A New Era of Export Control and Sanctions Enforcement
Since the Russian invasion of Ukraine in February 2022, the U.S. government has made it increasingly clear that enforcement of export control and economic sanctions laws is a top priority. From launching task forces to target illicit actors, to engaging in closer cooperation with authorities in Canada, the United Kingdom, and the European Union on global investigations and enforcement efforts, the Commerce Department’s Bureau of Industry and Security (BIS), the Treasury Department’s Office of Foreign Assets Control (OFAC), and the Department of Justice (DOJ) are aggressively enforcing these laws and regulations.
Recently, BIS upped the ante, announcing several significant enforcement policy changes that aim to impose higher penalties on companies that have engaged in significant violations of export control requirements, including penalizing those that decide not to voluntarily disclose such violations. At the same time, both BIS and Congress have incentivized private industry and whistleblowers to report potential export control and economic sanctions violations. Companies are now on notice that they must reevaluate their risk profile when it comes to export compliance and disclosing potential instances of misconduct.
Naming and Shaming; Shifting Disclosure Considerations
BIS recently made announcements that build upon earlier enforcement-related measures and may dramatically shift the risk calculus when it comes to export control compliance and the decision as to whether to voluntarily disclose potential violations of the U.S. Export Administration Regulations (EAR). Submitting a voluntary self-disclosure (VSD) when a potential violation of the EAR is discovered typically serves as a significant mitigating factor in any enforcement response that reduces the base penalty, generally by at least one-half.
By way of background, in a final rule issued in June 2022, BIS revised its enforcement guidelines so that export enforcement charging letters are now made publicly available once filed with the Administrative Law Judge and prior to the final administrative disposition of a case. Previously, charging letters would be sent confidentially to companies under investigation. These public charging letters serve as both warnings and deterrents to the export community, as an entity generally would not want to be in a position of having its letter go public – particularly if the entity has not yet had a chance to fully investigate and review the issue. The first test case for this new policy immediately followed when BIS issued a public charging letter against Russian oligarch Roman Abramovich for flights to Russia via U.S.-origin aircraft. BIS has since published several additional charging letters on its website.
Soon thereafter, BIS announced in a June 30, 2022 memo that it is now dual-tracking VSDs depending on the severity of the violation. BIS is closing out cases involving minor or technical violations quickly (generally, within 60 days of receipt of the final submission) with warning or no action letters and devoting additional time and resources to more serious violations. Cases involving more significant violations are assigned to a field agent and an Office of Chief Counsel attorney for a more thorough investigation and may well be subject to considerably higher penalties than those historically assessed by BIS (even taking into account the mitigating credit of the VSD). The Department of Justice’s Counterintelligence and Export Controls Section will also assign an attorney in the most egregious cases. As part of this policy shift, BIS announced the end of its “no admit, no deny” settlements, requiring companies or individuals entering a settlement agreement to admit that the underlying factual conduct occurred.
Against the backdrop of these changes, on April 18, 2023, BIS released a new memorandum entitled, “Clarifying Our Policy Regarding Voluntary Self-Disclosures and Disclosures Concerning Others” (the Memo). The Memo details various penalties and incentives to encourage exporters, whistleblowers, and third parties to disclose suspected violations of the EAR. Going forward, BIS will now treat a decision by industry or academia not to voluntarily self-disclose “significant” violations of the EAR that are then subsequently discovered by BIS as an aggravating factor in its penalty calculation. This marks a stark and impactful change in BIS policy, as previously having an effective compliance program that uncovered a potential violation generally was viewed only as a mitigating factor (i.e., a factor that reduced potential penalties), particularly if robust corrective actions were instituted. Now, if that same compliance program identifies a potential violation, BIS indicated that to the extent an entity makes “a deliberate decision not to disclose a significant possible violation, they risk a sharply increased” penalty, even if remedial measures have been implemented. Essentially, this new policy renders the decision regarding whether to voluntarily disclose certain mistakes or misconduct less “voluntary,” altering the calculus for companies in terms of whether or not to disclose potential violations.
The Memo clarifies that “significant” violations are those that “reflect potential national security harm” as compared to mere technical violations, but does not provide any concrete examples of what qualifies as a triggering violation. While it is fairly clear that an unlawful export of a sensitive item to China may well harm U.S. national security, how will BIS view the unlawful export of that same item to an allied country?
As an additional incentive for companies to come forward, BIS promises in the Memo to provide forward-looking credit to companies that report suspected violations by competitors and other third parties, where such tips result in an enforcement action. This is one element of a larger strategy to incentivize individuals and entities to come forward with information of suspected export control and/or sanctions violations. The new policy is based on the “exceptional cooperation” mitigating factor in BIS’s enforcement guidelines. Information leading to an enforcement action against any third party will be considered a mitigating factor in any future enforcement action against the disclosing party, even if that future action is unrelated to the tip. From a practical standpoint, however, it is not clear how BIS will track and grant these types of credits or how aggressively the private sector may use this new policy as a tool against competitors.
Rewarding Whistleblowers for Reporting Sanctions and Export Violations
Separately, at the end of last year, as part of the Consolidated Appropriations Act, 2023, Congress passed the AML Whistleblower Improvement Act (the Act), which contained several amendments to the Anti-Money Laundering (AML) whistleblower program (31 U.S.C. § 5323) of the Bank Secrecy Act (BSA). Now, all companies subject to U.S. economic sanction laws are subject to whistleblower complaints under the BSA for potential U.S. sanctions violations. Before the changes went into effect, the whistleblower program applied only to BSA-covered financial institutions.
The Act expanded the definition of a whistleblower to include “any individual” who provides information relating to a violation of the BSA, the International Emergency Economic Powers Act (IEEPA), the Foreign Narcotics Kingpin Designation Act, and/or the Trading with the Enemy Act. Under this expanded definition, the program now includes the primary laws underpinning OFAC’s sanctions programs. Additionally, the law now applies transnationally, meaning whistleblowers will be rewarded regardless of their nationality. Whistleblowers will receive 10 to 30 percent of what has been collected of the monetary sanctions imposed for enforcement actions that result in fines exceeding $1,000,000.
Interestingly, while the new law expressly applies to sanctions actions, there is an EAR component to consider as well. Although not stated explicitly in the Act, BIS’s April Memo indicates that whistleblowers can receive a reward for disclosing information on suspected “related” export control violations if the Department of Justice or Department of the Treasury takes a qualifying action based on the same original information provided by the whistleblower.
Key Takeaways for Industry
With increased focus on protecting certain sensitive technologies, as well as the new substantial risks of non-compliance highlighted by the Memo and the recent historic Seagate enforcement action, which resulted in a $300 million fine for impermissible shipments to a company on BIS’s Entity List (Huawei), companies and academia should carefully review their compliance programs. Particular emphasis should be placed on safeguarding against potential export control and sanctions violations and readily addressing any suspected violations that do occur.
Given recent efforts to incentivize whistleblower complaints, industry should encourage and provide various internal mechanisms for employees to report concerns and emphasize that reporting potential violations or misconduct will not result in retaliation. Now more than ever, it is imperative that companies prepare for an increase in whistleblower complaints, including from competitors, and adjust their internal compliance programs accordingly.
Once issues are reported or uncovered, of course, it is critical to quickly investigate and escalate such issues and have a process in place to ensure that a timely decision can be made regarding whether to submit an initial VSD to avoid application of an aggravating factor and preserve the mitigating credit of a disclosure, as well as to preserve documents and protect privilege. These considerations must be weighed against the fines (which likely will be higher going forward) as well as increased scrutiny that a company opens itself up to when it discloses potential violations.
Wiley has unparalleled experience and expertise representing a broad range of U.S. and multinational clients in complex export control and sanctions matters. Wiley also has written extensively on implementing effective compliance programs and adapting to similar whistleblower programs in the past (see here, here, and here; and for additional information on the Security and Exchange Commission’s (SEC) whistleblower program in particular, please see here and here).