Author Archives: Julie Copeland

The Second Circuit’s Decision in Hoskins and a Possible Legislative Response

Does the Foreign Corrupt Practices Act of 1977 (“FCPA”) empower the U.S. to prosecute an individual for foreign bribery if the bribes benefit a U.S. firm but the person is a foreign national employed by a foreign entity who does nothing in the furtherance of the crime while in U.S. territory? That was the central question in U.S. v. Hoskins, an appeal recently decided by the Second Circuit (Hoskins II). Cases like this will often turn on whether the individual qualifies as an “agent” of the U.S. firm, which can be a difficult question. The objectives of anti-bribery law would be better served if the statute were amended to focus on other factors. 

The Second Circuit’s decision arose from the prosecution of Lawrence Hoskins, a U.K. national employed by the U.K. subsidiary of Alstom S.A., a multinational company headquartered in France, between 2001 and 2004. Hoskins was assigned to work in Alstom’s French subsidiary in a department charged with supporting other units of the organization. His formal responsibilities included oversight of operational units’ selection of third party consultants and approval of key commercial terms of those consultants’ engagements  In a 2013 indictment the U.S. government alleged that Hoskins helped employees of other Alstom subsidiaries, including a U.S. subsidiary we can refer to simply as API, engage local consultants to pay bribes to obtain a contract to build a power plant in Indonesia. The indictment included substantive FCPA and money laundering charges as well as related conspiracy charges. The central question was whether the FCPA covered Mr. Hoskins’s activities. The FCPA’s anti-bribery provisions apply to 1) issuers of securities registered in the U.S., 2) “domestic concerns” (basically, U.S. firms, nationals or residents) that are not issuers, 3) people other than issuers or domestic concerns who engage in prohibited activity while in U.S. territory, and 4) officers, directors, employees, agents and, in certain cases, shareholders of the first three types of actors. A foreign individual who does not commit any relevant act in U.S. territory is only covered under the fourth category. However, the U.S. Department of Justice has long taken the position that such individuals can also be prosecuted for conspiring to violate or aiding and abetting a violation of the FCPA. Continue reading

Ukraine Sanctions Crippling Russia in Short and Long Term

by Jonathan Rusch

Since the Russian invasion of Ukraine on February 24, a variety of Western governments, including the United States, the United Kingdom, and the European Union (EU), have imposed an ever-increasing array of sanctions against Russian President Vladimir Putin, senior members of his government, state-owned enterprises, and numerous oligarchs.[1]

In the first several weeks of the war, a number of commentators were dubious about the sanctions’ effectiveness. For example, not even three weeks after the invasion, two economic analysts concluded, without citing specific data, that “there is not the slightest evidence that Moscow will change course and ‘rehabilitate’ itself in the eyes of the West.”[2]

As the war has continued through the summer, other commentators have been concluding, with varying degrees of enthusiasm, that the sanctions are effective.  Their observations range from the reserved (i.e., “the sanctions [are] starting to bite”[3])  to the triumphal (i.e., the sanctions “are hitting Vladimir Putin and his accomplices hard”[4]).  But these commentaries, too, generally lack specific and detailed empirical analysis.  In fairness, it should be noted that – as University of Michigan Professor Paolo Pasquariello has written – “assessing the effect of sanctions . . . on the desired outcome is challenging for any social scientist”, especially in the absence of a counterfactual (i.e., what would have happened in Ukraine if sanctions had not been imposed on Russia).[5]

Continue reading

Fed Imposes New Roadblock on Banks’ Crypto Activities

On August 16th, 2022, the Fed announced a new procedural requirement for banks seeking to engage in crypto activities. Going forward, a bank must provide formal notice to its lead supervisory contact at the Fed “prior to engaging in any crypto-asset-related activity.” This notice requirement applies to all bank holding companies, savings and loan holding companies, and state-chartered member banks. The term “crypto-asset-related activity” includes, at a minimum, crypto-asset safekeeping and traditional custody services, ancillary custody services, facilitation of customer purchases and sales of crypto-assets, loans collateralized by crypto-assets, and issuance and distribution of stablecoins.

Continue reading

Financial Institutions M&A 2022: Navigating Challenges, Realizing Opportunities

by Edward D. Herlihy, David S. Neil, Richard K. Kim, Lawrence S. Makow, Jeannemarie O’Brien, Nicholas G. Demmo, David E. Shapiro, Joshua M. Holmes, Matthew M. Guest, Mark F. Veblen, Brandon C. Price, Jacob A. Kling, Raaj S. Narayan, Rosemary Spaziani, David M. Adlerstein, Amanda K. Allexon, Lori S. Sherman, Eric M. Feinstein, Steven R. Green, Meng Lu, Amanda K. Toy, Matthew T. Carpenter, Kwon-Yong Jin, and Emily J. Hantverk.

Bank M&A surged in 2021 with total deal value reaching approximately $78 billion, its highest level since 2006, including 13 deals announced with values above $1 billion. Deal activity was driven by consolidation among large regional banks, continuing a trend that was kickstarted by the BB&T/SunTrust merger in 2019 and picked up steam in late 2020 with significant acquisitions by PNC and Huntington. Ironically, the pandemic in some ways provided a stimulus for bank mergers by prolonging low interest rates and slowing loan growth while massive government relief programs bolstered credit quality and increased deposits. At the same time, stay-at-home measures spurred a customer migration from branches to mobile platforms and accelerated increased competition from financial technology companies, necessitating increased investment in technology, often facilitated by greater scale. These combinations illustrated the increasing importance of scale and accelerating digital and technological investment and the significant synergies and value creation that a well-planned and executed strategic merger can create for shareholders and other constituencies on both sides of a transaction.
Continue reading

Delaware and Caremark: An Update

by Theodore N. Mirvis, David A. Katz, and Sebastian Niles.

Recent Delaware decisions have reminded boards of directors of the obligation to make a good faith effort to put in place a compliance system designed to help ensure that their companies operate within the bounds of the law and that their products, services, and operations do not cause harm to consumers, community members, or the environment. That duty —famously associated with the Delaware Court of Chancery’s 1996 decision in Caremark — is a core responsibility of independent directors, working in concert with company management, that requires them to make a good faith effort to identify the key compliance risks the company poses to others and faces itself, and to put in place a reasonable oversight structure to address them.
Continue reading

NYDFS Proposes Significant Changes to Its Cybersecurity Rules

by Luke Dembosky, Avi Gesser, Erez Liebermann, Jim Pastore, Charu A. Chandrasekhar, H. Jacqueline Brehmer, Michelle Huang, and Mengyi Xu.

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) released Draft Amendments to its Part 500 Cybersecurity Rules, which include a mandatory 24‑hour notification for cyber ransom payments, annual independent cybersecurity audits for larger entities, increased expectations for board expertise, and tough new restrictions on privileged accounts. There will be a very short 10-day pre-proposal comments period (ending August 8, 2022), followed by the publishing of the official proposed amendments in the coming weeks, which will start a 60-day comment period.
Continue reading

SEC Civil Insider Trading Case Has Broader Repercussions for Cryptoasset Market

by Kevin S. Schwartz, Rosemary Spaziani, David M. Adlerstein, David E. Kirk, and I. Andrew Mun.

On July 21st, the U.S. Attorney’s Office for the Southern District of New York criminally charged three individuals, including a former employee of the cryptoasset exchange Coinbase, with wire fraud in connection with alleged trading of particular cryptoassets ahead of Coinbase’s public announcement that it would make a market in them. In a parallel action, the SEC brought civil insider trading charges against the same individuals, asserting that their trades violated Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5. The criminal action itself is notable as the first insider trading case involving cryptocurrency markets, but it does not address the legal status of the traded cryptoassets. The SEC’s civil action, however, expressly asserts that at least nine of the cryptoassets at issue are securities that are subject to the federal securities laws.
Continue reading

The Digital Services Act (DSA) Transforms Regulation of Online Intermediaries

by Avi Gesser, Anna Gressel, and Michael Pizzi

On July 5, 2022, the European Parliament voted to approve the final text of the Digital Services Act (“DSA” or the “Act”), a landmark regulation that—along with its sister regulation, the Digital Markets Act (“DMA”)—is poised to transform the global regulatory landscape for social media platforms, hosting services like cloud service providers, and other online intermediaries.

Lawmakers have billed the DSA as implementing the principle that “what is illegal offline, should be illegal online.” In reality, the DSA goes much further, requiring online platforms to not only take greater accountability for “illegal” and “harmful” content that they host, but also to provide unprecedented transparency around their content moderation practices, targeted advertising, and recommender algorithms, and to maintain comprehensive risk management systems for a potentially wide range of systemic risks—from public health crises to political misinformation.

In this Debevoise Data Blog post, we have provided an update on the status of the DSA, an overview of the key features of this landmark regulation, and several take-aways for companies about the import of the DSA.

Continue reading

The Federal Regulators New Statement on Risk Assesments

by Julie Copeland

On July 6th, the Federal banking regulators[1] along with FinCEN issued a joint statement on the “Risk-Based Approach to Assessing Customer Relationships and Conducting Customer Due Diligence” (the “Statement”). The purpose of issuing the Statement was to remind financial institutions that a risk-based approach to due diligence should not automatically exclude a particular type of customer. “Not all customers of a particular type automatically represent a uniformly higher risk of money laundering, terrorist financing or other illicit financial activity” the Statement cautioned.

The Statement went on to list examples of customers whom financial institutions did not necessarily need to assess as high risk, including ATM owners or operators, non-resident aliens and foreign individuals, charities, professional service providers, non-bank financial institutions, cash intensive businesses and customers who might be considered politically exposed persons.

In this environment of heightened concerns about individuals or entities from, related to or doing business with Russia, many financial institutions may be taking a wide brush approach to due diligence on these clients and severing or limiting relationships. Furthermore, the turmoil in the crypto world may be causing a similar tightening of due diligence controls. There are many factors that are causing institutions to take an exceedingly rigorous and perhaps, too rigorous, an approach to customer due diligence, as the Statement seems to imply. The consequences to financial institutions can be great if they fail to prohibit particular customers or prevent transactions linked to illicit activities.

It is also possible that we are seeing the effects of automated decision-making (“ADM”) without the benefit of human oversight. An article previously published on the PCCE blog pointed out the issues that can arise if ADM is used with no or limited human review.[2]  These issues can range from discrimination in decisions that are made because of biased data or artificial intelligence that does not work as intended resulting in harmful or unintended outcomes.

The Anti-Money Laundering Act of 2020 pointed out the risk of so called “de-risking” noting that such actions, among other results,” ultimately drives money into less transparent channels through carrying of cash or use of unlicensed or unregistered money service remitters, thus reducing transparency and traceability, which are critical for financial integrity, and increases the risk of money falling into the wrong hands.”[3]

The lessons that can be gleaned from these various pronouncements are several:

  • A financial institutions’ risk-based due diligence process must be a living/breathing control system that is reviewed and modified on a regular basis.
  • Human review of automated machine decision making is necessary in some form so that broad brushes of customers are not barred from the financial system based on what may be biased data..  
  • Transaction monitoring systems should also be re-evaluated on a continuing basis to determine that the trip wires for transactions to be rejected do not unnecessarily prevent transactions from going through. A $2500 Venmo transaction for a customer with over $300,000 in a bank is not necessarily a suspicious transaction even if the customer has never preformed a Venmo transaction previously. At the very least, an inquiry is warranted before the transaction is blocked. At the very least, institutions should take a sample of rejected transactions or customers on a regular basis to determine if the algorithms need adjusting.  

Financial institutions today must walk a fine line between appropriate due diligence but not overly restrictive controls that unnecessarily exclude customers with certain names or in certain businesses. This is not easy but the use of ADM – if deployed intelligently with human oversight – can assist in this difficult and delicate task.

 

[1] The statement was issued by the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Controller of the Currency

[2] See, New Automated Decision-Making Laws: Four Tips for Compliance, NYU Law’s Program on Corporate Compliance and Enforcement Blog, June 29, 2022.

[3] Anti-Money Laundering Act of 2020 contained in the National Defense Appropriations Act of 2020.

 

Julie Copeland is the Executive Director of NYU Law School’s Program on Corporate Compliance and Enforcement.

The views, opinions and positions expressed within all posts are those of the authors alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law.  The accuracy, completeness and validity of any statements made within this article are not guaranteed.  We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the authors and any liability with regards to infringement of intellectual property rights remains with them.

Complying with New York’s AI Employment Law and Similar Regulations

by Avi Gesser, Jyotin Hamid, Tricia Bozyk Sherno, Anna Gressel, Scott M. Caravello, and Rachel Tennell

A growing number of employers are turning to artificial intelligence (“AI”) tools to assist  500 companies use talent-sifting software, and more than half of human resource leaders in the U.S. leverage predictive algorithms to support hiring. Widespread adoption of these tools has led to concerns from regulators and legislators that they may be inadvertently discriminating, for example, by:

  • Penalizing job candidates with gaps in their resumes, leading to a bias against older women who have taken time off for childcare;
  • Recommending candidates for interviews who resemble the company’s current leadership, which is not diverse; or
  • Using automated games that are unfairly difficult for individuals with disabilities to evaluate employees for promotions, even though they could do the job with a reasonable accommodation.

Continue reading