First, the price tag of resolving the ZTE matter should underscore to boardrooms worldwide the continued importance of a well-functioning compliance program and the pitfalls of an insufficient response to indications of wrongdoing. Establishing an effective compliance program—along with voluntary self-reporting, cooperation, and remediation—may better position companies facing scrutiny from regulators. However, as U.S. officials routinely caution, a paper program that "checks the box" without the proper support or follow-through is not enough. The Commerce Department reportedly began investigating ZTE following new stories in Reuters in 2012 that the company was illegally shipping U.S. hardware and software to Iranian telecommunications carriers. Yet ZTE resumed illegal sales to Iran even after outside counsel had been retained in connection with an ongoing grand jury investigation, and the criminal charges against ZTE were predicated in part on efforts to deceive the forensic accounting firm and defense counsel representing the company during the course of that investigation. As part of the plea, which is contingent on court approval, ZTE also agreed to accept a lengthy period of corporate probation and the appointment of an independent compliance monitor. The focus in the settlement on establishing an effective compliance structure at ZTE going forward highlights the costs of not getting it right the first time.
Second, the DOJ release announcing the ZTE resolution pointedly stated that it resulted from an "all of government approach to sanctions enforcement," a trend that multinational commercial and industrial companies that navigate U.S. sanctions and export control regimes would do well to take note of and prepare for accordingly. As striking as the total dollar amount of the settlement was the spectrum of consequences across criminal and civil authorities. ZTE agreed to pay $430 million in connection with the criminal case to resolve the IEEPA violation and related obstruction and false-statement charges; $100 million in a settlement with the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC); and up to $661 million in a settlement with the U.S. Department of Commerce's Bureau of Industry Security (BIS). (Under the agreement with BIS, $300 million of that amount will be suspended for a seven-year probationary period to deter future violations.) A senior DOJ official told reporters that the Commerce Department's decision to add ZTE to the BIS Entity list, effectively cutting them off from U.S. suppliers, was "the game-changing event in the case" that led the company to change course and produce key documents and witnesses. With authorities across the U.S. government working collaboratively to bring every tool to bear in investigations and enforcement matters, the risks for companies facing even a civil investigation – even those outside the financial sector and other tightly regulated industries – can be staggering. Increasingly, as the ZTE matter shows, the ramifications of civil enforcement may prove to be as steep as criminal penalties.
Third, the whole-of-government approach to sanctions enforcement merits close watching for the additional reason that it may portend how the new administration will pursue other policies in the national security arena affecting multinational businesses, including reviews of foreign investments in U.S. entities and the response to the growing cyber threat. In recent years, the U.S. government has made a number of significant organizational changes to better integrate sanctions enforcement with other national security tools and authorities. In 2014, for example, the DOJ reorganized the National Security Division (which one of us led until recently) to create a new position overseeing the protection of national assets, including efforts to combat economic espionage, proliferation, and cyber threats to national security. A whole-of-government approach can be particularly critical as a way to engage the cyber threats, in which difficult challenges such as establishing attribution will often require close collaboration among departments and agencies. While it is only an early indication, the resolution of the ZTE matter represents a sign that the new administration may continue this effort.
Commentary by John P. Carlin and David Newman. Carlin, former Assistant Attorney General for the U.S. Department of Justice's National Security Division (NSD), chairs Morrison & Foerster's global risk and crisis management group and co-chairs its national security group. Newman is of counsel in the New York office of Morrison & Foerster LLP, where he represents clients in a wide variety of national security and global risk and crisis management issues. While Carlin previously oversaw the investigation of ZTE in his role at NSD, this article draws exclusively from government releases and other public sources of information.
For more insight from CNBC contributors, follow