Top Ten Export Control Enforcement Trends (United States)

The following trends summarize the key takeaways from a recent webcast presented by Gibson, Dunn and Crutcher LLP on “Emerging Trends in US Export Control Enforcement.”

In April 2022, Deputy Attorney General Lisa Monaco described sanctions as “the new FCPA,” signaling an intent by the US Department of Justice (“DOJ”) to apply heightened scrutiny and enforcement focus in this area.

International economic sanctions, and complementary export control measures, have become an increasingly important foreign policy tool and an area of heightened enforcement interest across regulatory agencies. Unprecedented enforcement decisions and cooperation efforts across national and international regulatory and law enforcement bodies - both in the wake of Russia’s further unlawful invasion of Ukraine and in response to a wide range of geopolitical and technological developments - indicate a sea change in corporate compliance risk, highlighting the importance of understanding a company’s exposure to enforcement risk related to sanctions and export control laws.  

In-house counsel should be mindful of these trends and, in turn, acquire the appropriate resources and acumen to avoid or mitigate criminal and civil penalties for export control law violations.
 

Top-Level Federal Agency and International Cooperation Trends

Agencies domestically and abroad are prioritizing export control law enforcement and interagency coordination.

1. Federal agencies are putting more resources towards coordinated information collection and export control enforcement actions. After the United States, its allies, and partners imposed wide-ranging export control measures on Russia and Belarus in early 2022, the US Department of Commerce’s Bureau of Industry and Security (“BIS”)  and the US Department of Treasury’s Financial Crimes Enforcement Network (“FinCEN”) issued several first-of-their-kind joint notices, which provide guidance for financial institutions on identifying potentially unlawful export-related transactions and submitting suspicious activity reports (“SARs”) to flag potential violations of US export controls targeting Russia.
   
   In addition, the DOJ, BIS, Federal Bureau of  Investigation, and Department of Homeland Security launched the Disruptive Technology Strike Force, to pursue numerous criminal enforcement actions related to sanctions and export control violations involving the transfer of sensitive technology to authoritarian and hostile states.
   
   Further, the DOJ National Security Division (“NSD”) has hired 25 new prosecutors to focus on export control and sanctions investigations and the first-ever Chief Counsel for Corporate Enforcement to leverage these channels of cross-agency intelligence and enforce corporate compliance.
    
2. Federal information collection and enforcement efforts are being reinforced on an international scale through enhanced global coordination. The US, Australia, Canada, New Zealand and the UK agreed to formally coordinate export control enforcement and exchange information through the “E5” partnership. More broadly, the Global Export Control Coalition, currently comprising 39 members, agreed to implement similar export controls targeting Russia and Belarus. Furthermore, the US is forging partnerships between its Disruptive Technology Strike Force and Japanese and Korean counterparts, among other international coordination efforts.
    

Department of Justice & Department of Commerce Enforcement Trends 

The agencies are developing and applying their Voluntary Self Disclosure (“VSD”) policies to encourage broader compliance.

3. The NSD has clarified the requirements of direct, voluntary, and timely disclosure of potential criminal violations of export control laws under its Enforcement Policy for Business Organizations (“DOJ Policy”). First released in 2016, the DOJ Policy provides guidance and incentives for corporations to self-disclose potentially criminal violations of sanctions and export control laws to DOJ. The DOJ Policy has been revised several times in recent years.
   
   In 2019, the NSD clarified that disclosures must be made directly to the NSD, and not solely to regulatory agencies with potentially overlapping areas of enforcement interest, to receive credit from DOJ.
   
   Additionally, for a VSD submission to be considered voluntary, it must be made without knowledge of an agency-led investigation into the matter (even if one may be occurring at the time).
   
   In general, for full credit, the VSD must be submitted within a “reasonably prompt time after awareness of the offense.”  
    
4. The NSD has underscored significant benefits that arise from meeting the DOJ Policy requirements, including presumed declination, no-fine penalties, and presumption against a monitor. The 2019 update further reduced ambiguity about benefits that disclosing companies can expect. Under the revised DOJ Policy, when a company (1) voluntarily self-discloses potentially criminal violations arising out of or relating to the enforcement of export control or sanctions laws to NSD, (2) fully cooperates, and (3) timely and appropriately remediates, NSD will apply a presumption that the company will receive a non-prosecution agreement and not pay a fine, absent aggravating factors.
   
   Should aggravating factors be present, if the company has implemented and tested an effective and well-designed compliance program, then compliance with the DOJ Policy requirements will still result in a reduced fine and will not require appointment of a monitor.
    
5. The NSD has expanded the scope of the DOJ Policy by including financial institutions, including an M&A safe harbor provision, and extending application to related crimes. In its 2019 revision, the NSD extended the DOJ Policy to financial institutions, which had been expressly excluded from the initial policy.
   
   In 2024, NSD further explained how the DOJ Policy would be applied in the context of M&A transactions. In general, if an acquiror discloses misconduct committed by an acquired entity within 180 days of the completed transaction, fully cooperates, and remediates the misconduct, there is a presumption that NSD will decline to prosecute the acquiror.
   
   The NSD also clarified that the DOJ Policy extends to disclosures of potential violations of other criminal statutes that affect national security because they arise out of or relate to the enforcement of export control and sanctions laws, such as money laundering, bank fraud, smuggling, fraudulent importation, and false statement offenses.
    
6. The NSD applied the DOJ Policy, entering into the first-ever resolution (an NPA) and issuing its first declination under the DOJ Policy. In April of 2021, the NSD demonstrated the tangible benefits of the DOJ Policy by entering into a non-prosecution agreement (“NPA”) with software company SAP SE, following the company’s voluntary self-disclosure that it had illegally and willfully exported software and services to Iran over a period of six years. The company entered an NPA with DOJ and was not assessed a fine, though the NPA did impose disgorgement and remediation costs, and the implementation of certain internal compliance measures.
   
   In May 2024, the NSD issued its first-ever declination under the DOJ Policy, declining to prosecute life science company MilliporeSigma after the corporation disclosed, one week after retaining outside counsel to conduct an internal investigation, that a company salesperson had conspired with third parties to illegally export products to China from 2016 to 2023. MilliporeSigma was not required to pay any fine, disgorgement, forfeiture, or restitution.
    
7. BIS has also further incentivized self-disclosure by announcing that the failure to submit a VSD will be considered an “aggravating factor” for adjudication. The Office of Export Enforcement (OEE) announced in 2023 that BIS will treat failure to submit a VSD of significant possible violations as an aggravating factor under its settlement guidelines, which instruct OEE to consider whether a respondent’s export compliance program detected a problem and whether the respondent took steps to address it.
   
   Submitting a VSD is a mitigating factor under the enforcement guidelines, and BIS will now consider failure to self-disclose, where the violation is potentially significant, a reason to increase potential penalties.
    
8. BIS has implemented a two-track system to more quickly resolve VSDs of minor or technical infractions. In 2022, the OEE implemented a two-track system such that minor and technical issues identified in VSDs would be resolved with the issuance of a warning or no-action letter within 60 days of submission. For more serious violations, a field agent and Office of Chief Counsel attorney are assigned so that they are addressed by appropriate enforcement resources.
   
   Although BIS reports that the number of VSD submissions has not significantly changed since 2022, BIS has found that industry participants are appreciative of this expedited process, and it encourages companies to submit VSDs that include multiple minor infractions, if close in time, to ensure efficient processing.
    
9. BIS allows companies to submit tips about their peers. In 2023, the OEE rolled out a “confidential reporting form” for parties to report when other industry participants are circumventing export controls and announced that reporting parties could receive concrete benefits for doing so.
   
   Specifically, the reporting party can accumulate “exceptional cooperation with OEE” credit by submitting a tip, which would be a mitigating factor in the event of a future enforcement action against the reporting company.
   
   If the wrongful conduct reported is considered a sanctions violation, further reporting to FinCEN and/or the DOJ can also lead to monetary rewards under a new FinCEN whistleblower policy.
    
10. BIS is following through on its commitment to increase penalties for serious export violations, as seen in its record-breaking penalty against Seagate Technology. In 2022, BIS announced its intention to impose significantly higher penalties in cases of serious violations, along with the elimination of “no admit, no deny” settlements.
    
    In holding to this commitment, in April of 2023, BIS imposed a USD $300 million administrative penalty against Seagate Technology, finding that serious export violations had been committed when 7.4 million hard disk drives were supplied to Huawei, in contravention of the Export Administration Regulations, and, in particular, of the foreign direct product rule.