This week’s regulatory compliance note—a tri-seal effort between the Commerce Department’s Bureau of Industry and Security (BIS), the Justice Department, and OFAC—summarized the procedures for voluntary self disclosure of potential violations of sanctions and export controls. The note also highlighted that disclosures can result in significant mitigation of civil or criminal liabilities, while also helping expose threats to US national security and foreign policy objectives.

  • The compliance note highlights that prompt, voluntary self-disclosures could result in a reduction—and, in some cases, a waiver—of the potential criminal liability.
  • If a company voluntarily self-discloses potential criminal violations, fully cooperates, and remediates the causes of violations, the Justice Department generally will not seek a guilty plea, and the company likely will receive a non-prosecution agreement and avoid a fine, although the note stresses that a non-prosecution agreement may not apply if aggravating factors exist.
  • A disclosure only to OFAC or BIS, but not to the Justice Department’s National Security Division will not qualify for the non-prosecution policy.
  • OFAC and BIS both stress that a company will significantly reduce its penalties if it discloses, researches, and mitigates the root causes of their violations in a timely manner.

Aggravating factors could include failure to have a compliance program, willful ignorance of US sanctions and export controls, or attempts to hide violations.

A thorough look at settlements reached between regulators and violators shows that voluntary self-disclosure is a significant mitigating factor in reducing fines and penalties. A settlement between British American Tobacco in April showed the company not only to have engaged in egregious conduct, transacting with North Korean entities and generating revenue for the Kim regime, but also failed to disclose the conduct and attempted to conceal it. The violations resulted in more than $508 million in fines.

In contrast, a settlement with Microsoft that same month showed that the company not only voluntarily disclosed possible violations that occurred between 2012 and 2019, but also implemented significant remedial measures upon discovery of the apparent violations, resulting in a roughly $3 million fine—a fraction of the maximum penalty.

The note highlights the importance of having a robust and comprehensive compliance program, with timely disclosure and remediation being part of the process. A self-initiated lookback at potential violations, an examination of the root causes of the violations that includes data, linguistic, jurisdictional, and legal analysis, and appropriate enhancements to existing compliance efforts can not only mitigate penalties, but also help US firms and financial institutions avoid violations in the first place.

FiveBy has the capabilities, certified sanctions specialists, data and forensic analysts, and cultural and linguistic experts to help your firm or financial institution examine root causes of possible violations, structure a comprehensive self-disclosure to regulators, and enhance compliance efforts to help avoid inadvertent violations in the future. Click below to request a free consultation.

FiveBy IntelSentry