A 2014 US Dept. of State Charging Letter issued against Esterline Technologies Corporation reveals the company’s network of subsidiaries engaged in a decade of ITAR violations, for a total of 282 separate charges. In at least two cases, criminal investigations were launched. Esterline was ordered to pay a civil penalty of $20 million in response to the violations.
Seven different Esterline companies were named in the Charging Letter, which documented export violations going back as far as 1997 through until 2011. All of the companies held accredited AS9100 or ISO 9001 certifications before, during and after the ITAR violations were reported by State.
- Mason Electric Co. of Sylmar CA was cited with 40 ITAR violations, while it held AS9100 certification issued by Perry Johnson Registrars. It now holds certification from DNV-GL.
- CMC Electronics Aurora of Sugar Grove IL was cited with 49 ITAR violations, while it held AS9100 certification by BSI.
- Kirkhill Inc. (then Kikhill-TA) of Brea CA was cited with only a handful of violations, but these triggered a criminal investigation. The criminal investigation was later dropped, but new violations were discovered shortly thereafter. Throughout this period, Kirkhill held AS9100 certification by NSF-ISR.
- Korry Electronics of Everett WA was cited with 179 separate ITAR violations and a criminal investigation, while holding AS9100 certification issued by DNV-GL.
- Leach International North America of Buena Park CA was cited with 6 ITAR violations and holds AS9100 certification from DNV-GL, as well.
- Esterline Hytek (formerly Hytek Finishes Co.) of Kent WA was cited with 6 ITAR violations with AS9100 certification issued by TUV USA (part of TUV Nord.)
A seventh Esterline company, Memtron of Frankenmuth MI, held ISO 9001:2008 certification instead, issued by Lloyds Register (LR). That company was reported for a single ITAR violation, but the dates of the actual activities in violation spanned from 2007-2010, all years covered by the LR certificate. It is not immediately clear if Memtron has an updated ISO 9001:2015 certificate.
Despite the publication of the Charging Letter in 2014, and criminal investigations launched in years prior, at no point did any of the companies lose their AS9100 or ISO 9001 certifications.
All of the certificates were accredited by a single US accreditation body: ANAB.
AS9100 repeatedly requires that certified companies satisfy regulatory requirements. Clause 5.1.2 requires “customer and applicable statutory and regulatory requirements are determined, understood and consistently met,” while clause 8.2.2 requires the company capture “the requirements for the products and services are defined, including any applicable statutory and regulatory requirements” and then not agree to provide products if those regulatory requirements cannot be met. In all, the concept of satisfying regulatory requirements appears in 10 separate AS9100 clauses, and is repeated in the front and back matter of the standard.
It is not clear how auditors from six different accredited certification bodies, auditing seven different certified companies, could have missed ITAR violations during every audit, spanning a decade. It is also not clear how each of the companies could have faced no repercussions to their certifications even after the findings of State were released, and criminal investigations launched.
ANAB has been accused of conducting lax oversight of CBs who pay it a fee for accreditation, allowing companies to obtain AS9100 certification despite rampant quality problems, and then allowing them to maintain that certification even after the problems are reported, or after disaster strikes.