Compliance Programme

Internal Compliance Programme (ICP) for Industry

Internal Compliance Programme (ICP) for Industry

The Guidelines: Internal Compliance Programme for Industry provides a comprehensive insight to the background of the required non-proliferation controls in the Republic of South Africa. It offers guidelines to industry for dealing with such controls, as applicable to the industry sector concerned, with the emphasis on practical and relevant measures. It consists of 2 parts, dealing with the following topics:

Part 2 of the Guidelines: Internal Compliance Programme for Industry provides guidelines on an Internal Compliance Programme (ICP), which is a voluntary programme to assist entities involved in controlled activities and goods in complying with South African Non-Proliferation and other related Legislation. A vital part of an ICP is the establishment of mechanisms within the business that provide checks and safeguards at key stages in a secure supply chain, helping to better manage the overall control process. Such checks and safeguards help to ensure that the right questions are being asked to preclude non-compliance. An ICP aims to instil a culture within Industry to "think non-proliferation control".

The ICP calls for commitment to compliance by entities whose activities are regulated by the Act and it offers guidelines for dealing with controls. The emphasis is on practical and relevant measures and aspects typical of quality management. By establishing a practical approach to non-proliferation, these guidelines should ease trade procedures, benefit the customer and help the entity involved in controlled activities or with goods that could contribute to WMD programmes, to proceed with confidence.

Part 1 deals with the following topics:

Information Guide on South African Non-Proliferation Policy, Legislation, Mechanisms, Processes and Procedures

The Information Guide, deals with:

  • Non-Proliferation, Disarmament and Arms Control Policy, Legislation and Control System;
  • International Non-Proliferation and Disarmament Treaties, Agreements and Control Regimes;
  • Controlled Activities and Goods; and
  • Non-Proliferation of weapons of mass destruction (WMD): Control Processes and Procedures.

These guidelines are for guidance only. It is not a statement of the law, and businesses should continue to seek their own legal advice on the application of legislation.

Part 1 can be viewed under Non-Proliferation Guide on this website.

3.1 Introduction
3.1.1 Elements of Internal Compliance Programmes (ICP)
3.2  ICP Element 1: Commitment to Compliance
3.3 ICP Element 2: Nomination of responsible personnel
3.4 ICP Element 3: Information and training
3.5 ICP Element 4: Internal compliance procedures
3.6 ICP Element 5: Handling of (suspicious) enquiries/orders
3.7 ICP Element 6: Record keeping
3.8 ICP Element 7: Provision for Audits
3.9 ICP Element 8: Integration with quality management practices
  Appendix A: Example of a of Compliance Commitment Statement by Management
  Appendix B: Useful References
  Appendix C: Illustrated Examples for Compiling and ICP
  Appendix D: Indicators of Suspicious Enquiries/Orders
  Appendix E: Proposed Checklist for Audit of ICPs   
  Annexes Guidelines: Internal Compliance Programme For Industry
  Annexure 1: A Glossary of Terminology
  Annexure 2: Abbreviations
  Annexure 3: South African Non-Proliferation of WMD Legislation as well as other relevant SA legislation

Non Proliferation Information Guide

Top of Page

3.1 Introduction
Information so far provided in this Guide aims to promote effective compliance with legislation and Government policy in respect of the non-proliferation of weapons of mass destruction and their means of delivery.  The guidance for Industry compliance, given in this section, provides principles and guidelines that facilitate and accelerate the implementation of South Africa’s policy and legislation on non-proliferation, including South Africa’s international obligations and commitments in a meaningful and sustainable manner.

This guidance for Industry calls for commitment to compliance by entities whose activities are regulated by Non-Proliferation Legislation, and guidelines are offered for dealing with controls. The emphasis is on practical and relevant measures and aspects typical of quality management.  This Guide should ease trade procedures, benefit the customer and help the exporter to proceed with confidence, in the knowledge that he is not contributing to proliferation. 

It should also help the exporter to overcome possible pitfalls posed by embargoes by the United Nations Security Council, as well as South African restrictions on the manufacture, trade in or transfer of controlled activities or goods, including restrictions in respect of countries and entities of proliferation concern.  This should enhance international operations and trade in that companies take note of and comply with South African national interests and international obligations, norms and best practice.

It is recommended that companies, on a voluntary basis, issue and implement their own internal compliance programmes in this regard.  An ICP is not only for large businesses and ”small” businesses could implement simplified ICPs.

Top of Page
3.1.1 Elements of Internal Compliance Programmes (ICP)

Elements of an ICP to be covered by documented procedures, which are described below, are:

  1. Commitment to Compliance;

  2. Nomination of responsible personnel;

  3. Information and training;

  4. Internal compliance procedures;

  5. Handling of (suspicious) enquiries/orders;

  6. Record keeping;

  7. Provision for Audits; and

  8. Integration with quality management practices.

Top of Page
3.2 ICP Element 1: Commitment to Compliance
It is recommended by the NPC that every person (business) involved in controlled activities make a written commitment to comply with South African Non-proliferation Legislation.

This commitment to comply could be captured in a Statement or Declaration of Intent by the chairperson or chief executive of the entity, involved in or intending to become involved in any activity that is controlled by the Act. This Statement should be submitted to the NPC and should also be made visible to all employees, especially those affected by the control measures. 

The objective of this commitment is to clarify the policy of the business on non-proliferation issues and to underline the importance of effective compliance procedures.  Senior management can raise awareness, at all levels, by summarising briefly the business requirements, the strategic environment and the principles of non-proliferation controls.

By demonstrating their commitment to compliance they also strengthen the position of those charged with administering non-proliferation compliance programmes.

The statement may be general or specific in form but it could signal commitment to compliance with the applicable Legislation and Policy.

Appendix A to Part 3, gives an example of a statement or commitment that could be made by management.  It is not intended as a pro forma and businesses may wish to express their commitment according to their own style and circumstances. Persons that issue such a statement should circulate it widely to all staff, partners and associates and any sub-contractors that are involved in or intending to become involved in any controlled activity.

Top of Page
3.3 ICP Element 2: Nomination of Responsible Personnel
In terms of ICP Element 2, every person (business) involved in controlled activities should nominate a staff member responsible for ensuring compliance with non-proliferation policy and legislation, within the business. 

The objective of this element is to ensure a clear line and definition of responsibilities within the business in terms of its compliance with Legislation and Policy.  The chairperson or chief executive officer or equivalent within the business must appoint a staff member to be responsible for compliance.  All employees should be aware of the organisation’s control policy, mechanisms and procedures. All the entity’s partners / associates and sub-contractors should be made aware of the appointment. 

The statement of compliance (see ICP Element 1 and Appendix A of Part 3) should include the name of the responsible staff member.  This may be supplemented by an organisational chart, which sets out each element of delegated responsibility, giving details of the post (and individual) to which it is delegated. Individual job descriptions should, where appropriate, specify responsibilities in relation to controls.

Top of Page
3.4 ICP Element 3:   Information and Training
Each person (business) involved in controlled activities should establish clear procedures for acquiring, keeping and disseminating information on such activities.  The training needs of staff at all levels in relation to non-proliferation controls should be assessed and fulfilled. The NPC will, from time to time, present training sessions for persons involved in controlled activities or who are responsible for compliance programmes or who are involved in internal control processes and procedures.

The NPC may also, for specified reasons, require entities who are involved in controlled goods and activities, to complete a training course, the content and outcome of which shall be determined by the NPC.

Entities involved in controlled activities or goods should develop awareness among business’ employees of the necessity for compliance with Non-proliferation Policy and Legislation.

The objective of this element is to ensure that entities are aware of all information relating to controls, including training material, and that they have adequate procedures in place to inform and train personnel. It is advisable that all employees receive on an annual basis (or more frequent if required) a general update on the general provisions of your business’ ICP.

It is essential to obtain and to keep up to date with relevant policy, legislation and guidelines. It is advisable to maintain a reference list of sources of information and contacts.

Procedures should be in place for acquiring details of changes/updates to policy and legislation and distributing it to relevant personnel.

Internal Non-Proliferation control training requirements for all levels of personnel should be identified and appropriate training programmes developed.

The NPS will also, as part of its outreach programme, present regular (once per year) or on-request, training courses/briefings on developments within the non-proliferation environment.

See Appendix B to Part 3, for lists of useful contact references.

Top of Page
3.5 ICP Element 4:  Internal Compliance Procedures
Persons (businesses) involved in a controlled activity and or with controlled goods should draw up and operate effective non-proliferation control compliance procedures that are applicable to the entity concerned and reflect as far as possible the best practices illustrated in this guide.

The objective of internal compliance procedures is to promote effective and appropriate procedures for processing enquiries/orders in accordance with relevant control requirements. This ICP encompasses guidelines for internal procedures, based on existing best practice.  It highlights the issues that need to be addressed by means of a checklist. 

The stages detailed could include

  1. Establishing whether the entities’/person’s  activities and or goods are controlled, and if so, whether the entity is registered with the NPC; 

  2. Establishing what type of authority or permit would be required in regard to the abovementioned activities;

  3. Registration of a entity/person and/or contractors or sub-contractors, as well as establishing the control status of goods;

  4. End-use/ End-User obligations;

  5. The vetting of customers (see also suspicious enquiries/orders in ICP 5);

  6. The process of permit applications;

  7. Transfers; and

  8. Freight-forwarding/Transporting (International Commercial Terms [Incoterms]);

  9. Appropriate safety and security measures; and

  10. Keeping of records.

Key features of best practice are:

  1. A considered plan of what is needed for compliance;

  2. Clear and simple procedures appropriate to the business' structure and integrated with the business’ functions;

  3. Comprehensive coverage, detailing requirements of all relevant activities related to controlled activities and or controlled goods; and

  4. Adequate documentation in place (in line with other quality management initiatives).

    5. Each of the control areas has unique requirements and therefore unique processes and procedures. See Appendix C to Part 3 for a proposed generic model.

Top of Page
3.6 ICP Element 5:  Handling of (Suspicious) Enquiries/ Orders
Persons (businesses) involved in controlled activities should develop awareness among employees to help in identifying suspicious enquiries/orders. Where there is doubt about the bona fides of an enquiry/order; the entity should consult with the NPS.

The objective of this element is to enable entities/persons to protect themselves by avoiding involvement in activities that may be against any South African Non-Proliferation of WMD legislation. Indicators are made available to help in assessing customers and orders that may be unusual and carry possible risks, for example:

  1. The diversion from the stated end-user to another end-user, possibly in another country, who may be engaged in a programme to acquire weapons of mass destruction;

  2. The diversion from the stated end-use(r) to another end-use(r); and

  3. The diversion to a destination subject to a United Nations arms embargo.

The vast majority of your business’ customers would be legitimate. Some customers may emerge, whose intent is to procure or divert controlled goods and activities for WMD programmes. They may attempt to obtain services or assistance from your business for prohibited activities (such as proliferation of weapons of mass destruction) or to countries or entities (companies and/or non-State actors) of proliferation concern.

There may be occasions when the nature or circumstances of an enquiry or order lead you to doubt the bona fides of the customer. This may be an international customer or a South African based customer known, or thought, to be planning to export and or source controlled goods or controlled activities to support WMD programmes.

By notifying the appropriate control authorities of their suspicions, businesses can obtain advice and guidance on the basis of comprehensive information available to the NPS.  Industry can also contribute information to the NPS that may prevent the trade in controlled goods and services. This information could include notification of suspicious requests for co-operation, as well as visits to and training at premises of industry where controlled activities take place.

Staff needs to be aware of these indicators, see Appendix D to Part 3.

Top of Page
3.7  ICP Element 6:  Record Keeping
Persons (businesses) involved in controlled activities, are required by legislation (Act, Regulations and Notices) to maintain records of all controlled activities.

The objective of record keeping is to ensure that traceable records of activities and goods are maintained for a period of at least five years so that queries about any activity or goods subject to control may be readily checked and an adequate audit trail maintained.

To facilitate record keeping, your business should consider establishing a policy for maintaining and storage of records. This policy or operational procedure should address the minimum time that records should be kept, the method of safe keeping, as well as where records will be kept.

The processing system should be reviewed to ensure a logical sequence for recording controlled activities.

See also Appendix C to Part 3. 

Top of Page
3.8 ICP Element 7:  Provision for Audits
Persons (businesses) should establish a programme of regular audits of the system in order to ensure compliance with non-proliferation control measures.

The objective of audits is to maintain standards set in compliance procedures through periodic appraisal.  According to the size and complexity of the business, the audit may be a self-auditing procedure carried out according to a simple checklist of questions or it may be delegated to a central internal auditing function. 

It is recommended that the sales/marketing section do not perform the audit.

See Appendix E to Part 3.

Top of Page
3.9 ICP Element 8:  Integration with Quality Management Practices
Persons (businesses) involved in controlled activities and controlled goods should ensure that procedures and practices for dealing with Non-Proliferation policy and legislation are fully integrated with quality management systems that may apply to them.

The objective of this element is to ensure that within quality management practices, Non-Proliferation related control compliance procedures are treated in the same manner and with equal emphasis, as other business procedures. To this end quality managers should be briefed on the Guidelines of the ICP.

Legal Disclaimer |  Back to top

Home |  About us |  Contact us |  Policy |  Legislation |  Registration |  Permits & Procedures |  Permit Applications |  End User Certificate |  Non-Proliferation Information Guide |  Compliance Programme |  Links |  CWC Inspections |  Other Control Authorities |  Information Security |  United Nations Security Council | 
the dti