By Eric J. Kadel, Sharon Cohen Levin, Anthony J. Lewis, Shari D. Leventhal, and Edoardo Saravalle

DOJ, BIS and OFAC Issue Joint Guidance on Policies Relating to Voluntary Self-Disclosures of Potential Violations of Sanctions, Export Controls and Other National Security Laws

Summary

On July 26, 2023, the Department of Justice, the Department of Commerce and the Department of the Treasury released a Tri-Seal Compliance Note describing voluntary self-disclosure and whistleblower policies applicable to U.S. sanctions, export controls and other national security laws.  The release does not impose new obligations, but provides an overview that (i) clarifies the salient aspects of the agencies’ voluntary self-disclosure policies (particularly following recent updates to these policies), (ii) suggests the differences between each agency’s approach to voluntary self-disclosures (including with respect to the mitigation of civil or criminal liability) and (iii) underscores the agencies’ goal of shifting the private sector’s risk calculus toward greater voluntary self-disclosures.

Background

The National Security Division (“NSD”) of the Department of Justice (the “DOJ”), which is responsible for the criminal prosecution of sanctions and export violations, the Department of Commerce Bureau of Industry and Security (“BIS”), which administers export controls and the Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), which administers sanctions programs (collectively, the “Agencies”), each have in place voluntary self-disclosure (“VSD”) policies.[1]  Under these policies, the Agencies provide significant penalty relief for violations of sanctions, export controls and other national securities laws that—subject to certain qualifying conditions—are voluntarily self-disclosed by firms, thus providing an incentive for parties to disclose potential violations when they are discovered.  Both NSD and BIS have updated their policies within the past year.[2]  The revisions to NSD’s policy were part of a general revision of the DOJ’s approach to corporate criminal enforcement, including the broader application of VSD policies.[3]

The Compliance Note

On July 26, 2023, the Agencies released a Tri-Seal Compliance Note on Voluntary Self-Disclosure of Potential Violations (the “Compliance Note”).[4]  The Agencies’ release notes that businesses can play a role in protecting U.S. national security as well as the country’s “technological and financial leadership” and that, particularly in connection with national security laws, parties should disclose any potential criminal or administrative violations they discover.[5]  The Compliance Note aims to “assist the private sector in ensuring that businesses and other organizations timely and appropriately disclose potential violations.”[6]  Although the Compliance Note is a summary of existing policies and does not impose new obligations, it provides an overview of each Agency’s approach to VSDs and reflects certain distinctions between the Agencies’ policies.

National Security Division

As discussed in the Compliance Note, NSD’s recently updated policy on VSDs applies to sanctions and export control violations as well other potential criminal violations within NSD’s remit, such as violations of the rules and orders of the Committee on Foreign Investment in the United States.[7]

If a company (i) voluntarily self-discloses potentially criminal violations, (ii) fully cooperates with NSD, and (iii) takes timely and appropriate remedial steps, NSD generally will not seek a guilty plea.  Instead, there will be a presumption in favor of resolving the matter by way of a non-prosecution agreement without a fine (as long as the firm does not retain gains from the misconduct).[8]  Where aggravating factors are present (such as egregious misconduct or repeated administrative or criminal violations of national securities laws), this presumption will not apply, and NSD may seek a deferred prosecution agreement or a guilty plea.[9]

To avail itself of the benefits of the NSD VSD policy, a firm must make its self-disclosure within a “reasonably prompt” time of discovering the violation and must have no legal obligation to disclose or imminent threat of disclosure or government investigation.[10]  Notably, the self-disclosure must be made directly to NSD, and “[d]isclosures made only to regulatory agencies such as OFAC or BIS do not qualify for NSD’s policy.”[11]

Finally, companies will receive the benefits of the VSD policy only if they take appropriate remediation steps, such as implementing an effective compliance and ethics program and imposing appropriate disciplinary measures (such as compensation clawbacks) for employees who directly participated in, or who had oversight or supervisory authority over, the “area where the criminal conduct occurred.”[12]

Bureau of Industry and Security

The Compliance Note provides an overview of BIS’s VSD policies, emphasizing recent changes.  As a general matter, the BIS VSD policy provides that “timely and comprehensive” disclosures involving “full cooperation” will “substantially reduc[e]” the applicable civil penalty.[13]  Since June 2022, BIS has implemented a dual-track VSD system that distinguishes between VSDs related to minor infractions—which are resolved with a warning or no-action letter within 60 days—and VSDs related to more serious violations, which require more in-depth analysis about whether an enforcement action is warranted and whether a firm is entitled to penalty mitigation following the VSD.  The Compliance Note states that, in addition to maximizing finite BIS enforcement resources, the dual-track system enables rapid resolutions for minor violations.[14]

The Compliance Note highlights three key aspects of BIS’s VSD policy.  First, the Compliance Note cites the April 18, 2023 BIS memorandum (the “BIS Memorandum”) providing that, rather than just considering VSDs as potential mitigating factors under its penalty guidelines, BIS will consider non-disclosure of a “significant possible” violation[15] of the Export Administration Regulations (“EAR”) an aggravating factor.  As a result, in addition to experiencing “concrete benefits” for making a VSD, firms will be at risk of experiencing “concrete costs” for not making one.[16]

Second—again citing the BIS Memorandum—the Compliance Note states that firms may benefit from disclosing potential violations by unrelated third parties.  If a company provides a tip to BIS that leads to an enforcement action against a third party, the tipper may find a future BIS penalty mitigated as a result of the cooperation (even if the penalty against the tipper is unrelated to the tip).[17]

Third, the Compliance Note clarifies that failures to make a VSD that resulted from a company “self-blinding” by not conducting an internal investigation will not excuse non-disclosure, because the quality of a compliance program and its success in identifying and remediating compliance gaps are factors under settlement guidelines.[18]

Office of Foreign Assets Control

The Compliance Note explains that OFAC also treats VSDs as mitigating factors when appropriate, and that qualifying VSDs can result in a 50 percent reduction in the base amount of a proposed civil monetary penalty.[19]  Like NSD and BIS, OFAC will consider, among other factors, the strength of a company’s compliance program as well as remedial actions taken at the time of the apparent violation when reviewing the underlying conduct in a VSD.[20]

Self-disclosures to OFAC may qualify as VSDs even if they are simultaneous with OFAC or another government agency’s discovery of the apparent violation;[21] by comparison, the NSD policy requires that the self-disclosure occur “prior to an imminent threat of disclosure or government investigation.”[22]  On a case-by-case basis, OFAC will also count as a VSD a self-disclosure to a different agency or regulator.[23]

OFAC will not qualify a corporate self-disclosure as a VSD in certain circumstances, including when the disclosure includes false or materially incomplete information, or when disclosure was required because the apparent violation was blocked or rejected by a third party.[24]  Finally, the Compliance Note outlines certain OFAC expectations related to VSDs, including that the disclosing firm submit a “sufficiently detailed report” describing its understanding of the apparent violation and that it be responsive to follow-up OFAC inquiries.[25]

Department of the Treasury Financial Crimes Enforcement Network

In a final section, the Compliance Note describes the Financial Crimes Enforcement Network’s anti-money laundering (“AML”) and sanctions whistleblower program “designed to incentivize individuals . . . to provide information to the government about violations of U.S. trade and economic sanctions, in addition to violations of the Bank Secrecy Act.”[26]  The Compliance Note highlights that whistleblowers may collect between 10 and 30 percent of any penalty collected in an enforcement action if the information provided by the whistleblower leads to the successful enforcement action.  Whistleblowers may even be entitled to awards from related enforcement actions under non-AML authorities such as the Export Control Reform Act.[27]

Implications

The Compliance Note reflects several points of emphasis:

First, the Compliance Note reflects the Agencies’ continued focus on shifting firms’ calculus by incentivizing VSDs and, in the case of BIS, penalizing a failure to self-report a potential violation.  The Compliance Note reflects the Agencies’ prioritization of self-disclosures and their aim to push corporate decision-making toward making self-disclosures by raising both the potential benefits of disclosure and the potential costs of non-disclosure. 

Second, consistent with recent public remarks by government officials,[28] the U.S. government is sharpening its focus on preventing sanctions and export controls violations.  The potential benefits for firms from VSDs as well as from disclosures about third parties—incorporated in BIS’s VSD policy and in FinCEN’s whistleblower program—suggest that the U.S. government wants to increase firms’ reporting related to these national security laws.  Further, the Compliance Note highlights that NSD has recently hired a Chief Counsel for Corporate Enforcement and expanded its staff.  Firms should expect increased corporate enforcement of these laws going forward.

Third, the Agencies are increasingly cooperating on sanctions and export controls matters.  The interagency Compliance Note follows the Disruptive Technology Strike Force, a collaborative effort between the DOJ and BIS focused on critical technologies,[29] and Task Force KleptoCapture, an “interagency law enforcement task force” focused on sanctions and export controls following the Russian invasion of Ukraine.[30]  Such cooperation may lead to innovative enforcement actions.

Fourth, differences remain among the Agencies’ VSD policies.  For example, NSD’s policy does not recognize self-disclosures first made to regulatory agencies (while OFAC’s policy may), and different Agencies use different standards to determine which self-disclosures constitute VSDs.  When considering whether to make a voluntary self-disclosure, a firm should review the relevant Agencies’ policies to determine how to prepare and position itself to make a self-disclosure that will be recognized as a qualifying VSD that may entitle the firm to leniency.

Fifth, while the Agencies are encouraging companies to submit VSDs, maximizing the available credit and leniency generally requires companies to meet additional criteria, such as the maintenance of an appropriate compliance program and the imposition of disciplinary measures on the personnel involved or who supervised them.  As a result, firms should continually review their compliance programs in accordance with applicable guidance.[31]

Footnotes

[1]              See, e.g., 15 C.F.R. § 766 (Suppl. 1 2022) (describing BIS’s treatment of VSDs); DOJ, Export Control and Sanctions Enforcement Policy for Business Organizations (Mar. 1, 2023), available at https://www.justice.gov/file/1570996/download (describing DOJ’s treatment of VSDs); 31 C.F.R. § 501 app. § A (describing OFAC’s treatment of VSDs).

[2]              See DOJ, Export Control and Sanctions Enforcement Policy for Business Organizations (Mar. 1, 2023), available at https://www.justice.gov/file/1570996/download; BIS, Memorandum from Matthew S. Axelrod, Assistant Secretary for Export Enforcement, to All Export Enforcement Employees, Re: Further Strengthening our Administrative Enforcement Program (June 30, 2022), available at https://www.bis.doc.gov/index.php/documents/enforcement/3062-administrative-enforcement-memo/file; BIS, Memorandum from Matthew S. Axelrod, Assistant Secretary for Export Enforcement, to All Export Enforcement Employees, Re: Clarifying Our Policy Regarding Voluntary Self-Disclosures and Disclosures Concerning Others (April 18, 2023), available at https://www.bis.doc.gov/index.php/documents/enforcement/3262-vsd-policy-memo-04-18-2023/file (the “BIS Memorandum”).

[3]             See S&C Client Memorandum: “U.S. Department of Justice Announces Changes to Policies for Prosecuting Corporate Crime” (Mar. 7, 2023), available at https://www.sullcrom.com/SullivanCromwell/_Assets/PDFs/Memos/sc_publication_DOJ_announces_new_guidance_white_collar_enforcement.pdf; S&C Client Memorandum: “U.S. Department of Justice Announces Changes to Corporate Enforcement Policies” (Jan. 19, 2023), available at https://www.sullcrom.com/SullivanCromwell/_Assets/PDFs/Memos/sc-publication-doj-announces-priorities-expectations-prosecuting-corporate-crime.pdf.

[4]             DOJ, Department of Commerce, Department of the Treasury, Department of Commerce, Department of the Treasury, and Department of Justice Tri-Seal Compliance Note: Voluntary Self-Disclosure of Potential Violations (July 26, 2023), available at https://ofac.treasury.gov/media/932036/download?inline (the “Compliance Note”).

[5]              Id. at 1.

[6]             Id.

[7]            Id. at 3.

[8]           Id. at 2.

[9]             Id.

[10]              Id.

[11]             Id.

[12]            Id. at 3.

[13]           Id.

[14]           Id. at 4; BIS Memorandum at 2.

[15]            The BIS Memorandum notes that “significant possible violations” are “the types of violations that reflect potential national security harm.”  BIS Memorandum at 2.

[16]           Compliance Note at 4; BIS Memorandum at 2.

[17]           Compliance Note at 4; BIS Memorandum at 3.

[18]          Compliance Note at 5.

[19]           Id.

[20]            Id.

[21]           Id.

[22]           Id. at 2.

[23]          Id. at 5.

[24]          Id.

[25]           Id.

[26]          Id. at 6.

[27]         Id.

[28]        See, e.g., Lisa Monaco, Deputy Attorney General, Department of Justice, Remarks at American Bar Association National Institute on White Collar Crime (Mar. 2, 2023), available at https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-monaco-delivers-remarks-american-bar-association-national#:~:text=As%20I’ve%20said%20before,%2C%20banking%2C%20defense%20and%20agriculture (noting that “sanctions are the new FCPA”); Matthew S. Axelrod, Assistant Secretary for Export Enforcement, Department of Commerce, Remarks to the Society for International Affairs 2022 Spring Virtual Advanced Conference on Export Controls & International Politics (May 16, 2023), available at https://www.bis.doc.gov/index.php/documents/about-bis/newsroom/press-releases/2992-2022-05-16-remarks-as-axelrod-to-sia/file.

[29]          Department of Justice, Justice and Commerce Departments Announce Creation of Disruptive Technology Strike Force (Feb. 16, 2023), available at https://www.justice.gov/opa/pr/justice-and-commerce-departments-announce-creation-disruptive-technology-strike-force.

[30]           Department of Justice, Attorney General Merrick B. Garland Announces Launch of Task Force KleptoCapture (Mar. 2, 2022), available at https://www.justice.gov/opa/pr/attorney-general-merrick-b-garland-announces-launch-task-force-kleptocapture.

[31]          See Department of Justice, Criminal Division, Evaluation of Corporate Compliance Programs (March 2023), available at https://www.justice.gov/criminal-fraud/page/file/937501/download; OFAC, A Framework for OFAC Compliance Commitments (May 2, 2019), available at https://ofac.treasury.gov/media/16331/download?inline; BIS, Export Compliance Guidelines (Jan. 2017), available at https://www.bis.doc.gov/index.php/documents/pdfs/1641-ecp/file.

Eric J. Kadel, Sharon Cohen Levin, and Anthony J. Lewis are Partners, Shari D. Leventhal is Of Counsel, and Edoardo Saravalle is an Associate at Sullivan & Cromwell LLP.  This post was originally published on the firm’s website.

The views, opinions and positions expressed within all posts are those of the author(s) alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of the New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity or any statements made on this site and will not be liable any errors, omissions or representations. The copyright or this content belongs to the author(s) and any liability with regards to infringement of intellectual property rights remains with the author(s).