​Client Q&A: Challenges Government Contractors Face Maintaining a Compliant Supply Chain - Part Four

August 2017

By Julia Bailey

Under the close eye of regulators, contractors are working against strong compliance headwinds as they expand their supply chains across international borders. Effectively monitoring the supply chain from end to end and managing the risks associated with a complex network of suppliers and subcontractors is growing more onerous and time-consuming. To shed some light on where to focus your compliance efforts, we’ve developed a multi-part series to examine some of the key challenges contractors encounter when securing their supply chains.

In this final installment, we feature thoughts from our client, Julia Bailey, Compliance Counsel with professional services firm Jacobs, to examine export controls and anti-boycott laws and regulations as they pertain to government contractors’ supply chains.

If you haven’t already, check out:
  • Part one here, for a look at the Contractor Purchasing System Review, recently released counterfeit parts rules and country of origin restrictions;
  • Part two here, for a thorough exploration of ethical considerations for government contractors, including the Federal Acquisition Register (FAR) “Contractor Code of Business Ethics and Conduct” clause, risk management for prime and subcontractor relations, the Combating Trafficking in Persons (CTIP) FAR clause and the False Claims Act (FCA).
  • Part three here, for an examination of recent changes to the Foreign Corrupt Practices Act and the International Standards Organization anti-bribery management system.


Q: What are the most important export control requirements applicable to U.S. government contractors and their supply chains?

With more overseas contracting comes increased compliance risks associated with U.S. export control laws, namely the International Traffic in Arms Regulations (ITAR), 22 CFR 120-130, administered by the U.S. Department of State’s Directorate of Defense Trade Controls (DDTC) and the Export Administration Regulations (EAR), 15 CFR 730-774, administered by the Department of Commerce’s Bureau of Industry and Security (BIS). Because exports are governed predominantly outside the Federal Acquisition Regulations (FAR), these regulatory requirements are often overlooked.

ITAR governs defense-related exports, while EAR governs dual-use exports as well as certain military items. An export includes: shipping items from the U.S., carrying controlled technical data out of the U.S. on an electronic device, transmitting controlled information electronically by any means, allowing access by “foreign persons” (as defined in the ITAR and EAR) to company computer networks with controlled technology and releasing controlled data during spoken conversations. The ITAR and EAR also control “re-exports or re-transfers,” in which an item subject to U.S. jurisdiction is shipped or transmitted from one foreign country to another foreign country, or to an unauthorized user in the same foreign country.

Exports of “defense articles” (i.e., hardware, technical data and software) and “defense services” as defined and governed by ITAR are published in the U.S. Munitions List (USML). Exports of “dual-use technologies” (i.e., commodities, software or technology that have both commercial and military applications) are found on the Commerce Control List (CCL). Certain “defense articles” with purely military use are also found in the CCL in its Section 600 series.

Under ITAR, any item on the USML is controlled for exports to all countries, while an item subject to the EAR can be controlled for some countries, end users and end uses but not others (i.e., for closely allied countries). Under ITAR, to export, U.S. contractors must obtain export licenses or approval for exports, re-exports or re-transfers of items on the USML to every country in the world or to a foreign person. ITAR also obligates contractors to register with the DDTC (see DDTC Registration Guide). Under EAR, CCL-controlled exports may require a license for some countries, end users or end uses, or may be exported license-free or by using an applicable license to for closely allied countries. There are special, complex rules that apply to certain exports of encryption software and related technology or specific end uses, such as chemical and biological weapons.


Q: How should contractors look to manage their obligations under ITAR and EAR?

Contractors should not overlook ITAR and EAR requirements, as they are relevant at all stages of an opportunity. Neither ITAR nor EAR are incorporated directly into the FAR, except one DFARS provision at 225.7901 (and contract provision 252.225-7048) that specifies the need to comply with ITAR and EAR, and makes the failure to comply a possible contract violation. For ITAR-controlled technical data, foreign suppliers and subcontractors may need to enter into Technical Assistance Agreements, which are separate from their subcontracts and necessary to receive technical data and collaborate with U.S. entities higher up the supply chain.

For both ITAR- and EAR-controlled items, voluntary disclosures may be required in order to mitigate penalties and sanctions if a contractor believes its subcontractor has violated export control regulations (see ITAR Part 127 and EAR Part 764). Contractors should consider including export control clauses in their subcontract agreements using the DFARS provision as a template. Such a contract clause should require the subcontractor to notify the contractor for any suspected export control violation and the contractor should preserve the right to conduct an export compliance audit of the subcontractor. Most importantly, because export controls compliance is a particularly complex area, contractors should seek outside advice, if possible. As an alternative, there are various resources available from DDTC and BIS for training company personnel.


Q: What should contractors be mindful of concerning anti-boycott laws and boycott requests from subcontractors or other third parties?

U.S. anti-boycott laws prohibit U.S. companies from cooperating with boycotts the U.S. does not support, including the Arab League boycott against Israel. While these regulations are often overlooked, compliance is complex and non-compliance can trigger stiff civil and criminal penalties, as well as loss of certain tax benefits. Anti-boycott laws are enforced by two regimes: The U.S. Department of Commerce’s Office of Anti-boycott Compliance (OAC) and the IRS. Unfortunately, their rules are not consistent, meaning, among other things, practices that are punishable by one may not be punishable by the other and reporting requirements differ. For a summary of these differences, see the Comparison of Commerce and Treasury Anti-Boycott Laws & Regulations/Guidelines published by the OAC.

There are three levels of an economic boycott: primary, secondary and tertiary. A primary boycott involves one country that refuses to trade with another country, such as the U.S.’ former long-standing sanctions against Cuba. This type of boycott is not covered by OAC or IRS regulations. A secondary boycott is when one country refuses to trade with any party that does business with a country that is under a primary boycott. A tertiary boycott is when one country refuses to trade with any party that does business with companies or firms that are on their “blacklists.” The OAC and IRS regulations prohibit secondary and tertiary boycotts.

A prohibited boycott request may come in the form of a certification, contract clause or any other communication, written or oral, received from government agencies, customers, distributors or other supply chain or business partners to take any action that has the effect of furthering or supporting a foreign boycott.
Prohibited boycott requests include:
  • To furnish information on business relations with Israel;
  • To supply a negative statement or certification regarding the country of origin of goods;
  • To give information about the race, religion, sex or national origin of another person;
  • To do business only with approved firms or persons; or
  • To require or insist on compliance with laws or regulations of a boycotting country, even if generally stated and whether there is a reference to boycott laws or regulations.
Contractors should ensure that employees and subcontractors are trained to identify a boycott request, review commercial documents or communications closely to identify boycott issues, avoid carrying out a boycott request and know where to direct such requests for further instruction. If a contract is governed by DFARS and includes DFARS 252.225-7031, a “foreign offeror,” as defined in the regulation, will have to certify that it does not comply with the Secondary Arab Boycott of Israel. Contractors should include in subcontracts a requirement that subcontractors comply with anti-boycott laws.

Contractors and subcontractors will be required to report quarterly to the OAC and annually to the IRS the requests they have received since the previous reporting period. Any failure to comply with anti-boycott regulations or to report a boycott request should be disclosed through the voluntary self-disclosure procedure of each agency. For the OAC, contractors should follow the procedures in EAR 764.8. As tensions persist in the Middle East, contractors will need to remain watchful for potential boycott requests from Arab League countries, some of which are home to critical suppliers for American commercial companies and contractors.

Julia Bailey joins BDO as a guest author. She may be reached at jkbaileydc@gmail.com.


Read next article, "Understanding New Cyber and IT-oriented Regulations for Contractors"

Return to BDO Knows Government Contracting Newsletter - Summer 2017