State/DDTC Posts “Implementation Considerations: Dual/Third National Rule”

DDTC provides the considerations below, in addition to a sample questionnaire and sample non-disclosure agreement, for the Dual/Third National Rule.”

To prevent diversion of ITAR-controlled defense articles, including technical data, to unauthorized end-users and end-uses consideration should be given to the following:

• ITAR compliance program with implementing policies and procedures.
• Empowered and experienced individuals responsible for implementation and oversight of the plan.
• Record-keeping. The company should have processes and procedures in place to ensure that all records are maintained for no less than five years.
• Employee training and education in the ITAR and the compliance program.
• Specialized training of key personnel (e.g., human resources).
• Employee screening to determine general bona fides and identify any diversion risk of ITAR-controlled defense articles, including technical data.
• Non-Disclosure Agreement (NDA) with the employee as a condition of continued employment.
• Substantive contacts. Contacts contemplated are relationships with individuals that pose a risk of diversion of ITAR-controlled defense articles, including technical data.
• Contacts with Government or Military Officials, Agents, or Proxies.
• Business contacts.
• Family contacts.
• Non-family contacts.
• Continuing connections to a third country.
• Frequent Travel. It may be an indicator of relationships with nationals of that country which pose a risk of diversion. Travel may be innocuous or a cover for diversionary activities.
• Maintaining a residence in a third country. Maintaining a residence is not necessarily a disqualifier, but the circumstances of ownership and the potential for a broader connection to the country should be considered.
• Bona fide, full-time regular employee. Employees qualify if they have a full time employment relationship with the company and the company is legally responsible for the employee’s actions.

The outlined implementation plan is a suggested approach, but is by no means the only way of complying with the rule and its core principle of preventing diversion of defense articles to unauthorized end-users and end-uses. Consistent with local national laws and programs for the control/protection of defense articles/technologies and consistent with the need for private entities to protect proprietary data, technology security plans should be designed with a comprehensive and individualized approach to securing sensitive data of all kinds with appropriate measures for physical security and personnel clearances.

Complete D-TCN Policy Implementation:
http://www.pmddtc.state.gov/licensing/documents/D-TCN_Policy_ImplementationFinal.pdf

Enclosures:

1) Sample Questionnaire

2) Sample Non-Disclosure Agreement (NDA)

Enclosure 1):

Sample Questionnaire

1. How often and where do you travel outside (country of employment) for purposes other than employment with this company?
2. Do you hold/use a passport from another country?
3. Do you maintain a residence in another country?
4. Do you have business contacts, business partners, business contracts, brokers, or any other relationship with a business in another country or other countries subject to U.S. or U.N. embargo?
5. Do you have contact with family members that work for or with the government of another country? If so, what is their relationship with the government?
6. Do you have contacts with any other individuals or groups involved in acquiring controlled defense articles, including technical data, illegally or otherwise circumventing export control laws? Please explain the nature of that contact.
7. Do you hold any office, position, appointment, or any other relationship with the government of another country?
8. Do you receive a salary, compensation, or any payment from any source (e.g., government, business, other organization or individual) in another country?
9. Do you have contacts with agents from another country or another country’s government?
10. Have you ever served in or provided information to the government of another country (e.g., military, foreign ministry, intelligence agency or law enforcement)?
11. Is there any aspect of your overall relationship to another country that would cause you to violate company rules or release ITAR-controlled defense articles, including technical data, without authorization?
12. Have you ever been approached or asked, directly or indirectly, to provide any ITAR-controlled defense article, including technical data, without authorization?
13. Have you ever sold or been provided any ITAR-controlled defense articles, including technical data, of the company or any former employer without authority?
14. Have you fully and completely disclosed all contacts with foreign persons, groups, associations, businesses and governments?
15. Have you provided fully and truthfully all your contact information to the company, including any addresses, cellular telephone numbers, electronic mail addresses and social networking addresses?
16. Will you report promptly to the company security officer inquiries or efforts by others in any manner to acquire export controlled defense articles, including technical data, without a license or other authorization?
17. Have you answered all questions above fully, honestly and faithfully?

Enclosure 2):

Sample Non-Disclosure Agreement (NDA)

I, __________________, acknowledge and understand that any technical data related to defense articles on the U.S. Munitions List and proprietary data that I will have access to or which is disclosed to me by (employer’s name) are subject to control under United States law (the International Traffic in Arms Regulations (the “ITAR”).

I hereby certify that such controlled technical data will not be further disclosed, exported, or transferred in any manner not authorized under the ITAR, except with the prior written approval of the U.S. Department of State and [employer’s name]. I certify that I will report promptly to [employer’s name] and its security and export control officers any inquiry or request to provide controlled technical or proprietary data to any third person without authority.

I further certify that I have never acted for, represented, or provided information to and do not currently act for, represent, or provide information to any country or person acting on its behalf that is subject to Section 126.1 of the ITAR, including but not limited to Iran, Syria, North Korea, Sudan, China, Burma, Cuba, or Libya, or any entity that is owned or controlled by such country. Furthermore, I certify that I understand and will comply with the notification requirements of Section 126.1(e) of the ITAR or any other law.

I make this certification voluntarily and understand and agree that it may be provided to the government of *employer’s location+ and the United States which have an interest in ensuring that controlled defense articles and technical data are not provided or transferred to persons without authority.

Signature &  Printed Name &  Address:

______________________________

______________________________

______________________________

Additional guidance related to the August 15, 2011 implementation of the new 126.18 rule on dual and third country nationals can be viewed on the US Department of State website.