Author Archives: Jonathan Silverstone

FINMA Imposes Measures and Sanctions on Julius Baer for Serious Anti-Money Laundering Failings

Since December 2018, the Swiss Financial Market Supervisory Authority (FINMA) has taken a series of significant actions that stress its concern about compliance by Swiss financial institutions with anti-money laundering (AML) rules: issuing the revised FINMA Anti-Money Laundering Ordinance, which sets out due diligence requirements for fintech licensee institutions;[1] providing guidance on the application of Swiss AML rules to financial services providers with regard to blockchain technology;[2] and issuing a Risk Monitor that designated money laundering as one of the six principal risks identified for FINMA-supervised institutions.[3] Most recently, FINMA has imposed a number of measures and sanctions on a leading Swiss bank for serious failings in the bank’s AML program, including prohibiting the bank from conducting major acquisitions until it achieves full legal compliance with AML requirements.

On February 20, FINMA announced that it had concluded an investigation of Swiss bank Julius Baer. That investigation — which FINMA had begun in connection with alleged cases of corruption linked to Petróleos de Venezuela S.A. (PDVSA), a Venezuelan state-owned oil company, and FIFA, the world soccer federation — resulted in a finding that Julius Baer had “systematic failings to comply with due diligence under the Anti-Money Laundering Act as well as violations of AML reporting requirements.”[4] In particular, the investigation found that the bank “was in breach of obligations to combat money laundering and its duty to put in place an appropriate risk management policy, representing a serious infringement of financial market law.”[5] Continue reading →

Debevoise Coronavirus Checklists—Cybersecurity

by Luke Dembosky, Jeremy Feigelson, Avi Gesser, Jim Pastore, Lisa Zornberg, Tricia Bozyk Sherno, Hilary Davidson, and Christopher S. Ford

As companies dust off their Business Continuity Plans to prepare for possible disruptions and remote working due to COVID-19, here are 10 cybersecurity considerations to add to the list of preparations: Continue reading →

FinCEN Imposes Its First Penalty on a Bank Compliance Officer for $450,000 for Failing to Prevent AML Violations

by H. Christopher Boehning, Jessica S. Carey, Christopher D. Frey, Michael E. Gertzman, Roberto J. Gonzalez, Brad S. Karp, Mark F. Mendelsohn, Richard S. Elliott, Rachel Fiorill, Karen R. King, Justin D. Lerer, Anand Sithian, and Avery Medjuck

On March 4, 2020, the Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) issued a consent order assessing a $450,000 civil money penalty against Michael LaFontaine, a former Chief Operational Risk Officer at U.S. Bank NA (“U.S. Bank”), for his alleged failure to prevent Bank Secrecy Act/anti-money laundering (“BSA/AML”) violations that took place during his tenure.[1] This action—which follows U.S. Bank’s 2018 BSA/AML-related resolution with FinCEN, the U.S. Department of Justice (“DOJ”), the Office of the Comptroller of the Currency (“OCC”) and the Federal Reserve for a combined $613 million in financial penalties—marks the first time FinCEN has imposed a penalty on a bank compliance officer for his role in failing to prevent BSA/AML compliance program failures.[2] Continue reading →

SEC and PCAOB Leadership Announce Potential Relief to Companies Affected by the Coronavirus

by Betty Moy Huber and Paula H. Simpkins

Last week, senior leaders of the Securities and Exchange Commission (SEC) and the Chairman of the Public Company Accounting Oversight Board (PCAOB) issued a joint statement (Statement) noting the potential effect that the coronavirus may have on reporting companies, reminding companies of their disclosure obligations and notifying companies affected by the virus that they may contact the SEC for guidance or a determination of their eligibility for relief from filing deadlines. The Statement comes in the wake of numerous articles contemplating the virus’ effect on businesses that rely on global supply chains. On Tuesday, one Wall Street Journal commentator posited that “the coronavirus could cause supply-chain disruptions that are unlike anything we have seen in the past 70 years.” Continue reading →

Speaker Programs and the Pharmaceutical Industry

by Stephen A. Jonas, Ericka Aiken, and Athena Katsampes

In December 2019, Teva settled with DOJ for $54 million to resolve False Claims Act (FCA) allegations that, among other things, Teva induced physicians to write prescriptions for drugs that treat multiple sclerosis and Parkinson’s disease by paying them as “speakers” or “consultants” in connection with sham speaker programs and events. The Teva settlement was one of a wave of settlements in 2019 that involved allegations of pharmaceutical companies improperly compensating physicians through sham speaker programs.

Speaker and educational programs are common tools by which pharmaceutical companies pay healthcare providers, including doctors and nurse practitioners, to speak about the benefits, risks, and best practices of prescribing companies’ drugs. While most frequently intended to educate the medical community, these programs could give rise to liability under the federal Anti-Kickback Statute (AKS) and FCA if used by companies to induce providers to write prescriptions for companies’ drugs. Continue reading →

Do Shareholder Lawsuits Deter Insider Trading? Evidence from Universal Demand Laws

by Binay K. Adhikari, Anup Agrawal, and Bina Sharma

Does insider trading regulation actually deter insider trading? This is an unsettled question, on which prior empirical findings have been mixed. One set of studies finds that insider trading regulations have been effective in reducing the frequency and profitability of opportunistic trades,[1] while several other studies cast doubt on the efficacy of regulations.[2] Why do studies disagree on this question? A possible reason is the difficulties inherent in evaluating the effects of regulation on insider trading. These difficulties fall into two main categories: First, most modern insider trading laws in the United States are adopted at the federal level[3] and are designed to affect all firms at the same time. That makes it difficult to tell whether any changes in insider trading are due to the law or some other contemporaneous event. Second, a decrease in insider trading after the passage of a stricter law or an increase in enforcement can either be an effect of such action or simply a return to a more normal level of insider trading after an elevated period that led to the law being passed. Perhaps recognizing these issues, Utpal Bhattacharya concludes his extensive review of the insider trading literature with the verdict, “[w]e need methodologies (such as natural experiments) to evaluate the efficacy of current and future insider trading rules.”[4] Continue reading →

DOJ Announces Government Procurement Collusion Strike Force

by Craig A. Benson, Joseph J. Bial, Andrew C. Finch, Andrew J. Forman, Kenneth A. Gallo, Jonathan S. Kanter, Mark F. Mendelsohn, William B. Michael, Jane B. O’Brien, Jeannie S. Rhee, Jacqueline P. Rubin, Charles F. “Rick” Rule, Aidan Synnott, and Mark R. Laramie.

On November 5, the United States Department of Justice (DOJ) announced that it – along with the FBI, the Department of Defense (DOD), the United States Postal Service (USPS) and the General Services Administration (GSA) – is forming a new government Procurement Collusion Strike Force. The strike force will focus “on deterring, detecting, investigating and prosecuting” collusion among companies and individuals involved in government procurement at all levels. Within the DOJ, the strike force will involve prosecutors from the Antitrust Division and thirteen United States Attorney’s offices from around the country, including Chicago, Dallas, New York, Los Angeles, Miami, Sacramento and Washington, D.C. In addition to involvement by the Offices of Inspector General (OIG) of the DOD, USPS and GSA, the task force will also partner with other federal agency OIGs. The announcement was made by Deputy Attorney General Jeffrey A. Rosen and Assistant Attorney General for Antitrust Makan Delrahim. During the announcement, Mr. Delrahim noted that “today, more than one third of the Antitrust Division’s 100-plus open investigations relate to public procurement or otherwise involve the government being victimized by criminal conduct.” Continue reading →

U.K. and U.S. Sign Landmark Cross-Border Data Sharing Agreement

by Jeremy Feigelson, Karolos Seeger, Jane Shvets, Robin Lööf, Robert Maddox, and Alma M. Mozetič

On October 3, 2019, the United Kingdom and the United States signed a landmark data sharing agreement to give law enforcement agencies in one country faster access to digital evidence held by service providers, such as web hosts and social media companies, located in the other (the “Agreement”).[1] The material scope of the Agreement is wide, including fraud, cyberattacks, corruption, and other serious offences. The Agreement aims to provide an alternative, faster mechanism to the current system based on government-to-government requests pursuant to Mutual Legal Assistance Treaties (“MLATs”). Under the Agreement, law enforcement authorities will be able to compel production directly from service providers. The hope is that this will reduce waiting times to weeks or sometimes days. The Agreement is expected to enter into force following review by the U.K. Parliament and the U.S. Congress, in early April 2020. Continue reading →

Another Look at Third-Party Management: Why We’re Missing 31% of Material Risks

by Adam Hill

Privacy regulators increasingly are prescribing rules around third-party vendor and data processing management.[1] As of March 1, 2019, for instance, New York’s Department of Financial Services (NYDFS) requires that Covered Entities establish policies and procedures for assessing the risks posed by vendors, determining minimum cybersecurity and privacy practices, conducting due diligence, and following up with periodic assessments.[2] However, the NYDFS does not go so far as to prescribe a “one-size-fits-all” approach to these third-party management requirements.[3] Nor do other financial regulators, such as the Financial Industry Regulatory Authority, leaving the decision as to the appropriate form of third-party management largely to the entities themselves.[4]

How, then, should companies implement NYDFS-style third-party risk management rules? The leading approach taken by compliance functions is to invest heavily in upfront due diligence of third-party vendors and data processors. This “point-in-time” approach is premised on the idea that third-party risks are best identified by asking an exhaustive list of questions prior to the onboarding of a third party and recertifying those answers on a future date. A Gartner survey of 195 chief privacy and compliance officers shows that 72% of the effort allocated to identifying and monitoring third-party privacy risks happens during upfront due diligence and recertification. Continue reading →

Compliance and Enforcement