General Compliance FAQ's
What are company Compliance and Value Policy Statements for Security, Ethics, and Trade Compliance and why should they flow down from our President or CEO?
A: Core values and compliance policy statements are what support the vision, shape the culture and reflect what the company values. They are the essence of the company’s identity – the principles, beliefs, rules to be followed or philosophy of values. Many companies focus mostly on the technical competencies but often forget what are the underlying competencies that make their companies run smoothly — complying with established rules and core values. Establishing strong core values and abiding by the rules provides both internal and external advantages to the company. The values and compliance with the rules of senior leaders are especially important in the corporate culture. Presidents, CEO’s and Senior Management in general have a lot of influence and establish the course and quality of the work environment for employees.
A: Core values and compliance policy statements are what support the vision, shape the culture and reflect what the company values. They are the essence of the company’s identity – the principles, beliefs, rules to be followed or philosophy of values. Many companies focus mostly on the technical competencies but often forget what are the underlying competencies that make their companies run smoothly — complying with established rules and core values. Establishing strong core values and abiding by the rules provides both internal and external advantages to the company. The values and compliance with the rules of senior leaders are especially important in the corporate culture. Presidents, CEO’s and Senior Management in general have a lot of influence and establish the course and quality of the work environment for employees.
• Core values and compliance with the rules help companies in the decision-making processes. For example, if one of your core values is to stand behind the quality of your products, any products not reaching the satisfactory standard are automatically eliminated.
• Core values and compliance with the rules educate clients and potential customers about what the company is about and clarify the identity of the company. Especially in this competitive world, having rules and a set of specific core values that speak to the public is definitely a competitive advantage. • Compliant companies with core values are becoming primary recruiting and retention tools. With the ease of researching companies, job seekers are doing their homework on the identities of the companies they are applying for and weighing whether or not these companies hold the values that the job seekers consider as important.¹* |
Does my Company have formal department(s) personnel assigned functions , “Empowered Official (EO), Ethics Officer, Facility Security Officer (FSO), or designated head for each of those functions?
A: In the U.S. defense industry, the law requires companies in many cases to have an Empowered Official (ITAR requirement), FSO (NISPOM requirement) and an Ethics Program (FAR requirement). In many businesses situations these positions should operate at a "substantial authority" level of management. Beyond the legal requirements, there are many practical business reasons for having these business roles. Whoever may be in these positions has significant compliance culture responsibilities that require varying levels of time involvement. Depending on the company’s size and level involvement, these responsibilities include ensuring that procedures are (1) installed and (2) consistently adhered to throughout the organization. These positions usually require someone whose sole job is either ethics, trade compliance or security. Someone has to do the work, and neither the CEO nor other members of the senior management have the time required to install trade, security and ethics cultures and then ensure these three programs are in compliance.
A: In the U.S. defense industry, the law requires companies in many cases to have an Empowered Official (ITAR requirement), FSO (NISPOM requirement) and an Ethics Program (FAR requirement). In many businesses situations these positions should operate at a "substantial authority" level of management. Beyond the legal requirements, there are many practical business reasons for having these business roles. Whoever may be in these positions has significant compliance culture responsibilities that require varying levels of time involvement. Depending on the company’s size and level involvement, these responsibilities include ensuring that procedures are (1) installed and (2) consistently adhered to throughout the organization. These positions usually require someone whose sole job is either ethics, trade compliance or security. Someone has to do the work, and neither the CEO nor other members of the senior management have the time required to install trade, security and ethics cultures and then ensure these three programs are in compliance.
Why does our company need to establish formal Internal Values and Compliance Programs (ICP’s)?
It is critical that companies not only establish formal Internal Compliance Programs (ICP) but to implement and maintain those programs. ICP’s demonstrate the company commitment for ensuring compliance. Demonstrating this commitment should include the development and implementation of trade and security compliance programs and procedures that are integrated in other parts of the company's internal policy guidelines, directives, and instructions.
The bottom line is that companies with good Internal Compliance Programs are much more likely at avoiding potential contract delays, denials, and even significant fines, imprisonment, or debarment from the U.S. Government. In recent years, Trade Compliance and Security civil and criminal penalties for violations of the ITAR and NISPOM have skyrocketed. First rate compliance programs significantly reduce the probability of violations and penalties.
It is critical that companies not only establish formal Internal Compliance Programs (ICP) but to implement and maintain those programs. ICP’s demonstrate the company commitment for ensuring compliance. Demonstrating this commitment should include the development and implementation of trade and security compliance programs and procedures that are integrated in other parts of the company's internal policy guidelines, directives, and instructions.
The bottom line is that companies with good Internal Compliance Programs are much more likely at avoiding potential contract delays, denials, and even significant fines, imprisonment, or debarment from the U.S. Government. In recent years, Trade Compliance and Security civil and criminal penalties for violations of the ITAR and NISPOM have skyrocketed. First rate compliance programs significantly reduce the probability of violations and penalties.
How often should our employees receive recurring compliance education?
Training is a critical element of any values or compliance based program and ensures employees understand the rules and regulations and reinforces the policies and procedures implemented by various compliance programs more specifically the programs discussed on this website being trade, security and ethics.
Our recommendation is to train all employees from the manufacturing line to the President/CEO at least annually and more depending on the law or their specific levels of involvement with applicable programs.
Training is a critical element of any values or compliance based program and ensures employees understand the rules and regulations and reinforces the policies and procedures implemented by various compliance programs more specifically the programs discussed on this website being trade, security and ethics.
Our recommendation is to train all employees from the manufacturing line to the President/CEO at least annually and more depending on the law or their specific levels of involvement with applicable programs.
Different types of training and Frequency?
Training under your trade, security, or ethics programs can be customized to meet the needs of a particular program or contract or company requirement.
Not all employees have the same training needs every year. Training should be based on the employee’s level of involvement with the applicable regulations. The frequency and how indepth topics are covered in the training should correlate to the employees job function.
All training sessions should be documented and the both the department doing the training and the HR department should maintain a list of attendees, training date(s), and topics covered.
Training under your trade, security, or ethics programs can be customized to meet the needs of a particular program or contract or company requirement.
Not all employees have the same training needs every year. Training should be based on the employee’s level of involvement with the applicable regulations. The frequency and how indepth topics are covered in the training should correlate to the employees job function.
All training sessions should be documented and the both the department doing the training and the HR department should maintain a list of attendees, training date(s), and topics covered.
Export/ Import Compliance FAQ's
What does it mean to classify our products with an Export Control Classification Number (ECCN)?
A: Click on the following url for a detailed explanation of ECCN. http://www.bis.doc.gov/index.php/licensing/commerce-control-list-classification/export-control-classificationnumber-eccn
A: Click on the following url for a detailed explanation of ECCN. http://www.bis.doc.gov/index.php/licensing/commerce-control-list-classification/export-control-classificationnumber-eccn
How do I classify defense products on the U.S. Munitions List (USML)?
A: United States Munitions List can be found at the following url: http://pmddtc.state.gov/regulations_laws/itar_official.html
A: United States Munitions List can be found at the following url: http://pmddtc.state.gov/regulations_laws/itar_official.html
I want to import various commodities but I’m told I have to classify them with a proper Harmonized Tarriff Schedule (HTS) number, how do I accomplish this?
A: The HTS list can be found at: http://www.usitc.gov/tata/hts/
A: The HTS list can be found at: http://www.usitc.gov/tata/hts/
What do you mean when you say that I need to screen my export transactions?
A: Export documentation is not restricted to DoD programs/contracts. In fact, the two are unrelated. Everything that is defined as an export, any commodity (including information) leaving the country, is subject to the U.S. Export Administration Regulations and requires export documentation citing export authority in the form of a license, license exception, or license exemption. These licenses come from the Department of State or the Department of Commerce, as would be the case with our commercial business areas.
A: Export documentation is not restricted to DoD programs/contracts. In fact, the two are unrelated. Everything that is defined as an export, any commodity (including information) leaving the country, is subject to the U.S. Export Administration Regulations and requires export documentation citing export authority in the form of a license, license exception, or license exemption. These licenses come from the Department of State or the Department of Commerce, as would be the case with our commercial business areas.
What is Technical Data under the ITAR and how is it different from Technical Data under the EAR?
A: The attached white paper created by the Defense Trade Advisory Council (http://www.pmddtc.state.gov/DTAG/index.html) Provides an excellent overview of this subject. Please view page here.
A: The attached white paper created by the Defense Trade Advisory Council (http://www.pmddtc.state.gov/DTAG/index.html) Provides an excellent overview of this subject. Please view page here.
Security Compliance FAQ's
What is a personnel security clearance and why are there different levels of clearance e.g. (CONFIDENTIAL, SECRET, TOP SECRET)?
A: A Personnel Security Clearance is an administrative determination by the United States Government that a person or company is eligible for access to classified information. The term “eligibility for access” means the same thing as security clearance and appears in some Government record systems. Security clearances can be issued by many United States Government agencies, including the Department of Defense (DoD), the Department of Homeland Security, the Department of Energy (DoE), the Department of Justice, and the Central Intelligence Agency. DoD, which issues more than 80% of all clearances, and most other agencies have three levels of security clearances: CONFIDENTIAL, SECRET and TOP SECRET. These classifications are based on the level of damage the classified material could cause to US national security if compromised by uncleared personnel or personnel without the need-to-know i.e if CONFIDENTIAL information is compromised, it could cause “damage” to our national security. If SECRET information is compromised, it could cause “serious damage” to national security and if TOP SECRET information is compromised, it could cause “exceptional grave damage” to national security.
A foreign company wants to buy our U.S. defense company, what types of issues should I be concerned with?
A: Please see the following Defense Security Service url for a detail Foreign Ownership Control and Influence (FOCI) explanation: http://www.dss.mil/isp/foci/foci_info.html
A: A Personnel Security Clearance is an administrative determination by the United States Government that a person or company is eligible for access to classified information. The term “eligibility for access” means the same thing as security clearance and appears in some Government record systems. Security clearances can be issued by many United States Government agencies, including the Department of Defense (DoD), the Department of Homeland Security, the Department of Energy (DoE), the Department of Justice, and the Central Intelligence Agency. DoD, which issues more than 80% of all clearances, and most other agencies have three levels of security clearances: CONFIDENTIAL, SECRET and TOP SECRET. These classifications are based on the level of damage the classified material could cause to US national security if compromised by uncleared personnel or personnel without the need-to-know i.e if CONFIDENTIAL information is compromised, it could cause “damage” to our national security. If SECRET information is compromised, it could cause “serious damage” to national security and if TOP SECRET information is compromised, it could cause “exceptional grave damage” to national security.
A foreign company wants to buy our U.S. defense company, what types of issues should I be concerned with?
A: Please see the following Defense Security Service url for a detail Foreign Ownership Control and Influence (FOCI) explanation: http://www.dss.mil/isp/foci/foci_info.html
Ethics Compliance FAQ's
What are ethics and how do they relate to business conduct?
A: Ethics are the guiding principles by which people make decisions and conduct their lives. Because businesses are social constructs and make decisions that affect society, there is an ethical dimension to their conduct.
Business ethics involves applying ethical principles to the activities of business and to the relationships between businesses and various stakeholders. It applies to a wide range of business activity such as relationships with suppliers, employees, and consumers as well as the overall system by which a company is directed and controlled (i.e. governance)¹.
A: Ethics are the guiding principles by which people make decisions and conduct their lives. Because businesses are social constructs and make decisions that affect society, there is an ethical dimension to their conduct.
Business ethics involves applying ethical principles to the activities of business and to the relationships between businesses and various stakeholders. It applies to a wide range of business activity such as relationships with suppliers, employees, and consumers as well as the overall system by which a company is directed and controlled (i.e. governance)¹.
What is a code of ethics?
A. The purpose of your company’s Code of Ethics is to set forth your company values and important business conduct information for your employees. It is important that your code be straightforward, brief, understandable and useful tool for your employees. Many companies choose a relatively general employee code of ethics or handbook that provides brief descriptions of various company policies, with references to the more expansive policies for more detailed information on topics relevant to their specific work situations or issues. Read more on the Code of Ethics page
A. The purpose of your company’s Code of Ethics is to set forth your company values and important business conduct information for your employees. It is important that your code be straightforward, brief, understandable and useful tool for your employees. Many companies choose a relatively general employee code of ethics or handbook that provides brief descriptions of various company policies, with references to the more expansive policies for more detailed information on topics relevant to their specific work situations or issues. Read more on the Code of Ethics page
Why should my organization have a code?
A: A code can be used as a management tool to help an organization communicate, measure and monitor its values and objectives. Having a code is often a regulatory requirement, particularly for large companies. Many key stakeholders including investors, regulators and employees expect a company to document its values and goals in a code. While it is not possible for a code to have a rule that guides human behavior for every situation, everyone (management, employees, investors and other stakeholders) has a right to know what behaviors are to be expected of the organization and of the people operating within it. It is important to note, however, that articulating corporate or organizational values in a code is a starting point, not an end point to, for encouraging ethical behavior.
Non-profit organizations and small-medium sized business often do not have the same resources, nor the same societal or regulator expectations, that led to a code. The advantages of having a code, however, can benefit an organization of any size. An organization without a code of conduct should still have a way of communicating ethical values to their employees and other key stakeholders.²
A: A code can be used as a management tool to help an organization communicate, measure and monitor its values and objectives. Having a code is often a regulatory requirement, particularly for large companies. Many key stakeholders including investors, regulators and employees expect a company to document its values and goals in a code. While it is not possible for a code to have a rule that guides human behavior for every situation, everyone (management, employees, investors and other stakeholders) has a right to know what behaviors are to be expected of the organization and of the people operating within it. It is important to note, however, that articulating corporate or organizational values in a code is a starting point, not an end point to, for encouraging ethical behavior.
Non-profit organizations and small-medium sized business often do not have the same resources, nor the same societal or regulator expectations, that led to a code. The advantages of having a code, however, can benefit an organization of any size. An organization without a code of conduct should still have a way of communicating ethical values to their employees and other key stakeholders.²
What are the essential elements of a code of ethics?
A: Typically a code is a combination of ethical values as well as rules. It should cover all the ethical risks applicable to the organization and contain provisions for monitoring conduct and for dealing with breaches in the code. Ideally a code should recognize a range of stakeholders and emphasize the organization's responsibilities to them and to the communities in which they operate.³
A: Typically a code is a combination of ethical values as well as rules. It should cover all the ethical risks applicable to the organization and contain provisions for monitoring conduct and for dealing with breaches in the code. Ideally a code should recognize a range of stakeholders and emphasize the organization's responsibilities to them and to the communities in which they operate.³
What is the difference between ethics and compliance? (i.e. values versus rules)
A: Building upon a foundation of ethics, many companies choose to include certain areas of compliance training and awareness in their ethics and business conduct programs. First, your company should conduct a comprehensive risk assessment by looking closely at your particular business to determine areas of business and legal risk. Identified risk areas may call for training for all employees or for select groups of employees in specific risk areas. View Risk Assessment
A: Building upon a foundation of ethics, many companies choose to include certain areas of compliance training and awareness in their ethics and business conduct programs. First, your company should conduct a comprehensive risk assessment by looking closely at your particular business to determine areas of business and legal risk. Identified risk areas may call for training for all employees or for select groups of employees in specific risk areas. View Risk Assessment
What is ethical decision making and how can I find out more information?
A: Ethical decision-making is a process that allows individuals to recognize ethical problems and analyze them fully. There are some sniff tests and common rule of thumb such as: Would you want your actions published on the front page of the newspaper? Would you want someone to act that same way towards you? and Would you want your mother to know? More comprehensive ethical decision making frameworks that include stakeholder impact analysis and allow for weighing various considerations are also used by organizations.*
A: Ethical decision-making is a process that allows individuals to recognize ethical problems and analyze them fully. There are some sniff tests and common rule of thumb such as: Would you want your actions published on the front page of the newspaper? Would you want someone to act that same way towards you? and Would you want your mother to know? More comprehensive ethical decision making frameworks that include stakeholder impact analysis and allow for weighing various considerations are also used by organizations.*
How do you develop and maintain an ethical corporate culture?
A: A good ethical system requires top management support including corporate value statements, a code of ethics and a formalized Internal Ethics Compliance Program (ICP). Initial and ongoing recurring employee training is absolutely essential in both creating and maintaining a desired cultural behavior.
In an organization with an ethical corporate culture, ethical values shapes the search for opportunities, the design of organizational systems, and the decision making process used by individuals and groups. They provide a common frame of reference and serve as a unifying force
across different functions, lines of business and employee groups."
The Ethics and library Sections of this website provide samples of a code of ethics, manuals, and implementing ethics planning and implementing procedures. There are also many useful websites that can be found on the internet including the source footnoted here.
A: A good ethical system requires top management support including corporate value statements, a code of ethics and a formalized Internal Ethics Compliance Program (ICP). Initial and ongoing recurring employee training is absolutely essential in both creating and maintaining a desired cultural behavior.
In an organization with an ethical corporate culture, ethical values shapes the search for opportunities, the design of organizational systems, and the decision making process used by individuals and groups. They provide a common frame of reference and serve as a unifying force
across different functions, lines of business and employee groups."
The Ethics and library Sections of this website provide samples of a code of ethics, manuals, and implementing ethics planning and implementing procedures. There are also many useful websites that can be found on the internet including the source footnoted here.
¹ Ethicscentra ca, Canadian Centre for Ethics & Corporate Policy
² Ethicscentra ca, Canadian Centre for Ethics & Corporate Policy
³ Ethicscentra ca, Canadian Centre for Ethics & Corporate Policy
* Ethicscentra ca, Canadian Centre for Ethics & Corporate Policy
¹* Company Core Values: Why to have them and How to Define Them; by Wendy; March 12, 2013
² Ethicscentra ca, Canadian Centre for Ethics & Corporate Policy
³ Ethicscentra ca, Canadian Centre for Ethics & Corporate Policy
* Ethicscentra ca, Canadian Centre for Ethics & Corporate Policy
¹* Company Core Values: Why to have them and How to Define Them; by Wendy; March 12, 2013