Author Archives: Emma Grover

CFPB Issues Policy Statement Taking Expansive View of “Abusive” Practices

by Susanna M. Buergel, Roberto J. Gonzalez, Brad S. Karp, Loretta E. Lynch, Elizabeth M. Sacksteder, Kannon K. Shanmugam, Alexander Beer, and O’Ryan H. Moore

Author photographs

Top row from left to right: Susanna M. Buergel, Roberto J. Gonzalez, Brad S. Karp, and Loretta E. Lynch. Bottom row from left to right: Elizabeth M. Sacksteder, Kannon K. Shanmugam, Alexander Beer, and O’Ryan H. Moore (Photos courtesy of Paul, Weiss, Rifkind, Wharton & Garrison LLP)

On April 3, 2023, the Consumer Financial Protection Bureau (“CFPB”) released a policy statement (the “Policy Statement”) outlining its broad interpretation of the “abusive” component of the prohibition on unfair, deceptive, or abusive acts and practices (“UDAAP”).[1] The Policy Statement replaces a prior statement that adopted a restrained posture towards enforcing the prohibition on abusive acts and practices, which the CFPB rescinded in March 2021.[2]

Continue reading

A Sign of the Times in SEC Cyber Enforcement

by John F. Savarese and Wayne M. Carlin

Author Photographs

From left to right: John F. Savarese and Wayne M. Carlin. (Photos courtesy of Wachtell Lipton Rosen & Katz LLP)

The SEC announced on March 9 its most recent enforcement action against a public company arising from a cybersecurity breach. In the Matter of Blackbaud, Inc. Blackbaud settled without admitting or denying the SEC’s findings. The facts of this case illustrate yet again a theme we have sounded before: as in any corporate crisis, it is critical that companies dealing with cyber breaches take adequate steps to assure that their public statements are accurate. In addition, in this case, the SEC has delivered on its programmatic goal of raising the level of corporate penalty payments.

Continue reading

The Value of Having AI Governance – Lessons from ChatGPT

by Avi Gesser, Suchita Mandavilli Brundage, Samuel J. Allaman, Melissa Muse, and Lex Gaillard

Photos of the authors

From left to right: Avi Gesser, Suchita Mandavilli Brundage, Samuel J. Allaman, Melissa Muse, and Lex Gaillard (photos courtesy of Debevoise & Plimpton LLP)

Last month, we wrote about how many companies were implementing a pilot program for ChatGPT, as a follow up to our article about companies adopting a policy for the work-related uses of generative AI tools like ChatGPT, Bard, and Claude (which we collectively refer to as “Generative AI”). We discussed how a pilot program often involves designating a small group of employees who test potential generative AI use cases, and then make recommendations to a cross-functional AI governance committee that determines (1) which use cases are prohibited and which are permitted, and (2) for the permitted use cases, what restrictions, if any, should apply.

Continue reading

Recent Exemptions From Rule 206(4)-5 Demonstrate the Importance of Strong Compliance Policies and Quick Corrective Action

by Benjamin Neaderland, Joseph M. Toner, and Thomas K. Bredar

Author photographs

From left to right: Benjamin Neaderland, Joseph M. Toner, and Thomas K. Bredar. (Photos courtesy of Wilmer Cutler Pickering Hale & Dorr LLP)

Recently, the Securities and Exchange Commission (SEC) has demonstrated its willingness to largely forgo the strict consequences of Investment Advisers Act Rule 206(4)-5 (the “Pay-to-Play Rule”) in circumstances where investment advisers can demonstrate that they have effective compliance policies and took action when confronted with a potential violation. These recent exemptive orders are the first such orders since 2020.

The Pay-to-Play Rule is intended to deter investment advisers, and their covered associates, from using campaign contributions to exert improper influence over existing or prospective investments by public sector clients. Violations of the Pay-to-Play Rule can lead to fines and prohibitions on investment advisers receiving any compensation from a government entity for two years following the date of the violative contribution.[1]
Continue reading

Proposed SEC Custody Rules for Crypto Assets

by Scott H. Kimpel

Author photograph

Scott Kimpel (Photo courtesy of Hunton Andrews Kurth LLP)

On February 15, 2023, by a 4-1 vote, the US Securities and Exchange Commission (SEC) proposed new rules regarding an investment adviser’s obligation to custody assets. Unlike the existing rules, if adopted, the new rules would apply to all crypto assets.

Currently, Rule 206(4)-2 under the Investment Advisers Act imposes various conditions on the custody of client “funds and securities,” but does not cover crypto assets unless they are also securities. Under newly proposed Rule 233-1 (which would replace Rule 206(4)-2), the revised “safeguarding” rule would cover virtually all client assets, including crypto assets, irrespective of their status as securities. Rule 233-1, like its predecessor, would also limit the universe of qualified custodians to certain banks and savings associations, broker-dealers, registered futures commission merchants, and certain foreign financial institutions.

Continue reading

FTC Continues Enforcement Focus on the Use and Disclosure of Health Information for Advertising

by Kirk J. Nahra, Ali A. Jessani, Arianna Evers, and Samuel Kane

Author photographs

From left to right: Kirk J. Nahra, Ali A. Jessani, Arianna Evers, and Samuel Kane. (Photos courtesy of Wilmer Cutler Pickering Hale & Dorr LLP.)

On Thursday, March 2, the FTC announced an enforcement action against BetterHelp, Inc., an online mental health counseling service, relating to claims that the company’s collection and use of consumer health data were unfair and deceptive acts and practices under Section 5 of the FTC Act. As part of the settlement, BetterHelp will be required to pay $7.8 million, which the FTC will use to provide partial refunds for consumers who enrolled in and paid for BetterHelp services between August 2017 and December 2020. The BetterHelp enforcement decision comes just over a month after the FTC reached a historic settlement order with another company in the healthcare space, GoodRx, for similar alleged violations.

Continue reading

Global Anti-Bribery Year-in-Review: 2022 Developments and Predictions for 2023

by Jay Holtmeier, Kimberly A. Parker, Erin G.H. Sloane, Christopher Cestaro, Meghan E. Kaler, and Caroline R. Geist-Benitez

Author photographs

From left to right: Jay Holtmeier, Kimberly A. Parker, Erin G.H. Sloane, Christopher Cestaro, Meghan E. Kaler, and Caroline R. Geist-Benitez. (Photos courtesy of Wilmer, Cutler, Pickering, Hale & Dorr LLP)

While Foreign Corrupt Practices Act (FCPA) enforcement activity has not come close to returning to the heights seen a few years ago, 2022 reflected significant increases from the prior year in both the number of cases against corporate defendants (eight vs. four) and the combined total of monetary penalties levied ($1.56 billion[1] vs. $459 million). Consistent with this upward trend of enforcement activity, the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) continue to signal that anti-corruption enforcement is a priority and to provide further detail and clarification regarding their approach to corporate enforcement. Below are the key takeaways regarding FCPA enforcement in 2022 and trends to keep in mind as we look ahead to 2023.

Continue reading

SEC Halts Cryptoasset “Staking-As-A-Service” Program Amidst Tightening Regulatory Enforcement Environment

by Kevin S. Schwartz, David M. Adlerstein, and David E. Kirk

Author photographs

From left to right: Kevin S. Schwartz, David M. Adlerstein, and David E. Kirk (Photos courtesy of Wachtell Lipton Rosen & Katz)

Late last week, the SEC filed and simultaneously settled charges against the Kraken cryptoasset exchange for failing to register as a security the offer and sale of its “staking-as-a-service” program. The complaint’s allegations against Kraken, coupled with statements by the SEC’s Chairman, indicate that the SEC may pursue staking-as-a-service programs that have features like Kraken’s as unregistered securities offerings, raising fundamental questions for a sector of the crypto-industry with assets most recently valued at $91.8 billion. This also represents the latest in a series of actions by regulators attempting to shape the status and availability of particular financial products through enforcement tools rather than prescriptive guidance that might aid market participants in adapting existing rules to novel financial products.
Continue reading

White-Collar and Regulatory Enforcement: What Mattered in 2022 and What to Expect in 2023

by John F. Savarese, David B. Anders, Ralph M. Levene, Sarah K. Eddy, Wayne M. Carlin, and Kevin S. Schwartz

(Photos courtesy of Wachtell, Lipton, Rosen & Katz) From left to right: John F. Savarese, David B. Anders, Ralph M. Levene, Sarah K. Eddy, Wayne M. Carlin, Kevin S. Schwartz.

Introduction

Each year we try in this wrap-up memo to flag the main enforcement developments that companies should be alert to in the coming year and also to identify steps companies should be taking to prepare themselves in the event of a significant white-collar or regulatory enforcement inquiry. Because policy preferences (and politics) often shape these developments, the early days of any new administration in D.C. are frequently harder to read, and teasing apart mere rhetoric from concrete changes in enforcement priorities can be challenging. But now, two years into the Biden administration, we can see some clear themes emerging: Penalties are up—way up; investigations appear to be moving a bit faster; cryptoassets and cybersecurity have become heightened risk areas; government expectations for what constitutes full cooperation have been amped up; and many new disclosure demands across a wide range of corporate activities are coming on line. At the same time, however, several time-tested verities remain firmly in place, including the need to maintain strong internal accounting controls, provide comprehensive (and frequent) training, instill a genuinely ethics-oriented tone at the top, stay vigilant in detecting internal misconduct, and react swiftly in the event problems do arise by self-remediating and self-reporting when appropriate. A company that positions itself in this way optimizes its chances not only of securing the best possible resolution in the event of criminal or civil charges but also of forcefully resisting enforcement action where warranted.

Continue reading

DOJ and FinCEN Take Coordinated Action Against Bitzlato Cryptocurrency Exchange and Its Owner

by Jessica S. Carey, John P. Carlin, Roberto J. Gonzalez, David Kessler, and Simona Xu.

Photographs of post authors

From left to right: Jessica S. Carey, John P. Carlin, Roberto J. Gonzalez, David Kessler, and Simona Xu.

On January 18, 2023, federal authorities in Miami arrested Anatoly Legkdymov, founder and majority owner of Bitzlato Ltd, a peer-to-peer, global cryptocurrency exchange registered in Hong Kong. Bitzlato had processed approximately $4.58 billion worth of cryptocurrency transactions since May 3, 2018.[1] Legkdymov was charged by a complaint in the Eastern District of New York (“EDNY”) with knowingly conducting a money transmitting business that transmitted illicit funds for ransomware actors in Russia and failing to implement an effective anti-money-laundering (“AML”) program. On the same day, the U.S. Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) issued an order pursuant to Section 9714(a) of the Combating Russian Money Laundering Act[2] — the first one of its kind — identifying Bitzlato as a “primary money laundering concern” and prohibiting U.S. financial institutions from transacting with Bitzlato, effective on February 1, 2023 (the “Bitzlato Order”).[3] Concurrently, law enforcement authorities in Europe shut down Bitzlato’s digital platform, hosted on servers in France, seized $19.5 million of its cryptocurrency assets and arrested four more Bitzlato executives in Cyprus and Spain.[4]

Continue reading