CFEs should consider trade compliance as a profession

As a CFE attending my first seminar at the Bureau of Industry and Security (BIS) — an agency of the U.S. Commerce Department, I was struck by their mission: “Keeping the most sensitive technologies out of the most dangerous hands.” It spoke directly to my fraud examiner’s soul, and introduced me to a very new perspective on how a well-trained CFE can repurpose their skills for a new field.

It’s been seven years since I began a career in trade compliance. I’ve been amazed at how the analytical and investigative skills I’ve needed as a CFE have also aided me in a role that deals with national security. My experience makes me eager to share my career path, and explain how our valuable CFE skill sets make us sought-after candidates for a variety of opportunities within the trade compliance field.

Trade compliance professionals have an important and fulfilling role protecting companies from losses due to export violations, which can include actual financial penalties and lost business. But they also oversee international trade regulations in the private sector and represent a critical compliance function in high stakes matters including national security and regional stability.

Trade compliance encompasses an array of roles in both the private and government (public) sectors. The private sector offers some unique options, such as commercial and educational roles, but every entity presents its own risk profile based on size, industry, geography of sales, types of products and other factors. But what exactly is trade compliance?

Principles of trade compliance

Trade compliance, also known as international trade compliance, and often more specifically referred to as export compliance, focuses on various export control laws and various government agency jurisdictions. The largest are:

• U.S. Department of State, Directorate of Defense Trade Control (DDTC).
• U.S. Commerce Department, Bureau of Industry and Security (BIS).
• U.S. Department of the Treasury, Office of Foreign Assets Controls (OFAC).

In combination, these agencies regulate items of various nature, controlling where they’re sent (destination), how they’re used (end use) and who uses them (end users).

• Items include commodities, software, technology, technical data and — in some instances — services.
• Destinations refer to various countries, which are commonly put into different groups. Some of them have restrictions such as sanctions or embargo programs.
• End users can be legal entities and individuals. Export control regulators in the U.S. and other countries maintain lists of so-called denied parties, which are generally prohibited from receiving goods or services. Each list defines the scope of the restrictions and review process by the government should a company seek a way to transact with a listed entity.
• The concept of end use introduces an additional layer of prohibitions and controls. Some end uses may be prohibited overall (usually items related to mass destruction), while some destinations may have very specific end-use restrictions.

Trade compliance in action

Now that we’ve touched upon the regulatory landscape, let’s look at an example of how controls work. Imagine you have a customer who wants to purchase your company’s products in the U.S. and have them shipped to them in India. So, you conduct due diligence to ensure that the customer isn’t listed as a denied party, and then determine whether the actual item to be exported has specific restrictions regarding its shipment to India. Are there any end-use restrictions for the item? You might need to obtain end-use descriptions from the customer before the item can be released.

Doesn’t sound too difficult yet, right? But what if you need to ship your product to China? What if your company has an online store and processes hundreds of transactions daily? What if you sell via distributors located in various countries — do you know enough about each transaction every time they occur to conduct the necessary checks? What if you provide something intangible, like software, and customers have self-serve access to it? These are real scenarios that can impact your business and risk violating export restrictions.

Imagine your company has a decent compliance program and you’ve done all the proper due diligence checks. Are you safe and secure? Not necessarily, as bad actors might look for ways to trick your compliance program. This requires other considerations:

• When you screen your customer against denied party listings, are you confident you’ve screened their official legal name? How would you verify this? Is the entity owned by a denied party?
• How would you know the customer will use the items in the way they claim? How much do you need to learn about your customer’s nature of business and their end products as a matter of reasonable due diligence?
• Do the products your company exports have specific functionality that are in a particularly high demand by sanctioned regions, and are therefore at risk of diversion?

Companies should be aware that the U.S. government will hold them liable if they have direct knowledge or a reason to know that their exported items are being resold to a restricted destination such as Iran or North Korea. And new technologies have expanded the scope of those definitions, making this process more complicated. The abundance of information that an organization can now gain about its customers makes it more difficult to argue they had no reason to know or had no direct knowledge of export violations.

Failing to do something as simple as a Google or website search can land a company in trouble. In 2016, for example, a court ruled in favor of a government fine against Epsilon Electronics when its customer in the United Arab Emirates resold its products in Iran. The court argued that Epsilon had “reason to know” because the client’s website showed it exported to Iran. (See “‘Reason to Know’ – A Chilling Term For Exporters,” by Williams Mullen, Sept. 26, 2016.)

It’s also worth noting that because various agencies cover different jurisdictions and items, organizations could potentially face multiple violations. This could result in substantial civil and criminal penalties imposed on the company and individuals, and a loss of business due to negative publicity.

Using CFE skills in trade compliance

The skills required to fight occupational fraud overlap in many ways with the work of trade compliance professionals. In both cases, prevention is key. Training staff, keeping systems up to date to avoid vulnerabilities, knowing your customer and watching out for red flags are all essential parts of this process. The BIS, for example, has put together a list of red flags to help companies seeking to avoid trade violations. (See “Red Flag Indicators – Things to Look for in Export Transactions,” BIS.)

Prevention involves in-house roles from trade compliance analyst all the way up to chief compliance officer (COO), who’s principally responsible for creating and maintaining an adequate compliance program. In today’s business landscape that usually means designing and customizing internal systems, using automation when possible, employing vendor-supplied databases and using IT infrastructure security measures. (See Innovation Update column.)

From the detection angle, jobs on the government side include enforcement positions that can leverage a CFE’s investigative experience, along with roles such as export licensing officer and special agent, which are increasingly in demand due to a focus on export control as a tool in international business, foreign policy and national security. In the private sector, detection roles as consultants and advisors are available at law firms specializing in trade compliance.

Trade compliance professionals have an important and fulfilling role protecting companies from losses due to export violations, which can include actual financial penalties and lost business.

Both prevention and detection require skills like analyzing large subsets of data, looking for anomalies and finding out-of-model situations or behaviors either by system or staff. Practitioners must be proficient in recordkeeping, audit trail considerations and data gathering, as well as the ability to build internal memorandums and follow official communication protocol with government agencies. CFEs in more traditional fraud-fighting fields will be familiar with many of these skills and should have little difficulty making the transition to trade compliance if they wished.

The perfect time to become a trade compliance professional

At a time when the U.S. government has increasingly been using sanctions against adversaries and seeking to protect its technological know-how, trade compliance professionals are likely to be in demand. In a move that suggests that the government is intensifying its fight against trade violators, the DOJ and Commerce Department announced in February the creation of the Disruptive Technology Strike Force to protect critical technological assets from nation-state rivals, strengthen supply chains and target illicit actors. (See “U.S. launches ‘disruptive technology’ strike force to target national security threats,” by James Pearson and Sarah N. Lynch, Reuters, Feb. 16, 2023.)

Meanwhile, just this year, a significant number of enforcement cases have come to light, underscoring the importance the government is putting on the prevention and detection of trade violations. Here are a few:

• Microsoft entered into a settlement agreement with the Commerce Department and OFAC over export violations regarding sanctioned parties. The settlement involves a combined $3.3 million in civil penalties. (See “Microsoft to Pay Over $3.3M in Total Combined Civil Penalties to BIS and OFAC to Resolve Alleged and Apparent Violations of U.S. Export Controls and Sanctions,” Treasury, April 6, 2023.)
• The Commerce Department imposed its largest stand-alone administrative penalty of $300 million against computer storage manufacturer Seagate to resolve alleged violations of U.S. export laws, specifically its shipments to Huawei, a denied party. (See “ Seagate fined $300 million for shipping 7.4 million hard drives to Huawei,” by Jess Weatherbed, the Verge, April 21, 2023.)
• BIS fined 3D Systems Corporation more than $2 million for exporting controlled technology to China without a license and failing to comply with recordkeeping requirements. (See “BIS Imposes $2.77 Million Penalty on 3D Printing Company for Exports to China and Germany, Including Aerospace and Military Design Documents,” BIS, Feb. 27, 2023.)

There’s a domino effect to these recent cases (and the ones still to come). The more complex and nuanced trade restrictions governments impose, the more demand there is for specialized knowledge in this field. And with more enforcement actions, companies are investing more in their compliance programs, including staff with the required skills to manage these kinds of risks.

This field is growing in importance. If you question that, just ask law school graduates from 20 years ago if export control was a “thing.” And look at mid-to-large law firms now — most of them now offer trade compliance advisory services. (See “Best Law Firms for International Trade and Finance Law,” U.S. News & World Report.)

Trade compliance as a profession has undergone rapid development during the last decade, which isn’t yet reflected in academia. Few colleges offer programming or degrees for this field. So, companies fill their trade compliance staffing needs by poaching from neighboring fields and training new hires.

Even so, it can be difficult to fill management and director positions in trade compliance, given the specialized knowledge required and the steep learning curve. However, for CFEs who are well versed in many of the skills required for this field, it presents an opportunity for those looking for a career change. I recently signed up for the ACFE Mentoring Program and offer myself as a mentor for those who’d like to  embark on a career in trade compliance. I’m happy to help others along the path of this growing and exciting profession.

Julia Komarovskaya, CFE, MSA, is an export compliance program manager at MathWorks Inc., a leading developer of mathematical computing software for engineers and scientists. Contact her at jkomarov@mathworks.com.