On February 28, 2024, the U.S. Department of State and The Boeing Company (Boeing) agreed to an administrative settlement regarding 199 violations by Boeing of the Arms Export Control Act (AECA) and the International Traffic in Arms Regulations (ITAR). As a result of that settlement, Boeing was fined $51 million ($27 million to be paid over the next 3 years, plus $24 million suspended but required to be applied internally to consent agreement conditions). Boeing will also be subject to a plethora of other conditions over the next three years, including government monitoring via a Special Compliance Officer, which will oversee Boeing’s adherence to the conditions of the settlement.

Given Boeing’s recent, well-publicized issues, this settlement with the U.S. Government for export violations may seem somewhat “small potatoes” for a company that tends toward transactions in the billions of dollars. But the real value here is what companies of any size that engage in export transactions, and particularly exports of ITAR-controlled goods, can learn from the published records of the settlement (referred to as a Consent Agreement) and thus, prevent the same issues from negatively impacting company revenue and damaging market reputation.

The violations with which Boeing was charged could be considered a primer on some essential ITAR compliance basics -- 1) unauthorized exports and retransfers of technical data to foreign-person employees and contractors; 2) unauthorized exports of defense articles, including technical data; and 3) violations of license terms, conditions, and provisos of Department of State Directorate of Defense Trade Controls (DDTC) authorizations. You can access the full settlement documents here, but following are some key take-aways worth highlighting.

What NOT to Do

• Do not transfer ITAR-controlled goods, software, or technical data to Foreign Persons¹ without authorization from DDTC, even if the Persons are employees or contractors of the company.

From 2013 to 2020, foreign person employees at multiple Boeing non-U.S. locations, including China and Russia, accessed ITAR-controlled technical data via an internal digital technical document library without a license or authorization from DDTC to do so. Why is that so important? Because some of the files downloaded contained technical information on U.S. military fighter aircraft like the F-18, F-15, F-22, and AH-64 Apache helicopters, as well as technical data on missiles and missile defense systems. In their findings, DDTC stated the China downloads “caused harm to U.S. national security” and the Russia downloads “created the potential” for the same harm.

• Do not export any commodities (hardware, software, and technical data) that are not classified accurately prior to export.

The process of determining which regulatory agency has jurisdiction over the export of a commodity is the newel post to export compliance. The jurisdiction determination (either ITAR or Department of Commerce Export Administration Regulations (EAR)), and the subsequent commodity classification under each jurisdiction, dictates the set of regulatory controls that must be followed for each export transaction. In the present case, DDTC found that on multiple occasions Boeing exported military aircraft systems listed on the United States Munitions List (USML) of the ITAR incorrectly as EAR controlled items to multiple countries. Exports of commodities subject to ITAR controls are generally subject to greater restrictions than EAR controlled items.

• Do not exceed approved value or quantity of exports made under export authorizations or licenses from DDTC.

Boeing disclosed to DDTC that it violated the ITAR in multiple instances by exceeding the authorized value and authorized quantity of DDTC approved export licenses. All export licenses issued by DDTC are specific to the exact commodity and its quantity and related value. It is important to develop an internal tracking system that supports accurate and timely decrementation of export licenses to prevent exceeding permitted limits to avoid violations.

• Do not ignore provisos placed by DDTC on approved export licenses.

Export authorizations approved and issued by DDTC to exporters often come with additional conditions explicitly stated on the license. These additional conditions are called “provisos” and must be adhered to in the course of the export transaction, in addition to the applicable regulatory controls. In the Boeing case, DDTC found that Boeing had multiple violations of the ITAR related to non-compliance with export authorization provisos. For example, DDTC issued an export authorization to Boeing authorizing certain exports of technical data to Israel; however, the authorization included explicit prohibitions on exporting technical data controlled under specific USML categories. Boeing violated the terms of the approved export licenses by exporting technical data controlled under the prohibited USML categories.

What You Can Do

• Ensure internal export control programs are adequate to protect from unauthorized exports.

In its findings against Boeing, the Department of State claimed the settlement "highlights the importance of exporting defense articles only pursuant to appropriate authorization." The simplicity of this statement stressing compliance may contrast with the complexity of internal controls necessary to ensure such compliance. There is no “one size fits all” internal compliance program. Particularly in the case of ITAR exports, it is important to establish a level of control appropriate to your company’s export activities and necessary to ensure no less than minimum requirements are met.

• Consider making a voluntary disclosure to DDTC when violations are detected.

In the settlement agreement, DDTC noted that “Respondent voluntarily disclosed all matters referenced herein, a considerable majority of which predate 2020, after which Respondent incorporated numerous improvements to its compliance program; and that Boeing voluntarily expanded the scope of its internal investigation into these matters and cooperated with the Department's review of these matters.” Boeing’s willingness to voluntarily disclose violations was a significant mitigating factor in the settlement of this case. No internal export controls program is foolproof. When mistakes do happen and violations occur, it is important to consider the merit of a voluntary disclosure to DDTC. If the company determines that voluntary disclosure is warranted, we recommend that you seek the advice of experienced trade counsel to help guide the process.

The trade professionals at Torres Trade Law are highly skilled at navigating the often-complex path of ITAR compliance and other regulatory trade controls. Contact us for assistance. For more articles like this and information about our firm, check out our website.

On February 28, 2024, the U.S. Department of State and The Boeing Company (Boeing) agreed to an administrative settlement regarding 199 violations by Boeing of the Arms Export Control Act (AECA) and the International Traffic in Arms Regulations (ITAR). As a result of that settlement, Boeing was fined $51 million ($27 million to be paid over the next 3 years, plus $24 million suspended but required to be applied internally to consent agreement conditions). Boeing will also be subject to a plethora of other conditions over the next three years, including government monitoring via a Special Compliance Officer, which will oversee Boeing’s adherence to the conditions of the settlement.

Given Boeing’s recent, well-publicized issues, this settlement with the U.S. Government for export violations may seem somewhat “small potatoes” for a company that tends toward transactions in the billions of dollars. But the real value here is what companies of any size that engage in export transactions, and particularly exports of ITAR-controlled goods, can learn from the published records of the settlement (referred to as a Consent Agreement) and thus, prevent the same issues from negatively impacting company revenue and damaging market reputation.

The violations with which Boeing was charged could be considered a primer on some essential ITAR compliance basics -- 1) unauthorized exports and retransfers of technical data to foreign-person employees and contractors; 2) unauthorized exports of defense articles, including technical data; and 3) violations of license terms, conditions, and provisos of Department of State Directorate of Defense Trade Controls (DDTC) authorizations. You can access the full settlement documents here, but following are some key take-aways worth highlighting.

What NOT to Do

• Do not transfer ITAR-controlled goods, software, or technical data to Foreign Persons¹ without authorization from DDTC, even if the Persons are employees or contractors of the company.

From 2013 to 2020, foreign person employees at multiple Boeing non-U.S. locations, including China and Russia, accessed ITAR-controlled technical data via an internal digital technical document library without a license or authorization from DDTC to do so. Why is that so important? Because some of the files downloaded contained technical information on U.S. military fighter aircraft like the F-18, F-15, F-22, and AH-64 Apache helicopters, as well as technical data on missiles and missile defense systems. In their findings, DDTC stated the China downloads “caused harm to U.S. national security” and the Russia downloads “created the potential” for the same harm.

• Do not export any commodities (hardware, software, and technical data) that are not classified accurately prior to export.

The process of determining which regulatory agency has jurisdiction over the export of a commodity is the newel post to export compliance. The jurisdiction determination (either ITAR or Department of Commerce Export Administration Regulations (EAR)), and the subsequent commodity classification under each jurisdiction, dictates the set of regulatory controls that must be followed for each export transaction. In the present case, DDTC found that on multiple occasions Boeing exported military aircraft systems listed on the United States Munitions List (USML) of the ITAR incorrectly as EAR controlled items to multiple countries. Exports of commodities subject to ITAR controls are generally subject to greater restrictions than EAR controlled items.

• Do not exceed approved value or quantity of exports made under export authorizations or licenses from DDTC.

Boeing disclosed to DDTC that it violated the ITAR in multiple instances by exceeding the authorized value and authorized quantity of DDTC approved export licenses. All export licenses issued by DDTC are specific to the exact commodity and its quantity and related value. It is important to develop an internal tracking system that supports accurate and timely decrementation of export licenses to prevent exceeding permitted limits to avoid violations.

• Do not ignore provisos placed by DDTC on approved export licenses.

Export authorizations approved and issued by DDTC to exporters often come with additional conditions explicitly stated on the license. These additional conditions are called “provisos” and must be adhered to in the course of the export transaction, in addition to the applicable regulatory controls. In the Boeing case, DDTC found that Boeing had multiple violations of the ITAR related to non-compliance with export authorization provisos. For example, DDTC issued an export authorization to Boeing authorizing certain exports of technical data to Israel; however, the authorization included explicit prohibitions on exporting technical data controlled under specific USML categories. Boeing violated the terms of the approved export licenses by exporting technical data controlled under the prohibited USML categories.

What You Can Do

• Ensure internal export control programs are adequate to protect from unauthorized exports.

In its findings against Boeing, the Department of State claimed the settlement "highlights the importance of exporting defense articles only pursuant to appropriate authorization." The simplicity of this statement stressing compliance may contrast with the complexity of internal controls necessary to ensure such compliance. There is no “one size fits all” internal compliance program. Particularly in the case of ITAR exports, it is important to establish a level of control appropriate to your company’s export activities and necessary to ensure no less than minimum requirements are met.

• Consider making a voluntary disclosure to DDTC when violations are detected.

In the settlement agreement, DDTC noted that “Respondent voluntarily disclosed all matters referenced herein, a considerable majority of which predate 2020, after which Respondent incorporated numerous improvements to its compliance program; and that Boeing voluntarily expanded the scope of its internal investigation into these matters and cooperated with the Department's review of these matters.” Boeing’s willingness to voluntarily disclose violations was a significant mitigating factor in the settlement of this case. No internal export controls program is foolproof. When mistakes do happen and violations occur, it is important to consider the merit of a voluntary disclosure to DDTC. If the company determines that voluntary disclosure is warranted, we recommend that you seek the advice of experienced trade counsel to help guide the process.

The trade professionals at Torres Trade Law are highly skilled at navigating the often-complex path of ITAR compliance and other regulatory trade controls. Contact us for assistance. For more articles like this and information about our firm, check out our website.

1 The ITAR defines Foreign Person as “any natural person who is not a lawful permanent resident as defined by 8 U.S.C. 1101(a)(20), or who is not a protected individual as defined by 8 U.S.C. 1324b(a)(3). It also means any foreign corporation, business association, partnership, trust, society, or any other entity or group that is not incorporated or organized to do business in the United States, as well as international organizations, foreign governments, and any agency or subdivision of foreign governments (e.g., diplomatic missions).” And Person means any “corporation, business association, partnership, society, trust, or any other entity, organization or group, including governmental entities.”