Author Archives: Jonathan Daniel Cohen

FATF “Gray Lists” Turkey, Citing Concerns with Turkey’s Banking and Real Estate Sectors and Potential Terrorism Financing

by H. Christopher Boehning, Jessica Carey, Christopher Frey, Michael Gertzman, Roberto Gonzalez, Brad Karp, Richard Elliott, Rachel Fiorill, and Jacobus Schutte 

In a significant move, the Financial Action Task Force (“FATF”), the international anti-money laundering body tasked with developing policies to combat money laundering and terrorism financing, has added Turkey to its list of jurisdictions subject to increased monitoring (also known as the FATF “Gray List”).[1]  With the addition of Turkey (as well as, through separate actions, Jordan and Mali), the FATF Gray List now includes 23 countries that FATF has determined to have “strategic deficiencies” in their anti-money laundering (“AML”) and counter-terrorism financing (“CFT”) laws and regulations compared to international best practices and the standards maintained by FATF. [2]  Turkey is the largest economy to be included on the Gray List.

Continue reading

New York DFS Issues Guidance for Adoption of Affiliates’ Cybersecurity Programs

by Greg Andres, Matthew Bacal, Martine Beamon, Angela Burgess, Robert Cohen, Gabriel Rosenberg, Margaret Tahyar, James Haldin, Matthew Kelly, and Daniel Newman

The New York DFS issued new guidance regarding a covered entity’s reliance on an affiliate’s cybersecurity program. The guidance explains DFS’s view that, when a covered entity relies on an affiliate’s program, DFS has authority to examine the affiliate’s program.

Since 2017, New York’s Cybersecurity Regulation, 23 N.Y.C.R.R. Part 500, has required any “Covered Entity”—that is, any entity regulated by New York’s Department of Financial Services (DFS)—to maintain a risk-based cybersecurity program consistent with certain prescriptive technical and procedural requirements. These requirements, the DFS has maintained, are designed to ensure that the Covered Entity’s program adequately protects the Covered Entity’s information systems and the nonpublic information maintained on them.

Continue reading

Virtual Currency Platforms and Ransomware Attacks: OFAC Advisories Highlight Increasing Overlap of Sanctions and Cybersecurity Risks Associated with Virtual Currency Platforms and Ransomware Attacks (Part II of II)

by John Barker, Ronald Lee, Soo-Mi Rhee, Tal Machnes, and Christine Choi 

This is part II of a two-part post. For Part I, which outlines two OFAC advisory opinions on US sanction risks associated with cyber related activities, including virtual currency platforms, click here

Focus on Virtual Currency Platforms

OFAC’s increased focus on cybersecurity, generally, has also put a spotlight on the sanctions risks specific to the virtual currency industry. Indeed, concurrent with the release of its September 2021 Updated Advisory, OFAC added SUEX OTC, S.R.O. (SUEX), a Russian virtual currency exchange, to the SDN List for facilitating financial transactions for ransomware actors—the first such designation of a virtual currency exchange. According to Treasury, over 40% of SUEX’s known transactions were associated with illicit actors, and the exchange facilitated transactions involving at least eight ransomware variants. In designating SUEX, Treasury observed that the virtual currency sector plays a “critical role” in sanctions compliance.[1]

Continue reading

Virtual Currency Platforms and Ransomware Attacks: OFAC Advisories Highlight Increasing Overlap of Sanctions and Cybersecurity Risks Associated with Virtual Currency Platforms and Ransomware Attacks (Part I of II)

by John Barker, Ronald Lee, Soo-Mi Rhee, Tal Machnes, and Christine Choi 

This is part I of a two-part post. For Part II, click here.

In the last few months, the Office of Foreign Assets Control (OFAC) of the US Department of Treasury (Treasury) has issued two advisories that highlight the heightened US sanctions risk associated with cyber related activities, including ransomware attacks and the virtual currency platforms that ransomware payers often use to facilitate payments.

Continue reading

Carlin Speech Signals DOJ White Collar Enforcement Priorities

by Greg Andres, Uzo Asonye, Martine Beamon, Robert Cohen, Daniel Kahn, Tatiana Martins, Paul Marquardt, Fiona Moran, Paul Nathanson, and Daniel Stipano

Principal Associate Deputy Attorney General John Carlin previewed the Department of Justice’s (“DOJ”) refocused corporate enforcement efforts during a speech on October 5, 2021 at GIR Connect: New York.  Carlin’s speech underscored the primary levers a new administration can pull to quickly and meaningfully impact the white collar enforcement space: messaging increased white collar enforcement to relevant stakeholders, instituting new and revising existing policies, creating dedicated taskforces, and increasing resources for white collar enforcement.  Carlin addressed each of these categories by outlining key DOJ priorities, including increased enforcement related to sanctions, export controls, and cryptocurrency; continued expansion of international cooperation and coordination; a “surge” in resources, exemplified by a new dedicated FBI squad for Foreign Corrupt Practices Act (“FCPA”), market integrity, and health care fraud investigations; an upcoming review and revision of corporate enforcement policies; continued and increased use of data-driven enforcement techniques; enhanced and expanded international cooperation; and a warning regarding companies’ compliance with subpoenas and the terms of resolution agreements.

Continue reading

What’s Old Is New Again: DOJ’s New Corporate Criminal Enforcement Policies Equip Prosecutors with More Tools and Information

by Alicyn Cooley and Matthew Levine 

The approach of the Biden Justice Department to corporate and financial crime continues to emerge—or re-emerge. Corporations with federal criminal exposure must now, again (PDF: 463 KB), provide information on all individuals responsible for misconduct in order to receive cooperation credit from the Department of Justice. And corporations which resolve that exposure pursuant to Deferred Prosecution Agreements (DPAs) or Nonprosecution Agreements (NPAs) with DOJ will also now face the increased likelihood of independent monitorships—the use of which waned considerably in recent years, even before the Trump administration explicitly discouraged imposing them in 2018 (PDF: 4.9 MB).

In keynote remarks delivered yesterday at the American Bar Association’s National Institute on White Collar Crime, Deputy Attorney General Lisa Monaco announced these and other new DOJ policies and initiatives, all of which are reminiscent of the Obama Administration’s approach to corporate criminal enforcement. In particular, companies and practitioners should take note of DOJ’s stated commitments to: (1) equipping prosecutors with more information and tools—including monitors—to root out corporate crime and ensure corporations comply with the law and the requirements of their agreements with DOJ; (2) proactively using data accumulated about past corporate resolutions, including taking into account corporations’ full criminal and regulatory histories; and (3) standardizing approaches to corporate enforcement across DOJ and the U.S. Attorneys’ Offices.

Continue reading

ESG in 2021 So Far: An Update (Part III of III)

by Marc Gerber, Greg Norman, Simon Toms, Helena Derbyshire, Louise Batty, Adam Howard, Eve-Christie Vermynck, Damian Babic, Zoe Cooper Sutton, Caroline Kim, Abigail Reeves, Patrick Tsitsaros, Eleanor Williams, and Kathryn Gamble

This is Part III of a three-part post. For Part I, providing an overview of correct ESG predictions for companies based in the U.K. and Europe in 2021, click hereFor Part II, which continues its analysis of ESG predictions, click here

New Areas of Interest

Data, Tech and ESG[1]

As investors have focused on the E in ESG, many have divested fossil fuel-based holdings and shifted investment to technology, which is regarded as greener. For example, large ESG-focused exchange-traded funds (ETFs) now look very much like tech-sector ETFs, with Apple, Microsoft, Amazon, Alphabet and Facebook topping the holdings at several.

However, as the technology sector evolves and data becomes increasingly valuable, the need for effective management and safeguarding will determine whether it continues to be seen as an ESG-friendly industry. Cybersecurity, for example, has emerged as a critical governance risk when evaluating investments, a concern that has only been heightened by the shift to remote working during the pandemic.

Continue reading

ESG in 2021 So Far: An Update (Part II of III)

by Marc Gerber, Greg Norman, Simon Toms, Helena Derbyshire, Louise Batty, Adam Howard, Eve-Christie Vermynck, Damian Babic, Zoe Cooper Sutton, Caroline Kim, Abigail Reeves, Patrick Tsitsaros, Eleanor Williams, and Kathryn Gamble

This is Part II of a three-part post. For Part I, providing an overview of correct ESG predictions for companies based in the U.K. and Europe in 2021, click here. Part III will discuss new areas of interest in the ESG field and make new predictions. 

Executive Remuneration[1]

Executive remuneration has proved a contentious topic in 2021. A PwC report found that executive pay at the U.K.’s biggest companies dropped by nearly a fifth as companies responded to warnings from institutional investors that they expected remuneration to reflect the impact of the pandemic on stakeholders. Where companies failed to take this into consideration, such as Foxtons and Morrisons, a significant portion of shareholders voted against the companies’ remuneration plans ― particularly, where those companies received government support during the pandemic, raised emergency cash and/or suffered a substantial fall in share price.

Continue reading

The Consumer Financial Protection Bureau’s Proposed Rules on Small Business Data Collection: Nine Things To Know

by David Stein, Eric MogilnickiJeremy NewellMichael Nonaka, and Andrew Smith 

On Wednesday, September 1, 2021, the Consumer Financial Protection Bureau (“Bureau”) issued a notice of proposed rulemaking for proposed rules that would require creditors to collect and report data about lending to small businesses, focusing on minority-owned and women-owned small businesses (the “Proposed Rules”). The Bureau issued the Proposed Rules to implement Section 1071 of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2011. Section 1071 amended the Equal Credit Opportunity Act (“ECOA”) to create a mandatory data collection and reporting requirement for business lending to promote the ECOA’s fair lending objectives. In July 2021, the Bureau committed to issuing the Proposed Rules no later than September 30, 2021, as part of a settlement agreement reached in a lawsuit brought by consumer advocates in 2019 regarding the delayed issuance of rules to implement Section 1071. Comments on the Proposed Rules are due 90 days after publication in the Federal Register.

Continue reading

ESG in 2021 So Far: An Update (Part I of III)

by Marc Gerber, Greg Norman, Simon Toms, Helena Derbyshire, Louise Batty, Adam Howard, Eve-Christie Vermynck, Damian Babic, Zoe Cooper Sutton, Caroline Kim, Abigail Reeves, Patrick Tsitsaros, Eleanor Williams, and Kathryn Gamble

The rapidly growing focus on environmental, social and governance (ESG) matters that marked 2020 continued to shape events for companies operating or based in the U.K. and Europe in 2021. Discussions of ESG are occurring at all levels, from the boardroom to investors to employees, and governments, regulators and companies are all being encouraged to take these matters into consideration. In our 1 February 2021 article (“ESG: Key Trends in 2020 and Expectations for 2021”), we set out what we thought would be the key ESG trends to watch this year. In this article, we take stock of those predictions, discuss new issues that have emerged over the year and identify the trends we think will be prominent during the remainder of 2021.

Continue reading