When Deputy Attorney General Lisa Monaco likened sanctions enforcement to the Foreign Corrupt Practices Act (FCPA), it signaled a significant shift in the risk landscape for companies. Now, the Department of Justice (DOJ) views sanctions violations with the same level of scrutiny as bribery and corruption, altering the considerations around voluntary self-disclosure.
In a panel discussion at the Third-Party Risk Management Summit in Atlanta, legal experts explored the implications of this shift. Jessica Sanderson, a partner at Volkov Law Group, highlighted the concern among companies and compliance professionals, stating, "Part of what's so scary about this for companies...is that sanctions have traditionally been strict liability. You don't really need to know that you're violating the law to be held responsible."
Previously, sanctions violations primarily resulted in administrative penalties without the need to establish intent. However, with sanctions enforcement now entering the realm of criminal penalties, the lines are becoming blurred. Sanderson added, "I think we're going to start to see blurred lines."
The panel discussion included David Huntley, Chief Compliance Officer at telecommunications giant AT&T, and Michael Pacella, Chief Compliance Officer at dental product provider Dentsply Sirona. They examined recent high-profile enforcement actions, such as the $635 million settlement reached by British American Tobacco (BAT) with the DOJ and the Office of Foreign Assets Control (OFAC) in April, as well as Wells Fargo's $98 million agreement with OFAC in March.
BAT did not voluntarily disclose its violations, while Wells Fargo did. Both cases involved "egregious" violations. Determining whether to self-disclose sanctions violations is seldom straightforward, and the panelists agreed on the complexity of the decision-making process.
While the DOJ has introduced cooperation incentives to encourage companies to come forward, concerns remain regarding the potential consequences of self-disclosure. Sanderson cautioned that self-disclosure could expose companies to scrutiny across the board. She emphasized the need to consider a company's history alongside the current incident, stating, "The DOJ is looking...at what you've been saddled with in the past."
Huntley highlighted the importance of understanding evolving facts, changing rules, and the ability to demonstrate compliance across the business. He stressed that a one-size-fits-all approach is unlikely to be effective and that regulatory bodies expect companies to take a deep dive into their operations and tailor screening approaches accordingly.
Pacella noted that while there is now more clarity on earning cooperation credit, companies need to carefully evaluate the potential risks and expenses associated with self-disclosure. He mentioned the importance of fully understanding the violations before making a disclosure, as premature or unnecessary disclosures can lead to significant legal costs.
However, there is also a risk that even a well-executed self-disclosure may not be deemed voluntary, as seen in the case of Swedbank Latvia, which agreed to a $3.4 million settlement with OFAC in June. The bank did not self-disclose the violations, as a third party had reported them first.
In conclusion, the decision to voluntarily self-disclose sanctions violations remains a complex and nuanced one. Companies must weigh the potential benefits of cooperation against the risks of government scrutiny and potential reputational harm. As international regulators collaborate more closely than ever, organizations need to carefully navigate the changing landscape, adapt their compliance programs, and ensure a thorough understanding of the facts before making the crucial decision of self-disclosure.
By fLEXI tEAM