On January 16, 2024, the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) issued new guidance to incentivize voluntary self-disclosure (“VSD”) of possible violations of the Export Administration Regulations (“EAR”). This new guidance—which was announced in conjunction with a speech by BIS’s top enforcement official indicating the EAR enforcement is an increasingly important priority for BIS and the Department of Justice (“DOJ”)—continues a trend of BIS signaling increasingly aggressive enforcement of export control violations.

BIS Signals Increased Enforcement in 2022 and 2023

Compared to more headline grabbing enforcement priorities like the Foreign Corrupt Practices Act (“FCPA”), export-control penalties levied by BIS have historically been quite low, with limited exceptions for “egregious” misconduct. Even with those counted, the top ten FCPA penalties were roughly ten times the top ten EAR-based export-control penalties (with the largest export-control penalty accounting for roughly 80 percent of that total).  However, since the arrival of Matt Axelrod as the Assistant Secretary for Export Enforcement in late 2021, BIS has repeatedly expressed intent to pursue a far more muscular approach to EAR enforcement. 

On June 30, 2022, BIS announced it would increase use of its administrative enforcement powers, highlighting that it would (1) impose significantly higher penalties than it had historically, (2) use non-monetary resolutions for less serious violations, (3) eliminate “no admit, no deny” settlements so companies would have to admit the underlying factual conduct, and (4) begin processing VSDs faster when they involved minor infractions.

On February 16, 2023, BIS and DOJ jointly announced the formation of a Disruptive Technology Strike Force targeting efforts to skirt U.S. export controls and to thereby protect against “critical technological assets being acquired or used by nation-state adversaries.”  

On April 19, 2023, BIS backed up its new enforcement philosophy when it imposed a $300 million civil penalty against California-based Seagate Technology LLC and Singapore-based Seagate International Headquarters Pte. Ltd. (collectively, “Seagate), based on sales of millions of hard disk drives to a company listed on the BIS Entity List on 429 occasions over a several-year period. In addition to the penalty, Seagate was subjected to a multiyear audit and reporting requirement as well as a suspended Denial Order. BIS stated that $300 million was more than twice the company’s estimated net profits from the exports and indicated that Seagate had ignored warnings from its suppliers about its customer being an Entity List designee.

VSD Policy Changes Provide Compliance Incentives

The day before announcing the Seagate penalty, on April 18, 2023, BIS announced it wanted to incentivize the submission of VSDs, including by highlighting that companies that provide “full cooperation” can substantially reduce civil penalties. Full cooperation, in turn, could even lead to “full suspension” of penalties in “non-egregious cases” while reducing the base penalty amount in “egregious case[s].” BIS also made clear that if a party deliberately chose not to disclose significant possible violations, it risked that non-cooperation being applied as an aggravating factor to significantly increase possible penalties. BIS also highlighted that companies or people who learned of others’ violations could use a confidential reporting form to alert BIS to possible violations.

The January 16, 2024 announcement provides four new enhancements to the VSD policy that relate primarily to minor violations:

  • First, BIS now encourages submission of VSDs to its email address—bis_vsd_intake@bis.doc.gov—including for initial notifications, extension requests, and narrative accounts. Hard copy submissions are no longer recommended, and the submissions can also be signed electronically.
  • Second, for minor or technical infractions, BIS recommends using abbreviated narratives for VSD submissions, which encompass an overwhelming majority of all VSD submissions. These narratives require a brief description of the nature of the violations but do not need to contain accompanying documentation unless specifically requested by the Office of Export Enforcement (“OEE”). The narratives also do not need to conduct full five-year lookbacks unless specifically requested by OEE. If OEE suspects aggravating factors exist but were not disclosed, the OEE director will request a full narrative account with all other required information.
  • Third, parties may bundle multiple minor or technical violations, such as ones that occurred due to a good-faith misinterpretation of a rule or checking a wrong box on a form, into one submission.
  • Fourth, because parties making VSDs are prohibited from engaging in activities such as buying, disposing of, transferring, or storing items, BIS encourages companies to (1) request special permission from BIS to engage in otherwise prohibited activities; and (2) email a courtesy copy of the requests to OEE via email to expedite the review. OEE’s presumptive recommendation will be for BIS to authorize such reexports.

Axelrod Drives Home the Enforcement Agenda

In his January 16, 2024 speech at NYU School of Law’s Program on Corporate Compliance and Enforcement, Matt Axelrod made clear that export enforcement is expected to be an increasingly important priority given the growing national security threat posed by sensitive technologies making their way from the United States to the hands of strategic adversaries overseas.  Among other things, he noted that while BIS remains underfunded for its compliance and enforcement mission, it is leveraging partnerships with its federal law enforcement partners—at DOJ, the FBI, Homeland Security Investigations, and FinCEN, among others.  Axelrod also expressed an expectation that we are on the cusp of seeing “more big-ticket corporate resolutions going forward,” and possibly approaching the types of fines we have become accustomed to seeing in FCPA cases. 

Only time will tell whether this enforcement energy at BIS will deliver the impact driving the last two years of policy changes.  In the interim, companies—particularly those involved in developing and exporting more critical emerging technologies—would be wise to heed BIS’s warnings and ensure its compliance programs are properly calibrated to the risk of violations.