In addition to an STC policy statement, management should seek to demonstrate active involvement in compliance functions and allocate sufficient resources (time, money, and personnel) in order to ensure the effective implementation of your enterprise’s ICP. Management must communicate the policy of the enterprise and assume responsibility for STC compliance functions. Management should designate an individual that is tasked with managing the ICP, and maintain regular communication with this empowered compliance official, in order to ensure STC compliance objectives are being achieved.

Management should also promote a culture of compliance throughout the enterprise and constantly seek to ensure the integrity and effectiveness of the ICP. Management declarations and policies should emphasize that sales will not be pursued at the expense of compliance. Hence, management must stress the costs of non-compliance to all employees and encourage employees to “buy-in” to the idea that the ICP is an investment in the enterprise’s long-term sustainability and competitiveness.

Senior management must also provide employees with the compliance tools necessary to perform their duties, including the appropriate training, compliance resources, budgets, personnel, commensurate authority, and high-level support and technical expertise. Management should constantly seek to ensure that sufficient resources are dedicated to the ICP and should hold regular resource and planning meetings to assess whether STC compliance obligations are being met and to identify any deficiencies or needs of the ICP.

By demonstrating a strong management commitment to compliance, those charged with administering the ICP are more likely to make decisions that are consistent with your enterprise’s stated, STC-compliance interests and objectives. In sum, management’s participation underscores the importance of the ICP and will help to foster a broader culture of compliance within your enterprise.

The written policy statement should come from the senior management of the enterprise - preferably the president, owner, chairman, board of directors, or CEO. Having the statement written and endorsed by top management makes employees more inclined to comply with the enterprise's ICP. If top management does not issue the policy statement, your ICP relies on the voluntary cooperation of all employees and is likely to be less effective.

If your enterprise is larger and senior management is far removed from most employees, it may be more practical to have the statement communicated by a senior official from each operating unit to their respective personnel, along with a copy of the policy statement issued by the President/Chairman/CEO.

Next, your enterprise must decide what to include in the policy statement. STC compliance policy statements are generally clear and concise (no more than one to two pages in length) and include an introductory paragraph, a risk statement, a penalties statement, and an indication as to where employees should direct compliance questions within the organization. The statement should be customized for your enterprise and seek to reinforce other enterprise objectives and policies. At a minimum, the STC policy statement should include some discussion of the following:

• Rationale for STC:
  
  An explanation of the basic rationale of strategic trade controls and their role in protecting the national security, foreign policy, and economic interests of your country. The statement should acknowledge that the unauthorized transfer of strategic items (or non-listed items for unauthorized end-uses/users) can jeopardize national security and/or contribute to the development of WMD or conventional weapons. The statement should include language that clearly explains that your enterprise has instituted formal procedures to control transactions involving strategic and controlled items and that special care is taken to prevent the unauthorized transfer of such items to end-uses, end-users, and destinations of proliferation or diversion concern.
• Management’s commitment to STC:
  
  A declaration affirming management’s commitment to STC and stating that sales will not be pursued at the expense of compliance is a critical component of the policy statement. The policy statement should emphasize that STC compliance is an institutional priority - essential to your enterprise’s business interests and reputation - and will not be compromised for commercial gain under any circumstances. Your enterprise should formally pledge to comply with STC obligations (which for some enterprises could include compliance with STC requirements in multiple national jurisdictions) by including language that explicitly states that your enterprise will not pursue transactions that are in any way contrary to national STC laws and regulations. The policy statement should also affirm management’s commitment to allocate adequate resources to STC compliance functions and express a desire to establish a pervasive compliance-oriented culture within the organization.

   

• Risk and STC penalties:
  
  The policy statement should summarize the range of penalties and consequences for STC violations. The statement should describe the possibility for fines, loss or suspension of trade privileges, and/or imprisonment; as well as the potential for damage to the individual and enterprise’s image and reputation, so that employees understand the seriousness of STC violations and the gravity of STC compliance. To further illustrate the costs of non-compliance, your enterprise might consider including reference to the actual penalties from your nation’s STC legislation. Also, consider language in your policy statement that indicates that employees that violate company policies with respect to strategic trade will face strict discipline, including possible termination.

   

• Employee STC compliance responsibilities:
  
  The statement should acknowledge that it is the responsibility of the enterprise and its employees to be familiar and compliant with STC. The policy statement should identify possible non-compliance scenarios and some of the specific risks related to your enterprise’s products, customers, and activities. The statement should also communicate that STC compliance requires an enterprise-wide commitment (at all levels) and emphasize that each employee has a role in securing the integrity of the ICP. Employees should understand the rationale for STC compliance and their individual role and responsibility in maintaining it. If not, they risk exposing themselves and your enterprise to a range of penalties and damaging consequences.

   

• Who to contact with STC compliance questions:
  
  The policy statement should also indicate the appropriate, empowered official to contact when there are questions about the legitimacy of a transaction or concerns about a potential STC violation. The statement should identify who specifically is responsible for addressing such issues (e.g. Chief Compliance Officer (CCO) or Compliance Manager) or reference the section of your ICP Manual that addresses reporting and corrective action procedures.

   

The STC compliance policy statement should be issued on company letterhead, and should be dated and signed by the responsible senior management official, including their title.

This ICP Guide provides you with several examples of policy statements as well as sample language that your enterprise can utilize (see the “Developing an ICP Manual” [Chapter 1.4] and the “ICP Implementation Aids” sub-section of the guide), but it is not intended to be pro forma, and enterprises should express their commitment to STC compliance according to their own style and circumstances.

Once the STC compliance policy statement has been written, your enterprise must determine to whom (and in what form) it should be distributed. Ideally, your enterprise’s STC compliance policy statement should be disseminated to all employees (with greater emphasis on senior management and those involved in day-to-day export and compliance-related functions) and it should also be included in the ICP Manual.

Management should retain a list of the employees that have received a copy of the statement. Some departments (or their equivalent within your enterprise) that should receive the policy statement include:

The policy statement must be communicated to employees in whatever form is most suitable for your enterprise and in a manner consistent with other priority management policy communications. Management should also take advantage of any and every opportunity to restate its commitment to STC compliance. Opportunities where senior management can reiterate its commitment to STC compliance; include:

• Annual Reports
• Enterprise Meetings
• Enterprise Communications
• Compliance Posters or Flyers
• Ethics and Business Conduct Documents
• In-house Publications
• Intranet with intermittent postings
• Website
• Mission and Value Statements
• New Employee Orientation
• Press Releases
• Procedures Manuals
• Staff Meetings
• Teleconferences
• Training Sessions
• Other CEO/Management Addresses

In addition to employees, the policy statement and commitment to STC compliance should be communicated to your enterprise’s customers (e.g. during pre-contractual negotiations and also in contractual documents relating to the transfer of controlled items). This might include consultants, advisors, independent contractors, agents, interns, freight forwarders, middlemen, brokers, distributors, sales representatives, joint venture partners, or any other contractor or business partner. It is considered a good practice to make this one of the conditions of doing business with your enterprise.

Due to the fact that STC laws and regulations and enterprise procedures may frequently change, the policy statement should be updated and reissued on at least an annual basis. Any changes to applicable laws or enterprise policies should be addressed in the new policy statement. The statement should also identify the individual(s) responsible for updating and disseminating the policy statement. The statements should include the name of the person(s), as well as their title and contact information. If the individual(s) identified in the policy statement changes prior to the annual redistribution, the statement should be reissued as quickly as possible.