The FinCEN Files. It sounds ominous, and recalls the Panama Papers, the Paradise Papers, and others. Like those earlier stories, the FinCEN Files expose powerful players, including a large number of highly regulated banking giants.
Author Archives: Jason Kelly
California Enacts Law Requiring Public Company Boards to Include Members of Underrepresented Communities
by Alan F. Denenberg, Joseph A. Hall, Emily Roberts, Byron B. Rooney, Stephen Salmon, Ning Chiu, Betty Moy Huber, and Sarah Kirk
On September 30, 2020, California Governor Gavin Newsom signed Assembly Bill 979, which will require each NYSE and Nasdaq-listed public company with its principal executive offices in California to have at least one director from an “underrepresented community” on its board by December 31, 2021. On December 31, 2022, the minimum will be:
- three directors from underrepresented communities, if the company has nine or more directors,
- two directors from underrepresented communities, if the company has between five and eight directors, and
- one director from an underrepresented community, if the company has four or fewer directors.
It’s Time to Take Credential Stuffing Seriously
by Jeremy Feigelson, Avi Gesser, Norma Angelica Freeland, Marc Ponchione, Gregory T. Larkin, and Robert Maddox
We have recently written about the persistence of the three most common cyber attacks: Ransomware, Phishing and Business Email Compromises (BECs) and the increased regulatory scrutiny that companies face when they fall victim to these attacks. Two recent developments demonstrate that credential stuffing is yet another serious cybersecurity risk that is on the rise and has the attention of regulators. First, on September 15, 2020, New York’s Attorney General, Letitia James, announced a $650,000 settlement with Dunkin’ Donuts, stemming from a 2015 security breach that targeted almost 20,000 customers using credential stuffing. Second, on the same day, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) issued a risk alert (the “Risk Alert”) on observed best practices by registered investment advisers and broker-dealers (together, “firms”) to protect customer accounts against credential stuffing. In this client update, we will discuss the cybersecurity and regulatory risks posed by credential stuffing and several ways to mitigate these risks.
The SEC Tweaks Its Booming Whistleblower Program
by Samantha Choe, Arlo Devlin-Brown, Steven Fagell, Gerald Hodgkins, Barbara Hoffman, Nancy Kestenbaum, David Kornblau, and Mythili Raman
Last week, a divided Securities and Exchange Commission amended its whistleblower rules, hailing the changes as adding “clarity, efficiency and transparency to its successful whistleblower program.”[1] Although the agency made a large number of changes to the program, the amendments should not have a significant overall effect on SEC whistleblower activity, which we expect to continue at a high level. Continue reading
DOJ Antitrust Division Warns Civil Investigative Demand Recipients Regarding Risk of Self-Incrimination
by Sheila R. Adams, D. Jarrett Arp, Arthur J. Burke, Ronan P. Harty, Jon Leibowitz, Christopher Lynch, Mary K. Marks, Suzanne Munck af Rosenschold, Howard Shelanski, and Jesse Solomon
The Department of Justice (“DOJ”) Antitrust Division recently updated its Civil Investigative Demand (“CID”) forms and deposition procedures to provide clear notice to CID recipients and deponents that the evidence they provide during the course of an investigation may be used by the DOJ in “unrelated” cases or proceedings.
This highlights the risk of “spin off” investigations—including criminal investigations—if a party produces evidence of other violations (such as communications or coordination among competitors) during an investigation.