Foreign Corrupt Practices Act

As the interplay between export controls, trade sanctions, and anticorruption enforcement continues to intensify, multinational companies must remain vigilant in ensuring that their compliance programs address the many overlapping and ever-evolving regulatory risks across their global supply chain.

This article will explore recent trends in the interplay between export controls, trade sanctions, and Foreign Corrupt Practices Act (FCPA) enforcement; the enhanced coordination between enforcement agencies; and best practices for adjusting compliance strategies in this heightened regulatory environment.

Sanctions: ‘The new FCPA’

U.S. Deputy Attorney General Lisa Monaco repeatedly has stressed in public remarks over the past two years that sanctions are “the new FCPA.” More specifically, the scope of sanctions and export control enforcement that has followed Russia’s invasion of Ukraine has reached, as Monaco described, “a new order of magnitude.”

Sanctions risk is no longer limited to the banking sector alone, but rather “should now be at the top of every company’s risk compliance chart.” Since Monaco sounded that warning bell two years ago, several sectors have faced sanctions enforcement actions, including FinTech, tobacco, consumer goods, construction, transportation, defense, and agriculture.

Sanctions and export controls enforcement surged both in case volume and penalty amounts. In 2023, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) resolved 17 cases, amounting to a record $1.5 billion in penalties. The Department of Commerce’s Bureau of Industry and Security (BIS) also had a record enforcement year in 2023, imposing its highest number of convictions, temporary denial orders (TDOs), and post-conviction denial orders.

Adding to the enhanced enforcement landscape, the Department of Justice’s (DOJ) National Security Division (NSD) last year onboarded its first chief counsel and deputy chief counsel, tasked with coordinating and overseeing the NSD’s investigations and prosecutions of corporate crime on U.S. national security matters.

These appointments are in addition to the more than 25 new prosecutors tasked with investigating and prosecuting economic crimes, including sanctions evasion and export control violations. These new hires “will work closely with U.S. attorneys’ offices and the Criminal Division to apply enforcement strategies,” Monaco remarked. Practically speaking, sanctions and export control violations involving bribery or corruption could also lead to FCPA violations.

Revised VSD policies

Complementing heightened enforcement initiatives, the NSD and the BIS recently revised their voluntary self-disclosure (VSD) policies to incentivize the reporting of export controls and sanctions violations.

The NSD’s revised VSD policy, issued in March 2024, states that when a company voluntarily self-discloses potentially criminal violations to NSD – and no other agency – “within a reasonably prompt time after becoming aware” of potential violations, fully cooperates, and “timely and appropriately” remediates, NSD “generally will not seek a guilty plea, and there is a presumption that the company will receive a non-prosecution agreement and will not pay a fine.”

According to the NSD, aggravating factors that could result in a more stringent resolution include:

• Egregious or pervasive criminal misconduct within the company;
• Upper management’s concealment or involvement in the criminal conduct;
• Repeat administrative or criminal violations of U.S. national security laws;
• Fraudulent or corrupt acts that actively concealed sanctions or export offenses;
• Unlawful transactions or exports involving a Foreign Terrorist Organization or Specially Designated Global Terrorist;
• Exports of military items to a hostile foreign power, or items known to be used to construct weapons of mass destruction.

Self-disclosing a violation is never an easy decision and should be done with the assistance of legal counsel. Once a self-disclosure decision is made, the likely result will be the disgorgement of profits made from the criminal conduct, required investments in the compliance program, and the remediation of compliance weaknesses following a thorough root cause analysis.

NSD said it will consider whether appropriate disciplinary measures were taken, such as compensation clawbacks, for culpable employees, and/or whether supervisory authorities failed in their oversight responsibilities. For a case study, refer to the NSD’s first-ever declination letter, issued to MilliporeSigma, in May.

The BIS is another agency that recently revised its VSD policy. Under the BIS’s VSD policy, if a company or university voluntarily discloses a non-egregious violation of the Export Administration Regulations (EAR), they will be rewarded with a substantially reduced civil penalty. Conversely, the BIS’s revised policy clarifies that if a company or university deliberately decides not to disclose a “significant possible violation” uncovered by its export compliance program, this will be considered an aggravating factor moving forward, stated Matthew Axelrod, Assistant Secretary for Export Enforcement, in a policy memo.

BIS guidance documents

Companies seeking to strengthen their sanctions compliance programs may find it helpful to review the following guidance documents recently issued by the BIS:

• “Red Flag” letters: These letters, sent to specific U.S. companies, alerted them about customers in their supply chains that continue to export high-priority items to Russia, as identified by customs data. The BIS encouraged these companies to perform enhanced due diligence on these customers and screen export transactions against commercially available datasets, like the Trade Integrity Project website.
• Letters to manufacturers and distributors: BIS also sent letters directly to U.S. manufacturers and distributors, each containing a list of more than 600 foreign parties identified as continuing to sell dual-use items to Russia. Those letters requested the voluntary ceasing of shipping to these parties “due to the high risk of transshipment to Russia,” Axelrod said in public remarks made in March.
• Boycott List: Under EAR regulations amended last year, companies that report boycott requests must disclose the requesting country and the requesting party’s identity. In March 2024, the BIS published the list of those entities that made boycott requests. Axelrod said the list is meant to be used “as a resource for companies, financial institutions, freight forwarders, and others” to help comply with EAR’s antiboycott reporting requirements.
• Freight Forwarder Guidance and Best Practices: This recently updated guidance provides an overview of freight forwarders’ roles and responsibilities in export transactions. It also highlights best practices and red flags that may indicate diversion tactics.
• “Don’t Let This Happen to You”: In March 2024, BIS published an updated version of “Don’t Let This Happen to You,” a compendium of export control investigations and antiboycott violations in the regions of Russia, China, Iran, and other parts of the world.

Additionally, the BIS and the Financial Crimes Enforcement Network released a joint alert identifying 13 red-flag indicators of export control violations specific to the financial services industry. These agencies urge financial institutions and others to be vigilant against these common sanctions-evasion techniques.

Compliance considerations

There is no shortage of guidance for compliance teams looking to strengthen their sanctions compliance programs. Consider, for example, the following trio of Tri-Seal Compliance Notes that OFAC, DOJ, and the BIS have released in recent months:

• A tri-seal advisory addressing obligations of foreign-based persons to comply with U.S. sanctions and export control laws, and an overview of compliance considerations for non-U.S. companies and compliance measures to help mitigate the risk of noncompliance.
• A tri-seal advisory highlighting VSD policies that apply to U.S. sanctions, export controls, and other national security laws, and an overview of recent policy updates.
• A tri-seal advisory highlighting tactics used by malign actors to evade Russia-related sanctions and export controls, designed to assist companies in identifying warning signs and implementing appropriate compliance measures.

Additionally, the governments of five countries – the United States, Canada, the United Kingdom, Australia, and New Zealand – issued a first-of-its-kind “quint-seal” advisory that, in part, highlights a risk-based approach to export compliance and further provides an additional list of potential red flag indicators of export control and/or sanctions evasion that may be relevant to exporters.

All of these agency frameworks collectively should be go-to resources when reviewing and enhancing a sanctions and export controls compliance program, because these are the agencies that ultimately will be paying close attention to how companies are prioritizing their risks, performing risk assessments, conducting enhanced due diligence, investing in technology upgrades, remediating compliance weaknesses, and overall taking accountability for their export controls and sanctions violations.

As Axelrod stressed in recent remarks, “Effective compliance is the first component of effective enforcement. It’s the compliance programs that you build that identify and manage risk with new or existing customers, suppliers, and distributors. It’s the time, money, and effort that you put into your compliance programs that stop sensitive U.S. technology from going to our adversaries.”

ACI will be holding its “International Conference on the FCPA” on Dec. 4-5 in Washington, DC. For more information, and to register, please visit: For more information, and to register, please visit: https://www.americanconference.com/fcpa-dc/