What You Need to Know
- Key takeaway #1In the event that an entity discovers a potential criminal sanctions, export control, or other national security violation, submitting a voluntary self-disclosure to the U.S. Department of Justice or other relevant agencies can be a significant mitigating factor.
- Key takeaway #2Regardless of whether a voluntary self-disclosure is submitted, engaging in an internal review to understand the scope of the violations and compliance program breaches is a crucial step to determine the parties’ risk exposure.
- Key takeaway #3Companies that have access to, or develop, export-controlled items and emerging technologies should ensure they have strong enough compliance measures in place to prevent outside parties from accessing those items.
On May 22, 2024, the U.S. Department of Justice’s National Security Division (NSD) announced its first declination to prosecute a company under its Enforcement Policy for Business Organizations (Enforcement Policy).
An employee of the biochemical company Sigma-Aldrich, Inc., doing business as MilliporeSigma, conspired to fraudulently procure discounted products and export them to China using falsified export documents, in conjunction with another individual who falsely represented that he was affiliated with a U.S. university research lab. The products contained chemical compounds subject to the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR).
While the employee and a third-party purchaser each pleaded guilty to one count of wire fraud conspiracy for their involvement in the scheme, DOJ declined to prosecute MilliporeSigma, citing the company’s prompt disclosure of the misconduct and cooperation with NSD. Under the recently updated Enforcement Policy, NSD will generally not seek a guilty plea, and a company will presumptively receive a non-prosecution agreement without paying a fine, when a company:
- Voluntarily self-discloses potential criminal violations arising out of or relating to the enforcement of export control or sanctions laws;
- Fully cooperates; and
- Timely and appropriately remediates.
In the declination letter, NSD cited five key facts that informed its decision not to prosecute MilliporeSigma.
- First, the company self-disclosed the misconduct “a week after retaining outside counsel to conduct an internal investigation and before obtaining a complete understanding of the nature and full extent of the misconduct.”
- Second, the company provided “exceptional and proactive cooperation,” disclosing all relevant facts about the misconduct of individuals and agreeing to provide ongoing cooperation.
- Third, the products did not pose a “significant threat to national security,” and, in some instances, did not require an U.S. export license.
- Fourth, the company terminated the involved salesperson and improved its internal controls and compliance program.
- Finally, the company itself was a victim to the scheme.
In addition, because the company did not unlawfully obtain any gains from the offenses for which it was potentially liable, NSD did not require the company to pay any disgorgement, forfeiture, or restitution.
The declination, the first of its kind, signals that DOJ will continue to incentivize companies to come forward voluntarily upon learning of misconduct, and that it will continue to prioritize the enforcement of export controls and sanctions violations. DOJ has consistently messaged that “sanctions are the new FCPA” and that it will seriously consider a company’s actions following the discovery of the unlawful activity as part of its enforcement decisions.
As Deputy Attorney General Lisa Monaco emphasized at the American Bar Association’s 39th National Institute on White Collar Crime in March 2024, “no matter how good a company’s cooperation, a resolution will always be more favorable with voluntary self-disclosure.”
After the publication of DOJ’s decision to decline to prosecute, Assistant Secretary for Export Enforcement Matt Axelrod reminded the public that the “announcement provides yet another fact pattern for universities to beware of — the misuse of academic institutions by outsiders who seek to obscure the actual customer of controlled items.”
Accordingly, if and when companies, universities, or other entities discover potential violations, they should retain counsel with expertise in the respective area of law to conduct an internal investigation, identify underlying causes or vulnerabilities that may have contributed to the violation, help determine whether to self-disclose (and to whom), and assist with remediation of compliance programs.