From risk to relief: PE firm avoids prosecution with swift disclosure

Background

On June 16, 2025, DOJ’s National Security Division (NSD) and the US Attorney’s Office for the Southern District announced that they declined to prosecute private equity firm White Deer Management LLC and its affiliates after White Deer acquired Texas-based Unicat Catalyst Technologies LLC. Following the acquisition, White Deer discovered that Unicat had a history of sanctions and export control violations and had falsified invoices to reduce tariff payments. Upon learning of the misconduct, White Deer promptly halted the unlawful activities, engaged outside counsel, and voluntarily self-disclosed the potential violations to DOJ’s NSD prior to completing its internal investigation.

The self-disclosed wrongdoing by Unicat was serious and wide-ranging. According to DOJ, Unicat’s former CEO – who was also a seller of the business – conspired to violate US sanctions and export control laws by making unlawful sales of specialized chemical catalysts used in oil refining and steel production to Iran, Venezuela, Syria, and Cuba. To conceal these dealings, the conspirators falsified export documentation and financial records by misrepresenting customer identities and assuring unwitting employees that the sanctioned sales were lawful. Unicat reaped approximately $3.33 million in revenue from these unlawful sales.

Crucially, the acquired company engaged in additional trade violations beyond sanctions and export controls violations. DOJ reported that Unicat’s executives “falsified invoices to reduce the tariffs” on imports of Chinese-origin catalysts. By undervaluing imports from China, Unicat evaded approximately $1.66 million in customs duties, taxes, and fees. During the sale process, Unicat actively concealed these issues from the buyer when Unicat’s prior owners falsely gave contractual representations and warranties attesting to compliance with US sanctions and export laws.

Post-acquisition compliance efforts

After the acquisition closed, the misconduct came to light when a new CEO installed by the private equity firm finally gained on-site access (delayed by COVID-19 travel restrictions) and discovered a pending transaction with an Iranian customer. White Deer’s management immediately canceled the suspected deal, retained counsel, launched an internal investigation, and made a voluntary self-disclosure (VSD) to DOJ/NSD within about one month upon confirming likely criminal violations. White Deer and Unicat   spent more than $4 million on investigation and remediation efforts, including (among other actions):

• Conducting an “extensive, thorough, and robust” internal investigation;
• Proactively disclosing foreign-located records and voluntarily making foreign-based employees available for interviews;
• Terminating employees involved in the misconduct;
• Implementing a risk-based trade compliance policy;
• Appointing a trade compliance manager;
• Establishing periodic audits and risk assessments of the company’s compliance program; and
• Implementing enhanced compliance requirements in third-party supplier and sales agent agreements.

Regulatory outcomes

DOJ announced it would decline to prosecute White Deer as the acquiror, crediting the firm’s prompt disclosure and full cooperation. This DOJ declination for White Deer is the first known instance of the M&A Safe Harbor Policy – announced in October 2023 and implemented in March 2024 – being applied to spare an acquiring company from prosecution. DOJ officials highlighted that the decision “reflects [NSD’s] strong commitment to rewarding responsible corporate leadership” when companies “uncover misconduct, stop it, and quickly report it” after an acquisition.

DOJ specifically noted that White Deer’s actions satisfied the M&A Safe Harbor Policy’s requirements, including that:

• White Deer completed a bona fide, arm’s-length acquisition;
• No preexisting disclosure obligation required White Deer to disclose the misconduct;
• The disclosure was timely under the given circumstances (even though the disclosure occurred 10 months after the acquisition);
• White Deer and the company provided “exceptional and proactive cooperation”; and
• The misconduct was timely and appropriately remediated less than one year from the date of discovery.

Instead, DOJ focused enforcement on the culpable parties and the acquired company itself:

• The former CEO of Unicat, Mani Erfan, pleaded guilty to conspiracy to violate US sanctions (among other charges) and faces criminal penalties, including a $1.6 million forfeiture judgment. Another Unicat insider also was prosecuted separately (as indicated by DOJ’s related case announcements).
• The acquired company, Unicat, entered a non-prosecution agreement (NPA) with DOJ, under which it agreed to pay $3.325 million in forfeiture (disgorgement of the illegal proceeds). While the NPA means Unicat avoids criminal conviction, it must comply with ongoing obligations.

Multiagency coordination

Notably, these resolutions were coordinated with civil regulators. In parallel with DOJ’s declination, the Office of Foreign Assets Control (OFAC) imposed a $3.88 million penalty for Unicat’s apparent sanctions violations of programs implemented under the International Emergency Economic Powers Act, and the Commerce Department’s Bureau of Industry and Security (BIS) imposed a $391,183 penalty for Unicat’s violations of the Export Administration Regulations (EAR). To avoid double-counting, DOJ agreed to credit Unicat’s $3.325 million forfeiture against the OFAC fine, and BIS’s penalty was largely satisfied by the OFAC payment credit. Additionally, US Customs and Border Protection (CBP) separately collected about $1.655 million in underpaid duties and fees from Unicat to resolve the tariff-evasion aspect of the scheme. These coordinated outcomes underscore that voluntary disclosure does not erase civil liability – the acquired business still bore substantial financial penalties for its pre-sale misconduct – but cooperation can streamline resolutions and avoid compounding penalties.

Implications for sanctions enforcement and post-acquisition disclosures

1. Heightened enforcement focus on M&A: This case sends a clear message that US enforcement agencies are closely attuned to misconduct uncovered through mergers and acquisitions. Sanctions and export control violations at acquired companies expose both the sellers and wrongdoers to serious consequences, and now DOJ has a framework to reward acquirors for bringing such issues to light. We see cross-agency coordination in action: DOJ, OFAC, BIS, and CBP all took part. For the acquiring firm, voluntary disclosure led to a far more favorable outcome than if the violations had been discovered by the government later. By self-reporting, the acquiror avoided criminal charges entirely, whereas a failure to disclose could have left the new owners on the hook under “successor liability” for the target’s sanctions breaches. The case illustrates that regulators will use all tools available (e.g., criminal, civil, and administrative penalties) to address legacy compliance failures, but they are willing to show substantial leniency to an acquiror that comes forward proactively.
2. Expanded risk exposure – beyond sanctions: Notably, the White Deer/Unicat matter demonstrates that sanctions and export control violations often come packaged with other legal violations. Here, the target’s misconduct extended to falsifying import invoices and evading tariffs. US tariffs have been expanded significantly during the first half of 2025 and are expected to remain in place for the foreseeable future and grow increasingly complex. While companies should consider various legal methods to mitigate the impact of tariffs, there is increased risk – including criminal liability – for violations related to misrepresenting the value of imported goods and falsifying import documentation.Private equity buyers should recognize that if a company has violated sanctions or export control laws, there may also be tax, customs, anti-money laundering, or fraud issues lurking beneath the surface. US authorities uncovered both national security offenses (sanctions/export violations) and financial crimes (customs fraud and false records) in Unicat’s scheme. This broadens the scope of post-acquisition risk: A voluntary disclosure might need to be made not only to DOJ’s NSD, but potentially to agencies like OFAC, BIS, or CBP, depending on the violations. In cross-border deals, multiple jurisdictions may be involved as well.The M&A Safe Harbor Policy itself is US-focused, but global acquirors should be mindful that sanctions enforcers in the European Union (EU) and United Kingdom (UK) are also ramping up oversight. For instance, a new EU directive requires member states to treat voluntary self-reporting of sanctions violations as a mitigating factor in penalties. While the EU has not established a formal M&A safe harbor, European regulators and the UK’s Office of Financial Sanctions Implementation (OFSI) similarly encourage early disclosure and remediation of sanctions breaches as part of an effective compliance program. In short, whether under US or European regimes, firms that uncover historical misconduct must not turn a blind eye, as coming forward promptly can significantly reduce legal exposure.
3. Continued compliance obligations: Even with DOJ declining to prosecute the acquiror, the case isn’t “over” once self-disclosure is made. The acquired company, now part of the acquiror’s portfolio, had to implement robust remediation: terminating or disciplining wrongdoers, overhauling internal controls, and enhancing its trade compliance program. In fact, in evaluating the safe harbor, DOJ looked favorably on the fact that Unicat remediated the root causes within a year, updated compliance procedures, and even sought reimbursement from the sellers for the damages caused. Acquiring firms should be prepared to invest in compliance integration and remediation post-closing. This not only helps secure leniency but also protects the business going forward. DOJ’s policy makes clear that it places “an enhanced premium on timely compliance-related due diligence and integration” in M&A. Regulators expect the acquiror’s compliance team to have a strong role in the transaction, both pre-closing (to the extent possible) and immediately post-closing, to root out any illegal conduct. Failure to do so could result in harsher treatment or even the loss of safe harbor eligibility.

Key takeaways and guidance for private equity/M&A

1. Robust pre-acquisition due diligence: PE firms should conduct thorough trade compliance and sanctions due diligence on any acquisition target, especially those involving international operations or high-risk markets. They should identify red flags such as sales in or to embargoed countries, use of third-party intermediaries in sanctioned regions, discrepancies in shipping records, or unusual payment flows. It is also wise to engage specialized counsel to assess export licenses, customs practices, and supply chain data. While the new M&A Safe Harbor Policy offers some protection post-closing, preventative diligence is still the first line of defense: It is far better to uncover and address issues before acquisition whenever possible.
2. Negotiating protections in transaction documents: Given the possibility of hidden liabilities, acquirors should insist on comprehensive compliance representations and warranties from sellers regarding sanctions, export controls, customs, and other regulatory areas. In the White Deer deal, the sellers’ representations turned out to be false, which at least gives the buyer a potential claim for breach. Buyers should also consider indemnities or escrow holdbacks specifically tied to regulatory violations discovered post-closing. While representations and indemnities will not eliminate government exposure, they can provide recourse to offset fines or losses. Representations should not only cover  compliance with law in general but also specifically address sanctions, export licensing, and import/tariff practices, to flush out any issues. If the target is in a sensitive industry or geography, enhanced due diligence and possibly representation and warranty insurance riders for known high-risk areas may be warranted.
3. Post-closing integration and audits: Closing the deal is just the beginning for compliance. An acquiror should plan for immediate post-acquisition integration reviews, especially if pre-closing diligence was constrained (e.g., the transaction involved a carve-out or foreign target where data was limited). DOJ’s M&A Safe Harbor Policy effectively grants a six-month window post-closing to discover and self-report misconduct. Acquirors should use this window wisely, including deploying forensic audits, trade compliance reviews, International Traffic in Arms Regulations (ITAR)/EAR classification checks, and sanctions screening of customers and suppliers as part of integration. It is also important to ensure that experienced compliance personnel visit key facilities early on and interview legacy managers and employees. Any “areas of concern” identified pre-closing should be promptly addressed after closing. Having a detailed post-closing compliance plan will be essential to preserve the option of safe harbor protection if something is amiss.
4. Swift voluntary disclosure if misconduct is found: If an acquiror does uncover a potential violation (e.g., sanctions, export control, or customs fraud) at the newly acquired business, it is important to involve legal counsel immediately to investigate and confirm the facts and be prepared to voluntarily disclose to the appropriate authorities. Under the M&A Safe Harbor Policy, disclosure must be made within six months of closing to guarantee eligibility. In practice, as soon as a credible potential violation is verified, the acquiror should coordinate with counsel to notify DOJ (and likely parallel regulators such as OFAC or BIS for sanctions/export issues). White Deer’s case shows that disclosing “before the investigation was complete” (i.e., early, rather than after a year-long internal probe) won DOJ credit for speed and cooperation. Self-reporting can substantially mitigate penalties: Not only did White Deer avoid prosecution, but its disclosure also led OFAC and BIS to resolve Unicat’s violations without draconian fines. In fact, the DOJ-forfeited amount was credited against OFAC’s penalty. In contrast, choosing not to disclose and hoping the issue stays buried is extremely risky. If the government later discovers the violation (through a whistleblower, audit, or industry probe), the acquiring company is likely to face severe penalties, no leniency, and potential criminal charges for the legacy misconduct and the cover-up.
5. Strengthen compliance programs and training: PE firms operating globally must maintain strong compliance frameworks not just at the fund level but across their portfolio companies. This case underscores the importance of cultivating a compliance culture in newly acquired businesses. Acquirors should provide immediate training to the acquired company’s employees on sanctions, export controls, and trade compliance basics. They should also update the code of conduct and policies to align with the acquiror’s standards and establish clear reporting channels for any compliance concerns. Quickly integrating the target into the acquiror’s compliance program (and documenting those efforts) will not only reduce the chance of future violations but also position the company favorably if a disclosure must be made. DOJ explicitly “highlights the importance of having compliance personnel involved” in M&A transactions and subsequent integration. Regulators want to see that acquirors treat compliance as a priority in M&A, allocating adequate resources to due diligence and post-closing monitoring.
6. Coordinate globally and consider EU/UK obligations: For cross-border deals, it is important to remember that US law is often not the only game in town. If a European target has engaged in sanctionable conduct, EU member state laws and UK sanctions regulations may also apply. Many jurisdictions lack a formal safe harbor akin to DOJ’s, but they do consider cooperation in enforcement decisions. The EU is moving toward harmonized criminal sanctions for embargo violations, with an expectation of voluntary disclosure regimes to incentivize self-reporting. The UK’s OFSI similarly encourages early self-disclosure of sanctions breaches (offering up to 50% penalty reductions in some cases for voluntary disclosures). Thus, private equity firms should seek counsel in all relevant jurisdictions when grappling with discovered misconduct. A coordinated disclosure strategy can help resolve issues comprehensively and avoid conflicts (as seen by the US agencies working together in the Unicat matter). Importantly, private equity firms should ensure that any disclosures to US authorities do not violate data privacy or blocking statutes abroad, and they should involve multinational counsel to navigate sharing information across borders lawfully.

Conclusion

DOJ’s first use of the M&A Safe Harbor policy is a landmark development for private equity firms, other acquirors, and M&A practitioners. It demonstrates that swift and responsible action in the face of inherited legal violations can dramatically reduce enforcement pain for acquirors. Sanctions and export control risks are at the forefront of regulators’ priorities, and both the United States and the EU are upping the ante on enforcement in these areas. For private equity firms, the key lesson is that compliance must be front-loaded into the deal process and rigorously followed through in integration. By investing in robust due diligence, insisting on honest disclosures from sellers, and having an integration plan that includes early risk audits, firms can not only prevent costly surprises but also avail themselves of regulatory leniency if a problem is discovered. The White Deer case should be seen as a positive precedent: It shows that the M&A Safe Harbor Policy “rewards honesty,” allowing acquirors to focus on fixing problems rather than fearing punishment for problems they did not create.

Private equity sponsors engaged in global deals would be wise to proactively develop playbooks for handling potential legacy regulatory risks, including clear internal protocols for escalation, investigation, and voluntary disclosure of any red flags uncovered during acquisitions. The cost of doing so is far outweighed by the risk of successor liability in the absence of such measures. In summary, a culture of compliance and transparency is the best defense when acquiring businesses with checkered pasts, and now, both DOJ policy and emerging EU directives are aligning to encourage exactly that approach.

If you have questions about the points addressed in this article, contact one of the authors or your regular McDermott lawyer.