Missing Link: Bridging the Gap Between Legal and Data Teams in Voluntary Self-Disclosures

  • septembre 29, 2025

While the tariff and trade war conversation has rightly captured the business world’s attention, the Trump administration has made a quieter but equally strong promise: export controls and sanctions violators can expect stiffer oversight, penalties and fines.1 To help obviate this risk, organizations have an increasing interest and responsibility to lead internal audits and, when appropriate, file voluntary self-disclosures (“VSDs”). These filings can significantly reduce penalties and reputational harm, but they can also bring unseen problems. A poorly executed VSD can intimate disorganization, undermine credibility or, worse, potentially create new legal exposure.

What many companies seem to underestimate, however, is the extent to which the success or failure of a VSD hinges not on legal analysis alone, but on the ability to gather, understand and present relevant data. Despite the best intentions of legal teams and their data colleagues, internal investigations often stall from fragmented systems and poor data accessibility. An intermediary role with deep regulatory insight – which may be a special internal project team, outside support or combination of both – is an essential conduit between compliance-driven data staff and legal advisors – without an effective translator, the message can easily get lost.

Enterprise resource planning (“ERP”) systems – especially across multinational corporations – are frequently decentralized, inconsistent or riddled with legacy gaps. Distorting things further, years of M&A-related activity can hamstring the fact-finding mission. Key data fields related to export activity may be incomplete, misclassified or stored across multiple incompatible systems. Critical details – like export classifications, destination country codes or license statuses – can be difficult to extract or verify. Legal departments, even with strong compliance experience, often lack the tools or access to efficiently retrieve and reconcile such information.

This disconnect between legal and data teams obscures and slows down investigations, distorts potential violations and jeopardizes the integrity of disclosures. Legal teams cannot build an accurate narrative or demonstrate good faith without data that are organized, reliable and thorough – all while armed with the regulatory knowhow to clearly convey findings with precision and confidence.

The answer isn’t simply asking more of legal or compliance staff, but instead about conceiving and generating a new kind of collaboration. Specifically, companies need professionals who operate at the nexus of regulatory knowledge and technical fluency. These intermediaries translate between legal requirements and operational data realities. They know how Export Administration Regulation (“EAR”), International Traffic in Arms Regulation (“ITAR”) and Foreign Direct Product Rule (“FDPR”) obligations are (or aren’t) reflected in ERP configurations. They can locate export-relevant records, trace transactions, identify anomalies and distill findings into formats suitable for VSD filings.

These roles are imperative. As regulatory attention and obligation escalate, legal teams must be able to do more than cite rules – they should be able to plainly demonstrate what’s happening and why. Agencies like the U.S. Bureau of Industry and Security expect submissions to reflect serious investigative effort and internal coordination. A disclosure built on fragmented data or vague timelines likely invites skepticism. Conversely, a disclosure that peeks around corners and is predicated on clean data, assiduous scrutiny and potential remediation measures reflects a mature compliance posture and, crucially, is more likely to be taken seriously.

Blurring things further, though, is the accelerating influence of artificial intelligence. AI tools can be of tremendous utility, propping up automated data sorting, communication analysis and pattern emergence in large datasets. But AI technologies themselves have quickly become subject to enhanced export control scrutiny. Data and legal cohorts must therefore not only understand how to use AI to enhance auditing, but also how to responsibly handle any associated regulatory risks.

These dynamics turn up pressure on legal departments – and reliance on ERP users – to act quickly, smartly and defensibly. As the urgency around policing export controls and sanctions violations intensifies against the backdrop of geopolitical tensions, the expectation for diligent VSDs will keep pace. Regulators increasingly expect to see legal, compliance, operations and IT functions in lockstep, drawing an unmistakable line from evidence to action.

To satisfy these expectations, organizations must be broad minded and invest in a sustainable approach. That begins by arming legal teams with access to technical expertise capable of both identifying and bridging data gaps. It also means establishing repeatable investigative frameworks anchored in clear workflows and cross-functional cooperation.

This doesn’t mean legal teams have to wear technology hats. But it does require them to lead with the understanding that comprehensive data are no longer peripheral to compliance, but central to it. Whether the issue involves misclassified exports, unlicensed shipments or a failure to screen end users, resolution hinges on the ability to marshal the full horizon of datapoints from within the company’s systems, however labyrinthine. Absent that, even the most well-crafted and -intentioned legal arguments will almost surely fall on their face.

This regulatory intermediary position has now become indispensable. These individuals are equipped to design and execute VSDs that are built not just on sound legal principles, but on auditable, complete information. Alongside system and application architects, they help locate and transform raw, inaccessible data into authentic, defensible narratives – ones that regulators can follow and trust.

Legal departments that embrace this model are better-positioned to act briskly, demonstrate full transparency and mitigate risk to business interests. Those that don’t adopt such a style may find themselves unable to quickly or accurately meet evolving enforcement standards. Perhaps worst of all, neglecting this approach could ultimately lead to a VSD that raises more questions than it answers.

In the current enforcement climate, knowing the guidelines isn’t enough. Legal advisors must be able to exhibit where and how the organization ran afoul of export controls and sanctions rules – and what’s being done to remedy missteps. That kind of rigor demands seamless collaboration across departments. The future of effective and responsible self-disclosure lies in dismantling silos and bridging the regulatory void between legal insight and operational data.

Footnotes:

1: Eric Rudolph, “Heightened Export Controls, Sanctions Enforcement in a Second Trump Administration,” FTI Consulting (June 16, 2025)

Related Insights

Date

septembre 29, 2025

temp Contacts

Eric Rudolph

Senior Managing Director

Most Popular Insights

  1. What Directors Think Report
  2. The Long Game on Tariffs
  3. U.S. Renewable Energy M&A: Review of 2024 and Outlook for 2025
  4. Healthcare M&A for 2025: Key Trends and Strategic Considerations
  5. AI Investment Landscape in 2025: Opportunities in a Volatile Market

Inscrivez-vous pour accéder à FTI Consulting Insights

S’abonner