Export Control Compliance in focus: Lessons from the RTX settlement
Background:
RTX Corporation, formerly known as Raytheon Technologies, is facing serious allegations of violations of US export control laws. This case highlights the complex challenges faced by multinational companies in the highly regulated defense industry. The allegations cover the period from 2017 to 2023 and concern various business areas of the Group, including acquired business units.
Allegations:
At the heart of the allegations against RTX is the unauthorized export of defense goods, including classified information, to numerous countries – including sanctioned states. Particularly serious are cases in which technical data was transferred to Chinese companies, leading to the production of components for US military systems in China. Other charges include violations of license terms, misclassification of goods, and unintentional exports by employees on business travel.
Findings and recommendations:
The case reveals critical areas that companies should prioritize within their compliance strategy:
- Accurate classification:
- Implementation of a robust system for the correct classification of goods and technologies
- Regular training for responsible employees
- Introduction of a dual control principle for classification decisions
- Protection of sensitive data:
- Development and implementation of strict processes for handling classified information
- Use of advanced encryption technologies
- Regular security audits of IT infrastructure
- Employee training and travel policies:
- Conduction of comprehensive compliance trainings for all employees
- Creation of clear guidelines for business trips to sensitive countries
- Implementation of an approval process for taking devices on trips abroad
- License terms:
- Development of a central license management system
- Automated monitoring of license terms and periods
- Regular internal audits to check license compliance
- Due Diligence for company acquisitions:
- Conduction of thorough compliance reviews prior to company acquisitions
- Development of a structured integration process for compliance systems
- Regular audits after completion of the transaction
- Continuous improvement:
- Establishment of a process to regularly review and update the compliance program
- Establishment of an internal reporting system for potential violations
- Promotion of an open error management culture to identify issues at an early stage
Companies in regulated industries need to develop a proactive compliance culture supported by robust systems, regular audits and a commitment to continuous improvement. This is the only way they can meet the complex regulatory requirements and identify and prevent potential breaches at an early stage.