TaxTMI 
TaxTMI 
Inputs on Draft Internal Compliance Programme Document for adoption by Industry for export of dual use(SCOMET) items
X X X X Extracts X X X X
X X X X Extracts X X X X
....s of effective ICP, a draft document has been prepared in consultation with Bureau of Indian Standards (BIS). 2. In line with Para 1.07A of FTP 2023, which provides for consultation with stakeholders during the formulation or amendment of Foreign Trade Policy, Draft Management System Requirements for Internal Compliance Programme (ICP) for Dual-use items have been formulated and are enclosed as an Annexure to this Trade Notice. This Directorate invites views, suggestions, comments, and feedback from relevant stakeholders, including exporters, industry associations, and experts on the proposed amendments. 3. Stakeholders are requested to submit proposals, recommendations, or inputs to this Directorate for examination within 10 days from the issuance of this Trade Notice. Submissions may be made via email to scomet-dgft@ gov.in. 4. This Trade Notice is issued with the approval of the competent authority in accordance with the provisions of Para 1.07A of FTP 2023. (B Kruti) Deputy Director General of Foreign Trade (Issued from F.No.01/77/171/059/AM24/EC(S) Annexure: Draft Public Notice for notifying the Internal compliance Programme Document by Industry for export of SCOME....
X X X X Extracts X X X X
X X X X Extracts X X X X
....lications. The list of these dual-use items is called the Special Chemicals, Organisms, Materials, Equipment and Technologies (SCOMET) List. Export of SCOMET items is either prohibited for export, or restricted, or exempted from such authorisation for export to certain destinations with certain port-reporting and recordkeeping requirements etc. India is a member of three multilateral export control regimes: the Wassenaar Arrangement, Missile Technology Control Regime, and Australia Group, which have contributed to the goals of non-proliferation by issuing guidelines for export controls and lists of specific items whose exports are to be regulated. As per our national laws and regulations, export of technology related to items specified under the SCOMET list is also controlled and requires an authorisation from the licensing authority. Companies and other organisations dealing with dual-use items are mandated to comply with export control regulations. Effective control of exports to prevent proliferation of dual-use items is possible only if all the stakeholders, including manufacturers of dual-use items, expor....
X X X X Extracts X X X X
X X X X Extracts X X X X
....efinitions are derived from internationally accepted standards, such as ISO 37301 (Compliance Management Systems), ISO 31000 (Risk Management), and ISO 27000 (Information Security), and adapted for the Indian export control context. For the purposes of this document, the following terms and definitions apply. ISO and IEC maintain terminology databases for use in standardization at the following addresses: 7. ISO Online browsing platform: available at https://www.iso.org/obp 8. IEC Electropedia: available at https://www.electropedia.org/ 3.1 Objective An objective is a specific result an organisation aims to achieve. ISO 37301:2021 - Clause 3.6 3.2 Organisation An organisation refers to a company, institution, or any group of people that work together toward shared goals and have defined roles and responsibilities. ISO 37301:2021 - Clause 3.1 3.3 Responsibility Responsibility means being assigned to carry out tasks and make decisions to meet compliance goals. It includes taking necessary action within the role assigned. 3.4 Accountability Accountability is the obligation to answer for completing a responsibility, ....
X X X X Extracts X X X X
X X X X Extracts X X X X
....xity, and risk landscape to shape an effective ICP. 9. Geographical Location: Specific regulatory requirements and enforcement activities may vary depending on the organization's geographic locations and operations. 10. Subsidiaries and customers: The compliance risk and complexity can increase with subsidiaries in various jurisdictions and diverse customer profiles. 11. Nature of dual-use items: Analyse the types of dual-use items involved, their applications, and associated risks. 4.2 Understanding the needs of interested parties The main interested party in ICP are the regulatory bodies, which are often government entities, which have several key needs. They require organizations to establish and implement controls that ensure compliance with laws and regulations. This includes the development of internal policies and procedures that align with regulatory standards. Regulatory bodies also need to monitor how organizations are complying with these laws and regulations. This involves assessing the effectiveness of an organization's compliance program and its adherence to regulatory requirements. When non-....
X X X X Extracts X X X X
X X X X Extracts X X X X
....communicate to all employees the importance of export compliance, the commitment to adhere to the export control regulations and support to the internal compliance procedures of the organisation. The management commitment entails a formal statement on the organisation's letterhead, dated and signed by the senior management of an organisation. This statement should be reviewed and disseminated annually. It should also be included in the organisation's ICP document and made available to all the employees. The management commitment statement should contain the following: 7. There would not be any exports or transfers of controlled, dual-use items made in violation of the applicable national laws and regulations on export controls. 8. Information on action taken in case of non-compliance within the organisation. For example, appropriate actions taken within the organisation, voluntary self-disclosure, or intimation to the relevant government authorities, etc. 9. Information of the Chief Export Control Officer or other equivalent designation, or any other nominated persons from the export control or relevant de....
X X X X Extracts X X X X
X X X X Extracts X X X X
.... 13. Grant the Chief Export Control Officer or any other equivalent designation and the team access to all relevant laws and regulations; for example, national laws and regulations, UN Security Council sanction lists, SCOMET/dual-use export control list, etc. 14. Make available the contact details of the Chief Export Control Officer or any other equivalent designation and the team. If the duties of export control officer are being outsourced, then organise and make available the communication of the organisation with the outsourced persons. 5.4 Communication There should be comprehensive training programs educate all personnel on the Service Quality Policy, ICP procedures, and individual roles and responsibilities. Open communication channels, including hotlines and forums, foster a collaborative environment where ethical conduct thrives. Stakeholder engagement expands the message of compliance beyond the organization's walls, showcasing commitment to responsible practices and building trust within the broader ecosystem. 6.0 Planning the Service Delivery 6.1 Actions to address Risks The organizations....
X X X X Extracts X X X X
X X X X Extracts X X X X
....rom the relevant government authority. 10. Screening for red flags or warning signs, these are: 7. The customer is being opaque or unclear about the end-use or end-user of dual use items. 8. The stated end-use or the product's capabilities is inconsistent or do not fir with the customer/buyer's line of business, level of technical sophistication, etc. 9. Receiving unsolicited communication from any person or entity requesting assistance with modifying existing technology or software requesting training/guidance in modifying technology or software for a potential military/WMD purpose. 10. The customer is willing to pay cash or an expensive item when the terms of sale would normally involve financing. 11. A freight forwarding firm, agent or trader is listed as the product's final consignee or end user. 12. The shipping route is abnormal for the product and destination. 11. Determination of license requirements and licence application as appropriate, including the type of licence, the licencing authority, requirements of the application to be made, submitting the application, and required supporting do....
X X X X Extracts X X X X
X X X X Extracts X X X X
.... 12. The organization should review the effectiveness of the corrective actions to ensure that they have achieved their intended purpose. This is a crucial step in the continual improvement process. 6.4 Applicability to Sustainable Development Goals The organization should recognize the potential connection between their export/transfer activities and the UN Sustainable Development Goals (SDG). Specifically, implementing robust ICPs contributes to: 7. SDG 3: Good Health and Well-being: By preventing the proliferation of weapons of mass destruction and dual-use items with harmful application, ICPs promote global peace and security, contributing to healthier lives. 8. SDG 16: Peace, Justice and Strong Institutions: Effective ICPs strengthen legal frameworks and institutions responsible for enforcing export control laws, fostering a just and secure environment. 9. SDG 17: Partnerships for the Goals: ICPs encourage international cooperation and information sharing on sensitive materials and technologies, advancing collaborative efforts towards achieving the SDGs. 7.0 Support 7.1 Resources The organization shou....
X X X X Extracts X X X X
X X X X Extracts X X X X
....sp;documented information related to the ICP. This framework should outline the processes for creating, updating, and controlling documented information. 7.5.2 Creating and updating documented information Recordkeeping comprises procedures and guidelines for document storage, record management and traceability of export control related activities. Recordkeeping of some documents is required by law, e.g., all SCOMET or export control related application documents, including the correspondence documents with the buyer/intermediary/consignee/end-user/government, contracts, end-user certificated, financial records, shipping and trade related documents, etc. must be recorded for 5 years as per India's Foreign Trade Policy (FTP). Additionally, it may be useful for organisations to keep records of documents, e.g., documents describing the technical decision or assessment to classify an item under the SCOMET list, unit/employee who made that decision, end-user and end-use documentation, customs clearance and shipping/trade documents, records of technology transfers and relevant electronic communication, etc. A compil....
X X X X Extracts X X X X
X X X X Extracts X X X X
....rol laws and regulations. These reviews are designed to detect inconsistencies, so that procedures can be revised in case they are resulting in non-compliance. 9.2 Internal Audit The organisation should conduct regular internal audits to assess the effectiveness or inconsistencies of ICP and ensure its alignment with the organization's compliance objectives. Audits can be outsourced to an external, third-party auditor. Such reviews and audits can provide an unbiased evaluation and validation of the organisations' internal compliance procedures and practices. The organisation should: 7. Develop and perform audits to check the design, adequacy, and efficiency of the export control related procedures. 8. Provide a mechanism for ad-hoc checks in the export control workflow, where required. 9. Establish procedures to govern the actions of employees when a suspected or known incident of non-compliance occurs. 10. Document the audit results. 11. Consider sharing the results of the review and audit process with the employees. The audit should be conducted by competent personnel and the results should be reported to t....
X X X X Extracts X X X X
X X X X Extracts X X X X
....action to eliminate the cause and prevent recurrence. The organization should: 7. Establish appropriate actions within the organisation for noncompliance, especially in case in intentional non-compliance. 8. External reporting, i.e., voluntary self-disclosure or intimation to the government authorities should be done as soon as the confirmation of non-compliance is received. This should be substantiated by supporting documents, as may be prescribed under the relevant procedures/guidelines notified by the government authorities. 9. Revise the ICP if needed after identifying potential vulnerabilities in the ICP, to ensure that non-compliance does not recur, and communicate the same to the employees. 10. Document the corrective measures taken by the organisation for suspected or actual breaches. 7. Review the effectiveness of the corrective actions to ensure that they have achieved their intended purpose. -------------------------------------------------------------------------------------------------------------------------------------------------- Annexure A: Case Study - Implementing Internal Compliance Program ....
X X X X Extracts X X X X
X X X X Extracts X X X X
....e GAICT framework by DGFT. Relevant ISO References: * ISO 37301:2021 - Compliance Management Systems - https://www.iso.org/standard/75080.html * ISO 31000:2018 - Risk Management Guidelines - https://www.iso.org/standard/65694.html * ISO 19011:2018 - Guidelines for Auditing Management Systems - https://www.iso.org/standard/70017.html ETSL, a mid-sized Indian electronics manufacturer, exports semiconductor testing equipment that falls under the SCOMET list due to its potential dualuse in civilian and defence applications. ETSL implemented an Internal Compliance Program (ICP) aligned with the guidelines outlined in this document to meet export control obligations and to qualify for the Global Authorisation for Inter-Company Transfers (GAICT) scheme under DGFT. 1. Understanding Context: ETSL operates in India with customers in Europe, the US, and East Asia. Given its exposure to multiple jurisdictions, it faces complex compliance risks. The ICP was designed to integrate export control considerations within daily operations, including R&D, logistics, and customer engagement. 2. Management Commitment: The senior man....