Continuing the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) efforts to bolster enforcement and compliance, on April 18, 2023, BIS issued a memorandum announcing significant changes to its voluntary disclosure program. The memorandum, which was followed by public remarks from Matthew S. Axelrod, the Assistant Secretary for Export Enforcement at BIS, is noteworthy for (i) offering unprecedented incentives to disclose potential Export Administration Regulations (EAR) violations by competitors or other third parties and (ii) raising the consequences for failing to voluntarily self-disclose potential EAR violations that BIS later discovers.
Key Takeaways
- Incentivizes reporting alleged noncompliance by others. In what appears to be an unprecedented effort to encourage industry reporting and compliance, the new VSD program incentivizes the private sector to report apparent violations of others. The memorandum states that BIS does not “want parties to suffer in silence when they’re forgoing sales because of our controls while their competitors continue to book revenue.” As such, BIS is openly encouraging the use of its confidential reporting form to advise BIS of potential noncompliance of other companies.
BIS encourages such reporting by creating concrete and never-before offered benefits to the disclosing party. BIS’s Office of Export Enforcement (OEE) can consider “exceptional cooperation” of a party as a mitigating factor, and amongst its subfactors is whether a company has “previously made substantial voluntary efforts to provide information (such as providing tips that led to enforcement actions against other parties) to federal law enforcement authorities in support of the enforcement of U.S. export controls.”[1] Left unsaid is how BIS will effectively track and provide such credit and the shelf life of that credit. The memo also does not explain how BIS will delineate between “good” and “bad” leads in assigning credit to companies, the challenges of which would appear to be compounded over the passage of time, along with leadership and staff turnover.
The incentives and uncertainties created by this program are substantial. For example, will third parties have incentives to disclose even weak allegations in hopes of obtaining future credit? Will there be less transparency among parties to transactions when potential violations are identified out of a fear that it will devolve into a “race to the regulator?” Could certain parties use this program aggressively to weigh down competitors with regulatory scrutiny?
The new reporting incentives also complicate investigative and disclosure decisions. Such decisions are often driven, in part, by the likelihood that the U.S. government will otherwise learn of or be concerned by the potential violations. The program aggressively seeks to tilt that risk calculation in favor of disclosure, as companies have less control over the narrative and BIS’s first impression. Relatedly, in the event a company investigates a matter and reasonably determines that a violation did not occur and does not report, it will need to be prepared to defend that decision in the event a third party later decides to report the matter in some form to BIS or the matter otherwise comes to BIS’ attention.
- Greater penalties for failing to disclose. Under existing BIS enforcement guidelines, OEE looks at various factors when assessing appropriate civil penalties for disclosed export control violations. In the new memorandum, there is now greater risk in not disclosing potential export control violations. Despite the fact that “[f]ailure to voluntarily disclose an apparent violation to OEE does not constitute concealment,”[2] BIS’s enforcement guidelines have provided that “OEE will also consider whether a Respondent’s export compliance program uncovered a problem, thereby preventing further violations, and whether the Respondent has taken steps to address compliance concerns raised by the violation, to include the submission of a VSD and steps to prevent reoccurrence of the violation that are reasonably calculated to be effective.”[3]
BIS emphasizes that this is a “general factor” weighed in an enforcement action and that it can be seen either as a mitigating factor or an aggravating one. Previously, BIS has applied it only as a mitigating factor, but going forward, BIS will also consider the nondisclosure of “significant violations” as an aggravating factor. There is now a more concrete and stark risk that, if BIS uncovers the violation through other channels, nondisclosure will escalate the magnitude of potential penalties.
Additionally, while speaking the day after this announcement at the 2023 Global Ethics Summit, Assistant Secretary Axelrod reminded the audience that the Department of Justice, Department of Commerce, and the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) are working together to ensure proper disclosures have been made to all agencies. He expressly noted that it will be a “stick” for the Department of Commerce if it later on finds out about a violation disclosed to OFAC, but not to BIS, when it should have been disclosed to both.
Action Items for Industry
The U.S. government continues to signal that it is ramping up enforcement. BIS and the Department of Justice (DOJ) just launched the Disruptive Technology Strike Force, and DOJ announced it is hiring 25 prosecutors to investigate and prosecute sanctions evasion and export controls violations.
With these actions, along with the above-mentioned VSD changes, the costs and risks of an export control violation—and failure to disclose potential violations—have never been higher. Companies should take a fresh look at their compliance programs, the risk factors for disclosures, and auditing efforts to ensure they identify potential violations (both under their own roof, but also at their counterparties). Although compliance departments often struggle for resources, BIS is placing industry on notice that if they do not have a robust compliance program in place, they are exposing themselves to significant risk (now also by means of increased focus on confidential third-party reporting).
Companies now have a more complex set of incentives and risks to consider when identifying and assessing potential violations, including those committed by counterparties such as customers, suppliers, or competitors. Importantly, academia is not spared from this enforcement push, as the U.S. government aims to protect critical technology assets developed at universities. This challenging calculus makes it all the more important that companies and universities have the right counsel to help make the best judgment calls and, if need be, to interface with government enforcers looking to wield their new “stick” or to make sure that just due credit is given for prior cooperation.
If you would like to discuss the BIS memorandum in more detail or steps you can take to mitigate potential risks in light of this new BIS posture, please contact us.
[1]15 C.F.R. Supplement No. 1 to Part 766, III.G.4.
[2] 15 C.F.R. Supplement No. 1 to Part 766, III.A.3 note.
[3] 15 C.F.R. Supplement No. 1 to Part 766, III.E (emphasis added).