Rules Navigator

Justice department rewards self-reporting in national security case

Capitol building with overlay of code
Photo: Douglas Rissing/Getty Images

Vlada Gurvich

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

USRA spared prosecution after self-reporting employee’s illegal export of sensitive US aviation software to Chinese military-linked university.

In a rare move with potentially wide-reaching implications for corporate compliance in national security matters, the US Department of Justice (DOJ) has formally declined to prosecute the Universities Space Research Association (USRA), a nonprofit aerospace contractor, despite its entanglement in a criminal export control violation.

The case centers around a former USRA employee, Jonathan Soong, who admitted to illicitly exporting US Army-developed aviation software, subject to federal export controls, to Beihang University in China, a known entity on the Commerce Department’s restricted list due to its involvement in military technology development.

While Soong was sentenced to 20 months in prison, USRA’s proactive self-reporting, full cooperation, and remedial efforts earned it a declination from prosecution.

This decision stands out not simply because it exonerates an organization from legal consequences, but because it signals the Justice Department’s strategic pivot toward rewarding transparency and compliance in the corporate realm, particularly when national security is at stake.

This decision stands out because it signals the Justice Department’s strategic pivot toward rewarding transparency and compliance in the corporate realm.

Rather than casting a wide net of liability, the department emphasizes that it was USRA’s swift internal investigation and prompt notification to authorities that enabled the successful prosecution of Soong. More notably, officials pointed to the organization’s provision of foreign language evidence, restitution payments, and internal discipline as evidence of a gold-standard response to internal wrongdoing.

At the heart of this case lies the misappropriation and unlawful export of a sensitive piece of software, CIFER, used for analyzing and controlling aircraft flight systems. Soong circumvented export regulations by channeling transactions through a third-party front, directing funds to a personal account, and misleading both his employer and NASA.

When suspicions surfaced and the scheme unraveled, it was USRA’s internal counsel who confronted Soong and extracted his admission, laying the groundwork for federal prosecution.

The clarity and speed with which USRA acted are being lauded as a model for how institutions should respond when national security violations are discovered within their ranks.

New compliance benchmark

The Justice Department’s declination letter provides a striking real-world application of the National Security Division’s (NSD) Enforcement Policy for Business Organizations, setting a practical benchmark for what it takes to avoid prosecution in national security-related corporate misconduct.

The policy outlines a three-part framework: voluntary self-disclosure, full cooperation, and timely remediation. In the USRA’s case, the organization not only met but exceeded expectations in each category, acting swiftly after misconduct surfaced, turning over detailed evidence (including translated and overseas documents), and enforcing disciplinary actions beyond the guilty individual.

Importantly, USRA’s disclosure occurred within days of its employee’s confession – before completing its internal probe – allowing federal investigators to preserve evidence and prosecute effectively.

This case is especially illustrative of how the Justice Department interprets “willfulness” and “voluntary disclosure” under its enforcement framework. While the former employee knowingly violated export laws, the organization showed no signs of corporate complicity.

The depth of cooperation … demonstrated a commitment to accountability that transcended minimal compliance.

Under NSD’s criteria, self-reporting qualifies as “voluntary” only when it precedes any imminent threat of exposure or investigation and is directed explicitly to NSD.

USRA’s counsel notified NSD promptly after the internal confession, without waiting for full forensic certainty, an act that DOJ deemed critical in establishing trust and facilitating law enforcement’s response.

Moreover, the depth of cooperation, proactive document retrieval, foreign language assistance, and real-time updates, demonstrated a commitment to accountability that transcended minimal compliance.

The declination letter further clarifies that “timely and appropriate remediation” means more than punishing wrongdoers, it involves structural reforms and restitution. USRA not only terminated the employee’s contract and disciplined a supervisor but also revamped its internal controls and refunded over $250,000 in improperly used government funds.

Crucially, the Justice Department acknowledged that the organization did not profit from the misconduct and instead bore financial costs to rectify it.

This reinforces a key aspect of the NSD’s approach: companies that invest in governance, act quickly, and demonstrate integrity can not only protect national security, but also their own legal viability.

Strategic shift

In recent years, the DOJ has intensified its messaging around voluntary self-disclosure, with the NSD’s Enforcement Policy offering concrete benefits, such as declinations and penalty reductions, for businesses that act swiftly, disclose misconduct before government discovery, and commit to internal reform.

MilliporeSigma became the first recipient of a formal declination under this updated framework, showing that companies operating in sensitive sectors like biotechnology and aerospace are increasingly expected to act as first responders in the national security compliance landscape.

The USRA and MilliporeSigma declination decisions reflect a broader recalibration underway within the US Department of Justice: a conscious pivot from punitive postures toward incentivizing corporate integrity.

This doctrinal shift is not merely symbolic.

Through updated policies on self-reporting, clawbacks, and whistleblower rewards, the DOJ is creating a legal environment where transparency and early disclosure are both shield and sword. Notably, even imperfect disclosures, those delayed or incomplete, may still earn mitigation credit if made in good faith.

The Albemarle FCPA case is a telling example: despite delayed disclosure, the company received a record-high fine reduction for its full cooperation and remediation efforts. The takeaway is clear: self-disclosure need not be perfect to be valuable.

The DOJ is creating a legal environment where transparency and early disclosure are both shield and sword.

At the same time, the DOJ is tightening expectations on internal accountability. Companies seeking leniency must not only terminate the contracts of culpable employees but also demonstrate structural fixes: improved compliance programs, executive accountability, and ethical culture-building.

Enforcement now hinges less on technical violations and more on how firms respond to them. In this light, declinations such as USRA’s and MilliporeSigma’s do not represent leniency per se, but recognition of corporate citizenship.

As the DOJ further empowers compliance officers and aligns prosecutional discretion with responsible corporate behavior, businesses that engage early, honestly, and reformatively will not just avoid penalties, they will define the new gold standard for corporate governance in the national security domain.

Moreover, as export controls become an increasingly potent tool in the geopolitical contest with China, the USRA case offers a glimpse into a new era of enforcement, one that incentivizes internal accountability as much as it punishes external malfeasance.

, , , , ,

You may also like