RTX Corp., the parent company of Raytheon, is facing significant consequences after agreeing to pay $200 million in fines and remediation following the revelation of extensive export control violations.
These breaches, which occurred between 2017 and 2023, involved the unauthorized disclosure of sensitive military secrets, impacting some of the United States’ most advanced defense systems.
The violations, totaling 750, were self-disclosed by RTX and addressed under a consent agreement with the U.S. State Department.
The violations were deemed serious, involving the illegal export of defense articles and technical data, including information about aircraft and missile systems critical to U.S. national security.
Among the affected systems were high-profile assets such as the VC-25 (Air Force One), F-22 Raptor, F-35 Lightning II and the B-2 Spirit stealth, B-1B Lancer, and the F/A-18, F-15 and F-16 fighters.
RTX admitted to inadvertently allowing technical information and aerospace components to be shared with countries such as Russia, China, and Iran, as well as U.S. allies like Australia, the U.K., and Saudi Arabia.
A key focus of the violations stemmed from improper handling of ITAR-controlled data, often due to lapses in cybersecurity protocols. In one example, an RTX employee traveled to St. Petersburg, Russia, with a laptop containing sensitive technical data about several military aircraft.
Despite receiving multiple security alerts, the company dismissed them as false positives. Another employee attempted to log into the company’s system while in Iran, exposing technical data related to the B-2 Spirit bomber and the F-22 Raptor.
Beyond technical data, RTX also illegally exported defense components for various missile systems, including the Tomahawk cruise missile, the RIM-162 Evolved Sea Sparrow Missile, and the Paveway laser-guided bomb. These exports were made without proper authorization to several U.S. allies across Europe, Asia, and the Middle East.
In response to these violations, the $200 million settlement includes a fine of $100 million, with the remaining $100 million to be invested in remedial measures to strengthen RTX’s compliance program.
Under the terms of the consent agreement, RTX will hire a Special Compliance Officer for 24 months to oversee the implementation of improved export control practices. This will also include external audits of the company’s ITAR compliance procedures.
Despite the severity of the violations, RTX’s voluntary disclosure and cooperation with the U.S. government may have contributed to the settlement’s terms.
The company acknowledged that the penalties were anticipated, having already informed investors during its Q2 2024 earnings report.
The timing of the settlement coincides with a $1 billion contract awarded to Raytheon for upgrading the F-22 Raptor fleet, highlighting the ongoing strategic importance of the company’s defense work.
However, the revelations raise concerns about the vulnerabilities exposed in RTX’s compliance and cybersecurity practices, especially as tensions rise between the U.S. and peer competitors like Russia and China.
RTX’s actions underscore the critical need for stringent export control measures, particularly in an era where technological advances in aerospace and defense play a vital role in maintaining military superiority. The consent agreement aims to prevent future breaches by reinforcing internal controls and protecting sensitive defense information from falling into the wrong hands.
$200 M is a drop in the bucket to these fat cats.