CFTC Releases New Enforcement Cooperation Guidelines

by Richard D. Owens and Douglas K. Yatter

On January 19, 2017, the Division of Enforcement (Division) of the U.S. Commodity Futures Trading Commission (CFTC or Commission) issued two Enforcement Advisories outlining its approach for evaluating cooperation by corporations and individuals in the agency’s investigations and enforcement actions. The Division investigates and prosecutes alleged violations of the Commodity Exchange Act and Commission regulations involving registered firms and other market participants across the financial, energy, and agricultural sectors as well as other commodities markets. The new Enforcement Advisories are the first update to the CFTC’s corporate cooperation guidelines since 2007 and the Division’s first statement of its policy for cooperating individuals. This article highlights how the CFTC’s new cooperation guidelines address certain important issues in the continually evolving landscape for engaging with civil and criminal enforcement authorities. Continue reading

Third Circuit Finds FCRA Violation Alone Confers Standing for Data Breach Suit

by Thomas P. Kurland and Michael F. Buchanan

The United States Court of Appeals for the Third Circuit recently ruled that a data breach class action may proceed on the basis of a Fair Credit Reporting Act (FCRA) violation alone, even where the putative class members do not allege that they were actually harmed by the breach.  The ruling, which both relies on and distinguishes the Supreme Court’s recent analysis of FCRA standing in Spokeo v. Robins, suggests that at least in the Third Circuit, “injury” from a data breach may be presumed from the fact of the breach itself.  This, in turn, could have the effect of expanding potential liability for any consumer-facing entity that suffers a breach.

The case, In re: Horizon Healthcare Services Inc. Data Breach Litigation, stems from a theft of two laptop computers in November 2013 from Horizon, a New Jersey health insurer with over 3.7 million members.   Continue reading

An Even More Powerful DFS?

 by Andrew Hruska and Kyle Sheahen

Since its birth in 2011 from the combination of the Banking and Insurance Departments, the New York State Department of Financial Services (DFS) has used all of its statutory powers —and then some—to magnify its supervision of financial companies operating in New York State.  A state regulatory agency, DFS has become an extremely active investigator of financial misconduct and, based on the strength of those investigations, has collected over $7.5 billion in fines since 2011.  At the same time, DFS has forced to defend certain actions in court, such as when its Superintendent was sued in 2014 by AIG on constitutional grounds, (See Complaint, Am. Int’l Group. v. New York Dep’t of Fin. Serv., No. 14 Civ. 2355 (AJN) (S.D.N.Y. June 2, 2014)).  Although the suit was resolved with a payment by AIG, the matter nonetheless demonstrated that there may be some practical limits to DFS’s asserted powers.

The latest development came last month on January 17, when Governor Cuomo released the proposed state 2017-18 Executive Budget.  The Budget contains some singular proposed legislation that would meaningfully expand DFS’s powers to enforce its decisions on its own in the state courts and to increase penalties on insurers. Continue reading

The ALJ Circuit Split: Fair Reading or Subjective Evaluation

by Gregory Morvillo

I find it fascinating when two people look at the same thing and come to completely different conclusions about it.  OK … maybe fascinating is too strong a word, but it is interesting that two people can see the exact same thing and disagree on what it means.  One might look at an impressionist painting and say “it’s a masterpiece” while another says “it’s garbage.”  One might read a book and believe it inspired them and another might say it inspired them to vomit.  And on it goes.  Mostly, I think these things boil down to personal preference, emotional connection, and other subjective ways of evaluating things.

But what about something that should be devoid of subjective viewpoints and emotional connections?  For example, what about caselaw?  Surely, judges, particularly circuit court judges, try to view things dispassionately and objectively.  And yet, we still have circuit splits.  Some of this can be explained if there is no definitive interpretation of a law floating around.  But what about when the Supreme Court has spoken on an issue? In that case, no circuit split should exist.  And yet, it happens.

One such issue is important to those who find themselves in front of one of the SEC’s administrative law judges (“ALJ”).  Now, before we go on, I must disclose that I find the whole ALJ process at the SEC to be one-sided and unfair.  The number of wins the SEC has on its home-court makes them harder to beat than the New England Patriots. The fact that the Commission, the same entity, that made the decision to charge a defendant, is the same body  that hears the initial appeal feels patently  unfair.  Continue reading

UK’s Financial Conduct Authority and Prudential Regulation Authority Announce Changes to Enforcement Processes

by Karolos Seeger and Andrew Lee

OVERVIEW

On 1 February 2017, the UK’s financial regulators, the Financial Conduct Authority (“FCA”) and the Prudential Regulation Authority (“PRA”), published a policy statement outlining a number of reforms which are intended to improve the transparency, fairness and speed of their enforcement decision-making procedures. This follows a consultation paper in April 2016 setting out how the regulators proposed to implement HM Treasury’s recommendations from a review in 2014 and Andrew Green QC’s 2015 report into enforcement actions after the collapse of HBOS. Many of the changes only apply to the FCA’s enforcement process; the PRA will publish a guide to its enforcement process later this year. The substantive amendments affect only guidance issued by the FCA (the Enforcement Guide and the Decision Procedure and Penalties Policy), not binding FCA rules. The policy statement also indicates that there will be further consultation papers in relation to the Enforcement Guide and the FCA’s penalties policy. In general, the reforms relating to settlements and references to the Upper Tribunal will come into effect on 1 March 2017, while the remaining reforms are effective immediately. The key changes are summarized below. Continue reading

The Missing Account of Progressive Corporate Criminal Law

by William S. Laufer

This is a good time to revisit the normative, doctrinal, and policy-laden foundations of the corporate criminal law. With a new administration in the White House calling for a repeal of the costliest of corporate regulations and legislative reforms, it is tempting to speculate about the changing role of corporate compliance, and whether there will be much support for resort to corporate criminal liability. In a draft working paper entitled The Missing Account of Progressive Corporate Criminal Law, I contrast the constituent positions taken on corporate criminal liability, and propose one that is distinctly progressive. Continue reading

Is Corporate Responsibility for Human Rights the Next Anticorruption?

by Steve Nickelsburg, David DiBari and Rebecca Hekman

The international legal obligation to protect human rights has long been understood to be the province of sovereign states, not of corporations or individuals.  In the United States, litigation against corporations invoking statutes such as the Alien Tort Statute, the Torture Victim Protection Act, and the Trafficking Victims Protection Act has blurred that line – providing private plaintiffs a cause of action to address alleged human rights violations in a variety of circumstances.

The nuance of that litigation would take numerous additional posts to cover, but even against that backdrop, for corporations the general requirement to respect human rights traditionally has been more a matter of social expectation than legal and regulatory requirements, falling under the rubric “corporate social responsibility” (“CSR”) rather than “hard law.” Continue reading

Mitigating the Risk of Cybersecurity Whistleblowing

by Evan Bundschuh and Dallas Hammer

This post is the second part of a two-part post by the authors, entitled The Rise of Cybersecurity Whistleblowing.

Companies seeking to mitigate that risk of cybersecurity whistleblowing through insurance face a unique set of challenges. Cyber whistleblower claims fall in an area somewhere between cyber and D&O insurance, and poorly structured policies will yield little to no coverage. Organizations that have placed both policies nonetheless will likely assume that they have performed their due diligence and that coverage is in place for claims at time of loss. However, affording broad coverage for even standard whistleblower claims can be difficult. Continue reading

Responding to Pushback, New York Regulators Revise Proposed Cybersecurity Regulations

courtesy of John F. Savarese and Marshall L. Miller

Last fall, with some fanfare, the New York State Department of Financial Services (DFS) announced proposed cybersecurity regulations. As we previously reported, in a break from prior, high-level standards, the proposed regulations shifted toward a more prescriptive approach, mandating specific policies, onerous government notification requirements, and hands-on oversight from corporate leaders. Commentators and financial industry groups pushed back during the comment period. In response, on December 28, 2016, DFS released revised regulations, which, subject to further comment, will now become effective on March 1, 2017. Continue reading

What Does It Mean to be a Monitor? (Revisited)

by Daniel R. Alonso

In a post on this site last fall, Prof. Veronica Root asked “What Does It Mean to be a Monitor?”[1] The point of her piece was to explain how the term “monitor” describes a number of activities and assignments that can be quite different from one another. Prof. Root’s post faithfully described different monitorship models, from court-ordered monitorships to corporate compliance monitorships. But the otherwise excellent post did not touch on a key piece of the monitorship puzzle—proactive monitorships, created in the absence of an action or settlement as a prophylactic against wrongdoing—without which any discussion of monitorships is incomplete.

Proactive monitors, sometimes called “integrity monitors” or in some contexts “independent private sector inspectors general,” play an important and growing role in the world of monitorships. A recent high-profile example is New York Times reporter Andrew Ross Sorkin’s open letter to President-elect Donald Trump, in which he suggested that if Mr. Trump did not place his assets in a blind trust, one way for him to ease concerns about potential conflicts of interest posed by his business empire would be to engage a corporate monitor to examine and report on such conflicts.[2] Such a monitor would, of course, have to be “truly independent.”[3]

Continue reading