Who Should Own Compliance?

This topic has been discussed before, but it has come up a few more times recently so I thought I would kick it around again.  That is, where should the Trade Compliance organization rollup to?  In the realm of Legal/Finance/Ethics or the more operational segments of Procurement/Supply Chain/Logistics?

Decent arguments can be made for all sides, and it probably depends on your place in the business as to where you come down on the issue.

If you are in the trade compliance group itself, you probably prefer to be in Legal or some other function such as Ethics where you are removed from the day to day operational pressures of keeping freight moving.  You want to be able to give the best compliance advice without compromise. You’re more apt to be listened to and taken seriously if belonging to these groups as well.

If you are managing the supply chain then you probably want the trade compliance functon to reside in or somewhere alongside Logistics in order to have quicker access to  possible solutions to the daily challenges that arise moving freight across international borders.

What are some of the issues associated with residing in the supply chain?  Can you be an effective part of keeping imports and exports flowing smoothly on a situational basis without compromising compliance?  I think it depends largely on how busy you are overall and the nature of  your commodities.  That is, what kind of volume are you moving, and what are the import and export compliance risks associated with your particular product mix?

Care to weigh in?  What are some of the pros and cons?

It has always been a challenge for existing export trade regulations to maintain their relevance in the wake of technological advances, but may have reached a new level in trying to fit a square peg in a round hole with the onset of cloud computing in a global economy.

Most companies have already gotten their heads around the risks associated with using EMAIL or FTP to transmit technology over the Internet (software files, technical specification, etc.) even if they have not managed to implement complete control over that activity. They understand that these kinds of transfers clearly fall under the definition of what constitutes an export.

Cloud computing and the provision of IT services over the Internet, however, present different fulfillment models that need to be evaluated for the need to implement export controls.

Since the Export Administration Regulations (EAR) do not specifically address cloud computing, the only thing in writing we have to go on is an Advisory Opinion issued in January of 2009 to a provider of “cloud” or “grid” computing. The following questions are put forth and answered by BIS:

(1) Whether grid and cloud computing services, in the absence of any transfer of software or technology subject to the EAR, is subject to the EAR under part 734;
(2) Whether grid and cloud computing services constitute an “activity unrelated to exports” under 744.6 of the EAR;
(3) Whether grid and cloud computing service providers are “exporters” or any derivative data resulting from the use of the computational capacity and liable for export screening on that basis alone;
(4) Whether computational access restrictions found in 740.7(b)(2) of License Exception APP apply to grid and cloud computing service providers; and
(5) Whether the grid or cloud computing service provider must inquire about the nationality or the customer (or user).

As you can see these are all very good questions. Check out the answers in the actual advisory opinion here:

http://www.bis.doc.gov/index.php/forms-documents/doc_download/527-application-of-ear-to-grid-and-cloud-computing-services

While this does not cover every scenario of Software as a Service (SaaS) that is being created these days, the answers definitely lay the groundwork and can act as a guideline for the basics that have to considered for export compliance (i.e., customer screening, classification of any software that may be exported, knowledge of customer end-use).

While an advisory opinion may not give the solid assurances some companies may desire before incurring costs to implement trade compliance solutions, smart executives would be wise not to wait for the necessary regulatory updates to occur.