With the amendment to the Announcement on the Principles of the Federal Government for Evaluating the Reliability of Exporters of War Weapons and Arms-Related Goods, which entered into force on 20 October 2020, the Federal Office for Economic Affairs and Export Control [Bundesamt für Ausfuhrkontrolle, BAFA] has added further provisions for internal compliance programmes (ICP) to the existing regulation. In particular, it specifies the requirements for a Chief Export Control Officer (“CECO") [Ausfuhrverantwortlicher] who is to be nominated.
The Principles of the Federal Government for Evaluating the Reliability of Exporters of War Weapons and Arms-Related Goods ("Principles") of 25 July 2001 already stipulated that an applicant's reliability under foreign trade law depends, as a personal requirement under § 8 (2) German Foreign Trade and Payments Act [Außenwirtschaftsgesetz, AWG], inter alia on the nomination of a CECO. The requirement to nominate a CECO has been concretised to date by the Announcement of the Federal Government for Evaluating the Reliability of Exporters of War Weapons and Arms-Related Goods of 27 July 2015. This concretisation has now been adapted further by the new regulation of 15 September 2020. Although the essential existing regulations remain unchanged, some interesting concretisations and additions have been made that will also have an impact on the practice of internal compliance systems and the structuring of ICPs. In this newsletter, we are reiterating some of the basic rules related to the position of CECO. In addition, we appraise the concretisations and additions to the Principles. Whereas the previous Principles simply mention a duty to organise, duty to select and train staff and a duty to supervise, based on the requirements for an ICP (further details on ICPs can be found in the corresponding BAFA leaflet of 3/2018 here), the new regulation will be much more detailed. In our view, this will not be without consequences for internal export controls (see point 2).
1. Personal requirements for the CECO
The general ruling stipulates that the CECO necessarily has to be a member of the body entitled to represent the organisation making the application (usually the board of directors / management). In addition, it must be defined in the internal allocation of duties that the person concerned is allocated the duties of properly conducting exports and transfers that require authorisation.
For the nomination of the CECO, the new version of form AV 1 must be sent to the Federal Office for Economic Affairs and Export Control. The original must be kept for a period of five years and presented to the BAFA upon request.
The nomination remains valid vis-à-vis BAFA until it is revoked. The other members of the representative body are obliged to notify the BAFA if the CECO leaves the representative body or if the position of CECO transfers to another person.
2. Duties of the CECO
The CECO is fully and personally responsible for compliance with foreign trade regulations. In this context, it is incumbent upon him to introduce an internal compliance program. The core elements of compliance were already part of the duties of the CECO. However, some aspects of them are now being worded more clearly and in greater detail.
In detail, the elements of an ICP are specifically addressed (for further details see Section 4 of the BAFA's ICP leaflet here):
Commitment of the company management to the objectives of export control:
The commitment of the company management ("tone at the top") is considered an indispensable prerequisite for successful compliance. In future, it will be important to ensure that export controls are clearly described and addressed in the general compliance policies or codes of conduct in order to meet this “tone at the top” requirement.
Risk analysis is a mandatory requirement for a successful and meaningful internal compliance system. Only when it is clear which risks concretely have to be countered can an effective and efficient compliance system be established for the needs of the company at any time. We should therefore emphasise that the element of risk analysis in particular is clearly addressed in the new version of the announcement. This clearly shows that the requirements for compliance systems will increase in terms of how accurately they "fit". A copy / paste of "sample solutions" is therefore no longer appropriate.
Organisational structure / distribution of responsibilities:
This is an element of compliance organisation that can already be found in the vast majority of internal compliance systems at present.
Personnel, technical and other work resources:
Again, this is an "old acquaintance" which ought not to trigger any need for action for most exporting companies.
The workflow organisation is also a classic feature of compliance that should not pose a particular challenge for most addressees of the "Principles".
Record-keeping and the storage of documents:
Documentation is another core element of general compliance. This is addressed explicitly for the first time in the revised version.
Staff selection, training and awareness-raising:
In the area of export control in particular, a differentiated system of internal and external training has been established. Meeting this requirement should therefore also be a manageable task. A training plan is an important tool in this context. Who is trained by whom and at what intervals needs to be clearly defined.
Process-related controls / system-related controls / corrective measures / whistle-blower system:
Again, this is a core element of compliance, but is addressed in such detail for the first time. Up to now, the Principles simply talked of surveillance. This may be a challenge for one or the other addressee of the Principles, as in practice controls often tend more to be opportunistic than systematic. This might not be considered sufficient in the future.
In this context, one should bear in mind the fact that the so-called Whistleblowing Directive of the EU (2019/1937) has to be transposed into national law by December 2021. The legal requirements that will then be applicable will also have to be taken into account for export control.
Physical and technical security:
This is also an important aspect that goes beyond the other general compliance framework and has not yet been addressed in the Principles. Again, the addressees should consider whether existing measures are sufficient and what measures need to be taken.
3. Delegation of signatory powers
In principle, it is the CECO who must submit applications for an export/transfer licence. Insofar as the authority to sign is delegated, these applications can also be made by another person. This presupposes that form AV 2 is sent to the BAFA. The delegation is valid for one year. The original must be kept for five years, as in the case of the nomination of the CECO, and is to be presented to BAFA if necessary. A delegation of the authority to sign does not affect the obligations of the CECO.
4. Legal consequences in the event of infringements by or the unreliability of the CECO
If there are indications to the effect that the CECO has violated foreign trade regulations or other relevant provisions that are not merely of a trivial nature, the BAFA will conduct a reliability assessment (in addition to any consequences under criminal or administrative law). Pending clarification of the facts, no decision on applications need be taken.
If the CECO does not fulfil his obligations conscientiously, this can cause considerable economic risks for the company. In the worst case, this can lead to contracts not being honoured because an application for an export licence is not processed. For this reason, in future it will be in the considerable interests of the company management to appoint a qualified CECO.