Author Archives: Alexandra Andrei

Empirical Data Supports Efforts to Reform Internal Corporate Whistleblower Protections

by Stephen M. Kohn, Alyce Petit, Kate Reeves, and Geoff Schweller

Photos of the authors

Left to Right: Stephen M. Kohn, Alyce Petit, Kate Reeves and Geoff Schweller (photos courtesy of authors)

Corporate whistleblowers who report through internal compliance channels face higher rates of retaliation than those who report externally to the government, according to research published in a working paper on the Social Science Research Network (SSRN).

An analysis of 8-years worth of Dodd-Frank Act and Sarbanes-Oxley Act (SOX) whistleblower retaliation cases found that over 90% of the cases involved internal whistleblowers.

These findings are of particular importance in light of Congressional efforts to amend the Dodd-Frank Act to extend anti-retaliation protections for internal whistleblowers. They also validate the importance of regulations by the U.S. Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) that explicitly do not require whistleblowers to make internal reports prior to qualifying for a reward under the Dodd-Frank.

Continue reading

FTC Cracks Down on Mass Data Collectors: A Closer Look at Avast, X-Mode, and InMarket

by Staff at the Federal Trade Commission

Federal Trade Commission

Three recent FTC enforcement actions reflect a heightened focus on pervasive extraction and mishandling of consumers’ sensitive personal data.

Proposed Settlements with Avast[1], X-Mode[2], and InMarket[3]

In mid February, the FTC announced a proposed settlement to resolve allegations that Avast, a security software company, unfairly sold consumers’ granular and re-identifiable browsing information—information that Avast amassed through its antivirus software and browser extensions after telling consumers that Avast’s software would protect their privacy, and that any disclosure of their browsing information would only be in aggregate and anonymous form.

In January of this year, the FTC announced proposed settlements with two data aggregators, X-Mode Social and InMarket, to resolve a host of allegations stemming from how those companies handled consumers’ location data. Both companies, the FTC alleged, collected precise location data from consumers’ phones through the data aggregators’ own mobile apps and those of third parties (via software development kits, or “SDKs,” provided by the data aggregators). X-Mode, the FTC alleged, sold consumers’ location data to private government contractors without first telling consumers or obtaining consumers’ consent to do so. And InMarket, the agency alleged, used consumers’ location data to sort them into particularized audience segments—like “parents of preschoolers,” “Christian church goers,” “wealthy and not healthy,” etc.—that InMarket then provided to advertisers.

Continue reading

DOJ Continues to Modernize its Criminal Antitrust Enforcement Strategy

by Richard A. Powers

(Photo courtesy of the author)

Over the past few years, the Justice Department has been hard at work on a comprehensive update to the way it detects, investigates, and prosecutes price-fixing cartels. Several recent announcements, including at last week’s ABA White Collar Conference, preview the DOJ Antitrust Division’s next steps in this generational shift—the goals of which are to refine disclosure incentives, promote individual accountability, and obtain trial convictions.

First, on March 7, 2024, Deputy Attorney General Lisa Monaco announced the DOJ is kicking off a 90-day whistleblower “policy sprint”; the finish line is a new program to complement existing regulators’ programs, rewarding qualifying whistleblowers for bringing non-public, previously unknown misconduct to the DOJ’s attention. The Antitrust Division has long sought to encourage individual self-reporting as a complement to its corporate VSD policy, so expect that this initiative will aim to improve that incentive structure. Next, the DOJ updated the Justice Manual to incorporate the M&A safe harbor policy that it announced last fall. Notably for antitrust practitioners, the JM updates included changes to the Antitrust Division’s leniency policy that provide much-needed clarification on how companies that detect potential collusion at an M&A target can avoid inheriting those liabilities by promptly reporting to DOJ. Third, senior Antitrust Division officials continue to emphasize that they are focused on developing investigations through affirmative investigative techniques, such as wiretaps and whistleblowers.

Continue reading

FCC Ruling on AI-Facilitated Fraud Illustrates the Need for Forward-Looking Enterprise Risk Management

by William Savitt, Mark F. Veblen, Noah B. Yavitz, and Courtney D. Hauck

From left to right: William Savitt, Mark F. Veblen, Noah B. Yavitz, and Courtney D. Hauck (Photos courtesy of Wachtell, Lipton, Rosen & Katz)

In response to a recent boom in AI-powered robocall scams, the U.S. Federal Communications Commission announced yesterday a Declaratory Ruling confirming that the Telephone Consumer Protection Act, which regulates telemarketing and robocalls, also applies to calls using AI-generated voices. Other federal agencies and state legislatures have similarly moved to police the use and abuse of audio “deepfakes” — in which widely available tools can be used to generate realistic voice simulations from brief recordings. As technology continues to outpace regulation, boards must embrace a proactive approach to risk management, accounting for AI’s capacity to compromise long-standing practices in cybersecurity and internal controls.

Continue reading

The 2nd Annual Charlotte E. Ray Lecture: Reflections on Diversity, Equity, and Effective Compliance

by Carolyn R Pautz, PhD

Photo courtesy of the author

On February 7th, Howard University School of Law, working with Steve Solow (Baker Botts), Preston Pugh (Crowell & Moring), and Ben Wilson (Beveridge and Diamond), hosted the 2nd Annual Charlotte E. Ray Lecture.  The program featured keynote speeches by Acting Assistant Attorney General Nicole Argentieri, former Attorney General Loretta Lynch, and panels with esteemed members of the Department of Justice, U.S. Attorney’s offices, and private practice.  The event provided an intimate look into the career trajectories of the speakers, the impact that the totality of their lives has played in their career and the influence of their personage on their respective communities.  Most pertinent to this piece, which focuses on diversity of compliance teams as a central factor in effective risk management, the event emphasized two broad themes: first, the importance of cultivating and carrying forward a sense of service and responsibility towards one’s community; and second, that in order to understand the difference one can make as they advance in the field of law, individuals need to ask themselves why their presence in a particular role matters uniquely.  Below, these themes are extrapolated to trace the relationship between diversity (including age, gender, race, and ethnicity), universal (or communal) norms, individual determination of what is “good” and “right”, and effective compliance programs. 

Continue reading

White-Collar and Regulatory Enforcement: What Mattered in 2023 and What to Expect in 2024

by John F. Savarese, Ralph M. Levene, Wayne M. Carlin, David B. Anders, Sarah K. Eddy, Randall W. Jackson, and Kevin S. Schwartz

Photos of Authors

Top left to right: John F. Savarese, Ralph M. Levene, Wayne M. Carlin, and David B. Anders.
Bottom left to right: Sarah K. Eddy, Randall W. Jackson, and Kevin S. Schwartz. (Photos courtesy of Wachtell, Lipton, Rosen & Katz)

This past year was yet another notable and intensely active one across the entire range of white-collar criminal and regulatory enforcement areas. We heard continued tough talk from law enforcement authorities, especially concerning the government’s desire to bring more enforcement actions against individuals and on the need to keep ramping up corporate fines and penalties. The government largely lived up to its talking points about increasing the numbers of individual prosecutions and proceedings, particularly with respect to senior executives in the cryptoasset industry. But there were some notable stumbles. The most striking example of this was DOJ’s failure to secure convictions in cases where it attempted to extend criminal antitrust enforcement in unprecedented areas, such as no-poach employment agreements and against certain vertical arrangements—neither of which has historically been viewed as involving per se violations of the federal antitrust laws. And, as in years past, many state attorneys general remained active throughout 2023, using broad state consumer-protection statutes to bring blockbuster cases across a wide array of industries, from ridesharing and vaping to opioids and consumer technology offerings.

Continue reading

How to Avoid Risk of SEC Whistleblower Rule Violations in Connection with Settlement Agreement Confidentiality Provisions

by Tami Stark and Joel M. Cohen

Photos of authors

Tami Stark and Joel M. Cohen (Photos courtesy of White & Case LLP)

The SEC levied charges against a registered broker-dealer and investment adviser that expand the enforcement of the whistleblower protection rule to encompass settlement agreements with clients.[1] This article should be instructive for other registered entities seeking to avoid rule violations when drafting such agreements.

As of the end of the 2023 fiscal year, the SEC has brought twenty-one enforcement actions involving violations of Rule 21F-17 since the Dodd-Frank Act empowered the SEC with the ability to bring actions against persons, including companies, for impeding reports to the SEC.[2] Last year, these actions arose primarily from employment-related agreements that violated the Rule.[3] For example, in September of 2023, the SEC levied a $10 million civil penalty against an investment adviser for using employee agreements that prohibited the disclosure of “confidential information” unless authorized by the company or required by law or an order of a court or other regulatory or governmental body.[4]

Continue reading

Real-Time Deepfakes May Necessitate Enhancements to Wire Transfer BEC Policies

by Charu ChandrasekharLuke DemboskyAvi GesserErez LiebermannMatt Kelly and Karen Joo  

Photos of the Authors

Left to right: Charu Chandrasekhar, Luke Dembosky, Avi Gesser, Erez Liebermann, Matt Kelly and Karen Joo. (Photos courtesy of Debevoise & Plimpton LLP)

The following scenario is no longer science fiction: An employee receives an email from the CEO asking her to join a video call. The CEO directs the employee to send confidential documents to a third party. The request is unusual, but the employee saw the CEO with her own eyes, so she complies. It turns out, however, that it was a real-time deepfake and not the real CEO who gave the instructions on the video call.

We’ve previously written about business email compromise (“BEC”) and wire transfer fraud scams, and the various measures that companies can implement to reduce the associated risks. But in light of recent developments in deepfake technologies, and their increasing use as part of BECs, companies should consider revisiting their BEC mitigation strategies because some existing BEC policies may no longer be sufficient to address these emerging threats.

Continue reading

The Year That Was: Key Cybersecurity and Privacy Developments in 2023 and Issues for 2024

by John P. Carlin, Jeh Charles Johnson, Jeannie S. Rhee, Peter Carey, and Steven C. Herzog

From left to right: John P. Carlin, Jeh Charles Johnson, Jeannie S. Rhee, Peter Carey, and Steven C. Herzog. Photos courtesy of Paul, Weiss, Rifkind, Wharton & Garrison LLP.

At the beginning of the year, we predicted that the use of personal information and the protection of data in an evolving threat environment would be the focus of increased legislation, regulation, and regulatory enforcement. And 2023 delivered, with both threat actors and regulators presenting new challenges for technology and legal teams. At the same time, these teams are navigating how to harness the burgeoning potential of rapidly evolving artificial intelligence applications while mitigating associated security, legal, and related risks. Amidst all of the noise, we break down below ten key developments of 2023 that contributed to an increasingly complex legal and data security landscape and prompted business leaders to increase resources and attention to bolster their defenses and ensure compliance with their growing list of legal obligations. We predict a continued flurry of activity in 2024. Continue reading

Recent Developments in Switzerland’s Anti-Corruption and Anti-Money Laundering Regime

by Jonathan Rusch

Photo courtesy of the author

For some time, Switzerland has generally ranked highly in perceptual surveys of corruption.[1]  But while some may believe that “generally speaking, Switzerland has a comprehensive anti-corruption and anti-money laundering regulatory regime”[2], that regime has not kept pace with a number of other countries.  Indeed, a 2021 report by the Council of Europe’s Group of States against Corruption (GRECO) stated that since the 2017 GRECO report on Switzerland, Switzerland had satisfactorily addressed only five out of the twelve recommendations contained in a 2017 GRECO report.[3]

Since then, however, Switzerland has moved forward on several fronts to bolster its anti-corruption and anti-money laundering (AML) regime.  Three recent developments indicate that progress.  First, on August 30, the Swiss Federal Council (the governing body of the Swiss government[4]) launched the consultation procedure on a bill to strengthen the country’s AML framework, including the introduction of a beneficial ownership registry.[5]  Second, on September 28, the Swiss Attorney General filed an indictment against former Uzbek government official and prolific bribe-taker Gulnara Karimova and a co-conspirator for participation in a criminal organization, money laundering, and related charges.[6] Third, on December 6, the Swiss Attorney General filed an indictment against a leading global commodities trading company, Trafigura Beheer BV (Trafigura), and three individuals for bribery in connection with Trafigura’s activities in the Angolan petroleum industry.[7]  This post will summarize and comment on these developments.

Continue reading