On April 30, 2025, the Department of Justice (DOJ) National Security Division (NSD) announced its second-ever public declination under its updated corporate voluntary self-disclosure (VSD) policy when it declined to charge Universities Space Research Association (USRA) after the company voluntarily disclosed potential export-related violations involving an employee’s dealings with China.
In public statements surrounding the declination, DOJ officials highlighted the importance of companies proactively identifying, reporting, and remediating criminal conduct that violates national security laws, as well as the corresponding pitfalls and risks for companies that fail to timely disclose the violations. The announcement is the latest indication that even as DOJ is changing several enforcement priorities and policies, the new administration expects to maintain recent DOJ policy changes designed to incentivize proactive cooperation and drive companies in the national security space to disclose potential criminal conduct.
NSD’s Enforcement Policy
Revised in March 2024, NSD’s Enforcement Policy for Business Organizations (the “NSD VSD Policy”) generally provides that, absent (one of several) aggravating circumstances, DOJ will not seek to prosecute or assess a fine for companies that (1) voluntarily self-disclose potential criminal violations of U.S. export controls or sanctions laws, (2) fully cooperate, and (3) timely and appropriately remediate the issues. The March 2024 revisions create a presumption that cooperating companies will receive a non-prosecution agreement or—where warranted by the DOJ’s Principles of Federal Prosecution—even a declination letter, while earlier versions of the NSD VSD Policy had offered a less explicit pathway to a non-prosecution agreement or declination for companies reporting national security violations. Significantly, the revisions also include new language indicating that while the NSD VSD Policy applies directly to sanctions and export violations, it also “inform[s] all other corporate criminal matters handled by NSD.”
Of particular note, the revised NSD VSD Policy includes an entirely new potential safe harbor for acquirers in the M&A context addressing national security violations. In order to receive these protections, the acquirer must voluntarily disclose to NSD potential criminal violations discovered during diligence conducted shortly before or shortly after the close of the transaction. Such a disclosure should be timely, which the NSD VSD Policy defines as typically being made within 180 days of the transaction. Benefits of the M&A provisions of the NSD VSD Policy include that the acquiror will generally not have to plead guilty, and it is presumed that NSD will decline to prosecute the acquiror. In addition, the acquiror will not be required to forfeit assets or pay a criminal fine and the misconduct at issue will not affect the acquiror’s history of recidivism if future matters arise.
USRA Investigation
According to the DOJ materials, the USRA investigation concerned a scheme whereby USRA employee Jonathan Soong, a program administrator responsible for managing the sales and distribution of certain software under a contract with the National Aeronautics and Space Administration (NASA), facilitated the sale and unlicensed export of flight control and optimization software subject to the Export Administration Regulations (EAR) to a restricted Chinese university. Soong used an intermediary to conceal the unlawful export, and later fabricated evidence that he had performed due diligence on the purchaser before making the sale. Soong pleaded guilty to willfully violating export controls in January 2023 and was subsequently sentenced to a term of 20 months’ imprisonment.
In its declination letter, DOJ explained that after consideration of factors outlined in the NSD VSD Policy and the Principles of Federal Prosecution, USRA’s self-disclosure and full cooperation merited a declination. First, the company disclosed this conduct “less than three months after outside counsel had been retained, within days of Soong’s admission of wrongdoing to outside counsel, and well before the internal investigation’s completion.” Second, the company fully cooperated with the government’s investigation of Soong, providing all known relevant facts, documents, and information (including overseas documents, third-party documents, and translations). Third, the nature and seriousness of the offense was not an aggravating factor, as there were “only four unlicensed exports of software in violation of the EAR” and “the software was based on information in a publicly available textbook and classified as EAR99.” Fourth, DOJ found the company’s remediation efforts—which included terminating Soong, reprimanding his supervisor, improving USRA’s internal controls and compliance program, and paying restitution to NASA and the Treasury Department—were timely and appropriate. Finally, DOJ noted that USRA did not unlawfully obtain any gains from Soong’s offenses as the proceeds from the prohibited sales had been offset by already-paid voluntary restitution.
History of NSD Declinations
This is only the second public declination under the NSD VSD Policy since DOJ announced its revision in March 2024, which created the presumption referenced above and adjusted the NSD VSD Policy to more closely mirror the incentives offered under VSD guidance provided in DOJ’s Foreign Corrupt Practices Act (FCPA) Corporate Enforcement Policy. The first public declination pursuant to the revised policy was announced in May 2024, when DOJ declined to charge life sciences company MilliporeSigma after it voluntarily disclosed export-related violations committed by an employee and his co-conspirators who were separately charged and pleaded guilty.
Key Takeaways
- NSD remains focused on corporate enforcement actions. This declination, announced following Attorney General Bondi’s February 5, 2025 memorandum disbanding NSD’s “Corporate Enforcement Unit,” illustrates that NSD is committed to providing companies with incentives to report misconduct that implicates U.S. national security. Acting head of the NSD, Sue J. Bai, stated that NSD is “ready to work together with such responsible corporate actors who are committed to joining us in this fight to protect our country from foreign adversaries” (emphasis added). The clear implication was that had the company not acted responsibly, it may well have faced criminal charges.
- Voluntary self-disclosure and remediation remain central to getting the benefits of the NSD Corporate Enforcement Policy. Acting U.S. Attorney for the Northern District of California, Patrick D. Robbins, continued this theme when he stated, “What the company did [after discovering the actions of its employee] made all the difference in the [g]overnment’s decision not to prosecute it: the company took swift and proactive measures to disclose the employee’s wrongdoing, provide all known facts, and cooperate – and continue to cooperate – with the government’s investigation.” This declination is the latest indication from DOJ that in order to qualify as “timely” under the NSD VSD Policy, these disclosures may need to occur before internal investigations are complete, putting companies in the difficult position of having to disclose conduct before having a full understanding of their exposure to potential criminal liability. In the MilliporeSigma declination, DOJ noted that the company made its disclosure “just a week after retaining outside counsel.” While USRA made its disclosure on a bit of a longer time frame (within three months after retaining outside counsel), DOJ underscored that the disclosure came “within days of Soong’s admission of wrongdoing to outside counsel.”
- Well-functioning compliance programs and internal controls can help make the case to receive a declination. Companies exposed to potential export controls or sanctions risks should continue to invest in robust internal controls and compliance programs, as the two declinations each highlight the extent to which DOJ will consider both the company’s compliance program at the time of the events, as well as any enhancements to the program made in response to the matters disclosed. As noted above, the DOJ credited USRA with having “remediated the root cause of the misconduct by disciplining a supervisory employee who failed [to] appropriately […] supervise Soong, and by significantly improving its internal controls and compliance program.”
- Companies can be credited for helping to ensure individual accountability. In both USRA and MilliporeSigma, the individuals responsible for the conduct at issue pleaded guilty to crimes associated with the reported conduct. In the USRA matter, Soong pleaded guilty and was sentenced prior to the resolution of the company’s case, and it appears that the company provided substantial assistance over the course of the DOJ investigation.
Developments Left to Come?
On May 12, 2025, the head of DOJ’s Criminal Division, Matthew Galeotti, announced revisions to the Criminal Division’s Corporate Enforcement and Voluntary Self-Disclosure Policy. The revised policy emphasizes the importance of voluntary self-disclosure, providing companies that come forward and meet other criteria with a declination, rather than just a presumption of one. He also announced changes to the monitor selection policy and the whistleblower program, providing further incentives for cooperation and disclosure. Of particular relevance to the calculus of whether to make a disclosure on the national security side of the house: violations involving sanctions and material support of foreign terrorist organizations have been added as priority areas for tips in the whistleblower program. It remains to be seen whether there will be revisions to NSD’s voluntary self-disclosure program on the horizon. Regardless, given the common overlap between national security and criminal investigations, the announcement further underscores that the new administration is seeking to create strong incentives for voluntary disclosures in this context.
[View source.]
