Overview
On October 2, the Department of Justice’s (DOJ) National Security Division (DOJ NSD) published a memorandum setting out the policy framework for negotiated resolutions with companies involved in economic sanctions and export control investigations with a criminal dimension. Titled “Guidance Regarding Voluntary Self-Disclosures, Cooperation, and Remediation in Export Control and Sanctions Investigations Involving Business Organizations” (the Guidance), the policy statement is intended to establish incentives for companies[1] investigating potential economic sanctions and export controls issues to voluntarily disclose them to DOJ NSD, and, where those companies meet the announced cooperation, remediation, and compliance standards, to provide significantly more favorable resolution terms than would otherwise have been available.
This announcement by the DOJ NSD is significant in a number of respects, both in the sanctions and export controls space specifically, and with regard to companies’ efforts to manage the regulatory risks arising from international business activities. While criminal risks in this area are not new, companies will now routinely need to assess the benefits and risks of voluntarily disclosing not only to the primary administrative agencies enforcing trade regulations (the US Department of the Treasury, Office of Foreign Assets Controls (OFAC); the US Department of State, Directorate of Defense Trade Controls (DDTC); and the US Department of Commerce, Bureau of Industry & Security (BIS)), but also to DOJ NSD, in the face of a clear policy statement from a criminal prosecuting authority that it expects companies to do so when such potential violations may be “willful” - a standard that could capture significant amounts of sanctions and export controls issues that may not have historically been disclosed to or investigated by DOJ.
The Guidance also likely signals the DOJ’s intent to be more active in sanctions and export controls investigations and enforcement than it has in the past, perhaps taking a page out of the DOJ’s US Foreign Corrupt Practices Act (FCPA) enforcement playbook. Indeed, the Guidance draws on many of the concepts undergirding the DOJ’s FCPA “Pilot Program” announced April 5, which set out the conditions the DOJ’s Fraud Section requires companies to meet in order to be eligible for cooperation credit (including full declinations of prosecution) in FCPA matters. (See our past advisory on the Pilot Program). But there are also significant differences, likely reflecting the national security dimension of export controls and many sanctions regimes and the government’s view that companies in this area are “gatekeepers” of technology.
As with the FCPA Pilot Program, companies must voluntarily disclose, cooperate – including turning over all information regarding individuals, per the terms of the Yates memorandum (see Steptoe’s previous advisory) – and remediate to be eligible for the full “credit” (i.e., beneficial resolution terms) DOJ is offering in this area. They must also disgorge and/or forfeit any ill-gotten gains from the conduct at issue. In contrast to the Pilot Program, however, a non-prosecution agreement (NPA), not a declination, is the most lenient resolution form available.
In light of the Guidance, and the inevitable additional scrutiny that DOJ’s increased interest in criminal enforcement will engender, companies will need to assess how they address sanctions and export controls issues when conducting internal investigations. Notably, companies need to have the necessary information about the circumstances of an apparent violation to make an informed judgement as to the implications of their disclosures to applicable regulatory authorities, and whether they should be disclosing to the DOJ as well.
Below we summarize the Guidance, and compare it in more detail to the FCPA Pilot Program.
Guidance Summary
DOJ NSD’s Guidance applies where the conduct is “willful,” as set out in Bryan v. United States, 524 U.S. 184 (1998). If a company identifies a willful violation of US economic sanctions and export control laws, then the Guidanceprovides a framework by which a company that: (1) voluntarily self-discloses the issues to DOJ NSD’s Counterintelligence and Export Controls Section (CES), (2) cooperates fully with CES, and (3) engages in timely and appropriate remediation, may be eligible for reduced criminal penalties and/or a non- or deferred-prosecution agreement (NPA and DPA, respectively) instead of a criminal plea. The Guidance defines in detail DOJ NSD’s criteria for each of these requirements, and explicitly states that companies that do not meet the applicable standards will not be eligible for the full “credit” offered. Notably, even where full credit is afforded, the Guidance does not offer companies the prospect of a declination of prosecution by DOJ. Instead, an NPA (along with disgorgement of ill-gotten gains, and any criminal fine) is the most lenient resolution foreseen by the Guidance, and applicable regulatory authorities - OFAC, BIS, and/or DDTC – may still bring their own enforcement actions for civil violations of law.
Voluntary Self-Disclosure
Three requirements must be met for a self-disclosure to be considered voluntary:
- First, pursuant to the U.S. Federal Sentencing Guidelines § 8C2.5, the disclosure must occur before “imminent threat of disclosure or government investigation.”[2]
- Second, the disclosure must be made within a “reasonably prompt time” after the entity learns of the violation, with the company bearing the burden of demonstrating timeliness.
- Third, the company must disclose known relevant facts, including those pertaining to the specific individuals involved in the violations.
Full Cooperation
In assessing the level of cooperation provided, in addition to satisfying the factors set out in the Principles of Federal Prosecution of Business Organizations, prosecutors will consider “the scope, quantity, quality, and timing of cooperation,” and will evaluate the quality of a company’s cooperation on the facts and circumstances of each situation, against the following criteria:
- Consistent with the Yates memorandum, disclosure on a timely basis of all facts relevant to the wrongdoing at issue, including all facts related to involvement in the criminal activity by the corporation’s officers, employees, or agents
- Proactive, as opposed to reactive, cooperation
- Preservation, collection, and disclosure of relevant documents and information relating to their provenance
- Provision of timely updates on a company’s internal investigation, including production of information and documents on a rolling basis
- When requested, de-conflicting an internal investigation with a government investigation
- Provision of all facts relevant to potential criminal conduct by all third-party companies (including their officers or employees) and third-party individuals
- Making employees and officers (including those overseas) available to be interviewed by the DOJ upon request
- Facilitating third-party production of documents and witnesses from foreign jurisdictions unless legally prohibited, and
- Translating relevant documents where requested
The Guidance makes clear that, pursuant to the US Attorneys’ Manual 9-28.720, companies are not required to waive attorney-client privilege or work product protection in order to receive cooperation credit. It also acknowledges that smaller companies may not have the resources to undertake all of the listed requirements, but places on the company the burden of demonstrating why it is unable to meet the requirement in question.
These requirements are not new, but are virtually identical to those set forth in the FCPA Pilot Program.
Timely and Appropriate Remediation
The Guidance is clear that credit for remediation, and therefore the benefits available from DOJ NSD, will only be available to a company deemed to have cooperated, as defined above. If so, a company “generally” will be required to meet three conditions to receive credit for timely and appropriate remediation: (1) implementation of an effective compliance program; (2) appropriate discipline of employees involved in the misconduct and their supervisors, including compensation impact; and (3) any additional steps recognizing the seriousness of the misconduct, demonstrating acceptance of responsibility, and reducing the risk of recidivism.
The Guidance sets out the following criteria for an effective compliance program:
- Establishing a culture of compliance
- Dedicating sufficient resources to compliance
- Ensuring compliance personnel are appropriately qualified and experienced, and that they are appropriately compensated
- Instituting an independent compliance function
- Performing effective risk assessment and tailoring the compliance program to address the risks identified
- Implementing a technology control plan and regular required training to ensure export-controlled technology is appropriately handled
- Implementing a reporting structure that allows problems to reach senior company officials, and maximizes timely remediation
The remediation requirements place specific emphasis on employee discipline, including possible termination of wrongdoers.
By and large these requirements are not new, but reflect more general thinking about effective compliance programs. The last two elements—a technology control plan with regular training and reporting that maximizes timely remediation—are tailored to this area.
Aggravating Factors
The Guidance lists several aggravating factors that may result in less credit to companies that self-disclose, cooperate, and remediate (although more credit than to those companies who have not self-reported):
- Exporting items controlled for nuclear nonproliferation or missile technology reasons to a proliferator country
- Exporting items known to be used in weapons of mass destruction or to terrorist organizations
- Exporting military items to hostile powers
- Repeated violations of similar conduct
- Knowing involvement of upper management
- Significant profits from the criminal conduct when compared to lawfully exported products and services
Interestingly, the final aggravating factor appears to set the stage for disgorgement as a penalty (discussed below), even though the authority to impose disgorgement (or the standard for calculating disgorgement) does not appear in any of the export control or sanctions regulations.
Benefits Available to Corporations
Where a company meets the requirements enumerated above, it may be eligible for the following benefits:
- Reduced fines and forfeiture amounts
- The possibility of an NPA
- A reduced period of supervised compliance
- No compliance monitor
The Guidance makes clear, however, that a company that does not voluntarily disclose, but still cooperates and remediates, will be eligible for some mitigation credit including a DPA. However, such a company will “rarely” qualify for a NPA. Where aggravating factors exist, more stringent penalties will be imposed, but such a company would still be in a better position than if it did not voluntarily disclose.
The Guidance clearly sets out that where appropriate, and regardless of the form of resolution, disgorgement and forfeiture will be part of the final resolution framework.
Examples
To illustrate the new policy, the Guidance contains three hypothetical examples. They suggest that in corporate groups, differing penalties may apply to different entities, much as we have seen in the FCPA area with some cases featuring NPAs, DPAs, and pleas. They also suggest that there may be a range of monitoring/supervisory options the DOJ will consider, using the terms “monitor,” “auditor,” and “supervision” as alternates without explaining what the latter two may encompass. Finally, they emphasize the need for discipline of not only those directly involved in the conduct, but also those who may have negligently failed to supervise.
Implications for Companies; Comparison to the FCPA Pilot Program
The Guidance has the potential to be significant for DOJ’s economic sanctions and export controls enforcement program, for a number of reasons:
- DOJ NSD More Involved in Enforcement? Where civil regulators (DDTC, BIS, and OFAC) have traditionally taken the lead in the vast majority of investigations and enforcement actions of US economic sanctions and export control laws, the Guidance suggests that more criminal investigation, and possibly enforcement, of these laws is on the horizon. Companies evaluating what they previously might have handled as an entirely civil matter, working with the regulatory agencies, now must evaluate whether the issues involve conduct by persons who knew their conduct was not lawful and whether a voluntary disclosure to CES should be made, presumably in addition to a voluntary disclosure to the regulating agency. When coupled with the prospect of those agencies referring the matter to CES on their own accord, we believe there is the possibility that the Guidance will have the effect of bringing DOJ NSD to the table as an investigator and enforcer where up to now it may have played a less active role, in an area where it may not have as much technical expertise as DDTC, BIS, or OFAC in administering applicable regulations. The net result will almost certainly be more criminal investigations and possibly prosecutions, or combined civil/administrative and criminal investigations and prosecutions with the respective administrative agency or agencies. How much the Guidance will incentivize self-reporting by companies given the high standards for cooperation and the more limited benefits of penalty resolutions remains to be seen.
- Further Institutionalizing the Yates Memo, and a Focus on Companies. The Guidance makes clear that it is intended to encourage companies to voluntarily disclose US sanctions and export control violations so that DOJ NSD may bring more prosecutions against companies themselves, and against individuals. By incentivizing voluntary self-disclosures, and requiring those disclosures to meet the Yates memorandum requirements of including all relevant facts about the corporate employees involved in the alleged violations, DOJ is again requiring companies to “name names” and make judgments about which corporate employees are culpable. We have expressed our views on a few occasions (see our past client alerts here and here) that corporations should not be pressured to take positions adverse to their own employees in order to get credit for cooperation. The Guidance, especially coming on the heels of the FCPA Pilot Program and its effectively identical requirements, is yet another unfortunate step down the path of pressuring a company to turn against its employees.
- Sanctions and Export Controls Violations More Serious Than Foreign Corruption? Sophisticated consumers of cross-border regulatory and enforcement risks will immediately recognize the substantial similarities in form and substance between the Guidance and the FCPA Pilot Program: similar goals (pursuant to Yates, increased prosecution of individual wrongdoers); almost identical definitions of voluntary disclosure, cooperation, and remediation; and a strong focus on enhancement of companies’ compliance programs as a condition of receiving the benefits offered under the two policies, but falling short of a compliance affirmative defense.
The differences between the programs, however, are important and bring into sharp relief the programs’ different purposes. First, the Guidance’s goals with respect to companies are fundamentally different. Where the FCPA Pilot Program was introduced in order to provide an avenue for companies to avoid prosecution altogether in exchange for information on individuals’ misconduct, the Guidance is squarely focused on enhancing DOJ NSD’s ability to investigate and prosecute companies as well as individuals for violations of law. As noted above, this suggests DOJ NSD is likely to be active in many more cases than it would have been previously. Second, the “credit” available under the Guidance suggests that DOJ NSD views corporate criminal violations of economic sanctions and export controls particularly seriously: whereas the FCPA Pilot Program offers a declination of prosecution in some circumstances, and/or up to a 50% reduction in the criminal fine range for self-disclosing companies which are subject to enforcement action, the Guidance is clear that a NPA is the most favorable resolution form on offer. The “rogue employee” defense to corporate liability does not seem to be contemplated by the Guidance. Third, the FCPA Pilot Program has no list of “aggravating factors,” further reflecting the differences between the two areas. The national security dimension, and the fact that companies are explicitly characterized as “gatekeepers” of technology in the Guidance, reflects the heightened risk and responsibility profile the DOJ sees in this area.
******
By establishing an enforcement framework communicating the expectation that companies should voluntarily disclose to criminal enforcement authorities, and by institutionalizing the Yates memorandum-derived pressure on companies to implicate individuals in economic sanctions and export controls matters, the Guidance has significant implications for companies investigating sanctions and export controls issues. It also has implications for their directors, officers, managers, and employees. Although it remains to be seen whether the announcement of the new policy framework will lead to more DOJ investigations of sanctions and export controls matters, or more voluntary disclosures, it does signal DOJ’s heightened presence into yet another area traditionally viewed as more of a regulatory than a criminal domain, and further raises the criminal enforcement risks facing US and other companies doing business across borders.
We will continue to keep you informed of economic sanctions and export controls developments. Further commentary is available on the Steptoe International Compliance Blog. You can also follow us on Twitter (@SteptoeIntlReg).
[1] The Guidance does not apply to financial institutions by virtue of their “unique reporting obligations under their applicable statutory and regulatory regimes.” Guidance, note 3, at page 2.
[2] The Guidance makes clear that if a whistleblower has reported an incident to the US government, but the company is unaware of this fact and discloses prior to being made aware of the DOJ’s investigation, such a disclosure would still be considered voluntary. This statement is notable in that, other agencies, such as OFAC, would not ordinarily treat this type of report as a voluntary self-disclosure (although it might in its discretion afford mitigation credit). This position likely reflects DOJ’s response to questions raised about this fact pattern after the release of the FCPA Pilot Program.