In many situations, there is no affirmative obligation to report potentially unlawful conduct to enforcement authorities.  For example, there is no requirement in the Foreign Corrupt Practices Act to affirmatively disclose or report an actual or potential FCPA violation.  However, depending on the nature of the investigation, other US or foreign laws (e.g., securities laws, International Traffic in Arms Regulations, commission disclosure requirements, Office of Foreign Assets Control blocking notification requirements) may compel disclosure.

Even in the absence of a legal obligation to disclose to the US government, there may be advantages to making a voluntary disclosure.  Enforcement authorities have sought to incentivize such disclosures.  The DOJ Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy states that “when a company has voluntarily self-disclosed misconduct to the Criminal Division, fully cooperated, and timely and appropriately remediated, all in accordance with the standards set forth [in the policy], there will be a presumption that the company will receive a declination absent aggravating circumstances involving the seriousness of the offense or the nature of the offender.”  “Voluntary self-disclosure” requires a company to disclose “all relevant, non-privileged facts” prior to “an imminent threat of disclosure or government investigation” and “within a reasonably prompt time after becoming aware of the misconduct.”¹  This policy, however, does not bind the SEC.

Similar considerations apply to disclosure to UK authorities, where a preemptive decision to self-report will be a relevant consideration to the Serious Fraud Office (SFO) determining whether or not a deferred prosecution agreement (DPA) is an appropriate resolution if relevant criminal conduct has been (or is subsequently) identified.  It is also important to note the increasing cooperation and sharing of information between enforcement agencies in different jurisdictions, with the SFO and DOJ in particular sharing information on matters that may have relevance to the jurisdiction of both agencies.  In addition, in October 2019 the UK and US entered into a Bilateral Data Access Agreement which came into force in October 2022 and which allow their respective enforcement agencies to request electronic data relating to serious crime directly from tech companies and communication service providers based in the other country, without the involvement of central government involving the enforcement authorities of the other country. For more on this see Insight article on cross border agreement dated October 31, 2019 and US and UK issue joint statement on Data Access Agreement.  As a result, in any cross-border investigation it will be important to consider whether or not separate and additional disclosures would be advisable to local enforcement authorities in relevant jurisdictions where the conduct took place, in addition to the DOJ, SEC and/or the SFO.

The determination of whether to make a voluntary disclosure to enforcement authorities is a highly complex, fact-specific determination that must be carefully considered by the company and its counsel.