In our first post in this series, we described the different agencies that could be involved in an investigation of export controls and sanctions violations, noting that the agencies have overlapping jurisdiction but different enforcement priorities, authority, requirements, and penalties.
In this post, we focus on how the potential involvement of multiple agencies in an investigation of export controls and/or economic sanctions will impact the way the investigation proceeds, its scope, and its underlying strategy. Ultimately, the goal should be a unified internal investigation that is appropriately scoped and undertaken to satisfy all the interested agencies, i.e., one and done.
Investigation Considerations for Parallel Proceedings
Practically, if a company discovers a violation through a compliance audit or whistleblower complaint, or is informed of an investigation by a US government agency, the company should consider the possibility that parallel proceedings by multiple agencies may ensue or that related violations under the jurisdiction of another agency may require parallel investigations.
For example, exports or reexports of U.S.-origin items to Iran could potentially violate both the Iranian Transactions and Sanctions Regulations (ITSR), enforced by the Office of Foreign Assets Control (OFAC); as well as the Export Administration Regulations (EAR), enforced by the Bureau of Industry & Security (BIS). In addition, willful violations of OFAC regulations and the EAR could trigger criminal enforcement by the Department of Justice’s National Security Division (DOJ NSD) and various US Attorney’s Offices, if there is evidence of intentional or willful conduct to violate the law. Criminal enforcement very often involves agents from the Federal Bureau of Investigation (FBI) and the Department of Homeland Security Immigration & Customs Enforcement (DHS ICE) or DHS Customs & Border Patrol (DHS CBP).
In an illustrative case of multiple agencies investigating the same conduct, Zhongxing Telecommunications Equipment Corporation (ZTE) eventually faced all of the above agencies during the course of the multi-year US government investigation. However, the investigation began with a 2012 media report alleging potential ITSR violations, which was followed by service of an administrative subpoena by a BIS Special Agent investigating potential EAR violations only. Subsequently, the criminal investigation was made public and five years later, a settlement was reached involving DOJ, OFAC, and BIS.
It is also not unusual that, in the midst of investigating a potential violation of the export controls and economic sanctions regulations, a compliance lapse in a wholly different regulatory regime is uncovered, triggering the potential involvement of other DOJ divisions and other US government agencies. The investigations of Weatherford and Schlumberger, which involved issues arising under the anti-bribery compliance programs as well as their sanctions compliance programs, resulted in penalties imposed by the Securities & Exchange Commission (SEC) and the DOJ Fraud Section for violations of the Foreign Corrupt Practices Act (FCPA), in addition to OFAC (Weatherford, and Schlumberger), BIS, and DOJ NSD penalties.
In other instances, the bribery charges arose directly from the requirements of export control regulations. In the recent Airbus settlement and the 2010 and 2011 BAE Systems settlements, the bribery allegations were related to obligations imposed by the International Traffic in Arms Regulations (ITAR) to report certain fees and commissions that could be bribes. The BAE and Airbus cases also illustrate interactions between US enforcement authorities and those from other jurisdictions, such as the United Kingdom and European regulators—the ultimate in parallel proceedings.
Upon discovering a violation, a company should first ensure that the investigation appropriately covers the regulatory regimes and agencies that could be involved. The company should, among other things:
- determine the scope of the potential violation, the subject matter (e.g., what controlled products or prohibited transactions were involved), regimes (what regulations may have been breached), timing (when did potential violations occur, when were they discovered, and when were they stopped, consider any potential interim measures needed to ensure compliance), parties (what individuals, organizations, or third parties may have been involved), and geography (in particular, what countries may have received unauthorized items or services);
- attempt to establish whether the violation was reckless or willful; and
- ascertain whether and at what level management was involved, and whether the violations were systemic or the work of an employee acting without authorization (potential personal liability).
Once an investigation is initiated, the standard investigative processes will need to be designed in contemplation of multiple agency involvement and parallel proceedings. These processes include engaging appropriate advisors, such as external counsel, with specialized expertise in the regulatory regimes and familiarity with particular regulatory agencies; as well as any necessary language and local law qualifications. An investigation plan should be developed; and document preservation, collection, and analysis will need to be scaled for different regulations, employee witnesses, and types of transactions. Consult each agencies’ compliance guidelines (generally published on the relevant agencies’ websites) to ensure that all expectations are met.
If the violations were uncovered internally, one of the key decisions to consider is whether and when to open communications with the relevant government agencies. This includes the decision of whether and when to voluntarily self-disclose the violations to those agencies, which is the subject of our next post, Part 3.