Responding to Pushback, New York Regulators Revise Proposed Cybersecurity Regulations

courtesy of John F. Savarese and Marshall L. Miller

Last fall, with some fanfare, the New York State Department of Financial Services (DFS) announced proposed cybersecurity regulations. As we previously reported, in a break from prior, high-level standards, the proposed regulations shifted toward a more prescriptive approach, mandating specific policies, onerous government notification requirements, and hands-on oversight from corporate leaders. Commentators and financial industry groups pushed back during the comment period. In response, on December 28, 2016, DFS released revised regulations, which, subject to further comment, will now become effective on March 1, 2017. Continue reading

What Does It Mean to be a Monitor? (Revisited)

by Daniel R. Alonso

In a post on this site last fall, Prof. Veronica Root asked “What Does It Mean to be a Monitor?”[1] The point of her piece was to explain how the term “monitor” describes a number of activities and assignments that can be quite different from one another. Prof. Root’s post faithfully described different monitorship models, from court-ordered monitorships to corporate compliance monitorships. But the otherwise excellent post did not touch on a key piece of the monitorship puzzle—proactive monitorships, created in the absence of an action or settlement as a prophylactic against wrongdoing—without which any discussion of monitorships is incomplete.

Proactive monitors, sometimes called “integrity monitors” or in some contexts “independent private sector inspectors general,” play an important and growing role in the world of monitorships. A recent high-profile example is New York Times reporter Andrew Ross Sorkin’s open letter to President-elect Donald Trump, in which he suggested that if Mr. Trump did not place his assets in a blind trust, one way for him to ease concerns about potential conflicts of interest posed by his business empire would be to engage a corporate monitor to examine and report on such conflicts.[2] Such a monitor would, of course, have to be “truly independent.”[3]

Continue reading

Proactive Insider Trading Compliance Procedures After Salman

by Michael C. Neus

In light of the recent unanimous Supreme Court decision in Salman v. United States, savvy investors can assume that the Securities and Exchange Commission, as well as the Department of Justice, will continue to seek out cases of insider trading.  Much has been written about whether or not Salman dramatically changed the jurisprudence existing prior to the Second Circuit’s opinion in United States v. Newman.  Whether or not the landscape has changed in the wake of the Salman decision, how can in-house counsel and compliance officers manage and avoid potential insider trading issues? Continue reading

Securities Litigation Update: Circuit Court Split over the Constitutionality of SEC Administrative Law Judges Tees Up Issue for the Supreme Court

courtesy of Greg D. Andres and Martine M. Beamon

The Tenth and D.C. Circuit Courts of Appeal have come to opposite conclusions in response to constitutional challenges to the Securities Exchange Commission’s (the “SEC’s”) appointment of Administrative Law Judges (“ALJs”). As detailed in our prior client alert, securities defendants across the country have contended that ALJs are inferior officers who were not appointed according to the Appointments Clause in Article II of the Constitution. The issue initially appeared settled when the D.C. Circuit held in Lucia v. SEC,[1] that ALJs were not officers subject to the requirements of the Appointments Clause.  But, on December 27, 2016, the Tenth Circuit decided in Bandimere v. SEC[2] that ALJs were indeed inferior officers and therefore were in violation of the Appointments Clause. The Tenth Circuit’s ruling, if ultimately upheld, has implications for pending and prior SEC actions, and may lead to similar questions about other agencies’ administrative law judges. Given the circuit split, the constitutionality of the SEC’s ALJ appointment process may be headed to the Supreme Court. Continue reading

Four Important Dodd-Frank Whistleblower Program Developments to Watch for in 2017

by Erika A. Kelton

2016 was a banner year for the Dodd-Frank Act’s most significant anti-fraud enforcement provisions: the whistleblower programs at the Securities and Exchange Commission and the Commodity Futures Trading Commission.

In the five years since these programs were established, whistleblowers have rapidly changed the global securities and commodities compliance landscape. The success of the Dodd-Frank whistleblower programs can be attributed largely to the significant actions the SEC and CFTC have taken that signal that whistleblowers will be rewarded and protected for their information and assistance.

As a result of the SEC whistleblower program, more than $874 million in financial remedies have been collected from companies in financial penalties and disgorgement since the program was established in 2011. Because the totals attributed to the whistleblower program are only reported after a whistleblower award has been made, the reported totals lag behind the amounts actually recovered. I believe that the actual amounts the SEC has recovered by virtue of whistleblower information exceed $1.5 billion.

Last year, the SEC surpassed the $130 million mark in total awards paid to whistleblowers. The SEC also set a new bar for whistleblower protection, demonstrating that it will go after companies that retaliate against whistleblowers or have severance or confidentiality agreements that aim to discourage employees from reporting wrongdoing to government enforcement agencies.

The CFTC, meanwhile, paid out in 2016 its largest ever award — $10 million — to a single whistleblower.

With that momentum, 2017 is shaping up to be another transformative year for these programs. Here’s what to expect: Continue reading

The Rise of Cybersecurity Whistleblowing

by Dallas Hammer and Evan Bundschuh

Your company’s security controls are lacking, and a high level employee in IT is naturally worried – he’s addressed his concerns a number of times. Employees are regularly transmitting unencrypted information, sharing passwords and using non-compliant cloud services to share data and sensitive client side IP. This doesn’t seem overly alarming, we’ve all made similar mistakes, so the comments fall on deaf ears and operations continue. A few months later however the employee becomes increasingly vocal so senior management decides to let him go. Problem solved. Or…the problem might just be beginning.

Companies that ignore (and retaliate against) employees who address cybersecurity vulnerabilities can face significantly increased liability resulting from a new breed of whistleblower claims – cyber whistleblowing. With cyber regulatory oversight increasing at a rapid rate, these claims are poised to increase as well. While no federal laws specifically protect cybersecurity whistleblowers, existing anti-retaliation provisions are often broad enough to cover employees who raise information security concerns.  Most notably, federal statutes prohibiting retaliation against corporate whistleblowers and employees who report misconduct in connection with federal funds, as well as state wrongful discharge actions, may apply to cybersecurity whistleblowers. Continue reading

Key Trends in SEC Enforcement from FY2010-FY2016

by Anat Carmy-Wiechman

While numbers are a small part of the story, in the last three fiscal years, we have brought record numbers of enforcement actions, obtained unprecedented monetary remedies in the billions of dollars, and returned hundreds of millions of dollars to harmed investors”

Mary Jo White, SEC Chair, in recent talk at NYU

Are numbers a small part of the story? As Mary Jo White is stepping down from her post in January 2017, after almost four years at the SEC, now is a good time to look at the numbers and at the story they are telling. In a new report, the NYU Pollack Center for Law & Business, in collaboration with Cornerstone Research, investigated recent trends in enforcement via the Securities Enforcement Empirical Database (SEED). Continue reading

The (Il)legitimacy of Compliance?

by Donald C. Langevoort

Each new compliance scandal triggers something of a “what were they thinking” response among those who consider it self-evident that sensible people inside a business organization would try hard to avoid behaviors that can bring such serious legal and reputation harm.  So it is with the current subject of fascination, Wells Fargo. “Salespeople” (many of whom were branch employees serving customers’ basic banking needs) created millions of unauthorized customer accounts of various sorts in order to generate fee revenues.  While some corporate legal violations are implicitly blessed from above because any sanctions can be seen as just the cost of doing business, such was probably not the case here.

To me (working only from official documents and press reports, which admittedly never give the whole story), Wells Fargo probably illustrates a few points consistent with the emerging research in what is becoming known as behavioral compliance. Continue reading

English High Court Rejects Claims of Privilege Over Internal Investigation Interview Notes

by Karolos Seeger, Alex Parker and Andrew Lee


In a judgment last week, the English High Court ruled that notes, transcripts and records of interviews prepared by lawyers during an internal investigation are not covered by legal advice privilege.  While the decision may be appealed (RBS has indicated that it intends to seek permission to appeal), it potentially has important implications for companies and their lawyers when internal interviews and investigations are being conducted, even when external counsel are retained. Continue reading

US v. Newman – Not Quite Dead Yet

by Gregory Morvillo

In 1857 a United States newspaper announced Mark Twain’s death and printed his obituary.  When Twain learned of his passing, legend has it he quipped “Reports of my death have been greatly exaggerated.”  Twain’s supposed quote applies with equal force to the reports floating around the legal community that United States v. Newman met an untimely demise this week.  In both cases, contrary to what some people thought, Twain and Newman at the time of their reported deaths remained very much alive.

Last week the Supreme Court handed down a unanimous opinion in United States v. Salman.  It was a highly anticipated opinion by those of us who follow the evolution of insider trading law … and yes I recognize that following insider trading law is, at the least, a little bit geeky.  Nevertheless, many observers eagerly awaited the Supreme Court’s ruling.  As it turned out, the ruling was kind of a dud. Continue reading