On 13 December 2019, the US Department of Justice (DOJ) announced a revised Export Control and Sanctions Enforcement Policy for Business Organizations (Revised EC/S Policy), clarifying its prior guidance on voluntary self-disclosure requirements for sanctions and export control violations, and aligning it with the DOJ’s Foreign Corrupt Practices Act (FCPA) Corporate Enforcement Policy (FCPA CEP). Consistent with the FCPA CEP and other DOJ voluntary self-disclosure policies, the Revised EC/S Policy is intended to encourage companies to self-disclose by increasing transparency of enforcement policies and promoting the benefits of self-reporting. The Revised EC/S Policy encourages companies to self-disclose because they are “the gatekeepers of our export-controlled technologies” and “play a vital role in protecting our national security.” It supersedes the Guidance Regarding Voluntary Self-Disclosures, Cooperation, and Remediation in Export Control and Sanctions Investigations of 2 October 2016 (2016 Guidance). Under the 2016 Guidance, the DOJ would analyze the appropriate penalty under a “totality of the circumstances” standard if a company voluntarily self-disclosed misconduct. Voluntary self-disclosure (VSD) was a mitigating factor. Importantly, unlike the 2016 Guidance, the Revised EC/S Policy applies to all companies and makes VSD credit available to financial institutions, which previously could not receive this benefit under the 2016 Guidance as they were already subject to strict reporting requirements. The Revised EC/S Policy also complicates the VSD calculus by requiring companies to disclose to the DOJ directly, rather than to regulatory agencies, in order to receive VSD credit. Under the Revised EC/S Policy, there is a “presumption” of reaching a non-prosecution agreement for companies that: (1) voluntarily self-disclose; (2) fully cooperate; and (3) “timely and appropriately” remediate the conduct in the absence of aggravating circumstances. Companies are still subject to disgorgement of profits, forfeiture, and /or restitution resulting from misconduct, but presumptively will not face a fine. If there are aggravating circumstances—such as executive involvement or criminal recidivism—and a criminal resolution is warranted, companies who self-disclose may still be eligible for a fine of 50% less than is available under the alternative fines provision and may avoid the appointment of a monitor. Revised EC/S Policy and FCPA CEP Alignment The alignment between the Revised EC/S Policy and the FCPA CEP is the latest example of the DOJ’s push to increase consistency across different DOJ divisions. Standardization of the requirements provides clarity to companies that may be subject to enforcement by different DOJ divisions and are seeking VSD, cooperation, and remediation credit. As part of that effort, the Revised EC/S Policy’s definitions of “voluntary self-disclosure,” “full cooperation,” and “timely and appropriate remediation” intentionally track the language of the FCPA CEP. For example, the 2016 EC/S Guidance required a company to disclose “all relevant facts known to it, including all relevant facts about the individuals involved in any export control or sanctions violation.” The Revised EC/S Policy now tracks the FCPA CEP’s narrower requirements for receiving VSD credit. Both the Revised EC/S Policy and the FCPA CEP now require companies to disclose only information related to individuals “substantially involved in or responsible for the misconduct at issue”— an obligation significantly less burdensome than providing information about individuals involved in any violation. Likewise, the Revised EC/S Policy and the FCPA CEP are now similarly structured:
Similar to the presumption for non-prosecution under the Revised EC/S Policy, the FCPA CEP offers a presumption of declination for companies that: (1) voluntarily self-disclose; (2) fully cooperate; and (3) “timely and appropriately” remediate, in the absence of aggravating circumstances.
Under both the Revised EC/S Policy and the FCPA CEP, companies may still be eligible for fine reductions and avoid the appointment of a monitor if there are aggravating circumstances and a criminal resolution is warranted.
The FCPA CEP was revised in March 2019 and November 2019, and the Revised EC/S Policy incorporates those revisions, including guidance addressing the appropriate retention of personal communications and use of ephemeral messaging platforms.
Important Policy Distinctions Between the Revised EC/S Policy and the FCPA CEP
While there is significant overlap between the Revised EC/S Policy and the FCPA CEP, there are also distinctions that could impact a company’s calculus in deciding whether to voluntarily self-disclose:
While both the Revised EC/S Policy and FCPA CEP require voluntary self-disclosure, cooperation, and remediation to obtain full credit, the Revised EC/S Policy has more stringent self-disclosure requirements and is less forgiving than the FCPA CEP of companies that cooperate and remediate without also disclosing. Unlike the FCPA CEP, the Revised EC/S Policy does not have a “limited credit” option for companies that fully cooperate and remediate, but do not voluntarily self-disclose.
The Revised EC/S Policy also expressly disqualifies companies from receiving VSD credit if they report a violation only to the enforcing regulatory agency—such as the Office of Foreign Assets Control (OFAC), Bureau of Industry and Security (BIS), or Directorate of Defense Trade Controls (DDTC)—and not to the DOJ. The FCPA CEP is silent on this distinction. For example, it does not indicate whether voluntarily disclosing to the SEC will satisfy the disclosure requirement.
This new requirement to voluntarily self-disclose to DOJ before or simultaneously to OFAC, BIS, or DDTC in order to receive VSD credit is a departure from traditional practice, whereby companies initially submitted a VSD to the enforcing regulatory agency, i.e., OFAC and BIS, and awaited the regulatory agency’s investigation results before determining whether to submit a filing to DOJ. Now, companies need to determine whether there may be a willful criminal component to a violation before voluntarily disclosing to any agency.
The Revised EC/S Policy and FCPA CEP are also distinct regarding the type of migating credit available. As mentioned, the Revised EC/S Policy presumptively provides for non-prosecution if a company voluntarily self-discloses, cooperates, and remediates. In a non-prosecution agreement, a company still must stipulate to the truth of the underlying facts and acknowledge responsibility for the misconduct, which potentially could invite subsequent civil suits. By contrast, the FCPA CEP provides for a presumption of declination. Facts of the misconduct will be made public as part of the declination—but companies receiving a declination do not have to admit to any facts or wrongdoing.
Under both the Revised EC/S Policy and FCPA CEP, aggravating factors, such as involvement of senior management or significant profits, counter the presumption of non-prosecution agreement and declination, respectively. The Revised EC/S policy goes further than the FCPA CEP and lists specific circumstances that would constitute aggravating factors, providing more transparency as to when companies can reasonably expect a non-prosecution agreement. These gravating factors include exports of items controlled for nuclear onproliferation or missile technology reasons to a proliferator country, those used in the construction of weapons of mass destruction, and military items to a hostile foreign power.
The FCPA CEP allows for a 50% reduction off the low end of US Sentencing Guidelines fine range, except in cases of criminal recidivism. Under the Revised EC/S Policy, the DOJ will agree to, or recommend, a fine that is at least 50% less than the amount otherwise available under the alternative fine provision available under 18 USC § 3571(d)—in other words, under both policies, the DOJ will cap the recommended fine at an amount equal to the gross gain or gross loss.
Conclusion The Revised EC/S Policy is the latest effort by the DOJ to make the policies of its different divisions consistent and provide clarity to companies, including financial institutions, about the benefits of VSD. For cases that fall in the “gray area” between civil versus criminal conduct, companies will need to make tough decisions regarding whether to self-disclose to the DOJ directly, as is now required in order to receive VSD credit. Companies should conduct a careful analysis to determine whether there may be a willful criminal component as soon as they discover export control or sanctions violations. This latest action underscores the need for companies to continue to monitor additional DOJ policy revisions, which may increase transparency and provide further input in determining whether to voluntarily self-disclose potential misconduct and to which agency/ies those disclosures should be directed.