The key points in brief:
Each entity taking part in the international trade must take proportionate and adequate means and procedures to ensure compliance with the provisions and objectives of the applicable regulations of export controls. Although the individual proportionality totally relies on the individual risk analysis of each entity, the above-mentioned elements must be outlined in each individual Internal Compliance Program (ICP).
The legal base for the ICP is (without being expressly laid down in legal acts) found in the applicable (European and) national legislation and regulations and can be furthermore deducted in most countries especially the EU and the USA from court rulings. In addition the imperative for establishing an ICP it is laid down in the ISO 19600 which is internationally recognized.
The first and most important pillar of an ICP is the awareness of both, staff and management. The personnel contributing to the success of the export business must see and accept the risks of international trade, especially to breach international regulations of export control. The personnel in the daily business must be qualified appropriately and adequate.
The second issue is the individual workflow, which determines authorities, limits and rights to command within the company’s structure. This has to be set up by a revolving system of risk analysis.
Finally the whole system has to be laid down in a written documentation, which is called Compliance Management System (CMS) or any other name of this kind of manual (e.g. Organization Manual, Standard Operating Procedure). Compliance Management Systems are designed to ensure that all staff concerned is informed about whether and to what extent the export of products is possible. It establishes the authorization procedure and its integration into the company’s specific process.