Author Archives: Cara Ortiz

Biden Administration Expands Cybersecurity Requirements for Government Contractors that Are Likely to Have a Broad Impact on the Private Sector

by David Bitkower, David Robbins, Shoba Pillay, Aaron Cooper, and Tali Leinwand

An Executive Order released by the Biden administration last month (the Cybersecurity EO) seeks to bolster the federal government’s cybersecurity defenses and resilience by imposing a variety of requirements on federal agencies and government contractors that are likely to have spillover effects in the private sector.[1] While many federal agencies and contractors already abide by existing agency-specific cybersecurity measures, the Cybersecurity EO establishes additional criteria to ensure that all information systems used or operated by federal agencies “meet or exceed” the cybersecurity requirements set forth in the Cybersecurity EO.[2] In particular, the Cybersecurity EO will directly affect companies that provide information technology (IT) and operational technology (OT) services, cloud computing software, and other technology to the federal government. In turn, the private sector, even when not servicing the federal government, is expected to see a renewed emphasis on security requirements and assessment standards.  

Continue reading

Germany: Mandatory Human Rights Due Diligence

by Samantha J. Rowe, Patricia Volhard, Philipp von Holst, Jin-Hyuk Jang, Christina Heil, Merryl Lawry-White, and Jan Schoberwalter

The German government has adopted a draft human rights due diligence regulation, the so-called Supply Chain Act (Lieferkettengesetz) (the “Act”), aimed at ensuring companies’ compliance with human rights with respect to their business activities throughout their global supply chains. The draft act is scheduled to enter into force in 2023 and will initially apply to companies with more than 3,000 employees.

Continue reading

Central Bank of Ireland Fines Ulster Bank Ireland €37.7 Million for Serious Customer Mistreatment

by Jonathan J. Rusch

As a rule, financial institutions recognize the need to maintain effective compliance with laws that carry criminal sanctions, such as bribery and corruption, fraud, and money laundering.  Yet even a well-managed financial institution, otherwise committed to compliance, can expose itself to significant liability if it engages in sales practices that systematically mistreat its customers.

Although the Wells Fargo cross-selling scandal[1] has been the most prominent example of such misconduct, a recent enforcement action by the Central Bank of Ireland indicates that other financial institutions can be similarly capable of systematic customer mistreatment.  On March 23, the Central Bank of Ireland reprimanded Ulster Bank Ireland DAC (UBID) and fined it €37,774,520 for “serious failings in the treatment of its tracker customers holding 5,940 mortgage accounts between August 2004 and April 2020.”[2]  This post will review the background of the Central Bank’s investigation of UBID and the elements of the fine and reprimand that it imposed, and identify lessons to be learned from the UBID action.

Continue reading

Likely Policy Priorities of the Gensler SEC

by Kara Brockmeyer, Andrew Ceresney, Arian June, Robert Kaplan, Julie Riewe, Jeff Robins, Jonathan Tuttle, Charu Chandrasekar, and Amy Aixi Zhang

Gary Gensler was confirmed on April 14 in a 53-45 vote as Chair of the Securities and Exchange Commission (“SEC”).

Before his confirmation, Chair Gensler testified before the Senate Committee on Banking, Housing and Urban Affairs (“Banking Committee”) on Tuesday, March 2, 2021. Several key themes emerged in Chair Gensler’s testimony that signaled some of his likely policy priorities and directions for future initiatives at the agency.

Chair Gensler’s opening statement[1] and responses to questions provided perspective on three major policy themes: (1) the SEC’s potential role in using its disclosure, examination and enforcement authority to advance environmental, social and governance (“ESG”) and political spending priorities of the Democratic Party and Biden Administration; (2) market structure reforms, particularly in the equity markets in the wake of the WallStreetBets-related market volatility (though market structure reform more broadly will be a priority); and (3) digital asset and financial technology, and in particular, the regulation of cryptocurrency and new technologies.

Continue reading

DOJ Reverses Course on Definition of “Property” for Fraud on Blaszczak Remand, Leaving Statutory Action the Only Likely Hope for Insider Trading Reform—For Now

by Brooke Cucinella, Stephen M. Cutler, Sarah L. Eichenberger, Nicholas S. Goldin, Joshua A. Levine, Michael J. Osnato, Jr., and Jonathan S. Kaplan

On January 11, 2021, based on the consent—and indeed, at the request of the Department of Justice (“DOJ”)—the Supreme Court vacated and remanded the Second Circuit’s decision in United States v. Blaszczak. Blaszczak was the controversial 2-1 decision that arguably heightened (some say unfairly) the risk of criminal insider trading prosecution by upholding the multi-count convictions of the defendants for, at bottom, illegally trading while in possession of information stolen from the government. The Supreme Court agreed, remanding to the Second Circuit to reconsider its decision in light of the Court’s intervening decision in Kelly v. United States. Kelly overturned the convictions that had stemmed from New Jersey’s infamous BridgeGate scandal by finding that, in that case, the government information at issue was not “property” as would have been required to sustain a conviction under the wire fraud theory, and that while “allocating lanes” on the bridge required “the time and labor of Port Authority employees,” those expenditures were “incidental” to “run-of-the-mine exercise of regulatory power,” rather than a misappropriation of government property.[1]

Continue reading

Compliance Implications of the Government’s Pursuit of Information

by Veronica Root Martinez

For the past several years, I have been working on a set of projects aimed at strengthening ethics, compliance, and governance programs and processes within corporations.  At the outset of my research, I sought to identify possible ex ante incentives to address corporate misconduct or compliance failures. I then turned to how best to engage in root-cause analysis after a compliance failure occurred, and I next focused on internal governance mechanisms that seemed to contribute to significant and widespread compliance failures. 

In this blog post, I will briefly outline the project to-date and then turn to the most-recent addition to this body of work, which again focuses on ex ante incentives for firms to engage in the creation and implementation of effective ethics and compliance programs. 

Continue reading

Three Key Takeaways from the DOJ Fraud Section’s 2020 Annual Report

by Andrew Weissmann and Tali R. Leinwand

Last week, the Fraud Section, part of the U.S. Department of Justice’s (DOJ’s) Criminal Division, released its annual year-in-review report.[1] In this post, we highlight three key takeaways from the 2020 report.

Continue reading

Tips for Creating a Sensible Cybersecurity and AI Risk Framework for Critical Vendors

by Avi Gesser, Anna Gressel, Zila Reyes Acosta-Grimes, and Michael Bloom

Companies face increasing cybersecurity and AI risk from third-party vendors. Cybersecurity risks arise when companies share sensitive personal data or company information with their vendors or when their vendors have direct access to the company’s information systems. Companies using AI technology that is developed by a vendor can also face risk if the AI behaves unexpectedly, and that results in negative impacts including on critical business operations. In recognition of these kinds of third-party data risks, on October 30, 2020, federal banking agencies—including the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency (“OCC”) and the Federal Deposit Insurance Corporation (“FDIC”)—released a joint paper (the “Joint Paper”) outlining sound practices designed to help banks increase operational resilience.

Continue reading

With Lava Jato Closing Up Shop, What Comes Next?

by Sean Hecker, Marshall Miller, and Ana Frischtak

The largest criminal investigation in Brazil’s history – and perhaps this century’s most important anti-corruption investigation worldwide – came to a close last week.  Operation “Lava Jato” (“Car Wash,” in English) was launched by the Curitiba[1] branch of the Brazilian Federal Police in 2014, (later known as the Curitiba Task Force).[2]  The Operation, which drew its name from a car wash in Brasília where one of the targeted criminal organizations laundered illicit funds, uncovered a widespread, complex, and unprecedented web of corruption implicating Brazil’s giant state-owned oil company, Petrobrás, public officials, and Brazil’s largest construction companies in a sweeping contracts-for-kickbacks scheme. Operation Lava Jato ultimately expanded to expose bribery and graft in numerous other industries, involving dozens of politicians and government officials, and an almost countless number of companies, both Brazilian and multinational.

Continue reading

New Directions on U.S. Sanctions

by Rachel K. AlpertJulian J. Ginos, and Rebecca Fate

Last month’s confirmation hearings for Treasury Secretary Janet Yellen and Secretary of State Antony Blinken have shed more light on the Biden administration’s approach to key sanctions programs. At a high level, human rights considerations are expected to loom larger in sanctions strategy going forward. Other systemic changes may be afoot as well; Yellen plans to direct Adewale Adeyemo, the nominee for Deputy Treasury Secretary, to conduct an overall review of U.S. sanctions policy, and the Biden administration has also ordered a review of sanctions as possible hindrances to COVID-19 response efforts. Below are seven areas of interest along with key takeaways thus far.

Continue reading