Enterprise resource planning software for ITAR-compliance

All photos courtesy of Joshua Seybert, Air Force.

For aerospace and defense (A&D) manufacturers and contractors doing global business, international traffic in arms regulations (ITAR) have been a long-recognized cost of doing business. The latest rules from the U.S. Departments of State and Commerce require companies that manufacture, export, or re-export ITAR-controlled items to evaluate and amend their authorizations and restructure compliance. Compliance failures can be extremely costly – in January 2020, Airbus agreed to pay more than $3.9 billion to resolve an ITAR and bribery case.

Some organizations manage this complex regulatory landscape through manual internal processes or third-party compliance organizations. However, enterprise software for business operations can be embedded with ITAR principles to mitigate compliance concerns and make products, data, and services safely available to a global audience.

Complex state of affairs

Despite some recent streamlining, ITAR complexity facing A&D manufacturers is significant. Manufacturers must meet multiple regulatory documents, including the Commerce Control List (CCL) and the United States Munitions List (USML), which cover a variety of items.

To confuse matters more, different agencies are responsible for different application procedures – the Department of Commerce controls CCL items and the Department of State controls USML items. Each agency has different titles for the same items and different meanings for the same titles. Manufacturers need to keep abreast of multiple Denied Party Lists, or Specially Designated Nationals and Blocked Persons Lists, issued by various government departments, including the Department of the Treasury.

The ideal end goal would be a single point of control with a primary enforcement and coordination agency, a single information technology (IT) system, and a single licensing agency. But for now, A&D manufacturers must accept that many items are under ITAR control while others are covered by Export Administration Regulations (EAR), all while the Department of the Treasury keeps track of sanctions against foreign nations.

Staying compliant

One compliance option is to hire export control compliance officers that keep tabs on orders and deliveries to ensure forbidden materials are not shared with anyone on the control lists. This can be extremely time-consuming and costly. A second option is to employ a service agency to provide and consolidate analysis of the denied party listings into a database which can be accessed for a fee.

Regardless of compliance model, export control regulations will also have implications for underlying enterprise systems, including enterprise resource planning (ERP). Therefore, it’s important to ensure any ERP solution used for defense manufacturing has functionality for export control.

A business dealing in regulated materials must quickly and efficiently marshal this information within their ERP system and combine it with external regulatory data to ensure compliance as they process orders and transactions. They also must be able to share it with overseas partners in a frictionless environment.

Key ITAR compliance components

Without a fully integrated application suite allowing seamless data flow between different functions – such as supply chain management, manufacturing, engineering, customer relationship management (CRM) – it’s difficult to know which products, parts, or transactions may put an A&D manufacturer in jeopardy.

Rather than integrating complex third-party solutions between export control functions and ERP, a streamlined approach uses ERP enabled to do checks against third-party lists and manage orders, transactions, and other activities accordingly.

Factors to keep in mind when considering an ERP solution to aid ITAR compliance:

• Denied party checks – When committing to a sales order, ERP must ensure the order isn’t going to aa denied party by referencing a link to a database of denied parties compiled and updated regularly by an agency or third-party. You must have confidence that you checked the denied parties list before processing the order.
• Part-specific regulatory schema management – The parts catalog must hold information on items that might be export controlled, and ERP must indicate which regulation and regulatory body covers the item and the classification or rating within that schema which applies to it.
• Assembly-level management – If a manufacturer is handling an order for an assembly, ERP needs to record the parts within that assembly and the extent to which they are covered by different export regulations and commodity jurisdictions.
• License application, usage reporting – ERP users must identify, escalate, and resolve licensing issues; report on and monitor the consumption of licenses by orders; and manage license consumption.
• Secure document management – Some documents for control items have licenses that can only be viewed by certain authorized people. ERP with embedded, native document management will be best suited for export control. User permissions used in ERP to control access to sensitive data can be applied to the document management solution.
• Data, intangibles export control – ERP must offer some support in controlling processes such as shipment of a controlled product for display or exchange of data with overseas vendors.
• International requirements – Regardless of where they are based, exporters often have operations in other countries, each with its own set of export controls regulations.

No second chances

Manufacturers and contractors in the A&D sector can ill afford expensive and jeopardizing litigation due to poor materials and equipment export control. Rather than opening room for human error or paying for a third-party agency, ERP helps A&D manufacturers prepare for, and meet, the legal requirements of ITAR.

IFS

About the author: Kevin Deal is the vice president of IFS, Aerospace and Defense, North America. He can be reached at kevin.deal@ifsworld.com.