Penalties for sanctions lapses are surging, and sanctions regulations are growing exponentially more complicat­­ed. New sanctions are constantly being imposed, while other are being lifted. 

Keeping up with it all is enough to make any sanctions compliance officer’s head spin.  The real challenge for sanctions compliance professionals is how to manage these risks while still engaging in legitimate trade. 

That’s not an easy task for any company—but for a company that works strictly with the government, the pressure is huge. ManTech International, a provider of advanced technological services to the U.S. government, understand this well. In our latest Q&A, we caught up with Maria Assusa, director of corporate trade compliance at ManTech, to learn more about the company’s trade compliance program, what challenges it’s facing with the current trade sanctions environment, and lessons learned along the way.  

CW: First, tell us a little about ManTech.

MA: ManTech operates in 40 countries, with 8,000 employees and revenue of $1.9 billion.The company is split into two business units: Mission Solutions & Services (MSS) Group and Mission, Cyber & Intelligence Solutions (MCIS) group. 

Mission Solutions Group supports the Air Force, Army and Navy CONUS (the 48 contiguous States and the District of Columbia) and OCONUS (Outside Continental United States) work, while Mission, Cyber & Intelligence Solutions group is the leading providers of advanced technology services to the U.S. government. 

CW: What are your specific roles and responsibilities as director of corporate export controls?

MA: I am responsible for both business units’ export compliance. Currently, I review licensing applications and facilitate monthly international trade trainings related to screening customers and vendors, sanctions countries, facility access and international travel. Prior to every shipment, my team needs to make sure to conduct jurisdiction and classifications determinations and licensing and country charts applicability. Classifications are done daily, and then we determine if a license is required. Whether a license is required is based on what the item is, its classification, and where it’s going—that it’s not going to a sanctioned country, for example.

CW: How many full-time staff make up ManTech’s export compliance team? 

MA: We have three full-time personnel. The corporate director reports into the legal function, with two full-time direct reports. One resource is solely dedicated to the Mission Solutions & Services Group working on classifications for the Army and Navy and conducting multiple licenses determination per week, and the second resource works mainly on classified programs and licensing strategies for U.S. government customers—such as the National Security Agency, Department of Homeland Security, and other defense and intel departments. 

CW: What business functions does ManTech’s export compliance team collaborate with, and in what capacity?

MA: We work with all the functions and departments making sure we have solutions for export initiatives that interact with the daily work conducted outside of the United States. We work with HR, making sure we limit server access to foreign nationals. We work with supply chain ensuring vendors provide the proper export control classifications for products and services provided to ManTech on a weekly basis. We work with facilities and security departments making sure that, when we host foreign nationals, that they get screened properly. We work with operations and logistics departments, making sure when we ship items to U.S. troops abroad the product is properly marked and has the correct destination control statements for customs purposes. 

CW: What processes and procedures does ManTech follow to screen and conduct due diligence on its third parties? 

MA: We use an automated tool called Livingston. We screen customers and vendors weekly and have a few due diligences checklists and processes to minimize risk of doing business abroad.Livingston screens that every week making sure we don’t have a close match or a vendor that conflicts with the Denied Persons List.

CW: We are experiencing a very turbulent, uncertain time with the trade sanctions environment right now. How does ManTech keep up with it all?

MA: It has been a challenge keeping up with the changes. We have recurrent meetings with HR and supply-chain teams and other relevant functions within the company to review where compliance and export controls intersect with daily tasks. Trade compliance touchpoints include governance, denied parties, classification, license identification and management, internal safeguards, third party oversight and M&A due diligence. Each of us is required to attend two to three trainings a year to stay current with the export regulations. The most common conferences included in the requirements are the Society for International Affairs annual conference, and the export compliance training institute in Washington, D.C.


Maria Assusa became director of corporate export controls at ManTech International last year.
Prior to that, since 2016, she was trade compliance senior manager, UTC Climate, Controls & Security at United Technologies, responsible for verifying that business activities are fully compliant with International Trade Compliance (ITC) regulations. Assusa joined UTC in 2013 as senior international trade compliance manager, managing business unit agreement and license activity (both ITAR and EAR).
Prior to her time at UTC, Assusa was international trade compliance manager at BE Aerospace from 2007 to 2013.

CW: What sort of practical challenges does the current, turbulent trade sanctions environment create as it concerns ManTech’s assessment and management of risks? 

MA: The challenge is keeping up with the changes. Every week is something different. You can’t make changes to your policies every week. You have to make your policies flexible, make them broad enough that your employees know, when in doubt, to contact your trade compliance department. Right now, all the changes are very hard to keep track of. We subscribe to sanctions alerts and different e-mail alerts—there is a lot of reading. We just have to make sure we keep up on them and that we read all of the changes in the regulations. 

CW: Do you conduct risk assessments, or anything of that nature?

MA: We conduct annual risk assessments with our sites, customers, vendors, and freight forwarders. We have 50-plus sites, and every site is given a risk score and place in a unique tier: Tier I, II, III. For the ones that pose a high risk, internal audits are conducted on a yearly basis. The sites that are not high risk, we conduct audits every two years. 

Common questions included in the risk assessments include volume of exports and shipments, number of employees, trade compliance focal on site, size of the site, type of products and technology, customs bond, customs duties, past compliance history issues, management commitment, site training and awareness, maturity of written policies and procedures, etc.

CW: What are some lessons you have learned along the way that other export compliance professionals might find helpful in improving their own export compliance programs? 

MA: My background is in trade compliance. Before I came to ManTech in 2017 I served in a senior management role at United Technologies during the five-year consent agreement. As you might recall, UTC in 2012 paid a $75.7 million fine for export violations. One of the big lessons learned there concerns the importance of benchmarking. Companies want to keep proprietary information—and I think the best way to learn is to make sure you benchmark against similar industries, coming together at Compliance Week’s annual conference, for example. That’s a great way to learn, by listening to other peers speak about their experiences. 

Sharing information is also key. I think companies try to keep that information to themselves and not share it, but I think that’s a big mistake. I think sharing, talking about lessons learned, is useful for all companies. Companies are hesitant to share, but we should be doing the opposite.