| This page with graphics | Disarmament Diplomacy | Disarmament Documentation | ACRONYM Reports |

| Acronym Institute Home Page | Calendar | UN/CD | NPT/IAEA | UK | US | Space/BMD |

| CTBT | BWC | CWC | WMD Possessors | About Acronym | Links | Glossary |

Disarmament Diplomacy

Issue No. 82, Spring 2006

Industry and Nonproliferation: Don't Neglect the First Line of Defence

Matthew C. Fuhrmann

Recent evidence suggests that proliferators can obtain the makings of weapons of mass destruction (WMD) either through lawful trade on the open market or through illicit trade on the black market. Either way, sensitive technologies are purchased, not stolen. The unravelling of the A. Q. Khan network, which bolstered the nuclear programmes of Pakistan, Iran, Libya and North Korea, revealed that proliferators are adept at using front companies, brokers, and falsified documentation to circumvent national export controls. And we now know that the Iraqi WMD programme was built by setting up elaborate networks of shell companies and channelling trade through intricate transshipment routes.[1]

Legal trade on the open market may be just as problematic from a nonproliferation standpoint. According to the recently released "Annual Report to Congress on Foreign Economic Collection and Industrial Espionage", foreign entities attempting to acquire US technology usually do so through direct requests (e-mail, phone, fax, letter, or in person) that are "sometimes legal" and without direct government intervention.[2]

At the end of the day, industry is the most likely source for items that could help terrorist organisations or countries of concern consummate their WMD aspirations. Almost all components of a WMD programme are dual-use items - materials and technologies that have both civilian and military applications - meaning that they are exported by companies operating outside of direct state control. Thus, the efficacy of nonproliferation export control systems, which encompass the regulations governments rely on to regulate dual-use trade, ultimately depends on the vigilance of industry. It is crucial for companies to know their customers and take measures to ensure that the sensitive goods they export do not end up in the hands of terrorists or other actors of concern. Simply put, the nonproliferation war begins with the private sector.

Restricting access to sensitive dual-use technology at the earliest stage - that is, before it is exported by industry - seems like the most efficient and obvious nonproliferation strategy. Yet the role of industry generally fails to command the attention it deserves in policy circles, and accordingly governments and multinational institutions have largely neglected it as a nonproliferation instrument. Clearly, the time has come to re-evaluate the role that companies can and should play in nonproliferation, bearing in mind the importance of balancing trade with security.

Neglecting Industry

There are signs that the global community, particularly the United States, has undervalued the importance of industry in nonproliferation. While paying lip service to the importance of industry in advancing national security objectives, policymakers at the highest level have not thought out adequately how they can use the private sector as a nonproliferation tool. Both the Bush administration's "National Strategy to Combat Weapons of Mass Destruction" and UN Security Council resolution 1540, a US-inspired resolution that seeks to internationalise nonproliferation standards, mention industry and export controls; but the documents fail to articulate just how the private sector can support US and multinational nonproliferation efforts.

The former document states that Washington will work to strengthen export controls while focusing resources on the most sensitive exports and removing unnecessary barriers to trade.[3] It gives scant mention to the importance of vigilance within industry and the importance of enlisting private industry as a partner to help achieve nonproliferation objectives. Similarly, Operative Paragraph 8 of UNSCR 1540 calls upon states to "develop appropriate ways to work with and inform industry and the public regarding their obligations under such laws", but this vague mandate is the only mention of industry in this seminal resolution.[4]

Officials at lower levels of the executive branch more fully appreciate the importance of industry. The US Department of Commerce's Bureau of Industry and Security (DOC/BIS), which is responsible for administering most US export control regulations on dual-use items, recognises that "industry has an important role to play in preventing exports and reexports contrary to the national security and foreign policy interests of the United States."[5] DOC/BIS encourages companies to "know their customers" and to look for the "red flags" associated with dubious transactions.

Similarly, in April 2005, Paul Longsworth, the top nonproliferation official at the Department of Energy's National Nuclear Security Administration (DOE/NNSA), implored exporters to carry out "due diligence" on proposed exports of nuclear-related materiel.[6] However welcome these sentiments might be, they have not been followed up with specific policy recommendations or concrete evidence of tighter cooperation between government and industry.

Policymakers have not solicited comprehensive data on industry leaders' perceptions of export controls, the prevalence of and reasons for violations, incentives for internal compliance and disincentives for noncompliance, and other information useful for bolstering government-industry cooperation. Several commissions and task forces have examined the private sector's responsibilities, but they generally underplayed the importance of industry. Many were also paid for by businesses with interests in the area, calling their objectivity into question. The 2000 Nunn-Wolfowitz Task Force Report, for example, outlined "best practices" for companies subject to US export control regulations and urged US companies to allocate more resources to better educate employees about export control laws and to set up procedures for identifying and reporting potential violations.[7] Commissioned by Hughes Electronic Corp. amidst accusations that the firm had violated export control regulations by exporting satellite technology to China, the Nunn-Wolfowitz study did not recommend placing more of the nonproliferation burden on industry. The lack of follow-on analysis regarding industry suggests that Washington attaches relatively low priority to industry compliance.

Problems with the Current Approach

The US government generally holds one-way discussions with industry leaders. In other words, Washington tends to treat industry as an adversary rather than a partner. Outreach conducted by the US government tends to emphasise the repercussions firms will suffer if they fail to comply with export control regulations, rather than the integral role industry plays in achieving US national security objectives.

Washington is quick to reach for the stick in its relations with industry. Stiff sanctions, including suspension of exporting privileges, are levied against firms that commit export control violations, especially following the September 11, 2001 terrorist attacks. The government publishes a report entitled "Don't Let This Happen to You," which lists examples of transgressions and corresponding punishments. It is meant to motivate firms that export controlled goods, helping them avoid the negative publicity that inevitably follows violations. The report includes a timely and coherent warning to industry: "Don't let an export violation ruin you!"[8] While coercion is undoubtedly an important component of a nonproliferation strategy that engages industry, this heavy-handed emphasis on sanctions to the exclusion of incentives propagates an antagonistic public-private relationship, restricting lines of communication and cooperation.

Some US firms continue to drop the ball with respect to their nonproliferation obligations, which indicates that the relationship between the public and private sectors needs to improve. While analysis of industry behaviour in this realm is sparse, the most recent figures indicate that export control violations are rife among US companies. According to a 2000 survey conducted by the Center for International Trade and Security at the University of Georgia (CITS/UGA), 30 percent of leading US exporters of strategic goods believed that export control violations occur "very often" or "often".[9]

In recent years, US entities have illegally exported sensitive dual-use technology to Iran and China, among other countries of concern. These transgressions usually take place inadvertently, owing to industry officials' ignorance or carelessness. Some transgressions on the part of industry are understandable - at least in part. US export control regulations can be difficult to comprehend and enforce. The CITS/UGA survey found that 81 percent of respondents attributed violations to a general lack of knowledge about US regulations. Particularly difficult to grasp are the "deemed export" provision, which prohibits firms from releasing controlled technology to a foreign national in the United States when a license would be required to export that technology to the foreign national's home country, and the regulations on intangible transfers, which control knowledge in addition to actual technology. The complexity of these requirements necessitates new, innovative strategies to certify that exporters understand and fulfil their nonproliferation obligations.

The US government encourages firms that export dual-use goods to implement formal programmes to ensure that their exports or services do not contribute to terrorism or entities of proliferation concern. Firms generally enact these voluntary programmes, often dubbed export management systems (EMS) or internal compliance programmes (ICP), with government help, but there is no requirement in law for them to do so. And recent evidence suggests that many firms have still not put compliance programmes in place. According to the CITS/UGA survey, 22 percent of leading US exporters of high-tech items had no such programme. While many of these firms may have instituted compliance programmes in the years since the survey was published, it remains an open question whether they are robust enough.

The Challenges of Engaging Industry

Devising new ways to engage industry is integral to US nonproliferation strategy. But the path toward truly effective industry involvement in nonproliferation could be a rocky one. Globalisation, for instance, offers significant challenges that must be overcome. The globalised business environment makes it increasingly difficult to protect US technology, especially given the potential for intangible transfers. As the aforementioned "Annual Report to Congress on Foreign Economic Collection and Industrial Espionage" notes, US firms are increasingly conducting research and development outside US borders, "where providing physical security will be difficult and where legal protection of technology, trade secrets, and innovation is weak or nonexistent".[10]

More and more firms are using foreign partners and subsidiaries to conduct business. The bottom line is that the foreign availability of sensitive dual-use items has increased substantially throughout the last decade. The United States no longer dominates such important commercial sectors as aerospace, manufacturing, encryption software, and high-performance computers. Thus, unilateral non-proliferation export control policies will not be as effective as they were in the past. The private sector must be engaged at the multilateral level. In today's globalised environment, adopting even rigorous export control regulations without multilateral support may only harm American exporters while yielding few benefits for American nonproliferation policy. Indeed, US business leaders increasingly voice frustration at what they deem unduly cumbersome regulations; many assert that restrictive export policies have deterred foreign clients from purchasing their components and technology.

Aligning policy on the multilateral level could prove politically difficult, even among close allies. Differing threat perceptions - the United States, for example, views Iran as a strategic adversary but Russia does not - and divergent national priorities have made international cooperation on export control issues surprisingly difficult in the past. However, widespread international cooperation leading to unanimous approval of UNSCR 1540 and the Proliferation Security Initiative (PSI) suggests that many nations are genuinely committed to nonproliferation. This commitment could be put to work garnering multilateral support for enlisting the private sector in nonproliferation efforts. The United States needs to start at home, crafting outside-the-box approaches that bring industry into the fight.

Proposals for Bringing Industry on Board

What exactly can be done to engage industry more closely? Gathering more information is an obvious first step. The US government should create an independent commission to thoroughly examine the roles and responsibilities of the private sector and to consider delegating additional responsibilities to industry. Without this data, it is difficult to say confidently that the government should share the nonproliferation burden with industry, but all data currently in hand point in that direction. Four low-cost approaches would move the United States toward closer public-private collaboration.

Step up national and international outreach

First, the US government should step up its outreach endeavours, both nationally and internationally, with a view to improving personnel performance within industry. After all, the effectiveness of modern, sophisticated export control systems depends more on the effectiveness of human involvement and practice than the technological or economic factors. Governmental outreach must go beyond merely informing companies about export control regulations. Helping industry leaders fully to comprehend why sensitive goods are controlled and how their efforts assist broader US nonproliferation strategies is a must.

Firms that export sensitive technologies need to understand that that they are major players in the nonproliferation regime. Additionally, industry must recognise that foreign trade, especially transactions involving sensitive dual-use or military goods, is not a free-market right but rather a privilege that carries certain obligations related to national security.

To encourage vigilance and alter industry's mindset, future outreach could work towards instilling an "export control culture" within industry to foster disciplined, well-trained, and responsible custodians who embrace their nonproliferation responsibilities.[11] By nurturing proactive and security-oriented habits among personnel, and promoting professional standards of honesty, integrity and responsibility, the US government can encourage compliance with nonproliferation regulations that is tied less to government-imposed carrots and sticks.

Promoting an export control culture within industry will be easier in countries that already have in place robust export control infrastructures. In fact, elements of a desirable export control culture are already present among, say, American, German, and Japanese firms, but need to be reinforced, embedded and propagated more widely within the relevant industries. To be effective, export control culture must also be international.

Fostering restraint and conscientiousness among firms in the former Soviet republics, where by all accounts export controls are a matter of indifference, is one immediate challenge. Washington should take the lead in this endeavour, perhaps under the auspices of the State Department's Export Control and Related Border Security Programme (EXBS), which provides training and technical assistance to more than 40 countries.

Is it possible to change the mindset of industry and instil a new culture? The Polish experience suggests that it is. Polish exporters had few security obligations throughout much of the 1990s. Transactions halted due to security concerns were usually the result of government action, not the voluntary initiative of industry.[12] To rectify this, Poland tapped US assistance, fortifying its export control legislation and promoting awareness of regulations within industry. As a consequence, Poland earned a reputation as an innovator in the sphere of government-industry relations, becoming the first country to require enterprises that trafficked in controlled items - including brokers, freight forwarders, and other individuals who provided export services - to adopt government-certified compliance programmes.

International coordination

Second, international cooperation and coordination between industry, governments, and the multilateral export control arrangements (namely the Missile Technology Control Regime, the Australia Group, the Nuclear Suppliers Group, and the Wassenaar Arrangement), which work to monitor and regulate the trade of sensitive technologies at the multilateral level, must be deepened.

The current business and political environments demand more robust and coordinated efforts in the sphere of government-industry cooperation. In the United States, industry and government are not on the same page even on such simple matters as whether the government rewards companies for self-reporting export control violations. On the record, the government has stated: "one thing that we definitely highlighted... is how important we value self-disclosure, how important voluntary disclosures are and that they will be given great weight and they are given great weight."[13] However, from industry's perspective, an element of uncertainty has begun to plague the procedures for self-reporting. Many companies are beginning to question whether firms that self-report violations are being rewarded at all.[14] Better coordination and communication are clearly in order.

Develop international best practice guidelines

Third, Washington should consider working with foreign governments, the export control arrangements, and companies around the globe to develop an agreed set of international best practices, derived from a mélange of existing and novel policies, to which firms must adhere. The primary purpose of these best practices would be to standardise compliance programmes from country to country. Of paramount importance would be a channel for open communication between industry, governments, and the export control regimes to share important intelligence relating to end-users of proliferation concern. Japan and several European states have already taken positive steps in this direction, requiring companies to train and institute similar policies among their foreign partners and subsidiaries.[15] More must be done in this vein. Industry, and thus the nonproliferation regime, is only as strong as its weakest link.

Incentives

Fourth, the US government should consider offering incentives, including a reduction in the amount of time it takes to process license applications, to companies that adopt these best practices.

The US Customs and Border Protection's Customs-Trade Partnership against Terrorism (C-TPAT) initiative is worth examining as a model. C-TPAT is a programme to bolster border security that builds cooperative relationships between customs and the "owners" of the supply chain (importers, carriers, brokers, warehouse operators, and manufacturers). In exchange for agreeing to a series of increased security measures aimed at maintaining the integrity of the supply chain, businesses face fewer customs inspections, decreasing the amount of time their goods are held up at border crossings and bolstering their bottom lines. C-TPAT shifts many enforcement responsibilities from customs to individual businesses, enabling them to play an active role in opposing terrorism and crime.[16]

This type of cooperative initiative is necessary to alter the dynamic of the relationship between government and industry. Most importantly, devising strategies of engagement based on incentives, rather than strictly sanctions-based approaches, would spread the burden of nonproliferation more equitably. In this way, the private sector can be made part of the solution rather than remaining part of the problem.

Conclusion

The recommendations presented here do not represent a panacea. Of course, no solitary approach to nonproliferation can be sufficient. Distinct, layered, outside-the-box tactics stand a better chance of attaining ambitious goals. Those seeking to acquire sensitive dual-use technologies are getting smarter and to keep pace the international community must devise more innovative approaches to nonproliferation. As former Senator Sam Nunn recently warned, our enemies "are racing and we are somewhere between a walk and a crawl".[17] Winning over industry to nonproliferation is a low-cost and efficient means to get us running a bit faster.

Notes

[1] See Michael Beck and Seema Gahlaut, 'Creating a New Multilateral Export Control Regime,' Arms Control Today, April 2003.

[2] 'Annual Report to Congress on Foreign Economic Collection and Industrial Espionage - 2004,' Office of the National Counterintelligence Executive (ONCIX), April 2005.

[3] See 'National Strategy to Combat Weapons of Mass Destruction,' Arms Control Today, January/February 2003.

[4] UNSCR 1540, Operative Paragraph 8d, April 28, 2004.

[5] Department of Commerce, Bureau of Industry and Security, 'Know Your Customer Guidance,' available at http://www.bis.doc.gov/ComplianceAndEnforcement/
KnowYourCustomerGuidance.htm
.

[6] 'DOE Wants Industry Help in War on Proliferation,' Nuclear Fuels, April 25, 2005.

[7] 'Nunn-Wolfowitz Task Force Report: Industry 'Best Practices' Regarding Export Compliance Programs,' July 25, 2000, available at http://www.kslaw.com/library/pdf/nunnwolfowitz.pdf; and Jeremy Singer, 'Study Puts Satellite Export Law Compliance Over Sales,' Defense News, August 7, 2000.

[8] 'Don't Let This Happen To You: Real Life Examples of Export Control and Antiboycott Violations,' April 2005, available at http://www.bis.doc/gov/ComplianceAndEnforcement/
Dont_Let_This_Happen_To_You_2005.pdf
.

[9] 'Survey on US Industry Compliance and Export Controls: Executive Summary,' available at http://www.uga.edu/cits/documents/html/us_industry_compliance.htm.

[10] 'Annual Report to Congress on Foreign Economic Collection and Industrial Espionage - 2004,' Office of the National Counterintelligence Executive (ONCIX), April 2005.

[11] For more on this see Dmitriy Nikonov, 'To Improve Export Controls, Train and Motivate Personnel', The Monitor 11, Spring 2005, pp. 16-21. For more on the broader security culture concept see Igor Khripunov, Dmitriy Nikonov, and Maria Katsva, Nuclear Security Culture: The Case of Russia (Athens, GA: Center for International Trade and Security, December 2004), available at http://www.uga.edu/cits.

[12] 'Country Profile: Poland,' Center for International Trade and Security, Draft Report.

[13] 'Final Penalty Guidance Reveals How Agency Will 'Typically' Enforce Rules,' The Export Practitioner, March 2004, p. 17.

[14] See, for example, Adrienne Braumiller, 'To Disclose or Not to Disclose,' Journal of Commerce, June 21, 2004.

[15] Richard Cupitt, Multilateral Nonproliferation Export Control Arrangements in 2000: Achievements, Challenges, and Reform, p. 48, available at http://csis.org/export/articles/cupitt.pdf.

[16] For more on C-TPAT see 'C-TPAT Fact Sheet and Frequently Asked Questions,' available at http://www.customs.gov/xp/cgov/import/commercial_enforcement/ctpat/fact_sheet.xml.

[17] 'Experts Charge United States Not Doing Enough to Prevent Nuclear Terrorism, Proliferation,' Global Security Newswire, June 28, 2005.

Matthew Fuhrmann is a research associate at the Center for International Trade and Security, University of Georgia.

Back to the top of page

© 2006 The Acronym Institute.