On January 16, 2024, the NYU Law Program on Corporate Compliance and Enforcement hosted Matthew Axelrod, Assistant Secretary for Export Enforcement at the Bureau of Industry and Security (BIS), U.S. Department of Commerce, to deliver remarks on enhancements to BIS’s corporate enforcement policy for voluntary self-disclosures of export control violations. Assistant Secretary Axelrod’s speech was accompanied by the release of an enforcement policy memo, available here. After Secretary Axelrod’s remarks, he participated in a fireside chat and took questions from the audience. The event also featured a panel of experts on export control enforcement policy. A full agenda of the event is available here. In this post, participants from the panel share further thoughts on the issues.

Changes to BIS’s VSD Policies Tip the Scales in Favor of Self-Disclosure

by Sharon Cohen Levin, Amanda Houle, and Wisdom Onwuchekwa-Banogu

Over the past 18 months, BIS has substantially enhanced its Voluntary Self-Disclosure (“VSD”) Policies and its approach to identifying export control violations.  In announcing additional enhancements to the VSD policies on January 16, 2024, Assistant Secretary for Export Enforcement Matthew Axelrod explained that as “technologies have grown exponentially more powerful, the importance that the role export controls play in protecting them, and by extension our national security, has grown in parallel. Export controls and their enforcement are at the forefront of our national security efforts like never before.” Accordingly, BIS has sought to incentivize the reporting of export control violations either by the company through a VSD or through reporting by others.  Assistant Secretary Axelrod advised that these changes are working.  BIS received nearly 80% more VSDs containing potentially serious violations in FY 2023 than in the previous year and more disclosures about the conduct of others than ever before.  

Under the current VSD policy, a company that does not disclose an export control violation is at risk that a competitor could report the violation. BIS’s VSD policy provides significant benefits to a company for providing information about another company’s violations. A competitor can essentially bank cooperation credit by providing a tip that results in an enforcement action against a competitor.  The tip will be considered a mitigating factor in any future enforcement action against the company that provided the tip.[1]  In contrast, if a company learns of a significant export violation and fails to file a VSD, the failure to disclose the violation will be treated as an aggravating factor under BIS guidelines. The Assistant Secretary announced that these policies have already resulted in a material increase in tips.  BIS received 33% more tips since announcing the changes compared to the same 8-month period in the prior year.   

BIS, working with FinCEN, has also taken steps to increase the likelihood that financial institutions will identify and report suspected export control violations, and has enhanced the reporting system so that export violations are flagged and reviewed more efficiently.  BIS has partnered with FinCEN to issue a series of joint alerts urging financial institutions to be vigilant against efforts by individuals or entities to evade export controls.  The joint alerts provide financial institutions with detailed transactional and behavioral red flags to identify activity potentially tied to evasion of export controls.[2] In addition, FinCEN’s whistleblower program has been expanded to include potential monetary awards for individuals who report violations of U.S. sanctions programs and related export control violations.

A company identifying an export control violation should consider the likelihood that under BIS’s enhanced policies and approach someone other than the company will identify and report the export control violation.  If the company chooses not to self-report and BIS otherwise identifies the violation, the company risks losing the significant benefits BIS has offered in connection with self-reporting, including a “steep and concrete reduction in potential monetary liability.”[3] 

Footnotes

[1]  Department of Commerce, Department of the Treasury, and Department of Justice Tri-Seal Compliance Note: Voluntary Self-Disclosure of Potential Violations (July 26, 2023).

[2]  FinCEN & BIS Joint Alert, FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security Announce New Reporting Key Term and Highlight Red Flags Relating to Global Evasion of U.S. Export Controls (Nov. 6, 2023); FinCEN & BIS Joint Alert, FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security Urge Increased Vigilance for Potential Russian and Belarusian Export Control Evasion Attempts (June 28, 2022); FinCEN & BIS Joint Alert, Supplemental Alert: FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security Urge Continued Vigilance for Potential Russian Export Control Evasion Attempts (May 19, 2023).

[3]  Department of Commerce, Clarifying Our Policy Regarding Self-Disclosures and Disclosures Concerning Others (Apr. 18, 2023).

Sharon Cohen Levin is a Partner, Amanda Houle is Special Counsel, and Wisdom Onwuchekwa-Banogu is a Law Clerk at Sullivan & Cromwell LLP. Previously, Levin was the Chief of the Asset Forfeiture Unit, and Houle was Chief of the National Security Unit, at the U.S. Attorney’s Office for the Southern District of New York.

BIS Goes Big Game Hunting with Further VSD Policy Changes – Suggesting that It’s Time to Recalibrate Corporate Assessments of Export Controls Evasion Risk

by Michael Huneke

In announcing updates to BIS’s voluntary self-disclosure (“VSD”) policy on January 16, 2024, Assistant Secretary of Commerce Matthew Axelrod stressed the imperative for BIS to focus its finite enforcement resources on the most-significant export controls violations, i.e., those that implicate U.S. national security interests. The modifications to the VSD Policy accordingly are intended to streamline even further the reporting and processing of voluntary disclosures of minor export controls violations—particularly by permitting the electronic submission of quarterly batch reports of insignificant violations that can lead to quick no-action or warning letter dispositions.

Assistant Secretary Axelrod was clear that BIS expects U.S. manufacturers and exporters likewise to focus on the serious threats. He hinted that any internal cost-benefit analysis companies might be making about their investments in export controls risk assessments and compliance programs should assume BIS’s focus on big cases will result in more settlements or enforcement actions with large fines—even referring to BIS’s record $300 million settlement with Seagate as just a “down payment” compared to later actions to come.[1]

How best to meet BIS’s expectations, for corporations that choose to do so?

The Assistant Secretary cautioned that manufacturers and exporters cannot “self-blind” themselves as to what is happening in their international sales. To avoid this, corporations should ensure that their assessments of evasion risks and their export controls compliance programs are dynamic and holistic, and they should be careful not to over-rely on perceived loopholes or technicalities.[2] Putting in place systems and controls that are overly restrictive in their interpretation of potential evasion risks withholds from managers—and directors[3]—information they need to make risk-based decisions as to not only potential violations and disclosures but also to whether certain sales channels might be shut down or, at least, should be the subject of license applications as the best way to protect the company, managers, and directors from potential liability later—even where there might be technical arguments why a license might not be strictly required.[4] Taking such an approach to risk management and compliance program enhancements does not mean that a corporation could not advocate for a narrower interpretation in the event of an investigation, but such an approach is important to ensure that internal decision-makers have a full view of both actual and potential evasion risks in this new era of heightened export controls enforcement.

Footnotes

[1]  See Brent Carlson & Michael Huneke, From Peanuts to Prison Time – A Fresh Look at the Evolution of Export Controls Penalties, NYU Program on Corporate Compliance & Enforcement (“PCCE”) Blog (Nov. 14, 2023) (discussing historical export controls penalties compared to the U.S. Foreign Corrupt Practices Act (“FCPA”)).

[2]  See Brent Carlson & Michael Huneke, Know Your Customer, But Also Yourself: A Fresh Look at Sanctions & Export Controls Risk Assessments in the Era of the “New FCPA”, NYU PCCE Blog (Sept. 28, 2023) (providing practical guidance on conducting sanctions and export controls risk assessments).

[3]  See Brent Carlson & Michael Huneke, Boards of Directors Lovin’ It after McDonald’s? A Fresh Look at Directors’ Duty of Oversight in the New Era of Sanctions & Export Control Corporate Enforcement, NYU PCCE Blog (Jan. 12, 2023) (discussing directors’ duty of oversight in the context of sanctions and export controls compliance).

[4]  See Brent Carlson, When Loopholes Create Liability Pitfalls: A Fresh Look at Export Controls, NYU PCCE Blog (Aug. 25, 2023) (noting, among other things, that the EAR contain catch-all provisions for military end-use that also require applying for a license, beyond the license requirements based on other classifications).

Michael Huneke is a Partner at Hughes, Hubbard & Reed LLP.

The views, opinions and positions expressed within all posts are those of the author(s) alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of the New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity or any statements made on this site and will not be liable any errors, omissions or representations. The copyright or this content belongs to the author(s) and any liability with regards to infringement of intellectual property rights remains with the author(s).