Author Archives: Clarissa Santiago

First Enforcement Action by New York DFS Under Its Cyber Rules Shows Where Companies Face Regulatory Risk – Six Quick Takeaways

by Luke Dembosky, Jeremy Feigelson, Avi Gesser, Jim Pastore, Lisa Zornberg, Zila Reyes Acosta-Grimes, Michael BloomChristopher S. Ford, and Mengyi Xu

The New York State Department of Financial Services (“DFS”) issued a Statement of Charges and Notice of Hearing (PDF: 278 KB) (the “Charges”) on July 21, 2020 against First American Title Insurance Company (“First American”) for multiple violations of the DFS Part 500 Cybersecurity Regulation (PDF: 97.4 KB) (the “Regulation”), including:

    • Failure to perform an adequate risk assessment
    • Failure to maintain proper access controls
    • Failure to provide adequate security training for cybersecurity employees
    • Failure to encrypt certain nonpublic information

The Charges carry potential penalties of up to $1,000 per violation, and in its press release, the DFS asserts that each instance of nonpublic information that was accessed by an unauthorized person constitutes a separate violation. The Charges allege that hundreds of millions of documents were at risk, more than 350,000 documents were accessed without authorization, and a sample of 1,000 documents found that 30% contained nonpublic information.

Continue reading

SEC Called Upon to Take Action on Diversity and Inclusion in the Asset Management Industry

by Betty Moy Huber and Alexandra Munson

The SEC’s Asset Management Advisory Committee hosted a meeting on July 16, 2020 to discuss the current state of diversity and inclusion (D&I) in the asset management industry. SEC Chairman Jay Clayton, SEC Commissioner Elad Roisman and Director of the SEC’s Division of Investment Management Dalia Blass opened the meeting. Each expressed an interest in understanding why minority- and women-owned firms make up only approximately 1.3% of the total assets under management in the global asset management industry. They asked what efforts the industry is taking to increase this percentage.

Continue reading

FinCEN Updates Guidance for Financial Institutions Regarding Hemp-Related Business Customers

by Satish M. Kini, David G. Sewell, and Justin G. Maffett

On Monday, June 29, the Financial Crimes Enforcement Network (“FinCEN”) issued guidance (PDF: 289 KB) to financial institutions, addressing Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) obligations and expectations that apply when providing services to hemp-related businesses. Although last Monday’s guidance generally supplements and amplifies the December 3, 2019 interagency statement (PDF: 75.9 PDF) (which we described in a Client Update published late last year), we wanted to share the following notes and highlights:

Continue reading

The 2020 FCPA Resource Guide Update: A Window into Today’s Enforcement of the FCPA

by Marshall L. Miller, Sean Hecker, Jenna M. Dabbs, and Ana Frischtak

The Foreign Corrupt Practices Act (PDF: 93 KB) is unique among U.S. criminal statutes in many ways—not least of which is the degree to which its primary enforcers, the Department of Justice and the Securities and Exchange Commission, provide legal and policy guidance as to its scope and application, primarily through the Resource Guide to the U.S. Foreign Corrupt Practices Act (the “Guide (PDF: 3.83 MB)”). On Friday, July 3, DOJ and the SEC issued a Second Edition of this key compendium, providing insight into the government’s continually developing approach to enforcing this far-reaching statute.

The eight years since the Guide’s initial publication in 2012 have witnessed critical developments in FCPA case law, enforcement policy, and DOJ and SEC practice, with the new edition of the Guide reflecting those developments. And while the Second Edition does not contain unexpected new pronouncements, it provides practitioners with a window into DOJ and SEC thinking, including their approaches to thorny enforcement challenges and recurring fact patterns.

Continue reading

Insulated No More: The Seila Decision and the End of the Independent CFPB Director

by Courtney M. Dankworth, Mary Beth Hogan, Gregory J. Lyons, Erol Gulay, David Imamura, Alexandra N. Mogul, and Victoria L. Recalde

On June 29, 2020, the Supreme Court issued its decision in Seila Law LLC v. Consumer Financial Protection Bureau, finding unconstitutional the Consumer Financial Protection Bureau’s (the “CFPB” or “Bureau”) leadership structure in which a single director is removable by the President only for cause. This “for cause” limitation on the President’s removal powers by the authors of Dodd-Frank made the CFPB leader more independent than the leaders of other executive agencies. In addition, given the CFPB Director’s five year term, a CFPB Director appointed by one President could remain in office well into the tenure of the next.

The Supreme Court’s decision in Seila eliminates this “for cause” protection, ending the CFPB’s insulated political status and opening up the CFPB to leadership change when a new President takes office. This decision will have a narrow immediate impact, since the CFPB is currently headed by an appointee of President Trump, but will have greater meaning if former Vice President Joe Biden wins the presidency in the fall. More generally, the decision will lead to a CFPB that is more closely aligned with the political priorities of whichever administration is in power.

Continue reading

COVID-19 Update: PPP Oversight Efforts May Impact Lenders

by Jodi L. Avergun, Scott A. Cammarn, Christian Larson, and Kendra L. Wharton

Recent press coverage concerning transparency and oversight with respect to the Paycheck Protection Program (“PPP”) has largely focused on PPP borrowers and the ability of Congress and federal inspectors general to obtain PPP borrower data from the Small Business Administration (“SBA”). The SBA has announced that it will release certain information about the loans PPP lenders issued. However, given limitations on the information that will be disclosed, Congress and federal inspectors general may also seek detailed PPP borrower and other information directly from lenders. The latter scenario could lead to requests for PPP lenders to provide data and respond to pointed questions. This memorandum outlines issues which lenders may wish to consider in anticipation of such information requests.

Continue reading

What to Expect from SEC Enforcement’s Coronavirus Steering Committee

by John W. R. Murray and Rachel Hutchinson

Following up on previous guidance, Steven Peikin, Co-Director of the SEC Division of Enforcement (“Enforcement”), provided updated detail on Enforcement’s response to the COVID-19 pandemic in a virtual keynote address last month at the Securities Enforcement Forum West 2020.  (We discussed Enforcement’s prior statements here and here.In his remarks, Peikin affirmed that Enforcement will continue to prioritize COVID-19-related fraud – in particular, microcap fraud, insider trading and market manipulation, and false or misleading issuer disclosures.  Peikin also reported that investment advisers, investment companies, and broker-dealers are within Enforcement’s sights in connection with redemption and sales and marketing practices related to the pandemic.  Moreover, while acknowledging that the crisis “has had – and will continue to have – a substantial impact” on Enforcement’s operations, the Co-Director made clear that the Division intends to press ahead across all of its priority areas, whether COVID-19-related or not.

Continue reading

Six Tips for Getting Rid of Old Electronic Files, Which Reduces Cyber and Privacy Risk and Is Now a Legal Requirement for Most Companies

by Avi Gesser, Michael Bloom, Mengyi Xu, and Dr. Friedrich Popp

Much has been written recently on the increased cybersecurity and privacy risks that companies are facing. One of the most effective ways for organizations to mitigate those risks is to significantly reduce the amount of data that they collect and maintain. Having less data means that there is less sensitive information to protect from hacks or leaks which is why regulators are increasingly focused on the following data minimization requirements:

  • Collecting only the data that you actually need;
  • Using collected data only for authorized purposes; and 
  • Retaining only data that you actually need.

Companies that have failed in the third element of data minimization, effectively getting rid of old data, have recently been the subject of regulatory action. In this Data Blog post, we discuss the regulatory requirements for getting rid of old data and offer six tips for complying with this new and difficult obligation.

Continue reading

Resisting Temptation in a Crisis: Making Sure Ethics and Compliance Don’t Get Diluted Under Financial Strain

by Daniel R. Alonso, Tiffany A. Archer, Richard Bistrong, Bruce Karpati, and Katherine A. Lemire

As the pandemic crisis begins its long process of receding, near the top of mind in companies of all sizes is how to thrive, or even survive, with the economy in turmoil. With such pressures, it would be easy for business executives to let compliance issues drop down on their list of priorities. Although good compliance professionals will resist any loosening of the reins, they need to be realistic that their resources will be more limited than in the past. At the same time, compliance issues and breaches could even be worse during the pandemic and its aftermath, in light of, to cite just one example, governments’ relaxing their procurement rules to make emergency relief easier to achieve. And, once the brunt of the crisis is over, businesses will likely see spikes in sales, which could in turn lead to additional issues or breaches.

Continue reading

Using ESG Tools to Help Combat Systemic Racism and Injustice

by Adam O. Emmerich, David M. SilkSabastian V. Niles, Elina Tetelbaum, and Carmen X. W. Lu 

Events of recent weeks and months have starkly illuminated the effects of systemic racism and injustice on Black Americans, including threats to physical safety, psychological trauma and economic disparity. CEOs worldwide and across industries have spoken out, expressing their horror and outrage, as well as their resolve to do more. Companies have announced significant financial commitments; others have referred to actions to be taken, and early movers have begun to announce or amplify business-related initiatives. Institutional investors, asset owners, asset managers, private equity fund limited partners and investor groups have also begun speaking out and considering action with respect to companies in their portfolios. The question for all is how to follow through on the sentiments expressed and drive positive change: what tools are available to address systemic racism and injustice and the threats they pose, and how can those tools be used?

Continue reading