As we have discussed here previously, the coronavirus outbreak has driven many companies further into the digital workplace, putting new strains on information technology systems and related privacy and security compliance controls. Despite these burdens on companies, few regulators have offered relief from their privacy and security requirements. As detailed below, while the Securities Exchange Commission (“SEC”), the Department of Health and Human Services (“HHS”), and the New York Department of Financial Services (“NYDFS”) are offering some relief from regulatory requirements, the broader trend is for regulators on both sides of the Atlantic to maintain, and even heighten, data privacy and security compliance expectations. Continue reading
Author Archives: Felix Zhang
BSA/AML and KYC in a Crisis: Supervisors Provide Guidance as Financial Institutions Respond to the COVID-19 Pandemic
by Satish M. Kini, David G. Sewell, Zila Reyes Acosta-Grimes, Isabel Espinosa de los Reyes, Robert T. Dura, and Jonathan R. Wong
As the COVID-19 pandemic continues to unfold, the U.S. Congress, Treasury Department and Federal Reserve have taken extraordinary measures that would have been unimaginable just weeks ago in an attempt to stabilize the U.S. economy. Financial institutions are on the front lines of many of the new programs and are otherwise taking steps to support customers and communities affected by the crisis—while also protecting their employees through remote work arrangements and other measures.
Meeting obligations under the Bank Secrecy Act (the “BSA”) and associated anti-money laundering (“AML”) regulations—as well as supervisory know your customer (“KYC”) expectations—is challenging under ordinary circumstances and even more so in these conditions. Regulators have begun to offer guidance regarding their BSA expectations in these challenging circumstances. We highlight and summarize relevant developments below. Continue reading
When Whistleblowers Call: Planning Today for Employee Complaints During and After the COVID-19 Crisis
by Lee Dunst, Jessica Brown, Daniel Weiss, Daniel Rauch, and Peter Baumann
The COVID-19 pandemic has caused unprecedented global economic turmoil and disruption. There are daily reports of massive employee layoffs across all segments of the economy, and millions of people are suddenly out of work. Federal and state governments have stepped in with numerous new, patchwork and ill-defined programs, rules and regulations to address the unemployment crisis and related effects. This is all reminiscent of the days after 9/11 and the 2008 Great Recession. And if what’s past is prologue, companies should expect that current and former employees will unleash an onslaught of allegations about company misconduct, both COVID-19-related and otherwise. Indeed, government regulators and the plaintiffs’ bar are already publicizing various reporting mechanisms for disgruntled employees seeking to raise such claims.
In this context, increased whistleblower complaints are inevitable. While most companies already have policies and processes in place to address those complaints, it is no longer business as usual. Existing programs likely do not account for a displaced and remote workforce, rapid and substantial employee layoffs and furloughs, ongoing work in an environment where health and safety are at the forefront, or any of the countless other disruptions that COVID-19 has caused to a company’s operations. Yet with so many immediate and pressing issues to address during these challenging and unprecedented times, it is understandable that evaluating and updating a company’s whistleblower action plan may not be seen as a mission-critical task. Inaction, however, could have detrimental effects that last long after the pandemic has been contained and the economy has begun to recover. Continue reading
Accountability and Enforcement Under the CARES Act: What to Expect from the Act’s Oversight Provisions
by Joon H. Kim, Jonathan S. Kolodner, Elizabeth Vicens, and Natalie Noble
On Friday, March 27, 2020, the Coronavirus Aid, Relief, and Economic Security Act (PDF: 472 KB) (“CARES Act”) became law, marking the third phase of government aid to combat the COVID-19 pandemic. This $2 trillion stimulus package, the largest in American history, will be accessed by wide swaths of the economy, with similarly widespread potential for fraud. Consequently, the accountability and oversight provisions built into the CARES Act, especially of the $500 billion corporate relief fund, warrants attention. Taking its cue from—and seemingly modeled after—the 2008 Troubled Asset Relief Program (“TARP”), the CARES Act establishes a three-part oversight structure, including a Special Inspector General for Pandemic Recovery (“SIGPR”) with far-reaching authority to monitor the $500 billion fund. Based on the experience with TARP oversight and the enforcement actions taken by the Special Inspector General of TARP (“SIGTARP”) over the years, we can expect a high level of scrutiny by SIGPR and the other overseers, as well as potentially years of investigations into fraud and misuse of CARES Act funds resulting in substantial monetary penalties and criminal referrals. Continue reading
How the SEC Enforcement Division Responds to a Crisis
by Martine M. Beamon, Robert A. Cohen, Joseph A. Hall, Gary Lynch, Neil H. MacBride, Stefani Johnson Myrick, Paul J. Nathanson, Annette L. Nazareth, Linda Chatman Thomsen, and Kenneth L. Wainstein
As markets react to the spread of the coronavirus (COVID-19), the SEC has expressed its intent to respond proactively to the impact the crisis has had on capital formation, secondary trading, and investors. Risks can become heightened during a market downturn, and we expect that the Enforcement Division will concentrate resources on certain types of investigations, including potential: (1) material misrepresentations and omissions about the impact of the coronavirus on public companies and investment products; (2) trading based on material nonpublic information about changes in the financial performance of public companies; (3) errors in the operation of trading platforms being stressed by high trading volume and volatility; (4) misuse of investor assets, and (5) frauds seeking to take advantage of investor anxiety. In the coming weeks and months, public companies should be vigilant regarding their disclosure practices and management of material, nonpublic information, and industry professionals similarly should be cautious when describing the impact of the pandemic on their investment services and products. Continue reading
COVID-19: Three Data Protection Tips for the EU and the UK
by Jeremy Feigelson, Avi Gesser, Jane Shvets, Ariane Fleuriot, Fanny Gauthier, Robert Maddox, and Dr. Friedrich Popp
As businesses adapt to the COVID-19 pandemic, the challenges of managing a remote workforce and its desire for information about the virus’s impact have significant data protection implications. While European Data Protection Board (“EDPB”) guidance (PDF: 211 KB) confirms that the GDPR should not impede the fight against the pandemic, even in these exceptional times, companies must continue to safeguard individuals’ data protection rights.
We share here our top three tips for those who oversee data protection compliance, drawing on guidance from the EDPB (PDF: 211 KB), UK, French, German, and Irish supervisory authorities. Links to other authorities’ guidance are accessible here. Continue reading
FCPA Litigation Update: DOJ Theories on Unit of Prosecution and Agency Tested, to Mixed Results
by Ronald Machen, Kimberly Parker, Jay Holtmeier, Erin Sloane, Chavi Keeney Nana, Cadene Brooks, and Kelsey Quigley
Two recent rulings in separate foreign bribery cases highlight the continued impact of individual prosecutions on the interpretation of various provisions of the Foreign Corrupt Practices Act (FCPA). In United States v. Coburn, the government prevailed in its interpretation of the proper “unit of prosecution,” while a recent district court ruling in United States v. Hoskins further constrained the Department of Justice’s (DOJ) ability to prosecute foreign nationals acting outside of the United States. Where higher courts land on the outcome of both of these questions could impact the DOJ’s FCPA charging strategies going forward. Continue reading
How Final CFIUS Regulations Will Impact Technology Companies and Investors
by Les P. Carnegie, John H. Chory, Benjamin A. Potter, Rachel K. Alpert, and Erica S. Koenig
On February 13, 2020, two Final Rules published by the US Treasury Department implementing changes to the foreign investment review process administered by the Committee on Foreign Investment in the United States (CFIUS) became effective. The Final Rules include provisions pertaining to certain investments in the United States by foreign persons (PDF: 479 KB), as well as provisions pertaining to certain transactions by foreign persons involving real estate in the United States (PDF: 406 KB). This post provides an overview of the areas of the Final Rules that may affect technology companies and their investors.[1]
Continue reading
Edgewell/Harry’s Merger – A Cautionary Tale
by Frank Aquila, Renata Hesse, Steven Holley, Matthew Hurd, Eric Krautheimer, Scott Miller, Melissa Sawyer, and Krishna Veeraraghavan
On February 10, 2020, Edgewell Personal Care Co. (“Edgewell”) announced that it would abandon its $1.37 billion acquisition of Harry’s Inc. (“Harry’s”), after the Federal Trade Commission (“FTC”) sued to block the deal. Both Edgewell and Harry’s sell razors. While Edgewell is a longstanding incumbent in the industry through its Schick and Wilkinson Sword brands, Harry’s began in 2013 as a direct-to-consumer (“DTC”) retailer and expanded into retail outlets in 2016. Edgewell also announced that it anticipates litigation with Harry’s following Edgewell’s decision to terminate the merger agreement.
The FTC challenge demonstrates that it is closely scrutinizing acquisitions that may eliminate successful market disruptors, particularly in concentrated industries. The challenge also illustrates that statements executives make to investors while a deal is pending can significantly influence the merger clearance process. For private equity and venture investors, the case highlights that antitrust risks may limit available exit strategies for those pursuing investments in disruptive start-ups.
Finally, the threat of Harry’s filing a lawsuit against Edgewell provides a reminder that litigation between former merger partners does occur. Prospective acquirers should keep the possibility of litigation in mind when negotiating merger agreement provisions, and exhibit particular care towards provisions that govern the parties’ obligations in the event of an extended regulatory review or challenge. Continue reading
Wells Fargo Reaches Resolutions with DOJ and SEC for $3 Billion, Agrees to a Deferred Prosecution Agreement
by Jessica S. Carey, Michael E. Gertzman, Roberto J. Gonzalez, Brad S. Karp, and Sofia D. Martos
On February 21, 2020, Wells Fargo & Company and its subsidiary, Wells Fargo Bank, N.A. (collectively, “Wells Fargo”), entered into resolutions with the Department of Justice (“DOJ”) and the Securities and Exchange Commission (the “SEC”) requiring Wells Fargo to pay a combined $3 billion in penalties in connection with its improper sales practices. Of this amount, $500 million would be received by the SEC for distribution to harmed investors. Specifically, Wells Fargo entered into:
- a three-year Deferred Prosecution Agreement (the “DPA”) with DOJ, in which it admitted to two criminal violations—creating false bank records and identify theft;[1]
- a settlement agreement with DOJ that resolves civil claims under the Financial Institutions Reform, Recovery and Enforcement Act of 1989 (“FIRREA”) based on the false bank records conduct;[2] and
- a cease-and-desist order with the SEC[3] to settle allegations that it misled investors about the “success of its core business strategy at a time when it was opening fake accounts for unknowing customers and selling unnecessary products that went unused.”[4]