Elements of an ICP

Purpose: to clarify the enterprise’s policy with respect to strategic trade control; to convey the importance and value placed on effective STC compliance procedures; and to define senior management’s specific compliance expectations.

• A written statement by a senior representative, such as the CEO, that the enterprise complies with all STC laws and regulations.
• The statement should be widely disseminated to all employees, officers, customers, and other external parties.
• Requires enterprise to devote sufficient resources to STC compliance functions within the organization, including: training, instructional/compliance resources, budgets, personnel, high-level support, and technical expertise.

Purpose: to ensure that all compliance-related functions, duties, and responsibilities in your enterprise are clearly identified, defined, and assigned; that the relevant positions and incumbents are known throughout the organization; and that there are internal records of these assignments that are routinely updated and distributed to employees.

Establish an internal organizational structure, responsible for strategic trade control:

• Nomination of a Chief Compliance Officer (CCO) that is responsible for:
  • Development and revision of the ICP and operational procedures.
  • Overseeing and monitoring the implementation of the ICP and general strategic trade control management, including direction and communication with various business units or other empowered compliance officials.
  • Define compliance functions and responsibilities of other employees and disseminate organizational assignments.
  • Identifying STC compliance risks and enterprise vulnerabilities.
  • Providing guidance and direction to the board of directors, senior management, and employees on STC compliance issues
  • Granting ultimate approval authority for business transactions involving controlled items (often this responsibility is delegated to TCMs/TCOs).
• Identify and staff all compliance-related functions within the organization (enterprise).

Purpose: to determine the classification of the commodity to be transferred and whether or not the transaction is subject to trade licensing requirements, restrictions, or prohibitions. This element of an ICP includes:

• Classification/identification procedures - determine whether items are subject to any restrictions by evaluating the control list(s) to determine the appropriate commodity classification number (CCN); and record CCNs for all products.
• End-use screening - evaluate the plausibility of the end-use and identify “red flag” or other suspicious indicators;
• Customer/end-user screening - determine whether the destination of the item and all parties to the transaction are subject to any restrictions.
• “Catch-all” determination - Non-listed items may be subject to a ‘catch-all’ controls if the trader is aware, informed or has reason to believe that the items may contribute to a WMD or military end-use/end-user.

Purpose: to verify that classification/identification and transaction screening procedures have been completed prior to shipment and to confirm the accuracy and integrity of the shipping declarations. Enterprises must confirm at the time of shipment/transfer that:

• Classification and transaction screenings have been completed;
• Goods/technology and/or services and their quantities correspond to the descriptions set out in instruction/customs documents and/or license approvals/authorizations.

Purpose: to appraise the integrity of your ICP – across the entire enterprise - by verifying that operational compliance procedures are being implemented properly, reflect the enterprise's stated compliance policies, processes, and procedures, and that your enterprise’s procedures are consistent with all relevant STC laws and regulations.

• Establish a regular audit schedule to confirm that the ICP is implemented appropriately according to the written operational procedures and is compliant with all relevant and applicable STC laws and regulations.
• Audits can be conducted by internal or external personnel. If conducted internally, it is recommended that the audit be carried out by individuals separate from sales.

Purpose: to provide compulsory, periodic training for all employees that maintain STC compliance or export-related functions, to ensure they possess a working knowledge of current STC obligations and the specific requirements of the ICP.

• Training and continued education should be carried out for employees at all levels, including management, new staff, persons who work in sales, export related units, or are involved in technology transfer, and compliance personnel
• Use formal and informal training methods that are supplemented by other on-the-job training resources (electronic media, such as the internet and CDs/DVDs, handbooks, webinars, etc.).
• Ensure that staff are aware of all STC laws, regulations, policies and control lists and all amendments to them as soon as they are made public.

Purpose: to ensure STC-related documents (administrative and transaction records) are maintained in a consistent manner and can be made available to your government or other external parties for inspections or audits.

• Archive STC-related documents for an appropriate period according to the requirements of domestic STC laws and regulations
• Develop procedures for archiving STC-related records and ensure employees understand their obligations and which, how and where records must be retained.
• Create a filing and retrieval system and preferred format for maintaining and preserving STC-related records and a defined period of retention.

Purpose: to provide clear guidance to all employees regarding the notification, escalation, and corrective action measures to take in the event of suspected or known incidents of STC non-compliance.

• Establish procedures to govern the actions of employees when a suspected or known incident of STC non-compliance has occurred.
• Develop procedures for reporting violations and suspicious order inquiries to the competent government authorities (includes voluntary self-disclosures (VSD))
• In the event of a violation, identify enterprise risks and vulnerabilities and implement corrective actions to strengthen the ICP.
• Implement disciplinary procedures against any employee responsible for confirmed violations of STC regulations or ICP procedures.