Author Archives: John D Hagan

An Ounce of Prevention is Worth a Pound of Cure . . . or an Imposed Compliance Monitorship: A Fresh Look at the DOJ’s Corporate Enforcement Toolkit Applied to Sanctions and Export Controls Enforcement

by Brent Carlson and Michael Huneke

Photos of the authors

From left to right: Brent Carlson and Michael Huneke (Photos courtesy of authors)

In our last article, we discussed the evolution of export controls penalties.[1] Beyond monetary penalties, the U.S. Department of Justice (“DOJ”) has additional items in its corporate enforcement toolkit that dramatically increase the cost of non-compliance. These include the DOJ’s new policies requiring companies to claw back or withhold executive compensation, requiring CEOs and chief compliance officers to make pre-release compliance certifications, and expanding the grounds for appointing independent compliance monitors.

Such corporate enforcement trends significantly increase the value of making front-end investments to avoid the “pound of cure.” In this post, we take a “fresh look” at these trends with an eye towards sanctions and export controls enforcement and offer practical guidance for dealing with them. Continue reading

From Washington to Brussels: A Comparative Look at the Biden Administration’s Executive Order and the EU’s AI Act

by

Photos of the authors.

Top left to right: Marianna Drake, Marty Hansen, and Lisa Peets. Bottom left to right: Will Capstick, Jayne Ponder, and Yaron Dori. (Photos courtesy of Covington & Burling LLP)

On October 30, 2023, days ahead of government leaders convening in the UK for an international AI Safety Summit, the White House issued an Executive Order (“EO”) outlining an expansive strategy to support the development and deployment of safe and secure AI technologies (for further details on the EO, see our blog here). As readers will be aware, the European Commission released its proposed Regulation Laying Down Harmonized Rules on Artificial Intelligence (the EU “AI Act”) in 2021 (see our blog here). EU lawmakers are currently negotiating changes to the Commission text, with hopes of finalizing the text by the end of this year, although many of its obligations would only begin to apply to regulated entities in 2026 or later.

The EO and the AI Act stand as two important developments shaping the future of global AI governance and regulation. This blog post discusses key similarities and differences between the two.

Continue reading

DOJ Ends No-Poach Prosecution of SCA

by David B. Anders, Carrie M. Reilly, Kevin S. Schwartz, and Yolanda Bustillo

Photos of the authors.

From left to right: David B. Anders, Carrie M. Reilly, Kevin S. Schwartz, and Yolanda Bustillo. Photos courtesy of Wachtell, Lipton, Rosen & Katz.

Today, almost three years after the Antitrust Division brought criminal charges against Surgical Care Affiliates (“SCA”), the District Court for the Northern District of Texas granted the government’s motion to dismiss the indictment, with prejudice, marking the latest setback in the agency’s aggressive enforcement of labor market cases.  Earlier this year, we noted that the Antitrust Division’s prosecution of criminal wage‑fixing and no-poach agreements warranted reconsideration given the many problems these cases present.  The Antitrust Division’s decision to dismiss its case against SCA signals that the agency may have done just that.

Continue reading

From Peanuts to Prison Time – A Fresh Look at the Evolution of Export Controls Penalties

by Brent Carlson and Michael Huneke

Photos of the authors

From left to right: Brent Carlson and Michael Huneke (Photos courtesy of authors)

New export controls rules recently issued by the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) have set the corporate compliance world abuzz, as export controls continue to increase everywhere amid accelerating economic and geopolitical competition. Multinational companies are placed in an increasingly precarious position, caught between superpowers in a “disordered,” multipolar world. The consequences of failing to navigate successfully through myriad export controls regimes are only going to grow more severe, with the U.S. government signaling that a wave of increasing enforcement activity is on the way.

In this installment of our Fresh Looks series, we examine the evolution of export controls penalties, from where they are today to where they are heading tomorrow. The U.S. Department of Justice (“DOJ”) has called export controls and economic sanctions the “new FCPA” and included both among America’s national security enforcement priorities. This provides an important—and unambiguous—signal of the directional trends underway for export controls enforcement. Continue reading

Slow is Smooth, Smooth is Fast: A Fresh Look at Planning and Executing Internal Investigations into Allegations of Sanctions or Export Controls Evasion

by Brent Carlson and Michael Huneke

Photos of the authors.

From left to right: Brent Carlson, Michael Huneke (Photos courtesy of the authors)

“Slow is Smooth, Smooth is Fast.” U.S. Navy SEALs and Aikido martial arts masters have valued this mantra as a reminder that deliberate, thoughtful action is—unexpectedly—the quickest way to accomplish your objectives in the face of chaotic circumstances.

Next in our “fresh look” series on economic sanctions and export controls compliance—and the convergence of both with anti-corruption compliance following the declaration by the DOJ that sanctions are the “new FCPA”—we apply this principle to responding to allegations of sanctions or export controls evasion. Continue reading

SEC Marketing Rule Settlements Total 10 Before One Year Anniversary of Compliance Date

by Marc Berger, Michael Osnato, David Blass, and Meaghan Kelly

Photos of the authors.

From left to right: Partners Marc Berger, Michael Osnato, David Blass, and Meaghan Kelly. (Photos courtesy of Simpson Thacher & Bartlett LLP.)

On September 11, 2023, the SEC announced settled charges against nine registered investment advisers for violations of the Amended Marketing Rule (“Marketing Rule”) for advertising hypothetical performance to the general public on their websites without adopting and/or implementing policies and procedures required by the Marketing Rule. The advisers settled to anti-fraud charges (Section 206(4) of the Advisers Act) and violations of the performance section of the Marketing Rule (Rule 206(4)1-d). Two of the nine advisers also settled to related record-keeping violations. The advisers paid civil penalties ranging from $50,000 to $175,000 each, for a total amount of $850,000 in combined penalties. Continue reading

FCA Board Focuses on AI

by Stuart Davis, Fiona M. Maclean, Gabriel Lakeman, and Imaan Nazir

Photos of the authors.

From left to right: Stuart Davis, Fiona M. Maclean, Gabriel Lakeman, and Imaan Nazir. (Photos courtesy of Latham & Watkins LLP)

A new publication from the UK’s financial regulator signals to firms that they should take steps to manage risks in the use of AI.

The UK’s Financial Conduct Authority (FCA) has published its latest board minutes highlighting its increasing focus on artificial intelligence (AI), in which it “raised the question of how one could ‘foresee harm’ (under the new Consumer Duty), and also give customers appropriate disclosure, in the context of the operation of AI”. This publication indicates that AI continues to be a key area of attention within the FCA. It also demonstrates that the FCA believes its existing powers and rules already impose substantive requirements on regulated firms considering deploying AI in their services. Continue reading

Collecting, Using, or Sharing Consumer Health Information? Look to HIPAA, the FTC Act, and the Health Breach Notification Rule

by the Federal Trade Commission

FTC logo

Federal Trade Commission

Does your business collect, use, or share consumer health information? When it comes to privacy and security, you’ve probably thought about the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the HIPAA Privacy, Security, and Breach Notification Rules (HIPAA Rules). But did you know you also may need to comply with the Federal Trade Commission Act and the FTC’s Health Breach Notification Rule? Learn more about your obligations under these laws to maintain the privacy and security of consumers’ health information and provide notification if you experience a breach. Continue reading

Delaware’s New Personal Data Privacy Act

by Michael T. Borgia, Benjamin Robbins, and Patrick J. Austin

Photos of the authors.

From left to right: Michael T. Borgia, Benjamin Robbins, and Patrick J. Austin. Photos courtesy of Davis Wright Tremaine LLP.

The Delaware Personal Data Privacy Act (DPDPA or Act) became law on September 11, 2023, making Delaware the 13th state to enact a comprehensive consumer data privacy law, joining California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Florida, Texas, and Oregon. The DPDPA will become effective on January 1, 2025. We highlight key aspects of the DPDPA below.

Continue reading