GENERAL ASPECTS OF UNIVERSITY'S COMPLIANCE PROGRAM
Where possible, the organizational structure of the university has centralized the key export functions and coordinated export activities with other departments that may become involved in export-related issues, i.e., legal counsel, shipping, university contracts, and sponsored research. Each export control task discussed in Section III (A) has a specific person assigned to perform the task and a specific person who is responsible for assuring that it is performed. Personnel assigned export control functions have been given authority commensurate with their responsibilities. Formal lines of communication between key personnel and other with export-related functions have been established. Underscoring its commitment to promote aggressive management of controlled technology by all Stevens' employees, university administration will hire, train, and motivate quality export compliance personnel. Compliance personnel must have a working knowledge of export control laws and regulations and be able to competently ensure the university's compliance through the effective management of its export management and compliance program. Export control personnel will have authority commensurate with their responsibilities, including authority to stop export transactions when warranted; and training, expertise and authority sufficient to safeguard the university against long-range legal implications that it risks through an ineffective export management and compliance program. Compliance personnel must not only possess the ability to discern the right thing to do but will be supported by university management and the university community.
- MANAGEMENT OF THE EMCP
Individuals and functions:
Empowered Official (EO)
The Executive Director of the Office of Sponsored Programs is the Empowered Official for Stevens Institute of Technology. In this capacity, the EO has authority to represent the university before the export control regulators in matters related to registration, licensing, commodity jurisdiction requests, or voluntary disclosures. While certain oversight functions may be delegated, only the EO has the power to sign such paperwork and bind the university in any proceeding be DDTC, BIS, OFAC, or any other government agency with export control responsibilities. The EO will oversee management of the university's ECMP and all related aspects including communication to the Provost, the Director of Risk Management, and General Counsel when necessary.
Oversight Function by Dir. Of Risk Mgmt.:
Shall monitor activities and performance of the Empowered Official by means of a quarterly meeting and reporting in order to identify and assess potential areas in need of strengthening and improvement.
Export Compliance Officer (ECO)
- makes the determination as to whether a project involves controlled technology, if a TCP is needed or if a license is required
- establishes a monitoring and visitation timeline in order to visit and audit key campus functional areas and PIs as to their respective oversight activities. The UECO will document discussion content as well as recommended improvements and follow-up on progress at the next visit. Any serious breaches in protocol or deviations from the ECMP that are detected during the visit will be reported immediately to the EO:OSP/ED for implementation of a mitigation strategy
- Identifies areas at SIT relative to research and other activities that are impacted by export control regulations;
- Additionally, directors of other offices or units on campus including, but not limited to: Finance, Risk and Safety Oversight Task Force, Human Resources, International Programs, Academic Entrepreneurship, Travel and SERC share the responsibility of overseeing export control compliance in their units and supporting the UECO in implementing procedures as deemed necessary by the UECO for export control compliance.
- Recommends procedures to the senior SIT administration to strengthen SIT compliance;
- Educates inventors, principal investigators, center directors, and academic unit heads about export control regulations and procedures followed at SIT;
- Educates other units within SIT such as Finance, Purchasing, Travel, International programs, Human Resources, and Academic Entrepreneurship about export control regulations and procedures followed at SIT;
- Monitors and interprets legislation;
- Works with other on campus to facilitate understanding and compliance with export controls;
- Assists investigators, researchers and offices within SIT when research or research results are export controlled;
- Seeks assistance from EO and SIT legal counsel when uncertain about classification and in filing license applications;
- Develops a Technology Control Plan ("TCP") for each export-controlled project consistent with these procedures to aid the principal investigator ("PI") in meeting his/her export control responsibilities;
- Conduct training for the university community and coordinate the maintenance of an export controls website, or the export controls section of the OSP website; and,
- Liaison with EOs or UECOs of other universities who may be involved in multi-institutional research projects
Oversight Function by EO:
Shall monitor activities and performance by means of a monthly meeting and a quarterly report of activities in order to identify and assess potential areas in need of strengthening and improvement.
Office of Sponsored Programs (OSP)
- The OSP provides assistance and expertise with export controls by working closely with the ECO and EO in identifying export control issues and providing support for their solution.
- The OSP provides assistance to PIs in reviewing the terms of a sponsorship agreement or grant to identify restrictions on publication and dissemination of the research results, and to negotiate such restrictions out of the agreement;
- Completes Export Control Checklists (including pre-and postaward) for every project and sends them to the ECO for review if export controls issues are indicted or likely;
- Is responsible for maintaining a centralized database of all documentation relating to a research project or education activity;
- Coordinates with the PIs and the ECO to ensure that foreign nationals will be isolated from participation in an export-controlled project in accordance with the TCP, unless the university applies for and obtains a license from the appropriate federal agency.
Oversight Function by EO:
Shall monitor activities and performance by means of a monthly meeting that includes the Preaward and Postaward Directors and the ECO and a quarterly report of inter-related activities in order to identify and assess potential areas in need of strengthening and improvement.
Key University Managers
|Academic deans, directors, and department heads share the responsibility of overseeing export control compliance in their respective schools, departments, centers, or institutes and supporting the ECO in implementing procedures as deemed necessary by the ECO for export control compliance. |
Additionally, directors of other offices or units on campus including, but not limited to: Finance, Risk and Safety Oversight Task Force, Human Resources, International Programs, Academic Entrepreneurship, Travel and SERC share the responsibility of overseeing export control compliance in their units and supporting the ECO in implementing procedures as deemed necessary by the ECO for export control compliance.
Oversight Function by ECO:
|Shall establish a monitoring and visitation timeline in order to visit and audit key campus functional areas as to their respective oversight activities. The ECO will document discussion content as well as recommended improvements and follow-up on progress at the next visit. |
Principal Investigator (PI)
PIs have expert knowledge of the type of information and technology involved in a research project or other university activity, such as presenting at conferences, and discussing research findings in class with fellow researchers or collaborators. PIs must ensure that they do not disclose controlled information or transfer controlled articles or services to a foreign national without prior authorization as required. To meet his/her obligations, each PI:
- Must understand his/her obligations under export controls, and participate in regular trainings to help her/her identify export control issues;
- Must assist the ECO to classify the technology involved in the research or other university activity;
- Identify foreign nationals that may be involved and, if export control is likely, initiate the process of clearing foreign national participation well in advance to ensure that a license is obtained in a timely manner, or implement proper measures to isolate foreign nationals from participation;
- Must if undertaking an export controlled project, brief the students and other researchers involved in the project of their obligations under export controls; and
- Cooperate with the UECO in developing the TCP for which the PI has the responsibility to follow and implement. The TCP is located at Appendix C
Oversight function by ECO:
Shall establish a monitoring and visitation timeline in order to visit and audit individual PIs as to their respective oversight activities, including maintenance of any developed TCPs. The ECO will document discussion content as well as recommend improvement and follow-up on progress at the next scheduled meeting. Any serious breaches in protocol or deviations from the ECMP that are detected during the visit will be reported immediately to the EO for implementation of a mitigation strategy.
- MAINTAINING AND DISTRIBUTING THE EMCP DESCRIPTION AND MANUAL
An official electronic copy of the EMCP Program and Manual will be maintained in the Office of Sponsored Programs by the Executive Director/Empowered Official. The ECO has primary responsibility to ensure that the Export Management and Compliance Program and Manual is updated and distributed annually every July. Also, the EMCP and Manual may be found posted on the OSP website. http://www.stevens.edu/osp/ Updates made prior to July will be distributed and posted as necessary.
- COMPLIANCE TRAINING
Training is one of the critical elements of the university’s export management and compliance program. Because export control regulations change and technologies and their end-users are continually evolving, it is essential for the university to include a training component the Export Management and Compliance Program. The greatest risk of non-compliance of export laws and regulations occurs during casual conversations in person, on the telephone, or via email. Informed users minimize the likelihood that inadvertent violations of export laws and regulations will occur. Ambiguities can lead to confusion which could contribute to an export violation.
An important component of the EMCP is the effective communication of policy and procedures to all employees. Anyone involved in export-related functions, including top management, faculty, staff, contractors, consultants, and even student workers should fully understand export compliance responsibilities as they might relate to their responsibilities. SIT will provide these employees with sufficient training in order to ensure they possess a working knowledge of current export control regulations as well as the specific requirements of the company's EMCP. By ensuring that function-specific elements are considered while developing the EMCP, SIT will develop and maintain a Program that is clearly understood by all employees. That understanding will include the awareness of the importance of their roles as it relates to the university and to the nation. The ECO will prepare updated training materials and will ensure that employees or students engaged in an export controlled project receive the appropriate briefing.
The ECO will also maintain records of training or briefings provided. General export control information and presentations will be available for the university community online at the following link: http://www.stevens.edu/osp/export
Academic deans, directors, or department heads will assist the ECO in implementing the export control training sessions or briefings relative to their respective schools, departments, centers, or institutes. In addition, the directors of other offices or units on campus including, but not limited to : Finance, Risk and Safety Oversight Task Force, Human Resources, International Programs, Academic Entrepreneurship, Travel and Systems Engineering Research Center (SERC) will assist the UECO in implementing the export control training sessions or briefings relative to their units.
D. EXPORT CONTROL ANALYSIS
Export control analysis for sponsored research begins when a PI submits a proposal, receives an award, or changes the scope of an existing project. However, it is strongly encouraged that the planning process begins prior to the proposal submittal in the event a license is required. The US State Department lead times require this planning time.
OSP performs the initial review by completing the Export Control Checklists in Appendices A and B. OSP will look for the following items as 'red flags' that might indicate possible export control issues:
- References to U.S. export regulations (beyond a mere statement to comply with the law);
- Restrictions on publication or dissemination of the research results;
- Pre-publication approval from the sponsor;
- Proprietary or trade secret claims on project results;
- Involvement of foreign sponsors or collaborators;
- Travel, shipping, or work performed outside the U.S.;
- Military applications of the project results; or
- Funding from the DoD, the Department of Energy, the armed services, the Office of Naval Research, NASA, the National Reconnaissance Office or other agencies.
If the initial review indicates a possible export controls issue; the project will be referred to the ECO for final review. Upon completing the final review, the ECO will advise the PI concerning the export controls which might apply to the project, the restrictions on access by foreign persons, and any other relevant requirements pursuant to ITAR and EAR.
E. TECHNOLOGY CONTROL PLAN (TCP)
If the ECO determines a project is export controlled, the ECO will work with the PI to develop and implement a TCP to secure the controlled technology from access by unlicensed non-U.S. citizens. A sample TCP is included as part of this Program in Appendix C. The ECO will work with the PI to develop the TCP as needed.
Training and Certification
Before any individual may observe or access the controlled technology, he/she must be briefed on the procedures authorized under the TCP, certify his or her agreement to comply with all security measures outlined in the TCP and have his/her certification authorized by the ECO or the EO. Appendix D contains a template for the briefing and certification. If an award is received, regardless of the project’s nature, each PI will receive a PI Memo describing export controls. An example of the PI Memo is included as Appendix E.
F. THE LICENSE PROCESS AND PROCEDURES
All licenses for the export of controlled technology as described in the ITAR and EAR and as controlled by OFAC, will be the responsibility of the Empowered Official. The EO will advise the Provost of each circumstance that is determined to require a license.
The EO has authority to represent the university before the export control regulators in matters related to registration, licensing, commodity jurisdiction requests, negotiations, or voluntary disclosures. While certain oversight functions may be delegated, only the EO has the power to sign such paperwork and bind the university in any proceeding be DDTC, BIS, OFAC, or any other government agency with export control responsibilities.
G. LICENSE EXCEPTION/EXEMPTION RELATED TO TRAVEL OUTSIDE THE U.S.
Any travel or transmission to destinations outside the U.S. may trigger export control regulations. A license may be required depending on which items are taken, which countries are visited, or whether defense services are provided to a foreign person. However, an exception of exemption from license requirement may exist.
A License Exception may be available for EAR controlled items, technology, or software if the individual travelling outside the U.S. can certify that he/she meets the criteria of the available exception. An example of the Checklist for qualification is included in Appendix F.
A License Exemption may be available to ITAR controlled technical data transmitted outside the U.S. if the individual transmitting/sending the technical data can certify that he/she meets the criteria of the available exemption. An Example of the Checklist for qualification is included in Appendix G.
Other exceptions and exemptions may be available. Anyone intending to travel or transmit controlled data outside the U.S. should first consult with the ECO. All exceptions or exemptions must be documented with the OSP and the record maintained for at least five years after the termination of the project or the travel return date. Certification forms are located on the OSP website at Appendix H. http://www.stevens.edu/osp/
H. FOREIGN NATIONALS
The presence of a large graduate student and postdoctoral fellow community of foreign nationals poses significant challenges for the institution as it regards compliance with export control regulations. While the university desires to provide the best educational and research experience for all faculty, students and other research-related employees; this must be balanced against the responsibility levied by the government as it pertains to protecting and managing the export of controlled technology.
The ECO will be apprised by OSP of any circumstances where the potential exists for an export control issue. As previously described in Section III (A) (2) of this Program, the ECO will review the Checklists generated by the OSP specialists in order to determine if a project is, or will be, restricted in such a way that the presence of foreign nationals is prohibited. If such a circumstance is indicated, the ECO will initiated a dialogue with the PI, or Project Manager, in order to ensure understanding that the project may not include any foreign nationals, to ensure a TCP is developed, and to ensure that all research personnel understand the issues of compartmentalizing the restricted research (firewalling) from other department/project activities.
All communication, dialogue and exchanges with project personnel will be documented and maintained in the relevant project files. This documentation will be maintained for five years.
I.MAINTENANCE OF RECORDS
SIT's policy is to maintain export-related records on both a project and an individual basis, depending on the circumstances. If there is a specific and discreet project to which the export activity can be related, then all export documentation relevant to that project will be maintained in the project file. However, it will be the case that some export-related documentation, such as analysis of whether the burden has been met to qualify for the Fundamental Research Exemption (FRE) and the exemption certification for carrying laptops abroad, will be specific to individuals. Unless specified otherwise, all records shall be retained no less than five years after the project’s TCP or license termination date, whichever is later.
If ITAR-controlled technical data is exported under an exemption, certain records of the transaction must be kept even beyond the standard five year period. Those records must include:
- Information which meets the criteria of being in the public domain, being educational information, or resulting from Fundamental Research is not subject to export controls under the ITAR as qualifies for an exemption; however, it is SIT's policy that all documentation for these analyses be maintained for five years after the analysis has been done. In the event of any audit, this demonstrates that an assessment was done to determine the designation of exemption or exception.
BIS have specific record-keeping requirements. Generally, records required to be kept by EAR must be kept for a period of five years from the project's termination date. However, if BIS or any other government agency makes a requires for such records following a voluntary self-disclosure, the records must be maintained until the agency concerned provides written authorization concerning the records' release.
A description of the unclassified technical data shall include the following:
- The name of the recipient/end-user;
- The date/time of export;
- The method of transmission (e.g., email, fax, telephone, FedEx); and
- The exemption under which the export qualified
The responsibility for recordkeeping shall fall under the following groups:
a. Office of Sponsored Programs
- EAR One-time and Annual Certifications for travelling abroad with a laptop
- EAR Temporary Export of Beta-Test Software
- EAR Temporary exhibitions, demonstrations, replacement parts and broadcast material
- EAR baggage
- Fundamental Research
- Decision Matrix
- Checklist for consideration of information in the public domain
- OSP Routing Form
- License Applications
- License Approvals
- Documentation of any investigations or correspondence with a government agency
- Proposal memo
- PI memo
ECO recordkeeping includes:
- Project Technology Control Plans
- Log of all random-sample reviews of existing TCPs
- Confirmation and record of all training presentations
- All documentation generated by the ECO in pursuit of that individuals designated duties
- Documentation of all conversations and meetings with PIs and other research-related personnel regarding export control responsibilities
- "Shipment of U.S. Origin Items to Foreign Recipient"
- Copies of shipping labels
- SIT Internal Auditing
- Documentation of any investigations of alleged violations
- SIT Legal Counsel
- Documentation of any legal action, including but not limited to, filings, notices, settlements
- MONITORING AND AUDITING
In order to maintain SIT’s export compliance program in good order and to ensure consistent adherence to U.S. export laws, the ECO may conduct internal reviews of TCPs at any time and as needed. In any event, the ECO will conduct a 10% random-sample review of current, unexpired TCPs each fiscal year. This is in addition to the monitoring and visitation timelines already discussed in Section III (A)(2)(i)
The purpose of the review is a) identify possible violations; and b) identify deficiencies in training, procedures, etc., that can be corrected.
- DETECTING AND REPORTING VIOLATIONS
It will be the policy of SIT to voluntarily self-disclose violations as required and identified. All federal agencies have dramatically increased the investigation in and successful prosecution of export regulation violations. The penalties for these violations can be very severe, including personal liability, monetary fines, and imprisonment. However, government agencies assign great weight to voluntary self-disclosures as a mitigating factor.
Any individual who suspects a violation has occurred must immediately notify the Empowered Official in the OSP, and only the Empowered Official. The EO will notify the General Counsel and send an initial notification about the suspected violation to the appropriate government agency. The initial notification advisement will contain:
- Precise description of the nature and extent of the violations;
- Exact circumstances surrounding the violations(s);
- Complete identities and addresses of all individuals and organizations, involved in the questioned activities;
- Export license numbers, if applicable;
- USML or CCL identifications
- Description of any corrective actions already undertaken; and
- Name and address of the person(s) making the disclosure and a point of contact
The General Counsel will authorize a member of the SIT Internal Audit function to conduct an internal review of the suspected violation by gathering information about the circumstances, personnel, items, and communications involved. Once the review is complete, the circumstances will be reviewed with the EO and the Provost and the EO will provide the government agency with a supplementary letter that contains a narrative account of the institution's findings.
Once the agency has been notified, about either the initial advisement or the results of the subsequent discoveries, the EO will follow the government agency’s instructions.
- CORRECTIVE AND DISCIPLINARY ACTIONS
Recognizing the seriousness of non-compliance with export controls, SIT will address non-compliance in accordance with the SIT Faculty Handbook at section entitled "Dismissal, Suspension, or Other Sanctions." Further, all SIT employees responsible for export control compliance or participating in export-controlled projects must be aware of the substantial criminal and civil penalties imposed for violation of the export regulations including personal liability, monetary fines and imprisonment.
- EMPLOYEE PROTECTION
In accordance with University Policy entitled "Conscientious Employee Disclosure Policy," no individual shall be punished solely because he or she reported what was reasonably believed to be an act of wrongdoing or export control violation. However, a SIT employee will be subject to disciplinary action if the employee knowingly fabricated, knowingly distorted, or knowingly exaggerated the report.