SUPPORTING STATEMENT
U.S. Department of Commerce
Bureau of Industry and Security
Application Requirements for License Exception
Intra-Company Transfers
OMB CONTROL NO. 0694-xxxx
This is a request for a new collection authority. This collection will allow exporters to apply for exemption from certain export licenses requirements under approved OMB Control No. 0694-0088.
A. JUSTIFICATION
1. Explain the circumstances that make the collection of information necessary.
Section 15(b) of the Export Administration Act (EAA) of 1979, as amended, authorizes the President and the Secretary of Commerce to issue regulations to implement the EAA including those provisions authorizing the control of exports of U.S. goods and technology to all foreign destinations, as necessary for the purpose of national security, foreign policy and short supply, and the provision prohibiting U.S. persons from participating in certain foreign boycotts. Export control authority has been assigned directly to the Secretary of Commerce by the EAA and delegated by the President to the Secretary of Commerce. This authority is administered by the Bureau of Industry and Security (BIS) through the Export Administration Regulations (EAR). The EAA is not permanent legislation, and when it has lapsed due to the failure to enact a timely extension, Presidential executive orders under the International Emergency Economic Powers Act (IEEPA) have directed and authorized the continuation in force of the EAR.
Under current regulations, an individual validated export license is required for companies to export, reexport, or transfer commodities, software, and technology that are subject to the EAR for internal use by their wholly-owned or controlled in fact entities operating in another country. In addition, the current regulations may require a license to release controlled technology or source code to certain foreign nationals at facilities in the United States and abroad. License Exception Intra-Company Transfers (ICT) will allow approved parent companies, and their approved wholly-owned or controlled in fact entities to export, reexport or transfer many controlled items to each other and to their foreign national employees for internal company use only, without obtaining an individual validated export license. In order to gain authorization from BIS to use this license exception, parent companies must document to BIS the existence of an effective internal control program, known under this proposed rule as an ICT control plan. Further, parent companies must submit certain company information, information showing effective implementation of an ICT control plan, and a signed statement agreeing to audits conducted by BIS as well as any disclosed deficiencies.
2. Explain how, by whom, how frequently, and for what purpose the information will be used. If the information collected will be disseminated to the public or used to support information that will be disseminated to the public, then explain how the collection complies with all applicable Information Quality Guidelines.
New section 740.19 of the EAR describes the how, who, frequency, and purpose of this collection. The rule has been uploaded into ROCIS.
To qualify for this license exception, the company must submit documentation to BIS. One such documentation is a description of the parent company’s ICT control plan, which addresses the following elements: corporate commitment to export compliance, physical security plan, information security plan, personnel screening procedures, training and awareness program, technology and software letter of assurance, self-evaluation program, non-disclosure agreements, and end-user reviews.
An ICT control plan can be a component of a more comprehensive export control compliance program or internal control program. All of the elements in an ICT control plan generate an increased level of awareness of export control compliance issues among company employees and help the company comply with the EAR. In order to show effective implementation of an ICT control plan, the parent company must also submit a representative sample of records showing implementation of the following elements: personnel screening procedures, training and awareness program, self-evaluation program, and review of end-user lists, where applicable.
In addition to the ICT control plan, parent companies must submit information about themselves and each wholly-owned or controlled in fact entity that they plan to include in their submissions for ICT authorization. This company information must include:
a. company contact information;
b. name and contact information of the employee(s) responsible for implementing the ICT control plan;
c. description of the relationship of each wholly-owned or controlled in fact entity to the parent company;
d. listing of each individual or organization that owns at least a 10% interest in the parent company and each wholly-owned or controlled in fact entity;
e. a list of the Export Control Classification Numbers (ECCNs) that will be exported, reexported, or transferred (in-country) under ICT;
f. a narrative describing the intended use of the listed ECCNs; and
g. a company officer of the parent company must submit a written statement that all eligible entities controlled by the parent company will allow audits by BIS to ensure compliance with ICT.
BIS needs the information described above in order to evaluate whether the parent company and its wholly-owned or controlled in fact entities have a sufficient internal procedures in place to protect controlled commodities, software, and technology, and thus merit streamlined treatment for intra-company transfers.
BIS will evaluate the ICT control plan and company information and notify the parent company if it may use License Exception ICT and inform which wholly-owned or controlled in fact
entities may use ICT for future exports, reexports, or transfers (in-country).
After obtaining ICT authorization, approved parent companies and their approved wholly-owned and controlled in fact entities must retain copies of their ICT control plan and associated materials, including signed non-disclosure agreements, as well as maintain records, by ECCN, of the items on the Commerce Control List that have been exported, reexported, or transferred within country under the authority of this license exception. In addition, each year approved parent companies must submit an annual report to BIS listing the names, date of birth, and nationality of foreign national employees that received technology or source code under ICT, as well as a listing of said foreign nationals that leave the company. BIS is requesting this information in order to examine the use of License Exception ICT and measure its effectiveness. BIS believes that the benefits of ICT outweigh the burden associated with such reporting requirements, because there would be little wait time for the foreign national to access the technology or source code after being hired. The reporting requirement would come only at the back-end of the process and would not be an impediment to research and innovation. Also, BIS is requiring that company officials certify that the companies in question are in compliance with ICT and that any deficiencies be disclosed.
Finally, after obtaining ICT authorization, approved parent companies may be required or may choose to make additional changes to their ICT submissions. For instance, parent companies and their wholly-owned or controlled in fact entities authorized to use License Exception ICT may need to notify BIS of any name changes to the entities or changes to the entities if one is newly-acquired by another parent company. Furthermore, approved parent companies may desire to request ICT authorization for additional ECCNs or for additional wholly-owned or controlled in fact entities that were not part of the original submissions.
The Section 515 Information Quality Guidelines apply to this information collection and comply with all applicable information quality guidelines, i.e., OMB, Department of Commerce, and specific operating unit guidelines.
Describe whether, and to what extent, the collection of information involves the use of
automated, electronic, mechanical, or other technological techniques or other forms of information technology.
BIS plans to accept documents electronically, including e-mail or other electronic format such as CDs or disks.
4. Describe efforts to identify duplication.
The information required by this collection is unique to each application. The information is not duplicated anywhere else in Government nor is it available from any other source.
5. If the collection of information involves small businesses or other small entities, describe the methods used to minimize burden.
The EAR applies to all entities that export, reexport, or transfer commodities, software, and technology that are subject to the EAR. The EAR potentially affects any entity in any sector that chooses to export, reexport, or transfer items subject to the EAR. Thus, while this proposed rule could potentially have a significant economic impact on small entities, BIS believes that this proposed rule will not impact a substantial number of small entities.
BIS does not have data on the total number of small entities that are potentially impacted by the requirements of the EAR, but BIS does maintain data on actual licenses applied for by entities of all sizes. In order to examine the number of small entities that would be impacted by this proposed rule, BIS examined the licensing data to find approved licenses that would potentially qualify for an intra-company transfer. Using this data as well as using estimated burden hours in gaining ICT authorization, BIS conducted a cost-benefit analysis to see which entities would likely choose to apply for authorization. BIS also examined all approved licenses that could qualify as intra-company transfers to determine if any entities were small entities.
Upon initial examination of licensing data from 2004 to 2006, BIS found that approximately 200 companies had licenses approved that could potentially qualify as an intra-company transfer. Of those 200 companies, the vast majority consisted of large parent companies, medium-sized companies, or companies that were owned by larger domestic or foreign companies. This result supports the premise that entities that would avail themselves of ICT must be large enough to have subsidiaries or branches located in different countries that the entities control in fact.
Using burden hours for the cost-benefit analysis (as described in detail further below), BIS found that sixteen companies meet or come close to meeting the lowest burden threshold, and none of those companies is a small entity under the North American Industry Classification System (NAICS) standards.
Even if an entity without an internal control program utilizes a different cost-benefit analysis and decides to apply for ICT authorization, BIS licensing data show that the potential ICT candidate would not be a small entity. Only four companies, for which public information was available, were found to qualify as small entities under the NAICS. However, the potential intra-company licenses approved for these four entities would all be ineligible under License Exception ICT. The items approved for export were all items listed under § 740.2 that are restricted for export, reexport, or in-country transfer under all license exceptions. Therefore, no small entity was found to have licenses that were approved by BIS over a three-year period that would qualify under ICT, so BIS believes that this proposed rule would not involve small businesses or other small entities.
6. Describe the consequences to the Federal program or policy activities if the collection is not conducted or is conducted less frequently.
If this information is not collected BIS would be unable to issue ICT
7. Explain any special circumstances that require the collection to be conducted in a manner inconsistent with OMB guidelines.
There are no special circumstances that require the collection to be conducted in a manner inconsistent with OMB guidelines.
8. Provide a copy of the PRA Federal Register notice that solicited public comments on the information collection prior to this submission. Summarize the public comments received in response to that notice and describe the actions taken by the agency in response to those comments. Describe the efforts to consult with persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and recordkeeping, disclosure, or reporting format (if any), and on the data elements to be recorded, disclosed, or reported.
The proposed rulemaking requesting public comment will be published in the Federal Register in conjunction with this information collection request.
9. Explain any decisions to provide payments or gifts to respondents, other than remuneration of contractors or grantees.
There are no plans to provide payments or gifts to respondents.
10. Describe any assurance of confidentiality provided to respondents and the basis for assurance in statute, regulation, or agency policy.
Export licensing information submitted to the Department is protected from release to the public under article 12(c) of the EAA.
11. Provide additional justification for any questions of a sensitive nature, such as sexual behavior and attitudes, religious beliefs, and other matters that are commonly considered private.
There are no questions of a sensitive nature.
12. Provide an estimate in hours of the burden of the collection of information.
Burden Hours for an Individual Company
In estimating the burden hours for this collection of information, BIS first estimated the burden hours associated with each item of the collection of information. Thus, BIS estimated the burden hours for submitting the following: company information, ICT control plan, documentation showing effective ICT control plan, changes to the original ICT submission, annual report, and recordkeeping.
BIS first estimated that it would take two hours for companies to submit the required information on themselves and their wholly-owned or controlled in fact entities. Most of the information required will likely already be on file for other purposes, such as financial reports.
For estimating the burden hours with respect to the ICT control plan, BIS separated companies submitting an ICT control plan into two groups – (1) companies already having an internal control program in place, and (2) companies not currently having an internal control program in place. This was done because the burden hours associated with submitting an ICT control plan would vary significantly between the two groups. BIS found that it can take around a few months to start an ICT control plan from scratch. The majority of the time and cost is associated with traveling to the various facilities to put the internal control program in place. Advances in technology have reduced the amount of time that it would normally take companies in the past to develop an internal control program. Also, many companies already have elements of the ICT control plan in place such as training programs, personnel screening, information security, and physical security. Therefore, BIS believes that companies without an internal control program in place could develop and write a description of one that meets the requirements of an ICT control plan in approximately 240 hours.
Conversely, BIS estimated that it would take around four hours for a company already having an internal control program to ensure the internal control program meets the requirements of an ICT control plan and to write a description of the program for submission to BIS. Since the burden hours vary significantly between these two groups of companies, BIS has analyzed the two types of companies separately with respect to burden hours associated with ICT.
Along with the ICT control plan, companies must submit a representative sample of documents showing effective implementation of certain elements of the ICT control plan. These elements include personnel screening procedures, training and awareness program, self-evaluation program, and review of end-user lists, where applicable. BIS estimated that the burden hours should be less for companies already having an existing internal control program because they will likely already have this documentation available. Thus, BIS estimated it will take six hours for companies with an internal control program and sixteen hours for those without an internal control program to comply with this requirement.
BIS estimated that it would take one hour to submit changes to the original ICT submission, and that 60% of companies seeking authorization to use ICT would need to submit additional information in order to add a wholly-owned or controlled in fact entity to its list of eligible users, to request additional ECCNs for use of ICT, or to notify BIS of a change in control or a change in name to one of the entities.
For reporting and recordkeeping requirements, BIS estimated that five hours would be necessary for reporting and two hours necessary for recordkeeping. In making this determination (and other burden hour estimates), BIS believes that the vast majority of companies applying for and receiving ICT authorization will have the capability of maintaining electronic records and databases as well as automated tracking systems.
BIS estimates the burden hours as follows for each item of the collection of information for ICT:
Company information: 2 hours
ICT control plan
For companies with an existing internal control program: 4 hours
For companies with no existing internal control program: 240 hours
Documentation showing effective ICT control plan
For companies with an existing internal control program: 6 hours
For companies with no existing internal control program: 16 hours
Changes to ICT submission: (0.6)(1 hour) = 0.6 hour
Annual report: 5 hours
Recordkeeping: 2 hours
Cost-Benefit Analysis
Since submitting this information to use ICT is entirely voluntary, BIS conducted a cost-benefit analysis to establish when it would be in a company’s interest to seek authorization for ICT. In order to determine this threshold, BIS looked at what point the burden hours associated with applying for ICT authorization would equal the burden hours associated with applying for individual validated licenses.
BIS estimated the burden hours as follows:
Companies with an internal control program |
Companies without an internal control program |
Company information: 2 hours |
Company information: 2 hours |
ICT control plan: 4 hours |
ICT control plan: 240 hours |
Documentation showing effective ICT control plan: 6 hours |
Documentation showing effective ICT control plan: 16 hours |
Changes to ICT submission: (0.6)(1 hour) = 0.6 hour |
Changes to ICT submission: (0.6)(1 hour) = 0.6 hour |
Annual report: 5 hours |
Annual report: 5 hours |
Recordkeeping: 2 hours |
Recordkeeping: 2 hours |
TOTAL: 19.6 hours |
TOTAL: 265.6 hours |
The total burden hours during a three-year period for a company with an internal control program would be the above total for year one plus 7.6 hours for year two and 7.6 hours for year three, for a total of 34.8 hours (or 2088 minutes). (The 7.6 hour figure includes changes to ICT submission, annual reporting, and annual recordkeeping.) The total burden hours during a three-year period for a company without an internal control program would be the above total for year one plus 7.6 hours for year two and 7.6 hours for year three, for a total of 280.8 hours (or 16,848 minutes).
The burden hours associated with applying for an individual validated license are as follows:
Prepare and submit = 58 minutes
Miscellaneous/recordkeeping = 12 minutes
TOTAL = 70 minutes per license
The threshold by which companies (with an internal control program) would likely be inclined to apply for authorization to use ICT is the point at which the burden of applying for licenses (at 70 minutes per license) exceeds the total ICT burden hours (at 2088 minutes). The threshold by which companies (without an internal control program) would likely be inclined to apply for authorization to use ICT is the point at which the burden of applying for licenses (at 70 minutes per license) exceeds the total ICT burden hours (at 16,848 minutes). With “x” representing number of licenses, these thresholds are found by:
(70 min.)(x) = 2088 min. (70 min.)(x) = 16,848 min.
x = 30 licenses x = 241 licenses
With this result in mind, BIS examined individual validated licenses over a three-year period, from 2004 to 2006. By matching the name of the license applicant with the name of the ultimate consignee, BIS generated a list of licenses that would potentially qualify under License Exception ICT. BIS further conducted spot checks on many of these licenses to ensure that the items stayed within the company structure by examining the end-user.
In addition, BIS conducted a separate search to determine ICT eligibility for deemed exports and deemed reexports, since the ultimate consignee is often the foreign national receiving the controlled technology or source code, rather than the foreign national’s company.
From 2004 to 2006, BIS found that one company exceeded the 241 license threshold with 556 licenses (hereinafter referred to as Company A) and that one company exceeded the threshold with 403 licenses (hereinafter referred to as Company B). The next closest company had 141 total licenses. Based on prior experience with Company A and B, BIS knows that the companies have internal control programs already in place. As a result, there is no company, without an existing internal control program, that would meet the cost-benefit analysis threshold of 241 licenses.
From its cost-benefit analysis, BIS also found that 14 other companies, in addition to Company A and B, would meet, or come within five licenses of, the threshold of 30 licenses over a three-year period, as long as the companies already have an internal control program in place. BIS has knowledge that the majority of the 14 other companies currently have an internal control program in place. Thus, the actual total burden hours for an individual company would likely fall much closer to 19 hours than 265 hours for the first year.
Aggregate Annual Burden Hours
Based on its burden hour estimates and cost-benefit analysis, BIS has determined the following calculations.
The total estimated annual burden for this collection is 363.6 hours. The estimated annual cost is $12,726. The actual annual burden may be lower because the likelihood is minimal that a company without an internal control program would apply for authorization to use ICT. However, the actual annual cost may include more than labor costs as a company may need to invest in physical and information security as well as incur travel expenses to visit overseas facilities to ensure that the internal control program is operating effectively. Thus, it is possible the estimated annual cost could exceed $12,726 for larger companies, which do not have internal control programs in place, but do have numerous overseas subsidiaries and branches.
BIS expects to receive 6 License Exception ICT submissions annually. This number was arrived at by dividing 16 (the number of companies BIS believes may meet the cost-benefit threshold or come close to meeting the threshold) by 3 (the number of years collections are approved) and rounding up to the nearest whole number. Of those 6 ICT submissions received annually, BIS expects to receive no more than 1 from a company without an internal control program. BIS arrived at this estimate by looking at the 16 companies and determining which did not have qualifying deemed export licenses approved. BIS used deemed exports as a metric because deemed export license applications typically require submission of a technology control plan, which closely resembles the elements in an ICT control plan. Only three of the 16 were found to not have approved deemed export licenses. Among those three companies, BIS has knowledge that at least one has an internal control program. Thus, it is possible that the remaining two companies do not have any type of internal control program in place, so 2 was used as the total number of companies without an internal control program, and this figure was divided by three because of the three-year timeframe to arrive at 0.66 per year, which was then rounded up to 1 company.
The following table provides an estimate of the total burden for companies with an existing internal control program for this collection:
Item |
Number |
Time (hours) |
Total |
Company information |
5 |
2 |
10 |
ICT control plan |
5 |
4 |
20 |
Documentation showing effective ICT control plan |
5 |
6 |
30 |
Changes to ICT submission |
5 |
0.6 |
3 |
Annual report |
5 |
5 |
25 |
Recordkeeping |
5 |
2 |
10 |
Total |
|
|
98 |
The following table provides an estimate of the total burden for companies with an existing internal control program for this collection:
Item |
Number |
Time (hours) |
Total |
Company information |
1 |
2 |
2 |
ICT control plan |
1 |
240 |
240 |
Documentation showing effective ICT control plan |
1 |
16 |
16 |
Changes to ICT submission |
1 |
0.6 |
0.6 |
Annual report |
1 |
5 |
5 |
Recordkeeping |
1 |
2 |
2 |
Total |
|
|
265.6 |
Therefore, the total estimated annual burden for this collection is (98 + 265.6) = 363.6 hours.
The total cost is estimated by multiplying the total number of hours by $35 per hour (the average labor rate):
363.6 hours X $35 = $12,726
BIS estimates that this new collection will reduce the number of individual validated licenses in approved collection OMB Control No. 0694-0088 “Multipurpose Application” by 552 licenses annually. Also, BIS estimates that this new collection will reduce the number of foreign national review requests in approved collection OMB Control No. 0694-0088 “Multipurpose Application” by 30 requests annually. Consequently, BIS estimates that License Exception ICT will reduce the burden hours associated with individual validated licenses and foreign national
review requests by 40,740 minutes annually (582 licenses x 70 minutes). Therefore, BIS plans to submit a corresponding non-substantive change to OMB Control No. 0694-0088, reducing the burden by 679 hours.
13. Provide an estimate of the total annual cost burden to the respondents or record-keepers resulting from the collection (excluding the value of the burden hours in #12 above).
No special equipment or software is required for this collection so there is no capital cost to the respondents.
14. Provide estimates of annualized cost to the Federal government.
BIS estimates that it will require one export management and compliance specialist and/or licensing officer 4 hours, as long as the submission is complete, to review the ICT submission.
The cost for review is estimated to be $40 per hour. The total estimated cost to the Government to review 6 plans annually is therefore:
4 hours X 6 plans = 24 hours
24 hours X $40 = $960
15. Explain the reasons for any program changes or adjustments reported in Items 13 or 14 of the OMB 83-I.
Not applicable. This is a new collection.
16. For collections whose results will be published, outline the plans for tabulation and publication.
There are no plans to publish information obtained under this collection.
17. If seeking approval to not display the expiration date for OMB approval of the information collection, explain the reasons why display would be inappropriate.
Not applicable.
18. Explain each exception to the certification statement identified in Item 19 of the
OMB 83-I.
Not applicable.
B. COLLECTIONS OF INFORMATION EMPLOYING STATISTICAL METHODS
This collection does not utilize statistical methods.
| File Type | text/rtf |
| File Title | SUPPORTING STATEMENT |
| File Modified | 2008-10-03 |
| File Created | 2008-10-03 |