Is a European Anti-Corruption Prosecutor Needed?

by Jonathan J. Rusch

In a January 17 interview with the French news-magazine L’Obs, former French Prime Minister Bernard Cazeneuve argued that a European anti-corruption prosecutor is needed “to restore a balance, to correct the asymmetry of the Euro-Atlantic relationship in the fight against corruption from which European companies are currently suffering.”

In the interview, Cazeneuve — now a partner with the August Debouzy law firm specializing in compliance issues – stated that “it cannot be ruled out that in a context of rising protectionism under the Trump Administration, ‘compliance’ rules are also used to protect the economic and industrial interests of certain powers.  Faced with such a reality, it would be very naive not to seek to protect our own interests!”  At the same time, Cazeneuve said that “in a global economy, corruption is a long-term factor that impoverishes companies and distorts competition. Only the law can regulate what needs to be and create the conditions for a global level playing field. Preventing corruption in French companies is still the best way to protect them from the often intrusive procedures of U.S. prosecuting authorities.” Continue reading

How SEC Enforcement is Getting Back to Basics

by Russell G. Ryan

Since leaving the Securities and Exchange Commission in 2004, I’ve done my share of critiquing SEC enforcement policy. So it’s only fair, nearly two years into the tenure of current SEC leadership, to give credit where it’s due.

And as it happens, plenty of credit is due in at least six areas of SEC enforcement policy:

Better Accountability

About ten years ago, the SEC departed from historical practice by delegating to senior enforcement staff the commissioners’ legal responsibility for launching formal investigations and unleashing the power to issue subpoenas. Some of us publicly expressed concerns at the time about this dilution of political accountability, given the severe reputational harm and financial expense that can result from investigations, even if no wrongdoing is ever uncovered.  Continue reading

Microchipping Employees and Biometric Privacy Laws – It’s Time To Start Paying Attention

By Avi Gesser, David Popkin, and Michael Washington

Until recently, biometric privacy was a niche area of the law that had little application to most companies.  But with the rapid growth in commercial biometric data collection, including voice samples, fingerprints, retina scans, and facial geometry, as well as some recent developments in the applicable case law, it’s probably time for companies to start paying attention.  Indeed, one of our top privacy law predictions for 2019 was a judicial expansion of the notion of harm, which happened quicker than we anticipated in the context of gathering biometric data.

On January 25, 2019, the Illinois Supreme Court decided Rosenbach v. Six Flags Entertainment Corporation, 2019 IL 123186 (PDF: 61.7 KB), unanimously finding that plaintiffs could bring a private cause of action for violations of the notice and consent requirements of the state’s biometric privacy law without any showing of harm.  In Six Flags, a mother sued the owner of a theme park on behalf of her teenaged son after he was fingerprinted in connection with the purchase of a season pass to the park.  Neither the son nor the mother consented in writing to the taking of the fingerprint or signed any written release. Further, the park did not provide any documentation about their retention schedule or guidelines for retaining and then destroying the data.  The court found that individuals possess a right to privacy in and control over their biometric identifiers. Continue reading

How Understanding Organizational Culture Can Help Us Assess Compliance Programs

by Alison Taylor

In 2015, I undertook an extensive literature review and interviewed 23 anticorruption experts and practitioners to explore a simple question: What does organizational culture look like in a corrupt company? My work was a direct challenge to the long-dominant “bad apple” or “rogue employee” explanation of corporate wrongdoing, focusing instead on the organizational and team conditions that undermine integrity. Subsequent corporate scandals—for example, regarding fake accounts at Wells Fargo or car emissions at Volkswagen—have illustrated the importance of overall culture, rather than individual traits, in driving or undermining integrity. Regulatory interest in the importance of organizational culture has increased. This post will explore the implications of my research study for regulators who seek to evaluate compliance programs. Continue reading

Removing Implicit Bank Subsidies to Make the Financial System Fairer

by Sebastian Schich 

The views expressed within this post are those of the author alone and do not represent those of the OECD or its member countries.

A decade after the global financial crisis, most of the financial regulatory reform package to make the system stabler and fairer has been completed. The agenda is is now changing to evaluation of reform effects. This post draws on a recent article on implicit bank debt guarantees [1] and asks whether the progress in limiting them has made the financial system fairer.

The financial regulatory reform, designed and subsequently rolled out over the past decade following the global financial crisis, is explicitly described as an attempt to make the international financial system fairer. In defining what is involved in this goal, the Financial Stability Board (FSB),[2] an international body set up in April 2009 to monitor and make recommendations about the global financial system, refers to large banks at the centre of the financial system that did not internalize the social costs that their excessive risk-taking created. Gains of risk-taking activities were privatized and losses socialized. A fairer system involves funding conditions that are more closely aligned with the riskiness of the entities. In other words, there would be no room for implicit bank debt guarantees. Continue reading

State-Level Actors on the Frontlines of U.S. Cybersecurity and Data Privacy Regulation and Enforcement

by John F. Savarese, Marshall L. Miller, and Jeohn Salone Favors

While the General Data Protection Regulation (GDPR) significantly expanded the powers of European national data protection authorities in 2018, legislative and enforcement developments in the United States over the last year showcased the growing role and importance of state attorneys general and other state regulators in the realm of cybersecurity and data privacy.

In 2018, California passed a data privacy law akin to the GDPR and enacted legislation addressing internet-based bot activity and security of devices connected to the Internet of Things.  With passage of legislation in Alabama in March 2018, all 50 states now have data breach notification laws, with requirements as to notification content, timing, and recipients varying across jurisdictions.  And prescriptive cybersecurity regulations promulgated by New York State’s Department of Financial Services continued to take effect in rolling fashion.  Absent preemptive legislation at the federal level, where proposals are stalled in Congress, we can expect data protection and privacy laws and regulations to proliferate at the state level, as state legislatures and regulators vie for the mantle of lead cybersecurity enforcer. Continue reading

Fintech in 2019: Five Trends to Watch

by Steven Gatti, David Adams, Peter Chapman, Laura Nixon, Paul Landless, Jack Hardman, and Brian Harley

Technology continues to have an enormous impact on financial services and the pace of change shows no signs of abating. Following the bold predictions we made last year, we highlight the five stand-out trends for fintech in 2019.

1. CRYPTO CRACKDOWN

There has been massive growth in the market for cryptoassets such as Bitcoin and tokens issued in initial coin offerings (ICOs), but market participants have faced uncertainty as to whether cryptoassets may be regulated financial products (and subject to scrutiny by regulatory authorities). Enforcement investigations globally have largely focused on issues of fraud, but now, there’s a renewed focus on guarding the regulatory perimeter (i.e. ensuring businesses carrying on regulated activities have the appropriate authorisation) .  Disputes and enforcement cases are arriving in courts across the globe.

What’s next?

Continue reading

Maria Vullo Joins PCCE as Senior Fellow

The NYU School of Law Program on Corporate Compliance and Enforcement (PCCE) is pleased to announce that Maria Vullo ’87, former superintendent of the New York State Department of Financial Services (NYDFS), has joined PCCE as a senior fellow. 

Vullo served as superintendent of NYDFS for the past three years.  In that role, Vullo was responsible for the regulation and supervision of New York’s financial services industry, including New York State chartered banks, branches of foreign banks, and insurance companies and agents licensed to do business in New York.  During Vullo’s tenure as NYDFS Superintendent, she issued a nation-leading cybersecurity regulation applicable to all NYDFS regulated institutions; issued a first-in-the-nation transaction-monitoring regulation; resolved significant enforcement actions regarding violations of the Bank Secrecy Act, and anti-money laundering, sanctions and foreign exchange laws.

“Maria Vullo is a valuable addition to PCCE.  She brings the combined perspective of a law enforcement official, a regulator, and private practitioner to corporate compliance, just as she did with her nation-leading regulations at NYDFS,” said Professor Jennifer Arlen, founder and faculty director of PCCE.  Continue reading

UK Financial Conduct Authority Puts Heads of Legal Outside the Senior Managers Regime

by Karolos Seeger and  Andrew H.W. Lee

In a long-awaited but widely-expected development, the UK Financial Conduct Authority (“FCA”) has issued a new consultation paper[1] proposing that Heads of Legal do not need to be designated as Senior Managers under the Senior Managers Regime (“SMR”). Ever since the introduction of SMR in 2016, the FCA has delayed formally confirming whether heads of legal should be allocated the SMF18 role (Other Overall Responsibility Function).

The FCA came to its position in light of the potential difficulties created by legal professional privilege. A fundamental principle of the SMR is that if a firm breaches a FCA requirement, the Senior Manager responsible for that area can be held accountable if they did not take reasonable steps to prevent the breach from occurring (the so-called ‘Duty of Responsibility’). This could lead to a conflict of interest in which a Head of Legal wishes the firm to waive privilege to help him or her avoid personal liability, while being professionally obliged to advise the firm not to waive privilege where this is not otherwise beneficial for the firm. The FCA also explained that privilege would often restrict it from exercising its usual supervisory processes regarding Senior Managers to obtain documents and information from Heads of Legal, leaving little benefit in requiring them to be Senior Managers. Continue reading

AML Information Sharing in a Technology-Enabled and Privacy-Conscious World

by Kevin Petrasic, Paul Saltzman, Jonah Anderson, Jeremy Kuester, John Wagner, Rebecca Copcutt, and John Timmons

Financial firms play an integral role in preventing, identifying, investigating and reporting criminal activity, including terrorist financing, money laundering, and many other finance-related crimes. It is a critical role that depends on financial firms having the information they need to identify and report potentially suspicious activity and provide other relevant information to law enforcement. However, there are significant barriers to information sharing throughout the US anti-money laundering (“AML”) regime. These barriers limit the effectiveness of AML information sharing within a financial institution, among financial institutions, and between financial institutions and law enforcement.

Much has changed in the 17 years following the passage of the USA PATRIOT Act (“Patriot Act”), which, among other things, sought to enable greater information sharing among law enforcement, regulators and financial institutions regarding AML risks. Of note, Section 314(a) of the Patriot Act and its implementing regulations (“Section 314(a)”) enables federal, state, local and European Union law enforcement agencies to reach out to US financial institutions through the US Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) to locate accounts and transactions of persons that may be involved in terrorism or money laundering. Section 314(b) of the Patriot Act and its implementing regulations (“Section 314(b)”) provides a limited safe harbor for financial institutions to share information with one another in order to better identify and report potential money laundering or terrorist activities. Continue reading