Timothy O'Toole Comments on New DOJ Self-Reporting Rules for Banks in GIR

"Success of Sanctions Self-Reporting Policy Could Hinge on Banks"

Global Investigations Review


Timothy O'Toole commented on potential issues he sees arising from revised rules by the U.S. Department of Justice (DOJ) for banks to self-report sanctions and export control violations. The DOJ announced December 12 that financial institutions, previously excluded from self-reporting benefits, are now among the groups of companies eligible for significantly reduced penalties if they voluntarily disclose possible breaches and cooperate with any resulting investigation. To qualify, companies must email self-reports of apparent wilful misconduct to the counterintelligence and export control section of the DOJ's National Security Division (NSD) - an agency area unfamiliar to many banks. 

DOJ will also not grant a company credit for self-disclosing if it reports the same issue to another agency first, which O'Toole said may be difficult if possible criminal activity is not initially evident. "Some of these investigations start off looking like a foot fault and look different as they go along," he said. "If you don't disclose a foot fault immediately [to the DOJ] at the start, then it could be too late." This policy is generally at odds with how companies traditionally approached disclosing apparent sanctions violations to the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) and export control breaches to the U.S. Department of Commerce's Bureau of Industry and Security (BIS), O'Toole added. "The culture has always been that if you mess up, fix it and tell the agencies about it, it could be a relatively inexpensive process where you can expect leniency," he said, which is in stark contrast with a company exposing itself to a potential criminal investigation by self-reporting to the DOJ.