DOJ’s National Security Division Issues First Declination Under the Division’s Enforcement Policy for Business Organizations

DOJ’s National Security Division Issues First Declination Under the Division’s Enforcement Policy for Business Organizations

May 30, 2024, Covington Alert

What You Need to Know:

• On May 22, 2024, the Department of Justice (“DOJ”) National Security Division (“NSD”) announced its first ever declination under the NSD Enforcement Policy for Business Organizations, explaining that DOJ was declining to prosecute the biochemical company MilliporeSigma for a number of export control and smuggling offenses.
• The case involved a scheme to defraud MilliporeSigma by a company employee and other individuals, as well as export control violations committed in connection with the scheme. According to the materials released by DOJ, a MilliporeSigma sales employee sold the company’s products—including analytical samples of narcotics and other controlled substances and purified noncontagious proteins of contagious diseases—ostensibly to a university in Florida but in reality for diversion to purchasers in China. Misrepresenting the university as the customer allowed those participating in the scheme to obtain lower prices and favorable shipping arrangements for the products. The nature and value of the products were misstated in Electronic Export Information (“EEI”) filings submitted to the government in connection with the exports to China, and some of the products lacked licenses required for export under the International Traffic in Arms Regulations (“ITAR”), while others lacked licenses required for export under the Export Administration Regulations (“EAR”).
• DOJ declined to prosecute MilliporeSigma because of several factors, including:
  • MilliporeSigma’s prompt and fulsome voluntary disclosure of the conduct;
  • the company’s exceptional and proactive cooperation with DOJ’s ensuing investigation, which contributed to DOJ’s prosecution of two individuals who ultimately pled guilty to crimes stemming from the scheme;
  • the company’s timely and appropriate remediation;
  • the company’s status as a victim of the scheme, through which the company was deceived into selling the products at a lower price intended for an academic purchaser; and
  • the lack of a “significant threat to national security” posed by the scheme, in light of the relatively limited quantities shipped and the fact that most of the products shipped did not require licensing for export to China.

The Declination Reflects a Milestone in the Evolution of NSD’s Corporate Enforcement Policy.

The MilliporeSigma declination is a notable moment for NSD’s efforts to encourage and reward corporate voluntary disclosures of possible criminal trade controls violations. For the first time, NSD has utilized its corporate enforcement policy and declined to prosecute a company in the case of a voluntary self-disclosure. In declining to prosecute the company, DOJ allowed the company to avoid a variety of consequences that are typically found even in the most lenient corporate criminal settlement agreements, including monetary penalties, compliance obligations, self-reporting and compliance certification requirements, and cooperation obligations as to both U.S. and non-U.S. government investigations.

This first declination under NSD’s Enforcement Policy for Business Organizations comes after years of revisions to the policy to encourage more voluntary disclosures. NSD’s first version of the policy in 2016 and second version in 2019 did not even mention the possibility of resolving a voluntarily disclosed violation through a declination (offering only a non-prosecution agreement (“NPA”)), while the 2023 and currently operative 2024 versions added a reference to a possible declination at NSD’s discretion.

The first publicly announced resolution under the policy came in 2021, in an NPA between NSD and the software company SAP. In that NPA, SAP admitted to willful violations of U.S. sanctions and export controls in the form of unlicensed exports of U.S.-origin software to Iran and the provision of U.S.-based cloud services to users in Iran. According to NSD, SAP met the expectations for voluntarily disclosing companies articulated in the version of the policy that was operative at that time. Specifically, SAP voluntarily disclosed, fully cooperated, and timely and appropriately remediated, while DOJ apparently concluded that the facts of the case did not present sufficient aggravating factors to warrant a harsher settlement, such as a Deferred Prosecution Agreement (“DPA”) or guilty plea. At the time of that resolution, the operative NSD policy made no mention of a possible declination, and SAP seems to have obtained the most lenient available resolution under the policy. As a result, SAP took on many of the negative consequences of a criminal settlement that MilliporeSigma was able to avoid through its declination.

From one perspective, then, the MilliporeSigma declination shows NSD making good on the somewhat tentative offer of possible declinations for disclosing companies that was added to the policy in 2023. The 2023 and 2024 versions of the policy retained the 2019 version’s “presumption that the [disclosing] company will receive a non-prosecution agreement and will not pay a fine,” but also added that “NSD has the discretion to issue a declination.”

That said, as corporate criminal export controls cases go, the facts at issue in the MilliporeSigma case were exceptionally favorable to the company. The crimes were committed not for the benefit of MilliporeSigma but for the benefit of a single company employee and outside actors and at the expense of the company, with the company most fairly viewed as a victim of the scheme. DOJ’s declination letter reflects a conclusion that MilliporeSigma could be charged with various export control crimes, presumably on a respondeat superior basis, because one of the individual conspirators was a MilliporeSigma employee acting within the scope of his employment as a salesperson. However, given the company’s status as a victim, the facts as presented publicly can be assessed as existing only at the very edge of the respondeat superior doctrine.

Moreover, the corporate declination letter and charging documents in the individual cases show that the violations of law at issue sounded principally in garden-variety fraud, with the national security crimes playing only a secondary role in the case. As NSD’s declination letter explains, fraud was, “under all of the circumstances, the most serious readily provable offense committed by the conspirators.” As a result, it is perhaps unsurprising that DOJ concluded there was little threat to national security from the scheme.

NSD Declinations May Continue To Be Far Less Frequent Than in Other Areas of Corporate Enforcement.

In light of MilliporeSigma’s status as a victim and the lack of national security harm from the allegedly criminal conduct, it is difficult to assess the true import of the declination. Does it represent a move by NSD towards resolving more voluntary disclosures with declinations, or is it a product of a uniquely sympathetic set of facts? Can a company considering whether to disclose employee conduct that was motivated by a desire to increase corporate profits rather than defraud the company, or that meaningfully harmed national security, hold out hope of obtaining a declination like the one MilliporeSigma received? Or should a company in one of those scenarios look to an NPA like the one SAP obtained as a best-case scenario?

On the one hand, the declination certainly is situated within a larger DOJ effort to reward disclosures. It comes at a time when DOJ is actively working to encourage voluntary disclosures by companies and whistleblower reports by individuals throughout the Department’s various criminal components, as detailed in several other alerts we have issued.

On the other hand, the currently operative 2024 version of the policy makes clear that NSD is less willing than other DOJ components to extend leniency to companies that voluntarily disclose. The policy notes that “[v]iolations of U.S. export control and sanctions laws harm our national security or have the potential to cause such harm, and this threat to national security informs how NSD arrives at an appropriate resolution with a business organization that violates such laws and distinguishes these cases from other types of corporate wrongdoing.” That phrasing echoes nearly identical language that appeared in the original, less lenient 2016 version of the policy.

As a result, it remains unclear whether NSD will offer declinations to companies that voluntarily disclose, fully cooperate, and appropriately remediate in more typical corporate criminal trade controls cases, including those involving alleged crimes that benefited a company or risked more meaningful national security harm. Future corporate resolutions reached by NSD may provide more insight into how far NSD is willing to go to reward and encourage voluntary disclosures.

If you have any questions concerning the material discussed in this client alert, please contact the members of our White Collar Defense and Investigations and International Trade practices.