Author Archives: Allison Caffarone

Willfulness and Negligence are Mutually Exclusive Standards of Liability (Something We All Intuitively Knew Already)

Greg Morvillo and Christine Hanley

Rudyard Kipling famously quipped “Oh, East is East and West is West and never the twain shall meet.”  Although crafted in 1889, this sentiment is newly applicable to a D.C. Circuit Court of Appeals opinion in The Robare Group v. S.E.C, 922 F.3d 468, 479-80 (D.C. Cir. 2019).  The D.C. Circuit essentially held that Willfulness is Willfulness and Negligence is Negligence, and never the twain shall meet, only less poetically.  This potentially landmark decision held that willfulness and negligence are mutually exclusive standards of liability – one requiring intent to commit wrongdoing and the other requiring a lack of intent to commit wrongdoing – and the SEC cannot impose civil liability under both standards for the same conduct. 

Robare arose out of a 2014 administrative cease and desist proceeding against The Robare Group (“TRG”), an investment advisory firm, and its principals and co-owners, Mark L. Robare and Jack L. Jones.  The complaint alleged that respondents received a fee from Fidelity Investments (“Fidelity”), which provided clearing services for TRG’s advisory clients, whenever TRG’s clients invested in certain funds offered on Fidelity’s online platform.  The SEC further alleged that TRG failed to disclose this fee and that TRG had a conflict of interest arising from the revenue-sharing arrangement between TRG and Fidelity.  Continue reading

Prepared Remarks of FinCEN Director Blanco at the NYU Law Program on Corporate Compliance and Enforcement

Kenneth A. Blanco 

NYU Law Program on Corporate Compliance and Enforcement
June 12, 2019

Good afternoon. It is a pleasure to be here again at the NYU Law Program on Corporate Compliance and Enforcement. Thank you for having me back.

When I last spoke here in November 2017, I was serving as Acting Assistant Attorney General for the Criminal Division of the United States Department of Justice and spoke of DOJ’s efforts in financial investigations, corruption, transnational crime, money laundering, sanctions violations, illicit finance, and asset recovery, among other topics.

Well, the more things change, the more they stay the same. That very month, I was named Director of the U.S. Department of the Treasury’s Financial Crimes Enforcement Network — FinCEN. Although I am no longer at DOJ, many of the same issues continue to be central to my work carrying out FinCEN’s mission, which is to safeguard our financial system, protect our national security, and keep our communities and families safe from harm.

It is a complex but worthwhile and rewarding undertaking, and it requires FinCEN to constantly grow, evolve, and adapt. With that in mind, there are three main issues I would like to cover today:

  • First, I want to describe how FinCEN is tackling a number of evolving forms of illicit finance threats and related crimes, to include terrorism, corruption, human trafficking, virtual currency, cyber-enabled threats, and money laundering through real estate;
  • Second, I will emphasize the need to collect beneficial ownership information at company formation; and
  • Lastly, I will discuss ongoing efforts to upgrade and modernize our system of anti-money laundering/countering financing of terrorism, or AML/CFT to incorporate the innovative approaches being taken by financial institutions and others, in order to have the best and most actionable information available.

So let us begin.

FinCEN’s Approach to Evolving Threats

One of the most effective ways to deter criminals and bad actors and to stem the harms that flow from their actions—including harm to American citizens and our financial system—is to follow the money, expose illicit activity, and prevent illicit networks from benefiting from the enormous power of our economy and financial system. FinCEN does this on a multitude of fronts every single day. And as these threats evolve, so must we.


Unfortunately, New York City does not have to hear from me how dangerous terrorists are, or how devastating a terrorist attack can be.

At FinCEN, combatting terrorism is one of our most sacred goals — it is at the heart of the work we do every day. The fact is that terrorists, like most other criminals, need money to develop their networks or execute their attacks, and disrupting those money flows is one of the most effective ways to uncover and stop these bad actors.

Every day, FinCEN takes the Suspicious Activity Reports, or SARs, filed by financial institutions, and we run them through automated business rules to identify reports that merit further review by our analysts. This process generates around 50 matches a day, more than 1,000 matches each month. Of these matches, the highest priority findings are disseminated to our law enforcement and regulatory partners in what we call a Flash report. These Flash reports enable law enforcement agencies, and others, to identify, track, and disrupt the activities of potential terrorist actors. It is incredibly valuable information that helps keep us all safe.

In addition, whenever there is a terrorist attack anywhere in the world, FinCEN has a Crisis Response team that responds 24/7, including on holidays. The Crisis Response team connects with law enforcement domestically and overseas, and uses our vast databases to connect people, places, countries, and businesses.

They work to build out a network connected to the terrorist act — the transactions, location, cars, houses, streets — in order to better understand and paint a picture of the crisis at hand. This can help law enforcement find those involved, locate others that may be helping them, find associated bad actors before they can strike, and hopefully prevent the harm from spreading.


Another area where illicit finance plays a big role, and as such, where FinCEN is taking a strong and active stance, is combatting corruption.

Nowhere is fighting corruption more critical today than in Venezuela. Because of the greed and corruption of the illegitimate Maduro regime and their associates and acolytes, the Venezuelan people are suffering an epic tragedy of proportions which are rarely, if ever, seen in the Western hemisphere.

Corrupt Venezuelan senior political figures are taking their proceeds derived from theft, bribes, extortion, drug trafficking and other crimes from the country and hiding them elsewhere, including in the U.S.

But the United States will not allow our financial system to be abused for the benefit of foreign kleptocrats who are trying to stash their illicit fortunes by buying homes, yachts, and airplanes in the United States, all while creating even more wealth and resources to deploy for the Maduro regime’s inhumane and criminal purposes. Money stolen from the Venezuelan people should be returned to them, and those guilty of these crimes should be held accountable.

In response, last year, FinCEN and the financial intelligence units, or FIUs, of Argentina, Colombia, Mexico, and Panama created a working group to identify and trace the illicit flow of dirty money leaving Venezuela. The group, which now also includes Switzerland and Lichtenstein, has multiple lines of investigation well underway. We believe that by sharing with each other the information we have collected about illicit activity in Venezuela, we can all take stronger steps to combat it.

In addition, FinCEN has issued numerous advisories to alert financial institutions of widespread corruption, not only in Venezuela, but also in Nicaragua and Iran. FinCEN also has issued an advisory highlighting the connection between corrupt senior political figures and human rights abuses.

Like other FinCEN advisories, it contains illicit activity typologies, red flags that facilitate monitoring and detection, and guidance on complying with FinCEN regulations to address those threats and vulnerabilities. Financial institutions use this information to enhance their Anti-Money Laundering (AML) monitoring systems for more valuable suspicious activity reporting, which in turn keeps our financial system safe and our country secure.

Human Trafficking

FinCEN is also actively fighting human trafficking, which is not just about stopping criminals. It is about protecting people, families, many of the most vulnerable in our society. Fundamentally, stopping human trafficking is about saving lives.

We know from working closely with financial institutions that they are in a unique position to make observations when interacting with customers, observations that can help them detect and report suspicious financial activity that may be related to human trafficking.

Recognizing this, we wrote an advisory in September 2014 that describes red flags that financial institutions should be on the lookout for to identify possible human trafficking. By reporting that information to us, we can ensure that law enforcement is aware of the activity and thereby prevent trafficking from happening, rescue victims, and apprehend the perpetrators.

FinCEN is also leading an international global project on human trafficking — within the Egmont Group of 159 FIUs — an initiative that has helped United States law enforcement discover previously unknown human traffickers and individuals involved in the purchase or sale of child pornography, resulting in almost 100 successful law enforcement actions.

Virtual Currency

FinCEN is also at the forefront of FinTech and areas like virtual currency.

To us, there is no question that the technology in this sector has the potential to fundamentally change traditional payment systems, the way we do business, and people’s everyday lives.

Innovation in financial services is a great thing, from ATMs and online banking to more, recent automated services and mobile payment applications. We support and encourage innovation, but it must be responsible innovation.

Importantly, we must remember that as industry evolves and adopts these new technologies, financial crime evolves right along with it, or indeed sometimes because of it, creating opportunities for criminals, terrorists, and bad actors. That is why I am proud that FinCEN was the first government agency to issue regulations, which we did back in 2011 — eons ago in this field — and to provide guidance covering virtual currency, which we did as early as 2013.

But given the rapid evolution in this field, we must continue to make sure institutions understand their reporting and other obligations so they can report the information law enforcement needs to catch criminals or prevent harm and to keep people and the financial system safe. With this in mind, just last month, FinCEN issued updated guidance to remind entities subject to the Bank Secrecy Act (BSA) how our regulations apply to convertible virtual currencies (CVC).

Along with the guidance, we issued an advisory informing financial institutions of various things they should be on the lookout for with respect to CVC.

We have seen a substantial increase in virtual currency SAR filings over the past few years and now receive more than 1,500 SARs per month describing suspicious activity involving virtual currency. The reporting we are seeing shows us that the industry is developing new techniques for identifying suspicious activity in virtual currency transactions, demonstrating to us what is possible and giving us unique insight into certain financial crimes.

We are learning about unique indicators of compromise, malware hashes, and virtual currency addresses, such as those associated with ransomware, allowing us to link together disparate incidents to identify the scope of certain threats targeting the sector. We are then able to share those aggregated indicators with financial institutions to promote a strong network defense.

But we cannot just issue regulations; we need to ensure that they are complied with and followed. Examining and supervising financial institutions is critical to our efforts to mitigate the potential for illicit financial uses associated with virtual currency.

FinCEN, working closely with the IRS, has launched a series of supervisory exams of virtual currency money services businesses. Our examinations have included a wide array of different types of virtual currency businesses, such as exchangers of currency, virtual currency trading platforms, administrators, virtual currency kiosk (or ATM) companies, crypto-precious metals dealers, and individual peer-to-peer exchangers.

While we work hard to help financial institutions understand and comply with their regulatory obligations, we will not hesitate to hold those accountable when they fail to do so. We demonstrated this in April when FinCEN issued a civil money penalty against a peer-to-peer virtual currency exchanger named Eric Powers.

Mr. Powers failed to register as a money services business and had no written policies or procedures for ensuring compliance with the BSA. He advertised his intent to purchase and sell bitcoin on the Internet, and completed many transactions directly with Darknet Market vendors without ever reporting any suspicious transactions. He conducted more than 200 transactions involving the physical transfer of more than $10,000 in currency, yet failed to file a single Currency Transaction Report. As a result of our action, Mr. Powers not only paid a fine, but is now barred from providing money transmission services or participating in the work of any financial institution.

FinCEN is committed to acting decisively to address compliance failures that put our financial system and national security at risk and undercut responsible innovation in the financial services space.

We are recognized as world leaders in this area, providing training around the globe, and helping to develop international standards with our foreign counterparts in the area of FinTech and virtual currency. We are also working with Congress, financial institutions, and law enforcement to make sure we are all on the same page in this dynamic and ever-evolving space.

Cyber-Enabled Crimes and Threats

Similarly, FinCEN is working hard to combat the rise of large-scale cyber theft, and in particular, business email compromise fraud, or BEC, in which criminals misappropriate funds by deceiving financial institutions into conducting wire transfers that are diverted into accounts controlled by these nefarious actors.

These schemes are among the growing trend of cyber-enabled crime adversely affecting financial institutions, their customers, and others, which is estimated to have resulted in losses of more than $12.5 billion since 2013.

The rate of cyber-related SAR filings has grown so significantly that we have now received approximately 80,000 per year. For BEC SARs specifically, we receive an average of 13,500 SARs per year. Since the release of the BEC advisory in 2016, the rate of BEC SARs received has increased by more than 95%.

To address these threats, FinCEN, in coordination with the FBI, created and implemented the Rapid Response Program. This program continues to grow in scope and participating agencies as awareness of the phenomena increases. Under the program, when United States law enforcement receives a BEC complaint from either a victim or an interested third party like a financial institution, the relevant information is forwarded to FinCEN, where we move quickly to track and recover the funds.

The program utilizes FinCEN’s ability to rapidly share information with counterpart FIUs in more than 159 jurisdictions, and leverages these relationships to encourage foreign authorities to intercede and hold funds or reverse wire transfers. To date, this program has received over 2,000 requests and recovered over $500 million.

Money Laundering Through Real Estate

Yet another area on which we at FinCEN are focused and leading is the use of real estate as a way to launder money.

Real estate transactions involving luxury property purchased through shell companies—particularly when conducted with cash and no financing—can be an attractive avenue for criminals to launder illegal proceeds while masking their identities.

In response, FinCEN began issuing Geographic Targeting Orders, or GTOs, related to real estate in 2016. A GTO is an order issued by FinCEN that imposes additional recordkeeping or reporting requirements on financial institutions or other businesses in a specific geographic area.

We have renewed the GTO several times, modifying it when necessary, and re-issuing it again last month, basically requiring U.S. title insurance companies to record and report information about legal entities used to make non-financed purchases of high-value residential real estate in 12 major U.S. geographic areas: Boston, Chicago, Dallas-Fort Worth, Honolulu, Las Vegas, Los Angeles, Miami, San Antonio, San Diego, San Francisco, Seattle, and yes, New York City.

GTOs have provided FinCEN with valuable insight into the ways that illicit actors move money in the U.S. residential real estate market, and help us better understand how actors in markets with relatively fewer AML protections respond to new reporting requirements.

Collection of Beneficial Ownership Information

GTOs target only a small part of a much bigger picture, and can only get us so far. Narco-traffickers, corrupt leaders, rogue states, terrorists, and fraudsters of all kinds establish domestic shell companies to mask and further criminal activity, to invest and buy assets with illicit proceeds, and to prevent law enforcement and others from efficiently and effectively investigating tips or leads, thus allowing these bad actors to hide from justice and continue their bad acts.

FinCEN recognizes that shell companies and other entities play a vital role in domestic and global commerce. We are very mindful that they are also vulnerable to abuse, and currently create a gap—a dangerous gap—in our national security apparatus that must be fixed.

FinCEN’s recent Customer Due Diligence Final Rule, which requires the collection of beneficial ownership information for legal entities when opening an account at a bank or other financial institution, is but one critical step toward closing this national security gap. The second critical step in closing this national security gap is collecting beneficial ownership information at the corporate formation stage.

As a former state and Federal prosecutor, I know only too well how difficult it is to trace assets hidden through shell companies and other corporate structures.

To determine the true owner of a shell company or front company in the United States requires law enforcement to undertake a time-consuming and resource-intensive process involving human source information, grand jury subpoenas, surveillance operations, witness interviews, search warrants, and foreign legal assistance requests. This takes an enormous amount of time and resources that investigators could better spend on furthering other important aspects of an investigation or other crimes being committed.

The collection of beneficial ownership information at the time of company formation would significantly reduce the amount of time and resources currently required to research who is behind anonymous shell companies, expose the bad actors, prevent the flight of assets and destruction of evidence, and allow law enforcement to interrupt and dismantle criminal organizations and other bad actors before they harm our citizens or our financial system.

As more and more of our allies begin to collect beneficial ownership information at the incorporation stage in their countries and make it accessible to law enforcement, the United States risks becoming a safe haven for bad actors looking to hide their assets. We are working with Congress to find the best way to address this serious gap.

FinCEN’s efforts to upgrade and modernize the AML/CFT system

One of our objectives as a regulator and the administrator of the BSA is to ensure that the best, most actionable information is available to protect our communities and families from harm. That is why it is so important that we upgrade and modernize our anti-money laundering/terrorist financing system to leverage the innovative approaches being taken by financial institutions and others. We are taking a number of actions to do so, such as:

  • On October 3 of last year, we described in a joint statement with our fellow Federal Banking Agency regulators (FBAs) the circumstances in which banks may enter into collaborative arrangements to meet their individual BSA obligations through the sharing of human, technological, and other resources;
  • In another joint statement with the FBAs on December 3 of last year, we encouraged banks and credit unions to take innovative approaches to combating money laundering, terrorist financing, and other illicit financial threats;
  • Just a few weeks ago, we announced an Innovation Hours Program to better shape and inform our ongoing engagements with innovators in this space. The program will provide financial technology and regulatory technology companies and financial institutions the opportunity to present their new and emerging innovative products and services to FinCEN. We expect to hold events in the Washington, D.C. metro area, as well as some regional events, that focus on financial services-related innovation;
  • In January of this year, we initiated an ambitious project to catalogue the value of BSA reporting across the entire value chain of its creation and use. We are already able to confirm just how extensive and crucial the value of BSA reporting is to an array of stakeholders and activities—activities that go well beyond just whether or not a particular SAR, CTR, or FBAR (or any other BSA report) facilitates a particular law enforcement investigation. And we are looking at ways to better measure and communicate the tremendous value of BSA reporting and develop a clearer understanding of what happens when any step in the BSA reporting value chain is interrupted or diminished;
  • We are also enhancing our engagement with the financial industry. We have revamped and re-energized the Bank Secrecy Act Advisory Group (BSAAG) composed of representatives of Federal law enforcement and regulatory agencies, State government agencies, self-regulatory organizations, trade associations, and individual financial institutions that meet twice each year to discuss regulatory expectations, trends in illicit finance, and opportunities to foster AML/CFT innovation;
  • We established the FinCEN Exchange, where we convene law enforcement and different types of financial institutions to share information on select topics in order to identify vulnerabilities, disrupt illicit financing, and guard against other financial crimes. We truly believe sharing information through these public-private partnerships helps the financial institutions prioritize their efforts and results in more, and higher-quality, reports to FinCEN; and
  • Finally, we have expanded the FinCEN Director’s Law Enforcement Awards Program, which recognizes the outstanding efforts of law enforcement agencies that successfully used BSA reporting in their criminal investigations in order to underscore the importance of a successful partnership between the financial industry that provides BSA information and law enforcement that utilizes the information.


As I conclude my remarks, I ask you to think about the importance of compliance with the BSA and what it really means for our financial system, our communities, families, and us as a nation.

It is a national security issue.

Think about to whom it is important, who it affects. It is important to the lives of millions of people, the innocent and the most vulnerable; victims or potential victims of crime. It is important to the elderly who would lose their life savings to a fraud scheme or cybercrime. It is important to the child who is deprived of food or medical attention because a kleptocrat or other bad actor has siphoned off the money that was to be used for that purpose. It is important to the loved one of a victim who was killed by an act of terror, or a parent who has lost their child to an opioid addiction, or an orphan child who lost a parent to the same.

And I urge you to remember this, and how compliance — by financial institutions in particular — plays a critical role in preventing these bad things from happening. In many instances, they are the first line of defense.

At FinCEN, we are committed to working with the private sector to make it more effective and efficient in complying with obligations, and we are open to thoughtful and reasonable ideas on how to do that.

And lastly, I want you to always remember that financial institutions and others enjoy the benefits of a secure financial system where they are able to make money and invest to make even more money.

But that system is only secure because all of us — in the public and the private sector —fight every day to keep it that way. We need to ensure that it stays that way, for the sake of national security, and for the security and well-being of our people — all those affected.


Kenneth A. Blanco, Director, Financial Crimes Enforcement Network (FinCEN)


The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of New York University School of Law.  PCCE makes no representations as to the accuracy, completeness and validity of any statements made on this site and will not be liable for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with the author.

The Financial Action Task Force Evaluation of Russia: An Opportunity

By Joshua Kirschenbaum and Jennifer DeNardis


Russia in recent years has been the most conspicuous source of illicit flows into European banks and the Western financial system. The Russian government weaponizes these opaque channels to export corruption, facilitate influence operations, and prop up the domestic patronage system. Despite a money laundering crackdown by the Central Bank of Russia (CBR), the country’s main financial supervisor, recent history poses serious questions about the effectiveness of the central bank, law enforcement agencies, and prosecutors in combating illicit financial activity.

The Financial Action Task Force (FATF) sets international anti-money laundering (AML) standards (PDF 6.37 MB)  and evaluates its member states for compliance. It was created in 1989 and is housed at the Organization for Economic Co-operation and Development.  Russia joined in 2003. FATF last evaluated Russia over a decade ago under the old “technical compliance” review process, which largely focused on the country’s legal framework. FATF now evaluates (PDF 1.51 MB) jurisdictions on the basis of the effectiveness of their AML regimes. The new method focuses on enforcement and outcomes. That makes this year’s FATF evaluation of Russia a unique opportunity to protect democratic countries from corrosive financial flows.

Should FATF conclude that Russia falls short, it could “greylist” the jurisdiction, which would have immediate reputational effects. It could ultimately lead to a process by which other FATF members, would require their financial institutions to take special steps in dealing with Russian banks. This would raise the cost of international business and banking in Russia. Such a decision against an FATF member state would be unprecedented but not necessarily unjustified. Continue reading

The Slow Introduction of Pre-Trial Diversion Mechanisms in the Italian System of Corporate Liability

by Simone Lonati

The Common Law-inspired decision to enlist corporations as precious, proactive allies in the essential activities of detection and combat of crime, and particularly of bribery, has often been looked at with the typical skepticism of civil law systems, which – a long way from accepting the idea of equal cooperation in the fact-finding mission – require a neat distinction of roles in proceedings. Nonetheless, it is by now undeniable that the perception of corporate compliance in the Italian legal system has undergone a significant transformation in recent years.

The structure of Legislative Decree n. 231/2001, which established for the first time in the Italian legal system an administrative liability of legal persons and entities without legal personality for the crimes committed by employees and executives, outlines a correction model that views the conduct held by the accused legal entity during an investigation and the related criminal proceedings as one of the cornerstones triggering the virtuous path towards compliance monitoring, which should bring the entity back on the tracks of profitable compliance. Continue reading

Effective Cybersecurity and Data Protection Legislation Should Protect Whistleblowers

by Dallas Hammer and Jason Zuckerman

Congress should act to protect cybersecurity whistleblowers because information security has never been so important, or so challenging.  In the wake of a barrage of shocking revelations about data breaches and companies mishandling of customer data, a bipartisan consensus has emerged in support of legislation to give consumers more control over their personal information, require companies to disclose how they collect and use consumer data, and impose penalties for data breaches and misuse of consumer data.  The Federal Trade Commission (“FTC”) has been held out as the best agency to implement this new regulation.[1]  But for any such legislation to be effective, it must protect the courageous whistleblowers who risk their careers to expose data breaches and unauthorized use of consumers’ private data.

Whistleblowers strengthen regulatory regimes, and cybersecurity regulation would be no exception.  Republican and Democratic leaders from the executive and legislative branches have extolled the virtues of whistleblowers.[2]  High-profile cases abound.  Recently, Christopher Wylie exposed Cambridge Analytica’s misuse of Facebook user data to manipulate voters, including its apparent theft of data from 50 million Facebook users as part of a psychological profiling campaign.  Though additional research is needed, the existing empirical data reinforces the consensus that whistleblowers help prevent, detect, and remedy misconduct.[3]  Therefore it is reasonable to conclude that protecting and incentivizing whistleblowers could help the government address the many complex challenges facing our nation’s information systems. Continue reading

UK Senior Managers Regime Encourages SEC Whistleblowing

by Richard Pike

Nearly 12% of tips received by the Securities and Exchange Commission (SEC) in FY 2018 were from international whistleblowers and the second largest source of these tips was the United Kingdom[1]. The frequency of tips from the UK should come as no surprise because London is, of course, an important global financial center and many large firms operating in London are listed on US exchanges. We believe, however, that there may be another factor affecting the number of tips and one which is likely to play a much stronger role in the future. Continue reading

Preparing for the California Consumer Privacy Act in an Evolving Privacy Landscape

by David A. Katz, Marshall L. Miller, and Zachary M. David

Just a month after the European Union’s General Data Protection Regulation (GDPR) (PDF: 146 KB) took effect, California enacted the most expansive data privacy law in the United States to date.  The California Consumer Privacy Act (CCPA), which is scheduled to go into effect on January 1, 2020, will impose unprecedented data obligations on companies doing business in California, requiring increased data use transparency and the observance of novel consumer data rights.  Notwithstanding any GDPR compliance fatigue, companies need to take steps to prepare for compliance with the CCPA. 

The CCPA was a hastily crafted legislative package passed to preempt a statewide ballot initiative set to qualify for California’s November 2018 ballot.  The initiative—which promised to be even more far-reaching—was withdrawn by its ballot sponsors ­in exchange for passage of the CCPA.  The statute remains a work in progress, with numerous legislative amendments currently under consideration and implementing regulations from the California Attorney General expected this fall. Continue reading

DOJ Issues Guidance on Cooperation In False Claims Act Investigations

by Jennifer Kennedy Park, Breon S. Peace, and Lisa Vicens

DOJ Issues Guidance on Cooperation In False Claims Act Investigations

On May 7, 2019, the Department of Justice (“DOJ” or “the Department”) issued formal guidance to DOJ’s False Claims Act (“FCA”) litigators on the circumstances in which DOJ will grant credit for cooperation during FCA investigations.[1] The guidance explains the factors that DOJ considers in determining whether to award cooperation credit in FCA investigations and the types of credit available.[2] 

Under the guidance, cooperation credit in FCA cases may be earned by voluntarily disclosing misconduct unknown to the government, cooperating in an ongoing investigation or undertaking remedial measures in response to a violation of the FCA.  Aside from taking these steps, a company may receive at least partial credit by identifying individuals with relevant information about the conduct, preserving relevant documents and information beyond existing business practice or legal requirements, and assisting in an ongoing investigation by disclosing relevant facts, among others.  Cooperation credit will take the form of reducing the penalties or damages multiple sought by the DOJ.  The maximum credit that a defendant receives may not surpass the amount of full compensation the government would receive for losses caused by the defendant’s misconduct.  This amount includes government damages, lost interest, costs of investigation and relator share. Continue reading

Scapegoating: A Structural Risk in Current U.S. Cross-Border Corporate Crime Enforcement

by Laurent Cohen-Tanugi

The interaction of corporate and individual liability in cases of corporate misconduct raises complex issues for prosecutors, management, and employees alike. Such issues, however, are generally discussed in connection with situations where corporate wrongdoing can be attributed to one or more individuals. Yet those “rogue employee” situations are neither the most difficult ones to address, nor the most frequent to arise.

More common, as evidenced by the numerous DPAs acknowledging wrongdoing entered into by corporate entities, and more problematic from a fairness standpoint, are situations where wrongdoing is instructed more or less overtly by senior management, and/or imbedded in a company’s business model and corporate culture, and implemented by lower level executives as part of their duties. The fairness issue stems from the pressure on both prosecutors and the company’s senior management to identify sanctionable individuals who may not be those ultimately responsible. And this problem is compounded in cross-border enforcement situations. Continue reading

Part III: Our Last Look at the CCPA’s Definition of “Personal Information”

by Craig A. Newman and Jonathan (Yoni) Schenker

In our third and final installment on the California Consumer Privacy Act’s (CCPA) expansive definition of “personal information,” we look at other sections of the CCPA that either limit the applicability of the law’s “personal information” definition or exclude information from coverage under the law.

The CCPA excludes information that otherwise meets the definition of “personal information” if the information is already governed under specified federal or state statutes or regulations. Cal Civ. Code §§ 1798.145(c-f)[1]. The CCPA also adopts a narrower definition of “personal information” when conferring a private right of action in the context of a data breach. Id. § 1798.150; see id. § 1798.81.5(d)(1)(A). As we will discuss in a later post, when a private litigant files a data breach lawsuit, the CCPA’s definition of “personal information” isn’t in play but the narrower definition from the state’s existing data breach statute is used.

Our three-part series is designed to help businesses identify whether they hold information covered under the law, while also highlighting the potential pitfalls in the definition as we await interpretative regulations from the California Attorney General and potential amendments from the state’s legislature. In Part I[2], we explored the breadth of the definition, which is unprecedented in the United States. In Part II[3], we explored the law’s two explicit exclusions from the “personal information” definition for “publicly available” and “deidentified or aggregate consumer information,” noting the lack of clarity in the language of the law. Finally, we conclude our series with a look at the rest of the statute for exclusions from, and limitations to, the information covered under the CCPA. Continue reading