by Anat Carmy-Wiechman and Giovanni Patti
From left to right: Anat Carmy-Wiechman and Giovanni Patti (Photos courtesy of authors)
In a new report, the NYU Pollack Center for Law & Business, in collaboration with Cornerstone Research, investigated recent trends in enforcement via the Securities Enforcement Empirical Database (SEED). Below, we highlight some of the key findings.
by John F. Savarese, Wayne M. Carlin, and Carmen X. W. Lu
From left to right: John F. Savarese, Wayne M. Carlin, and Carmen X. W. Lu. (Photos courtesy of Wachtell, Lipton, Rosen & Katz).
Recently, the SEC filed a complaint against SolarWinds and its chief information security officer for fraud and internal control failures relating to the company’s cybersecurity risk and incident disclosures. The complaint alleges, among other things, that SolarWinds repeatedly overstated the strength of its cybersecurity risk management practices in its public documents and knowingly concealed critical vulnerabilities affecting its key product and business. We see four important takeaways from the allegations set forth in the SEC complaint, which are being contested by the defendants:
by Robert A. Cohen, Kendall Howell, Paul D. Marquardt, Will Schisa, Daniel P. Stipano, Charles Marshall Wilson, and Zachary Zweihorn
Top left to right: Robert A. Cohen, Kendall Howell, Paul D. Marquardt, and Will Schisa.
Bottom left to right: Daniel P. Stipano, Charles Marshall Wilson, and Zachary Zweihorn.
(Photos courtesy of Davis Polk & Wardwell LLP).
FinCEN released a proposed rule that would identify international convertible virtual currency mixing as a class of transactions of “primary money laundering concern” – a designation that would result in additional reporting and recordkeeping requirements for financial institutions for transactions involving CVC mixers.
On October 19, 2023, the Financial Crimes Enforcement Network (FinCEN) released a notice of proposed rulemaking (NPRM) that would designate transactions involving international convertible virtual currency[1] mixing (CVC mixing) as a class of transactions of primary money laundering concern.[2] Once implemented, the proposed rule would require covered financial institutions to collect and report certain details on transactions in CVC (including bitcoin and other digital assets) that the institutions know, suspect, or have reason to suspect involve CVC mixing activities outside of the United States. The NPRM is one of a series of measures that the United States Treasury Department (Treasury) has taken in recent years to target CVC mixers, which are third-party services used to anonymize cryptocurrency transactions.[3] According to Treasury, North Korea, terrorist groups, and other illicit actors have exploited CVC mixers to launder criminal proceeds and evade sanctions. FinCEN believes that the NPRM will curb the misuse of CVC mixers and facilitate law enforcement investigations into CVC transactions.
by Benjamin Gruenstein, Evan Norris, and Daniel Barabander
From left to right: Benjamin Gruenstein, Evan Norris, and Daniel Barabander. Photos courtesy of the authors
On August 23, 2023, the U.S. Attorney’s Office for the Southern District of New York announced the unsealing of an indictment against Roman Storm and Roman Semenov charging, among other things, conspiracy to operate an unlicensed money transmitting business in connection with their role as founders of Tornado Cash, from at least March 2022 until August 8, 2022.[1] A significant focus of the indictment is the “secret note” that customers used when depositing to and withdrawing from Tornado Cash, a “mixing service” that the indictment alleges “combined multiple unique features to execute anonymous financial transactions in various cryptocurrencies for its customers.” (¶¶ 1, 15, 18, 24.) However, despite allegations that the secret note was transmitted through various components of Tornado Cash that the founders controlled when a customer withdrew funds, in reality, the customer never relinquished control over the secret note. Rather, she sent only a “proof” that revealed nothing about the secret note and could only be validated by the smart contract to send funds directly from the smart contract to the customer. In this way, the founders may have exercised “necessary” control over funds, meaning that when the customer used Tornado Cash, components of the system the founders allegedly controlled may have been necessary to send the message to transfer the value in that particular transaction. However, based on our review of how the secret note worked during the period when the founders are alleged to have conspired to operate a money transmission business, the founders did not exercise “sufficient” control, meaning these components could not have transferred value independently from the customer. This is because Tornado Cash and its founders had no ability during this period to access the secret note to dictate how funds would be transferred.
This distinction between types of control is critical. Under the U.S. Department of the Treasury’s Financial Crimes Enforcement Network’s (“FinCEN”) non-binding 2019 guidance, a “money transmitter” must have “total independent control” over customer funds to qualify as such, which we interpret based on our review of the guidance to require both “necessary” and “sufficient” control.[2] Without access to a customer’s secret note, the Tornado Cash founders could not have had the requisite control over customer funds to qualify as a money transmitter under FinCEN’s 2019 guidance.[3]
by Jacquelyn M. Kasulis, Zachary S. Brez, Nick Niles, Meghan Dolan, Grace Zhu, Shruti Chandhok, Brian Benczkowski, Mark Filip, John Lausch, Kim B. Nemirow, Marcus Thompson, Asheesh Goel, Cori A. Lable, Erin Nealy Cox, and David Weiner
Top left to right: Jacquelyn M. Kasulis, Zachary S. Brez, Nick Niles, Meghan Dolan, and Grace Zhu.
Middle left to right: Brian Benczkowski, Mark Filip, John Lausch, Kim B. Nemirow, and Marcus Thompson.
Bottom left to right: Asheesh Goel, Cori A. Lable, Erin Nealy Cox, and David Weiner.
Not pictured: Shruti Chandhok.
(Photos courtesy of Kirkland & Ellis LLP)
Deputy Attorney General Lisa Monaco recently announced that the Department of Justice has adopted a new Mergers & Acquisitions Safe Harbor Policy, in remarks delivered at the Society of Corporate Compliance and Ethics’ 22nd Annual Compliance & Ethics Institute on October 4, 2023. Under the Safe Harbor Policy, acquiring companies will receive a presumption of declination of prosecution if they: (1) promptly and voluntarily disclose criminal misconduct within six months from closing of an acquisition, (2) cooperate with the DOJ’s investigation and (3) engage in timely and appropriate remediation, restitution and disgorgement. The Safe Harbor Policy, which will be applied department-wide, is a continuation of the DOJ’s efforts to incentivize voluntary self-disclosure and encourage companies to prioritize compliance.
by Sarah Pearce and Olivia Lee
From left to right: Sarah Pearce and Olivia Lee. (Photos courtesy of Hunton Andrews Kurth LLP)
On October 3, 2023, the UK Information Commissioner’s Office (“ICO”) published new Guidance on lawful monitoring in the workplace, designed to help employees comply with their obligations under the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (“DPA”).
Benjamin Calitri. Photo courtesy of Kohn, Kohn & Colapinto, LLP.
On September 8th, the SEC announced its first enforcement action against a private company for violation of Rule 21F-17(a). Rule 21F-17(a) prohibits any person from “tak[ing] any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement.” In other words, this rule prevents companies from silencing whistleblowers.
The Commission already has a strong record of enforcing this rule among public companies, but its recent $225,000 sanction against Monolith Resources marks the first time the Commission has charged a privately held company, that is not a broker or investment advisor, for violating this rule.
by Alexander C.K. Wyman, Aron Potash, and Mikaela Wynne Gilbert-Lurie
From left to right: Alexander C.K. Wyman, Aron Potash, and Mikaela Wynne Gilbert-Lurie. (Photos courtesy of Latham & Watkins LLP)
Utilities and energy companies can implement strategies to mitigate risks from more frequent environmental disasters and infrastructure failures.
In the early morning of June 11, 2023, a tanker truck carrying gasoline up I-95 in Philadelphia crashed and caught fire, and the overpass above buckled and collapsed. The section of the highway is critical to the roughly 160,000 vehicles that cross it daily. The immediate cause of the collapse is believed to be either the heat from the flames or the impact of the explosion weakening the steel beams supporting the overpass. Some, however, identified a more fundamental problem: “the fragility of the state’s aging infrastructure.”[1]
While the I-95 collapse presents a recent example of the significant risks associated with the US’s aging infrastructure, it is by no means unique. Many of the roads, bridges, dams, and electrical grids that keep the country running are decades old and often in need of repair. Infrastructure failures combined with environmental disasters can be catastrophic, and the consequences dire, for the public, the environment, and the utility or corporate entity potentially responsible for operating the failed infrastructure component. Moreover, a vicious cycle is often at work with respect to the environment and infrastructure failures in which, for example, extreme weather causes an infrastructure breakdown that in turn may result in environmental damage.
by Jonny Frank, Laura Greenman, Chris Hoyle, Michele Edwards, and Ksenia Ioffe
From left to right: Jonny Frank, Laura Greenman, Chris Hoyle, Michele Edwards, and Ksenia Ioffe. (Photos provided by the authors).
Corporate settlement agreements used to be straightforward—pay the penalty and move on.
Now, these resolutions rival complex business transactions, including months of negotiations and multi-year post-resolution obligations. Satisfying post-settlement commitments is a business imperative, not just a legal obligation. Meeting, if not exceeding obligations, helps restore brand value and improves employee and investor stakeholder confidence.
by Victor L. Hou, Joon H. Kim, Jonathan S. Kolodner, Rahul Mukhi, Hannah Rogge, Lisa Vicens, David A. Last, Matthew C. Solomon, and Jennifer Kennedy Park.
Top left to right: Victor L. Hou, Joon H. Kim, Jonathan S. Kolodner, Rahul Mukhi, and Hannah Rogge.
Bottom left to right: Lisa Vicens, David A. Last, Matthew C. Solomon, and Jennifer Kennedy Park.
(Photos courtesy of Cleary Gottlieb Steen & Hamilton LLP).
On September 1, 2023, U.S. District Judge Pamela K. Chen of the Eastern District of New York granted a judgment of acquittal in the latest FIFA bribery prosecution, holding that the federal honest services statute, 18 U.S.C. § 1346, does not cover foreign commercial bribery in light of recent Supreme Court precedent.
The decision comes after a jury convicted two defendants of honest services wire fraud and money laundering arising from the U.S. Department of Justice (“DOJ”)’s multi-year pursuit of alleged corruption in FIFA and the international soccer media industry. Judge Chen based her ruling on the Supreme Court’s recent decisions in Ciminelli v. United States and Percoco v. United States, which cabined the reach of honest services mail and wire fraud in domestic corruption prosecutions. Applying the principles articulated by these two decisions—which were issued by the Supreme Court two months after the verdict in the latest FIFA trial—Judge Chen held that honest services did not cover the foreign commercial bribery that was the object of the charged conspiracy. The DOJ may appeal, and U.S. prosecutors may still reach similar conduct under different federal statutes, like the Foreign Corrupt Practices Act (“FCPA”), the federal programs bribery statute, anti-money laundering laws, and the Travel Act, albeit with some limitations. However, the decision continues a trend of U.S. courts rejecting an overly broad reading of federal fraud and corruption statutes.