From the Honeywell (see below) and SAP cases, in which both companies have concluded settlement agreements with their U.S. based regulators for violations of export control regulations, it is possible to identify what measures licensing authorities in the U.S. are focussing on. An interesting point to look at, also from a European perspective, considering that one company is based in Germany.
Dedicate adequate resources to compliance (verified though an internal review).
Establish and/or strengthen policies and procedures for all employees with responsibility for compliance to address lines of authority, staffing levels, performance evaluations and career paths.
Appoint a Special Compliance Officer (SCO) or Internal Special Compliance Officer (ISCO) for 3 years, while the internal ISCO (currently employed by the company) may replace the SCO after 18 months. The Designated Official shall monitor, oversee and promote compliance and report directly to the CEO and brief the Board of Directors annually. His duties shall include policy and procedures, specific duties and reporting.
Implement mandatory training of directors, officers and employees (incl. records indicating the names of employees, trainers and level and area of training received) focused on business operations.
Apply an automated export compliance system through all operating divisions, subsidiaries and business units engaged in regulated activities. This system shall track the decision process from the initiation to conclusion of a