Oft-overlooked aspect of corporate compliance is thorough vetting of overseas visitors
In the world of U.S. corporate compliance, a company needs to know who’s visiting its office and why.
Many U.S. companies and universities invite visitors from overseas each year for the purposes of business meetings and training, but may be at risk of violating U.S. law for not sufficiently vetting those individuals before they arrive in the country in accordance with federal regulations.
The U.S. visa application review program is conducted by the U.S. government to prevent unauthorized access to controlled U.S. technology and technical data by foreign nationals visiting the United States.
The Commerce Department’s Office of Export Enforcement reviews information on visa applications, which the U.S. embassies and consulates forward to the agency, to detect and prevent possible violations of the Export Administration Regulations (EAR), while Homeland Security Investigations (HSI) conducts reviews for the State Department of controlled technology under the International Traffic in Arms Regulations (ITAR). The FBI will use the application’s information to verify that the visit will not jeopardize national security or be subject to “industrial espionage.”
“It’s okay for companies to welcome foreign national visitors and encourage international exchanges, but they must ensure that all appropriate safeguards are in place to protect the security of the company and assure adherence to export compliance,” said Paul DiVecchio, principal of Boston-based export compliance consultancy DiVecchio & Associates.
This human element of compliance regarding “technical data transfer” of controlled data to foreign nationals is known as “deemed exports.” This is difficult to understand and control, not just for private and public institutions, but for federal regulators alike. The U.S. government’s concern is that lack of sufficient controls surrounding deemed exports could help China and other countries of concern improve their military capabilities by ripping off U.S. technology and technical data.
Included with the U.S. visa application by the foreign national should be a visa sponsor letter (VSL) supplied by the U.S. sponsor of the visit.
“A request for a VSL is not unusual, especially if the foreign national is a visitor from a country of concern to the U.S. government,” DiVecchio explained. “Many foreign nationals are being refused entry into the U.S. without a sponsor letter.”
Attention to the visa sponsor letter is additionally important with the Trump administration’s crackdown on illegal immigration and desire to increase national security.
Visa sponsor letters should include certain details about the foreign national, such as name, date and place of birth, and passport number; site specifics, such as U.S. offices being visited; dates for visit; concise details about the purpose of the visit; and a statement that “the visitor will not have access to any controlled technology.” Even if the visitor comes in contact with Commerce EAR 99 or public domain technology, that still should be stated in the letter.
I don’t want the FBI to visit Teradyne to perform a check, only to learn that the visitor we sponsored is touring New York City.
DiVecchio said it’s imperative that the export compliance officer be included in the preparation of visa sponsor letters at the beginning. This is especially important when determining if there are any licensing jurisdictions and export classification controls of the technology to be assessed during the visit, screening visitors against the U.S. government’s various restricted parties lists, and assuring that foreign nationals stay within the limits of their sponsor letter, he said.
“We do not process many non-employee sponsor letters and the review process is not time-consuming,” said Brian Amero, global compliance and ethics officer at Teradyne. “I view the sponsor letter review as a good opportunity to stay connected with the business unit. In most cases, the visitors are related to pre-sales.”
Amero said he first checks foreign visitors’ names against the various restricted parties lists. He also uses the Dow Jones Risk and Compliance database, which takes into account other risk factors, such as any negative publicity and potential government connections of the individuals.
“You must also be aware if there are any side trips that the individual may take,” Amero said. “I ask for a copy of the travel agenda. If there are indeed any side trips unrelated to Teradyne, I indicate those on the sponsor letter. I don’t want the FBI to visit Teradyne to perform a check, only to learn that the visitor we sponsored is touring New York City.”
DiVecchio said keeping track of foreign nationals’ visits outside the company’s four walls is as essential as monitoring their activities in the workplace. Something as simple as ensuring that all foreign nationals sign the visitor’s logbook prior to entering the facility and sign out when leaving is essential to showing federal regulators that you’re managing the visit, he said.
From 2002 to 2011, the Government Accountability Office, a watchdog agency for the Congress, stepped up pressure on federal agencies with export control responsibilities to improve their oversight of foreign nationals who may come in contact with controlled technologies and technical data.
In November 2010, the U.S. Citizenship and Immigration Services adopted a revised Form I-129 for H-1B (specialty occupation professional), L-1 (intra-company transferee), and O-1 (alien of extraordinary ability) beneficiaries. This new form, which became effective Feb. 20, 2011, included a new certification regarding the release of controlled technology or technical data to foreign persons in the United States.
For companies with a handle on their export compliance, DiVecchio said adherence to the I-129 form is not a problem. However, there are a number of firms and universities that lack in-house knowledge and expertise which could land them in hot water if the form is not properly handled.
If a federal agency finds a non-U.S. person gaining illicit access to controlled technology, it could result in penalties of up to $250,000 per violations, not to mention the negative publicity. In the worst case scenario, it could lead to the loss of export privileges for a company or university, DiVecchio warned.