2022 Export Compliance Refresher at Mississippi State University

"Refresh your awareness of Export Compliance Regulations EAR, ITAR & OFAC with updates from Mississippi State University's Office of Research Compliance & Security. Learn about changes in positions, controlled equipment, data control requirements, and personnel restrictions. Stay compliant and informed in the evolving landscape of export regulations."

• Compliance
• Export
• Regulations
• Security
• Training

sher666 Follow

Uploaded on Mar 13, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. 2022 Export Compliance Refresher Mississippi State University Office of Research Compliance & Security 1

2. Program updates 1. The Office of Research Compliance and Security (ORC&S) is located on campus at 236 Famous Maroon Band St, we will be moving to the new ORED building located in the Research Park late 2022. 2. The Data Security position has moved to ITS to manage CUI, NIST, and CMMC for all of MSU. 3. The Facility Security Officer position has changed to Research Security Officer to align with new and emerging requirements. 4. ORC&S added a Senior Research Security Analyst position that will specialize in foreign influence. 2

3. Welcome to Export Compliance Refresher The goal of this presentation is to refresh your awareness of the Export Compliance Regulations EAR, ITAR & OFAC. This presentation should only be taken by those personnel who have completed the initial online CITI training and are due for their 2-year refresher training. This presentation does not count for initial training. References: MSU Export Policy 70.04 National Archives CUI Program 15 CFR Bureau of Industry and Security (BIS) 31 CFR Office of Foreign Assets Control (OFAC) 22 CFR Department of State 3

4. Back to Basics Not everything is ITAR controlled... The blanket term is Export Controlled which covers ITAR and EAR. There are lots of exceptions in the EAR, so it can be export controlled in the EAR and potentionally have no control requirements. We must classify the item/article, technology, and usage in order to know. ITAR Regs Define the activity. Is it controlled? Who has jurisdiction ITAR or EAR? Yes Start EAR Regs No Not controlled The best place to start is to ask the sponsor or manufacturer what ITAR category it is or what ECCN covers it. Please engage the Export Control Officer for help. 4

5. What exactly are we talking about? 1. Controlled equipment? It doesn t matter who owns it or how long it has been in our possession. If it is controlled we have to determine if it is in an ITAR category, or it has an EAR/Export Control Classification Number (ECCN). The classification tells us how to control it. Equipment controls determine which countries can have access it. Classification also tells us if a license is required for shipments outside the U.S. 2. Data control requirements? This can be as easy as applying permission on a folder all the way to NIST SP 800-171. Each project is individually evaluated to determine the proper level of controls needed. Controlled Unclassified Information (CUI) is a defining factor for all projects, especially if there is a NIST SP 800-171/DFAR 252.204- 7012 contractual requirement. The NIST requirement is cumbersome and the only place that currently meets this requirement is the High Performance Computing Collaboratory (HPC2) and they have a thorough Acceptable Use Policy. The new term you will hear is CMMC and it is based in NIST. 3. Personnel restrictions? This can be driving by the controlled equipment classification. It can also be an explicit requirement in the Statement of Work. For example, we can have DoD award that identifies the research as ITAR Category VII, Ground Vehicles. ITAR is restricted to U.S. Person s only. This statement will be accompanied by several DFARS clauses. There are potential exemptions, but they are not covered in this training. 4. Publication restrictions? Don t confuse review with approval. Most sponsors require a copy of a publication to review which is not a restriction. If they require their approval before you can publish, then it is a restriction. The most common example is DFARS 252.204-7000 Disclosure of Information; however, DOE and NASA have their own versions. 5

6. What is an Export? Transfer of controlled technology, information, equipment, software or services to a foreign person in the U.S. or abroad by any means. For example: actual shipment outside the US visual inspection in or outside the US written or oral disclosure

7. Restrict exports of goods and technology that could contribute to the military potential of adversaries Prevent proliferation of weapons of mass destruction (nuclear, biological, chemical) Why do we have Export Laws? Prevent terrorism Comply with U.S. trade agreements and trade sanctions against other nations 4

8. Depending on your specific program it can be governed by 1 of 3 different Departments of Government: State Department: International Traffic in Arms Regulations (ITAR), which pertain to inherently military technologies Why do Export Laws seem so complicated? ? Commerce Department: Export Administration Regulations (EAR), which pertain to dual use technologies (civilian or military use) Treasury Department, Office of Foreign Assets Control (OFAC): Prohibits certain transactions with countries subject to boycotts, trade sanctions and embargoes 8

9. ITAR or the International Traffic in Arms Regulations is administered by the U.S. Department of State Directorate of Defense Trade Controls (DDTC) ITAR is based upon the AECA (The Arms Export Control Act), 22 USC 2778 & the International Economic Emergency Powers Act: 50 USC 1701-1707 The actual ITAR regulations that provide the governance of ITAR are found in 22 CFR 120-130 Chapter I, Subchapter M, Parts 120-130 ITAR governs Classified and Unclassified Defense Articles, Defense Services, Technical Data, Significant Military Equipment (as defined in ITAR 22 CFR 120) and items designed and developed, adapted, or modified in any manner for military use.

10. The US government restricts the release of strategically important technology and products for the purpose of: Limiting Weapons of Mass Destruction (WMD) proliferation Preventing our adversaries from obtaining the capability to threaten US national security Why do we have ITAR?? Ensuring U.S. allies have the best equipment and know-how Preventing supply shortages of critical materials Supporting US foreign policy (human rights, trade sanctions, embargoes) 10

11. ITAR vs EAR ITAR EAR (Dual Use Items) Heavily regulated Encourages trade Protection of national security primary United States Munition List (USML) 95% may be exported without license Commerce Control List (CCL) USML Category and Sub (ex. VII(a)(5)) Exemptions may authorize export without prior approval from DDTC ECCNs (ex. 9A610.y.8) Exceptions may authorize export without prior approval from BIS Everything is controlled Only services controlled are those associated with WMD proliferation Extra-territorial jurisdiction for all items Country Chart 11

12. At the University of Michigan, a research fellow shipped an MRI coil to Iran without a license. The research fellow was not aware he needed it, but even without demonstrable intent, the research fellow was criminally prosecuted for the shipment and subjected to civil penalties as well. 12

13. At the University of Tennessee a former professor of electrical engineering, served four years in prison for committing conspiracy, wire fraud and 15 counts of exporting defense articles and services without a license. Among other violations, he unlawfully traveled to China with a laptop containing sensitive Department of Defense files and employed an Iranian and a Chinese graduate student in his lab without securing the required federal licenses. 13

14. At the University of Massachusetts at Lowell, researchers exported an atmospheric sensing device, antenna and cables valued at slightly more than $200,000 to Pakistan s Space and Upper Atmosphere Research Commission. Because the university did not secure a license for the shipment to the Pakistani commission which is on the bureau s entity list of individuals, businesses and government and private organizations that are subject to licensing requirements the university was fined $100,000. 14

15. Academic Cases University status after arrest NAME AND INSTITUTION* Charges Arrested Trial date False statements to Department of Defense (DOD) and National Institutes of Health; false reporting Suspended with pay during trial, waiting for update after guilty charge. 14 December 2021: Found Guilty on Six counts related to payments from China Charles Lieber (Harvard University) January 2020 Wire fraud on NASA and DOD grants; false statements 7 February 2022: Pleaded guilty to one count of making a false statement Jan 21, 2022 Simon Ang (University of Arkansas) May 2020 Terminated 4 April 2022: Must face charges he lied to NASA about China ties. Trial delayed by his lawyer per Controversial U.S. China Initiative gets new name, tighter focus on industrial espionage | Science | AAAS Zhengdong Cheng (Texas A&M University, College Station) Defrauding NASA and false statements August 2020 Terminated Wire fraud on Department of Energy (DOE) and National Science Foundation (NSF) grants; false statements 7 April 2022: Found guilty of fraud and making false statements. Jury convicted him for hiding ties to Chinese gov. Franklin Tao (University of Kansas, Lawrence) August 2019 Suspended without pay Gang Chen (Massachusetts Institute of Technology) Wire fraud on DOE grant and false reporting Not scheduled: US drops its case Jan 20, 2022 On leave with pay, MIT supported Dr. Chen January 2021 25 April 2022: Found guilty May 4, 2022, of failing to report and lying to federal gov. about a bank account in China, but not guilty of grant fraud. Wire fraud on NSF grant and false reporting Mingqing Xiao (Southern Illinois University) May 2021 Suspended without pay 15

16. Common Terms 1 Deemed Export - The release or transmission of controlled information, technology or source code that is subject to export control to a foreign national inside the U.S. This can be via discussions with students, graduate students, visitors or foreign researchers. Such a release of controlled information is considered to be an export to the foreign national s home country. Fundamental Research As defined by the National Security Decision Directive 189 (NSDD 189), fundamental research is any basic and applied research in science and engineering, the results of which are ordinarily published and shared broadly within the scientific community Information that results from Fundamental Research is not subject to export control. However, if a company, college or university accepts any type of restriction on a contract or project, be it on publication rights, dissemination of results, etc., the fundamental research exemption will not apply. Also known as Fundamental Research Exemption (FRE). 16

17. Common Terms 2 Technology Control Plan (TCP) The TCP is an internal university compliance document that is prepared by ORC&S with heavy input from the PI. It states the type of export-controlled information associated with a research project, and security measures to be taken by the PI to ensure access to the export-controlled information is controlled and managed. The TCP is signed by the PI and all who are working on the project. Once the TCP is in place it is the responsibility of the PI to ensure that all the security measures listed to safeguard the controlled information or technology are enforced. All members working on a controlled project must: 1. Be current on export training (CITI or refresher not to exceed 2 yr) 2. Provide citizenship documents to ORC&S, and 3. Sign the applicable NdA and TCP acknowledgement before working or charging time to the contract/fund number. 17

18. Common Terms 3 Technical Data For ITAR purposes: Information, other than software as defined in 22 CFR 120.10(4), which is required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles. For EAR purposes: an export of technology that is required for the development, production or use of items on the Commerce Control List is controlled according to the provisions in each product category. Technology - Technical information beyond general and basic marketing materials about a controlled commodity. The term does not refer to the controlled equipment/commodity itself, or to the type of information contained in publicly available user manuals. Rather, the terms "technology" and "technical data" mean specific information necessary for the development , production , or use of a commodity, and usually takes the form of blueprints, drawings, photographs, plans, diagrams, models, formulae, tables, engineering specifications, and documentation. The "deemed export" rules apply to the transfer of such technical information to foreign nationals inside the U.S. 18

19. 22 CFR 126.1 - Prohibited exports, imports, and sales to or from certain countries (reg excerpt) It is the policy of the United States to deny licenses and other approvals for exports and imports of defense articles and defense services, destined for or originating in certain countries. The exemptions provided in this subchapter, or when the recipient is a U.S. government department or agency, do not apply with respect to defense articles or defense services originating in or for export to any proscribed countries, areas, or persons. Exports or temporary imports of defense articles or defense services to countries that the Secretary of State has determined to be State Sponsors of Terrorism are prohibited under the ITAR. Exports to countries that the Secretary of State has determined and certified to Congress, pursuant to section 40A of the Arms Export Control Act (22 U.S.C. 2781) and Executive Order 13637, are not cooperating fully with United States antiterrorism efforts are subject to the policy specified in paragraph (a) of this section. The Secretary of State makes such determinations and certifications annually. 19

20. ITAR Prohibited Countries (126.1): 1. Afghanistan 2. Belarus (no exceptions) 3. China (no exceptions) 4. Central African Republic 5. Cuba (no exceptions) 6. Cyprus 7. Democratic Republic of Congo 8. Eritrea 9. Haiti 10.Iran (no exceptions) 11.Iraq 12.Lebanon 13.Libya 14.Myanmar (formerly Burma, no exceptions) 15.North Korea (no exceptions) 16.Russia (new as of 03/08/2021) 17.Somalia 18.South Sudan 19.Sudan 20.Syria (no exceptions) 21.Venezuela (no exceptions) 22.Zimbabwe Ref 22 CFR 126.1 for listed exceptions, current as of 1/3/2022

21. Top 10 Common Issues for Universities Export Compliance* 1. 2. 3. 4. Sharing controlled information with foreign nationals in the U.S. Misusing the fundamental research exemption Inadvertently disclosing controlled information Forgetting to monitor the transfer of your foreign national employees Forgetting to screen end users even if the export is EAR 99 Misclassifying information & items Assuming a third party has the export control responsibility Failing to document your compliance properly Not understanding the nuances of export control reform 10. Not having enough funding for training and export staff 5. 6. 7. 8. 9. * From Higher Education Webinar dated August 18, 2015, Top Ten Export Control Issues for Colleges and Universities presented by Baker Donelson, Doreen Edelman, Esq., and Klint Alexander, Esq. 21

22. Dissertation & Thesis use: ORC&S has worked with The Graduate School to develop questions on the graduate application form to help identify controlled information that requires permission from the sponsor prior to public release. Publication restrictions can take many forms, typically, this comes from a contractual obligation in the DFARS 252.204-7000 clause. If a student wishes to utilize any data or information that was derived from a controlled project in a dissertation or thesis, permission must be obtained from the contract sponsor prior to the use of the controlled information or data. Obtain permission early (allow for 45-60 days for approval) from the applicable contract authority, and get it in writing! 22

23. Penalties ITAR Penalties Criminal: up to $1 million per violation and up to 10 years in prison Civil: seizure and forfeiture of articles, revocation of exporting privileges, fines of up to $1,094,010 for most AECA/ITAR violations; $946,805 for certain arms transactions to countries supporting international terrorism and $795,445 for making proscribed incentive payments in connection with offset contracts. Violations of export control laws can have serious consequences which could affect all involved. The penalties vary depending on the circumstances (whether it was a "knowing" or "willful" violation in other words you knew you were breaking the law!), but the penalties for even lesser violations can include jail time and/or fines. Also, the U.S. Government agencies that provide oversight & enforcement for the EAR and ITAR regulations are increasing their scrutiny of companies working in this arena. EAR Penalties Criminal: $50 thousand-$1 million or five times the value of export, whichever is greater, per violation, up to 10 years in prison. Civil: loss of export privileges, fines $10 thousand-$120 thousand per violation OFAC Penalties Criminal: Up to $1 million and 10 years in prison Civil: $12 thousand-$55 thousand per instance Note: There will not be just one charge for a single violation. History has shown multiple violations will be charged. 23

24. Final Thoughts Know who can or cannot work on a controlled project. Know who you can and cannot discuss/share project information Deemed export rule. If in doubt, keep discussions to your specific project/task group Protect information from unauthorized disclosure. Remember security requirements are connected to the data, information, results and technology from a controlled research project UNLESS the contract sponsor has previously approved otherwise. If you have any questions contact your respective PI, Co- PI or ORC&S. 24

25. Reporting a Violation When individuals intentionally provide incomplete or incorrect information in the grant funding process or misappropriate trade secrets or export-controlled equipment/ materials/ information. You can directly contact the Export Control Officer or anyone in the Office of Research Compliance and Security. Anonymous Submissions can be made on the MSU Ethics Point website, https://secure.ethicspoint.com/domain/media/en/gui/2452 0/index.html Click: Make a Report Research Research Security/Export Control 25

26. Chris Jenkins 325-0400, cjenkins@ors.msstate.edu Research Security Officer cjenkins@ors.msstate.edu Contact info ORC&S is located on Campus at 236 Famous Maroon Band St (previously 53 Morgan Ave) in the old faculty housing. Visit us online at www.orc.msstate.edu 26

27. Certificate of Completion Please print and fill out this slide after completing the 2022 Export Control Refresher training. Scan and attach it to an e-mail to ResearchSecurity@ors.msstate.edu I have completed the Mississippi State University Office of Research Compliance & Security 2022 Export Control Refresher briefing and understand my role in protecting controlled information from unauthorized disclosure. Employee Signature: ____________________________________ Printed Name: _________________________________________ Net ID: _________________ Date : __________________ 27