Blockchain Legal Resource

What Happened: 

As reported in a Hunton Client Alert, the US Department of Justice (DOJ), the US Department of Commerce’s Bureau of Industry and Security (BIS), and the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) recently issued guidance regarding the voluntary self-disclosure by US businesses of violations of US sanctions and export control laws to these agencies (Tri-Seal Compliance Note: Voluntary Self-Disclosure of Potential Violations) (Compliance Note).

The Bottom Line:

The Compliance Note provides key guidance on considerations for voluntarily self-disclosing potential violations and how timely self-disclosure can provide significant mitigation of civil or criminal liability.  The Compliance Note is the second collaborative effort by the three agencies to provide guidance to the US business community on compliance with US sanctions and export control laws, following a tri-seal compliance note issued in March 2023.

The Full Story:

On July 26, 2023, DOJ, BIS, and OFAC jointly issued the Compliance Note to summarize procedures for voluntarily self-disclosing violations of US sanctions and export control laws.  The Compliance Note explains that self-disclosing potential violations can provide significant mitigation of civil or criminal liability, while also alerting key national security agencies to activities that may pose a threat to the national security and foreign policy objectives of the United States.

The Compliance Note provides agency-specific guidance for each of DOJ, BIS, and OFAC, with key insights for companies that have identified a sanctions violation and are considering voluntary self-disclosure.

DOJ

The DOJ’s National Security Division (NSD) oversees prosecution of criminal violations of sanctions and export control laws.  The Compliance Note explains that, as part of its effort to address these threats, NSD issued an updated policy covering voluntary self-disclosure of potential criminal violations of export control and sanctions laws on March 1, 2023.  The updated policy clarifies that a company is considered to have made a voluntary self-disclosure if it becomes aware of misconduct by employees or agents before that misconduct is publicly reported or otherwise known to the DOJ, and discloses all relevant facts known to the company about the misconduct to a US Attorney’s Office in a timely fashion prior to an imminent threat of disclosure or government investigation (disclosures made only to regulatory agencies such as OFAC or BIS do not qualify for NSD’s policy).  The Compliance Note clarifies that prompt voluntary self-disclosure provides a means for a company to reduce—and, in some cases, avoid altogether—the potential for criminal liability.

In addition, the Compliance Note clarifies DOJ’s position that moving forward, where a company voluntarily self-discloses potentially criminal violations of US sanctions and export laws, fully cooperates, and timely and appropriately remediates the violations, NSD generally will not seek a guilty plea; rather, there will be a presumption that the company will receive a non-prosecution agreement and will not pay a criminal fine. This presumption will not apply, however, in cases with certain aggravating factors, such as:

• egregious or pervasive criminal misconduct within the company,
• concealment or involvement by upper management,
• repeated administrative and/or criminal violations of national security laws,
• the export of items that are particularly sensitive or to end users of particularly heightened concern, or
• a significant profit to the company from the misconduct.

To receive the benefits of voluntary disclosure, a disclosing company must timely and appropriately remediate the violations. The Compliance Note clarifies that NSD will consider whether a company has implemented an effective and sufficiently resourced compliance and ethics program in determining whether violations have been remediated. NSD will also now examine whether a disclosing company has imposed appropriate disciplinary measures, including compensation claw-backs, for employees who directly participated in or had oversight and/or supervisory authority over the area where the criminal conduct occurred.

BIS

BIS Office of Export Enforcement (OEE) is responsible for investigating and bringing civil enforcement actions for violations of the Export Administration Regulations (EAR), which regulate the export, reexport, and transfer (in-country) of items with commercial uses that can also be used in conventional arms, weapons of mass destruction, terrorist activities, or human rights abuses, and less sensitive military items.  BIS has the authority to impose civil penalties and has issued settlement policy guidelines that timely, comprehensive voluntary self-disclosure that involves the full cooperation of the disclosing party substantially reduces the applicable civil penalties.

The Compliance Note provides key guidance on OEE’s recently implemented dual-track system (announced in June 2022) to handle voluntary self-disclosure.  Voluntary self-disclosures involving minor or technical infractions are now resolved on a fast-track basis, with the issuance of a warning or no-action letter within 60 days of final submission. 

For voluntary self-disclosures of potentially more serious violations, OEE will do a deeper dive to determine whether enforcement action may be warranted.  BIS issued a memorandum regarding the BIS policy on voluntary self-disclosures on April 18, 2023 that clarifies the risk calculus on voluntary self-disclosures.  The Compliance Note describes two factors for companies to consider: first, a deliberate non-disclosure of a significant possible violation of the EAR will be considered an aggravating factor under BIS penalty guidelines. Second, if an entity becomes aware that another party is potentially violating the EAR and submits a tip to OEE, OEE will consider that a mitigating factor for the disclosing entity under the penalty guidelines if the information leads to an enforcement action and if the disclosing entity faces an enforcement action (even if unrelated) in the future.

BIS cautions in the Compliance Note that companies cannot sidestep the self-disclosure decision by self-blinding and choosing not to do an internal investigation in the first place. The existence, nature, and adequacy of a company’s compliance program, including its success at self-identifying and rectifying compliance gaps, is itself considered a factor under BIS’s settlement guidelines.

OFAC

OFAC is responsible for investigating and bringing civil enforcement actions for violations of US economic sanctions.  Like BIS, OFAC considers voluntary self-disclosure to be a mitigating factor when determining appropriate enforcement action to take in response to a particular case.  In cases where a civil monetary penalty is warranted, voluntary self-disclosure can reduce the base amount of a civil penalty by as much as 50 percent.

OFAC clarifies in the Compliance Note that in order for a voluntary self-disclosure to qualify as a mitigating factor under its civil penalty guidelines, the disclosure must occur prior to, or simultaneous with, the discovery by OFAC or another government agency of the apparent violation or a substantially similar apparent violation.  OFAC will consider whether a notification of an apparent violation through a voluntary self-disclosure to another agency (including a US Attorney’s Office) will qualify as a voluntary self-disclosure to OFAC on a case-by-case basis, and companies making a disclosure should, in light of the DOJ guidance discussed above, consider whether simultaneous notification to a US Attorney’s Office is appropriate.

OFAC clarifies in the Compliance Note that disclosure under the following circumstances will not qualify for mitigation:

• a third party is required to and does notify OFAC of the apparent violation because the transaction was blocked or rejected by that third party (regardless of when OFAC receives such notice or whether the subject person was aware of the third party’s disclosure);
• the disclosure includes false or misleading information;
• the disclosure is not self-initiated (including when the disclosure results from a suggestion or order of a federal or state agency or official; or, when the subject person is an entity, the disclosure is made by an individual in a subject person entity without the authorization of the entity’s senior management);
• the disclosure is made by responding to an administrative subpoena or other inquiry from OFAC, or by filing a license application with OFAC; or
• the disclosure (when considered alongside supplemental information) is materially incomplete.

Companies should note that OFAC’s civil penalty guidelines also consider compliance efforts as a mitigating factor.  OFAC has previously issued guidance describing its perspective on an effective compliance program and has recently announced a new video series aimed at addressing questions received through its compliance hot line.

Whistleblower Reporting

Finally, the Compliance Note includes a statement describing a whistleblower program implemented in 2021 by the Financial Crimes Enforcement Network (FinCEN), a Treasury enforcement body, for those looking to report violations of sanctions and export control laws. The statement notes that individuals who provide information to FinCEN or DOJ that ultimately leads to a successful enforcement action may be eligible for awards totaling between 10 to 30 percent of the monetary sanctions collected in that action.