New DOJ Policy on Disclosures for Sanctions Violations Could Create Tough Choices for Financial Institutions and Other Companies

The U.S. Department of Justice (“DOJ”) recently revised its voluntary self-disclosure (“VSD”) policy for export controls and sanctions violations, extending the policy to financial institutions and aligning it with other DOJ policies regarding self-disclosure.1  The revised policy became effective on December 13, 2019, and builds on the original policy, which the DOJ’s National Security Division (“NSD”) issued in October 2016.2   Notably, the new policy eliminates the prior policy’s carve-out for financial institutions.  Under the new policy, all business organizations, including financial institutions, are eligible for the full range of benefits for self-disclosure.  In addition, the new policy strengthens incentives for voluntary self-disclosure by rewarding cooperating companies with a presumption in favor of a non-prosecution agreement and significant reductions in penalties.  However, the new policy provides the benefits of a voluntary disclosure only to companies approaching DOJ first, potentially creating a dilemma for financial institutions and other companies that discover sanctions or export controls violations within the jurisdictions of both DOJ and the Departments of the Treasury or Commerce.

I.          Overview of New Policy

Mirroring other DOJ self-disclosure policies, organizations are now eligible for credit when they: (1) voluntarily self-disclose export control or sanctions violations to NSD’s Counterintelligence and Export Control Section (“CES”); (2) fully cooperate with the investigation; and (3) timely and appropriately remediate any violations.  The threshold for eligibility is self-disclosure of potential violations to CES; self-disclosing to any other regulatory agency does not qualify a company as a self-discloser under the new DOJ policy.  If the company satisfies the three requirements of the policy, there is a presumption that the company will receive a non-prosecution agreement and will pay no fine, absent aggravating factors.  The updated policy also notes that, even if a company receives a non-prosecution agreement, at a minimum the company will not be permitted to retain any of the unlawfully obtained gain and will be required to pay all disgorgement, forfeiture, and/or restitution resulting from the misconduct.

Additionally, even if aggravating circumstances exist, DOJ will still recommend a fine of at least 50 percent less for a qualifying company than otherwise would have been levied, and will not require the imposition of a monitor if the company has implemented an effective compliance program at the time of resolution.

Potential aggravating factors include, but are not limited to exports of items controlled for nuclear proliferation or missile technology reasons to a proliferator country; of items known to be used in the construction of WMDs, to a Foreign Terrorist Organization; or of military items to a hostile foreign power.  Repeated violations and knowing involvement of upper management in the criminal conduct will also be viewed as aggravating factors.

1)   Voluntary Self-Disclosure

For the purposes of the policy, and consistent with DOJ’s approach in other corporate enforcement programs, for a company’s disclosure to be considered voluntary it must be made prior to an imminent threat of disclosure or government investigation, and within a reasonably prompt time after discovery of the offense, and the company must disclose all relevant facts known to it at the time of the disclosure.  DOJ recognizes that companies may not know all relevant facts at the time of disclosure, especially if the companies submit a VSD based on a preliminary investigation.  The policy states that if that is the case, a company should make clear that it is making its disclosure based on a preliminary investigation or assessment of information while still providing all available information.

2)   Full Cooperation

Companies are required to disclose all relevant facts in a timely manner; proactively cooperate with DOJ; preserve, collect, and disclose all relevant documents and information; de-conflict witness interviews when required; and make officers and employees of the company available for interviews by DOJ when so requested.  The policy notes that eligibility for cooperation credit does not depend on the waiver of attorney-client privilege or work product protection, although in our experience that typically becomes a discussion point with DOJ in corporate investigations.

3)   Timely and Appropriate Remediation

Finally, companies are required to demonstrate a thorough analysis of the causes of underlying conduct and, where appropriate, engage in remediation; implement an effective compliance program; discipline employees identified by the company as responsible for the oversight; retain business records and prohibit the improper destruction of those records; and take any additional steps that demonstrate recognition of the seriousness of a company’s misconduct.

II.         Key Changes from 2016 Policy

As discussed above, the new policy includes four key changes from the October 2016 guidance:

1. The revised policy is now applicable to financial institutions, which were previously excluded from credit for self-disclosure.

2. The policy clarifies the benefits available to companies that voluntarily disclose a violation, fully cooperate, and timely and appropriately remediate.  Specifically, absent aggravating factors, there is a presumption that the company will receive a non-prosecution agreement and will not be assessed a fine.  If aggravating circumstances exist but the company satisfies all other criteria, then the policy states that DOJ will recommend a fine that is at least 50 percent less than what would otherwise be levied and will not require the imposition of a monitor.  The prior guidance did not provide this presumption and did not assign any tangible benefits to companies that met certain criteria.

3. The revised policy clarifies that disclosures of potentially willful conduct made to regulatory agencies, and not to DOJ, will not qualify for the benefits provided in the VSD Policy.

4. The revised policy was drafted to resemble guidance from other DOJ components in an effort to standardize voluntary disclosure policies.  Specifically, the definitions of “Voluntary Self-Disclosure,” “Full Cooperation,” and “Timely and Appropriate Remediation” mirror those provided in the FCPA Corporate Enforcement Policy.

III.        Analysis and Concerns

Lack of transparency on outcomes under the prior policy make it challenging to assess the impact of this expansion.  Nevertheless, for the newly included financial institutions, the revised policy is also a potential lifeline to protect them from large financial penalties and potential criminal prosecution as seen in recent DOJ cases regarding UniCredit,3 Société Générale,4 and the ongoing case of Halkbank.5  Despite this, there are still issues with the policy that may deter business organizations from submitting VSDs to the DOJ.

One key issue with the new policy is that it makes clear that a VSD to a regulatory agency will not be enough to qualify for the benefits of the DOJ policy.  This, coupled with the timeliness requirement, means that companies must decide early in their investigation of a potential violation of sanctions or export laws if they need to file with both regulatory agencies and the DOJ.  Investigations, however, can take unexpected turns, transforming an ostensible civil issue into a potential criminal matter if evidence of willfulness is discovered.  However, by filing with the DOJ a company could expose itself to a potential criminal investigation and heavy, continuing disclosure obligations.       

Moreover, the policy applies only to DOJ, and does not bind other regulators, including state banking regulators like the New York Department of Financial Services.  Those other enforcement authorities have their own programmatic mandates, which may be inconsistent with the outcomes available under the new policy.  Put differently, self-reporting to DOJ may earn you the carrot from DOJ, but you still face the stick from other regulators.

The key to effectively utilizing this policy rests in the foundation of a company’s compliance policies and procedures.  Even if the policies and procedures fail to prevent a violation from occurring, they can assist a company in quickly determining the nature and degree of the violation.  This should help companies recognize earlier in their investigation of a potential violation whether they need to issue a VSD to DOJ.

Click here to download this article.


1       See Willkie Client Alert, “DOJ Adopts FCPA Corporate Enforcement Policy”, available here.

2       See DOJ Export Control and Sanctions Enforcement Policy for Business Organizations, available here.

3       See DOJ Press Release for April 15, 2019, available here.

4       See DOJ Press Release for November 19, 2018, available here.

5       See DOJ Press Release for October 15, 2019, available at here.

You are currently offline.