On March 7, 2024, the US Department of Justice (“DOJ”) National Security Division (“NSD”) published a revised Enforcement Policy for Business Organizations (“Enforcement Policy”). The Enforcement Policy was first issued by the NSD on December 13, 2019 and subsequently updated March 1, 2023. Our blog post discussing the original policy is here.
In these latest updates NSD has not altered the core components of the Enforcement Policy, which provides that when a company (1) voluntary self-discloses (“VSDs”) to NSD potentially criminal violations arising out of or relating to the enforcement of sanctions or export controls laws, (2) fully cooperates, and (3) timely and appropriately remediates the violations, and absent aggravating factors, NSD will generally not seek a guilty plea and there is a presumption that the disclosing company will receive a non-prosecution agreement and will not pay a fine. Instead, the Enforcement Policy has received a number of incremental updates to bring it into line with broader policies and the current criminal enforcement practices of the DOJ as a whole.
The most significant changes relate to how NSD will handle disclosures made in the mergers and acquisition (“M&A”) context. In particular how acquiring companies will be treated when they identify and promptly disclose to NSD criminal conduct identified at acquisition targets either during pre-acquisition due diligence, or following closing of the transaction. These changes to the Enforcement Policy have been issued in light of the October 4, 2023 Mergers and Acquisitions Safe Harbor Policy (“Safe Harbor Policy”), issued by Deputy Attorney General for the Department’s Criminal Division Lisa Monaco, and to align the NSD Enforcement Policy with the same principles. The Safe Harbor Policy is further covered by our previous blog post here. If an acquiring company meets the requirements of the policy (prompt disclosure within 180 days of closing, full cooperation, and timely remediation within one year of closing) the following key benefits will apply:
- NSD will generally not seek a guilty plea from the acquiror;
- There is a presumption that NSD will decline to prosecute the acquiror;
- The acquiror will not be required to pay a criminal fine or forfeit assets, but will still be required to disgorge any proceeds of the criminal conduct;
- If the acquired entity continues to exist as a distinct legal entity following the transaction, NSD will credit the acquiror’s timely VSD to the acquired entity, and will consider whether the acquired entity otherwise satisfies the Enforcement Policy’s requirements to receive credit for the VSD. (Note the acquired entity cannot take advantage of the Safe Harbor Policy itself and may still be prosecuted by the NSD, taking into account the other provisions of the Enforcement Policy); and
- In cases where an acquiror’s VSD of misconduct by an acquired entity does not qualify for the additional protections of the Safe Harbor Policy (e.g., it was made outside of the required timeframe), NSD will consider whether the acquiror’s VSD otherwise satisfies the Enforcement Policy’s requirements to receive credit for a VSD.
These changes are important, because sanctions and export control violations are often identified in an M&A context (e.g., where a target company has not paid the necessary attention to risks and compliance in these areas, where an acquisition renders a target subject to jurisdiction of the applicable US laws for the first time, etc.). On the civil side, both the Treasury Department’s Office of Foreign Assets Control (“OFAC”) and the Commerce Department’s Bureau of Industry and Security (“BIS”), have for some time treated acquiring companies more leniently in enforcement proceedings (e.g., by resolving cases without application of a penalty) when those companies have identified and voluntarily disclosed sanctions and export control violations in the course of acquisitions. Going forward, acquiring companies will need to carefully consider whether, when, and how to disclose sanctions and export controls related conduct that is potentially criminal to BIS, OFAC, and/or NSD to maximize the potential benefits from all three agencies in doing so—and then coordinate the resulting cooperation expectations. Companies will only be able to take advantage of these potential protections if they ensure robust sanctions and export controls due diligence and compliance integration as part of their acquisition strategy.
Outside of the M&A context, a number of other more minor updates and clarifications have been made to the Enforcement Policy. These include:
- Clarification that NSD encourages companies to voluntarily self-disclose not only potential criminal (i.e., willful) violations of sanctions and export controls laws, but also potential violations of other criminal statutes that affect national security (e.g., money laundering, bank fraud, smuggling, fraudulent importation, false statement offenses).
- Emphasis that the Enforcement Policy will apply to all other corporate criminal matters handled by NSD—not just sanctions and export controls laws—including:
- Potential criminal violations of the Foreign Agents Registration Act;
- Laws prohibiting material support to and financing of terrorism; and
- Criminal violations in connection with the work of the Committee on Foreign Investment in the United States, the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector (i.e., Team Telecom), and other national security proceedings.
- Reminder that the Enforcement Policy only applies to the resolution of corporate criminal cases and the NSD may still pursue criminal charges against individuals for the same conduct. This is consistent with broader DOJ policy which requires companies to assist the DOJ in bringing cases against individuals (including current or former employees of the company), in order to receive full credit for their cooperation.
- Confirmation, consistent with other DOJ policy, that NSD generally will not require the imposition of an independent compliance monitor for a cooperating company that is determined to have met the requirements of the Enforcement Policy and, at the time of resolution, demonstrates it has implemented and tested an effective compliance program.