Author Archives: Joseph P Facciponti

Steering the AI Ship: Is Your Board Ready to Navigate Complexity in a Dynamic Regulatory Environment?

by Meghan Anzelc, Ph.D., Christina Fernandes-D’Souza, and Avril Ussery Sisk

Photo of authors

Left to right: Meghan Anzelc, Ph.D., Christina Fernandes-D’Souza, Avril Ussery Sisk (Photos courtesy of authors)

Artificial intelligence (AI) has rapidly leapt to application in an ever-broadening range of human endeavors. We are in a very dynamic era, and as AI becomes more ubiquitous, there is a great deal of on-going discussion about how it will be harnessed for advancement across all aspects of our lives. Coupled with society’s understanding of exciting AI possibilities, there are growing calls for caution, and a reticence regarding placement of trust in private entities to protect the community from threats and potential misuse. There is also the increasing perception of weakness in the governance of AI by the private entities promoting the benefits and rapidly adopting the technology.

Continue reading

Consumer Financial Protection Bureau Stands Up to Protect Whistleblowers from Overly Broad NDAs

by Benjamin Calitri

Benjamin Calitri

Photo courtesy of author

Protections for whistleblowers from overly expansive non-disclosure agreements (NDAs) aimed at preventing whistleblowers from providing information to law enforcement and regulators have been expanding exponentially in the past year. The Securities and Exchange Commission’s (SEC) enforcement of Rule 21F-17(a) has gained teeth by increasing the monetary sanctions for enforcement. The Commodity Futures Trading Commission (CFTC) took its first enforcement of Regulation 165.19(b) against Trafigura for the use of NDAs meant to silence whistleblowers. The latest agency to take action against overly expansive NDAs is the Consumer Financial Protection Bureau (CFPB), which has announced that their employee protection regulation applies to NDAs that seek to silence whistleblowers.

Continue reading

PCCE to Host Senior DOJ Officials on September 17th to Discuss Newly-Announced Whistleblower Program

Photos of speakers

On September 17th, 2024, the Program on Corporate Compliance and Enforcement will host U.S. Department of Justice officials Nicole Argentieri and Brent Wible as well as other experts for a discussion on the Department of Justice’s newly-announced whistleblower pilot program.

After PDAAG Argentieri’s remarks, Brent Wible will engage in a moderated fireside chat and will be taking questions from the audience.

Following remarks and the fireside chat, there will be a moderated panel discussion by a panel of experts in corporate enforcement, compliance, and whistleblower programs from both the private sector and government.  Panelists include:

  • Jane Norberg, Partner, Arnold & Porter LLP
  • Preston Pugh, Partner, Crowell & Moring LLP
  • Daniel Richman, Paul J. Kellner Professor of Law, Columbia Law School
  • Max Rodriquez, Principal and Founder, Law Office of Max Rodriguez  
  • Andrew Weissman, Professor of Practice, NYU School of Law

The event will be in-person only at NYU School of Law. Check-in will open at 5:30 pm. The program will begin 6 PM in Lipton Hall at 108 W 3rd Street, Lower Level, New York NY 10012. There will be a reception following the event from 8:00 – 8:30 PM. 

Pre-registration is required to attend. Click here to registerWe expect that 2 credits of NY CLE will be offered for attendees who sign in and out at the venue.

We look forward to seeing you!

Cyber Experts React to Court Decision in the SEC’s SolarWinds Enforcement Action

Editor’s Note: PCCE has been watching the developments in the SEC’s enforcement action against SolarWinds and its CISO over allegedly misleading disclosures and controls failures related to the compromise of its Orion product by putative Russian hackers. In this post, cybersecurity experts and lawyers discuss the recent decision by U.S. District Judge Paul Engelmayer to dismiss most of the SEC’s claims in the case.

Photos of the authors

Top left to right: Randal Milch, Judy Titera, James Haldin, and Alan Wilson. Bottom left to right: Matthew Beville, Elizabeth Roper, and Jerome Tomas. (Photos courtesy of authors)

Continue reading

Supreme Court Punches SEC APs Right in the Seventh Amendment

by Andrew J. Ceresney, Charu A. Chandrasekhar, Arian M. June, Robert B. Kaplan, Julie M. Riewe, Kristin A. Snyder, and Jonathan R. Tuttle

Photos of the authors

Top left to right: Andrew J. Ceresney, Charu A. Chandrasekhar, Arian M. June, and Robert B. Kaplan. Bottom left to right: Julie M. Riewe, Kristin A. Snyder, and Jonathan R. Tuttle. (Photos courtesy of Debevoise & Plimpton LLP)

Recently, in a long-awaited ruling with significant implications for the securities industry and administrative agencies more generally, the U.S. Supreme Court affirmed the Fifth Circuit’s decision in Jarkesy v. SEC, holding that the Seventh Amendment right to a jury trial precluded the U.S. Securities and Exchange Commission (the “SEC”) from pursuing monetary penalties for securities fraud violations through in-house administrative adjudications. The key takeaways are:

  • The Court’s ruling was limited to securities fraud claims, but other SEC claims seeking legal remedies may be impacted, as well as claims by other federal agencies that may have been adjudicated in-house previously.
  • We expect that the SEC will continue its practice of bringing new enforcement actions in district court, except when a claim only is available in the administrative forum.
  • Because of the majority decision’s focus on fraud’s common-law roots, the decision raises questions about whether the SEC may bring negligence-based or strict liability claims seeking penalties administratively.
  • The Court did not resolve other constitutional questions concerning the SEC’s administrative law judges, including whether the SEC’s use of administrative proceedings violates the non-delegation doctrine and whether the SEC’s administrative law judges are unconstitutionally protected from removal in violation of Article III.
  • We anticipate additional litigation regarding these unresolved issues.

Continue reading

CNIL Publishes New Guidelines on the Development of AI Systems

by David Dumont and Tiago Sérgio Cabral

Photos of the authors

David Dumont and Tiago Sérgio Cabral (photos courtesy of Hunton Andrews Kurth LLP)

On June 7, 2024, following a public consultation, the French Data Protection Authority (the “CNIL”) published the final version of its guidelines addressing the development of AI systems from a data protection perspective (the “Guidelines”). Read our blog on the pre-public consultation version of these Guidelines.

In the Guidelines, the CNIL states that, in its view, the successful development of AI systems can be reconciled with the challenges of protecting privacy.

Continue reading

US Antitrust Regulators Threaten Ephemeral Messaging Users and Their Counsel with Obstruction Charges

by Jeremy Calsyn, Nowell Bamberger, Charles P. Balaan, and Joseph M. Kay

Photos of authors

Left to right: Jeremy Calsyn, Nowell Bamberger, Charles P. Balaan, and Joseph M. Kay (photos courtesy of Cleary Gottlieb Steen & Hamilton LLP)

In recent months, federal regulators have made statements that companies and their counsel may be subject to criminal prosecution if they fail to preserve ephemeral messaging data when they receive a subpoena or other legal process.  In January 2024, the Deputy Assistant Attorney General for Criminal Enforcement at the DOJ Antitrust Division warned “failure to produce” ephemeral messaging may result in obstruction charges.[1]  Speaking at the ABA Antitrust Spring Meeting in April 2024, a lawyer for the Antitrust Division echoed that the DOJ “will not hesitate to bring obstruction charges” against company counsel and their clients if clients fail to properly retain so-called “ephemeral messages.[2]  This is consistent with other recent warnings from the DOJ.[3]

The agencies’ focus on features of ephemeral messaging, which they argue can be used to hamper investigations, ignores the fact that ephemeral messaging applications have a legitimate role in the workplace where data security and management is paramount.  Despite the advantages of ephemeral messaging, clients should be aware of the legal and other risks presented by these applications and implement clear information retention policies that account for the organization’s duty to preserve information for litigation and government investigations. 

Continue reading

Succor Borne Every Minute

by Michael Atleson

Federal Trade Commission

Earnest chats with objects are not so unusual. Mark “The Bird” Fidrych, the famed Detroit Tiger, used to stand on the pitching mound whispering to the baseball. Forky, the highly animate utensil from Toy Story 4, once posed deep questions about friendship to a ceramic mug. And many of us have made repeated queries of the Magic 8 Ball despite its limited set of randomly generated answers.

Our talking to computers also goes way back, and that history is getting weirder. We’re seeing a wave of avatars and bots marketed to provide companionship, romance, therapy, or portals to dead loved ones, and even meet religious needs. It may be a function of AI companies making chatbots better at human mimicry in order to convince us that chatbots have social value worth paying for. Consider that some of these companies compare their products to magic (they aren’t), talk about the products having feelings (they don’t), or admit they just want people to feel that the products are magic or have feelings.

Continue reading

DOJ National Security Division Issues First-Ever Declination Under Enforcement Policy

by Satish M. Kini, David A. O’Neil, Jane Shvets, Rick Sofield, Douglas S. Zolkind, Carter Burwell, Connor R. Crowley, and Hillary Hubley

Photos of the authors

Top left to right: Satish M. Kini, David A. O’Neil, Jane Shvets, and Rick Sofield. Bottom left to right: Douglas S. Zolkind, Carter Burwell, Connor R. Crowley, and Hillary Hubley. (Photos courtesy of Debevoise & Plimpton LLP)

Key Takeaways

  • Even in criminal national security matters, early self-reporting, remediation and cooperation can enable companies to avoid prosecution and penalties.
  • Federal enforcement agencies are continuing to collaborate in investigating and prosecuting criminal cases at the intersection of national security and corporate crime.
  • Multinational corporations and academic institutions should be aware of the risk of outsiders fraudulently affiliating themselves with legitimate institutions to skirt export control laws.

Continue reading

EU Digital Operational Resilience Act (“DORA”): Incident and Cyber Threat Reporting and Considerations for Incident Response Plans

by Robert MaddoxStephanie ThomasAnnabella M. Waszkiewicz, and Michiko Wongso 

Photos of the authors

Left to right: Robert Maddox, Stephanie Thomas, Annabella M. Waszkiewicz, and Michiko Wongso (photos courtesy of Debevoise & Plimpton LLP)

With the EU Digital Operational Resilience Act (“DORA”) implementation deadline set for January 2025, many financial services firms are spending 2024 preparing for the new regime. Amongst many operational resilience and management oversight requirements, DORA will require covered entities to monitor for, identify, and classify Information and Communications Technology (“ICT”)-related incidents (“incidents”) and cyber threats and report them under certain circumstances to regulators, clients, and the public.

In this post, we take a closer look at DORA’s ICT-related incident and cyber threat reporting obligations (which can require notifications as fast as four hours) and how covered entities can prepare to address them within their existing incident response plans (“IRPs”).

For a more general overview of DORA’s requirements, please see our previous blog post here, along with our coverage of management obligations for covered entities under DORA and how DORA will impact fund managers and the insurance sector in Europe.

Continue reading