Whether diversifying or sharpening focus, in the normal course of business companies decide to buy other companies.

The emphasis in that decision will have been in the areas of sales performance, product appeal, and market penetration. All well and good, but in defense trade acquisitions there are additional legal responsibilities and liabilities involved—those surrounding export control compliance.

The responsibility for compliance with U.S. regulations raises many questions and considerations that need to be answered, both before and after an acquisition is made. As well as its products and infrastructure, any ITAR or EAR violations, settlements, penalties, disclosures, and enforcement actions, such as they might be, are acquired in the purchase.

These considerations are not trivial, and are as much a part of the viability of the deal as products and profitability. Many questions are raised. What export controls have been applicable for the company? Has the company been compliant with these controls? Is the company registered with the Department of Defense Trade Controls? If they are not registered, how has its ITAR export compliance been managed?

Key question to ask: where does a company fall on the export compliance spectrum?

If the company being acquired has been managing an effective compliance program, with a formalized export control policy, sound export control procedures, license management, documentation, and reporting, then all involved will already be seeing eye-to-eye. If the target has not been getting licenses for its USML or CCL exports—or, depending on the rigor of its policies, even if it has—then the process of acquisition can or will include a mass of voluntary self-disclosures and possible penalties for violations. Has the company been screening for restricted parties? Is it already subject to an enforcement action or current monetary penalties?

If the company making the purchase is asking these questions, that recommends that it operates a robust compliance regime itself and will be integrating the company being purchased into its own programs to ensure compliance success. Any existing required notices and authorization transfers have to be handled and, on review of the target company’s history, the necessary voluntary self-disclosures have to be filed.

Getting to the “root” of potential export violations

Voluntary self-disclosure analysis has to be a ‘root cause’ analysis. In other words, “Get the facts. Calibrate the root cause.” There are guidelines for Voluntary Self-Disclosure in ITAR §127.12—who is involved? What happened and why? How was the violation discovered? What remedial measures will be taken?

Root cause analysis means getting down to what really drove the error to occur, rather than only the casual effects seen. The effort is not one of “putting out fires.” It is peeling back the layers of symptoms to reveal the true problem. Examples of root causes for violations are failure to screen parties against restricted lists, poor recordkeeping, lack of training, failure to notify involved parties, failure to comply with license conditions, and so forth. For any violation that is discovered, there will be both mitigating circumstances and aggravating circumstances to detail, corrective actions to document, and sustainment activities to recommend.