Professional Service Advisers in the United Kingdom Under New Obligations to Report Suspicions of Financial Sanctions Breaches

by Satish M. Kini, Carl Micarelli, Alex Parker, and Konstantin Bureiko

On August 8, 2017, the United Kingdom (“UK”) broadened the obligation to report known or suspected financial sanctions breaches to apply to a range of professional service providers and certain businesses, including lawyers, external accountants and auditors. This reporting obligation reflects a wider trend of the UK government taking a more proactive approach to enforcing sanctions compliance.[1]

This reporting obligation is now similar in scope to the money laundering reporting obligations, as imposed by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.[2]

As well as impacting the internal compliance policies of professional services firms operating in the UK, this new obligation may also impact the dealings of their clients, particularly in a mergers and acquisitions context. It is also likely to significantly increase the number of reports made to the UK’s Office of Financial Sanctions Implementation (“OFSI”). Continue reading

The Growing Danger to Privilege in Investigations

 by Peter Pope, Kelly Hagedorn, Katie Gibbons and Tracey Lattimer

More than three decades ago, the U.S. Supreme Court held that memoranda and notes of interviews that lawyers conduct of a corporate client’s employees are generally protected from disclosure by both the attorney-client privilege and the attorney work-product doctrine.  See Upjohn co. v. United States, 499 U.S. 383 (1981).

In two recent cases, the English High Court of Justice ruled the opposite way under English law, holding that notes and interview memoranda created in internal investigations enjoyed no privilege protection at all.  Instead, both English judgments ordered the lawyers’ notes and interview memoranda to be turned over – in one instance to prosecutors and in another to private litigants.  See Serious Fraud Office v Eurasian Natural Resources Corporation Ltd [2017] EWHC 1017 (QB) (hereinafter “ENRC”); The RBS Rights Issue Litigation [2016] EWHC 3161 (Ch) (hereinafter “RBS”). Continue reading

The Business’s Role in Implementing Risk Based Compliance at Financial Institutions

By Robert W. Werner

The compliance infrastructure for managing financial crime risk at financial institutions is intended to be based on utilizing a risk-based, rather than rule-based, approach.  A risk-based approach seeks to allocate resources commensurate with varying risk levels, reflecting the fact that financial institutions cannot eliminate all the risk of illicit activity occurring within an institution without completely shutting down all of its business.  To optimize compliance, financial institutions must balance the need to provide legitimate and critical financial services and products with appropriate controls designed to mitigate the financial crime risk associated with those services and products to appropriate levels.

Where activity would violate law or regulation, the calculus is easy because the activity is simply prohibited.  However, most legitimate activity will necessarily allow for some level of risk that it may be abused by criminals to facilitate illicit conduct or to exploit products and services for illicit purposes. Arriving at the right balance within this context requires an understanding of the risks, what level of controls can reasonably be put in place to mitigate that risk, and then making judgments based on an institution’s tolerance for reputational, regulatory and operational risk, about whether to engage in the activity.  This last element, the exercise of judgment, must be arrived at within the framework of an institution’s risk appetite statement. Continue reading

UK Financial Conduct Authority Outlines Extension of Senior Managers and Certification Regime to All Regulated Firms

by Karolos Seeger, Andrew Lee, and Simon Witney

On 26 July 2017, the UK Financial Conduct Authority (“FCA”) issued its first consultation paper on extending the Senior Managers and Certification Regime (“SMCR”) to almost all of the approximately 50,000 firms regulated by the FCA.[1] The SMCR represents an important pillar of the FCA’s continuing efforts to promote individual responsibility and improve senior management accountability across the entire UK financial services industry. It will replace the current Approved Persons Regime.

The FCA has requested responses to the consultation paper by 3 November 2017, and there will be further consultation papers on particular aspects of the SMCR. It is anticipated that final rules will be published in the summer of 2018, and firms should expect to have to implement these by the end of next year. The SMCR has three main components: the Senior Managers Regime, the Certification Regime and the Conduct Rules. The key features of each are summarized below. Continue reading

President Trump Signs Sanctions Legislation Targeting Russia, North Korea and Iran, Creating New Compliance Risks for U.S. and Non-U.S. Companies

by Brad S. Karp, H. Christopher Boehning, Jessica S. Carey, Michael E. Gertzman, Roberto J. Gonzalez, Richard S. Elliott, and Karen R. King

Legislation Expands Primary and Secondary Sanctions and Limits Presidential Discretion

On August 2, 2017, President Trump signed into law H.R. 3364, the “Countering America’s Adversaries Through Sanctions Act” (“CAATSA” or the “Act”). CAATSA—which was passed overwhelmingly by the Senate and House of Representatives on a broad bipartisan basis[1]—significantly expands certain U.S. sanctions targeting Russia. The law also restricts President Trump’s ability to lift certain sanctions unilaterally, by including a congressional review mechanism that will allow Congress to potentially block the President from relaxing measures targeting Russia.  CAATSA also adds sanctions targeting North Korea, largely incorporating an earlier House bill, the “Korean Interdictions and Modernization of Sanctions (“KIMS”) Act.”  Finally, CAATSA codifies certain non-nuclear sanctions in place against Iran.  Many of the law’s sanctions are secondary sanctions, meaning that non-U.S. entities that engage in certain activities—even if such activities do not involve U.S. persons or the United States—may themselves be sanctioned by the United States.

While a number of the sanctions included in CAATSA are referred to as “mandatory,” it remains to be seen how certain provisions are enforced by the Trump Administration. As an initial matter, many of these provisions require the President to sanction individuals or entities only after he determines that they have engaged in certain activities, thus allowing the President to theoretically refrain from enforcing these sanctions by withholding certain determinations. Additionally, in signing the Act, President Trump released two signing statements, in which he noted his “concerns to Congress about the many ways [the bill] improperly encroaches on Executive power, disadvantages American companies, and hurts the interests of our European allies,” and his view that the “bill remains seriously flawed,” because it “encroaches on the executive branch’s authority to negotiate” and because “the Congress included a number of clearly unconstitutional provisions.”  President Trump stated that he would implement the statute’s restrictions “in a manner consistent with the President’s constitutional authority to conduct foreign relations.” [2]

We describe below CAATSA’s most significant provisions, and outline considerations for U.S. and non-U.S. companies seeking to mitigate their risks under the new legislation. Continue reading

Compliance and Legal Education: Reflections on the Transformative Potential

by Peter L. Lindseth

The proliferation of compliance programs in US law schools over the last several years responds to a fundamental shift in the market for law graduates. The last two decades have seen a dramatic increase in the number of jobs for in-house lawyers, far outpacing the growth in government or law firm positions over the same period. The expanding compliance demands on businesses have been a major contributor to that increase. Although today some argue that the growth may have peaked, there is no denying that law schools have needed to respond to the new reality.

The bottom-line is that a significant portion of today’s law school graduates will find themselves employed in compliance rather than in lawyer roles per se. And even if many graduates will still work as legal counsel in a more traditional sense (whether in-house or externally), their practices will almost certainly include, in important respects, involvement in compliance matters. What might these developments mean for legal education more generally? Continue reading

Corporate Compliance and the Legacy of Sarbanes Oxley

by Michael W. Peregrine

This year marks the fifteenth anniversary of the Sarbanes Oxley Act, enacted July 30, 2002, providing an important compliance-based teaching moment for both the governing board and executive management

As many lawyers and compliance professionals may recall, the law was enacted in response to the series of notorious and crippling accounting controversies that had occurred in prior months   involving such companies as Enron and WorldCom. The goals of the Act included efforts to enhance the reliability and transparency of public company financial statements.

That seminal legislation has had an enormous impact not only on the development of corporate compliance programs. It has also affected the board’s relationship to compliance, the role of ethics and “tone at the top” within an organization, the general counsel’s role with respect to compliance, and laws affecting both whistleblower activity, and various forms of obstruction of justice. Continue reading

A Different Kind of Dilemma

by Miriam Baer

Next October, the Supreme Court will hear oral argument in Digital Realty Trust, Inc. v. Somers. The case asks the Court to resolve whether the Dodd-Frank Act’s anti-retaliation protections for “whistleblowers” apply to those individuals who first report information solely to the SEC, or instead to the broader group of individuals who report information internally or other enforcement agencies before seeking out the SEC. As noted in an earlier post on this blog, circuit courts are split on the issue, and whereas the SEC itself has embraced the broader definition, Dodd-Frank’s explicit definitional language offers some room for doubt.

When the case does reach the Supreme Court, litigants favoring the broader definition presumably will portray what has now become the standard depiction of the whistleblower’s dilemma: An employee knows her bosses are cooking the books. She would like nothing to do with this sort of activity but she fears she will lose her job and be iced out of her industry if she says anything. Continue reading

Second Circuit Limits District Courts’ Supervision of Deferred Prosecution Agreements

by Brandon Fox and Natalie K. Orpett

The Second Circuit Court of Appeals has issued an important decision limiting district courts’ authority to supervise Deferred Prosecution Agreements (DPAs), a method companies and the Department of Justice (DOJ) frequently use to resolve criminal investigations.  Under DPAs, companies are charged with – but not convicted of – crimes, so long as they abide by the terms of the agreement.  In United States v. HSBC Bank USA, N.A., — F.3d –, 2017 WL 2960618 (2d Cir. July 12, 2017), the companies (collectively, HSBC) and DOJ agreed to a DPA based on HSBC’s alleged failure to prevent money laundering by Mexican drug cartels and violations of sanctions laws.

Under the terms of the DPA, HSBC consented to the appointment of a monitor who was to provide DOJ with periodic reports regarding HSBC’s compliance with the agreement.  After arraignment on the charges, DOJ and HSBC requested that the court grant an exclusion of time under the Speedy Trial Act, which was necessary so that HSBC could fulfill its obligations under the DPA rather than go to trial in 70 days.  As a condition to granting the motion, the district court ordered the parties to file quarterly reports apprising it of significant developments in HSBC’s efforts to comply with the DPA. Continue reading

Second Circuit Limits Judicial Scrutiny of Deferred Prosecution Agreements

by John F. Savarese, Ralph M. Levene, David B. Anders, Marshall L. Miller, and Christopher R. Deluzio

In an anticipated and important decision, the Second Circuit Court of Appeals overturned a district court’s order requiring the unsealing of an independent monitor’s report detailing HSBC’s compliance with a deferred prosecution agreement. United States v. HSBC Bank USA, N.A. (Nos. 16-308, 16- 353, 16-1068, 16-1094, July 12, 2017). In so doing, the Second Circuit substantially limited a district court’s power to scrutinize DPAs, thereby following a course similarly embraced by the D.C. Circuit (as discussed in our prior memo).

In the district court, Judge Gleeson granted the joint request by DOJ and HSBC to approve the DPA, subject to the Court’s ongoing oversight of the DPA’s implementation pursuant to the Court’s asserted “supervisory authority”—a decision we discussed in our earlier memo. As part of its oversight, the Court ordered the government to file under seal an independent monitor’s report, which eventually led to a member of the public requesting access to the report. Construing that request as a motion to unseal, the Court granted the motion, finding that the monitor’s report was a “judicial document” subject to the public’s qualified First Amendment right of access. The government and HSBC appealed. Continue reading