Contributed By Kirkland & Ellis
In the United States, both federal law and state law define and prohibit crimes. US law classifies crimes as felonies or misdemeanours. A third category of offences punishable only by fine, civil penalty or forfeiture, rather than imprisonment, includes petty crimes – sometimes referred to as violations, infractions, petty offences or petty misdemeanours.
Felonies and misdemeanours are sometimes subdivided based on the seriousness and severity of the offence (a Class A offence, a Class B offence, etc) (18 USC § 3559).
Felonies are the most serious offences. Both property crimes (including white-collar crimes) and crimes against persons can be felonies. Any crime punishable by more than one year in prison is classified as a felony, but not all felonies result in imprisonment. Punishments for felonies can range from fines or limited time in prison to life without parole or death. Punishments for misdemeanours, which are punishable by one year or less in prison or jail, could entail a fine, restitution, house arrest, probation or community service.
To prove a criminal offence, prosecutors must generally establish proof beyond a reasonable doubt of an act or omission (actus reus) and a culpable state of mind (mens rea). The mental state required for conviction varies by crime. For example, prosecutors may need to prove that a defendant acted purposely, knowingly, recklessly or negligently, depending on the offence charged. Some categories of crimes are strict liability offences requiring no mens rea showing, including some regulatory offences.
Attempts to commit crimes can also carry criminal liability. Typically, a prosecutor must prove that the accused intended to commit the crime and knowingly took a substantial step, beyond mere preparation, in furtherance of the attempt.
The government has the burden of proof for criminal offences and must prove each element of a crime beyond a reasonable doubt. There is a presumption of innocence in all criminal cases.
In civil cases and administrative proceedings, plaintiffs have the burden of proof and must generally show the validity of their claims by a preponderance of the evidence, meaning that a fact is more likely than not. In some administrative proceedings, plaintiffs must establish substantial evidence of their claims.
Defendants have the burden of proving any affirmative defences, usually by clear and convincing evidence or preponderance of the evidence.
A statute of limitations sets the maximum amount of time that a prosecutor in criminal cases, or a plaintiff in civil cases, has to bring charges or initiate legal proceedings.
Most offences are subject to such a statute. The general federal statute of limitations is five years (18 USC § 3282). However, certain securities and tax crimes, and major frauds against the USA, have up to six- or seven-year limitation periods (18 USC § 1031; 26 USC § 6531). Other serious crimes or conspiracies involving fraud or embezzlement affecting banks and other financial institutions have ten-year limitation periods (18 USC § 3293(2)). Several serious crimes have no limitation periods, such as capital murder and certain acts of terrorism (18 USC §§ 3281 and 3286).
Statute of limitation periods normally begin to run when the crime is “complete”, which occurs when the last element of the crime is satisfied. For “continuing crimes” that do not occur at a discrete time, such as conspiracy, the limitation period may not begin to run until the last affirmative act is committed in furtherance of the scheme.
Limitation periods may also be paused or tolled. In fact, regulators often request that potential subjects or targets of investigations enter into an agreement (known as a tolling agreement) to toll the limitation period for a specific period of time.
A number of US criminal statutes apply extraterritorially. As such, federal courts and some agencies may punish defendants for criminal acts that occur outside of US territory. Extraterritorial reach is permitted when a federal statute expressly states that it applies to conduct outside the USA. One such statute is the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”), which allows the Securities and Exchange Commission (SEC) to enforce anti-fraud provisions of the federal securities laws where conduct occurring outside the USA has a “foreseeable substantial effect” within the USA (15 USC § 78aa(b)(2)). Another is the Foreign Extortion Prevention Act (FEPA), described in 3. White-Collar Offences, which expressly states that offenses under the Act shall be subject to extraterritorial federal jurisdiction.
A longstanding presumption exists against extraterritorial application of US law, so the statute must clearly apply to any extraterritorial conduct charged. Nevertheless, criminal conduct that involves only minor contact with US territory, such as processing financial payments through the US banking system or the use of US wires, may be sufficient to invoke territorial jurisdiction. This can be the case even where most of the conduct was extraterritorial.
In certain limited circumstances, courts have construed US statutes broadly to allow prosecutors to bring cases against defendants who commit offences abroad, particularly through the Foreign Corrupt Practices Act (FCPA) (15 USC §§ 78dd-1 et seq). Other federal criminal statutes with potential extraterritorial application include:
DOJ co-ordination with foreign counterparts has increased in recent years, particularly with respect to enforcement of the FCPA. The USA has mutual legal assistance treaties with many countries, allowing prosecutors and regulators to share information and investigative work across borders. The USA also has extradition agreements with a number of countries, but the terms of each agreement vary. For example, the USA and the European Union allow extradition for all crimes that are punishable in both jurisdictions.
Criminal liability can apply to individuals or legal entities, which are treated as “legal persons” under the law. Individuals and entities may be liable for the same offence, but a separate case must be made against each individual and against each entity. Individual directors and officers are not liable for offences committed by their entities. In some circumstances, directors and officers of an entity may be liable for misconduct of the entity’s agents if they failed to exercise their authority to prevent the misconduct.
Under the doctrine of respondeat superior, an entity is liable for the acts of its directors, officers, employees and agents that are both committed within the scope of their employment and at least partially motivated by an intent to benefit the entity.
Entities are responsible for the actions of their employees that meet these conditions even if the actions violated the entity’s express policies or instructions. Knowledge of individual directors, officers, employees or agents can be imputed collectively to the entity as a whole under the collective knowledge doctrine. A parent entity is generally not liable for the acts of its subsidiary but can be if the parent exercises sufficient control over that subsidiary. Liability flows from a subsidiary to the parent if the parent treats the subsidiary as an extension of itself, rather than a separate entity, such that the subsidiary is an agent or alter ego of the parent.
In the context of mergers, the surviving entity is responsible for the predecessors’ liabilities under the doctrine of successor liability. In cases of acquisition, however, a successor entity does not always assume the liabilities of the acquired entity. Courts consider several factors in determining whether a successor entity can be held responsible for the acquired entity’s liabilities. Those factors include, but are not limited to:
Department of Justice (DOJ) policy generally favours prosecuting individuals as well as legal entities in cases of corporate wrongdoing. The government prosecutes entities to address crimes typically exclusive to entities, such as environmental crime, and to encourage a culture of legal compliance. Based on the fact that knowledge of many directors, officers and employees can be imputed to the entity, it is often easier to prove a culpable mental state for an entity than for an individual. DOJ prosecutors weigh various factors when deciding whether to criminally prosecute entities (see 2.5 Prosecution).
For both individual and institutional defendants in federal criminal courts, the guidelines of the United States Sentencing Commission provide a uniform framework for recommending sentences and fines. Each offence has a predetermined level. Judges weigh aggravating and mitigating factors, including an individual defendant’s criminal history, to calculate a recommended sentencing range or fine. The guidelines also set forth the rules for punishing entities. Restitution for identifiable victims is often mandatory (see, eg, 18 USC § 3663A).
The guidelines shape federal judges’ sentencing decisions but are not binding, and judges may vary from the guidelines’ range. In particular, judges are directed under 18 USC § 3553 to consider the following for each individual defendant:
For institutional defendants, the guidelines set forth culpability factors that determine appropriate multipliers applied to a base fine for determining an applicable fine range.
The Crime Victims’ Rights Act provides that victims of federal crimes have the “right to full and timely restitution as provided in law” (18 USC § 3771(a)(6)). The Mandatory Victims Restitution Act (MVRA) requires a sentencing judge to award full restitution to victims of crimes against property, such as wire fraud, mail fraud and many financial crimes (18 USC § 3663A). The MVRA applies if the individual or entity suffering the loss is an “identifiable victim” that is “directly and proximately harmed as a result” of the crime.
Some statutes explicitly provide for damages for victims. For example, RICO provides that any person injured may sue in federal district court to recover treble damages, as well as reasonable attorneys’ fees (18 USC § 1964).
Both federal and state governments can investigate, prosecute and enforce laws related to white-collar offences.
Federal white-collar offences are investigated by a variety of governmental agencies. Civil investigations and enforcement actions may be initiated by, among others, civil attorneys at the DOJ, SEC, the Commodity Futures Trading Commission (CFTC), the Federal Reserve Bank, the Federal Trade Commission (FTC), the Office of Foreign Assets Control (OFAC), the Environmental Protection Agency (EPA) and the Internal Revenue Service (IRS). All federal criminal offences are investigated and prosecuted through the DOJ, often in partnership with other agencies. Both civil and criminal federal cases are heard by federal courts. Some administrative actions are litigated within the agencies themselves by administrative law judges, with the possibility of appeal to the federal courts.
States have a parallel set of criminal and civil laws, and their own courts to hear cases. State prosecutors’ offices (often called state’s attorneys or district attorneys) bring cases based on criminal offences within their jurisdiction. State investigation and enforcement regimes for civil offences vary by state, but most have a series of state investigative agencies and a state Attorney General, who acts as chief legal officer for the state.
Self-regulatory organisations (such as the Financial Industry Regulatory Authority, the Options Clearing Corporation and the New York Stock Exchange) also enforce industry rules and professional regulations.
Investigations may be initiated by agencies or prosecutors whenever they have reason to believe that an offence has been committed within their jurisdiction. Regulatory agencies each possess their own set of standards for initiating investigations, which are based on their authorising statutes and their respective enforcement manuals. Investigations vary in formality. For example, SEC’s Division of Enforcement, which investigates and prosecutes wrongdoing under the federal securities laws, may investigate through a relatively informal process, known as a “matter under inquiry”, or via a formal investigative order. The less formal matter under inquiry investigation often may arise from an entity’s self-reporting of possible misconduct, in response to media publicity of possible misconduct or to an unsubstantiated whistle-blower submission. A matter under inquiry may convert to a formal investigation.
Civil investigations begin when a regulatory agency, such as SEC, begins exploring a civil claim against a potential defendant. Criminal investigations are initiated by agencies working in partnership with the DOJ, often through the local United States Attorney’s Office and Federal Bureau of Investigation (FBI). Potential targets of investigations can be identified by a whistle-blower who voluntarily shares knowledge or suspicion of wrongdoing or illegal activity with the government.
In federal cases with possible civil and criminal claims, the DOJ encourages co-ordination of investigations with civil regulatory agencies – known as parallel proceedings – to facilitate information-sharing between civil and criminal investigators where permitted.
In both civil and criminal investigations, the government can conduct voluntary interviews, make informal requests for documents or information and issue subpoenas to both investigation targets and third parties for the production of evidence. Although it is possible to seek to quash a subpoena in court as being overly broad, companies and individuals often negotiate with the government to narrow the subpoena’s scope and the type of documentation sought. In federal civil cases, one form of information-gathering is a civil investigative demand requiring the production of specified documents or information.
In criminal investigations, the government may use a grand jury to issue subpoenas that compel the production of documents or testimony. The government may also obtain search warrants, which can be used to search particular places such as offices or databases, and to seize documents. To obtain a search warrant, investigators must make a showing to an authorising judge of probable cause that the stated offence has been committed and that evidence of said offence is located in a certain place.
During a voluntary interview with the government, the interviewee has no obligation to answer questions. The government can compel individuals to submit to questioning in limited circumstances. A person responding to a grand jury subpoena for testimony must appear but may consult with their attorney outside the presence of the grand jury before answering questions. A person may always refuse to answer a question if an answer would tend to incriminate that person but may not refuse to answer questions that would tend only to incriminate an entity or another person.
While not always required, internal investigations allow entities to identify and remediate problems, and to analyse whether to self-report to the government. Internal investigations are also used to demonstrate a commitment to compliance and remediation that can justify leniency from the government. The existence and thoroughness of an internal investigation is one factor considered by the federal government when deciding whether to charge entities or whether to levy penalties. For this reason and others, including the applicability of attorney-client privilege in the USA, careful attention needs to be paid to the structuring and execution of internal investigations.
Officers and directors of an entity must often promptly investigate possible wrongdoing to fulfil their legal and fiduciary obligations. For example, statutes such as the Sarbanes-Oxley Act (“SOX Act”) require entities to establish procedures for employees to report possible wrongdoing to company leaders. Reports of possible violations by employee whistle-blowers should trigger an investigative response. Failing to investigate reports of possible misconduct can subject both the leadership of an entity and the entity itself to liability.
Prosecutors have broad discretion in choosing whom to prosecute and which charges to bring. That said, both the DOJ and SEC provide their attorneys with guidance to govern the decision-making process when bringing cases. Prosecutors are also bound by general ethics rules as well as additional requirements to support charges with probable cause and refrain from abusing their discretion.
When deciding whether to criminally prosecute entities, DOJ prosecutors weigh various culpability factors, pursuant to the DOJ guidance entitled the “Principles of Federal Prosecution of Business Organizations”, also known as the “Filip Factors” (named for then-Deputy Attorney General Mark Filip), including:
Similarly, SEC issued its Seaboard Report in 2001, which outlined elements of corporate conduct that can play a significant role in whether the Commission pursues an enforcement action. As per the so-called Seaboard Factors, charges against a corporate defendant may be reduced when the company can demonstrate:
In 2024, SEC Enforcement Director Grewal also released “The Five Principles of Effective Cooperation in SEC Investigations”, outlining factors by which SEC staff assesses co-operation, namely:
Prosecutors’ decisions regarding individuals involved in corporate fraud are similarly guided by factors primarily articulated in the September 2015 memorandum entitled “Individual Accountability for Corporate Wrongdoing”, also known as the “Yates memo” (named for then-Deputy Attorney General Sally Yates), including:
Prosecutors may charge by indictment, information or complaint. Criminal indictments must be approved by a grand jury – which nearly always approve prosecutors’ requests. Criminal complaints must set forth adequate probable cause for a charge and be signed by a judge. Complaints provide authority for an arrest but must be followed by an information or indictment within a set period. For felony violations, a defendant has a waivable right under the Constitution to indictment by a grand jury, which, if waived, can result in the filing of an information detailing the charge.
Deferred prosecution agreements (DPAs) and non-prosecution agreements (NPAs) are mechanisms by which a company or individual can avoid prosecution in exchange for a commitment to abide by the terms of an arrangement for a period of time. If the signatory successfully complies with the terms of the agreement, the government will either:
Consequences for breaching these arrangements can be severe. The government may extend the company’s obligations under the agreement, or otherwise it may terminate the agreement and prosecute the company.
Recently, DPAs have been the mechanism most used by the DOJ in corporate criminal cases; NPAs are less common. Negotiation for DPAs and NPAs takes place between the prosecution and the defendant.
For federal criminal cases, the DOJ provides guidance on when DPAs and NPAs may be used. For example, prosecutors traditionally offer DPAs or NPAs where “the collateral consequences of a corporate conviction for innocent third parties would be significant”. However, individual prosecutors and their supervisors have great latitude to pursue DPAs and NPAs, and to craft the terms of the agreements.
DOJ guidance provides that conditions contained within the agreements should be “designed, among other things, to promote compliance with applicable law and to prevent recidivism”. Such conditions may include an acknowledgment of wrongdoing or admitting relevant facts, co-operation in ongoing investigations (including of culpable individuals), the establishment of a corporate monitor to supervise a defendant’s compliance, ongoing reporting obligations, fines, and penalties or business reforms.
DPAs and NPAs typically grant prosecutors significant oversight of and leverage over entities, and entities can employ internal or third-party investigators to collect compliance information and report to the government.
Courts must approve DPAs but tend to have very limited involvement. Courts are not involved in approving NPAs.
In addition to the crimes described throughout 3. White-Collar Offences, RICO criminalises conduct that is part of a “pattern of racketeering activity” to carry out the goals of an enterprise. “Racketeering activity” includes fraud and the obstruction of law enforcement. Officers and employees can be liable under RICO.
RICO cases may be brought civilly or criminally. Individuals convicted in criminal RICO proceedings face imprisonment of up to 20 years, a USD250,000 fine and forfeiture of any property derived from the unlawful activity (18 USC §§ 1963, 3571). Defendants may also face treble damages and be liable for reasonable attorney fees in civil cases (18 USC § 1964).
Both federal and state law prohibit domestic bribery, but state laws vary by jurisdiction. The general federal bribery statute punishes giving or receiving anything of value to or from a public official to influence official acts (18 USC § 201(b)). Prosecutors must prove that the defendant gave, offered or promised something of value to someone who was a public official and that the defendant had corrupt intent to influence an official act. The key to a successful prosecution is showing a quid pro quo – that the thing of value was given in exchange for the official act. Direct evidence of a quid pro quo is not required. Courts construe “public official” and “thing of value” broadly.
A similar law prohibits the bribery of many state and local officials. Specifically, federal law prohibits bribing agents of an organisation, state or local government or agency with anything worth at least USD5,000 when the subject organisation receives at least USD10,000 in federal programme funds annually (18 USC § 666). No federal funds need to be implicated in the bribery for conviction. The statute provides a safe harbour for bona fide salary, wages, fees or other compensation from the usual course of business (18 USC § 666(c)(c)).
The FCPA criminalises bribery of foreign officials. A prosecutor must prove that the defendant offered to pay, paid or promised to pay money or anything of value:
The FCPA applies to individuals and entities with formal ties to the US, including but not limited to:
The FCPA also applies to anyone who takes actions in furtherance of an FCPA violation while within the USA.
There is no de minimis defence to an FCPA violation, and a bribe need not actually be paid. The mere offer of payment incurs liability. There is a limited safe harbour for “facilitation” payments” that merely encourage a government official to perform a routine governmental action, such as processing visas or scheduling inspections.
SEC investigates and brings civil enforcement actions under the FCPA. SEC can seek civil monetary penalties from entities of up to USD500,000 per violation and from individuals of up to USD100,000 per violation based on the gross amount of monetary gain to the defendant as a result of the violation.
The DOJ can bring criminal and civil prosecutions under the FCPA. In criminal prosecutions, individuals face imprisonment of up to five years, fines of up to USD250,000 per violation, or both. Individuals’ fines may not be paid by the culpable entity. Entities can face criminal fines of up to USD2 million per violation. As with other federal criminal offences (including many set forth throughout 3. White-Collar Offences), the alternative fines provision specifies that an individual or entity can alternatively be criminally fined up to twice the gross monetary gain or loss resulting from the violation if that figure is greater than the otherwise applicable fine amount (18 USC § 3571(d)). In civil prosecutions, individuals and entities can be fined up to USD10,000 in an action brought by the DOJ. Importantly, an entity may be required to disgorge ill-gotten gains (ie, net profits obtained as a result of the bribery scheme), which could total billions of dollars.
A “wilful” FCPA violation in a criminal case carries a fine of up to USD25 million for entities or USD5 million for individuals. Individuals face imprisonment of up to 20 years. Violations must be knowing in order to incur criminal liability. FCPA violations may also trigger exclusion from federal programmes or suspension or debarment within the securities industry.
Relatedly, FEPA of 2023 (18 USC § 1352) criminalises the demand side of foreign bribery. Specifically, FEPA prohibits foreign officials from corruptly demanding, seeking, receiving, accepting or agreeing to receive or accept, directly or indirectly, anything of value from any person while in the territory of the USA, a US issuer or a domestic concern in exchange for an improper business advantage. FEPA violations carry fines of up to USD250,000 per violation or three times the monetary equivalent of the thing of value, imprisonment for up to 15 years or both.
Bribery of foreign non-governmental officials is also prohibited under the Travel Act (18 USC § 1952), which criminalises interstate travel or foreign commerce or using interstate facilities, such as the mail, in furtherance of an unlawful activity.
The FCPA contains provisions that require certain entities to keep accurate books and records and to create and maintain a system of adequate internal accounting controls. The SOX Act requires officers to certify the integrity of company financial statements and to assess internal controls. These provisions are discussed in 3.6 Financial Record-Keeping.
As described in 3.2 Bribery, Influence Peddling and Related Offences, SEC typically investigates and brings civil enforcement actions under the FCPA, and the DOJ brings criminal prosecutions.
Federal law prohibits corporate insiders from using material and non-public information (MNPI) to their advantage or passing that information to outsiders, known as “tipping”. Both the giver and the receiver of the information are liable. Federal law also prohibits corporate outsiders from misappropriating and trading based on MNPI in breach of a duty of confidence or trust. Liability of a corporate outsider is premised upon whether the source or “tipper” disclosed the information with an expectation of confidentiality – ie, with the expectation that such information would not be shared with other parties.
SEC holds authority under Section 10(b) of the Securities Exchange Act and Rule 10b-5 to bring a civil action for insider trading for injunctive relief and disgorgement of profits. In addition, the Insider Trading Sanctions Act and Insider Trading and Securities Fraud Enforcement Act allow SEC to seek civil penalties of up to three times the profits gained or losses avoided from insider trading (15 USC §§ 78u, et seq.). SEC has also charged insider trading violations based on “shadow trading”, where an employee or insider has traded in the securities of another comparable company based on MNPI learned in connection with their employment or role as an insider.
Private persons who traded at the same time and in the same securities as defendants can also bring an insider trading case under Section 20A of the Securities Exchange Act (15 USC §§ 78t, et seq.).
Under Section 32(a) of the Securities Exchange Act, individual insider trading defendants face criminal fines of up to USD5 million and 20 years of imprisonment. Entities that are liable as controlling persons for their employees face fines of up to USD25 million. Insider trading defendants can also be charged with wire fraud (18 USC § 1343), which is punishable by up to 20 years in prison. In 2024, the DOJ brought its first prosecution of a corporate executive based exclusively on sales of stock under Rule 10b5-1 trading plans, which are plans that typically provide an affirmative defence for corporate insiders buying and selling company stock. The trader was convicted for securities fraud and insider trading based on charges that the trader was aware of MNPI when he entered the Rule 10b5-1 plans.
Under the Internal Revenue Code (IRC), multiple criminal statutes concern omission, evasion and false statements regarding the filing and paying of taxes (IRC §§ 7201- 7216). Criminal enforcement of the tax code is accomplished through the IRS's Criminal Investigation division and the DOJ’s Tax Division. IRS civil actions can proceed at the same time as a criminal investigation.
Tax Evasion
The elements of tax evasion under 26 USC § 7201 are wilfulness, the existence of a tax deficiency and an affirmative act constituting an evasion or attempted evasion of the tax. The government bears the burden of proving all elements of tax evasion beyond a reasonable doubt. Filing a false return or failing to file a return can constitute evasion if the acts were wilful and resulted in tax evasion. Making a false statement to an IRS agent or concealing assets can also be charged as tax evasion. Participating in the filing of a bankruptcy petition containing false statements of indebtedness, and thereby intentionally stalling tax collection, can also be punished as attempted tax evasion. Conviction results in a fine of up to USD100,000 (USD500,000 in the case of a corporation) or imprisonment of not more than five years, or both, together with the costs of prosecution.
False Returns and Statements
A person is guilty of a felony under IRC § 7206(1) if they wilfully make and subscribe to a tax return, verified by a written declaration that is made under penalties of perjury, that they do not believe to be true and correct as to every material matter.
Those convicted are subject to fines of not more than USD100,000 (USD500,000 in the case of a corporation) or imprisonment of not more than three years, or both, together with the costs of prosecution (26 USC § 7206).
Aid or Assistance
A person is guilty of aiding or assisting under IRC § 7206(2) if the defendant wilfully aided, assisted, procured, counselled, advised or caused the preparation and presentation of a return that was fraudulent or false as to a material matter. The government must prove the defendant acted with specific intent to defraud the government in the enforcement of its tax laws. Those convicted are subject to fines of not more than USD100,000 (USD500,000 in the case of a corporation) or imprisonment of not more than three years, or both, together with the costs of prosecution (26 USC § 7206).
The FCPA
As noted in 3.2 Bribery, Influence Peddling and Related Offences and 3.3 Anti- bribery Regulation, the FCPA requires “issuers” that have a registered class of securities, or that are required to file periodic or other reports with SEC, to keep accurate books and records and to have a system of adequate internal accounting controls.
Under the FCPA’s internal controls provision, issuers must devise and maintain a system of internal accounting controls that provide reasonable assurances that transactions are authorised by management and recorded as necessary to permit the preparation of financial statements in conformity with generally accepted accounting principles, and to maintain accountability for assets (15 USC § 78m(b)(2)(B)(i)-(ii)). Issuers are also required to restrict access to assets unless authorised by management (15 USC § 78m(b)(2)(B)(iii)). Finally, issuers must have adequate internal controls to make sure recorded assets are compared with the existing assets at reasonable intervals and that appropriate action is taken with respect to any differences (15 USC § 78m(b)(2)(B)(iv)).
An issuer must act knowingly to violate the statute. The FCPA imposes criminal liability only when the party knowingly circumvents or knowingly fails to implement a system of internal accounting controls, or knowingly falsifies books or records (15 USC § 78m(b)(5)).
SEC has two additional rules to aid in the enforcement of the FCPA’s record-keeping provisions:
Individuals who wilfully violate the FCPA face a maximum fine of USD5 million or imprisonment of not more than 20 years, or both; entities that wilfully violate the FCPA face fines up to USD25 million (15 USC § 78ff(a)).
Securities Fraud
Under the SOX Act, it is a felony to knowingly execute, or attempt to execute, a scheme or artifice to defraud any person in connection with any security of an issuer that has a registered class of securities or is required to file periodic or other reports with SEC. The penalty for violations of the law can include a fine or imprisonment of not more than 25 years, or both (18 USC § 1348).
The SOX Act also requires financial statements to be filed periodically with SEC, and that the submissions are accompanied by written certifications from the company’s CEO and CFO (18 USC § 1350). CEOs and CFOs who certify statements knowing that the periodic report violates the requirements of this provision are subject to fines of up to USD1 million and imprisonment for ten years. If the conduct is found to be wilful, the maximum fine increases to USD5 million, and the prison term increases to up to 20 years (18 USC § 1350).
The SOX Act also contains an executive claw-back provision requiring CEOs and CFOs of issuers that are “required to prepare an accounting restatement due to the material noncompliance of the issuer” with “any financial reporting requirement” under the federal securities laws, “as a result of misconduct”, to forfeit for a 12-month period their bonus, certain other compensation and profits from the sale of company stock (15 USC § 7243(a)).
Other Financial Fraud
A variety of financial or accounting frauds may be prosecuted federally as instances of mail, wire or bank fraud. The mail fraud statute prohibits using the mail to execute a scheme intended to defraud others (18 USC § 1341). Similarly, the wire fraud statute prohibits making an interstate telephone call or electronic communication, including a transfer of funds, in furtherance of a scheme to defraud (18 USC § 1343). The bank fraud statute criminalises executing a scheme to defraud a financial institution insured by the Federal Deposit Insurance Corporation (FDIC) or to obtain any assets under the control of such an institution (18 USC § 1344). Mail, wire or bank fraud violators must knowingly devise a scheme to defraud others through materially false or fraudulent pretences, representations or promises, and must act with the intent to defraud.
Individuals who violate the mail or wire fraud statutes face up to 20 years’ imprisonment and a USD250,000 fine per violation, and entities face up to a USD500,000 fine per violation. Mail, wire and bank fraud violators face 30 years’ imprisonment and a USD1 million fine if the fraud affected a financial institution.
The Antitrust Division of the DOJ enforces federal criminal competition laws and is taking an increasingly aggressive stance. Fines for antitrust violations continue to grow.
The Sherman Act
The Sherman Antitrust Act is a federal statute that prohibits contracts, conspiracies or combinations of business interests that restrict foreign or interstate trade (15 USC § 1). Federal courts evaluate most antitrust claims under a so-called rule of reason, which requires proof that a defendant with market power unreasonably engaged in anti-competitive conduct. Examples of practices that might be evaluated for reasonableness include:
In contrast, “per se” violations of the Sherman Act involve a class of anti-competitive arrangements that are considered illegal on their face, such as an agreement among competitors to fix prices, divide markets or rig bids.
The Sherman Act also prohibits the monopolising of trade or commerce among states or with other countries (15 USC § 2). The elements of such a violation are possession of or attempt to possess monopoly power in the relevant market and wilfully acquiring or maintaining that power, as opposed to growth resulting from a superior product, business strategy or historic accident.
The Sherman Act imposes criminal penalties of up to USD100 million for corporations and USD1 million for individuals, imprisonment of up to ten years or both. The DOJ, state Attorneys General and private parties can also bring civil actions and win damages of three times the injuries sustained.
The Clayton Act
The Clayton Act prohibits a seller from discriminating in price between purchasers of goods of similar quality when doing so may result in substantial competitive injury, and from making promotional payments or services available only to some customers (15 USC § 13a). Violators face fines of USD5,000 and imprisonment of up to one year, or both.
Section 7 of the Clayton Act prohibits any merger or acquisition that will result in substantially less competition or a monopoly within a relevant market (15 USC § 18). The DOJ and FTC are both authorised to enforce Section 7, and private parties may also seek injunctive relief against a transaction that would result in a Section 7 violation (15 USC § 26).
The Clayton Act is enforceable by both the DOJ, which enforces it through civil actions, and the FTC, which primarily enforces it through administrative proceedings before the agency itself (15 USC §§ 21, 25 and 53(b)). The FTC can also seek injunctive relief.
The FTC Bureau of Consumer Protection regulates business practices including advertising and financial practices, data security, high-tech fraud and telemarketing. The FTC investigates and brings civil actions against violators and also co-ordinates with the DOJ and state prosecutors to bring criminal suits.
The Consumer Financial Protection Bureau, the US Food and Drug Administration and the DOJ also enforce various consumer protection laws, including:
State Attorneys General prosecute consumer fraud violations under a variety of state laws. Many states have adopted the Uniform Deceptive Trade Practices Act, which prohibits fraudulent business practices and misleading advertising.
The Computer Fraud and Abuse Act prohibits intentionally obtaining access to computers “without authorization” or by “exceeding authorized access” with the intent to defraud, cause damage or extort (18 USC § 1030). Sanctions include up to ten years’ imprisonment and a USD250,000 fine.
The Stored Communications Act prohibits intentionally accessing email or voicemail without authorisation or in a way that exceeded authorised access (18 USC § 2701). Sanctions include up to five years’ imprisonment and a USD250,000 fine, or ten years’ imprisonment for subsequent offences.
Wire fraud prohibits schemes to defraud that use wire, radio or television communication (18 USC § 1343). Prosecutors may charge other computer fraud violations (which have similar elements) as wire fraud due to the wire fraud statute’s higher penalties, including fines of up to USD250,000 for individuals and USD500,000 for organisations and imprisonment for up to 20 years. If the fraud affects a financial institution, or if the violation is in connection with a Presidentially declared major disaster or emergency, violators face fines of up to USD1 million and up to 30 years’ imprisonment.
The Wiretap Act prohibits intentionally intercepting or endeavouring to intercept communications without consent from the speaker (18 USC § 2511). Violators face a USD250,000 fine and up to five years’ imprisonment.
The Theft of Trade Secrets statute prohibits the theft of trade secrets and the knowing possession or use of stolen trade secrets (18 USC § 1832). Violators are subject to fines of up to USD5 million or three times the value of the stolen trade secret. Related criminal laws prohibit economic espionage (18 USC § 1831) and the wilful infringement of copyright for the purpose of commercial advantage or private financial gain (17 USC § 506(a); 18 USC § 2319).
Financial Sanctions
OFAC enforces economic and trade sanctions against countries, territories, entities, aircraft, vessels, crypto wallets and individuals who engage in certain prohibited transactions. Prohibited transactions are designated based on US foreign policy or national security interests. For example, OFAC sanctions the transfer of assets to, or trade with, certain countries, and maintains a list of “blocked” persons with whom US entities or individuals cannot conduct any business. Generally speaking, OFAC’s sanctions programmes apply to US persons, encompassing US citizens, US companies, non-US branches of US companies and any person when present in the United States. In certain circumstances, OFAC’s sanctions programmes also apply to non-US subsidiaries.
OFAC can take administrative actions such as licence denial, imposing a civil monetary penalty for violations and referring violations to the DOJ for possible criminal prosecution.
There are two principal statutes underpinning the majority of OFAC’s sanctions regimes: the Trading with the Enemy Act (TWEA) (50 USC App. §§ 5, 16) and the International Emergency Economic Powers Act (IEEPA) (50 USC §1701 et seq.).
Persons who wilfully violate any provision of TWEA or any licence, rule, or regulation issued thereunder, and persons who wilfully violate, neglect or refuse to comply with any order of the President issued in compliance with the provisions of TWEA shall, upon conviction, be fined not more than USD1,000,000 or, if an individual, be imprisoned for not more than 20 years, or both. Generally speaking, for conduct to be “wilful”, the defendant must have acted with knowledge that their conduct was unlawful. The criminal penalties provided in TWEA are subject to increase pursuant to 18 USC. 3571, which provides that persons convicted of violating TWEA may be fined up to the greater of either USD250,000 for individuals and USD1,000,000 for organisations or twice the pecuniary gain or loss from the violation. Civil penalties under TWEA currently cannot exceed USD108,489 per violation (subject to annual inflationary adjustment).
Under the IEEPA, criminal liability attaches to persons who wilfully commit, attempt or conspire to commit, or aid or abet in the commission of, a violation. Criminal liability pursuant to the IEEPA may include a fine of not more than USD1 million or, if a natural person, a prison term of not more than 20 years, or both. The IEEPA provides for a maximum civil penalty not exceeding the greater of USD368,136 (subject to annual inflationary adjustment) or an amount that is twice the amount of the transaction that is the basis of the violation with respect to which the penalty is imposed. Penalties can be substantially mitigated through the submission of a valid voluntary disclosure.
On 24 April 2024, the President signed into law the 21st Century Peace through Strength Act, Pub. L. No. 118-50, div. D. Section 3111 of the legislation extends from five years to tens years the statute of limitations for civil and criminal violations of TWEA and the IEEPA.
Trade – Export Controls and Antiboycott
There are two principal export controls regimes in the United States: the International Traffic in Arms Regulations (ITAR) administered by the US Department of State, Directorate of Defence Trade Controls pursuant to the Arms Export Control Act (AECA) (22 USC § 2778); and the Export Administration Regulations (EAR) administered by the Department of Commerce’s Bureau of Industry and Security pursuant to the Export Control Reform Act of 2018 (ECRA) (50 USC § 4811 et seq.). ITAR generally govern the export, re-export, deemed export, deemed re-export, transfer and temporary import of defence articles (hardware, software, technical data, defence services), whereas EAR generally govern the export, re-export, deemed export, deemed re-export and in-country transfer of hardware, software and technology that is commercial or dual-use in nature. The extent of the controls imposed on a particular item generally are dictated by the nature of the item, its destination, the identity of the end user and the nature of the end use. Furthermore, these controls are extraterritorial in effect as they follow the items, including, in certain circumstances, when such items are incorporated into larger assemblies or systems.
EAR also include anti-boycott regulations. These regulations discourage, and in some circumstances prohibit, US persons from taking certain actions in furtherance or support of a boycott maintained by a foreign country against a country friendly to the United States (unsanctioned foreign boycott). US persons must report their receipt of certain boycott-related requests for information designed to verify compliance with an unsanctioned foreign boycott. Prohibited activities include, inter alia, agreements to refuse to do business with a boycotted country or with blacklisted persons for boycott-related reasons, furnishing information about any person’s business relationships with a boycotted country or with blacklisted persons, and implementation (by US banking entities) of letters of credit that include prohibited boycott-related terms or conditions. For anti-boycott compliance purposes, US persons include all individuals, including foreign nationals, who are resident in the United States, as well as corporations and unincorporated associations that are resident in the United States, including the permanent domestic establishments of foreign concerns. The term also applies to US citizens residing abroad (except when they are employed by non-US persons) and the “controlled in fact” foreign subsidiaries, affiliates or other permanent foreign establishments of domestic concern. Note that the Department of the Treasury also administers the anti-boycott provisions found within the IRC.
Both agencies that administer ITAR and EAR can take administrative actions such as licence denial, imposing a civil monetary penalty for violations and referring violations to the DOJ for possible criminal prosecution. Under AECA, wilful violators are subject to up to USD1,000,000 in corporate fines, and to up to USD1,000,000 per violation for individuals and/or up to 20 years imprisonment. Civil penalties can be imposed in an amount not to exceed the greater of USD1,238,892 (subject to annual inflationary adjustment) and an amount that is twice the value of the transaction that is the basis of the violation with respect to which the penalty is imposed. Under ECRA, criminal penalties can include up to 20 years of imprisonment and up to USD1 million in fines per violation, or both (as well as criminal forfeiture of funds or other property involved in any violation). Civil penalties can be imposed in an amount not to exceed USD364,992 per violation (subject to annual inflationary adjustment) or twice the value of the underlying transaction, whichever is greater. Under both ITAR and EAR, violators can also be denied export privileges or debarred from government contracting. Penalties can be substantially mitigated through the submission of a valid voluntary disclosure. The applicable statute of limitations is five years.
Customs
Smuggling and other importation violations are crimes under 18 USC §§ 541, 542 (importation of goods by means of any fraudulent written or verbal statement), 544 and 545 (smuggling). The false statements statute provides for fines and potential imprisonment of up to two years. Smuggling is knowingly and clandestinely bringing goods into the USA with the intent to defraud the government by failing to properly declare the goods. Prosecutors must prove intent for a smuggling conviction. The punishment for smuggling is a fine of up to USD250,000 and imprisonment of up to 20 years. In addition, the defendant forfeits the merchandise smuggled, or its value. US Customs and Border Protection also can impose civil penalties for misstatements or omissions in connection with imported merchandise, which also can give rise to liability under 18 USC § 1000 and the False Claims Act (FCA) (31 USC § 3730(h).
Defendants can incur liability for both concealment and an underlying offence. State and federal laws criminalise efforts to conceal wrongdoing improperly, which are generally referred to as obstruction of justice.
The provision in 18 USC § 1503 punishes corrupt attempts to obstruct the “due administration of justice” in connection with a pending judicial proceeding. Violators face up to ten years’ imprisonment and a fine of up to USD250,000 for individuals and USD500,000 for organisations.
Similarly, 18 USC § 1505 punishes attempts to impede the “due and proper administration of the law” in any proceeding before a US agency, department or committee, including Congress. Violators face up to five years’ imprisonment, or eight years’ in terrorism cases, and a USD250,000 fine.
Even when the offences are not charged separately, prosecutors and regulators consider efforts to conceal wrongdoing to be aggravating factors in charging and sentencing.
Federal law prohibits making false statements to the government, including by misleading misrepresentations (18 USC § 1001). The government must prove that the defendant made a statement or representation that was:
Convicted parties face fines up to USD250,000 and five years’ imprisonment. If the crime is related to terrorism, the convicted parties face up to eight years’ imprisonment.
When a person or entity has a duty to disclose facts, such as to maintain accuracy on a government form, a failure to disclose such facts can be a basis for liability.
Both state and federal courts recognise liability for aiding and abetting, although state laws may vary from federal law. A director, officer or employee of a corporation can incur liability for aiding and abetting the commission of a corporate crime. Under federal law, anyone who “aids, abets, counsels, commands, induces or procures” the commission of an offence is punishable in the same manner and to the same extent as the principal actor (18 USC § 2(a)).
Certain actors may also be liable for “causing” another to violate a federal securities statute. For example, any person or entity who causes another to violate the federal securities laws may also be liable, and SEC may issue a cease-and-desist order against a secondary actor. For such causing liability to attach, SEC must prove three elements:
The Money Laundering Control Act (18 USC §§ 1956 and 1957) criminalises money laundering. Prosecutors must show that a defendant knowingly transported or transmitted funds between states or between the USA and another country, knowing the funds were the proceeds of unlawful activity and knowing the movement was designed to conceal the nature, location or source of the proceeds of the unlawful activity.
The penalty is up to 20 years in prison, a fine of up to USD500,000 or twice the value of the property involved, whichever is greater, and the mandatory forfeiture of property involved in the offence or traceable to the offence, or of substitute assets (18 USC § 982(a)(1) & (b)(2)).
Under 18 USC § 1957, liability extends to persons who knowingly engage in monetary transactions that meet three criteria:
Violators face up to ten years’ imprisonment and a maximum fine of USD250,000, or not more than twice the amount of the criminally derived property involved in the transaction.
In addition, financial institutions have obligations under the Bank Secrecy Act and related regulations to help detect and report suspicious activity. Specifically, financial institutions must file a currency transaction report for transactions involving more than USD10,000. Courts may punish individuals for structuring transactions to evade the USD10,000 reporting requirement.
Financial institutions must also establish effective programmes to combat money laundering. The Department of the Treasury uses enforcement actions to ensure compliance with the Bank Secrecy Act. The criminal penalty for a wilful violation of the Bank Secrecy Act is a fine of up to USD250,000 and imprisonment for up to five years. A higher penalty may apply if the violation occurs with another crime or as part of a pattern of illegal activity.
On 4 September 2024, the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a final rule adding certain registered investment advisers and exempt reporting advisers to the definition of “financial institution” under the regulations implementing the Bank Secrecy Act of 1970, effective 1 January 2026.
Common defences to white-collar crimes include the following.
An effective compliance programme is not a defence to criminal charges, but government agencies view an effective compliance programme as a mitigating factor weighing against prosecution, enforcement actions or the assessment of penalties.
No industry or sector is exempt from compliance with white-collar crime-related laws. Exceptions to white-collar offences exist under statute-specific provisions. For example, the FCPA contains an exception for so-called grease payments used to expedite or secure the performance of routine governmental actions (15 USC § 78dd- 1(b)). However, courts and regulators construe the exception narrowly, and payments typically involve small amounts. No de minimis exceptions exist under the FCPA or other white-collar fraud statutes.
Plea agreements allow defendants, both individual and corporate, to acknowledge wrongdoing voluntarily in exchange for lesser penalties or convictions on potentially reduced charges. Plea agreements also offer entities and individuals predictability in outcomes and penalties that trials do not. Defendants may plead guilty to one type of charge in exchange for the dismissal of other types of charges, or of other counts of the same charge. Defendants may also plead guilty without receiving reduced charges in exchange for a recommendation from prosecutors for a reduced sentence. Sentencing recommendations from prosecutors are not binding on courts, however, all sentences are determined by a judge. For these and other reasons, plea agreements (as opposed to trials) are commonly used to resolve criminal cases in the USA.
At the federal level, plea agreement procedures are governed by Rule 11 of the Federal Rules of Criminal Procedure. Defendants must admit to sufficient facts to prove each element of the crime to which they are pleading, as well as the crime itself.
Plea agreement policy varies among prosecutors’ offices, although all federal prosecutors are guided by ethical and policy guidance promulgated by the DOJ. In addition, federal and state prosecutors follow common charging and plea practices established for their various offices, which tend to be recorded in confidential internal guidance.
Voluntary self-disclosure and meaningful co-operation with investigators are considered mitigating factors by agencies and prosecutors. Other common leniency measures include remediation efforts, the mitigation of possible harm, restitution and reform (including changes in internal policies). The payment of restitution in advance of enforcement action also demonstrates a corporation’s acceptance of responsibility.
Examples of proactive steps that legal counsel can take to receive co-operation credit include:
Whistle-blowers have express protection against retaliation by employers under several statutes relevant to white-collar offences, including the FCA (31 USC § 3730(h)), the SOX Act, and the Dodd-Frank Act (15 USC § 78u-6).
Under the FCA, an employer may not take an adverse employment action against an employee for providing a tip to a regulator or for assisting in a regulatory investigation. Under the SOX Act, whistle-blowers may even pursue reinstatement, back pay and other compensation from the Department of Labor. Under the Dodd-Frank Act, an employer cannot retaliate against a whistle-blowing employee, and employees are granted a private cause of action in the event they are discharged or discriminated against in violation of the Act.
The identity of a whistle-blower is also protected by statute. For example, under the Dodd-Frank Act, SEC may not disclose information that could reasonably be expected to reveal the identity of a whistle-blower, except in limited circumstances.
Large financial incentives exist for whistle-blowers to report white-collar offences. Whistle-blowers who voluntarily provide SEC with original, timely and credible information that leads to a successful enforcement action in which the monetary sanctions exceed USD1million may be eligible for an award of 10% to 30% of the penalty collected. The FCA provides for awards of between 15% and 30% of the proceeds of the action or settlement of the claim.
The US DOJ launched its Corporate Whistleblower Awards Pilot Program (the “Whistleblower Pilot Program”) in August 2024, which awards whistle-blowers who provide original, truthful disclosures that lead to a successful forfeiture of assets that exceed USD1 million. To be eligible, the disclosures must relate to crimes involving financial institutions, foreign corruption involving misconduct by companies, domestic corruption involving misconduct by companies, or healthcare fraud schemes not covered by the FCA. The Whistleblower Pilot Program encourages whistle-blowers to first report misconduct internally by considering internal reporting as a plus factor when calculating any whistle-blower award.
Typically, whistle-blowers are protected by companies through specific whistle-blower policies or company ethics codes that provide permutations of the following.
Companies should never prohibit or discourage an employee from sharing information with SEC and should not impose overly broad confidentiality obligations that could reasonably be interpreted to deter employees from sharing information with SEC. The federal securities laws prohibit any person from “imped(ing) an individual from communicating directly with the [SEC] about a possible securities law violation” (17 CFR § 240.21F–17(a)). SEC has taken an expansive view of that rule and brought enforcement actions against companies based upon:
1301 Pennsylvania Avenue,
NW
Washington,
DC 20004
USA
+1 202 389 5000
abby.flanaganfrankl@kirkland.com www.kirkland.com