The mission of the Department of Justice’s National Security Division (NSD) is to protect and defend the United States against the full range of national security threats, consistent with the rule of law. Business organizations and their employees are at the forefront of protecting the national security of the United States by preventing the unlawful export of sensitive commodities, technologies, and services, as well as unlawful transactions with sanctioned countries and designated individuals and entities. Enforcing our export control and sanctions laws, and holding accountable those who violate them, is a top priority for NSD.
On March 10, 2026, the Department released its first-ever Department-wide corporate enforcement policy (CEP) for criminal matters, promoting uniformity, predictability, and fairness in how it pursues white-collar cases to protect the American people.
As the announcement explains, the “Department-wide CEP provides concrete benefits to incentivize companies to voluntarily disclose discovered misconduct, cooperate with our investigations, and timely and appropriately remediate the wrongdoing. For companies that do, absent certain limited aggravating circumstances, the Department will decline to prosecute the company. Incentivizing corporate self-disclosures – while still permitting prosecutions in appropriate circumstances – allows the Department to quickly pursue culpable individuals, secure justice for victims, and deter white-collar crime, all while not unduly burdening American businesses.”
Under the CEP, “disclosure must be made to the appropriate component of the Department,” CEP n.5, and all resolutions under the CEP “must be approved by the Assistant Attorney General (AAG) for the relevant Division.” CEP Background ¶ 4. The CEP also provides that a “[g]ood faith disclosure to one component where the matter is later brought to another appropriate component for investigation will also qualify” for declination. CEP n.5
As pertaining to national security laws, the Justice Manual (JM) assigns the “enforcement of all criminal laws affecting, involving or relating to the national security, and the responsibility for prosecuting criminal offenses, such as conspiracy, perjury and false statements, arising out of offenses related to national security . . . to the AAG of NSD.” JM § 9-90.010 .
The scope of these matters, which includes violations of the U.S. government’s primary export control and sanctions regimes – the Arms Export Control Act (AECA), 22 U.S.C. § 2778, the Export Control Reform Act (ECRA), 50 U.S.C. § 4801 et seq., and the International Emergency Economic Powers Act (IEEPA), 50 U.S.C. § 1701 et seq. – can be found at JM § 9-90.020 .
While the conduct of business organizations and their employees has the greatest potential to implicate U.S. national security interests in the enforcement of export control and sanctions laws, the conduct of business organizations and their employees can also violate other U.S. national security laws, including laws prohibiting material support to and financing of foreign terrorist organizations, criminal violations in connection with the work of the Committee on Foreign Investment in the United States (CFIUS), and the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector (Team Telecom). Companies are encouraged to voluntarily self-disclose to NSD any potential criminal violations of U.S. law relating to matters conducted, handled, or supervised by the NSD AAG.