- Why Sharetru?
- Resource Hub
ITAR, or the International Traffic in Arms Regulations, is a set of regulations drafted to ensure the protection of government defense data, including articles and services on the United States Munitions List (USML) and all related technical data. Only companies that have registered with the Directorate of Defense Trade Controls (DDTC) are permitted to import and export defense data. Each year companies are required to renew their registration with DDTC and recommit to maintaining ITAR compliance.
Does your company handle sensitive defense data? If so, you should revisit your ITAR compliance efforts to ensure they’re up-to-date. Explore this article to discover why maintaining compliance is essential and what steps you can take to ensure ITAR compliance in 2019.
While monitoring your business activities to ensure they are compliant may seem laborious and time-consuming, failing to meet compliance regulations can put your business in jeopardy. ITAR compliance is not something you can mostly align with or approach casually. Compliance requires vigilance and full commitment on the part of your entire company.
Failure to align with ITAR regulations comes with serious consequences. Because ITAR deals with defense materials, related data is often highly sensitive and highly valuable to hackers. That’s why ITAR violations may result in criminal or civil penalties, being barred from future exports, and/or imprisonment. Your business could also be required to pay:
Civil fines as high as $500,000 per violation
Criminal fines of up to $1,000,000 and 10 years imprisonment per violation
These are risks that you don’t want to subject your business to, and you personally don’t want to face. Think twice before you cut corners in terms of ITAR compliance. It could mean the end of your career and potentially a criminal record.
Being ITAR compliant isn’t a one-time event. This is an ongoing process that takes time and investment each year as your registration needs renewal and regulations are often updated. If you want to ensure you’re ITAR compliant, find out what steps you should take this year to protect your government defense data.
If your business deals with ITAR-related data, you’re required to register with the DDTC. If you have not registered or your registration has lapsed, you need to go through the registration process for 2019.
Because you are required to renew your ITAR registration every 12 months, it’s important that you keep a close eye on this date. The average registration approval period is about 45 days, but you should submit your ITAR registration renewal documents at least 60 days prior to the expiration date of your registration. This ensures that your documents will be processed and approved before the deadline.
If you allow your registration to lapse, you are responsible for preventing any ITAR-related imports and exports to avoid facing noncompliance consequences. A renewed registration does not retroactively cover past imports or exports, so you could still be subject to non-compliance risks. Also, if you halt operations while you wait for renewal, you could lose business and hurt your bottom line.
The registration process is fairly simple:
Pay Registration Fees
Complete the Registration Form
Gather Supporting Documents
Upload Your Registration Packet
ITAR registration does cost a fee, so be sure to budget for this annual payment. You have three fee tier possibilities that are dependent on your company’s ITAR history:
Tier 1: Annual flat fee of $2,250 - This applies to first-time applicants, annual registration renewal requests for stand-alone brokers, and non-profit organizations.
Tier 2: Set fee of $2,750 - This is the renewal fee for registrants who have received favorable authorization for 10 or fewer license applications or requests for authorization over the last year.
Tier 3: A Calculated Fee of $2,750+ - This applies to renewal applicants who have received favorable authorizations on 10 or more license applications over the last year. These organizations will pay $2,750 plus $250 multiplied by the total number of applications over 10.
In order to keep your ITAR registration up to date, you should designate who in your company is responsible for managing the renewal each year. Ensure they file for renewal with enough time prior to your registration end date to receive approval before you have to stop business operations.
A key aspect of maintaining ITAR compliance is the compliant processes and procedures you put in the place. The more you transfer and receive sensitive defense data the greater the potential for noncompliance.
However, if you have established compliance processes in place, you can mitigate the risk of noncompliance. Providing your employees with a set of rules to follow when they handle sensitive data will maintain compliance, even if someone in your organization isn’t familiar with ITAR regulations.
Help protect sensitive defense data and maintain compliance by creating a compliance program that is:
Thoroughly Documented - Outlining compliance procedures for your organization creates uniformity in processes, educates your employees on ITAR expectations, and ensures continuity even as employees leave the company and others are hired.
Tailored for Your Business - Each company has unique processes and business operations. Your compliance programs might look different from another company in your same industry. When you tailor your compliance program specifically to your business operations, it’s sure to meet your specific needs.
Regularly Reviewed and Updated - Government compliance regulations change all the time. Because much of ITAR compliance pertains to the transfer of data, this means that as technology advances, new threats are constantly developing, too. It’s important to update your compliance program regularly and communicate all updates to employees as needed.
Supported by Management - Finally, for an ITAR compliance program to be successful, your management team needs to communicate and demonstrate its support of compliance initiatives. If tasks take a little longer because additional steps are required for compliance, management needs to understand and support these efforts. It’s better to maintain compliance and avoid risks than cut corners to attempt to increase productivity.
Your compliance program should be an integral part of your daily operations and should dictate much of how your employees handle data.
Finally, it’s always important to maintain familiarity with ITAR regulations. As these regulations can change at any time, you should revisit and revise your compliance measures regularly. An annual edition of ITAR regulations is published each April, but you shouldn’t wait to refresh your memory on ITAR until then.
Changes within your company provide the perfect opportunity to revisit ITAR. Have you adopted a new email server? If so, revisit ITAR regulations to ensure your new solution is compliant. Maybe your business began work with a new subcontractor. You could be responsible for any noncompliant activities on the part of your subcontractors. So, this new partnership is a reminder to revisit ITAR regulations and confirm all companies you work with are ITAR compliant.
When you’re well read on the subject of ITAR compliance, you’ll be able to establish and update processes that help you avoid major fines associated with noncompliance.
That brings us to the fourth step to ensuring that you’re ITAR compliant: using a file sharing solution designed specifically for ITAR compliance. A compliant file sharing solution can help you mitigate the risks of noncompliance.
Since so much of ITAR compliance is focused on how you store and transfer data, a compliant FTP solution could cut down on the amount and time and effort you have to invest in compliance activities. Instead, you have an expert vendor and a solution designed with compliance in mind to do the work for you.
Find out everything you need to know about ITAR compliance and how to protect sensitive government data in this free guide.
Founder of Sharetru (Formerly FTP Today) and a respected voice in secure file transfer and Internet protocols. A software and IT geek since a young age, Martin has successfully led his companies through the digital age by spotting market niches and filling them with quality IT services.
Get industry-leading thought leadership content to stay informed, delivered to your inbox.