The U.S. Department of Justice (DOJ), the U.S. Department of Commerce’s Bureau of Industry and Security (BIS), and the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) published their second Tri-Seal Compliance Note on 26 July 2023.[1] This Compliance Note consolidates information regarding the Voluntary Self-Disclosure (VSD) policies of DOJ, BIS, and OFAC concerning potential breaches of sanctions and the export control restrictions in the United States. The intent is to assist and encourage to come forward to relevant government agencies and reap the benefits of such disclosures while enhancing the national security goals of the United States.
Since Russia’s invasion of Ukraine in February 2022, this is the second Tri-Seal Compliance Note issued by DOJ, BIS, and OFAC. This and several other joint advisories issued by the same and other authorities, domestic and international, demonstrate the ever-increasing focus on the enforcement of sanctions and export controls in coordination among different authorities. The U.S. government has made it clear that such sanctions and export control policies and enforcement are intended to undercut the Russian military’s ability to prosecute its war in Ukraine by choking sources of technologies, key materiel, and capital to the Russian government. These notes also signal a growing desire by authorities to harmonize their guidance to ensure the private sector has clarity on its obligations and to maximize the effectiveness of sanctions- and export-control-related enforcement in regulated sectors.
The first Tri-Seal Compliance Note discusses sanctions and export control evasion tactics that involve third-party intermediaries (the Third-Party Intermediaries Compliance Note)[2] and this second Compliance Note describes voluntary self-disclosure policies for each agency (the VSD Compliance Note).
This Policy Alert covers an overview of the VSD policies followed by considerations that can help subject persons improve their VSD posture in the face of authorities and inevitable scrutiny, including the importance of having a clear VSD procedure, having a compliance program in place at the time of disclosure, evaluating the timing and the order of proactive disclosures, taking remedial actions, not filing defensive disclosures, and consulting external experts.
DOJ
In response to the U.S. Deputy Attorney General’s memorandum on Revisions to Corporate Criminal Enforcement Policies that directed different components of the DOJ “to review [their] policies on corporate voluntary self-disclosure . . . to incentivize . . . self-disclosure,” the Department of Justice’s National Security Division published on 1 March 2023 an updated VSD policy (NSD’s Updated VSD Policy) for business organizations regarding potential criminal violations of export control and sanctions laws.[3] NSD’s Updated VSD Policy encourages voluntary self-disclosures of criminal violations, full cooperation, and timely and appropriate remediation of wrongdoings.[4] NSD’s Updated VSD Policy reiterates the presumption of non-prosecution agreement in cases where no aggravating factor is present.[5] Even in cases with aggravating factors, NSD’s Updated VSD Policy allows prosecutors to consider significant relief such as a 50% discounted recommended fine, or not requiring the appointment of monitorship provided certain conditions are met.
VSDs to NSD should be electronically submitted to [email protected].
BIS
Title 31, section 764.5, of the Code of Federal Regulations explains the BIS’s VSD processes.[6] Similar to DOJ, BIS strongly encourages disclosure of potential violations of the Export Administration Regulations to BIS’s Office of Export Enforcement (OEE). VSDs are considered a mitigating factor in determining any administrative sanctions that would be sought by OEE. VSDs can decrease the base penalty by up to half based on the Guidance on Charging and Penalty Determinations in Settlement of Administrative Enforcement Cases.[7]
Also of note is the recent memorandum of the Assistant Secretary for Export Enforcement that clarified the Department of Commerce’s policy regarding VSDs.[8] In a considerable evolution of the policy, OEE will consider the deliberate decision not to file a VSD after the discovery of a significant potential violation as an aggravating factor.
The information constituting a VSD or any other correspondence pertaining to a VSD should be submitted to the Director, Office of Export Enforcement, located at 1401 Constitution Ave., Room H4514, Washington, DC 20230. Since the COVID-19 outbreak, BIS accepts VSDs that are filed electronically sent to [email protected].
OFAC
Appendix A to Part 501 of Title 31 in the Code of Federal Regulations provides Economic Sanctions Enforcement Guidelines, which, among other things, discuss how OFAC considers VSDs when assessing whether to bring an enforcement action and the amount of such action.[9] Disclosure by a subject person generally will result in mitigation insofar as it represents cooperation with OFAC’s investigation. If a disclosure to OFAC falls under OFAC’s definition of VSD, it can result in up to a 50% reduction in the amount of the base penalty. Unless the disclosure is an initial disclosure that will be supplemented with additional information, the submission should contain sufficient detail to afford OFAC a complete understanding of an apparent violation’s circumstances. When filing a VSD, the subject person must consider OFAC’s Office of Compliance and Enforcement’s Data Delivery Standards Guidance on the Preferred Practices for Productions to OFAC. VSD to OFAC should be sent to [email protected].
Considerations for Companies, Universities, NGOs, and Other Institutions
Have a Dedicated Procedure for Handling VSDs
Considering the significant benefits of filing VSDs to relevant authorities as well as the risks associated with such disclosure, it is advisable for organizations of any type and size to design and implement a VSD governance process. This would include the following:
- An internal procedure that defines the criteria for submitting a VSD to relevant authorities
- Actions that need to be taken following the discovery of a potential violation
- The steps for filing a VSD
- Roles and responsibilities of various stakeholders within the organization and with counsel
- Preventive measures to prevent such incidents in the future
By having a procedure that governs this sensitive topic, organizations demonstrate their commitment to compliance which in turn could be seen as a mitigating factor by the relevant authorities.
Seek External Expertise
The decision as to whether to file or not file a VSD is a significant decision and may have a considerable impact. Since filing a VSD is less likely to be part of the usual business of compliance or legal departments of an organization, it is advisable to seek external counsel and help. Expert firms with longstanding sanctions and compliance risk management expertise have helped several clients in their VSD journey and can bring immense value by providing expert advice and support throughout this process.
Consider the Importance of Timing and Order of Filing
The VSD Compliance Note reminded everyone that, despite similarities, the VSD processes among different authorities are not identical and that disclosure to one is not considered disclosure to the others. Furthermore, the order of filing VSDs can have a significant impact on the admissibility of a VSD as a conforming VSD. For instance, a VSD made to OFAC following a VSD that was initially submitted to DOJ may not be considered a conforming VSD for OFAC and as such the disclosing party may be deprived of the benefits afforded by OFAC since OFAC generally does not consider disclosures that were previously made to any other federal, state, or local government agency or official as conforming VSDs under its rules. Therefore, the order and the timing of filing VSDs in cases in which a potential violation may involve several authorities is important. This is another reason why external support is highly recommended.
Ensure the Adequacy of Your Organization’s Compliance Program Before Disclosing
To receive the benefits from disclosure, a disclosing party must timely and appropriately remediate any violations. Having a compliance program commensurate to the risk profile of the disclosing party is a factor that the prosecutors will consider. Earlier this year, DOJ published an updated version of Evaluation of Corporate Compliance Programs, a document that assists prosecutors in making informed decisions as to whether, and to what extent, a corporation’s compliance program was effective at the time of the offense, and is effective at the time of a charging decision or resolution, for purposes of determining the appropriate (1) form of any resolution or prosecution; (2) monetary penalty, if any; and (3) compliance obligations contained in any corporate criminal resolution.[10] Furthermore, BIS’s OEE considers whether a disclosing party had a compliance program and whether it uncovered a problem, thereby preventing further violations. OFAC also stated the importance of having a risk-based sanctions compliance program in its Framework for OFAC Compliance Commitments published in 2019.[11] Implementation of a sanctions compliance program (or the failure to implement such a program) is one of the factors OFAC considers when assessing how to respond to an apparent violation of the U.S. sanctions.
Implement Remediation (Even Partial) Before Disclosure
Even though it is essential to report a potential violation in a timely manner, it is recommended that the disclosing party implements immediate remedial measures before disclosing and mentions such measures in the disclosure to show its commitment to compliance with relevant restrictions. The disclosing party must immediately initiate a thorough investigation to discover the root cause of the potential violation. In parallel, the disclosing party must introduce measures that would prevent similar incidents in the future. Mentioning that a thorough investigation has started and that preventive measures have been put in place in a VSD will benefit a disclosing party in its cooperation with the relevant authorities by demonstrating its effort to prevent similar violations.
Avoid Defensive VSD Filing
Nothing in the VSD Compliance Note suggests that the relevant authorities expect the subject person to disclose every ostensibly suspicious incident. Subject persons should analyze whether a potential violation of sanctions or export control laws has occurred. Unless a subject person believes such potential violation has taken place, it is not recommended to disclose an activity to DOJ, BIS, or OFAC. Doing so will waste the finite resources of those agencies and may cause unnecessary consequences for the disclosing party. In cases where a suspicious activity exists but there are no reasons to believe that a potential violation has occurred, the concerned party (if required under the Bank Secrecy Act) may consider filing a Suspicious Activity Report with Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN).
Consider the Risks of Not Filing a VSD When a Potential Violation Has Taken Place
By deciding not to disclose when a potential violation of U.S. sanctions or export control or both has occurred, a party assumes the risk of losing the benefits of VSDs. Various government agencies may become aware of a potential violation through other avenues, namely FinCEN’s whistleblower program, VSDs filed by other entities, or block and reject reports submitted to OFAC.
[1] Department of Commerce, Department of the Treasury, and Department of Justice Tri-Seal Compliance Note: “Voluntary Self-Disclosure of Potential Violations,” July 26, 2023, https://ofac.treasury.gov/media/932036/download
[2] Department of Commerce, Department of the Treasury, and Department of Justice Tri-Seal Compliance Note: “Cracking Down on Third-Party Intermediaries Used to Evade Russia-Related Sanctions and Export Controls,” March 2, 2023, https://ofac.treasury.gov/media/931471/download.
[3] Further Revisions to Corporate Criminal Enforcement Policies Following Discussions with Corporate Crime Advisory Group, U.S. Department of Justice, Office of Deputy Attorney General, September 15, 2022, https://www.justice.gov/opa/speech/file/1535301/download.
[4] NSD Enforcement Policy for Business Organizations, U.S. Department of Justice, March 1, 2023, https://www.justice.gov/media/1285121/dl?inline=.
[5] The 2019 version of the Policy could be found here: Export Control and Sanctions Enforcement Policy for Business Organizations, United States Department of Justice, December 13, 2019, https://www.justice.gov/nsd/ces_vsd_policy_2019/download.
[6] 15 CFR 764.5, https://www.ecfr.gov/current/title-15/section-764.5.
[7] Supplement No. 1 to Part 766, Title 15, https://www.ecfr.gov/current/title-15/subtitle-B/chapter-VII/subchapter-C/part-766/appendix-Supplement%20No.%201%20to%20Part%20766.
[8] “Clarifying Our Policy Regarding Voluntary Self-Disclosure and Disclosures Concerning Others,” U.S. Department of Commerce, Assistant Secretary for Export Enforcement, April 18, 2023, https://www.bis.doc.gov/index.php/documents/enforcement/3262-vsd-policy-memo-04-18-2023/file.
[9] Appendix A to Part 501, Title 31, https://www.ecfr.gov/current/title-31/subtitle-B/chapter-V/part-501/appendix-Appendix%20A%20to%20Part%20501.
[10] Evaluation of Corporate Compliance Programs, U.S. Department of Justice, March 2023, https://www.justice.gov/criminal-fraud/page/file/937501/download.
[11] A Framework for OFAC Compliance Commitments, U.S. Department of Treasury’s Office of Foreign Assets Control, May 2, 2019, https://ofac.treasury.gov/media/16331/download?inline.