Undertake a full risk assessment prior to drafting your ECP to ensure your organization understands its risk profile and determines how it will mitigate areas of concern. Complete risk assessments on at least an annual basis after your initial review. Risk assessments help organizations understand what potential concerns should be mitigated through your ECP and other means. 

Routinely evaluate the effectiveness of your ECP and consider what events may trigger revisions to your organization’s ECP. Keep your ECP updated to meet your organization’s needs, including specific functions and tools used to manage compliance. Account for regulatory changes that may impact how your ECP is scoped. Stay aware of these regulatory changes and other changes that affect export compliance requirements.  

Design your ECP to account for your organization’s specific transactions subject to the Export Administration Regulations (EAR). ECPs should be tailored to an organization’s transactions and activities, accounting for the types of scenarios including exports, reexports, transfers (in country), and deemed exports/reexports that will occur. An effective ECP addresses the customers, products, and organizational functions involved with EAR subject activities.  

Specify how personnel will comply with your organization’s ECP. Make it as simple as possible for personnel to do the right thing and seek guidance if they are unsure. In addition to addressing any high-level policies that govern your ECP, be careful to include the specific details individual contributors need to know. Draft step-by-step guidance that clarifies key details, such as responsible parties and tools or systems that are used to complete various compliance processes. Explain associated recordkeeping requirements so staff know what files need to be retained and where. Include guidance tailored to different audiences such as human resources, sales, and technical staff.   

Make your ECP readily accessible to all within your organization and share it on a regular basis. Incorporate general export awareness training and other programming to ensure personnel understand their compliance obligations, even if they may not routinely engage in EAR subject activities. 

Include export compliance contact information in your ECP so it is clear who individuals should reach out to with EAR compliance questions or concerns. BIS strongly recommends exporters make compliance contacts at all levels widely known, including upper management. Keep individual contact information up to date and consider using shared compliance mailboxes or other tools to receive, acknowledge, and route requests in a timely manner. Take steps to ensure that compliance staff are viewed as a resource for personnel at all levels, helping the organization to achieve its goals. 

Explain that all personnel are responsible for reporting suspected or actual export violations and describe how to report incidents. Cite possible consequences and penalties for noncompliance to emphasize the importance of staying vigilant. When incidents are discovered or reported, immediately stop the transaction and investigate. BIS strongly encourages exporters to submit Voluntary Self-Disclosures to BIS when violations are identified. 

If your organization has questions regarding EAR compliance or ECPs, contact BIS for assistance. If you are writing an ECP or want help updating an existing ECP, you can utilize BIS’ ECP review service. Export Compliance Specialists will review your ECP based on the Export Compliance Guidelines: The Elements of an Effective Export Compliance Program. This is a free service for U.S. parties and is limited to one submission per organization. If you would like to take advantage of this program, submit your ECP to [email protected].

Please note that BIS does not approve, validate, or otherwise certify any organization’s specific written ECP. These best practices are meant solely as guidance. Each individual organization is responsible for deciding what works best for them and implementing a program that best suits their unique needs and covers their risks to ensure compliance with the EAR and all other federal regulations.