Good Practice

Trade compliance program reviews in the new normal

Fall may be a time for pumpkins and spice, but it also means it’s time to start strategizing for the new year. As we do, one thing is clear: we can no longer keep our export compliance programs on hold until we’re all “back in the office again”. Increasingly, it appears that in the future employees will have more flexibility to work either in the office or remotely. That means we need to take a more intentional look at our compliance programs to see how they can be adapted to account for this new normal. With that in mind, here are some program updates to consider as you plan this Fall.

Recordkeeping

If you don’t already have an electronic recordkeeping system in place, contact your carriers and freight-forwarders to begin the process of implementing one. Request electronic access to your export documents if they provide a Cloud service (note: some service providers will charge for this access). At the very least, request email copies of the records. Then, store them centrally on your network for access from any location. If you’re trying to get an audit kicked off, but you don’t yet have direct access to all records, don’t continue to put it off. Identify the transactions you want to audit and ask your service providers to forward those records to start. Don’t forget to update your recordkeeping and auditing procedures with any changes you’ve made.

Communication

On hold are the days when you conducted your best compliance reconnaissance at the water cooler or while on line at the company cafe. Identify the departments that you need to stay in touch with, and how often, and put regularly scheduled meetings on calendar at least six months out to keep them on the radar.

Also, plan to send a compliance memo to company employees to remind them that compliance issues don’t disappear when everyone is working remotely. Include pointers to your compliance policies and procedures as well as contact information for compliance-related questions or issues.

Organizational resilience

Most companies have business continuity plans. Does your team have one? Have team members identify the key compliance tasks for which they are responsible and ask them to document the procedure for each task. Then, identify primary and secondary backups per task.

Schedule training for the backups so that they can be at the ready in the event of a team member’s extended absence for any reason. If you’re using a service provider for trade compliance support, ensure that they have a copy of the procedures and that they’re also trained. Store the procedures centrally for access by anyone from anywhere and create a plan to review the procedures on an annual basis.

Compliance training

Schedule your annual company training. Consider any updates geared towards remote working, such as preventing deemed exports in a home environment or the importance of secure network access when working abroad. Contemplate the length of the training. Would smaller modules on a more frequent basis have more impact? Ensure that you’re working with other departments to secure the required resources to support the training’s administration needs and to minimize training overload for company employees. Also, when was the last time compliance team members attended an external training class? Online conferences and webinars continue to be widely available, and many trade associations have made a shift to virtual meetings. There’s a bonus: keeping the compliance team up to date with respect to recent regulatory shifts will inspire fresh material for your own company training.

Technology controls

As budgets are being set for next year, review your company’s compliance toolbox for technology controls. For example, are employees at home storing export-controlled data to their laptops’ less-protected local drives or do they have options to easily save data to the company network? If you’re working with data subject to the International Traffic in Arms Regulations (“ITAR”), do they have access to proper tools for its secure, ITAR-compliant transmission?

Furthermore, is controlled technology marked and segregated? Data classification and data identification tools are important in today’s remote working environments. Having the ability to mark controlled technology and to implement automated compliance rules for its storage and transmission helps to minimize its inadvertent release and allows it to be easily audited.

While we may continue to be unsure about what the future will look like, thoughtful planning in the present will ensure that we’ll be well-positioned when we get there.

Jonny Test