Typically, the first step in the overall transaction screening process is determining whether the item (the product, equipment, material, component, part, technology, or software) involved in a given transaction is a “strategic” item according to the laws and regulations where the transaction originates, or, in some cases, a foreign country’s laws and regulations that apply extra-territorially. Item screening or “classification”—for strategic trade control, not Customs, purposes—is done by comparing the technical characteristics, specifications, and applications of an item against the control list(s) that identifies the items regulated in a given strategic trade control system. All items that the enterprise deals in should be screened and classified to the extent possible. STC classification can be complex and challenging, especially in the case of customized “solutions”, multi-material products, and technology. In addition, different national strategic trade control systems may have different definitions of certain terminology or different approaches to classifying items for strategic trade control purposes.

• EXAMPLE: According to some national STC systems, a “finished product or solution” that only includes one or two strategic item components may result in a classification based on the finished product or the solution and not the strategic item components, unless the strategic item components could be removed from the finished product, constituted the most important component(s) of the finished product, or accounted for more than a certain percentage of the total value of the finished product. By contrast, under other national STC systems even the smallest strategic item component of an otherwise non-strategic finished product may cause that non-strategic finished product to be classified as a strategic item.
   

Note: It is recommended that your enterprise determine what constitutes a “strategic item” in your country and how national authorities classify finished products that contain strategic item components.

Task 1: Determining Who Will Develop the Item Screening Process

The item screening process should be developed by the appropriate empowered compliance official (CCO or TCO/TCM) together with the support of representatives from the legal department and the engineering or R&D department, and the logistics/shipping or import/export department, as needed and available. The participation of each of those parties in the development of the item screening process will help ensure that it aligns with the enterprise compliance program and applicable legal/regulatory requirements, that it draws upon all available technical expertise within the organization, and that it can be integrated with the enterprise’s product/technology development and shipping processes.

Task 2: Designing the Specific Procedures for Item Screening

The specific procedures for item screening will depend on whether the item is one of the enterprise’s own products versus a part/component/material/equipment/technology/software of another enterprise. In all cases, it is critical that the item(s) are being screened / classified against the correct and most up-to-date versions of any and all applicable control lists. The classification of an item for strategic trade control purposes should begin as early in the product/technology life cycle and/or supply chain as possible and be flexible enough to allow for changes.

Before classifying an item for strategic trade control purposes, your enterprise should seek to determine:

• Whether the item to be classified is a single product or a system or customized solution;
• Whether any of its contents are of foreign origin; and
• The extent to which there have been any modifications to the item.

An enterprise can start the item screening/classification process using its own internal resources such as engineering personnel and other specialists who know the technical specifications and capabilities of the items the best. If the item is a good or technology produced by another enterprise, that enterprise may be contacted to see if it already has the item classified for strategic trade control purposes, or, possibly to confirm the technical specifications and capabilities of the item. If internal and external enterprise resources are not available or are not able to produce a definitive classification of the item, very often the strategic trade control licensing agency whose list the item is being screened/classified against will provide written guidance, online classification assistance tools, or official or unofficial feedback on the classification of the item upon request. If the enterprise does not want to make use of government resources to assist with item classification, very often there are private service providers (consultants, law firms, etc.) that will help classify items for a fee. It is not recommended to rely on outside customs brokers, freight forwarders, and third-party logistics providers to conduct item classification for strategic trade control purposes unless they have actual experience conducting such classifications. Whatever the source(s) of the ultimate classification are, that classification should be recorded and included with the relevant records for that particular transaction and as part of any product or parts database the enterprise may maintain for future reference.

Note: The “Implementation Resources” (“International STC Resources – Commodity Classification Resources” heading) contains hyperlinks to a variety of government and industry-produced classification screening tools that your enterprise might find useful.

Task 3: Assigning the Personnel that Will Be Responsible for Conducting Item Screening

Once the item screening/classification process has been designed, the responsibility for conducting item screening in accordance with that process must be assigned. The designated enterprise trade compliance official (e.g. CCO) should oversee transaction screening in large enterprises and possibly take the lead in conducting items screening in SMEs. Whenever possible, enterprise engineers, technical experts, or those that know the items best should have primary responsibility for conducting item screening/classification. For items that have been classified, enterprise sales and logistics personnel can assume responsibility for screening subsequent transactions for those items against the enterprise’s classification records, however, it is critical that the strategic trade control classifications remain updated and that a procedure is in place to refer prospective transactions to the empowered compliance official, in cases where the sales or logistics personnel have questions or doubt about whether an item has been classified.

Task 4: Establishing Procedures to Keep the Item Screening Processes and Inputs Up-to-Date

As noted, it is imperative that item screening procedures and items classifications are kept up-to-date. The responsibility for monitoring changes to applicable strategic trade control rules and procedures and/or to control lists most likely will fall to a trade compliance officer (TCO) or a designate. For example, the websites of relevant strategic trade control licensing agencies should be checked for any updates on bi-weekly or at least a monthly basis. If changes to strategic trade control rules or control lists occur, the TCO must ensure that all enterprise procedures and records, item classifications in particular, are modified to reflect those changes and that all relevant enterprise personnel are informed of the changes.

Task 5: Documenting the Item Classifications and the Item Screening Process and Its Outcomes

All records of item classification must be retained for future reference and auditing purposes. Please refer to the “Recordkeeping and Documentation” section for additional information related to item classification records.

Note: The “ICP Implementation Aids” section of this guide contains product classification templates that can be used by your enterprise to catalogue and record item classifications for your product inventory.

Screening all parties to a prospective business transaction or activity, especially the end-users of an item to be transferred, is a critical element of transaction screening, even if the item involved in the transaction is not a strategic item. Party screening is critical because international organizations such as the United Nations Security Council, and national governments, have instituted sanctions and special trade restrictions on enterprises and individuals that have engaged in weapons proliferation or terrorist-related activities (or that pose a risk of doing so), violated strategic trade control laws, or that pose some other threat to national interests or international security. The United Nations Security Council and national governments typically publish these lists of sanctioned parties on their official websites, and trade with such listed parties most often is restricted (in that it requires prior government authorization) or is prohibited altogether. But commercial enterprises should not rely solely on lists provided by international and national government organizations; business communities and organizations, and the enterprises themselves may have better knowledge of which commercial actors are legitimate and trustworthy than governments do. Therefore, enterprises should try to utilize their own customer and supplier information, information provided by trade and industry associations, and commercially available business intelligence (such as Bloomberg and Dunn & Bradstreet) together with official proscribed party lists.

The tasks involved in party screening for strategic trade compliance are as follows:

Task 1: Determining Who Will Develop the Party Screening Process

The party screening process should be developed by the appropriate empowered compliance official (CCO or TCO) together with the support of representatives from the legal department and the sales/marketing department/personnel and the logistics/shipping or import/export department/personnel, as needed and available. The participation of each of those parties in the development of the party screening process will help ensure that it aligns with the enterprise STC compliance program and applicable legal/regulatory requirements, that it draws upon all the available transaction party information within the organization, and that it can be integrated with the enterprise’s shipping process.

Task 2: Designing the Specific Procedures for Party Screening

Party screening is a multi-step process. First, your enterprise must determine which parties will be screened and when they will be screened. For example, screening might be required for all new potential customers and business partners at the point of first contact, as well as all parties that will be involved in a business transaction or activity. To the extent possible, party screening should be done at multiple points in the transaction or business partner relationship. In the least, party screening should be conducted at the point of initial contact, request-for-quotation, or solicitation with an outside party, and then again prior to shipment, transfer, or purchase of the goods, technology, software, or services involved [also see the “Shipment Control” element in the “Elements of an ICP” section]. Existing and already-screened customers and business partners should be re-screened at least once per year as well as prior to any transfer or acquisition.

Next, your enterprise must decide what lists and sources of information the parties will be screened against. The most important lists to screen against are those of the government(s) with jurisdiction over the transaction, which in most cases would be the government of the country you are exporting from (please be aware, however, that some governments, such as the U.S. government, extend their strategic trade controls extra-territorially to apply to their nationals whenever located or even to items that are U.S.-origin). Assuming that the country you are operating in is a member of the United Nations, all UN Security Council sanctions lists should be screened against if those lists already have not been incorporated directly into national regulation.

In addition, there are numerous commercially available restricted party screening tools available from companies such as Amber Road, Aptean, MiC Customs Solutions, Integration Point, Intredex, Kewill, Livingston International, MK Denial, OCR Inc., Shipping Solutions, Thomson Reuters and Visual Compliance, among others. For new or unknown customers, and business and transaction partners, freely available and paid business information services such as Dow Jones, Dun & Bradstreet, Bloomberg, and Epicos, can be utilized, as well as simple web engine searches on Google, Baidu, etc. As part of the process, the databases and resources utilized, and the names/terms searched should be recorded together with the name of the individual that conducted the search and the date and time of the search.

Note: The “ICP Implementation Aids” section of the ICP Guide contains templates and checklists that can be used to review and assess parties to a transaction. Likewise, the “International STC Resources sub-section – End-User Screening Resources” heading) contains hyperlinks to various restricted parties lists that your enterprise might find useful.

Task 3: Assigning the Personnel that Will Be Responsible for Conducting Party Screening

Once the party screening process has been designed, the responsibility for conducting party screening in accordance with that process must be assigned. The designated enterprise trade compliance official (e.g. CCO) should oversee party screening in large enterprises and possibly take the lead in conducting party screening in SMEs. Whenever possible, sales and marketing, purchasing, shipping, and those that know the customers and parties to the transaction best should have primary responsibility for conducting the screening. It is critical that the restricted party lists to be screened against are the most up-to-date and that a procedure is in place to refer party screen “hits” to the appropriate empowered compliance official.

Task 4: Establishing Procedures to Keep the Party Screening Processes and Inputs Up-to-Date

It is imperative that restricted party lists are kept up-to-date. The responsibility for monitoring changes to applicable international and national government restricted party lists most likely will fall to the TCO or a designate. For example, the websites of relevant government agencies should be checked on at least a bi-weekly basis for enterprises with a high volume of shipments, or before each transaction/transfer if they only occur once per month or less. If changes to a relevant restricted party list have occurred, the TCO must ensure that all screening resources reflect those changes and that all relevant enterprise personnel are informed of the changes.

Task 5: Documenting the Party Screening Process and Its Outcomes

All records of party screening must be retained for future reference and auditing purposes by the personnel conducting the screening. Please refer to the “Recordkeeping and Documentation” section for additional information related to party screening records.

Note: The “ICP Implementation Aids” section of this guide contains a template that can be used to establish customer profiles that can be used to document the party screening process.

In almost all countries and areas with strategic trade control systems, items and activities that contribute to a nuclear, chemical, or biological weapon or their means of delivery (namely missiles), are restricted if not wholly prohibited. In some systems, even conventional military-related end-uses are controlled as well. The “catch-all” control clauses found in the STC legislation of those systems establish that when a trader knows, should know, or is informed by the government authorities that the item or activity involved in the transaction is or may be intended for a WMD- and/or military-related end-use, the transaction cannot proceed without government authorization or is prohibited altogether, regardless of whether the item or service involved is on the national control list of that country. In addition, many countries restrict the provision of technical assistance (domestically or abroad) to a foreign person when the assistance provider knows, should know, or is informed that the assistance will be used for a WMD-related end-use.

Screening for these controlled end-uses is challenging, but enterprises should endeavor to screen every international transaction and activity (including those involving foreign persons) for controlled end-uses.

End-use screening methods include:

• Making direct inquiries into the planned end-use of the item;
• Requesting the that the party or parties involved in the transaction complete an end-use statement or end-user certificate (which often is a requirement for obtaining a license to trade in listed items);
• Using government-issued guidance that provide indicators of controlled end-uses; and
• Employing risk assessment techniques to decide whether the stated end-use is legitimate when compared to other information about the item, transaction parties, and countries involved.

Effective end-use screening requires your enterprise to undertake the following tasks:

Task 1: Determining Who Will Develop the End-Use Screening Process

The end-use screening process primarily should be developed by the appropriate empowered compliance official (CCO or TCO) together with the enterprise legal counsel. Enterprise engineers and R&D personnel also can contribute to the end-use screening process given that they likely have the most in-depth knowledge of the potential end-uses of the enterprise’s items. The sale team also can help develop parts of the process that involve communicating with customers and business partners to determine what the end-use of a prospective transaction or activity will be.

Task 2: Designing the Specific Procedures for End-Use Screening

The procedures for end-use screening are relatively straightforward, the challenge lies in obtaining the information needed to conduct a thorough end-use screen. First, enterprises should determine the scope of the end-use controls of the jurisdiction it is operating in, and also consider its own corporate trade policy. The “catch-all” controls of some jurisdictions only apply to WMD-related end-uses, while in others, it applies to both WMD- and military-related end-uses. With its latest round of amendments to its Dual-Use Regulation, the EU will soon be introducing terrorism- and human rights-based end-use controls; Russia and a few other jurisdictions already have terrorism end-use controls in-place. As early in the potential transaction as possible, the point-of-contact with the prospective customer or business partner should try to ascertain what the planned end-use of the item(s)/service(s) involved will be.

Requiring the end-user to complete an end-use statement or undertaking, even if not required by the government of the country of export, is one method for obtaining end-use information. A procedure should be put in place to ensure that any potential transactions or business activities involving a controlled end-use are halted and referred to the designated compliance official for further analysis and consideration. It may be that the transaction or activity is determined not to be WMD- and/or military-related after further due diligence, or that the enterprise can apply for a government authorization to proceed with the transaction or activity (which is possible under some systems, although in many cases the license application will be denied).

Task 3: Assigning the Personnel that Will Be Responsible for Conducting End-Use Screening

Once the end-use screening process has been designed, the responsibility for conducting country screening in accordance with that process must be assigned. Personnel from the sales team or those that have the primary interface with the customer or outside parties can be the ones who conduct the preliminary end-use screen. Again, if the enterprise is a developer, manufacturer, or major dealer of the item involved, it can analyze the goods and technologies that it deals in to identify potential controlled end-uses of those items in advance. As noted above, there should be a procedure to refer the proposed transaction to the appropriate empowered compliance official for further review in cases where there are any “hits” on a potential controlled end-use.

Task 4: Establishing Procedures to Keep the End-Use Screening Processes and Inputs Up-to-Date

Because the list of controlled end-uses is not as lengthy or fluid as those of controlled end-users and destinations, they do not need to be checked and updated as frequently, however, the enterprise empowered compliance officials should stay current with the scope of the “catch-all” provisions of any applicable domestic and foreign regulations, as they may change from time-to-time. In addition, perhaps with each change to applicable domestic and foreign control lists, the enterprise can update its own analysis of the controlled end-uses that its goods, technologies, and services can be utilized for, if any. To those ends, the enterprise also should try to develop good communication and information channels with the STC licensing agencies in the jurisdictions where it is operating to help stay current with controlled end-use and proliferation trends to assist with its own end-use analysis.

Task 5: Documenting the End-Use Screening Process and Its Outcomes

All records of end-use screening must be retained for future reference and auditing purposes by the personnel conducting the screenings. Please refer to the “Recordkeeping and Documentation” section for additional information related to end-use screening records.

In a way, diversion risk screening is the “catch-all” of transaction screening. Diversion risk screening is assessing the possibility that an item or service will go to a person, place, or use other than what is declared to the enterprise or authorized by the government in the course of a transaction. At its core, diversion risk screening is intended to ensure that items or services do not go to sanctioned/restricted countries, businesses or individuals, and do not go to WMD- or military-related end-uses. Diversion risk screening should be conducted for all business transactions and activities involving foreign persons or places, even if the results of all of the other types of screens are negative.

Several national governments (including the governments of the United States, Korea, and Russia) and international organizations have developed and published “diversion risk” indicators, which are sometimes referred to as “red flag indicators,” that enterprises can use as part of their diversion risk screening process. Enterprises also are encouraged to develop their own diversion risk indicators using their specialized knowledge of the goods/technologies/services that they deal in, their customers and other actors in their industry sector, established global markets and supply chains for their items and services, and the standard commercial practices in their industry sector.

Task 1: Determining Who Will Develop the Diversion Risk Screening Process

The diversion risk screening process primarily should be developed by the appropriate empowered compliance official (CCO or TCO) together with technical and sales specialists from the enterprise. The latter can help tailor or expand upon government-provided lists of diversion risk indicators to make them even more applicable to the enterprise’s actual business and operational realities. The legal team can offer guidance on whether there are diversion risk/red flag indicators that, because they are codified in national legislation, if present in a transaction, automatically impute the knowledge or suspicion of an unauthorized end-user, destination, or end-use necessary to trigger the STC system’s “catch-all” provisions.

Task 2: Designing the Specific Procedures for Diversion Risk Screening

Diversion risk screening can and should be conducted at all phases of the transaction, and especially any time the particulars of the transaction change in any way. To design a procedure for diversion risk screening, your enterprise should first determine if diversion risk indicators are codified / mandated in the STC legislation of the jurisdiction where the transfer or service will originate, or whether the country’s STC licensing agency provides diversion risk guidance that should form the foundation of the screen.

If the government of the country where the transfer of the item or service will originate does not mandate or provide any diversion risk indicators, those of other countries may be utilized. As noted previously, the U.S., Russian, and Korean governments all publish some form of diversion risk indicators [listings of diversion risk indicators can be found in the “Implementation Resources” section under the-“International STC Resources” heading of this guide]. The enterprise should then add to or adjust the list of diversion risk indicators that will be screened against using its own knowledge-base and experience. In all cases, it is critical that the diversion risk screening process discourages “self-blinding” the enterprise from identifying diversion risks. Once the list of diversion risks that will be screened against has been developed, the enterprise should determine the points in the transaction life cycle at which the diversion risk screen will be conducted. Finally, as part of the diversion risk screen process, a protocol for alerting the appropriate empowered compliance official of any diversion risk screen “hits, and a procedure for further investigating and assessing the potential diversion risk also should be developed.

Note: The “ICP Implementation Aids” section contains checklists and templates that can be used to assess diversion risk. Likewise, the “International STC Resources” sub-section contains hyperlinks to a variety of diversion risk/red flag indicators that your enterprise might find useful.

Task 3: Assigning the Personnel that Will Be Responsible for Conducting Diversion Risk Screening

Once the diversion risk screening process has been designed, the responsibility for conducting diversion risk screening in accordance with that process must be assigned. Personnel from the sales team or those that have the primary interface with the customer or outside parties can be the ones who conduct the preliminary diversion risk screen. Later in the process, the diversion risk screen may be conducted by the logistics/shipping department. As noted above, there should be a procedure to refer the proposed transaction to the appropriate empowered compliance official for further review in cases where there are any “hits” against any of the established diversion risk indicators.

Task 4: Establishing Procedures to Keep the Diversion Risk Screening Processes and Inputs Up-to-Date

Because the list of diversion risk indicators is not as lengthy or fluid as those of controlled end-users and destinations, it does not need to be checked and updated as frequently. However, empowered compliance officials should stay current with the diversion risk provisions of any applicable domestic and foreign regulations, as they may change from time-to-time. In addition, in conjunction with its annual internal review/audit, the enterprise should evaluate its diversion risk screening process to ensure that it is as comprehensive and effective as possible. To those ends, the enterprise also should try to develop good communication and information channels with the STC licensing agencies in the jurisdictions where it is operating to help stay current with proliferation trends to help further enhance its approach to diversion risk assessment.

Task 5: Documenting the Diversion Risk Screening Process and Its Outcomes

All records of diversion risk screening must be retained for future reference and auditing purposes by the personnel conducting the screening. Please refer to the “Recordkeeping and Documentation” section for additional information related to diversion risk screening records.