On March 7, 2024, the US Department of Justice (“DOJ”) National Security Division (“NSD”) published a revised Enforcement Policy for Business Organizations (“Enforcement Policy”). The Enforcement Policy was first issued by the NSD on December 13, 2019 and subsequently updated March 1, 2023. Our blog post discussing the original policy is here.

In these latest updates NSD has not altered the core components of the Enforcement Policy, which provides that when a company (1) voluntary self-discloses (“VSDs”) to NSD potentially criminal violations arising out of or relating to the enforcement of sanctions or export controls laws, (2) fully cooperates, and (3) timely and appropriately remediates the violations, and absent aggravating factors, NSD will generally not seek a guilty plea and there is a presumption that the disclosing company will receive a non-prosecution agreement and will not pay a fine. Instead, the Enforcement Policy has received a number of incremental updates to bring it into line with broader policies and the current criminal enforcement practices of the DOJ as a whole.

The most significant changes relate to how NSD will handle disclosures made in the mergers and acquisition (“M&A”) context. In particular how acquiring companies will be treated when they identify and promptly disclose to NSD criminal conduct identified at acquisition targets either during pre-acquisition due diligence, or following closing of the transaction. These changes to the Enforcement Policy have been issued in light of the October 4, 2023 Mergers and Acquisitions Safe Harbor Policy (“Safe Harbor Policy”), issued by Deputy Attorney General for the Department’s Criminal Division Lisa Monaco, and to align the NSD Enforcement Policy with the same principles. The Safe Harbor Policy is further covered by our previous blog post here. If an acquiring company meets the requirements of the policy (prompt disclosure within 180 days of closing, full cooperation, and timely remediation within one year of closing) the following key benefits will apply:

  • NSD will generally not seek a guilty plea from the acquiror;
  • There is a presumption that NSD will decline to prosecute the acquiror;
  • The acquiror will not be required to pay a criminal fine or forfeit assets, but will still be required to disgorge any proceeds of the criminal conduct;
  • If the acquired entity continues to exist as a distinct legal entity following the transaction, NSD will credit the acquiror’s timely VSD to the acquired entity, and will consider whether the acquired entity otherwise satisfies the Enforcement Policy’s requirements to receive credit for the VSD. (Note the acquired entity cannot take advantage of the Safe Harbor Policy itself and may still be prosecuted by the NSD, taking into account the other provisions of the Enforcement Policy); and
  • In cases where an acquiror’s VSD of misconduct by an acquired entity does not qualify for the additional protections of the Safe Harbor Policy (e.g., it was made outside of the required timeframe), NSD will consider whether the acquiror’s VSD otherwise satisfies the Enforcement Policy’s requirements to receive credit for a VSD.

These changes are important, because sanctions and export control violations are often identified in an M&A context (e.g., where a target company has not paid the necessary attention to risks and compliance in these areas, where an acquisition renders a target subject to jurisdiction of the applicable US laws for the first time, etc.). On the civil side, both the Treasury Department’s Office of Foreign Assets Control (“OFAC”) and the Commerce Department’s Bureau of Industry and Security (“BIS”), have for some time treated acquiring companies more leniently in enforcement proceedings (e.g., by resolving cases without application of a penalty) when those companies have identified and voluntarily disclosed sanctions and export control violations in the course of acquisitions. Going forward, acquiring companies will need to carefully consider whether, when, and how to disclose sanctions and export controls related conduct that is potentially criminal to BIS, OFAC, and/or NSD to maximize the potential benefits from all three agencies in doing so—and then coordinate the resulting cooperation expectations. Companies will only be able to take advantage of these potential protections if they ensure robust sanctions and export controls due diligence and compliance integration as part of their acquisition strategy.

Outside of the M&A context, a number of other more minor updates and clarifications have been made to the Enforcement Policy. These include:

  • Clarification that NSD encourages companies to voluntarily self-disclose not only potential criminal (i.e., willful) violations of sanctions and export controls laws, but also potential violations of other criminal statutes that affect national security (e.g., money laundering, bank fraud, smuggling, fraudulent importation, false statement offenses).
  • Emphasis that the Enforcement Policy will apply to all other corporate criminal matters handled by NSD—not just sanctions and export controls laws—including:
    • Potential criminal violations of the Foreign Agents Registration Act;
    • Laws prohibiting material support to and financing of terrorism; and
    • Criminal violations in connection with the work of the Committee on Foreign Investment in the United States, the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector (i.e., Team Telecom), and other national security proceedings.
  • Reminder that the Enforcement Policy only applies to the resolution of corporate criminal cases and the NSD may still pursue criminal charges against individuals for the same conduct. This is consistent with broader DOJ policy which requires companies to assist the DOJ in bringing cases against individuals (including current or former employees of the company), in order to receive full credit for their cooperation.
  • Confirmation, consistent with other DOJ policy, that NSD generally will not require the imposition of an independent compliance monitor for a cooperating company that is determined to have met the requirements of the Enforcement Policy and, at the time of resolution, demonstrates it has implemented and tested an effective compliance program.

Terry Gilroy is a partner in the New York office of Baker McKenzie and a member of the Investigations Compliance and Ethics Practice Group. Prior to joining the Firm in 2018, Terry served as Americas Head of the Financial Crime Legal function at Barclays. Terry advises businesses and individuals on white collar and financial crime issues and has significant experience conducting investigations relating to compliance with the US Foreign Corrupt Practices Act (FCPA) and related bribery and corruption statutes, economic sanctions regulations as administered by the US Department of the Treasury's Office of Foreign Assets Control (OFAC), and the Bank Secrecy Act and related anti-money laundering (AML) regulations and statutes. Terry spent six years on active duty in the United States Army as a Field Artillery officer.


Mr. Martin advises clients on corporate ethics and compliance issues including, anti-bribery and corruption, fraud, financial crime, anti-money laundering, and trade sanctions in connection with federal investigations. Mr. Martin has extensive experience managing multinational fraud, corruption and sanctions investigations for client facing federal enforcement or regulation in the US. This includes experience conducting investigations in the UK, Europe, Africa, the Middle East, Asia and North and South America. He has advised clients before federal enforcement authorities, regulators, and prosecutors in the US, the UK and elsewhere. He writes extensively about compliance and investigations issues, best practices and developments in English and US law. Mr. Martin's practice also includes commercial disputes, and federal litigation including contract disputes with suppliers, subcontractors, and government departments.


Rob assists multinational companies on OFAC sanctions, export controls, and other trade laws in the context of compliance, licensing, internal investigations, mergers and acquisitions, government disclosures, and enforcement actions. He has experience assisting clients navigate sanctions and export control in the following sectors: semiconductor design and manufacturing, telecommunications, pharmaceuticals, consumer goods, and financial services. Rob has also assisted start-ups and medium-sized businesses encountering OFAC sanctions and export controls for the first time. Rob's pro bono practice includes providing sanctions and export control advice to a global NGO providing humanitarian relief in conflict zones. He also advises a global pro-bono law firm in advocacy matters relevant to sanctions and export controls. He has also served on the board of directors of a nonprofit working to improve the mental health environment for university students.