Author Archives: Clarissa Santiago

DOJ Charges Former Uber Executive for Alleged Role in Attempted Cover-Up of 2016 Data Breach

by Rahul Mukhi, Joon H. Kim, Jonathan S. Kolodner, and Michael J. Phelan

On August 20, 2020, the Department of Justice (“DOJ”) announced that it had charged Joseph Sullivan, the former Chief Security Officer (“CSO”) of Uber Technologies Inc. (“Uber”), with obstruction of justice and misprision of a felony for allegedly attempting to cover up Uber’s 2016 data incident during the course of an investigation by the Federal Trade Commission (“FTC”). While the DOJ and federal law enforcement have generally treated corporate hacking targets as victims in connection with data breaches, the charges against Sullivan reinforce that they will actively pursue any violations of federal law that are committed by entities or individuals during the course of responding to such incidents.

Continue reading

Are Voluntary Monitors the Key to Mitigating COVID-19-Related Misconduct Risks?

by Jonny Frank and Kaitlyn Cecala

In the wake of serious misconduct, companies self-appoint “Voluntary Monitors” to avoid one imposed and selected by the government, reduce sanctions, escape prosecution, repair brand value and restore trust. In late July, for example, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), noting Whitford Worldwide’s retention of monitors, reduced an initially proposed $20 million penalty to $824,000.[1] And, on August 10th, the CFTC, SEC and FINRA announced settlements with Interactive Brokers, noting the company’s retention of an independent consultant to make recommendations to enhance its compliance program and a separate independent consultant to assess its implementation of an initial consultant’s recommendations.[2]

Continue reading

Seventh Circuit Deepens Circuit Split Over FCA Dismissal Authority

by Anne W. Robinson, Daniel Meron, Terra Reynolds, Kirstin Scheffler Do, Morgan L. Maddoux, Jessica Lynn Saba, and Sushma Raju

The U.S. Court of Appeals for the Seventh Circuit’s August 17, 2020 opinion in United States ex rel. CIMZNHCA, LLC v. UCB, Inc.[1] (CIMZNHCA) outlines a new standard for evaluating government motions to dismiss False Claims Act (FCA) cases over relator objections. This case is one of several in which the U.S. Department of Justice (DOJ) has moved to dismiss qui tam actions since the issuance of the so-called Granston Memo in January 2018.

Continue reading

AML Regulators Clarify Diligence Requirements for Politically Exposed Persons

by Katherine Mooney Carroll, Paul Marquardt, Patrick Fuller, and Graham Bannon

On August 21, the Financial Crimes Enforcement Network (FinCEN), together with the federal banking agencies[1] (the “Agencies”), released a statement (PDF: 220 KB) (“Statement”) to clarify banks’ customer due diligence (“CDD”) obligations for politically exposed persons (“PEPs”). The Statement affirms that (i) there is no regulatory requirement, and no supervisory expectation, for banks’ Bank Secrecy Act (BSA) / anti-money laundering (“AML”) programs to include “unique, additional due diligence steps” for customers who are PEPs and (ii) there is no regulatory requirement for banks to screen customers and their beneficial owners for PEPs. Instead, the Statement confirms that PEP customers should be subject to the same risk-based approach to CDD that applies to any other customer, but that PEP status (and screening for PEPs) may be a factor in developing a customer risk profile and assessing money laundering risk. It also reminds banks of the continued U.S. national security and law enforcement interest in detecting and combating public corruption and other criminality involving PEPs.

Continue reading

DOJ Issues First FCPA Advisory Opinion in Six Years: A Note of Caution and Practical Takeaways

by Jamie A. Schafer, David B. Massey, Lee S. Richards III and Michael D. Mann

On August 14, 2020, the U.S. Department of Justice (“DOJ”) published the agency’s first Foreign Corrupt Practices Act (“FCPA”) Opinion Procedure Release (“FCPA Opinion Release”) since 2014.[1] In this guidance, DOJ confirmed that it would not prosecute a company for commercially reasonable payments made to a state-owned service provider in return for legitimate services rendered where there was no corrupt intent or diversion of money to any individual. As always, FCPA Opinion Releases should be read narrowly because the analysis relates to specific complex circumstances, many of which are not transparent to the reader.

Continue reading

Five Steps Lenders Can Take to Mitigate Legal and Reputational Risks Related to the Paycheck Protection Program (PPP)

by Jonny Frank and Ryan LaRue

The Paycheck Protection Program (PPP) inadvertently—but inevitably—puts PPP lenders between a rock and a hard place. At PPP’s inception, the government pushed lenders to make loans to stimulate the COVID-19 rocked economy. Equally inevitable and with the benefit of 20-20 hindsight, regulators, prosecutors and congressional oversight committees will ask why lenders extended loans to fraudsters. Here, we provide five practical steps lenders can take to mitigate the legal and reputational risks of extending PPP loans to borrowers who obtained loans under false pretenses or inappropriately used the funds earmarked by the government to protect jobs.

Continue reading

Cybersecurity Requirements for Insurance Companies – The NYDFS Rules as the Emerging Standard

by Luke Dembosky, Avi Gesser, and AJ Salomon

As we have discussed in recent webinars and blog posts, the New York Department of Financial Services has recently brought its first enforcement action under its cybersecurity rules (23 N.Y.C.R.R. Part 500).  When the NYDFS cyber rules were first enacted in 2017, they were widely regarded as the most comprehensive cybersecurity regulation in the United States. Almost all insurance companies that are licensed to do business in New York state were required to comply, leading to speculation that Part 500 would eventually emerge as the cybersecurity standard for insurance companies nationwide. Three years later, that appears to be the case.

Continue reading

Updating the Safeguards Rule: FTC Touts Proposed Changes at Virtual Workshop

by Luke Dembosky, Jeremy Feigelson, Avi Gesser, Jim Pastore, Suchita Mandavilli Brundage, and Marissa MacAneney

On July 13, 2020, the Federal Trade Commission (“FTC”) hosted a virtual workshop on its proposed changes to the Standards for Safeguarding Customer Information (“Safeguards Rule”). The workshop followed up on the FTC’s 2019 notice of proposed rulemaking requesting public comment on its proposal to amend the Safeguards Rule.

Continue reading

Unexplained Wealth Orders, Explained: The UK Regime and Considerations for the United States

by Alun Milford and Alicyn Cooley

Two and a half years after their introduction in the United Kingdom, unexplained wealth orders (“UWOs”) are garnering more international attention than ever. Litigation surrounding the first UWOs has progressed in English and Welsh courts, clarifying how the law will be applied there and revealing how the authorities have so far sought to use them. In this two-part article, we review the trajectory of UWOs in the United Kingdom, examine what it shows about the English and Welsh approach to self-incrimination issues raised by UWOs, and compare the UWO system to the current civil forfeiture regime in the United States.

Continue reading

Selling a COVID-19 “Cure”

by Harry K. Fidler, Murad Hussain, and Kirk Ogrosky

In cities across the country, healthcare and other essential workers have been greeted in the evenings with cheers and clanging pots and pans as they return home from working tirelessly to combat the global pandemic that has changed life as we know it. As these heroes rush to and from the front lines saving lives, government prosecutors and agencies are turning their attention to companies and individuals that are supposedly rushing to promote false treatments for COVID-19. For example, the Department of Justice has announced various fraud charges against doctors and others while the U.S. Food & Drug Administration has issued 90 warning letters (so far) to entities “for selling fraudulent products with claims to prevent, treat, mitigate, diagnose or cure” the disease. In April, the FDA issued one such letter to Genesis II Church for allegedly marketing a bleaching agent as a COVID-19 cure, and the federal government sued the church and its founders (PDF: 239.97 KB) and won a preliminary injunction against their distribution of the product. Then, on June 30, DOJ filed a criminal complaint charging the church’s founders (PDF: 574 KB) with conspiring to defraud the United States and to deliver misbranded drugs, and for criminal contempt for allegedly violating the preliminary injunction.

Continue reading