relations, and deter potential clients from using their products or services.

In the past two years, five companies have been fined a total of $71 million for violating ITAR regulations. While awareness through employee training is the best way to prevent this from happening, there are a number of ways to avoid criminal and civil penalties associated with ITAR violations. It may seem simple, but companies which have constructed private dark clouds to monitor and handle ITAR data have found themselves restricted and limited, unable to operate at the speed today’s business demands. Previously, there was no exemption allowing encrypted data to be stored in the cloud. However, due to recent changes by the U.S. State Department, if certain regulations such as knowing who can see the data, along with tracking when and where it has been accessed, are met, third-party cloud-based collaboration solutions can be designated as compliant. In accordance with [ITAR] § 125.4(b)(9), these regulations include:

  • Information and materials related to items on the United States Munitions List (USML) may only be shared with “U.S. Persons” (unless authorized by the U.S. Department of State).
  • All U.S. providers in the USML supply chain must register obtain appropriate import/export licenses from the U.S. Department of State.
  • Unauthorized re-transfer or re-export of any articles is a major breach of the law – and is tightly regulated.
  • Scope of the regulation includes data/information that’s accessed by authorized U.S. persons when traveling outside the U.S. and is then shared with foreign nationals.

For many years, organizations in the defense industry have been faced with two prospects when collaborating: build expensive private clouds that lack the ease and flexibility needed to facilitate business at lightning-fast speeds, or risk using public cloud options that expose the organization to expensive and damaging ITAR violations. However, new changes to regulations have allowed for the creation of a new generation of secure, ITAR-certified third-party public cloud options. It will be important for the defense sector to cut through the marketing hype to separate which ones are truly ITAR compliant from those that simply make the claim. But once they do, violations can be proactively prevented while still fostering a collaborative environment, giving both company and employee a priceless peace of mind.


Previous Post

Healthcare Privacy and Information Security Risk Forecast for 2015

Next Post

When Should Internal Auditors and Compliance Officers Become SEC Whistleblowers

William O'Brien

William O'Brien

William O'Brien_headshot (1)William L. O’Brien is the chief operating officer of Brainloop and former speaker of the New Hampshire House of Representatives. He obtained his J.D. from Suffolk University Law School and later received a Master’s in Intellectual Property Law from the University of New Hampshire School of Law. He has held various executive positions in technology companies over the last 20 years, including in both general counsel and operational roles. He has been happily married to his wife, Roxanne, for 40 years. They have three grown children, and three grandchildren.

Related Posts

Fox_DOJ Speeches_f

Analysis of Recent DOJ Statements

by Corporate Compliance Insights
March 23, 2023

DOJ leaders provide insight into agency's plans. Analysis of Recent Statements DOJ Shaping the Future of Corporate Criminal Enforcement What’s...

Fox_2023 ECCP Update_f

2023 Evaluation of Corporate Compliance Programs

by Corporate Compliance Insights
March 23, 2023

Keeping up with 2023 changes to DOJ guidelines. Additions, Deletions & Changes From 2020 2023 Evaluation of Corporate Compliance Programs...

encompass update

Encompass Launches pKYC Maturity Model

by Corporate Compliance Insights
March 22, 2023

KYC automation platform Encompass has unveiled a new perpetual Know Your Customer (pKYC) maturity model designed to help banks improve...

consilio onna partnership

Consilio, Onna Seek to Streamline eDiscovery for Cloud Apps

by Corporate Compliance Insights
March 22, 2023

Legal technology provider Consilio has launched a new platform, Sightline Collect, powered by data management supplier Onna. The platform is...

Next Post

When Should Internal Auditors and Compliance Officers Become SEC Whistleblowers

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT