DOJ leadership highlights national security focus and previews new corporate enforcement guidance

During a speech in connection with the 2023 Summit for Democracy on March 28, 2023, Deputy Attorney General (DAG) Lisa O. Monaco outlined how the DOJ is using its corporate criminal enforcement tools to respond to global threats to U.S. national security and the rule of law.  On May 3, 2023, during a speech at the Ethics and Compliance Initiative IMPACT Conference, Principal Associate Deputy Attorney General (PADAG) Marshall Miller, built on the DAG’s prior remarks and laid out new initiatives the DOJ is undertaking to fight national security-related corporate crime, as well as new guidance to come regarding M&A deals.

1. National security focus

DAG Monaco and PADAG Miller’s remarks highlighted the growing presence of U.S. national security and rule of law elements in the DOJ’s criminal cases.  PADAG Miller noted that, since October 2022, “roughly two-thirds of the department’s major corporate criminal resolutions have implicated United States national security” and that the DOJ’s national security investigations encounter corporate crime with “disturbing frequency.”  He pointed to three recent cases that illustrate the DOJ’s efforts to prosecute corporate crime that threatens U.S. national security which raised charges of sanctions violations, money laundering, bribery, and even terrorism crimes—from cement companies that funneled money to terrorists,[1] to illicit sales of tobacco,[2] and crypto laundering in North Korea.[3]

While noting DOJ’s continued emphasis and ever active enforcement of anti-bribery laws, including the Foreign Corrupt Practices Act (the “FCPA”) and anti-money laundering statutes, he also called on companies to “pay a new level of attention” to threats such as sanctions evasion, cybercrime, crypto-laundering, technology theft, and export control circumvention. Miller stated bluntly that the DOJ’s “message is simple: national security laws must rise to the top of your compliance risk chart.”

To emphasize the DOJ’s prioritization of sanctions enforcement, Miller quoted DAG Monaco for the proposition that “sanctions are the new FCPA.”  For her part, DAG Monaco noted the DOJ’s vigorous enforcement of sanctions “against Russia, China, Iran, North Korea, and others to disrupt illicit finance schemes.”  Notably, Miller made clear that the use of sanctions-screening software and polices targeted only at sanctioned countries will not be sufficient to resolve the risks.  Miller also stressed the diversity of sources of national security threats: “from construction and finance to agriculture and telecommunications.”

Both DAG Monaco’s and PADAG Miller’s remarks serve as a reminder that companies across all industries need to test and confirm the robustness of their compliance programs concerning remote workers, particularly remote software developers and IT employees who have access to sensitive company systems.  The remarks called for private companies and government agencies alike to ensure that personnel do not unlawfully transfer skills and technology learned through their employment to rogue actors hostile to the rule of law and national security.

2. New national security initiatives

DAG Monaco and PADAG Miller described a number of new initiatives being undertaken by the DOJ to address threats to U.S. national security and the risk of affiliated corporate crime.  The DOJ announced that it is strengthening enforcement of the Foreign Agent Registration Act (“FARA”) and that it will be issuing new rules clarifying the scope of FARA activities requiring registration.[4]  The DOJ also announced the addition of over two dozen new prosecutors to its National Security Division to focus on corporate crime and the creation of the post of Chief Counsel for National Security Corporate Enforcement.  The DOJ is also adding resources to the Bank Integrity Unit of the Criminal Division’s Money Laundering & Asset Recovery Section which prosecutes, among other things, complex and cross-border sanctions cases involving financial institutions.  Similarly, the DOJ is adding staff to its Kleptocracy Initiative which uses “forfeiture and money laundering laws to pursue bribe takers and their ill-gotten gains.”

DAG Monaco and PADAG Miller also pointed to greater interagency cooperation in the area of national security and corporate criminal enforcement.  Both highlighted the formation of the Disruptive Technology Strike Force—a “multi-agency collaboration led by the Justice and Commerce Departments to target illicit actors, strengthen supply chains, and protect critical technological assets from being acquired or used by our adversaries.”  DAG Monaco also described the creation of Task Force KleptoCapture, created within days of Russia’s illegal invasion of Ukraine, which is “bringing together law enforcement from across our government to enforce the sweeping sanctions, export restrictions, and economic countermeasures implemented in response to Russia’s brutality.”  She noted that, as of March, the United States has “successfully seized, forfeited, or otherwise restrained over $500 million in assets belonging to Russian oligarchs and their proxies.”

Further, the DOJ continues to release advisory warnings to help guide companies.  The DOJ has also begun issuing  “joint advisories with the Commerce and Treasury Departments—akin to the FCPA guidance we publish jointly with the SEC.”  

3. More corporate enforcement guidance to come

While heralding the recent corporate enforcement guidance that DOJ announced over the past year, Miller also forecasted yet more guidance coming out in the acquisition context. 

Miller called attention to the recently revised Criminal Division’s Evaluation of Corporate Compliance Programs’ emphasis on the “importance of including compliance voices in the M&A process,” and revealed that the DOJ is working on an update and extension of that approach that “will highlight the critical importance of the compliance function having a prominent seat at the table in evaluating and de-risking M&A decisions.”  Miller also reaffirmed the DOJ’s position that “[a]cquiring companies should be rewarded—rather than penalized—when they engage in careful pre-acquisition diligence and post-acquisition integration to detect and remediate misconduct at the acquired company’s business.”  He noted the Criminal Division’s history of declining “to take enforcement actions against companies that promptly and voluntarily self-disclosed misconduct uncovered in the M&A context and then remediated and cooperated.”  He also reiterated his prior statements that the DOJ will not treat companies with a track record of compliance as recidivists if they acquire a company with a history of compliance problems, “so long as those problems are promptly and properly addressed in the context of the acquisition.”

Miller also underscored the DOJ’s “loud and clear” message that it “is placing a new and enhanced premium on voluntary self-disclosure.”  The DOJ has undertaken substantial efforts recently to standardize and upgrade its approach so that every DOJ component must have a voluntary self-disclosure.  This includes the recent initiative undertaken at DAG Monaco’s direction, for every DOJ component and office taking on corporate enforcement matters to have a voluntary self-disclosure policy.  To that end, in February of this year, all 94 U.S. Attorneys’ Offices adopted a single voluntary self-disclosure policy, although we discussed certain issues and concerns in a prior Client Update.   

4. Key takeaways

DAG Monaco and PADAG Miller’s remarks emphasize the DOJ’s focus on corporate criminal conduct in the context of national security investigations.  As the DOJ continues to prioritize enforcement in this area, corporations would do well to consider taking the following steps:

• Prioritize national security laws (e.g., sanctions, export controls, AML/CFT) in risk assessments, due diligence exercises and compliance programs;
• Enhance controls related to sanctions compliance beyond mere sanctions-screening software and policies targeting only sanctioned countries;
• Test and enhance controls and due diligence measures concerning freelance and remote IT workers and software developers;
• Consider new controls targeting cybercrime, crypto-laundering, and technology theft;
• Train employees on national security laws and related threats;
• Include compliance personnel in evaluating and de-risking M&A decisions, particularly those involving companies with an international presence;
• Bear in mind the government’s enhanced premium on voluntary self-disclosure when evaluating whistleblower allegations and conducting internal investigations; and
• Continue to monitor for additional guidance from the DOJ, the SEC, Commerce, Treasury, State, and the FBI in these areas.

In addition, based on the DOJ’s emphasis on compliance in the M&A context, companies are also advised to evaluate their M&A due diligence process and post-closing implementation of the company’s compliance program after the close of the deal.  Although the forthcoming guidance will provide more insights into how the DOJ is going to evaluate compliance programs in this area, the further along the company’s policies and practices now the better, and the DOJ’s Evaluation of Corporate Compliance Programs provides a helpful roadmap of DOJ’s expectations in this space.