The past few months have seen numerous high-profile enforcement actions highlighting an increasing trend, what Deputy Attorney General Lisa Monaco called “the biggest shift in corporate criminal enforcement that I’ve seen during my time in government: the rapid expansion of national security-related corporate crime.” From the first-ever criminal resolution for sanctions violations from illicit sales and transport of Iranian oil by Suez Rajan Ltd. to guilty pleas and $4.3 billion in penalties by Binance and CZ related to sanctions and anti-money laundering, the Department of Justice has been on a roll, and it doesn’t appear to be slowing down any time soon. The good news for corporations is that even as the stakes rise to implicate national security, the Department continues to incentivize and reward corporate responsibility.

In a pair of recent speeches, Deputy Attorney General Lisa Monaco and Principal Associate Deputy Attorney General Marshall Miller highlighted the Department’s latest actions and plans to address the rise in national security related crimes, such as terrorist financing, sanctions evasion, circumvention of export controls, cyber- and crypto-crime, FCPA violations, and intellectual property theft that affects critical supply chains and involves disruptive technologies. The Department has rolled out several initiatives aimed at expanding enforcement, enhancing deterrence, and increasing punishment; chief among these strategies is an increased emphasis on voluntary self-disclosures (VSD).

Voluntary Self-Disclosure Policy

In March, DAG Monaco ordered every Department component engaged in corporate criminal enforcement to adopt a voluntary self-disclosure policy. (Bracewell’s Seth DuCharme discussed the rollout with Law360.) Under that policy, if a company makes a qualifying VSD, it may receive resolutions under more favorable terms than if the government had learned of the misconduct through other means.

In November 28, 2023 remarks at the New York City Bar Association’s International White Collar Crime Symposium, PADAG Miller emphasized that the “value proposition of voluntary self-disclosure extends with particular force to the mergers and acquisitions (M&A) space, where the disclosing company is essentially operating as a corporate whistleblower, diming out illegal conduct that took place at a different entity – the M&A target.” To that end, speaking at the Society of Corporate Compliance and Ethics’ 22nd Annual Compliance & Ethics Institute on October 4, 2023, DAG Monaco announced a Mergers & Acquisitions Safe Harbor Policy. She explained that “[i]n a world where companies are on the front line in responding to geopolitical risks – we are mindful of the danger of unintended consequences. The last thing the Department wants to do is discourage companies with effective compliance programs from lawfully acquiring companies with ineffective compliance programs and a history of misconduct. Instead, we want to incentivize the acquiring company to timely disclose misconduct uncovered during the M&A process.”

Highlights of the Safe Harbor Policy include:

• Timing: companies must disclose misconduct discovered at the acquired entity within six months from the date of closing, whether the misconduct was discovered pre- or post-acquisition.
• Remediation: companies will have a baseline of one year from the date of closing to fully remediate the misconduct. Recognizing that not all deals are the same, both baselines are subject to a reasonableness analysis and, depending on the specific facts, circumstances, and complexity of a particular transaction, those deadlines could be extended by prosecutors.
• Aggravating factors: the presence of aggravating factors at the acquired company will not impact in any way the acquiring company’s ability to receive a declination. Unless aggravating factors exist at the acquired company at the time of acquisition, that entity can also qualify for applicable VSD benefits.
• Recidivism: misconduct disclosed under the Safe Harbor Policy will not be factored into future recidivist analysis for the acquiring company.
• As with any VSD, the Safe Harbor Policy does not apply to misconduct that was otherwise required to be disclosed or already public or known to the Department.

The policy will only apply to criminal conduct discovered in bona fide, arms-length M&A transactions. To that end, PADAG Miller warned that “our prosecutors will be scrutinizing every disclosure. Not only would a sham transaction not qualify, but it may even subject the disclosing company to additional criminal liability. For example, if we find out that a company improperly structured a transaction to avoid applicable reporting obligations, it would not qualify for the protections of the policy.”

Additional Recent Initiatives

In recent months, the Department has added more than 25 new corporate crime prosecutors in the National Security Division, including the division’s first-ever Chief Counsel for Corporate Enforcement. And it increased by 40 percent the number of prosecutors in the Criminal Division’s Bank Integrity Unit, which holds accountable financial institutions that violate US sanctions and the Bank Secrecy Act.

The Department is also employing new remedies in corporate criminal resolutions, such as divestiture of specific lines of business, specific performance as part of restitution and remediation, and tailored compensation and compliance requirements.

Further, reflecting its expectation that corporations will use compensation systems to align their executives’ financial interests with good corporate citizenship, the Criminal Division has adopted a “two-part pilot program” related to compensation: (1) every corporate resolution involving the Criminal Division now includes a requirement that the resolving company develop and implement compliance-promoting criteria within its compensation and bonus systems; and (2) companies that withhold or seek to claw back compensation from corporate wrongdoers can obtain a reduction of financial penalties by the amount of the clawback.

Looking Forward

The Department has made clear its view that “the tectonic plates of corporate crime have shifted” such that “national security risks are widespread,” and its expectation that companies recognize these risks and adjust accordingly, starting with the deal and continuing through operations. As such, transactional attorneys advising boards and deal teams need to keep in mind the enhanced premium the Department places on timely compliance-related due diligence and integration. Failure to perform effective due diligence or self-disclose misconduct at an acquired entity will subject a company to full successor liability for that misconduct. Post-acquisition, companies should—consistent with the established VSD policy—continue to monitor for any signs of wrongdoing in their organizations and consider making a VSD should any be uncovered.