Governance and Culture – The Conversation Boards are Having Now

by Ben Morgan and Holly Insley

Corporate governance has long been an area of focus for boards and recent proposals in the UK have ensured that this remains the case.

The Financial Reporting Council consulted in late 2017 on proposed changes to its Corporate Governance Code for quoted companies.  The final text of the changes is expected to be published this summer, for introduction in 2019. 

The focus on governance extends beyond the quoted company arena.  Legislation laid before Parliament in June 2018 will, amongst other things, require large UK private companies to disclose in their annual directors’ report details of the corporate governance arrangements they have operated during the previous year. At the same time, a consultation has been launched on proposed corporate governance principles for large private companies, which the government hopes will be adopted by those companies as an appropriate framework when complying with the new governance-related reporting requirement. Continue reading

FTC’s Cybersecurity Remedial Authority Limited

by David A. Katz, Marshall L. Miller, and Jonathan Siegel

The Eleventh Circuit Court of Appeals recently vacated a Federal Trade Commission cease-and-desist order that required a medical laboratory company to implement a “reasonably designed” cybersecurity program after customer data on the company’s systems were compromised.  LabMD, Inc. v. Federal Trade Commission.  The decision represents a judicial curb on FTC enforcement efforts seeking expansive cease-and-desist orders requiring companies to maintain “reasonable” or “appropriate” data security systems in the wake of cyber incidents. By limiting the FTC to orders that prohibit specific unfair conduct, or that require specific responsive remedial action, this ruling may alter the cyber enforcement landscape and affect the balance between the FTC and companies affected by cyber incidents. Continue reading

Supreme Court Rules That Costs of Internal Investigation Are Not Recoverable As Restitution under the Mandatory Victims Restitution Act of 1996

by Jessica S. Carey, Roberto Finzi, Michele Hirshman, Lorin L. Reisner, Richard C. Tarlowe, Christopher D. Frey, Nairuby L. Beckles, and David Giller

On May 29, 2018, in Lagos v. United States, the Supreme Court unanimously held that the Mandatory Victims Restitution Act of 1996 (the “MVRA”)[1] does not require a criminal defendant to pay the costs and attorneys’ fees associated with an internal investigation conducted by a corporate victim.[2] The Court left open the question of whether the MVRA extends to the costs of an internal investigation that is conducted at the government’s request or invitation. Continue reading

“Economic Growth, Regulatory Relief, and Consumer Protection Act” is Enacted

by Samuel R. Woodall III, Mitchell S. Eitel, Michael T. Escue, C. Andrew Gerlach, Camille L. Orme, Benjamin H. Weiner, and Michael A. Wiseman

Summary

Earlier today, President Trump signed into law the “Economic Growth, Regulatory Relief, and Consumer Protection Act,”[1] which provides certain limited amendments to the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”), as well as certain targeted modifications to other post-financial crisis regulatory requirements.  In addition, the legislation establishes new consumer protections and amends various securities- and investment company-related requirements.  The legislation, which enjoyed substantial bipartisan support, was adopted on May 22, 2018, in the U.S. House of Representatives, by a vote of 258 to 159, and in the U.S. Senate, by a vote of 67 to 31, on March 14, 2018.

The legislation preserves the fundamental elements of the post-Dodd-Frank regulatory framework, but it includes modifications that will result in some meaningful regulatory relief for smaller and certain regional banking organizations. Continue reading

Potholes in Compliance: Hidden Risks Under Rule 506(d)’s Bad Actor Disqualification

by Joshua Pirutinsky

I. Introduction

Sometimes the unexpected happens. But preparing for the unexpected is the essence of the compliance function. The failure to effectively prepare for risks unrelated to your core business can be disastrous.  A seemingly innocuous compliance breach could disqualify your firm from participating in a private offering of securities under Rule 506(d), known as the “Bad Actor” Disqualification.   Being a Bad Actor can have detrimental, if not fatal, consequences for your firm – hence the critical importance of making known certain unknowns. Continue reading

Banking Regulators’ Examination Authority Does Not Override Attorney-Client Privilege

by Cleary Gottlieb Steen & Hamilton LLP, Covington & Burling LLP, DavisPolk, Debevoise & Plimpton, Simpson Thacher & Bartlett LLP, Sullivan & Cromwell LLP, and Wilmer Cutler Pickering Hale and Dorr LLP

MEMORANDUM[1]

RE: Bank Regulators’ Legal Authority to Compel the Production of Material That Is Protected by Attorney-Client Privilege

I. Introduction

The attorney-client privilege (the “Privilege”) is deeply enshrined in the common law.[2] In protecting the confidentiality of communications between lawyers and their clients, the Privilege both bars the admission of such communications as evidence in legal proceedings and insulates the communications from compelled disclosure by government authorities. Accordingly, absent an explicit exception, neither courts nor government authorities may require a client or the client’s lawyer to produce or reveal privileged information. Continue reading

DOJ Calls Foul On Duplicative Corporate Penalties

by Pablo Quiñones

Corporate misconduct allegations often result in investigations by multiple agencies, including foreign, federal, state, and local authorities.  Without proper coordination, companies risk being hit with duplicative penalties for the same misconduct.  Duplicative corporate penalties can be avoided, but coordinating a corporate resolution with multiple authorities is hard to navigate. 

Within the United States, federal prosecutors often have overlapping jurisdiction with other federal criminal and civil prosecutors, federal and state regulators, and local prosecutors.  In international investigations, federal prosecutors also have to cooperate with foreign authorities with overlapping jurisdiction.  All of these players can have a legitimate interest in protecting the public from economic crimes.  Regulatory competition, however, often leads government authorities to want to take the lead over other authorities.   Other times, government authorities jump from the sidelines onto the field of play when a corporate resolution is near and refuse to leave the field without a share of the penalties.  A coordinated resolution is difficult to achieve in either case.  In the end, the overlapping jurisdiction and regulatory competition can either lead to (1) each authority “piling on” their share of penalties or (2) a coordinated resolution that identifies the collective harm caused by the company’s misconduct, the appropriate penalties for that harm, and the fair allocation of the penalties among the interested government players. Continue reading

Disgorgement After Kokesh – Evidence from SEC Insider Trading Actions (FY2005-FY2015)

by Verity Winship

For about 50 years – at least since Texas Gulf Sulphur – the SEC has ordered defendants to disgorge their profits from transactions that violated the securities laws.  Despite disgorgement’s long history, in its 2017 opinion in Kokesh v. SEC, the US Supreme Court put two aspects of the remedy on the table.  It applied a five-year statute of limitations to disgorgement.  It also reopened old debates over agencies’ power to seek remedies not specified in statute.  My article, Disgorgement in Insider Trading Cases: FY2005-FY2015, provides data to inform these debates over the agency’s use of disgorgement and the effects of Kokesh.  It reports the results of an empirical study of ten years of the remedies ordered by the SEC in insider trading actions, with particular emphasis on the agency’s reliance on disgorgement.  Continue reading

Extending the “Failure to Prevent” Model of Corporate Criminal Liability in the UK

by Liz Campbell

Prosecuting corporate criminality is not straightforward. As a result of these difficulties, the UK Parliament is turning to an indirect form of corporate criminal liability: the Bribery Act 2010 introduced the corporate offence of failure to prevent bribery (FtPB), and this provision has been emulated with respect to the failure to prevent the facilitation of tax evasion in the Criminal Finances Act 2017.  

In brief, a relevant commercial organisation (C) is guilty of FtPB if a person associated with C bribes another person with the intention of obtaining or retaining business or an advantage for C.  An ‘associated’ person is an individual or body who ‘performs services’ for or on behalf of the organisation, and this definition was framed broadly intentionally.[1]  Crucially, the corporate entity can rely on the section 7(2) defence that it had “adequate procedures” in place designed to prevent persons associated with it from bribing. Continue reading

English High Court Considers Status of Internal Investigation Interview Notes

by Karolos Seeger, Andrew Lee, and Robin Lööf

In R (AL) v Serious Fraud Office,[1] the English High Court considered the SFO’s obligations to individuals prosecuted following the deferred prosecution agreement (“DPA”) in July 2016 with a company anonymised as “XYZ Ltd”. The Court’s decision is likely to force the SFO to adopt a much more aggressive approach in relation to company counsel’s notes of interviews conducted during a company’s internal investigation. In particular, when those interview notes are potentially relevant to the defences of individuals being prosecuted, this judgment is likely to lead to the SFO putting further pressure on companies to produce the notes, through court proceedings if necessary. We analyse these and other issues covered by the judgment below. Continue reading