United States: DOJ, BIS, And OFAC Issue Tri-Seal Compliance Note Regarding Self-Disclosure Of Potential Sanctions Violations – Foley Hoag LLP

Key Takeaways:

  • The DOJ, BIS, and OFAC release Tri-Seal Compliance Note,
    providing consolidated guidance concerning voluntary
    self-disclosures of possible U.S. sanction and export control

  • The DOJ’s updated guidance establishes that, absent
    aggravating factors, when a company voluntarily self-discloses
    suspected criminal violations, cooperates fully, and properly
    rectifies the violation in a timely manner, the DOJ will not seek a
    guilty plea, in general, and there will be a presumption in favor
    of a non-prosecution agreement with no fine.

On July 26, 2023, the U.S. Department of Justice’s
(“DOJ”) National Security Division (“NSD”), the
U.S. Department of Commerce’s Bureau of Industry and Security
(“BIS”), and the U.S. Department of the Treasury’s
Office of Foreign Assets Control (“OFAC”) released a Tri-Seal Compliance Note (“Note”)
concerning the voluntary self-disclosure of potential violations of
U.S. sanctions and export controls. The Note, which is further
detailed below, outlines voluntary self-disclosure
(“VSD”) policies that apply to U.S. export controls,
sanctions, and other national security laws and underscores recent
updates that the DOJ, BIS, and OFAC have made to their respective
VSD policies. The Note also summarizes a whistleblower program
instituted by the Financial Crimes Enforcement Network
(“FinCEN”), which provides monetary rewards for reporting
violations, in certain situations. As addressed below, the guidance
provided in the Note builds upon actions taken earlier in 2023, by
OFAC and BIS (in particular), which have been addressed in a previous client alert, in connection with
their VSD policies.

While the Note is largely a summary of existing VSD policies, it
does include a noteworthy enforcement policy update from NSD as
discussed further below.

DOJ VSD Guidance

As identified in the Note, the DOJ is concerned with two main
threats: (1) the unlawful export of sensitive commodities,
technologies, and services [which] pose[] a serious threat to the
national security of the United States”; and (2) U.S.
individuals and companies or organizations transacting with
sanctioned individuals and entities. To address these issues, NSD
issued a revised VSD policy in early March
2023, which provided incentives for companies to come forward
through VSDs, as a way to reduce, and possibly eliminate, criminal
liability when they notice or identify potential criminal
violations of U.S. sanctions and export control laws.

Consistent with this policy, in the Note, NSD confirms for the
first time that “where a company voluntarily self-discloses
potentially criminal violations, fully cooperates, and timely and
appropriately remediates the violations, NSD generally will not
seek a guilty plea, and there will be a presumption that the
company will receive a non-prosecution agreement and will not pay a
fine.” But, even when companies enter into a non-prosecution
agreement, they cannot keep any funds gained from the underlying
misconduct. Further, the non-prosecution agreement presumption is
inapplicable if aggravating factors are present—such as a
substantial company profit stemming from the misconduct or
involvement by high-ranking organization members—in which
case NSD may opt for a different resolution (e.g., a guilty

NSD’s policy is only applicable to those companies who
disclose a potential violation to NSD “within a reasonably
prompt time after becoming aware” of the possible infraction;
if the company does not have a legal obligation to disclose; and if
disclosed “prior to an imminent threat of disclosure or
government investigation.” If the disclosure is only made to
other agencies such as BIS and OFAC, it is not covered by NSD’s
policy. The disclosing entity must share “all relevant
non-privileged facts known at the time” and fully cooperate
with NSD when making the disclosure. This includes, inter alia,
collecting and preserving relevant documents and information,
facilitating “concurrent authentication of records under
Federal Rule of Evidence 902 and/or 803”, and identifying
potential avenues of investigation for NSD, in a timely manner.

To benefit from NSD’s policy, the disclosing party
“must timely and appropriately remediate any violations.”
Notably, in conducting its analysis, NSD considers whether the
party “implemented an effective and sufficiently resourced
compliance and ethics program.” NSD will also be checking if
disciplinary measures were enacted by the party, such as
compensation clawbacks, with respect to employees who were directly
involved in, or were supervising areas in the company connected to,
the criminal acts.

BIS VSD Guidance

BIS’ VSD policy, which is focused on export control
violations, can be found in Section 764.5 and Supplement No. 1 to
Part 766 of the Export Administration Regulations

As explained in the Note, about a year ago, BIS’ Office of
Export Enforcement (“OEE”) enacted a dual-track process
to evaluate VSDs. First, “VSDs involving minor or technical
infractions are now resolved on a fast-track basis, with the
issuance of a warning or no-action letter within 60 days of final
submission.” Second, VSDs that give rise to potentially more
serious infractions will require OEE to conduct a more thorough
analysis in deciding whether to pursue enforcement. But, in
conducting this analysis, OEE will adhere to the principle that
self-disclosing entities merit substantial credit towards any
potential penalty.

As analyzed extensively in our prior alert, in mid-April 2023, the Assistant
Secretary for Export Enforcement, Matthew Axelrod, issued a memorandum concerning the BIS VSD policy, as
well as BIS’ policy regarding disclosures related to third
parties. This guidance makes clear that BIS will consider a failure
to disclose a substantial possible violation of the EAR as an
aggravating factor. The memorandum also asserted that, when a party
identifies a potential violation of the EAR by another entity and
provides a tip to OEE, BIS will consider this “a mitigating
factor under the penalty guidelines if the information leads to an
enforcement action and if the disclosing entity faces an
enforcement action (even if unrelated) in the future.”

Importantly, the memorandum clarifies that companies should not
attempt to avoid conducting an internal investigation to determine
whether a VSD is necessary because it could ultimately be used
against them. Specifically, as one of the factors under the
settlement guidelines (Section III.E to Supplement No. 1 to Part
766 of the EAR), BIS will evaluate whether a company has a
compliance program and, if so, whether or how that program
self-identifies and resolves compliance gaps.

OFAC VSD Guidance

Like BIS and the DOJ, OFAC also encourages VSDs. In its
Enforcement Guidelines (Appendix A to 31 CFR Part 501), OFAC
describes VSDs as a mitigating factor in determining how to enforce
its regulations in any given case. Likewise, where a civil monetary
penalty is at issue, a VSD meeting the necessary requirements can
lead to a 50 percent reduction to the base amount of a potential
civil penalty. In evaluating the actions at issue in a VSD, OFAC
uses a totality of the circumstances approach. This includes, for
example, looking to the relevant party’s compliance program (or
lack thereof) and its effectiveness, as well as identifying whether
the party has taken corrective action to address the possible

For a VSD to qualify for the benefits mentioned above, the VSD
must take place before, or at the same time as, OFAC’s—or
another government agency’s—discovery of the possible
violation (or a similar one). OFAC will decide, on a case-by-case
basis, whether a VSD submitted to another agency is considered a

Moreover, the Note reiterates that disclosures to OFAC will not
count as VSDs in specific circumstances, including when:

  1. A third party is required to and does notify OFAC of the
    apparent violation because the transaction was blocked or rejected
    by that third party (regardless of when OFAC receives such notice
    or whether the subject person was aware of the third party’s

  2. The disclosure includes false or misleading information.

  3. The disclosure is not self-initiated (including when the
    disclosure results from a suggestion or order of a federal or state
    agency or official; or, when the subject person is an entity, the
    disclosure is made by an individual in a subject person entity
    without the authorization of the entity’s senior management. In
    addition, responding to an administrative subpoena or other inquiry
    from, or filing a license application with, OFAC is not a

  4. The disclosure (when considered alongside supplemental
    information) is materially incomplete.

Additionally, OFAC mandates that VSDs contain—or, in a
timely manner, be followed up by—a detailed report that
enables OFAC to obtain a complete understanding of the
circumstances surrounding the potential violation(s). And those who
disclose violations must be responsive to OFAC’s follow-up

FinCEN Whistleblower Program

The Note also highlights that those who report violations
stemming from U.S. trade and economic sanctions or those related to
the Bank Secrecy Act can receive a monetary award through
FinCEN’s whistleblower program.

FinCEN may also reward whistleblowers who provided information
that enables the enforcement of a “related action.” This
means FinCen may compensate individuals who disclose such
information with respect to enforcement actions that proceed under,
for instance, the Export Control Reform Act.

Lastly, while those who disclose are allowed to remain
anonymous, they must be represented by legal counsel when they
choose to do so.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

Leave a Comment