Technology transfer poses significant risk to US companies and subsidiaries

ARTICLE | March 07, 2024

Authored by RSM US LLP

Executive summary: The connection between technology transfer and export control laws

A high-profile American company was recently fined for illegally transferring technology in violation of US export control laws on multiple occasions. The penalty applied – and its severity – underscores the importance of ensuring a robust export compliance program is in place and supported by sound operating procedures.

Violations of International Traffic in Arms Regulations

Even as one of the most overlooked issues in export controls, the elevated risks technology transfer poses require it to be a cornerstone of any effective compliance program. While many develop corporate policies that address technology transfer, the creation and disciplined execution of detailed procedures to ensure the policies’ operating effectiveness is where weaknesses can arise.

In a digital world with rapid ways of moving technology, controlling these transfers creates significant challenges as illustrated just last month in the $51 million settlement between a global aerospace and defense company and the US Department of State. The company committed close to 200 violations of the International Traffic in Arms Regulations (ITAR), most of which had occurred prior to 2020. According to the proposed charging letter, some of the primary violations included:

  • Unauthorized exports and transfers of technical data to foreign national employees and contractors;
  • Unauthorized exports of defense articles and technical data designated as Significant Military Equipment, which require non-transfer and use certificates; and
  • Breaches of license terms, conditions and provisos of the Directorate of Defense Trade Controls (DDTC) authorizations.

These violations also included transfers of this sensitive data to the People’s Republic of China, which is a proscribed destination under the ITAR, and shipped unauthorized exports to Russia. The transgressions occurred across multiple subsidiaries and business units.

Although the company for the most part had requisite licenses or agreements in place, they did not properly follow the conditions. Among others, employees downloaded electronic files containing ITAR-controlled data when overseas at partner facilities and did not add employee providers to Technical Assistance Agreements which led to unauthorized re-transfers of technology.

Navigating technology transfer from the export control lens

While specifically defined in the ITAR and Export Administration Regulations (EAR), the terms “technology” and “technical data” generally refer to specific information required for the design, development, production, testing, operation, maintenance and repair of controlled defense and/or dual-use items. This encompasses an array of materials and intangibles such as blueprints, engineering designs, diagrams, software code, formulae, manuals and other documentation.

From both the ITAR and EAR perspectives, if a physical export of a product is controlled, the technology employed to produce or use the product is also controlled and requires a license. For example, if the technology to manufacture a controlled product is contained in blueprint, then an export occurs when the blueprint leaves the US for another country, even if sent electronically.

Since exports can be electronic in nature, transmitting technology by fax, phone, email or any other electronic means to a destination (including a person) outside the US is considered an export. Some common mistakes related to technology transfer include:

  • Sending digital data links to foreign persons, including employees
  • Downloading files containing controlled technical data when overseas at partner facilities
  • Providing drawings with technical data in proposals before obtaining proper authorization
  • Hand carries
  • Neglecting to add employee providers to Technical Assistance Agreements
  • Training a foreign person (whether inside or outside the US) in the design, development, use or testing of controlled technology or equipment without requisite authorization
  • Re-transfers of documents with technical data
  • Forwarding emails with controlled documents
  • Providing technical data to people participating in training activities

US companies transferring technology to foreign nationals, including employees, must ensure they have robust systems for keeping the data secure. In addition to having written procedures and employee training, a key strategy for maintaining control over the security and confidentiality of data from inadvertent exposure is controlled by implementing premier cybersecurity solutions. Some options include using multiple layers of protection (e.g., passwords, multifactor authentication, end-to-end encryption, etc.) to access sensitive data, tracking access to export controlled technical data and storing controlled information on a secure server managed by US citizens only.

RSM US takeaways

This recent case serves as a reminder for all US companies and their foreign subsidiaries that transfer technology to ensure compliance with US export control laws. Exporters must conduct ongoing training of all applicable personnel as well as perform continuous risk assessments, compliance monitoring and detailed audits to ensure that they are working as intended and make improvements when warranted. This will help companies avoid substantial fines, penalties, imprisonment, legal fees and reputational damage, among others.

RSM’s Trade Advisory experts have proven industry experience with export controls and sanctions from their many years as corporate leaders and consultants. Together with our Government Contracting practice, our tenured teams can conduct risk assessments and tailor programs to assist corporate leaders enhance control environments and minimize risks.

Let's Talk!

Call us at +1 213.873.1700, email us at or fill out the form below and we'll contact you to discuss your specific situation.

  • Topic Name:
  • Should be Empty:

This article was written by Mark Ludwig, Jodi Ader, Luis Avila and originally appeared on 2024-03-07.
2022 RSM US LLP. All rights reserved.

The information contained herein is general in nature and based on authorities that are subject to change. RSM US LLP guarantees neither the accuracy nor completeness of any information and is not responsible for any errors or omissions, or for results obtained by others as a result of reliance upon such information. RSM US LLP assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect information contained herein. This publication does not, and is not intended to, provide legal, tax or accounting advice, and readers should consult their tax advisors concerning the application of tax laws to their particular situations. This analysis is not tax advice and is not intended or written to be used, and cannot be used, for purposes of avoiding tax penalties that may be imposed on any taxpayer.

RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each is separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit us for more information regarding RSM US LLP and RSM International. The RSM logo is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.

​Vasquez & Company LLP is a proud member of the RSM US Alliance, a premier affiliation of independent accounting and consulting firms in the United States. RSM US Alliance provides our firm with access to resources of RSM US LLP, the leading provider of audit, tax and consulting services focused on the middle market. RSM US LLP is a licensed CPA firm and the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.

Our membership in RSM US Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise and technical resources.

For more information on how ​Vasquez & Company LLP can assist you, please call +1 213.873.1700.

Subscribe to receive important updates from our Insights and Resources.

  • Should be Empty: