Vol. 150, No. 14 — July 13, 2016

Registration

SOR/2016-201 June 22, 2016

DEFENCE PRODUCTION ACT

Regulations Amending the Controlled Goods Regulations

P.C. 2016-628 June 21, 2016

His Excellency the Governor General in Council, on the recommendation of the Minister of Public Works and Government Services, pursuant to section 43 (see footnote a) of the Defence Production Act (see footnote b), makes the annexed Regulations Amending the Controlled Goods Regulations.

Regulations Amending the Controlled Goods Regulations

Amendments

1 (1) The definition visitor in section 1 of the Controlled Goods Regulations (see footnote 1) is replaced by the following:

visitor means an individual — other than an international student — who is not an officer, director or employee of a person registered under these Regulations and who is not

(2) Section 1 of the Regulations is amended by adding the following in alphabetical order:

business day means a day other than a Saturday or a holiday. (jour ouvrable)

international student means an individual who is authorized by a study permit or by the Immigration and Refugee Protection Regulations to engage in studies in Canada and who is not an officer, director or employee of a person registered under these Regulations. (étudiant étranger)

2 The heading “Registration” before section 2 of the Regulations is replaced by the following:

Registration and Registered Persons

3 (1) Paragraphs 3(d) to (f) of the Regulations are replaced by the following:

(2) Paragraph 3(i) of the Regulations is replaced by the following:

4 The Regulations are amended by adding the following after section 3:

3.1 The application shall be accompanied by the consent of the following individuals to a security assessment to be conducted by the Minister in accordance with section 15, including their consent to the disclosure of their personal information to — and its use by — Canadian government entities and credit reporting agencies for the purpose of that assessment:

5 Section 4 of the Regulations is replaced by the following:

4 In deciding whether to register an applicant, the Minister shall assess, based on the security assessments referred to in section 3.1 and any other information obtained in respect of the applicant, the extent to which the applicant poses a risk of transferring a controlled good to a person who is neither registered nor exempt from registration.

6 Section 9 of the Regulations is replaced by the following:

9 (1) Every applicant and registered person shall advise the Minister of any change in any of the information contained in or accompanying the application for registration within ten business days after the day on which they become aware of the change.

(2) A registered person shall, by the later of 32 business days before the date of an acquisition or one business day after the day on which they become aware of an acquisition, advise the Minister of the name and address of any person that will, as a result of the acquisition, own 20% or more of the outstanding voting shares or interests of the business.

7 (1) Paragraph 10(b) of the Regulations is replaced by the following:

(2) Paragraph 10(c) of the French version of the Regulations is replaced by the following:

(3) Paragraph 10(d) of the Regulations is replaced by the following:

(4) Subparagraph 10(e)(iii) of the French version of the Regulations is replaced by the following:

(5) Paragraph 10(h) of the Regulations is replaced by the following:

(6) Section 10 of the Regulations is amended by adding “and” at the end of paragraph (i) and by adding the following after that paragraph:

8 Sections 11 and 12 of the Regulations are replaced by the following:

11 An applicant for registration or a registered person may propose to appoint as a designated official only

12 (1) A registered person shall ensure that a designated official is subjected to a security assessment in accordance with section 15 before their appointment and at least once every five years.

(2) An individual in respect of whom a security assessment is required under subsection (1) shall provide their consent to the security assessment, including their consent to the disclosure of their personal information to — and its use by — Canadian government entities and credit reporting agencies for the purpose of that assessment.

(3) The Minister shall, on the basis of the security assessment, accept or reject the individual as a designated official and shall notify the registered person of the acceptance or the reasons for rejection.

9 Section 13 of the Regulations is replaced by the following:

13 Every registered person shall ensure that the designated official

10 Sections 14 and 15 of the Regulations are replaced by the following:

14 (1) The registered person shall be bound by the decision of the designated official under subparagraph 13(a)(v).

(2) An authorization by the registered person applies to an officer, director or employee only when that individual is acting in the course of their duties with the registered person.

Security Assessments

15 (1) The Minister shall conduct a security assessment in respect of all proposed designated officials and all individuals referred to in paragraphs 3(d) and (i), and the designated official shall conduct a security assessment in respect of all officers, directors and employees referred to in paragraph 13(a), having regard to the information provided under subsection (4).

(2) In conducting the security assessment, the Minister may also have regard to other information provided by any person and the designated official may have regard to other information provided by the Minister if the Minister or the designated official, as the case may be, has reasonable grounds to believe that the information is necessary to determine the extent of the risk referred to in subsection (3).

(3) The purpose of the security assessment is to determine the extent to which the individual being assessed poses a risk of transferring a controlled good to a person who is neither registered nor exempt from registration.

(4) The individual who is the subject of the security assessment shall provide the Minister or the designated official, as the case may be, with the following information and, on request, any additional information or evidence that the Minister or the designated official requires to verify it:

(5) An individual who is or has been the subject of a security assessment shall advise the Minister or the designated official, as the case may be, of any change concerning their criminal history within five business days after the day on which the change occurs.

(6) The Minister or the designated official, as the case may be, shall reconduct a security assessment if new information is received or if there are other reasonable grounds for doing so.

15.1 (1) If a request is made to the Minister under subparagraph 13(a)(iii), the Minister shall conduct the security assessment of the individual concerned in accordance with section 15.

(2) The Minister shall advise the designated official of his or her recommendation respecting the extent to which the individual concerned poses a risk of transferring a controlled good to a person who is neither registered nor exempt from registration and the extent to which, in the Minister’s opinion, the individual ought to be authorized to examine, possess or transfer controlled goods.

11 Section 17 of the Regulations is replaced by the following:

17 A temporary worker, international student or visitor is eligible for exemption from registration only if a registered person submits to the Minister an application on their behalf in accordance with section 18.

12 Sections 18 and 19 of the Regulations are replaced by the following:

18 A registered person may apply to exempt a temporary worker, international student or visitor from registration by sending to the Minister, on a form supplied by the Minister, an application that contains

18.1 (1) An application for exemption from registration shall be accompanied by the consent of the temporary worker, international student or visitor to a security assessment to be conducted in accordance with section 19, including their consent to the disclosure of their personal information to — and its use by — Canadian government entities for the purpose of the assessment, as well as a copy of their valid passport.

(2) In the case of a temporary worker or international student, the application shall also be accompanied by their consent to the disclosure of their personal information to — and its use by — credit reporting agencies for the purpose of the security assessment, as well as

(3) The temporary worker and the international student shall, on request, provide the designated official with any additional information or evidence that the designated official requires to verify the information provided under subsection (2).

Security Assessments for Temporary Workers, International Students and Visitors

19 (1) The Minister shall conduct a security assessment in respect of all temporary workers, international students and visitors in respect of whom an application for exemption from registration has been made under section 18, having regard to the information provided under section 18.1 and any other information that the Minister has reasonable grounds to believe is necessary to make a decision under section 20.

(2) The purpose of the security assessment is to determine the extent to which the individual being assessed poses a risk of transferring a controlled good to a person who is neither registered nor exempt from registration.

(3) The registered person shall advise the Minister of any change in any of the information contained in or accompanying an application for exemption within five business days after the day on which the change occurs.

(4) The Minister shall reconduct a security assessment if new information is received or if there are other reasonable grounds for doing so.

13 Section 20 of the Regulations is replaced by the following:

20 The Minister shall, on the basis of the security assessment conducted under section 19, decide whether to approve or deny the application for exemption from registration.

14 Section 21 of the Regulations is replaced by the following:

21 (1) If the Minister approves an application for exemption, the Minister shall provide a certificate of exemption from registration to the registered person that sets out the period for which the exemption is valid and any conditions under which the temporary worker, the international student or the visitor concerned may examine, possess or transfer controlled goods.

(2) The registered person shall provide the temporary worker, the international student or the visitor with a copy of the certificate.

15 The heading before section 25 and sections 25 and 26 of the Regulations are repealed.

16 Section 27 of the Regulations is replaced by the following:

27 (1) If the Minister has reasonable grounds to believe that a registered person or an exempt individual poses an undue risk of transferring a controlled good to a person who is neither registered nor exempt from registration, the Minister shall suspend the registration or the exemption.

(2) The Minister shall revoke the registration or the exemption if he or she determines that the registered person or the exempt individual poses an undue risk of transferring a controlled good to a person who is neither registered nor exempt from registration and that

(3) The Minister shall reinstate the registration or the exemption if, within 30 days after the date of the notice of suspension or revocation, the registered person makes representations to the Minister that satisfy him or her

(4) If the registered person does not, in the case of a suspension, meet the requirements of subsection (3), the Minister shall revoke the registration or the exemption.

(5) The Minister shall provide to the registered person notice with reasons of any decision to suspend or to revoke a registration or exemption, or not to reinstate a revoked registration or exemption despite representations being made, as well as notice of any decision to reinstate a registration or exemption.

(6) The registered person shall, within one business day after the day on which they receive a notice from the Minister concerning the exemption of a temporary worker, international student or visitor, provide to that individual a copy of the notice.

Coming into Force

17 These Regulations come into force on the day on which they are registered.

REGULATORY IMPACT ANALYSIS STATEMENT

(This statement is not part of the Regulations.)

Background

Controlled goods are items specifically designed or modified for military use, including components or technologies (e.g. technical documentation and data, blueprints, etc.); they include, among other things, items such as anti-tank weapons, bombs, torpedoes, mines, missiles, military vehicles (tanks), vessels (submarines), combat aircraft, and chemical, biological and radioactive material used for military purposes. The Controlled Goods Program (the Program), created in April 2001, is a domestic industrial security program administered by the Department of Public Works and Government Services (PWGSC or the Department). The objective of the Program is to safeguard controlled goods within Canada, prevent controlled goods from being accessed by unauthorized persons, and strengthen Canada’s defence trade controls. The Program supports Canada’s national security framework by preventing the domestic proliferation of tactical and strategic goods (including technologies). It regulates the possession, examination, or transfer of controlled goods, including the defence articles contained in the United States Munitions List (USML) to the International Traffic in Arms Regulations (ITAR).

The Controlled Goods Regulations (the Regulations), made pursuant to the Defence Production Act, were registered on January 9, 2001, and came into force on April 30, 2001. The Regulations require individuals and companies that possess, examine or transfer controlled goods in Canada to register with the Program. The Program conducts security assessments of the applicant’s designated official (i.e. the company-appointed official who is responsible for performing the security assessment of employees), conducts inspections to ensure compliance with the Regulations, and grants exemptions to visitors, temporary workers and international students.

In 1954, the United States (the U.S.) instituted the ITAR to implement provisions of the U.S. Arms Export Control Act to control the export and import of defence-related articles and services specified on the USML. For practical purposes, the ITAR prohibits the sharing of information and materials on the USML with non-U.S. persons without authorization from the U.S. Department of State or without an exemption. From the inception of the ITAR, Canada was the only country to benefit from exemptions allowing for the licence-free transfer of certain defence articles between the countries. Canadian defence industries benefited from the Canadian exemptions, as these exemptions placed them on a quasi-equal footing with their U.S. counterparts and resulted in significant economic benefits from reduced export paperwork and approval timelines. In 1999, the U.S. unilaterally revoked the Canadian exemptions due to increased security concerns regarding the risk of diversion of defence articles for criminal or terrorist aims. Although the U.S. reinstated most of the pre-1999 ITAR exemptions with the implementation of the Program, they maintained the access restriction by certain individuals with dual nationality and nationals from developing countries. Under this restriction, an end-user was prohibited from access to an ITAR-controlled good if he or she maintained citizenship of a proscribed country listed under the ITAR (e.g. North Korea, Iran, Sudan, Venezuela, etc.).

The application of the “dual national rule” caused various human rights complaints to be brought against employers in Canada who were denying access to ITAR-controlled articles based on an individual’s nationality, as the Canadian Charter of Rights and Freedoms protects individuals from discrimination based on nationality. In 2007, the Minister of PWGSC (the Minister) was given the lead to address this issue and began discussions with U.S. counterparts to identify solutions. In August 2011, an “Exchange of Letters” between PWGSC and the U.S. Directorate of Defense Trade Controls was signed. As described below, the Exchange of Letters served, in part, to resolve the dual national issue.

The pre-9/11 security environment in which the Program was created has also evolved. There is now increased security awareness of the risks posed by the diversion of military and strategic technology to support criminal and terrorist threats. In 2009, a threat and risk assessment identified potential security gaps in the Program. Concurrently with the exchanges with the U.S. Directorate of Defense Trade Controls on resolving the dual national issue, PWGSC developed the Enhanced Security Strategy (ESS). The purpose of the ESS was to address the security gaps identified through the risk assessment while fulfilling the commitments made through the Exchange of Letters. In signing the Exchange of Letters, the Directorate of Defense Trade Controls acknowledged that the enhancements to the Program made as part of the ESS satisfied the ITAR requirements for the screening of significant and meaningful associations and travel [i.e. under section 126.18(c)(2) of the ITAR rule]. This in effect resolved the issue of individuals with dual nationality and nationals from developing countries.

Enhanced Security Strategy — Phase I

The implementation of the ESS was divided into two phases, the first of which was initiated in October 2011. Security and business enhancements brought to the Program through Phase I of the ESS were implemented under existing authorities and did not require immediate amendments to the Defence Production Act or to the Regulations. ESS — Phase I improvements included the following:

  1. Increased efficacy of the Program registration process. This was achieved by
    • increasing the assessment of ownership, including foreign ownership, by requiring owners with 20% or more of voting shares to submit a completed Security Assessment Application Form as part of the registration application process; and
    • requiring authorized individuals (i.e. the individual authorized by the applicant who signs to confirm that the application for registration of a person is accurate and complete) to submit a completed Security Assessment Application Form as part of the registration application process.
  2. Tightened security assessment procedures for both government and industry. This was achieved by
    • standardizing the security assessment procedures, such as developing a new Security Assessment Application Form and mandating that it be used by designated officials as part of the security assessment of employees;
    • applying a standardized risk matrix assessment tool across the board for all Program registrants;
    • creating a certification program for industry officials who are responsible for security assessments within their organization (i.e. designated officials);
    • requiring that designated officials submit fingerprint results as part of the application process;
    • increasing support provided to designated officials in the security assessments of moderate- and high-risk employees;
    • ensuring that students who access controlled goods undergo security assessments;
    • increasing the checks on temporary worker exemption applications by referring tombstone information (e.g. name, address, telephone number, etc.) to security and intelligence partners; and
    • acquiring an analytical tool to evaluate additional security assessment-related information, to analyze information received from security and intelligence partners, and to exchange information with these partners.
  3. Augmented compliance-related activities. This was achieved by
    • increasing Program capacity and outreach efforts to promote compliance, including telephone pre-inspection coaching and conducting a complete internal review of the compliance inspections processes; and
    • adding the requirement for the security plans of registrants to include transportation and cyber security considerations.
  4. Implemented structural and operational elements in support of the strategy. These included
    • creating three new divisions: Program Management and Learning Division (responsible for the certification program and external communications), Strategic Initiatives Division (responsible for liaising with the U.S. on export control and ITAR issues, drafting policy guidance, and amending the Regulations), and Intelligence and Analysis Unit (which liaises with security and intelligence partners and analyzes high-risk files); and
    • increasing capacity in the Operations Division to process additional security assessments (i.e. assessments of the authorized individuals and owners).

In addition to the steps taken under the ESS — Phase I, it was determined that three additional elements of the ESS required regulatory amendments for the Program to be implemented as intended. These amendments were deferred to ESS — Phase II. More specifically, ESS — Phase II amendments

Issues

Although the Defence Production Act and the Regulations provided the initial statutory and legal authority for ESS — Phase I, PWGSC determined that it would be beneficial to further clarify certain elements in regulations. More specifically, the Regulations did not specify that the authorized individual (i.e. the individual who is responsible for signing and submitting the application for registration and renewal) and the owner(s) must undergo a security assessment, nor did they specify who is responsible for conducting that assessment. Furthermore, the information requested as part of a security assessment was not fully described under section 15 of the Regulations. Although subsection 15(6) provided that the Minister may take into consideration other information provided by a person, it did not state what this information could be. This lack of clarity under the Regulations was problematic for industry in some instances, particularly in regard to industry’s ability to demonstrate compliance with Program requirements.

Further, the operational requirement that the designated official undergo certification was not included in the Regulations. Moreover, the Regulations did not include the requirement for the designated official to refer high-risk employees to the Program for further assessment. These fundamental elements of the ESS merited inclusion and clarification in the Regulations.

As described below, three ESS — Phase II activities required regulatory authority in order to be implemented. Two of these activities represented a minor change to existing practices, while the third built on existing record-keeping requirements.

(1) Enable the Minister to provide a recommendation to the designated official for high-risk employees

Although designated officials submit high-risk employee security assessments to the Program for further checks with security and intelligence partners, the Minister did not have the authority to make a recommendation to the designated official based on the findings of the additional security checks, nor did the Minister have the authority to require the designated official to consider the recommendation when deciding whether or not to grant the high-risk employee access to controlled goods. The Program communicated that the security assessment conducted by the designated official was either supported (i.e. confirmed) or not supported (i.e. could not be substantiated). Program stakeholders communicated that responses by the Program were not clear and that a recommendation would be more appropriate in supporting the designated official’s final determination.

(2) Obtain the consent of the individual in the visitor exemption process

Under the Regulations, an application to exempt a visitor from registering in the Program is submitted by the registered person on behalf of the visitor, but the Regulations did not specify that a security assessment is to be conducted, nor did they specify that the consent of the visitor is required for a security assessment. Consent is required for the Program to be able to consult security and intelligence partners regarding the security assessment, and the requirement for consent had to be specified in regulations.

(3) Require registrants to submit a list of all individuals who have undergone a security assessment

Another commitment made as part of the ESS was to collect information with regard to individuals who have access to controlled goods. The intent is to create a repository of information to facilitate exchanges with security and intelligence partners and, if necessary, to assist the Royal Canadian Mounted Police during the investigation of security breaches relating to controlled goods. Under the Regulations [paragraph 10(b)], registrants must maintain records of security-assessed individuals authorized to access controlled goods. Paragraph 10(i) further stipulates that these records must be made available to the Minister at any reasonable time. However, the Program could not request registrants to submit this information in a list format on a (routine) biannual basis.

In addition to these three ESS — Phase II elements, regulatory amendments also address recommendations made by the Standing Joint Committee for the Scrutiny of Regulations, which had expressed concerns regarding the powers of the Minister under section 27, and the use of the phrase “without delay.” The Department had agreed to address these issues by clarifying the circumstances under which the Minister could suspend, revoke, or re-instate a registration or exemption, and by prescribing time frames.

Objectives

The Regulations Amending the Controlled Goods Regulations were made pursuant to the Defence Production Act. This initiative consolidates existing requirements in the Regulations to add clarity and addresses remaining security gaps that have been identified.

The amendments address the issues identified above, complete the implementation of the ESS and respond to the concerns raised by the Standing Joint Committee for the Scrutiny of Regulations. Specifically, the amendments achieve the following objectives:

  1. Reflect and clarify in the Regulations the Program practices implemented in Phase I of the ESS.
  2. Address the three ESS — Phase II activities that required regulatory authority in order to be implemented.
  3. Address the concerns raised by the Standing Joint Committee for the Scrutiny of Regulations.

The amendments to the Regulations strike a balance between supporting Canada’s national security objectives, fulfilling the commitments made to the U.S. Department of State by PWGSC in the 2011 Exchange of Letters, maintaining the competitiveness of Canadian industry, and addressing framework gaps.

Description

A brief summary of the key elements contained in the amendments to the Regulations follows:

(1) Reflect and clarify in the Regulations Program practices implemented in Phase I of the ESS

In order to prevent the unauthorized diversion of controlled goods domestically and to effectively support the national security framework, persons who require access to controlled goods must be (i) registered with the Program, (ii) exempt from registration, or (iii) excluded. The information required in applying for registration or renewal is stipulated in section 3 of the Regulations. This section was amended and a new section (3.1) was added to reflect the following additional information required from businesses or individuals filing an application for registration or renewal:

The above-mentioned security assessments are conducted by the Minister. These practices were implemented in October 2011.

Since individual applicants are security-assessed by the Minister, the Regulations now clarify that there is no requirement for an individual applicant to appoint a designated official, or for the individual applicant to undergo certification.

Security assessments evaluate the risk that an individual may pose in terms of the unauthorized transfer of controlled goods. The Regulations now further clarify processes that were implemented in October 2011 as part of Phase I of the ESS. More specifically, there are two “types” of security assessments described in the Regulations under sections 15 and 19; both sections have been expanded to include additional security-related risk factors. Section 15 concerns the assessments conducted by both the Minister and the designated official (i.e. the assessments of the authorized individual, owners with 20% or more of the voting shares, and the designated officials are conducted by the Minister, while the assessments of officers, directors, and employees are conducted by the designated official). Section 19 applies to assessments conducted by the Minister only in the context of applications for exemptions from registration.

A. Security assessments conducted as per section 15 of the Regulations now include the assessment of

The amendments clarify that individuals who are the subject of the above-mentioned security assessment are required to provide to the designated official or the Minister, as the case may be, for the purposes of establishing their identity, a copy of the following:

The Regulations now include the conditions when security assessments could be referred to security and intelligence partners for further verifications. The Regulations specify that high-risk security assessments of individuals conducted by the designated official are to be referred to the Minister for additional security checks with security and intelligence partners. Assessing risk is performed on a case-by-case basis, following an assessment of the following parameters: personal information, criminal history, travel history, financial risk, significant and meaningful associations, and specific charges or convictions.

Security assessments conducted under section 15 are valid for a period of up to five years. Given this, the Regulations now specify that the record retention requirement is to keep and maintain only the most recent security assessment. This measure is intended to relieve some of the burden on registrants vis-à-vis the regulatory requirement to maintain records of security assessments during the period of an individual’s employment.

B. Assessment conducted under section 18 of the Regulations — Temporary workers, international students, and visitors

A registered person can apply to the Minister to exempt a temporary worker or a visitor. Regulations now include a distinct provision for international students. An international student is now defined as a person who is authorized by a study permit or by the Immigration and Refugee Protection Regulations to engage in studies in Canada and is not a director, officer or employee of a registered person. Further to the information requested in section 18, the Regulations now stipulate the requirement for consent to the security assessment by the international student and visitor, and, in the case of an international student, the following documents are to be requested by the designated official: a copy of the student’s valid study permit, a letter from the academic institution at which they are authorized to study indicating that the work they are doing for the registered person is integral to those studies (if applicable), copies of all identity documents issued to them by the Government of Canada or any of its provinces, and the original results of a country-wide criminal record check from each country other than Canada that they have resided in during the five-year period immediately before the date of their consent to the security assessment. The last two of these elements apply to temporary workers as well.

A record-keeping requirement for visitor exemptions is also included in the Regulations to align them with operational procedures. These records have to be maintained by the registered person until two years after the day on which the visitor ceases to carry out their duties.

Designated officials are responsible for the security assessment of officers, directors and employees within the registered entities and are the primary point of contact between Government and industry. In light of the importance of the designated official’s role in this partnership, the Regulations now include the requirement for them to obtain and maintain any certification required by the Minister.

(2) Address the three ESS — Phase II activities that required regulatory authority in order to be implemented

The Regulations now require registered persons to submit to the Minister the following information for all individuals who have been security-assessed by a designated official over the last six months: full name, date of birth, and whether the individual was authorized to access controlled goods. Although registered persons had to make this information available to the Minister during compliance inspections or upon request, this systematic reporting requirement facilitates the Department’s responsiveness during investigations or when addressing reported security breaches. This requirement also supports the registrant by ensuring that any new or previously unknown risks concerning an unauthorized diversion of controlled goods are mitigated through increased information sharing between the Government and industry.

Similarly, the amendment was necessary to require that consent be obtained from any visitor to have their name referred to security and intelligence partners as part of the exemption process, which allows for a more thorough assessment of an individual in a position to access a registrant’s controlled goods.

The amendments to the Regulations now enable the Minister to make a recommendation to the designated official in instances where a security assessment of a high-risk individual is referred by the designated official for further verifications. The designated official is now required to consider this recommendation in his or her assessment. The final decision of whether or not to grant access to an employee, director, or officer remains with the designated official. This amendment is intended to better support the designated official in his or her functions by providing access to additional information (through the Minister), which facilitates and substantiates a thorough decision.

(3) Concerns of the Standing Joint Committee for the Scrutiny of Regulations

Clarifying the decisional criteria for the revocation and suspension of registrations and exemptions

The Regulations detail the provisions for suspensions and revocations of registrations and exemptions from registrations, as well as define the circumstances under which the Minister would consider a suspension or revocation. The Regulations were amended to clarify the criteria for suspensions and revocations (section 27) as follows:

Clarifying the decisional criteria for the reinstatement of a suspended registration or exemption

The Regulations were amended to better articulate how the decision is made to reinstate a suspended or revoked registration or exemption. In addition, the discretionary power of the Minister was removed as it pertains to reinstatement of a suspension or revocation in circumstances where there are no longer grounds for the suspension or the revocation was unfounded [i.e. the replacement of “may” with “shall” in subsection 27(3)]. The amendments reflect current practice with respect to suspensions and revocations.

Specifying a time period to replace the phrase “without delay”

Section 40 of the Defence Production Act requires information to be provided to the Minister “in the manner and time prescribed by regulation.” Amendments have prescribed a time frame for all relevant sections of the Regulations:

While other sections containing “without delay” were not identified by the Standing Joint Committee for the Scrutiny of Regulations, amendments to the following subsection have been made, and specific time frames provided, for clarification and consistency:

Regulatory and non-regulatory options considered

The options outlined below provide an overview of the alternatives that were considered.

Option 1: Leave the Regulations in place (i.e. maintain the status quo)

The status quo was not considered to be a viable option. The previous regulatory requirements did not fully address certain activities required to address potential security gaps. Furthermore, the Standing Joint Committee for the Scrutiny of Regulations recommendations could only be addressed through regulatory amendments.

Option 2: Address the identified issues in policy

Phase I of the ESS was implemented through policy and operational changes. However, following an assessment of the various elements and possible gaps that were identified, it was determined that a clear regulatory framework for registrants that incorporates all regulatory obligations was necessary in order to administer the Program as intended. Additionally, elements from ESS — Phase II and the recommendations of the Standing Joint Committee for the Scrutiny of Regulations could not be addressed in policy. This option would not have permitted the completion of the strategy.

Option 3: Amend the Regulations to include enhanced requirements (chosen option)

Amending the Regulations has allowed the Department to meet the objectives stated above while enabling the Program to deliver on its mandate to safeguard controlled goods against unauthorized transfer.

Benefits and costs

Stakeholders of the Program include firms or associations involved in the aerospace, defence, satellite and security sectors; sole proprietors; consultants; academic institutions; and museums. While the list of Program stakeholders is extensive, the Canadian aerospace, defence and security industries constitute the “principal” stakeholder group. The companies from these industries represent the largest percentage of registrants and are considered to be the Program’s main clients. There are also a number of government departments who either use controlled goods (for example the Department of National Defence) or are impacted by national security considerations.

PWGSC is aware of the need to weigh the consequences of any change on industry while ensuring national security concerns are fully met. Below is a short analysis of the estimated costs and qualitative impacts (positive and negative) by stakeholder group. It should be noted that no new costs are anticipated for the Canadian public or government as a result of the regulatory amendments. Any costs associated with new activities are strictly limited to the registrant’s time in obtaining a signature (in the case of visitor exemptions), considering the Minister’s response (in the case of referrals of high-risk individuals), and emailing the list of records (in the case of submitting a list of security-assessed people). The Program does not require additional capacity or tools to sustain these activities.

Overview of estimated costs

Administrative costs

Cost-benefit statement

Base Year (2014)

Final Year (2023)

Total (Present Value) [10 Years]

Average Annual (Present Value)

A. Quantified impacts ($)

Benefits

Large / medium businesses

$0

$0

 

 

Small businesses

$0

$0

 

 

Sole proprietors

$0

$0

 

 

 

Total

$0

$0

$0

$0

Costs

Large / medium businesses

$58,448

$19,260

$289,147

$41,168

Small businesses

$158,298

$34,403

$570,810

$81,270

Sole proprietors

$0

$0

$0

$0

Total

$216,746

$53,664

$859,957

$122,439

Net administrative costs

$859,957

$122,439

B. Qualitative impacts

Short list of qualitative impacts by stakeholder

Canadians and the Canadian economy

  • Supports Canada’s security needs and international obligations.
  • Addresses security gaps to lower risk of unauthorized transfer and possible espionage.
  • Enhances ability to maintain Canada’s U.S. ITAR exemptions.
  • Ensures that Canada continues to benefit from its privileged defence trade relationship with the U.S. and access to the important U.S. market.

Canadian government

  • Ensures regulatory alignment with the U.S.
  • Strengthens the Program’s effectiveness through additional clarity.
  • Strengthens national security by completing the implementation of the ESS.

Canada–U.S. relations

  • Supports Canada’s agreement with the U.S. under section 126.18(c)(2) for the safeguarding of all ITAR-controlled articles.
  • Enhances confidence-building measures to mitigate U.S. security concerns.
  • Supports broader North American defences through initiatives such as the Beyond the Border Action Plan.

Industry and other stakeholders

  • Maintains the global competitiveness of Canadian aerospace, defence and satellite sectors vis-à-vis other jurisdictions.
  • Provides registered persons with a better understanding of Program requirements and their regulatory obligations.
  • Increases compliance with Program requirements.

Canadians and the Canadian economy

Amendments are intended to ensure that Canada, particularly the Canadian defence, aerospace, satellite and security industries, continues to benefit from its privileged defence trade relationship with the U.S. and access to this important market. This is primarily accomplished in this context by supporting the maintenance of Canada’s U.S. ITAR exemptions.

The Regulations increase the efficiency of the Program in protecting against “intangible technology transfer” and industrial espionage. No new costs for Canadians are foreseen, except those identified for industry.

Canadian government

The amendments add clarity and transparency with respect to the ESS — Phase I, but have not resulted in a change of direction operationally either for the Program or for Program registrants.

The changes related to the amendments that were required to implement the ESS —Phase II activities have been made using existing resources. These amendments have been incorporated into processes already in place (i.e. the existing processes surrounding the security assessment referrals of high-risk individuals, visitor exemptions, and the record keeping of security-assessed individuals). Consequently, no new costs are foreseen for the Canadian government.

Canada–U.S. relations

Amendments codify in regulation the existing practice of assessing the following key risk indicators:

These practices were implemented in the ESS — Phase I to strengthen the security around controlled goods. Specifically, stipulating these enhancements in regulation helps maintain the high confidence that the U.S. has in Canada’s controlled goods regulatory regime and continues to support the ITAR exemptions [section 126.18(c)(2)]. No costs are foreseen.

Industry and other stakeholders (registrants)

One of the main objectives of these regulatory changes is to bring clarity to the framework to provide registered persons with a better understanding of the Program’s requirements and their regulatory obligations. Consequently, only elements which would result in new incremental practices and/or requirements were evaluated.

The calculations included herein focus on the following three activities:

  1. Consideration of a recommendation provided by the Minister to a designated official for referrals of high-risk employees;
  2. Obtaining the consent of the individual in the visitor exemption process; and
  3. Submitting twice annually the list of security-assessed individuals to the Minister.

As detailed below, it is anticipated that the first two regulatory amendments only affect a small portion of current registrants, with an average of 15% (76 of 498) of the medium and large registrants and 15% (311 of 2 055) of small registrants. The anticipated costs of the third element were applied to large, medium and small registrants. Given that 52% of the Program participants are small businesses (versus only 12% for medium/large businesses), this is the most affected class of registrants. However, the cost to each small business is anticipated to be less than the anticipated cost to each medium/large business. The overall cost for small business is greater since there are more small registrants in the Program compared to the number of medium/large businesses. The total cost of the new administrative burden to industry is estimated to be a present value (PV) of $122,439 annually ($859,957 PV over 10 years).

There are no new compliance costs as a result of these Regulations.

None of the above amendments are expected to affect, in any significant way, individual registrants or sole proprietors. In the three years preceding the regulatory amendment, there have been no instances of individual registrants or sole proprietors submitting a visitor exemption request or a security assessment referral for a high-risk employee. This trend is not expected to change. Furthermore, this group is not expected to have, or to submit, a list of employees.

“One-for-One” Rule

The amendments to the Regulations are considered to be an “IN” under the “One-for-One” Rule. These amendments are expected to marginally increase the administrative costs for some Program registrants, particularly those who process a high number of high-risk security assessments. These registrants fall mostly in the medium to large business category, which is less than 12% of the total number of program registrants.

The net present value (NPV) is $859,957 over a 10-year period using a discount rate of 7% and the annualized present value is $122,439.

Cost-benefit statement

Base Year (2014)

Final Year (2023)

Total (Present Value) [10 Years]

Average Annual (Present Value)

A. Quantified impacts $

Familiarization with new obligations related to the amendments.

Large / medium businesses

$23,039

$0

$23,039

$3,280

Small businesses

$95,069

$0

$95,069

$13,536

Sole proprietors

$0

$0

$0

$0

Total

$118,108

$0

$118,108

$16,816

Consider the recommendation of the Minister with regard to the risk level of employees submitted to the Program for further verifications.

Large / medium businesses

$6,807

$3,703

$51,158

$7,284

Small businesses

$475

$259

$4,998

$712

Sole proprietors

$0

$0

$0

$0

Total

$7,282

$3,962

$56,156

$7,995

Obtain consent form from visitor for exemption requests.

Large / medium businesses

$17,734

$9,646

$133,272

$18,975

Small businesses

$612

$344

$3,735

$532

Sole proprietors

$0

$0

$0

$0

Total

$18,346

$9,989

$137,007

$19,507

Submit list of security-assessed individuals to the Program every six months.

Large / medium businesses

$10,868

$5,912

$81,678

$11,629

Small businesses

$62,141

$33,801

$467,008

$66,491

Sole proprietors

$0

$0

$0

$0

Total

$73,010

$39,713

$548,686

$78,121

Net administrative costs — discounted to 2014

$859,957

$122,439

Net administrative costs — discounted to 2012

$751,120

$106,943

Note: The value counted under the "One-for-One" Rule is $106,943.

Cost per small business

The anticipated increase in administrative costs per small business is $278 (NPV) over a 10-year period. This new cost is only expected to apply to approximately 15% of small businesses registered in the Program. Not all small businesses are affected by the amendments to the Regulations under Phase II of the ESS. Statistical analysis from fiscal year 2012–2013 showed that

These figures exclude individual registrants and sole proprietors.

When the percentage of small businesses affected in the calculations is factored in, the annual average NPV administrative cost increase is estimated to be $40 per affected small business.

Small business lens

The costs associated with the regulatory amendments are less than $1 million annually; consequently, the small business lens does not apply.

Any potential increases in administrative costs that may arise from the three amendments relating to Phase II of the ESS are estimated to be low overall (see table above). Small businesses do not submit a large number of referrals of high-risk employees or visitor exemptions (two of the three activities). These Program activities are primarily undertaken by medium and large businesses. Anticipated costs were validated with stakeholders via a survey administered electronically in February and March 2014 and again with members of the Program’s Industry Engagement Committee in October 2014.

Consultation

Since 2010, the Program’s largest stakeholders were given the opportunity to provide input on proposed regulatory amendments through a series of consultation and communications activities.

General public

Status updates with regard to the rollout of the ESS were made through the regular posting of information bulletins on the Program’s Web site. The Program continued its involvement in various outreach activities, including trade shows and conferences. Regulatory amendments have been communicated, specifically how they pertain to aligning the Regulations with ESS changes implemented by the Program in October 2011.

Industry stakeholders (registrants)

The regulatory amendments contribute to the improved global competitiveness of the Canadian aerospace, defence and satellite sectors. As a result of the increase in clarity, registrants should have a better understanding of policy and regulatory requirements. Registrants have been supportive of efforts to standardize the application of the registration and security assessment process across the industry, and are expected to benefit from the increase in guidance from the Minister in terms of training and high-risk employee situations.

Industry and stakeholder departments and agencies were consulted in the development of the ESS — Phase I through the Program Industry Advisory Board. Concerns were raised by stakeholders in the months following the implementation of the ESS — Phase I. These included the level of information required for security assessments, the increase in demands placed on designated officials (including the cost of certification), and the sharing of personal information with foreign governments. In the months following the October 2011 launch of the ESS, PWGSC met with stakeholders to address their concerns.

In January 2012, the Industry Engagement Committee was established (replacing the Program Industry Advisory Board) in order to engage industry on an ongoing basis regarding the impacts on industry of any Program changes, including legislative and regulatory changes, while ensuring national security concerns are fully addressed. The Industry Engagement Committee is comprised of five aerospace and defence companies, four industry associations, one educational association, and one consulting firm. Together, these industry members represent a broad cross-section of the aerospace and defence industries. Since its inception, the Industry Engagement Committee has met monthly and has provided advice to PWGSC regarding the Program. These efforts have served to inform the development of the regulatory amendments and increase the level of stakeholder support and comprehension.

Workshops were offered by PWGSC to designated officials between September 2011 and April 2012 to provide training on new Program requirements for security assessments. Expanded educational and certification measures, combined with standardized assessment procedures, helped to ensure that Canadian companies remain aware of their obligations under the new rules and increased compliance with Program requirements, all of which serve to facilitate the safeguarding of controlled goods.

Lastly, amendments that were proposed were presented to the Industry Engagement Committee for feedback in November 2014. Industry Engagement Committee member feedback was positive and integrated into the proposal, where appropriate. This included the recommendation to add a provision or new section regarding change in ownership that would require 32 days’ advance notice. The members also recommended that assumptions used to develop the estimated costs be explicitly stated to help mitigate any confusion on the part of stakeholders regarding the anticipated level of effort associated with the new requirements. A document detailing the assumptions was prepared and is available upon request.

Other federal departments

Government departments that could have been affected by the changes were consulted. There were no outstanding concerns.

U.S. government

It is expected that the U.S. government will continue to be supportive of the amendments to the Regulations. The most recent bilateral meeting served, among other things, to update the U.S. government on the continued implementation of the ESS Strategy in the Program. No concerns were raised by the U.S. government regarding the regulatory amendments.

Canada Gazette consultation process

PWGSC received feedback from stakeholders and the public on the proposed amendments to the Regulations in the context of the Canada Gazette, Part I, consultation process, which took place between May 2 and June 1, 2015. The Canada Gazette, Part I, serves as a vehicle for general public feedback on proposed regulations. Canadians can actively contribute to the regulatory process by sending their comments or concerns on the subject under consultation to the appropriate department or agency. The objective of the public consultations was to seek input, from Program registrants and non-registrants alike, on the proposed amendments to the Regulations. Participants were able to provide their feedback by email or telephone.

The Program directly emailed a notice of PWGSC’s intent to amend the Regulations to more than 4 000 organizations from the Program database. The email contained a link to the posting of the Regulatory Impact Analysis Statement in the Canada Gazette in addition to links to the Program Web site to provide additional information on the proposal (e.g. Consultation Web page and Frequently Asked Questions on Amendments to the Controlled Goods Regulations). Program registrants were also advised of the Canada Gazette posting and its associated consultation period through “Ask the Expert” sessions that were held by the Program in May 2015.

In total, PWGSC received seven submissions from various stakeholders during this process, including one from an industry association. Of the seven submissions received, two were beyond the scope of the consultations as they were unrelated to the regulatory proposal.

The following summarizes the feedback received and PWGSC’s response.

(1) Notification time frames

One respondent expressed concerns with the different notification periods that were proposed throughout the regulations and suggested greater consistency to avoid confusion.

Response: Specific notification time frames were established to provide more clarity for stakeholders and to ensure that the Minister has enough time to assess and respond to the risks that could result from the various conditions that are addressed by the regulations, such as the discovery of a potential security breach, a change in registration status or a change in company ownership.

(Section 9.1) One respondent expressed concerns with the 5-day period for advising the Minister of any change to the information contained in the registration application and suggested extending the notification period to 30 calendar days.

Response: A 30-day notification period is too long to ensure that the Minister remains adequately informed and able to evaluate any risk related to changes to application information. (Note: Notification period has been adjusted to 10 business days instead of 5.)

(Section 9.2) One respondent indicated that there should not be any mandated time frame to advise the Minister of any potential sale or acquisition prior to the transaction occurring, as it could adversely affect negotiations and the ability of a company to raise capital. The respondent suggested the Minister should only be made aware of changes in ownership as they occur.

Response: Section 9.2 refers to acquisitions, not “potential acquisitions” that are being negotiated. In order to prevent unauthorized access to controlled goods, persons who acquire 20% or more of the outstanding voting shares of a business must undergo a security assessment. The rationale for the 32-day notification period is to ensure that the Minister is provided sufficient time to assess if a change in ownership poses any risk of unauthorized access to controlled goods. Section 9.2 reflects the input received from the Industry Engagement Committee that recommended adding a provision for advance notice of change in ownership.

One respondent recommended that paragraph 10(h) allow for a “two-level structure” for notifying the Minister about any actual or potential security breach: (1) the designated official would be required to advise the Minister of a potential breach within 15 calendar days, and (2) the registrant would report the findings of its investigation within 60 calendar days. This would ensure registrants have sufficient time to investigate a breach and to determine whether it actually occurred.

Response: PWGSC recognizes that a sufficient amount of time is needed to conduct a full investigation within a given organization after a potential breach has been discovered. The regulations do not impose a set time period for completing an investigation. The Minister is to be advised within three days of any potential security breach and/or within three days of confirming that an actual security breach has occurred, a conclusion that is usually reached after a potential breach has been fully investigated.

(2) Administrative burden

One respondent commented that cost impacts of the regulatory amendments should include the cost of requirements implemented by the Controlled Goods Program in 2011, as a result of a policy decision. The respondent suggested that 2011 should have been used as the base year instead of 2014.

Response: The majority of security and business enhancements brought to the Controlled Goods Program since 2011 were implemented under existing regulatory authority and were already in place when regulatory amendments were proposed. The cost-benefit analysis only accounts for the new activities that result from the regulatory amendments:

The number of registrants impacted by each one of the new activities was extrapolated based on a statistical analysis of the Controlled Goods Program’s activity in fiscal year 2012–2013. This analysis demonstrated that the first two new activities would only impact a small proportion of program registrants. The increase in administrative costs that may arise from these three activities is expected to be low overall, particularly for small businesses. Sole proprietors/individuals were excluded from the calculations since they are not impacted by these new activities.

(3) Potential trade implications

Two respondents were concerned that changes to the exemption application process for temporary workers, visitors and international students (section 18) could have a detrimental impact on businesses’ ability to market Canadian products internationally because of the added administrative burden imposed on businesses and foreign nationals wishing to examine, possess or transfer controlled goods. One respondent also indicated that additional analysis should have been performed to determine the impact of regulatory amendments on Canadian trade.

Response: Requirements reflect the commitments made by Canada in the 2011 Exchange of Letters with the U.S. to augment security assessment procedures for certain categories of individuals by assessing key risk indicators including travel history, significant and meaningful associations and criminal history. PWGSC has carefully considered the impacts of regulatory amendments on industry. The regulations continue to support Canada’s trade interests by helping to maintain the Canadian Exemptions provided under the U.S. International Traffic in Arms Regulations (ITAR) for the license-free transfer of many ITAR-controlled defence articles between the U.S. and Canada and among registrants of the Controlled Goods Program.

(4) Privacy concerns

Two respondents expressed concerns with the requirement to consent to the disclosure of personal information to — and its use by — Canadian government entities and credit reporting agencies for the purpose of conducting security assessments (sections 3.1 and 12.2).

Response: PWGSC is bound by the Privacy Act, which imposes obligations to respect privacy rights by limiting the collection, use and disclosure of personal information. The information to be collected and shared with other federal government agencies is limited to what is required for conducting the security assessment. The personal information (e.g. name, date of birth or address) shared by the Government with credit rating agencies only serves to identify the person that is subject to a credit check. This involves the same process as in any regular credit analysis.

(5) Security assessment procedures

One respondent enquired about how the regulatory amendments affect company shareholders and owners who are neither Canadian citizens nor residents in Canada.

Response: All owners, including foreign owners, with 20% or more of voting shares are to submit a completed Security Assessment Application Form as part of the registration application process. This requirement applies in the renewal process as well for both foreign nationals and Canadian citizens, regardless of country of residence.

One respondent suggested clarifying the notion of residency under paragraph 18.2(e), which requires that an application for exemption of a temporary worker or international student be accompanied by original results of a country-wide criminal record check for all countries — other than Canada — in which applicants have resided.

Response: The criminal record check applies only to countries where the person has resided. This requirement is not applicable for temporary visits to other counties for business or leisure travel. The length of stay in a country may be a factor in determining residency status but is not decisive. Under Canadian law, the determination of residency status in Canada is done on a case-by-case basis and considers several criteria such as the existence of social ties (spouse or partner, dependent children, etc.) and/or economic ties (workplace and payment of taxes). The assessment of these factors is combined to identify an individual’s elected domicile or, in other words, where their daily life takes place. Since the notion of residence is a pre-established concept in Canadian law and depends on an assessment of factors, no further clarification is required in the Regulations.

After taking into consideration all the feedback received, PWGSC made only one adjustment to the regulatory amendment proposal: the time frame for advising the Minister about changes to registration information was extended from 5 to 10 business days. This change balances the needs of registrants for greater flexibility while ensuring that the Minister remains adequately informed and able to evaluate any risk related to the new information.

Implementation, enforcement and service standards

Implementation

The Regulations came into force on the day they were registered.

Enforcement

These Regulations do not alter existing compliance provisions under the Defence Production Act. Compliance and enforcement measures for all registered persons continue to include compliance inspections that monitor, but are not limited to, the following conditions of registration:

Service standards

In line with the Government of Canada’s Red Tape Reduction Action Plan initiative “Improving Service Performance for Regulatory Authorizations,” service standards and performance targets for all regulatory authorizations were established for the Program, as follows:

Program Activity

Service Standard

Service Standard Target

Registration (new and renewal)

32 business days

80% processed within standard

Security assessments

32 business days

80% processed within standard

Temporary worker exemptions

30 business days

80% processed within standard

Visitor exemptions

10 business days

80% processed within standard

It should be noted that a number of activities carried out by the Program require input from other departments or agencies (e.g. the Royal Canadian Mounted Police and the Canadian Security and Intelligence Service), subject to their own service standards and timelines. The response time may consequently be extended in cases where one or more of the following conditions exist:

Processing delays may result where additional verifications and collaboration with other departments or agencies are required. Applicants will receive a notice of extension within the service delivery window (i.e. 32 days) should service standard delays be anticipated.

In addition, Program registrants are expected to benefit from the precise time lines that replaced the numerous references to “without delay” throughout the Regulations. These measures should improve the client service experience and service delivery.

Program stakeholders and clients were consulted on service standards from November 2013 to May 2014 and were supportive of the regulatory amendments.

Performance reporting

A report on the performance of the Program relative to its service standard will be provided annually to Parliament through two tables of PWGSC’s Departmental Performance Report found in the Supplementary Information section. Performance will also be reported on the Program’s main Web page. The Program will also report on performance against targets on an annual basis on PWGSC’s Acts and Regulations Web page, which can be found at http://www.tpsgc-pwgsc.gc.ca/lr-ar/index-eng.html.

Performance measurement and evaluation

This initiative is largely intended to clarify the requirements in the Regulations that apply to persons accessing controlled goods in Canada.

To evaluate whether the Regulations are adequately understood, inquiry, inspection and compliance data will be assessed following the implementation period to determine whether there are any trends associated with non-compliance that might suggest that sections of the Regulations are not understood by all or particular groups of regulated parties.

Ongoing environmental scans will be used to identify any issues or situations concerning the domestic regulation of controlled goods that could have unintended consequences as a result of this initiative.

Contact

Louis LePage
Senior Director
Controlled Goods Program
Industrial Security Sector
Department of Public Works and Government Services
2745 Iris Street
Ottawa, Ontario
K1A 0S5
Telephone: 613-948-1767
Email: louis.lepage@pwgsc-tpsgc.gc.ca