The Battle Lines Are Drawn: What Industry Should Expect From New National Security-Premised Restrictions

Recently, the whole of the U.S. government has showcased its commitment to addressing the national security implications of certain corporate activities. On September 11, 2023, the U.S. Department of Justice (DOJ) tapped its first National Security Corporate Enforcement Chief. The previous week, the Congressional Research Service published two updated reports¹ surveying the United States’ existing national security legal framework, in light of recent and anticipated expansion of U.S. national security laws. The U.S. government increasingly views corporate activities involving advanced technologies as posing one of the “most direct, serious threat[s]”² to the national security of the United States, thereby thrusting the private sector to the frontlines of the struggle for dominance in the new global order. This means that every business decision — from operations to employment, information and communications technologies and services sourcing, sales, distribution, mergers and acquisitions, and more — now runs the risk of being scrutinized by the U.S. government under a powerful national security lens.

Criminal and administrative investigations into corporate activities such as sanctions and export control evasion, corruption, money laundering, and cyber- and crypto-enabled crimes are increasingly — now routinely — said to raise national security concerns. Companies are, in turn, being forced to find quick solutions to address and, in some cases, disclose these highly sensitive issues as they arise. With national security concerns now on every front of their operations, companies must be prepared to navigate these challenges by seeking guidance from expert counsel to understand how to address the dynamic environment they face.

Put simply, any entity that engages in cross-border transactions, relies on an international supply chain, hires foreign nationals, or develops or creates advanced technologies runs a substantial risk of increased administrative enforcement activity and restrictions. DOJ prosecutors will also be watching closely. Principal Associate Deputy Attorney General Marshall Miller recently remarked:

Since October 2022 — so over the last seven months — roughly two-thirds of [DOJ’s] major corporate criminal resolutions have implicated United States national security. The charges have varied, from sanctions violations to terrorism crimes and money laundering for Russian interests, and so have the corporate defendants, which have operated in industries from construction and finance to agriculture and telecommunications. But the trend is real, and we’re committed to dedicating the resources necessary to counter the threat.

The message is clear: sanctions are the new Foreign Corrupt Practices Act (FCPA). DOJ has dramatically increased its resources targeting criminal export controls and sanctions enforcement, just as it did 15 years ago with respect to the FCPA. DOJ’s increased investment in FCPA enforcement paid off in the landmark Siemens AG guilty plea and criminal fine, and has continued to pay dividends in investigations, prosecutions, and penalties ever since. Many clues indicate that “national security” restrictions are next.

Consider just the first eight months of 2023:

• A first ever “Joint Compliance Note” from the U.S. Departments of Justice, Commerce, and the Treasury.³ Matthew S. Axelrod, Assistant Secretary of Commerce for Export Enforcement, cautioned: “As this first-ever joint compliance note makes clear, it is incumbent upon industry to maintain effective, risk-based compliance programs.”
• A first ever “Chief Counsel for National Security Corporate Enforcement” position created at the DOJ National Security Division (NSD). The Chief Counsel will lead investigations and prosecutions of corporate entities for sanctions and export control violations, Foreign Agents Registration Act (FARA) violations, and/or other criminal statutes and offenses. That same office at DOJ NSD is hiring 25 new prosecutors, meaning more grand jury subpoenas and corporate criminal resolutions, more support for U.S. Attorneys’ Offices in the field, and more coordination with — and pressure upon — regulatory agencies. 
  
  According to Assistant Attorney General (AAG) for National Security Matthew G. Olsen, “We have watched with concern as investigations of corporate misconduct increasingly reveal violations of laws that protect the United States … [e]nforcing the laws that deny our adversaries the benefits of America’s innovation economy and protect technologies that will define the future is core to the National Security Division’s mission.”
• A first ever “Joint Disruptive Technology Strike Force.” Under the leadership of DOJ NSD and Commerce’s Bureau of Industry and Security (BIS), this strike force will bring together experts from all parts of the government — including the Federal Bureau of Investigation, Homeland Security Investigations, and 14 U.S. Attorneys’ Offices in metropolitan regions across the country — to target exports and supply chain acquisitions by corporate entities.
  
  The task force, according to AAG Olsen, “takes aim at those who imperil our national security and the rule of law by illegally transferring sensitive technologies to foreign adversaries. We must remain vigilant in enforcing export control laws, which defend military readiness, preserve our technological superiority over our adversaries, and help to protect human rights and democratic values.”
• Unprecedented Joint BIS/FinCEN Alerts, urging financial institutions to be vigilant against efforts by individuals and entities to evade sanctions and export controls.

Moreover, these measures must be considered through the lens of DOJ’s updated “Evaluation of Corporate Compliance Programs” document, which has become ever more expansive and comprehensive over time. Combine this U.S. government push towards “national security” compliance with the unprecedented current emphasis on corporate voluntary self-disclosures, and ever-increasing financial incentives for whistleblowers,⁴  and you get stakes for companies that have never been higher.

This new emphasis on cooperation, DOJ’s willingness to use additional tools such as the False Claims Act as levers to bring companies to heel, and more recent actions such as BIS’ largest standalone administrative resolution in the Seagate Technology case, demonstrate that the old way of looking at enforcement is no longer sufficient. Companies that assume that Commerce merely presents regulatory issues — or that the prospect of sanctions transgressions can be cured by software — are assuming an unacceptable level of risk. With DOJ prosecutors increasingly cohabitating the compliance space with regulators, DOJ is sure to look to bring action in the courtroom, and not just the boardroom.

Conclusion

A deluge of national security-premised executive orders, and competing regulatory and congressional actions, has coincided with an intensified DOJ focus on corporate liability and voluntary self-disclosures. In this dynamic and risky legal environment, companies must proactively seek to insulate their business interests from the risk of government intervention. A simple “wait-and-see” approach relying on conventional business decisions will not survive the next generation of enforcement actions. The financial costs of failure to make a voluntary self-disclosure can greatly enhance the risk for corporations, officers, and employees alike.

A comprehensive “national security survey” by a team of expert counsel would signal to shareholders and the U.S. government a corporate commitment to U.S. national security priorities, would encourage public and private investment, and could forestall further regulator and prosecutorial intervention. Such a top-to-bottom survey of a company’s risk profile should include a review of all corporate activities that implicate U.S. national security or national security-adjacent risks, including potential violations of human rights, Anti-Money Laundering/Countering the Financing of Terrorism standards, and transborder flows of personal data.

Counsel with deep expertise and direct government experience will be integral in helping companies stay ahead of the compliance game as there already exist a vast number of complex national security related laws — the International Emergency Economic Powers Act, FARA, the Export Control Reform Act, the Arms Export Control Act, the FCPA, and the Economic Espionage Act, to name a few — and the watchdogs seem ready to hunt.

© Arnold & Porter Kaye Scholer LLP 2023 All Rights Reserved. This Advisory is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.