Monthly Archives

May 2013

BISExportIPR, Trademarks and LogosOFAC

Export Regulations and Cloud Computing…Beware!

posted by Jennifer Diaz May 28, 2013 0 comments

Co Authored by Perry Sofferman

Forrester Research predicts that the global market for cloud computing services will have increased from $40.7 billion dollars in 2011 to approximately $241 billion dollars by 2020. You can see the ZDNet article here.  This figure includes the Platforms as a Service, Infrastructure as a Service and Business Process as a Service delivery models. What this information reveals is that while cloud computing is already a significant part of operational strategy for many businesses (as well as governmental agencies), we should expect it to not only grow as a market but to become even more intertwined with the way we conduct business and store data on a daily basis. Consequently, businesses in general and export compliance officers in particular need to be vigilant and make sure that their use of this important technology is consistent with US export regulations.

When using cloud services, the user is uploading data to available servers in the cloud provider’s server facility(ies). The type of data uploaded and the location of the server where that data is stored can potentially trigger export compliance issues for the user. In fact, the ultimate location of the particular server used to hold the user’s data may be unknown to either the user or the cloud provider. Data can be redirected to various servers in different countries in order to properly allocate server space based on fluctuations of usage in different time zones.  It should be noted that this is only one example of several possible scenarios where the actual export of restricted data could occur inadvertently by the user.

Based on Advisory Opinions issued by the Bureau of Information and Security (“BIS”), there is guidance indicating that in scenarios where exports take place through means of cloud computing:

  • (i) the cloud computing provider is not the exporter (the user is) and
  • (ii) if foreign nationals employed by the provider access restricted data there may well be a deemed export of such data to such foreign national on the part of the user. 

If, however, a cloud computing service provider is aware that the service will be used to support certain proscribed activities, then the provider will be obligated to properly acquire the necessary license.    Neither the Directorate of Defense Trade Controls (DDTC) nor the Office of Foreign Asset Controls (OFAC) have yet provided substantive guidance on the subject of export regulations in relation to cloud computing, although OFAC has provided some limited guidance related to exports to Iran involving software and services incidental to personal communications. “Cloud Computing” remains an undefined term in the EAR, ITAR and OFAC regulations.

Top 5 Tips for Export Compliance Professionals in Regard to Cloud Computing 

  1. It is critical for compliance officers and others involved in export control management, including providers of cloud computing services, to take steps to better familiarize themselves with the many complex issues at play in this area. A good start would be a detailed review of the BIS advisory opinions, which can be found here.     
  2. In addition, users of cloud services should think about how to approach this issue with their providers. Users might consider gaining a good understanding of where their provider’s servers are located and whether the providers have instituted any safeguards to address export compliance issues. Likewise, providers may want to delve more deeply into the ITAR regulations with particular emphasis placed on the relation between cloud computing services and “brokering” activities.
  3. Compliance officers should make sure that members of their organizations are aware that export regulations are applicable to cloud services and that while the storage of data in the cloud might feel virtual, the penalties for export regulation violations remain brick and mortar.
  4. While exporters remain liable for violations of export regulations, compliance officers should work with their IT departments when negotiating terms to agreements with cloud services providers. For example, require the service provider to notify you in the event servers are added in geographic locations that might be problematic for you. See if it is possible to obtain a right to terminate in such instance. In addition, try to get the provider to indemnify you in the event there is an export violation as a result of a provider’s action or inaction.
  5. Make sure a review of how your organization uses cloud services is part of your standard compliance self-audit so as to identify any possible problems or lapses before they become significant.

In a speech in 2012, Under Secretary of Industry and Security, Eric Hirschorn, noted that a future project for the Bureau might be a review of “for clarification’s sake – the rules regulating cloud computing.”    For both users and providers, such a review should be anxiously awaited.

FDA IssuesFoodFSMAImport

June 10 – FSMA Rules Will be Released!

posted by Jennifer Diaz May 22, 2013 0 comments

The U.S. Food and Drug Administration (FDA) has been court ordered to set firm dates for FSMA’s implementation.  Details of the court case forcing FDA to set these dates, and the organization that sued the FDA to make this happen follow.

Background

The Center for Food Safety (CFS), a national non-profit public interest and environmental advocacy organization, filed a lawsuit against the FDA on August 29, 2012.  The complaint alleged FDA failed to promulgate 7 food safety regulations required by the Food Safety Modernization Act (FSMA).  Congress enacted the FSMA – which was signed into law on January 4, 2011 – to modernize food safety laws and regulations by mandating science-based standards and controls; by providing the FDA with greater authority to prevent and address food safety hazards by taking steps to prevent them from occurring; by strengthening the FDA’s inspection and enforcement powers; and by improving coordination among federal, state, and foreign food safety agencies. CFS documented the foodborne illness outbreaks since FSMA was signed into law, January 4, 2011.

Court Order

The court case is being heard by Judge Phyllis Hamilton, in the U.S. District Court for the Northern District of California.  Yesterday, May 21, 2013, Judge Hamilton ordered that the FDA and CFS have an extended deadline of June 10, 2013 to file a joint statement with a mutually agreeable proposed schedule for the outstanding food safety rules.

Rationale for Suit and Missed Deadlines

The ongoing battle between the CFS and FDA to complete this process has lasted for several months. On August 2012, the CFS filed a suit against the FDA Commissioner after the FDA missed a series of deadlines for publishing the regulations mandated by the Food Safety Modernization Act. After numerous deadlines went by without the release of the mandated rules, CFS went to court to try to force FDA to adhere to these time constraints. Following the court appearance, Judge Hamilton ruled that the FDA must come up with a new schedule for issuing the proposed rules by May 20.  This extension came about as a result of the inadequacy in time provided for the FDA and CFS to resolve their differences regarding the schedule FDA suggested to issue the proposed rules.

The FDA sent its updated schedule to CFS on May 15; however, CFS was not satisfied with the proposed timeline. Due to the fact that there were only five days left until the deadline expired, the parties filed a Joint Stipulation for Extension of Time. This extension was granted by Judge Hamilton.

New Rules Released by FDA & What’s to Come

Since CFS filed its complaint last year, FDA has released some of the key FSMA mandated rules it failed to publish on time, including preventive controls for human food and standards for produce safety, both released in early January. However, there are some rules that are yet to be released. Among them is the foreign supplier verification program (section 301).  This program is set to overhaul import safety, an establishment of regulations to ensure the safe transport of food products and a rule ensuring neutrality of third-party audits.  I think of it akin to C-TPAT (Customs-Trade Partnership Against Terrorism).  It’s a self policing and auditing type program that includes functions like  monitoring records for shipments, lot-by-lot certification of compliance, annual on-site inspections, checking the hazard analysis and risk-based preventive control plan of the foreign supplier, and periodically testing and sampling shipments.

I look forward to seeing and reporting on FDA’s implementation of FSMA.

CBPCustoms BrokerEventsImport

ACI’s Import Compliance & Enforcement Conference,

posted by Jennifer Diaz May 6, 2013 1 Comment

The American Conference Institute will be having its 8th Import Compliance and Enforcement Conference on June 11, 2013, in Washington DC. The conference will consist of two days full of lectures discussing highly complex U.S. import compliance challenges, along with how to satisfy Canadian and Mexican customs authorities. Unlike previous conferences, this unique event is designed to provide attendees with a comprehensive benchmarking experience, where participants can exchange best practices and lessons learned for 2013 and beyond. Some of the most notable industry experts that will be present are Chrystler, Hershey, Williams-Sonoma, Boeing, IBM, General Electric, Cisco, Tyco and yours truly.

This event is uniquely designed to maximize benchmarking on how to resolve the most complex, pressing import compliance issues affecting the industry. The new program features for 2013 are:

  • Two highly focused sessions on valuation and transfer pricing:
  • ISA member case studies: New and longstanding members speak about their recent experiences, and how to meet ISA requirements.
  • Inside a focused assessment: Lessons learned from recent experiences on how to handle common and unanticipated CBP requests
  • C-TPAT and Foreign Re-Validations: Meeting new expectations for C-TPAT risk assessments, and how the new EU Mutual Recognition Agreement affects importer validation requirements
  • NAFTA, CAFTA, and US-Korea – FTA success stories:
    • The finer points to minimizing duties, fees, taxes, red tape, and proving origin
  • Developing a global strategy for customs classification and tariff engineering.

One of the most notable topics discussed will be broker selection and management. I have the privilege to discuss important aspects within the broker selection and management process such as:

  • Detecting warning signs: How far you need to go in conducting due diligence.
  • Designing a questionnaire for brokers: Assessing the skills, experience, and resources of customs brokers. 
  • Evaluating brokers’ supply chain relationships
  • Quantifying risk factors
  • Communicating compliance expectations and requirements to brokers, and developing guidelines for your brokers
  • Where the importer and broker responsibilities begin and end
  • Incorporating contractual safeguards, including audit mechanisms
  • How to monitor compliance, and what to do if you suspect or discover non-compliance by a broker
  • Auditing foreign brokers, and conducting periodic review sand site visits
  • When and how to terminate the relationship
  • What constitutes customs brokering and business,and how to avoid unintended brokering activities 

The conference will kick-off with discussions about strengthening global trade compliance. Meredith Covey, Director of Customs Operations and Compliance at Williams-Sonoma Inc., will discuss real world issues related to the implementation and monitoring of monitoring a global import compliance program. She will discuss structures, resources, tools, and techniques leading companies are using to implement, manage, and monitor an import compliance program. Following the conclusion of multiple speakers discussing these aspects, a discussion on Canadian customs regulations and enforcement will ensue. Eric Trudel, a Manager of CBSA, will discuss the key concepts and common pitfalls to compliance in Canada. 

The ACI offers my clients and colleagues, and you, my special blog followers, a discounted price to attend the conference on June 11-12. This rate will expire on May 17th.  Contact Adina Schwartz, JD, at 310-295-9789 or A.Schwartz@AmericanConference.com to get your discounted rate!  You don’t want to miss this!