Please read our most recent publication in our International Compliance Blog.
Amid the reporting of the newest round of settlements by broker-dealers and financial advisers in late September for employee engagement in off-line business communications, last month also saw New York Governor Kathy Hochul sign legislation (A.836) prohibiting employers from requesting that employees or job applicants disclose the login information—such as usernames and passwords—to their personal online or electronic accounts. The new law, which takes effect on March 12, 2024, also prohibits employers from retaliating against employees or applicants who refuse to provide login information to their personal accounts. As a result of this legislation, New York employers that routinely rely on information they obtain by accessing employees’ or applicants’ personal accounts when conducting internal investigations or responding to Government inquiries may need to adjust their investigative approach.
Expressly, under A.836, employers are prohibited from requesting, requiring, or coercing any employee or applicant to:
- disclose their username, password, authentication information, or any other information used to access their personal account(s) via an electronic communications device;
- access their personal account(s) in the employer’s presence; or
- reproduce in any manner photographs, video, or other information contained within a personal account obtained by means prohibited under the law.
“Personal account” is defined as “an account or profile on an electronic medium where users may create, share, and view user-generated content, including uploading or downloading videos or still photographs, blogs, video blogs, podcasts, instant messages, or internet website profiles or locations that is used by an employee or an applicant exclusively for personal purposes.”
Generally, “employer” is defined as any “person or entity engaged in a business, industry, profession, trade or other enterprise” in New York as well as state or local public and/or governmental agencies in New York (“Subject Companies”). The law does not apply to law enforcement agencies.
There are a few exceptions for Subject Companies under the new law, which permit them to seek access to personal accounts if:
- necessary to comply with a court order or federal, state, or local law;
- needed to access the employer’s internal computer or information systems (“nonpersonal account”);
- the account was provided by the employer and is used for business purposes, and the employer provided prior notice of its right to access the account; or
- the employer knows the account is being used for business purposes.
Subject Companies are also permitted to access electronic communications devices or restrict access to their networks on electronic communications devices that they pay for—in whole or in part—when the payment was conditioned on the Subject Companies’ access rights. However, Subject Companies may not access any personal accounts on these devices. Additionally, the law does not prevent Subject Companies from accessing personal account information that is publicly available or provided voluntarily.
Notably, A.836’s exceptions do not include an exception for conducting internal investigations aimed at possible voluntary disclosures of illegal conduct to the Department of Justice or other securities regulators (i.e., SEC, CFTC and FINRA).
A.836 is scheduled to take effect in March 2024. With that effective date in mind, Subject Companies regulated by the SEC, CFTC or FINRA will need to update their privacy, technology, and communications policies and prepare to navigate a more challenging landscape for obtaining important information about employees and applicants. Although the law’s “federal, state or local law” exception leaves unclear whether responding to a formal subpoena falls within that exception or whether a court order compelling a response to the subpoena will be needed, A.836 will likely result only, at worse, in delays in responding to subpoenas, to the extent the law is construed to require a court order. However, given the potential for delayed subpoena responses, A.836 could result in subpoenas issued directly to the individual employees whose off-line communications are sought in addition to the Company itself (at least where the Subject Company is unaware that the individual is using his/her personal account to conduct business). This could, in turn, result in the Subject Company under investigation having to provide such employees with separate counsel to assist with the employees’ subpoena responses. Having numerous individuals respond to separate subpoenas could in turn make it difficult for the Subject Companies to maintain information symmetry with the regulator.
Notwithstanding A.836’s exception for legally-required responses, the SEC and the CFTC often proceed with investigations using informal letters of inquiry. These letters lack compulsory force, and companies only respond to them voluntarily and in the spirit of cooperation. Likewise, FINRA letters seeking information, at least upon initial issuance, also lack the force of law. Accordingly, Subject Companies receiving such letters of inquiry will likely be prohibited from searching employees’ personal devices and email accounts in response to them. Thus, the SEC/CFTC may instead proceed more often with formal subpoenas against Subject Companies and their implicated employees.
The law does contain an exception for some self-regulatory-organization-related activity, including an employer’s “compl[iance] with a duty … to monitor or retain employee communications, that is established under federal law or by a self-regulatory organization, as defined in section 3(a)(26) of the securities and exchange act of 1934….” However, while the federal securities laws’ books and records requirements request the maintenance of business records for certain time periods, including employees’ business-related communications, it is far from clear whether those laws “establish” a requirement that companies “monitor” employees’ off-line communications to do so, or whether the duty to retain employee communications encompasses a duty to search employees’ off-line communications without cause. At best, this exception raises more questions than answers, and Subject Companies are advised to tread carefully when relying upon this exception.
The new law will also likely frustrate Subject Companies’ internal investigation efforts, where compliance with federal, state or local law is not an issue. This enactment could not only hinder companies’ ability to detect illegal or otherwise non-compliant conduct by its employees, but it could also chill Subject Companies’ ability to avail themselves of the leniency and cooperation credit benefits conferred by voluntary self-disclosures to the federal government (which are by definition “voluntary,” and not necessary to comply with federal, state or local law) under current DOJ, SEC and CFTC enforcement guidance.
In any event, Subject Companies will need to adjust their recordkeeping and off-line communications policies and procedures to address the potential impact of A.836 when it kicks in in March. Ways in which Subject Companies can do this include:
Continuing to Strengthen Off-Line Communication Controls. This includes technological improvements in monitoring communications involving non-Company email addresses, strengthening disciplinary measures against employees upon discovery of their engagement in off-line communications for conducting business, frequent and documented employee training, and an environment that encourages – or at least does not discourage – the internal reporting of violations of the Subject Company’s prohibitions on off-line communications. Given A.836’s exception for the personal accounts of employees that the Company knows has been using them for business communications, Subject Companies should implement technological solutions that detect business communications occurring in its system that involve emails with common personal email account domain names, like gmail.com, hotmail.com, aol.com, yahoo.com, icloud.com, and the like. These controls would enable firms to require employees to provide access to their offline accounts under this exception.
Incentivizing Employee Consent to Access Personal Data. Subject Companies can put in place incentives to obtain employees’ consent to view their personal cell phones, devices, and email accounts. For example, they could allow personal phones in the office only if such consent is given or offer financial incentives to employees for providing their consent. When formulating such incentives, however, Subject Companies must also be careful not to implement coercive policies lest they run afoul of A.836’s restrictions.
Moreover, to the extent any Subject Companies have put in place policies and procedures that require employees to turn over personal devices or email accounts as part of their remediation in connection with their settlements with the SEC or CFTC, they may need to revisit those policies and procedures. The independent compliance consultants assigned as part of these SEC/CTFC settlements will also need to keep the restrictions of A.836 in mind when advising settling companies going forward.
Non-New York-Based Companies Must Tailor Their Off-Line Communications Policies For New York-Based Employees. By its terms, A.836 applies, in relevant part, to any employer “engaged in a business, industry, profession, trade or other enterprise” in the State of New York, including any agent, representative, or designee of the employer. This new law would include any Company operating outside the State of New York that has employees working in the State. These Subject Companies must carefully build into its policies and procedures specific provisions uniquely tailored to the new restrictions applicable to New York employees under A.836.
Steptoe will continue to monitor new developments around A.836 and its implications.
Please check out our most recent publication in our International Compliance Blog.
On October 26, 2023, the Economic Crime and Corporate Transparency Act 2023 (the “Act”) received Royal Assent.
Among other provisions, the Act contains a new “failure to prevent fraud” criminal offence pursuant to which an organization may be liable where (i) a specified fraud offence is committed by an associated person (defined as an employee, agent or subsidiary of the relevant organization, an employee of a subsidiary, or a person who otherwise performs services for or on behalf of the organization), (ii) for the organization’s benefit, and (iii) the organization did not have reasonable procedures in place.
The date for implementation of the Act is not yet clear but it is expected to come into force in the first half of 2024. Over the next few months, we also expect guidance to be produced by the U.K. government detailing what “reasonable procedures” look like, to assist organizations in assessing, and where necessary, improving their own compliance frameworks.
In anticipation of the implementation of the offence, we briefly consider below the scope of the offence, and what organizations should consider doing at this stage to get ready.
To whom will the new “failure to prevent fraud” offence apply?
In our client briefing entitled “The UK’s Introduction of a New “Failure to Prevent Fraud” Offence Edges Closer”, we noted that the original proposal was that the offence only apply to large bodies corporate and partnerships. Despite a proposed amendment by the House of Lords that the offence also apply to other (smaller) organizations, this was defeated by the House of Commons.
Accordingly, the new offence (currently) applies to larger companies and partnerships which meet at least two out of three of the following criteria:
- more than 250 employees
- more than £36 million in turnover
- more than £18m in total assets
The offence will also apply to a parent company if the group meets, in total, two or more of the above three criteria.
Is the offence extra territorial?
In our client briefing “The UK’s Introduction of a New “Failure to Prevent Fraud” Offence Edges Closer”, we cited a fact sheet published by the U.K. Home Office on April 11, 2023.
In that factsheet, it was made clear that the offence is intended to have some extraterritorial effect; namely, if an employee commits fraud under U.K. law, or targeting U.K. victims, their employer could be prosecuted, even if the organization (and the employee) are based overseas.
What offences are caught by the new “failure to prevent fraud” offence?
Again, despite a proposal by the House of Lords that the failure to prevent fraud offence should also cover money laundering, this proposal was rejected.
Accordingly, the offences captured by the “failure to prevent fraud” offence are:
- Fraud by false representation (section 2, Fraud Act 2006)
- Fraud by failing to disclose information, (section 3, Fraud Act 2006)
- Fraud by abuse of position (section 4, Fraud Act 2006)
- Obtaining services dishonestly (section 11, Fraud Act 2006)
- Participation in a fraudulent business (section 9, Fraud Act 2006)
- False accounting (section 17, Theft Act 1968)
- False statements by company directors (section 19, Theft Act 1968)
- Fraudulent trading (section 993, Companies Act 2006)
- Common law offence of cheating the public revenue
What are “Reasonable Procedures”?
As noted above, the only defence available to an organisation caught by the offence is that it had reasonable procedures in place to prevent fraud or that it was reasonable not to have such procedures in place. The U.K. government is expected shortly to publish guidance as to what “reasonable procedures” look like. Once the guidance is published, it is expected that the law will come into force soon thereafter.
In preparation for the publication of the guidance and the coming into force of the offence, organizations are well advised to consider:
- Whether its existing policies and procedures are proportionate to the fraud risks faced by the organization or, if not, to implement new policies and procedures. Those procedures should cover commercial and accounting controls, and must be clear, practical, accessible, and effectively implemented;
- Ensuring that there is a top-level (e.g., board of directors, the owners or any other equivalent body or person) commitment to preventing fraud; the so-called “tone from the top”;
- Assessing the risks faced by its business(es) on a periodic and informed basis. The risk assessment(s) should be targeted and specific to the business(es) undertaken by the organization, in terms of sectors, jurisdictions, customers, etc. The risk assessment should also be documented;
- Whether effective due diligence is carried out, and documented, on persons associated with the organization and, if not, to put steps in place to undertake a proportionate and risk-based review of those associated persons;
- Instituting a programme of appropriate training which is proportionate to the risks faced by the organization, noting that different training may be necessary for different employees and associated persons; and
- Whether appropriate monitoring and review mechanisms are in place, including rights to audit third parties, etc.
As noted on our previous articles, whether the new offence results in a higher number of convictions is yet to be seen but, as with the existing failure to prevent bribery and failure to prevent facilitation of tax evasion offences, the introduction of the new legislation is intended to drive better corporate behaviors.
In this issue:
- Supreme Court holds that the government may intervene in an FCA case and file a motion to dismiss any time “good cause” is shown, even if it initially declined to intervene and notwithstanding the relator’s objection.
- New York doctor fails to allege sufficient particularity to nab his former boss for re-using single-use medication vials.
- Dismissal of HUD fraud shows the continued importance of causation in FCA claims.
- Pfizer advocates narrowing the scope of the Anti-Kickback Statute based on two seemingly unrelated Supreme Court cases issued this term.
It’s My Party, I’ll Dismiss When I Want To
United States ex rel Polansky v. Executive Health Resources, Inc., 143 S. Ct. 1720 (2023)
The Supreme Court held in an 8-1 decision that the government may move to dismiss under 31 U.S.C. § 3730(c)(2)(A) any time it has intervened in a qui tam action filed under the False Claims Act (FCA), even if the seal period has passed and the relator objects, and that the standard for assessing the motion to dismiss an FCA action over a relator’s objections is the same standard applied to voluntary dismissal in ordinary civil suits (Federal Rule of Civil Procedure 41(a)).
Dr. Jesse Polansky was a consultant for Executive Health Resources (EHR), a provider of billing review and certification services to hospitals and physicians. Polansky filed an FCA suit, alleging that EHR systematically enabled its client hospitals to charge inpatient rates for services that should have been provided on an outpatient basis, resulting in improper billing of Medicare at higher rates. The government investigated the case for two years, but ultimately decided not to intervene. Seven years later, after receiving demands from EHR for documents and deposition testimony during discovery and assessing the burden of discovery, the government determined that the demands of the suit outweighed its value and it filed a motion to dismiss the action, notwithstanding the relator’s objection.
The district court granted the government’s motion to dismiss, and the Third Circuit affirmed. The relator then appealed to the US Supreme Court, arguing that the government could not move to dismiss after it declined to intervene during the seal period following the filing of relator’s complaint.
The Court held that, even if the government initially declined to intervene in a relator’s FCA case, once the government has actually intervened, it has the authority to move to dismiss the relator’s case, notwithstanding the relator’s objection. This is because, the Court explained, § 3730(c)(2)(A) of the FCA, which grants the government the power to dismiss or settle FCA cases, does not apply if the government is not a party to the litigation; thus, the government must intervene to become a party prior to moving to dismiss. Section 3730(c)(2)(A) does not indicate whether the government’s dismissal authority survives the government’s decision to let the seal period lapse without intervening. However, the Court held that the government may intervene any time it chooses – either before the seal period or after, so long as “good cause” is shown.
The Court also provided clarification to lower courts regarding the standard they should use for assessing government motions to dismiss an FCA action over a relator’s objection. The Court confirmed that the standard is the same as voluntary dismissal of ordinary civil suits under Federal Rule of Civil Procedure (FRCP) 41(a). Under Rule 41(a), the standard varies with the case’s procedural posture. If the defendant has not yet served an answer or summary-judgment motion, the plaintiff need only file a notice of dismissal. But once that threshold has been crossed, dismissal requires a “court order, on terms that the court considers proper.” Fed. Rule Civ. Proc. 41(a)(2).
Justice Thomas filed a dissenting opinion asserting that the FCA does not permit the government to dismiss a qui tam action when it has declined to take over the litigation from the relator at the outset.
Historically, the government has rarely filed motions to dismiss in qui tam cases, and there may be an uptick in motions to dismiss now that the Court has made clear that the Rule 41(a) standard applies. In addition, the Court’s holding is a good development for the defense bar as it can continue to advocate that the government file a motion to dismiss in qui tam cases, particularly if discovery becomes burdensome and even in a case in which the government has initially declined to intervene and the relator objects.
Assumptions Do Not Make Strong Inferences on Rule 9(b) Particularity
United States v. Canzoneri, 2023 WL 4082376 (W.D.N.Y. June 20, 2023)
In United States v. Canzoneri, the federal district court for the Western District of New York dismissed the FCA claims of plaintiff-relator, Dr. George Vito, against Dr. Joseph Canzoneri and Advanced Podiatry Associates, PLLC (APA) for failing to plead the submission of false claims with sufficient particularity under FRCP 9(b). Dr. Vito alleged that Dr. Canzoneri violated the FCA and the analogous New York State law by improperly reusing single-use medication vials.
The relator, a former employee of APA, alleged that he witnessed the defendant, while practicing at another medical facility, take the remainder of partially-used medication vials to re-use with different patients at the APA office. The relator claimed that the defendant was billing Medicare and Medicaid for the cost of the medication that he obtained for free from another facility.
In order to meet the particularity requirements of Rule 9(b), a qui tam relator can plead the existence of the fraud “on information and belief” rather than identifying specific claims submitted to the government, if the relator can provide “plausible allegations creating a strong inference” that the claims were, in fact, submitted to the government. The court held that the relator failed to meet 9(b)’s pleading standard because he merely alleged that the defendant: (1) reused single-use medication vials when he treated some patients, (2) billed for those improperly reused vials, and (3) treated some patients who were insured by Medicare or Medicaid. These allegations, however, still require an assumption that the defendant submitted false claims to Medicare or Medicaid because the plaintiff provided no evidence that either of the defendants actually reused single-use medication vials for Medicare or Medicaid patients. This, alone, was not enough to support a “strong inference.” Id.
Although the plaintiff asserted that he “unwittingly” submitted false claims by using partially used single-doses on Medicare and Medicaid patients, he failed to explain how he knew that he “unwittingly” used partially used vials and failed to provide additional information on the false claims he submitted. The court distinguished this from other cases where the relator could identify and point to specific false claims submitted to Medicare or Medicaid. Because the plaintiff could not assert that the false claims were submitted to the government, the court dismissed the complaint.
Causation Saves Defendant Mortgage Provider from FCA Liability
United States ex rel Calderon v. Carrington Mortgage Services, 70 F.4th 968 (7th Cir. 2023)
Relator, a former employee of lender Carrington Mortgage Services, brought a qui tam action against the lender, alleging that the lender had made false representations to the United States Department of Housing and Urban Development (HUD). The district court entered summary judgment for the lender, and the Seventh Circuit affirmed the grant of summary judgment, holding that the relator did not establish causation.
The district court granted summary judgment because the relator failed to show that (1) the allegedly false representations were material to HUD’s decision to pay out claims under the federal mortgage insurance program and (2) that the false representations caused HUD to suffer a monetary loss. The Seventh Circuit held that, while the relator had sufficient proof of materiality, she failed to show causation.
The relator’s allegations involved HUD’s Direct Endorsement Lender program, where HUD covers private lenders’ losses on high-risk mortgages for borrowers who would not otherwise qualify. The relator alleged she observed a pattern of reckless underwriting practices at Carrington, including the false certification of several loans as meeting HUD’s guidelines. Under Escobar, “materiality” depends on what the government considers in practice when deciding whether or not to pay claims. More specifically, Escobar provides that “if the Government pays a particular claim in full despite its actual knowledge that certain requirements were violated, that is very strong evidence that those requirements are not material.” The Seventh Circuit held that there were still issues of material fact related to materiality based on the relator’s identification of several false certifications in 349 loans, that those false certifications are material according to federal regulations, and that HUD has in the past deemed similar violations material.
Even though the circuit court held that there were issues of fact regarding materiality, it determined that the relator’s failure to establish causation justified a grant of summary judgment for the defendant. The DC Circuit has held that, even if a relator fails to prove actual damages, if it merely proves materiality, falsity, and knowledge, then the defendant is still liable under the FCA and must pay a civil penalty. In order to access treble damages, however, the relator must show causation – that the false statement caused a loss to the government. The Seventh Circuit declined to address whether a civil penalty method applied here because the relator did not raise it on appeal. Instead, the Seventh Circuit followed the Fifth and Third Circuits in evaluating whether the defendant’s conduct was the foreseeable cause, and a substantial factor in, the later defaults. The circuit court held that the relator failed to prove causation through a statistical analysis because she could not proffer evidence that Carrington’s federally insured loan default rate was higher than the national average for federally-insured loans. The relator also could not, with sufficient specificity, identify the causes of default for specific loans due to default codes such as “Curtailment of Income,” let alone tie them to specific false statements.
Pfizer Kicks Back: Its Argument that SCOTUS has Changed the Anti-Kickback Act by Its Recent Rulings
Following the Supreme Court’s rulings in Dubin and Hansen, cases involving identity theft and immigration respectively, Pfizer has alleged that the Supreme Court’s analysis in those cases should apply to interpretations of the scope of the Anti-Kickback Statute (AKS).
Pfizer developed a program that provided subsidies to Medicare enrollees prescribed the manufacturer’s drug for a serious heart condition and obtained an advisory opinion from the Office of the Inspector General at the Department of Health and Human Services regarding the program. That opinion stated that Pfizer’s program would violate the AKS if implemented. Pfizer is a member of a coalition in a case filed in the Eastern District of Virginia, Pharmaceutical Coalition for Patient Access v. United States, et al. Case No. 3:22-cv-714 (E.D. Va.), challenging the HHS OIG’s advisory opinion. Recently, the coalition filed two notices of supplemental authority addressing Hansen and Dubin.
The Supreme Court in Hansen held that “induce” carries with it the implications of corruption or ill motive. The coalition argued that an overbroad reading of “induce” would make it a crime if a patient accepts financial help to get critical medication.
The coalition also argued that the Supreme Court’s interpretation of the words “transfers, possesses, or uses,” in the aggravated identity theft statute at issue in Dubin should be applied to “kickback, bribe or rebate.” The coalition’s argument is that because in Dubin the Court held that “uses” had to be interpreted in line with the other two terms (i.e., “transfers” and “possesses”), courts should similarly interpret the term “remuneration” in the AKS in light of the neighboring words “kickback, bribe, or rebate.” This result would narrow the scope of potential crimes under the AKS.
On July 24th, the government responded to the notices of supplemental authority in Pharmaceutical Coalition for Patient Access v. United States, rejecting the coalition’s position that Dubin and Hansen support its position. The government asserted that its reading of the AKA does not criminalize innocuous conduct or lead to absurd results. In addition, the government asserted that in contrast to the statute at issue in Hansen, which refers narrowly to efforts to induce a violation of law, the AKA refers more broadly to efforts to induce a person to refer an individual for purchasing items or services paid for by a federal health program. The AKA does not apply only where the thing that a defendant seeks to induce would be independently unlawful. This, the government stated, would be an untenable interpretation of the AKA because the statute reaches efforts to induce another person to perform acts that are not themselves unlawful or wrongful.
On June 15, 2023, the UK Government announced proposals to introduce the biggest reform of corporate crime legislation in more than 50 years, with the result that, if enacted into law, companies who commit fraud, money laundering and bribery will be subject to greater scrutiny and be at greater risk of being successfully prosecuted.
The Identification Principle
In a previous blog post called “The Elusive “Directing Mind and Will”, we discussed that, save where specific legislation provides for strict liability (such as the offences of bribery and the facilitation of tax evasion under the UKBribery Act 2010 and Criminal Finances Act 2017, respectively), in order to establish corporate criminal liability in the UK, it is necessary to successfully invoke the “identification principle”.
In short, the “identification principle” requires a prosecutor to prove that the individual(s) who are suspected of being involved in the commission of a corporate crime represent the “directing mind and will” of that company – or, in other words, the actions of that individual (or individuals) need to be considered to be those of the company. By way of illustration, in one of the leading cases from 1971, the House of Lords decided that a supermarket group was not liable for the actions of a store manager, who was selling washing powder for more than the advertised price, since the store manager was not a part of the company’s “directing mind.”
As we also discussed in our previous blog post called “The UK (Slowly) Inches Toward Corporate Criminal Liability Reform”, the “identification principle” has long been a thorn in the side of UK prosecutors. Most recently, it was cited as the reason that the Serious Fraud Office’s case against Barclays was dismissed: because senior executives, including the CEO and CFO of the bank, did not constitute the “directing mind and will” of the bank in respect of certain capital raisings in the 2008 global financial crisis. In making their argument for change, UK prosecutors frequently point to the fact that the “identification principle” has its roots in the Victorian era when companies were smaller and it was accordingly easier to identify the directing mind and will. They also point to the difficulties of following email trails that appear to evaporate the further up the management chain one goes.
The Law Commission
In our blog entitled “Criminal Investigations in the UK: What to Watch for the UK and the EU in 2023”, we reported that, in June 2022, the UK Law Commission published an options paper on potential reform of UK corporate liability, concluding that the current law poses “an obstacle to holding large companies criminally responsible for offences committed in their interests by their employees” and incentivizes poor corporate governance, by “reward[ing] companies whose boards do not pay close attention” and penalizing those that do.
The Law Commission set out several options for reform, including a reform of the identification doctrine (to broaden it to cover crimes committed with the consent or connivance of senior managers, and to cover collective negligence) and the introduction of specific failure to prevent offences (particularly in relation to fraud, but maybe also in relation to failure to prevent money laundering).
The Economic Crime and Corporate Transparency Bill
On 15 June 2023, the U.K Home Office announced a proposal to amend the Economic Crime and Corporate Transparency Bill (the “Bill”). The Bill is currently being debated by Parliament. Whilst its stated aim is to “make provision about economic crime and corporate transparency; to make further provision about companies, limited partnerships and other kinds of corporate entity; and to make provision about the registration of overseas entities”, it has also been further amended to, among other things, introduce a corporate “failure to prevent” offences for fraud. See our blog entitled “The UK’s Introduction of a New “Failure to Prevent Fraud” Offence Edges Closer”.
In its June 15 proposal further to amend the Bill, the UK Home Office has proposed that senior managers be brought within scope of who can be considered the “directing mind and will” of a company. The amendment to the Bill proposes that the actions of a “senior manager… acting within the actual or apparent scope of their authority” will be attributable to his or her company, with a “senior manager” being defined as “…an individual who plays a significant role in (a) the making of decisions about how the whole or a substantial part of the activities of the body corporate or (as the case may be) partnership are to be managed or organised, or (b) the actual managing or organising of the whole or a substantial part of those activities.” The Home Office has further stated that “[i]n practice, a test will be applied to consider the decision-making power of the senior manager who has committed an economic crime, rather than just their job title.”
In its announcement, the Home Office noted:
“The identification doctrine…has generally been interpreted to be a member of the board, such as chief executives, but complex management structures can conceal who key decision makers are. For example, a recent multi-billion-pound fraud trial determined a banking group’s chief executive and chief financial officer could not be viewed as the company’s ‘directing mind’. This has left prosecutors with a very high bar to prove who fits the criteria. Senior executives often possess a huge amount of influence and autonomy but cannot currently be considered a part of the ‘directing mind’.”
It is yet to be seen whether the Bill will pass through Parliament without further amendments and, if so, whether further detailed guidance is given: for example, how should “significant role” and “substantial part” in the definition of a “senior manager” be interpreted? It does seem clear, however, that the UK Government is indeed committed to tackle the commission of fraud within the UK and that corporate prosecutions for economic and corporate crimes are intended to become easier.
In our alert called “Criminal Investigations in the UK: What to Watch for the UK and the EU in 2023”, we predicted the introduction of a new “failure to prevent” offence. We predicted that such a new offence would likely have far-reaching, and potentially seismic, consequences on organizations both (i) in having to ensure that the procedures that they have in place to prevent fraud are reasonable, but also (ii) on the (higher) success rate of law enforcement to prosecute a large organization if an employee commits fraud for the organization’s benefit.
On April 11, 2023, the UK Home Office tabled an amendment to the Economic Crime and Corporate Transparency Bill, introducing a “failure to prevent fraud” offence. Whilst such an offence has not yet received Royal Assent, it is thought likely that it will shortly be passed into law. If passed into law, we expect that there will be a period of several months before the law comes into effect, to allow the government to draft and publish guidance.
According to the fact sheet published by the UK Home Office on April 11, 2023, the new offence will make an organization liable where a specified fraud offence is committed by an employee or agent, for the organization’s benefit, and the organization did not have reasonable procedures in place. It also provides the following additional detail:
- Scope. The offence will apply to all large bodies corporate and partnerships, and to all sectors. However, to ensure the burden on organizations is proportionate, only large organizations will be in scope. This is likely to be defined as including organizations meeting two out of three of the following criteria: (i) more than 250 employees, (ii) more than £36 million turnover and (iii) more than £18 million in total assets.
- Offences in Scope. Fraud and false accounting offences will be in scope including fraud by false representation (section 2 Fraud Act 2006), fraud by failing to disclose information (section 3 Fraud Act 2006), fraud by abuse of position (section 4 Fraud Act 2006), obtaining services dishonestly (section 11 Fraud Act 2006), participation in a fraudulent business (section 9, Fraud Act 2006), false statements by company directors (Section 19, Theft Act 1968), false accounting (section 17 Theft Act 1968), fraudulent trading (section 993 Companies Act 2006) and cheating the public revenue (common law). Money laundering offences are unlikely to be included because relevant organizations are already required by law to have anti money laundering procedures in place. The government will have the power to add further offences to those offences within the scope of the new legislation.
- Potential Defenses. Organizations will be able to avoid prosecution if they have, and can demonstrate that they have, reasonable procedures in place to deter the offending. The factsheet provides that the government will publish guidance providing organizations with more information about what constitutes reasonable procedures before the new offence comes into force. The offence will not be enforced until the guidance is published.
- Penalty. An organization will be liable to receive an unlimited fine.
- Individual Accountability. There will be no individual liability for failure to prevent fraud, because individuals within companies can already be prosecuted for committing, encouraging or assisting fraud.
- Extra territoriality. If an employee commits fraud under UK law, or targeting UK victims, their employer could be prosecuted, even if the organization (and the employee) are based overseas.
Whether the new offence results in a higher number of convictions is yet to be seen but, as with the existing failure to prevent bribery and failure to prevent facilitation of tax evasion offences, the introduction of the new legislation is intended to drive better corporate behaviors. Organizations likely to be caught by the new offence would be well advised to start to consider the adequacy or otherwise of their fraud prevention procedures.
On March 1 and 7, 2023, the National Security Bill (the “Bill”) will enter the Report stage of the House of Lords, during which members of the House of Lords will be given a further opportunity to examine and make amendments to the Bill. The Bill was first introduced by the Home Secretary on May 11, 2022 and, since its introduction, has undergone various readings, stages and amendments in both the House of Commons and the House of Lords. The Bill is expected to return to the House of Commons for approval, and subsequent Royal Assent, towards the end of 2023.
As the 202-page Bill is currently drafted, if passed, it will, among other things:
- reform existing espionage laws and include new offences to tackle state-backed sabotage and foreign interference (Part 1 of the Bill);
- enhance police powers to support the investigation of state threats (Part 2 of the Bill);
- create a registration scheme requiring the registration of certain arrangements with foreign governments (Part 3 of the Bill); and
- restrict the ability of convicted terrorists to receive civil legal aid and prevent their exploitation of civil damage systems (Part 4 of the Bill).
The third of the above proposals – the creation of a registration scheme – aims to introduce something similar to a US-style foreign lobbying register, and will require those carrying out certain arrangements on behalf of a foreign power to register with the UK Secretary of State.
Foreign Influence Registration Scheme
According to the UK government’s Policy Paper entitled “Foreign Influence Registration Scheme (FIRS): National Security Bill factsheet” (the “Policy Paper”), the aim of Foreign Influence Registration Scheme (“FIRS”):
“…is to deter foreign power use of covert arrangements, activities and proxies. It does this by requiring greater transparency around certain activities that foreign powers direct, as well as where those activities are directed or carried out by entities established overseas or subject to foreign power control.”
In essence, FIRS will mandate that foreign organizations (excluding foreign governments) that carry out political influencing activities on behalf of a foreign state register their interactions with UK policy and decision makers. The definitions used in Part 3 of the Bill are broad including, for example, defining “political influence activity” as including communications with senior decision makers such as UK ministers (and ministers of the devolved administrations), election candidates, MPs and senior civil servants, but also communications to the public “where it is not already clear that the communications are being directed by a foreign principal, and disbursement of money, goods or services to UK persons.”
Exemptions to the registration requirements are likely to be minimal, although lawyers have been excluded in relation to defined legal activities. Moreover, the Policy Paper states that the following will be not be required to register:
- individuals acting for a foreign power in their official capacity as employees;
- individuals to whom privileges and immunities apply in international law;
- family members who are part of the household of members of diplomatic and consular staff;
- those providing essential services to a diplomatic mission or consulate e.g., catering or building services;
- domestic and international news publishers; and
- arrangements to which the UK is a party.
Registration of foreign influence arrangements and political influence activities carried out by foreign principals (the primary tier)
The registration scheme currently envisaged by the Bill will require, among other things, the registration of:
- a “foreign influence arrangement”: namely an arrangement to carry out “political influence activities” within the UK at the direction of a “foreign principal” (section 68(1) of the Bill). The requirement to register with the Secretary of State will lie with the person making the arrangement with the foreign principal, and must be done “before the end of the period of 10 days beginning with the day on which [the person making the arrangement] makes the arrangement” (section 68(2) of the Bill); and
- “political influence activity”: namely where the activity is being carried out by the foreign principal itself (on whom the obligation to register falls).
A foreign principal is defined as a foreign power, or a foreign body corporate, or association established outside of the UK. The Policy Paper states that “we would not expect other governments to register with the scheme in respect of influencing activity that they themselves are undertaking.” Accordingly, other governments are excluded from the requirement to register “political influence activity” (but not a “foreign influence arrangement”).
According to the Policy Paper, “political influence activity” that will require registration will include:
“…making communications to senior decision makers such as UK ministers (and ministers of the devolved administrations), election candidates, MPs and senior civil servants. It also includes communications to the public where it is not already clear that the communications are being directed by a foreign principal, and disbursement of money, goods or services to UK persons. To be registerable, this activity has to be for the purpose of influencing UK public life for example elections, decisions of the government or the proceedings of either House of Parliament.”
The Bill envisages a number of new offenses, including failure to register a foreign influence arrangement within 10 days of making the arrangement, carrying out political influence activity where the overarching arrangement is not registered and the person knows that the activity is being directed by a foreign principal, and carrying out political influence activity where the person knows that information provided in connection with the arrangement is false, inaccurate or misleading. The penalty for a foreign influence offense is a maximum of two years imprisonment, a fine, or both.
Registration of foreign activity arrangements and activities carried out by a specified person (enhanced tier)
In addition to the “primary tier,” the Bill also tables a power, subject to Parliamentary approval, for the UK Secretary of State specifically to designate – or specify – a foreign power, part of a foreign power or an entity subject to foreign power control where it is considered necessary for the safety and interests of the UK. To date, there have been no designations but it is thought that this “enhanced tier” will allow the UK government to impose more robust requirements on hostile nations who are suspected of attempting to carry out malign influence.
The scheme will require the registration of:
- arrangements to carry out any activity within the UK at the direction of a specified power or entity. Again, the requirement to register with the Secretary of State will be on the person making the arrangement with the specified foreign power, part of a foreign power or an entity subject to foreign power control; and
- activity carried out by specified foreign power-controlled entities. The specified entity will be responsible for registering with the scheme. Again, specified foreign governments will not be required to register with the scheme.
The Bill introduces a number of foreign activity offenses, with the penalties for a foreign activity offence being a maximum of five years imprisonment, a fine or both.
Criticisms of FIRS
FIRS was introduced (and, in principle at least, initially welcomed) as an attempt – similar to schemes in other foreign nations including the United States – to protect British politics from hostile and malign foreign influence.
Previous iterations of the Bill have, however, faced a lot of opposition including:
- FIRS fails to differentiate between hostile powers (such as China, Iran and Russia) and those countries with whom Britain has a friendly relationship (such as the EU and United States). Despite a number of requests that the government provide a “whitelist” of countries whose businesses would not have to register, the Bill has not yet been amended to include such a list;
- the definitions used in the Bill are broad (see above) and could have unintended consequences, including a chilling effect on legitimate lobbying activity;
- the registration obligations will place an unnecessary level of bureaucracy on non-UK businesses proposing to invest in the UK or overseas charitable organizations aiming to operate in the UK. In response, amendments tabled by the House of Lords on February 23, 2023 include that foreign businesses, charities, and other bodies acting in their own interests and who are not acting at the direction of a foreign state should be exempt from the requirement to register;
- FIRS fails to deal with domestic lobbyists. This is of particular concern in circumstances where the UK’s current lobbying laws are thought to be inadequate; and
- it has not (yet) been made clear what information will need to be provided in order to register with FIRS. The UK government has, however, said that the Secretary of State will make “clear, simple and proportionate” regulations – subject to parliamentary approval – detailing what information will be required, and that it is likely to include “who they are in an arrangement with, what activity they have been directed to undertake and when the arrangement was made.”
Whilst FIRS’ stated aim was laudable – to deal with valid concerns about emerging threats from a handful of malign states – as it is currently envisaged, FIRS raises a number of potential difficulties for a wide range of businesses operating in the international arena. We must now wait to see whether any further amendments will be made by the House of Lords.
On January 23, 2023, a federal district court approved a pretrial diversion agreement between the Department of Justice (DOJ) and Ryan Hee, a former regional manager for a healthcare staffing company. The deal, which will likely result in Hee walking away without a conviction, is yet another lackluster result for DOJ’s thus-far largely unsuccessful effort to criminally prosecute alleged anticompetitive conduct in the labor markets.
Indeed, despite a spate of victories at the motion to dismiss stage (covered in our previous posts here, here, and here), DOJ has yet to secure a labor-side Sherman Act conviction at trial. Years after its initiation, DOJ’s effort has yielded only two convictions.  The pretrial diversion agreement with Hee does little to change this.Continue Reading With Pretrial Diversion Agreement, DOJ’s Antitrust Division Achieves Another “Meh” Victory In Its Continued Effort to Police Labor Markets
In this blog post, we provide an overview of the updates to the Criminal Division’s Corporate Enforcement Policy (CEP) and discuss the impact of these changes on the corporate enforcement policies for criminal violations of sanctions and export controls, criminal violations of antitrust laws, and civil violations of the False Claim Act.
On January 17, 2023, Assistant Attorney General Kenneth A. Polite, Jr. announced changes to the Department of Justice’s (“DOJ”) Corporate Enforcement Policy (“CEP”), including applying the most recent FCPA Corporate Enforcement Policy to all corporate criminal cases handled by the DOJ’s Criminal Division. The FCPA Corporate Enforcement Policy, codified in § 9-47.120 of the Justice Manual, provides that if a company voluntarily self-discloses, fully cooperates, and timely and appropriately remediates, there is a presumption of declination absent certain “aggravating circumstances involving the seriousness of the offense or the nature of the offender.” The clear goal of this and other recent pronouncements from senior DOJ leadership is to tip the scales in favor of early disclosure by setting forth concrete incentives for corporations that discover potential criminal violations.
Importantly, the CEP now explicitly states that a company presenting “aggravating circumstances,” while not eligible for a presumption of declination, may still obtain a declination if (1) the company had an effective compliance program and system of internal accounting controls at the time of the alleged misconduct, (2) the voluntary self-disclosure was made “immediately” upon the company becoming aware of the allegation of misconduct, and (3) the company provided “extraordinary cooperation” to DOJ investigators. For companies that do not receive a declination but do receive credit, the CEP also increases the available discounts from fines under the U.S. Sentencing Guidelines (“USSG”), both for companies that voluntarily self-disclose and those that do not.
Although the updated CEP heavily emphasizes the benefits of voluntary self-disclosure and cooperation, its implications for companies will largely depend upon the Criminal Division’s application of the policy, including through DOJ prosecutors’ interpretation of important, undefined terms such as “immediate” disclosure and “extraordinary” cooperation.
Moreover, although the CEP applies to the entire Criminal Division, it could potentially have ripple effects on the corporate enforcement policies in place in other DOJ components. For example, the CEP does not revoke or alter the DOJ National Security Division’s (“NSD”) Export Control and Sanctions Enforcement Policy for Business Organizations (the “Export Control and Sanctions Enforcement Policy”). That NSD policy is generally consistent with the CEP, but it does not spell out affirmatively, as the new Criminal Division policy does, the circumstances that a company must demonstrate to be considered for a non-prosecution agreement (“NPA”) rather than a criminal resolution in the face of aggravating factors. Similarly, the Antitrust Division and Civil Division have their own corporate enforcement policies in place, each of which has aspects uniquely tailored to those respective regimes. It therefore remains to be seen whether these other Divisions within DOJ will adjust their corporate enforcement policies to align more precisely with the CEP.
Declinations when Aggravating Circumstances are Present
Under the prior version of the CEP, companies could qualify for a presumption of declination if there was an absence of aggravating factors and if they: voluntarily disclosed; provided full cooperation; and timely and appropriately remediated. The revised CEP clarifies that companies may still qualify for a declination even where aggravating circumstances are present, but only under very specific and stringent requirements to qualify for such a result. Those requirements are:
- The voluntary self-disclosure was made immediately upon the company becoming aware of the allegation of misconduct;
- At the time of the misconduct and disclosure, the company had an effective compliance program and system of internal accounting controls, which enabled the identification of the misconduct and led to the company’s voluntary self-disclosure; and
- The company provided extraordinary cooperation with the Department’s investigation and undertook extraordinary remediation that exceeds the respective factors listed in the CEP.
First, it will be important to evaluate how DOJ prosecutors in practice apply the standard of voluntary self-disclosure “made immediately upon the company becoming aware of the allegation of misconduct.” As currently articulated, the standard of immediate self-disclosure of a mere allegation is arguably unrealistic and does not appear to afford companies the opportunity to meaningfully investigate potential misconduct to determine whether there is even any potential misconduct (as opposed to a mere allegation) to disclose.
Second, the requirement to demonstrate an effective compliance program goes beyond the FCPA Corporate Enforcement Policy’s prior requirement of demonstrating effective remediation. Although the definition of an “effective compliance program” at the time of misconduct likely comports with the Evaluation of Corporate Compliance Programs guidance, the new requirement and the way that it is articulated will mean that companies will have to affirmatively demonstrate the effectiveness of the compliance program both previously and at the time of the disclosure. This will mean that companies will have to devote even more money and resources (i.e., internal as well as external counsel) to making that case to the Department of Justice.
Third, while the concept of “extraordinary cooperation” has been referenced in a number of corporate settlements in recent years, that standard remains ill-defined, and DOJ enjoys substantial discretion in applying it. Assistant Attorney General Kenneth Polite emphasized that providing information that DOJ might not otherwise be able to obtain is part of the assessment, but that ultimately “we know ‘extraordinary cooperation’ when we see it, and the differences between ‘full’ and ‘extraordinary’ cooperation are perhaps more in degree than kind.” This leaves companies and their counsel with significant uncertainty as to what will be considered sufficient in any given matter.
The discounts available for companies that do not receive a declination but do receive credit are now greater, both for those that voluntarily disclose and those that do not. While the FCPA Corporate Enforcement Policy (and its later extension to the Criminal Division more broadly) provided for a maximum “50% reduction off of the low end” of the USSG fine range for non-recidivist companies that voluntarily self-disclose, fully cooperate, and appropriately remediate, the updated CEP provides for “at least 50% and up to 75% reduction off of the low end” of the USSG fine range for companies that meet those standards, except in the case of recidivists. Under the CEP, the Criminal Division will recommend up to a 50% reduction off of the low end of the USSG fine range for companies that do not voluntarily disclose but still fully cooperate and appropriately and timely remediate.
Furthermore, while this was always the case, it is notable that the revised policy expressly stresses the discretion that prosecutors have to recommend the specific percentage reduction and starting point in the fine range based on the particular facts and circumstances. It will be important to watch how prosecutors utilize this discretion in practice, and companies and their counsel will want to analogize (or distinguish) their cases from resolutions reached under the revised CEP going forward.
The CEP’s Potential Impacts on Corporate Enforcement Policies in Specific Areas
Export Control and Sanctions Violations
By comparison, as described above, when a company voluntarily self-discloses potentially willful violations of US export controls and sanctions laws to the NSD’s Counterintelligence and Export Control Section (“CES”), fully cooperates, and timely and appropriately remediates, there is a presumption of an NPA and no fine, absent aggravating circumstances. While the Export Control and Sanctions Enforcement Policy’s standards for receiving credit for voluntary self-disclosure, full cooperation, and timely and appropriate remediation are identical to those set forth in the prior FCPA Corporate Enforcement Policy, the NSD’s guidelines set forth specific aggravating factors that apply to criminal violations of US sanctions and export control laws by companies.
If, due to aggravating factors, a different criminal resolution – i.e., a deferred prosecution agreement or guilty plea – is warranted for a company that has voluntarily self-disclosed, fully cooperated, and timely and appropriately remediated its export control or sanctions violations, the DOJ will accord, or recommend to a sentencing court, a fine that is, at least, 50% less than the amount that otherwise would be available. Unlike violations of the FCPA, criminal violations of sanctions and export control laws, which are typically charged as violations of the International Emergency Economic Powers Act (“IEEPA”), do not rely on the USSG in determining criminal fines. Rather, prosecutors charging IEEPA violations rely upon the alternative fine provision in 18 USC § 3571(d) and on forfeiture authority. Under 18 USC § 3571(d), the fine would ordinarily be capped at an amount equal to twice the gross gain or gross loss. Per NSD’s policy, however, when a company voluntarily self-discloses, fully cooperates, and timely and appropriately remediates, DOJ will cap the recommended fine at an amount equal only to the gross gain or gross loss (i.e., 50 percent of the statutory maximum), and the company would also be required to pay all disgorgement, forfeiture, and/or restitution resulting from the misconduct at issue.
Importantly, the Export Control and Sanctions Enforcement Policy’s guidelines do not apply to administrative fines, penalties, and forfeitures commonly imposed by the State Department’s Directorate of Defense Trade Controls (“DDTC”), the Department of Commerce’s Bureau of Industry and Security (“BIS”), and the Treasury Department’s Office of Foreign Assets Control (“OFAC”) for export control and sanctions violations, all of which have their own guidelines. However, per § 1-12.100 of the Justice Manual, attorneys prosecuting these cases are expected to coordinate with other enforcement authorities and consider the total amount of fines, penalties, and forfeiture paid to DDTC, BIS, and/or OFAC in determining the criminal penalty.
Unlike other areas of corporate criminal enforcement under the DOJ umbrella, the Antitrust Division has had its own long-standing Leniency Program in place that provides broad protections to companies who participate in the Program. Under the Leniency Program, codified in § 7-3.000 of the Justice Manual, corporations who are the first in a conspiracy to report their cartel activity to the Antitrust Division and cooperate in the investigation can completely avoid criminal conviction, fines, and prison sentences.
Although broader DOJ enforcement policy changes typically try to avoid – and often expressly carve out – any interference with the Antitrust Division’s Leniency Program, the Antitrust Division often follows significant enforcement policy changes with its own issuance of enforcement guidance that is more precisely tailored to the contours of the Leniency Program. In this case, however, the Antitrust Division acted first (albeit after Deputy Attorney General Lisa Monaco’s issuance of her eponymous memo in October 2021). Last April, with the professed goal of making the program more straightforward and accessible, the Antitrust Division implemented updates to the Leniency Program, and these changes, as well as some of the prior aspects of the Leniency Program, emphasize the same requirements put forth in the CEP. Namely, these revisions require, as a condition of non-prosecution, that a company promptly reports potential misconduct, has an effective compliance program in place, addresses any compliance shortcomings that contributed to the misconduct, provides significant cooperation to the DOJ’s investigation, and undertakes remediation efforts that will address the root causes of the conduct.
While the Antitrust Division’s prompt reporting requirement for complete non-prosecution has some of the same ambiguity as the CEP’s similar requirement, the Antitrust Division’s Guidance allows for companies seeking non-prosecution to conduct a timely, preliminary internal investigation to confirm the violation occurred before reporting the violation to the Antitrust Division. This appears to be significantly different from the CEP’s prerequisite to declination, where aggravating circumstances are present, of “immediate” reporting of a mere “allegation.” Moreover, the Leniency Program, unlike the CEP, does not create stricter requirements for those “first in” companies seeking declination that present aggravating circumstances, except that the Antitrust Division will carefully review the culpability of a company that served as the ringleader of the conspiracy before granting the company leniency.
Overall, and likely based on the number of years the Antitrust Division’s program has been in place, the Antitrust Division has a more robust set of guidance to assist companies going through this process than the CEP provides. Last year, the Antitrust Division released 35 pages of FAQs covering all aspects of the program. While much of the implementation of the Leniency Program will depend on the facts and circumstances of the case as well as the viewpoints of the prosecutors involved, these FAQs will resolve some of the ambiguity that will arise from the CEP’s more limited guidance, but also, at times, may put more onerous burdens on companies. In addition, the Antitrust Division has numerous examples of successful and unsuccessful leniency applications over decades of implementation to use as further guidance. While we expect the Antitrust Division to review its program in comparison to the CEP, including whether to follow CEP’s suit in quantifying the amount of credit given under certain cooperation/aggravating factor scenarios, we also expect that prosecutors may look towards the voluminous guidance from the Antitrust Division as they implement the CEP.
False Claims Act
DOJ’s Civil Division most recently issued corporate enforcement guidance applicable to civil violations of the False Claims Act in May 2019, now codified in § 4-4.112 of the Justice Manual. That guidance follows the typical framework for cooperation credit set forth in the CEP – timely voluntary disclosure, prompt cooperation, and appropriate remediation – but lacks the more precise quantifications of cooperation credit available that the CEP now puts in place for corporate criminal resolutions. Although it is likely that the Civil Division will revisit this guidance in light of the issuance of the CEP, the nature of civil FCA violations may not lend itself to perfect or even near-perfect alignment with the CEP. For example, there is no applicable sentencing fine range to use as a baseline for granting civil FCA defendants cooperation credit in the form of percentage discounts, and the amount covered by corporate resolutions is driven largely by the loss to the government, which will almost certainly not be the subject of any cooperation credit-driven discount. However, given the CEP’s clear goal of providing transparency as to the extent of cooperation credit available, and the benefits of doing so in the civil FCA context, we may see a revision to this guidance that provides precision on what multiplier might apply to the amount of damages under certain cooperation/aggravating factor scenarios (the FCA provides for the imposition of up to treble the amount of damages to the government), and/or what per-claim civil penalty within the statutory range might apply (in addition to treble damages, the imposition of civil penalties ranging from $12,537 to $25,076 per claim can also be imposed).
While the CEP acknowledges that voluntary self-disclosure is just that – voluntary, not mandatory, except where required by specific regulatory regimes – the overall tenor is a heavy emphasis on voluntary self-disclosure in corporate matters handled by the Criminal Division. As companies wait to see how the Criminal Division enforces the CEP, and whether the NSD, the Antitrust Division, or the Civil Division updates their respective enforcement policies to align with the CEP, it is prudent for companies to proactively invest in risk-based compliance programs and carefully weigh the potential costs and benefits of voluntary self-disclosure.
 Aggravating circumstances include the involvement of executive management of the company in the misconduct; a significant profit to the company from the misconduct; egregiousness or pervasiveness of the misconduct within the company; or criminal recidivism.
 Aggravating factors include exports of items controlled for nuclear nonproliferation or missile technology reasons to a proliferator country; exports of items known to be used in the construction of weapons of mass destruction; exports to a Foreign Terrorist Organization or Specially Designated Global Terrorist; exports of military items to a hostile foreign power; repeated violations, including similar administrative or criminal violations in the past; and knowing involvement of upper management in the criminal conduct.