On April 30, 2025, the U.S. Department of Justice’s National Security Division (“NSD”) issued a formal declination of prosecution to the Universities Space Research Association (“USRA”) following the organization’s timely and fulsome voluntary self-disclosure of export control violations perpetrated by a former employee.

The declination, conveyed through a detailed letter signed by Principal Deputy Assistant Attorney General David Newman, marks one of the clearest applications to date of the NSD’s updated voluntary self-disclosure policy for business organizations engaged in national security-related activities. It confirms that, under appropriate circumstances, the Department will forego criminal charges even in cases involving serious violations of the Export Administration Regulations (“EAR”) where the disclosing organization meets the stringent criteria of early disclosure, full cooperation, and effective remediation.

The underlying conduct involved Jonathan Soong, a former USRA program administrator assigned to a cooperative agreement between USRA and the National Aeronautics and Space Administration (“NASA”). In his capacity as a program administrator, Soong held responsibility for administering third-party license agreements related to NASA-developed software and managing license fee payments made by foreign institutions. In contravention of U.S. export control laws and without seeking required authorization from the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”), Soong exported restricted aeronautics software developed by the U.S. Army and NASA to Beihang University, a Chinese institution that had been designated on BIS’s Entity List since 2018 due to its ties to the People’s Liberation Army and China’s aerospace and weapons development activities. The software, which was controlled under the EAR and not eligible for license exception treatment, required a validated BIS license prior to export.

Compounding the gravity of the export violation was the fact that Soong directed Beihang University to remit license fees not to USRA or NASA, but to shell companies he personally controlled. Over the course of several years, Soong embezzled more than $300,000 in payments from foreign universities—funds that should have accrued to the U.S. government. His scheme ultimately came to light in late 2021, when he voluntarily confessed his misconduct to USRA’s outside legal counsel. Rather than delay its response, USRA acted with commendable speed and diligence. Within days of receiving Soong’s confession, USRA notified federal authorities and initiated a wide-ranging internal investigation. By the time of the formal self-disclosure to DOJ, the organization had already undertaken steps to preserve relevant records, identify the full scope of potentially unlawful activity, and engage with BIS and NASA to assess remedial action.

In evaluating whether to initiate a criminal case, the NSD applied the criteria set forth in its updated Enforcement Policy for Business Organizations Handling National Security Matters, last updated in March 2024. That policy establishes a rebuttable presumption in favor of declination where a business voluntarily discloses potential criminal conduct, fully cooperates with the Department’s investigation, and implements timely and appropriate remedial measures. Here, the Department determined that USRA satisfied all three pillars. Notably, the Department found that the self-disclosure was not only timely but preceded any known federal investigation or third-party reporting. Moreover, the disclosure included all relevant facts—including the identity of the individual responsible—and USRA continued to provide full cooperation throughout the DOJ’s investigation.

In its declination letter, the NSD emphasized that USRA had gone well beyond the minimum expectations typically associated with compliance remediation. The organization promptly terminated Soong’s employment, issued disciplinary action to supervisors who failed to detect or escalate the misconduct, and overhauled its internal export compliance and financial oversight controls. These measures were not merely cosmetic; they involved substantive institutional reforms and additional compliance training designed to mitigate future risk. USRA also repaid NASA and the U.S. Treasury the full amount of embezzled license fees, reinforcing the Department’s view that the entity had acted in good faith to restore the status quo and address the underlying harm.

Crucially, the NSD found no aggravating circumstances that would preclude declination. There was no indication that USRA management had knowledge of, much less directed, Soong’s conduct. The software exports, while serious, did not involve weapons systems, classified technology, or items controlled for national security or missile technology reasons under the Commerce Control List. The violations were not systemic in nature, nor did they reflect a culture of disregard for export compliance obligations. Rather, they arose from a single rogue employee who exploited his position of trust. The DOJ’s declination thus reflects a careful balancing of the facts: serious violations occurred, but the organization responded in a manner that satisfied the Department’s most rigorous standards for voluntary disclosure and cooperation.

The implications of this matter for industry are considerable. In recent years, DOJ has repeatedly emphasized its intention to treat national security-related corporate crime with the same intensity as it applies to foreign corruption and antitrust violations. As part of this shift, the Department has made clear that self-disclosure is no longer a peripheral consideration, but a central pathway for resolving violations without criminal charges. The USRA declination reinforces this point with clarity. For companies operating in sectors involving controlled technology, government contracting, space and aeronautics, or international collaboration, the case illustrates that mistakes—even serious ones—need not result in prosecution if the organization can demonstrate proactive detection, transparent engagement with regulators, and credible remedial action.

The declination reinforces the principle that internal compliance programs must be operationally effective—not merely well-drafted policies on paper. To serve their purpose, such programs must be capable of promptly identifying potential violations, facilitating internal escalation, and supporting timely, well-informed disclosure decisions. In USRA’s case, the organization’s rapid response and its willingness to engage constructively with DOJ and BIS were critical in securing a favorable outcome. By contrast, entities that hesitate or wait until enforcement authorities initiate contact risk forfeiting the benefits that voluntary self-disclosure is intended to provide, regardless of their cooperative posture thereafter.