Client Alert

DOJ Clarifies Incentives for Voluntary Self-Disclosures of Export Control and Sanctions Violations

17 Dec 2019

On December 13, 2019, the Department of Justice’s National Security Division (“NSD”) announced a revised policy to encourage voluntary self-disclosures (“VSDs”) of criminal violations of export control and sanctions laws. The new guidance provides greater clarity regarding the incentives for companies that self-report, including a presumption that such companies will receive a non-prosecution agreement and not have to pay a fine, absent aggravating factors. The policy reflects NSD’s continued emphasis on private-sector cooperation as part of its overall strategy to enforce export control and sanctions laws.

Key takeaways from the Revised Policy

1. The updated policy provides greater clarity and certainty regarding the outcome of a voluntary self-disclosure. The policy encourages companies to voluntarily self-disclose potentially willful violations of export control and sanctions laws and provides that “there is a presumption that the company will receive a non-prosecution agreement and will not pay a fine, absent aggravating factors” when it:

(1)   voluntarily self-discloses such violations to NSD’s Counterintelligence and Export Control Section;

(2)   fully cooperates; and

(3)   timely and appropriately remediates.

When aggravating factors warrant a deferred prosecution agreement or a guilty plea, DOJ nevertheless will accord, or recommend to a sentencing court, a 50% reduction in fine and not require the appointment of a monitor if the company has voluntarily self-disclosed, fully cooperated, and implemented an effective compliance program at the time of the case’s resolution. So, even if aggravating factors warrant penalties, the benefits offered to companies are concrete: fines are halved and a company will not have to undergo the costly and invasive process of continued supervision under a monitorship.[1]

2. The updated policy applies to financial institutions. The prior 2016 policy excluded financial institutions from the scope of the policy, citing “unique reporting obligations” that apply to the financial sector. Many industry participants felt that the financial institutions carve-out in the 2016 policy was unfair and inconsistent with the aim of the policy to encourage cooperation in sanctions and export controls violations, particularly for a sector that is a frequent player in the sanctions context in particular. The updated policy removes that exclusion, offering financial institutions the same benefits of self-disclosure as other companies.

3. The revised policy reflects efforts to standardize DOJ policy. The revised policy more closely tracks analogous DOJ voluntary self-disclosure policies, such as the FCPA Corporate Enforcement Policy and the Justice Manual guidance on voluntary self-disclosures. Although there are some notable differences (the primary benefit of the FCPA policy is a presumption of a declination rather than a non-prosecution agreement), the policies use common definitions and many of the disclosure, cooperation, and remediation processes closely mirror those found in the FCPA policy. Our assessment of the FCPA policy can be found here (December 2017) and here (April 2016).

4. Compliance with the policy requires careful orchestration. To obtain the full benefit of a voluntary self-disclosure, NSD emphasizes that companies must report violations to NSD’s Counterintelligence and Export Control Section. Although NSD encourages reporting to regulatory agencies that handle administrative enforcement of export control and sanctions laws, reporting to such agencies – including the State, Commerce, and Treasury Departments – is not sufficient to qualify for the benefits of the voluntary self-disclosure policy. For that reason, companies must carefully consider whether identified violations may be criminal in nature, and, if so, how to sequence their disclosures to ensure compliance with the terms of the policy and to avoid a circumstance where a prior disclosure to another agency may bar the organization from obtaining the benefit of the policy.

Requirements of the Policy

To take advantage of the benefits offered, the policy lays out a number of conditions that must be met to take full advantage of the policy. For example, to receive the policy’s benefits:

  • A company must promptly disclose the violation directly to NSD’s Counterintelligence and Export Control Section. As described above, a company will not receive the policy’s benefits on the basis of a disclosure to another agency.
  • Disclosure must be made reasonably promptly after discovery of the offense, and must not be made upon an imminent government investigation. Such disclosure must include “all facts relevant” to the violation at issue, including specific informational sources as opposed to merely a narrative description of them. Additionally, a company must provide continual updates to NSD throughout its investigation of the violation as new facts are discovered.
  • A company’s cooperation must be “proactive,” not just “reactive” – meaning a company must provide all known facts to NSD upfront, among other items potentially evidencing a willingness to lay all the company’s cards on the table. 
  • A company must de-conflict witness interviews and conduct other investigative steps “when requested and appropriate” as part of both its internal investigation and NSD’s planned investigation. When requested, the company should make officers and employees available for interviews with NSD.
  • A company must provide a “root cause analysis” of the underlying offense. This mirrors similar requirements found under DOJ’s FCPA Corporate Enforcement Policy, the instructions under the International Traffic in Arms Regulations, and OFAC’s 2019 Framework for Sanctions Compliance (for a write-up on the last one, see our client alert).
  • The policy requires timely preservation, collection, and disclosure of relevant documents and information. The policy also requires a company to disclose the existence and location of overseas documents, facilitate third-party document production, and translate foreign-language documents.
  • A company must demonstrate that it has implemented an effective compliance program, the criteria for which may vary based on the size and resources of the company. For example, drawing on the FCPA Corporate Enforcement Policy, the policy sets out a number of criteria for determining whether a compliance program is effective, including (1) whether the company has established a culture of compliance; (2) whether the company dedicates sufficient resources to the compliance function; (3) the quality and experience of compliance personnel; (4) the authority and independence of the compliance function; (5) whether the company’s compliance function has performed an effective risk assessment and tailored the compliance program based on that assessment; (6) how a company’s compliance personnel are compensated and promoted as compared to other employees; (7) the auditing of the compliance program to ensure its effectiveness; and (8) the reporting structure of compliance personnel within the company.
  • A company should be able to demonstrate that it has effectively disciplined employees as appropriate, including those identified as responsible for the misconduct and those with supervisory authority over the area where misconduct occurred.
  • A company must demonstrate that it retains business records appropriately, specifically taking care not to use software enabling ephemeral communications between employees that would undermine the company’s ability to detect and supervise potential sanctions and export violations. This requirement is also found in the FCPA Corporate Enforcement Policy.
  • A company should demonstrate that it has taken or is taking “any additional steps” demonstrating that it recognizes the seriousness of its misconduct, accepts responsibility, and implements measures to reduce the risk that the violations will occur in the future.


The revised voluntary self-disclosure policy reflects NSD’s desire to incentivize companies to promptly disclose potential criminal violations of export control and sanctions laws to NSD. As companies contemplate whether (and at what point) to make a voluntary disclosure to NSD, they will need to consider the incentives offered by the policy alongside other factors, including the nature of the violation (and whether it may rise to the level of a willful violation), the likelihood that DOJ will identify and investigate the violation barring a disclosure, and which agencies to share information with and in what order. Time will tell whether the concrete incentives outlined in the revised policy result in an uptick in voluntary self-disclosures.

[1] By contrast, the 2016 policy stated that if a company voluntarily self-discloses, cooperates, and remediates criminal violations of export controls and sanctions, “the company may be eligible for a significantly reduced penalty.” Such reduced penalty included the “possibility” of a non-prosecution agreement, a reduced period of supervised compliance, a reduced fine and forfeiture, and no requirement for a monitor. The 2016 policy promised that the company would, regardless of the circumstances of the violation, find itself in a better position than had the company not disclosed and cooperated, but did not quantify the benefits.



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.