RTX: Endemic ITAR Compliance Failures

Posted

RTX Corporation, the defense contracting roll-up has entered into a settlement agreement with the U.S. Department of State following a comprehensive investigation into violations of the Arms Export Control Act (AECA) and the International Traffic in Arms Regulations (ITAR).

The Firm, created in a 2020 merger of Raytheon and United Techologies, settled a boggling array of allegations that it violated the ITAR in connection with

  • unauthorized exports of defense articles
  • the failure to establish proper jurisdiction and classification; unauthorized exports of defense articles, including classified defense articles;
  • unauthorized exports of defense articles by employees via hand-carry to proscribed destinations listed in ITAR § 126.1;
  • and violations of terms, conditions, and provisos of DDTC authorizations.

As United Tech and Raytheon had recently completed remedial agreements with State, the charging documents highlighted "historical systemic failures in Rockwell Collins’ export control compliance program."

"While all of Respondent’s affiliates committed a substantial number of violations," the complaint states, "pervasive ITAR compliance weaknesses at Rockwell Collins resulted in many of the most egregious violations such as unauthorized exports of technical data to the PRC to facilitate procurement of defense articles from Chinese entities."

By paying $100 million in fines and promising to spend another $100 million on compliance programs, the firm avoids debarment and further criminal or civil action.

Investigation Overview

The investigation covered activities from August 5, 2017, to September 29, 2023, and identified multiple unauthorized exports and reexports of defense articles, including classified defense articles, to destinations such as China, Russia, Iran, and Lebanon. These violations involved the unauthorized transmission of technical data, defense articles, and classified materials to entities that were not approved by the U.S. government, violating strict export controls designed to protect U.S. national security interests.

Many of the violations stemmed from historical systemic failures in the export control compliance program of Rockwell Collins, a company acquired by RTX in 2018. Rockwell Collins, before its acquisition, had significant weaknesses in its ITAR compliance, leading to numerous unauthorized exports of technical data to countries like the People's Republic of China (PRC).

These compliance issues were characterized by misclassifications and failure to establish proper jurisdiction over defense articles and technical data.

Categories of Violations

The violations detailed in the charging letter fall into four broad categories:

  1. Unauthorized Exports of Defense Articles Due to Misclassification: Many violations occurred because RTX and its affiliates  failed to properly establish jurisdiction and classification of defense articles. This failure led to unauthorized exports of technical data and other defense articles, which were mistakenly classified under the less restrictive Export Administration Regulations (EAR) instead of the more stringent ITAR. For instance, misclassifications resulted in unauthorized exports of technical data related to the Boeing E-3 Sentry Airborne Early Warning and Control Aircraft and the Embraer KC-390 Millennium Medium Weight Transport Plane to Chinese foreign-person employees.

  2. Unauthorized Exports of Classified Defense Articles: The company also exported classified defense articles without proper authorization. In January 2023, RTX exported technical data misclassified in 2018 related to an aluminum display housing component of the F-22 Raptor Fighter Aircraft to Chinese foreign-person employees at a Collins facility in Shanghai. 

  3. Unauthorized Exports to Proscribed Destinations: RTX disclosed several instances where employees hand-carried mobile devices containing ITAR-controlled technical data to proscribed destinations such as Iran, Lebanon, Russia, and China. For example, an employee traveled to Iran with a company-issued laptop containing sensitive technical data related to the B-2 Spirit Bomber Aircraft and the F-22 Raptor Fighter Aircraft, which was detected when the employee attempted to connect to the internet while in Iran.

  4. Violations of Terms, Conditions, and Provisos of DDTC Authorizations: The company reported multiple violations related to its failure to comply with the terms, conditions, and provisos of DDTC authorizations. These included failing to furnish or properly complete required certificates, not returning defense articles previously exported under temporary export licenses in a timely manner, and failing to file accurate annual sales reports related to manufacturing licensing agreements.

Jurisdiction and Classification

Employees had incorrectly established that the relevant defense articles were controlled under the Export Administration Regulations (EAR), thus potentially resulting in additional undisclosed ITAR violations. The majority of these voluntary disclosures and violations arose out of jurisdiction and classification errors made by Rockwell Collins prior to its acquisition by UTC.

Controlled technical data was exported to the PRC on numerous occasions between 2014 and 2023.  The root cause of these violations is characterized as Rockwell Collins’ “historical misinterpretation” and “general misunderstanding” of the ITAR’s specially designed definition and release criteria in 22 C.F.R. 120.41.

Unauthorized procurement from the PRC resulting from this misclassification resulted in Collins delivering thousands of non-compliant Chinese-built USML Category XI(c)(2) printed wiring boards for end use on military platforms ranging from Air Force One, F-15, F-16 and F/A 18 Fighter Aircraft, the MQ-9 Reaper and U-2 Reconnaissance Aircraft, among others.

Other UTC-related misclassifications occurred because the work instruction given to classifiers before 2017 “provided no guidance on how to interpret and apply the ITAR Section 120.41(b)(3) release.”

Unauthorized exports of missile technology by Raytheon to customers in Allied and Arab states was attributed to "multiple root causes", including

  1. misapplication of the “specially designed” release set forth in 22 C.F.R. 120.41;
  2. failure to apply the “see-through rule” to defense articles;
  3. failure to provide specific guidance regarding specially designed hardware to engineers performing jurisdiction and classification assessments prior to May 2018; and
  4. failure to properly conduct an Order of Review on hardware that may contain lower-level assemblies subject to the ITAR.

Leadership Failures

"In one particular case, Respondent disclosed that its investigation found that the Global Trade (GT) department, including leadership of both Respondent’s pre-merger affiliate, Raytheon Missile Systems (RMS), and Raytheon Company Corporate, had knowledge of RMS’s ITAR §120.41(b)(3) failures and did not take appropriate measures to mitigate potential violations resulting from RMS’s reliance on erroneous classifications."

"in at least two cases, Respondent elected not to conduct a comprehensive review of its potential past violations of terms, conditions, and provisos of DDTC authorizations, instead reviewing authorizations that were “active” (i.e., not expired) at the time of the review.

In response to the Department’s request to explain this decision, Respondent explained that it restricted its review to active authorizations because Respondent “determined that the ongoing risk of continued non-compliance was greatest with the authorizations still in use.”

"Respondent further explained that Respondent “[did] not intend to conduct a review of its [nearly 700] DSP-73 and DSP-61 authorizations that expired in the past five years” based on its “analysis on the potential risk posed by its expired authorizations” from the types of violations identified through the review of active licenses, and the “time and resources that [Respondent] anticipate[d] that a review of its expired DSP-73 andDSP-61 licenses would take.”

Aggravating and Mitigating Factors

In determining the penalties, the State Department considered several aggravating and mitigating factors.

Aggravating Factors:

  1. Harm to U.S. National Security: The unauthorized exports to proscribed destinations, including China and Russia, were deemed harmful to U.S. national security. The unauthorized release of technical data, particularly data related to sensitive military platforms such as the F/A-18 E/F Super Hornet and the EA-18G Growler, provided these countries with insights into U.S. military technology and capabilities.

  2. Unauthorized Exports of Classified Defense Articles: The export of classified defense articles, including those designated as Significant Military Equipment (SME), without proper authorization to entities in proscribed destinations, highlighted serious breaches in RTX’s export control procedures.

  3. Recurrence of Violations After Corrective Actions: Despite the implementation of corrective measures following earlier violations, RTX continued to commit violations. This recurrence indicated systemic issues within the company's compliance culture and procedures.

Mitigating Factors:

  1. Voluntary Disclosure of Violations: RTX voluntarily disclosed 113 violations to the Directorate of Defense Trade Controls (DDTC) for activities between August 2017 and September 2023. The majority of these disclosures pertained to systemic failures at Rockwell Collins prior to its acquisition by RTX in 2018.

  2. Cooperation with the State Department: RTX fully cooperated with the Department’s requests for information throughout the investigation. The company entered into multiple agreements with the Department tolling the statutory period applicable to the enforcement of the AECA and ITAR.

  3. Investments in Export Compliance: Since the closure of prior Consent Agreements, RTX has dedicated significant resources to improve its export compliance program. These efforts included enhancing internal controls, investing in personnel and systems for monitoring and auditing ITAR compliance, and integrating acquired companies into its corporate compliance program.

Consent Agreement and Penalties

To resolve these violations, RTX has agreed to a Consent Agreement with the U.S. State Department. The agreement, effective for three years, requires RTX to undertake several compliance measures and pay a substantial civil penalty.

Compliance Measures

Under the Consent Agreement, RTX is required to:

  1. Enhance Its Export Compliance Program: Within nine months of the order, RTX must strengthen its compliance program with specific attention to AECA and ITAR-regulated activities. This includes ensuring all employees engaged in these activities are familiar with the relevant regulations and their responsibilities under them. Additionally, RTX must enhance its corporate compliance policies and procedures, focusing on the company’s business operations to prevent future violations.

  2. Implement an Automated Export Compliance System: RTX is also mandated to implement a comprehensive, automated export compliance system across all its divisions and subsidiaries involved in AECA and ITAR-regulated activities. This system is designed to improve internal controls and ensure compliance with export regulations.

  3. Conduct Regular Audits: The company must conduct at least one audit during the term of the Consent Agreement, performed by an outside consultant with expertise in AECA and ITAR matters. The audit will assess the effectiveness of RTX’s compliance measures and identify any areas requiring further improvement.

  4. Review Export Control Jurisdiction: RTX is required to review, verify, and complete the export control jurisdiction of all defense articles, including technical data, manufactured by its AECA and ITAR-regulated divisions and subsidiaries. This review must be concluded no later than 15 months after the order.

Financial Penalties

As part of the settlement, RTX has agreed to pay a civil penalty totaling $200 million. This penalty is divided into two components:

  1. Immediate Penalty Payment: RTX will pay $100 million in three installments over two years. The first installment of $34 million is due within 10 days of the order, with subsequent payments of $33 million each due within one year and on the second anniversary of the order.

  2. Suspended Penalty for Remedial Measures: The remaining $100 million will be suspended and allocated towards remedial compliance measures. This amount will be used to defray the costs associated with implementing the compliance enhancements specified in the Consent Agreement. However, this suspension is contingent on RTX meeting all requirements outlined in the agreement.

Future Compliance Commitments

RTX’s agreement with the State Department reflects a commitment to addressing past compliance failures and preventing future violations. The company has pledged to strengthen its export control processes and align its practices with U.S. national security interests.

RTX will focus on enhancing its internal controls, training employees on compliance responsibilities, and implementing automated systems to track export authorization requests. The company has also committed to conducting thorough reviews of its export control jurisdiction to ensure that all defense articles and technical data are accurately classified under ITAR.

Additionally, RTX will perform regular audits to assess the effectiveness of its compliance measures and identify any areas for improvement. The company’s senior management will be actively involved in overseeing these efforts to ensure that compliance with AECA and ITAR is maintained across all divisions and subsidiaries.

Prior Violations and Settlements

In its 2013 Proposed Charging Letter (PCL) to Raytheon Company, the Department separated the company’s violations into two broad categories:

  1. failure to properly manage Department- authorized agreements; and
  2. Failure to properly manage temporary export and import authorizations.”

The Department also observed “a corporate-wide weakness in . . . investigating and correcting errors that require[d] immediate, comprehensive, effective remedial action across [Raytheon Company’s] many operating units and subsidiaries.”

The Department also referenced specific instances wherein Raytheon Company “described a number of corrective actions for [one] business unit, but did not prescribe corrective actions for other business units that may have similar pervasive issues.”

Similarly, the Department’s 2012 PCL to UTC identified three broad categories of violations:

  1. unauthorized exports and reexports resulting from the failure to properly establish jurisdiction over defense articles and technical data;
  2. unauthorized exports resulting from the failure to exercise internal controls over technical data; and
  3. failure to properly manage Department-authorized agreements.”

The Department noted that UTC’s subsidiaries “repeatedly discovered and disclosed violations to the Department, in some cases finding that reported remedial measures failed to prevent or detect additional similar violations.”

Similar violations occurred following the conclusion of Raytheon Company’s and UTC’s most recent Consent Agreements in 2018 and 2016, respectively.

"The Department notes that, since the closing of the prior Consent Agreements, Respondent has dedicated significant resources to sustain and improve its export compliance program and has worked to integrate companies it has acquired into that program.

"This includes investing significant resources in personnel and systems for the monitoring and auditing of ITAR compliance, and for the identification, reporting, investigation, and disclosure of potential ITAR violations.

"These investments were critical in identifying and remedying the violations described herein. Respondent has, nevertheless, committed numerous ITAR violations."

DDTC Documents

Year
Name
Description
Charging Letter
Agreement
Order
2024 RTX Corporation RTX Corporation settlement documents (PDF, 250KB) (PDF, 3.8MB) (PDF, 426KB)

Comments

No comments on this item Please log in to comment by clicking here