Author Archives: eav8207

Recalibrating Compliance Programs Under Trump 2.0

by Adam Siegel, Eric Bruce, Daniel Cendan, and Emmeline Chen

Photos of the authors

Left to right: Adam Siegel, Eric Bruce, Daniel Cendan, and Emmeline Chen (photos courtesy of authors)

Nearly two months into his second presidential term, President Trump and his Administration have engaged in a flurry of activity, issuing over 80 executive orders (EOs), 20 memoranda, and a dozen proclamations, as well as making personnel adjustments and redeploying various federal resources.  Together with his Cabinet members, President Trump has sought to swiftly roll out policy initiatives, many of which reflect a significant change in course from the United States’ prior approaches and create uncertainty and new risks across multiple sectors.  

Continue reading

White-Collar and Regulatory Enforcement: What Mattered in 2024 and What to Expect in 2025

by David B. Anders, Sarah K. Eddy, Kevin S. Schwartz, Randall W. Jackson, Ralph M. Levene, Michael W. HoltAline R. Flodr, and John F. Savarese

Photos of authors

Top left to right: David B. Anders, Sarah K. Eddy, Kevin S. Schwartz, Randall W. Jackson.
Bottom left to right: Ralph M. Levene, Michael W. Holt, Aline R. Flodr, John F. Savarese. (Photos courtesy of authors)

As we write this memorandum, President Trump’s second administration is forming in Washington, with new leadership teams being appointed at DOJ, the SEC and across other regulatory and law-enforcement agencies.  In 2017, when President Trump first took office, we avoided predicting what the administration’s significant white-collar and regulatory enforcement priorities and policies might be in the absence of noteworthy signals from President Trump or his nominees and in light of the then slow pace of leadership confirmations. Eight years later, however, the lessons from President Trump’s first administration, as well as the track record and statements from his recent nominees and closest advisors, offer some insights into the new administration’s likely enforcement priorities.  Given that, we have some thoughts on what to expect from President Trump’s second term:

Continue reading

FTC’s Consent Order Against Marriott: Expectations for Reasonable Security

by Erez LiebermannJim PastoreChristopher S. FordMichael BloomMengyi XuAchutha Raman, and Michelle Shen  

Photos of the authors

Top left to right: Erez Liebermann, Jim Pastore, Christopher S. Ford, Michael Bloom.
Bottom left to right: Mengyi Xu, Achuta Raman and Michelle Shen. (Photos courtesy of the authors.)

Introduction

On December 20, 2024, the Federal Trade Commission (the “FTC”) finalized a consent agreement (“Consent Order”) with Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC (collectively, “Marriott”) to settle allegations that Marriott failed to implement reasonable data security measures, resulting in three large data breaches from 2014 to 2020 and affecting more than 344 million customers worldwide. With obligations extending 20 years, the Consent Order requires Marriott to, among other remedial steps, implement a comprehensive information security program (“ISP”) with prescribed security measures, the effectiveness of which will be subject to a third-party independent biennial assessment. Key elements of the required ISP include multi-factor authentication (“MFA”), encryption, asset inventory, written documentation, and vulnerability and patch management. The final Consent Order is materially identical to the proposal announced on October 9, 2024.

Continue reading

Executive Order Seeks to Impose False Claims Act Liability for Federal Contractors’ DEI Programs

by David W. Ogden, Christopher E. Babbitt, Matthew D. Benedetto, Davina Pujari, Karin Dryhurst, Kevin Lamb and Carrie M. Montgomery

Photos of the authors

Top left to right: David W. Ogden, Christopher E. Babbitt, Matthew D. Benedetto, Davina Pujari. Bottom left to right: Karin Dryhurst, Kevin Lamb, Carrie M. Montgomery. (Photos courtesy of authors)

On January 21, 2025, President Trump issued an executive order titled “Ending Illegal Discrimination and Restoring Merit-Based Opportunity” (the Order), which seeks to eliminate diversity, equity, and inclusion (DEI) policies and programs across the the federal government and within private industries that do business with the federal government.[1] Part of a broader suite of DEI-related executive actions,[2] the Order reverses federal contracting requirements—dating back nearly 60 years—that obligated federal contractors and subcontractors to implement affirmative action programs, and it imposes new requirements targeted at organizations with DEI programs.[3] This alert summarizes the Order’s application to federal contractors and grant recipients, including its potentially significant implications under the False Claims Act (FCA).

Continue reading

SEC Charges Investment Adviser – Signaling Importance of Accurate Disclosure of AML Procedures

by Joel Cohen, Tami Stark, Claudette Druehl, Marietou Diouf, and Jason Ho

Photos of the authors

Left to right: Joel Cohen, Tami Stark, Claudette Druehl, Marietou Diouf and Jason Ho (Photos courtesy of the authors)

The U.S. Securities & Exchange Commission (“SEC”) recently announced settled charges against an investment adviser for misrepresentations regarding its anti-money laundering (“AML”) procedures and compliance failures.[1]  As we outlined in our recent client alert, investment advisers will be required by the Financial Crimes Enforcement Network (“FinCEN”) to implement an AML program by January 1, 2026.  This SEC action does not shed new light on the scope of SEC jurisdiction over AML.  Instead, it serves as a reminder that if an investment adviser says it is voluntarily complying with AML due diligence laws by conducting AML due diligence, it needs to do so.  An investment adviser must also accurately describe its AML program once the anticipated AML requirement for investment advisers commences.

Continue reading

Use of Artificial Intelligence in CFTC-Regulated Markets

by Marc Gilman

Photo of the author

Photo courtesy of the author

On December 5, 2024, the U.S. Commodity Futures Trading Commission (the “CFTC,” or the “Commission”) staff issued an advisory related to the use of artificial intelligence (“AI”) by CFTC-registered entities and registrants (the “Advisory”). In tandem, two CFTC representatives – Chairman Rostin Behnam and Commissioner Kristin N. Johnson – released statements supporting the Advisory and offering thoughts about the current and future implications of AI on CFTC registrants. This blog post will summarize the contents of the Advisory as well as the related statements of the CFTC representatives to collect a set of practical considerations for designing CFTC compliance programs to meet evolving regulatory expectations for the use of AI. 

Continue reading

CFPB Issues Final “Open Banking” Rule Requiring Covered Entities to Provide Consumers Access and Transferability of Financial Data

by Jarryd Anderson, Jessica S. Carey, John P. Carlin, Roberto J. Gonzalez, Brad S. Karp, and Kannon Shanmugam

Photos of authors

Top Left to Right: Jarryd Anderson, Jessica Carey, and John Carlin. Bottom Left to Right: Roberto Gonzalez, Brad Karp, and Kannon Shanmugam. (photos courtesy of Paul Weiss)

On October 22, 2024, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) published a 594-page Notice of Final Rulemaking for its “Personal Financial Data Rights” rule, commonly known as the “Open Banking” rule, which will require covered entities—generally, providers of checking and prepaid accounts, credit cards, digital wallets, and other payment facilitators—to provide consumers and consumer-authorized third parties with access to consumers’ financial data free of charge.[1] Covered entities are required to comply with uniform standards to provide access to this financial data through consumer and developer interfaces.[2] The rule imposes requirements on authorized third parties (such as fintechs), as well as data aggregators that facilitate access to consumers’ data, including required disclosures to consumers regarding the third parties’ use and retention of the requested data and a requirement that the data only be used in a manner reasonably necessary to provide the requested product or service (thus foreclosing selling the data or using it for targeted advertising or cross selling purposes).[3]

Continue reading

Trust, But Verify…Therein Lies the Rub: A Fresh Look at Audits of Export Controls Compliance Programs

by Brent Carlson and Michael Huneke

Photos of the authors

Left to right: Brent Carlson and Michael Huneke (Photos courtesy of the authors)

Export controls have risen to a top corporate compliance priority in recent years, and now even pose enterprise risk for many companies.[1] The combination of new rules and enforcement signals from the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) and increasing bipartisan congressional scrutiny, means that in-house legal and compliance teams face enormous challenges. New, innovative tools and techniques are necessary to stay ahead of the game, and this includes making upgrades to keep a company’s audits effective.

Continue reading

Irish Regulator Fines LinkedIn 310 Million Euros for GDPR Violations

by David Dumont and Tiago Sérgio Cabral

Photos of the authors

Left to right: David Dumont and Tiago Sérgio Cabral (Photos courtesy of the authors)

On October 24, 2024, the Irish Data Protection Commission (the “DPC”) announced that it had issued a fine of €310 million (approx. $335 million) against LinkedIn Ireland Unlimited Company (“LinkedIn”) for breaches of the EU General Data Protection Regulation (“GDPR”) related to transparency, fairness, and lawfulness in the context of the company’s processing of its users’ personal data for behavioral analysis and targeted advertising. In addition to the fine, the DPC also issued a reprimand and an order to bring processing into compliance.  

Continue reading

Click to Cancel: The FTC’s Amended Negative Option Rule and What it Means for Your Business

by Julia Solomon Ensor 

Federal Trade Commission

The FTC has long regulated negative options through the Negative Option Rule and strategic enforcement actions. Recently, the FTC built on that work by announcing a set of common-sense revisions to the Negative Option Rule, now known as the Rule Concerning Recurring Subscriptions and Other Negative Option Programs. The revisions are designed to protect people from misleading enrollment tactics, billing practices, and cancellation policies, and provide businesses with clear rules of the road, all consolidated in one place, to help them build customer trust and avoid enforcement action.

Continue reading