Elements of an ICP
In order to support companies to maintain strict compliance with relevant laws and regulations, the ICP guide provides a framework to identify and manage dual-use trade controls' impact and mitigate associated risks.
The guidance contains 7 core elements that should not be considered as an exhaustive list, nor should their order be perceived as ranking from very important to less important. They are identified as cornerstones for a company's tailormade ICP and aim at assisting companies in their reflections on the most appropriate means and procedures for compliance with relevant/EU and national dual-use trade control laws and regulations.
At a general level, the most important aspect of developing an ICP is:
Ø to keep it relevant to the company's organization and activities and to make sure that internal processes are easy to understand and follow, and capture the day-to-day operations and procedures.
1. Top-level management commitment to compliance
Effective ICPs reflect a top-down process whereby the company’s top-level management gives significance, legitimacy, and organizational, human and technical resources for the corporate compliance commitments and compliance culture.
What is expected from dual-use companies?
Top-level management commitment aims to build compliance leadership (lead by example) and corporate compliance culture for dual-use trade control.
This element is materialized by a written statement and support from top-level management to internal compliance procedures that promote the company’s awareness of and compliance with the EU and Member State laws and regulations relating to dual-use trade controls.
The commitment indicates clear, strong and continuous engagement and support by top-level management. It results in sufficient organizational, human and technical resources for the company’s commitment to compliance. The management communicates clearly and regularly to employees about the corporate commitment in order to promote a culture of compliance.
What are the steps involved?
TEMPLATES: Management policy statement
EXAMPLES: Excerpts from Toshiba’s and Ericsson’s management policy statement
CHECKLIST: Management commitment self-assessment
TOOL: The U.S. Bureau of Industry and Security (BIS) "Management commitment policy statement tool" (see pages 20-28).
2. Organization structure, responsibilities and resources
Sufficient organizational, human and technical resources are essential for effectively developing and implementing compliance procedures. Without a clear organization structure and well-defined responsibilities, an ICP risks suffering from lack of oversight and undefined roles. Having a strong structure helps organizations work out problems when they arise and prevent unauthorized transactions from occurring.
What is expected from dual-use companies?
The company has an internal organizational structure that is set down in writing (for instance in an organizational chart) and that allows for conducting internal compliance controls. It identifies and appoints the person(s) with the overall responsibility to ensure the corporate compliance commitments. Please be aware that in some Member States this must be a member of the top-level management.
All compliance related functions, duties and responsibilities are defined, assigned and connected to each other in an order that ensures the management that the company conducts overall compliance. Where necessary, duties (but not the overall responsibility) relating to export control may be delegated.
The company adequately staffs all areas of the business that are related to dual-use foreign trade with employees who demonstrably have the required skills. At least one person in the company is (not necessarily exclusively) entrusted with dual-use trade control.
Dual-use trade control staff is protected as much as possible from conflicts of interest. It is entitled to directly report to the person(s) with the overall responsibility for dual-use trade controls and should additionally have the power to stop transactions.
Dual-use trade control staff must have access to the relevant legislative texts including the latest lists of controlled goods and lists concerning embargoed or sanctioned destinations and entities. A compliance manual that describes the operational and organizational processes relevant for dual-use trade control is drawn up and distributed to the dual-use trade control staff. The company should consider the need for IT support for internal compliance procedures based on its business volume.
What are the steps involved?