(Re-)Planting the Flag: DOJ’s National Security Division Reaffirms Primacy in Corporate National Security Enforcement

The Department of Justice’s March 2026 rollout of a unified Corporate Enforcement Policy marks a pivotal shift in how federal agencies handle corporate misconduct. By consolidating component‑specific programs into a single framework, the CEP aims to streamline voluntary self‑disclosure incentives while preserving the DOJ’s overarching enforcement philosophy. The National Security Division, however, has signaled that it will remain the de‑facto gateway for any matters touching export controls, sanctions or other national‑security statutes, urging firms to direct disclosures to its office first.

For corporations, the practical impact is two‑fold. First, the CEP’s credit mechanism still rewards good‑faith disclosures, but the NSD’s explicit preference for being the primary contact means that routing a case through another DOJ component could jeopardize the most favorable outcome. Second, the NSD’s own budget submission highlights acute personnel shortages in its Counterintelligence and Export Control Section, suggesting that the division may prioritize cases with clear, early engagement. Companies therefore need to embed NSD considerations into their compliance risk assessments, ensuring that internal escalation protocols trigger timely, NSD‑focused reporting.

Looking ahead, the convergence of DOJ enforcement under the CEP, combined with the NSD’s resource constraints, is likely to intensify scrutiny of trade‑related violations and export‑control breaches. Firms should invest in risk‑tailored compliance programs, maintain robust documentation, and conduct periodic self‑audits to pre‑empt potential investigations. By treating the NSD as the first point of contact, organizations can better position themselves for the maximum discretionary benefits the CEP offers, while mitigating the risk of costly prosecutions across the broader federal enforcement landscape.