On Friday, December 13, the U.S. Department of Justice (“DOJ”) National Security Division (“NSD”) announced substantial revisions to its export control and sanctions violation enforcement policy (the “VSD Policy”). The original policy, released in October 2016 (the “2016 Policy”), was part of the first wave of DOJ efforts, along with the FCPA Unit’s Pilot Program in April 2016, to provide stronger incentives - through offering more concrete and quantifiable benefits in enforcement policy - to companies to voluntarily disclose potentially criminal export controls and sanctions issues, with the goal of bringing more individual prosecutions. NSD’s announcement on December 13, roughly three-and-half years after those first policy pronouncements and nearly two years after DOJ’s Criminal Division began offering, in its Corporate Enforcement Policy (“CEP”), a presumption of a declination to companies that voluntarily disclose potential FCPA violations, and fully cooperate and remediate, is the latest installment of DOJ’s apparent efforts to provide such additional assurances where it can, across a large portion of its enforcement program. As the Assistant Attorney General for National Security, John C. Demers, explained in the announcement, “The revised VSD Policy should reassure companies that, when they do report violations directly to DOJ, the benefits of their cooperation will be concrete and significant.”
We view this latest addition to DOJ’s suite of policy tools as potentially helpful, in that it appears intended to continue DOJ’s move towards increased transparency in its decision making processes. Like all broad policy pronouncements, however, it remains to be seen how much comfort the VSD Policy will provide to companies grappling with these issues and how effective it will actually be in generating additional voluntary disclosures. Like the CEP, it also leaves a number of questions unanswered as to how it will be applied in practice, which only practical application over time will answer.
Below we summarize the key points of the VSD policy, and compare and contrast it with the FCPA CEP, with which many practitioners may be familiar already.
NSD’s VSD Policy
NSD first announced its contribution to the DOJ’s emerging consensus on enforcement policy in the 2016 Policy. That document provided that a company would be considered for a Non-Prosecution Agreement (“NPA”) or Deferred Prosecution Agreement (“DPA”) and reduced criminal penalties, where it voluntarily disclosed potential criminal sanctions and export controls violations to NSD, fully cooperated and remediated. The VSD Policy takes the prospect of leniency in exchange for voluntary disclosure, cooperation and remediation in these types of matters and makes it, on balance more attractive (and NPA, as opposed to an NPA or DPA), and potentially less uncertain: the VSD Policy now creates a “presumption” that a company that makes a voluntary disclosure of potential criminal violations to NSD’s Counterintelligence and Export Controls Section (“CES”), fully cooperates with the ensuing DOJ inquiry and timely and appropriately remediates the conduct in question, will receive an NPA, pay no criminal fine and receive no compliance monitor post-settlement, absent aggravating factors. The VSD Policy further provides that even if such aggravating factors are present, and a DPA or criminal plea is entered into rather than an NPA, the company in question will benefit from a cap on the potential criminal fine at an amount equal to the gross gain or loss under the Alternative Fines Act and DOJ will not require a monitor, provided the company implements an effective compliance program.
In all instances, however, the VSD Policy makes clear that the company will be required to disgorge, forfeit or pay restitution of all gains accruing to it as a result of the misconduct at issue.
A Familiar Framework, Adapted to National Security Risks
Similarities to Existing DOJ Guidance
The VSD Policy represents NSD’s effort to update and standardize its original October 2016 enforcement guidance, using the same framework as set out in the Criminal Division’s CEP for Foreign Corrupt Practices Act (“FCPA”) matters released in in November 2017 (subsequently extended to all Criminal Division matters in March 2018). These policies are intended to provide as much clarity-of-outcome as possible to companies of the Department’s enforcement intentions in potentially criminal sanctions and export controls, and FCPA cases, respectively, in exchange for voluntary disclosure, cooperation and remediation in compliance with the standards set out in the policies.
Perhaps unsurprisingly, the VSD Policy and the CEP share a common structure, with the large majority of standards and requirements broadly similar. In both cases:
- For a company to be eligible for the presumed NPA and declination under the VSD Policy and CEP, respectively, “voluntary disclosure” must be made:
- “Prior to an imminent threat of disclosure or government investigation”; 
- “Pithin a reasonably prompt time after becoming aware of the offense”; and
- Consistent with the so-called Yates memorandum, such that the company has disclosed “all relevant facts known to it at the time of the disclosure, including as to any individuals substantially involved in or responsible for the misconduct at issue.”
- To meet the DOJ’s standards for “full cooperation”, companies must provide:
- Timely disclosure of “all facts relevant to the wrongdoing at issue”;
- “Proactive” cooperation, rather than “reactive”;
- Timely preservation, collection, and disclosure of all relevant documents and information;
- Where requested, “de-confliction” of witness interviews and investigative steps at DOJ’s request (i.e., delaying these steps until DOJ has an opportunity to undertake them first); and
- Officers and employees of the company for interviews at DOJ’s request. 
- Similarly, both policies maintain common standards for what will be considered “timely and appropriate remediation”:
- A thorough analysis of the root causes of the conduct (i.e., conducting a “root cause analysis”);
- Implementation of an “effective compliance program”;
- Appropriately disciplining responsible employees;
- Implementing appropriate record retention policies; and
- Taking any additional steps required to “demonstrate recognition of the seriousness of the company’s misconduct, acceptance of responsibility for it, and the implementation of measures to reduce the risk of repetition of such misconduct, including measures to identify future risks.”
Key Areas of Divergence
Notwithstanding these similarities—and as one might expect—the new VSD Policy and the CEP diverge in some important respects. This divergence is apparently due to the “very serious” nature of the export control and sanctions offenses covered by the new VSD Policy, “almost all” of which, according to NSD at least, impact the national security of the United States.
Most obviously, the VSD Policy offers a presumption of an NPA, whereas the CEP, which applies across the entire swathe of criminal offenses the Criminal Division is responsible for prosecuting (interestingly, including some economic sanctions offenses), offers the presumption of a full declination from prosecution. The fine level accommodations, or “discounts,” available also vary substantially. The VSD Policy is clear that where a company does not voluntarily disclose, but otherwise fully cooperates and remediates, NSD will cap the applicable criminal fine at 50% of the maximum available under the Alternative Fines Act, which will equal the gross gain or loss associated with the conduct. In contrast, the CEP offers different tiers of “discounts”: if a company has not voluntarily disclosed but has otherwise fully cooperated and remediated, up to a 50% reduction from the low end of the range of applicable criminal fines as calculated under the U.S. Federal Sentencing Guidelines will be available; if the company has not voluntarily disclosed or fully remediated, but has otherwise fully cooperated, a reduction of up to 25% off the low end of the applicable fine range will be available.
Under both the VSD Policy and CEP, “aggravating factors” can result in a resolution less favorable than the presumed NPA and declination, respectively, even if the company has voluntarily disclosed, fully cooperated, and remediated. Both policies retain a common set of aggravating factors: senior executive involvement in the criminal activity; earning of significant profits; pervasiveness of the activity throughout the company; and recidivism with regard to this type of criminal activity. The VSD Policy, however, reflecting DOJ’s view of the seriousness of criminal export controls and sanctions violations, includes additional aggravating factors:
- The exports in question included items controlled for nuclear nonproliferation or missile technology reasons to a proliferator country;
- The exports in question included items known to be used in the construction of weapons of mass destruction;
- The end-user was a Foreign Terrorist Organization (FTO) or Specially Designated Global Terrorist (SDGT);
- Exports of military items to a hostile foreign power;
- Repeated violations, including similar administrative or criminal violations in the past; and
- Knowing involvement of upper management in the criminal conduct.
The VSD Policy is also very specific in that it applies only to voluntary disclosures made by companies to CES and not to any other section, division, or regulatory agency which may have jurisdiction over the conduct, including the Treasury Department’s Office of Foreign Assets Control (“OFAC”), the Commerce Department’s Bureau of Industry and Security (“BIS”), and the Directorate of Defense Trade Controls (“DDTC”). Interestingly, the VSD Policy makes clear that in assessing a company’s compliance program, NSD will coordinate with the applicable regulatory agencies to ensure a common approach to compliance—now a prerequisite as more regulatory agencies adopt their own compliance program standards and regulatory guidance (see, for example, OFAC’s Framework for Corporate Compliance Commitments, released May 2, 2019).
Analysis and Open Questions
We view DOJ’s efforts to provide more, and more transparent, guidance to the corporate user community on its disclosure, cooperation, and remediation expectations in investigations and enforcement actions as a constructive development.
That said, the VSD Policy does have some questions associated with it which likely will take time, and practical application, to work out. First, because the benefits of the policy are only available to companies that voluntarily disclose to NSD CES—and not a regulatory agency—companies may find themselves in the position of having to make an early, and potentially uninformed (or less informed than they would like to be) decision on whether such conduct was “willful,” such that it should be disclosed to NSD (and the regulatory agency), or just the applicable regulator. Such determinations can be difficult even with a robust investigative record developed over an entire investigation, and the VSD Policy’s requirement of timely voluntary disclosure may significantly accelerate the need to make those decisions, making them more difficult.
Second, it is not clear how this VSD Policy, which covers potential sanctions violations, relates to the CEP, which, for certain financial services areas, also can apply to financial institutions’ potential sanctions issues. On the one hand, the VSD Policy applies to all potential violations of the Arms Export Control Act (AECA), 22 U.S.C. § 2778, the Export Control Reform Act (ECRA), 50 U.S.C. § 4801 et seq., and, the International Emergency Economic Powers Act (IEEPA), 50 U.S.C. § 1705, pursuant to which most economic sanctions are implemented under U.S. law. On the other, the DOJ has explicitly extended the CEP to cover cases investigated by any unit of the Criminal Division—including, presumably, those with jurisdiction to enforce IEEPA and related statutes, such as the Money Laundering and Asset Recovery Section (MLARS). To the extent that there is no further guidance from DOJ, and self-reporting companies are free to choose, we would of course expect them—all things being equal—to self-report to MLARS instead of NSD CES, in order to take advantage of the presumption of a declination available in the CEP, as opposed to the presumption of an NPA under the VSD Policy.
As noted above, we view the DOJ’s program of issuing additional guidance to the corporate user community favorably, and see this latest installment as a useful addition to DOJ’s growing economic sanctions and export controls enforcement program. Whether this new policy will lead to additional voluntary disclosures and individual prosecutions remains to be seen. As it did with the FCPA Pilot Program and CEP, however, we would expect the DOJ to publicly announce one or more enforcement actions consistent with this policy in relatively short order, to demonstrate publicly that the professed benefits are real, and will be extended to companies that fulfill the VSD Policy’s requirements.