Author Archives: Michelle Louise Austin

White Collar and Regulatory Enforcement: What to Expect in 2018

by John F. Savarese, Ralph M. Levene, Wayne M. Carlin, David B. Anders, Jonathan M. Moses, Marshall L. Miller, Louis J. Barash, and Carol Miller

Introduction

In our memo last year, we acknowledged that it was close to impossible to predict the likely impact that the newly elected Trump administration would have on white-collar and regulatory enforcement. (White Collar and Regulatory Enforcement: What to Expect in 2017 (PDF: 240 KB) Instead, we set out a list of initiatives we urged the new administration to consider, including clarifying standards for when cooperation credit would be given, reducing the use of monitors, and giving greater weight to a company’s pre-existing compliance program when exercising prosecutorial discretion, among other suggestions. While the DOJ under Attorney General Jeff Sessions has, for example, taken some steps toward clarifying the applicable standards for cooperation and increasing incentives to disclose misconduct in the FCPA area, few other policy choices or shifts in approach have been articulated or implemented. Continue reading →

Supreme Court Grants Certiorari on the Constitutionality of SEC ALJ Appointments– What This Means for the Securities Industry

by Matthew C. Solomon, Alexander Janghorbani, and Richard R. Cipolla

On January 12, 2018, the Supreme Court granted a writ of certiorari in Raymond J. Lucia Cos., Inc. v. SEC, No. 17 130,[1] a case raising a key constitutional issue relating to the manner in which the U.S. Securities and Exchange Commission’s (SEC or Commission) appoints its administrative law judges (ALJs). The Court will decide “[w]hether administrative law judges of the [SEC] are Officers of the United States within the meaning of the Appointments Clause.” The answer to this question matters because if SEC ALJs are “officers,” then they should have been appointed by the Commission itself instead of hired through traditional government channels—and the Commission only exercised its ALJ appointment authority in late-2017. Although the question is limited to SEC ALJs, any decision could also impact ALJs at other agencies government-wide.

At this point, both the petitioner and the Solicitor General (SG) actually agree that ALJs are officers. In its response to the cert petition raising this issue in Lucia, the SG, in an about-face, had abandoned the SEC’s long-held defense of the manner in which it appoints its ALJs. Up until now, in an attempt to fend off an asserted constitutional defect in their AJL’s method of appointment, the SEC has argued (with SG approval) that ALJs are “mere employees” of the SEC, and not “officers.” The day after the SG dropped this position—and with no warning in its briefing—the Commission took the step to appoint the current ALJs.[2] Continue reading →

Global Anti-Bribery Year-in-Review: 2017 Developments and Predictions for 2018

by Kimberly A. Parker, Jay Holtmeier, Erin G.H. Sloane, Lillian Howard Potter, Tetyana V. Gaponenko, Victoria J. Lee, and Roger M. Witten

This past year marked the 40th anniversary of the U.S. Foreign Corrupt Practices Act (“FCPA”). Since its enactment in 1977, the U.S. Department of Justice (the “DOJ”) has brought approximately 300 FCPA enforcement actions, while the U.S. Securities and Exchange Commission (the “SEC”) has brought approximately 200 cases.[1] This anniversary year, the first year of the Trump administration, demonstrated that the FCPA continues to be a powerful tool in combating corruption abroad and encouraging compliance at global companies.

Below are six key take-aways regarding FCPA enforcement in 2017: Continue reading →

Pablo Quiñones joins PCCE as Executive Director and Senior Fellow

The NYU Program on Corporate Compliance and Enforcement is pleased to announce that Pablo Quiñones will be PCCE’s new Executive Director. Mr. Quiñones will assume his new position on February 1, 2018 and will serve for the rest of the academic year. Next academic year, Mr. Quiñones will return to private practice but will continue to work with PCCE as a Senior Fellow.

Mr. Quiñones joins the Law School after serving as Chief of Strategy, Policy and Training for the U.S. Department of Justice’s Criminal Fraud Section in Washington, D.C. In that role, Mr. Quiñones supervised a unit that worked with senior leaders, supervisors and trial attorneys within the DOJ to develop and implement enforcement strategies, policies, and educational programs related to prosecuting financial crimes. He helped foster cooperation among foreign and domestic government agencies, promote the evaluation of corporate compliance programs and monitors, and implement investigation, prosecution and trial training programs. Among other things, Mr. Quiñones oversaw the Section’s first detail of a prosecutor to a foreign regulator and first expert compliance counsel, assisted in the development of FCPA enforcement policies, and advised on important litigation and appellate matters. Continue reading →

Draft GDPR Transparency Guidelines Issued: What Does Your Privacy Policy Need to Contain?

by Jeremy Feigelson, Jane Shvets, Dr. Thomas Schürrle, Ceri Chave, Dr. Friedrich Popp, and Christopher Garrett

Late last year, the Article 29 Working Party (the “Working Party”) issued detailed draft guidance (the “Guidelines”) on transparency under the EU General Data Protection Regulation (the “GDPR”), which comes into force in May 2018. These Guidelines, which will be finalized following a consultation process, contain the Working Party’s interpretation of the mandatory transparency information that must be provided to a data subject by way of privacy policy or other disclosures.

One of the express requirements of the GDPR relates to how businesses communicate their use of a data subject’s personal information to that data subject at the point of data collection or consent, typically via a privacy policy or notice. Getting this right is crucial. Businesses will need to examine their current privacy policies and other disclosures closely, and consider whether these need revising not just in the light of the GDPR, but also to factor in the requirements listed in the Guidelines, which elaborate on existing GDPR provisions. While the Guidelines will not be binding, data protection authorities may take a dim view of businesses which fail to comply with the Guidelines without good reason, given that representatives from all of the EU data protection authorities are part of the Working Party. Businesses that fail to comply with the information duties under the GDPR will face fines of up to the higher of 4% of annual worldwide turnover or EUR 20 million. Continue reading →

Creating a Culture of Compliance

by Michael C. Neus

Many constituents have a vested interest in determining a firm’s culture of compliance: regulators, investors, prospective employees, among others. Investment advisers registered with the Securities and Exchange Commission must demonstrate their compliance culture during periodic examinations by the Office of Compliance, Inspection and Examinations. Current and former SEC examination staff often state that the primary indicator of a healthy compliance culture is the “tone from the top.” There are a number of steps that a firm can take to demonstrate that top management fosters an effective compliance culture. Continue reading →

“The Big Chill”: Personal Liability and the Targeting of Financial Sector Compliance Officers

by Court E. Golumbic

Introduction

Prominent law enforcement and regulatory officials have referred to financial sector compliance officers, as “essential partners”[1] in ensuring compliance with relevant laws and regulations, whose “difficult job[s]” merit “appreciat[ion] and respect.”[2] Officials have noted the critical role these professionals play in shaping the culture of financial institutions, as well as the industry more generally.[3] However, a series of recent enforcement actions in which financial sector compliance officers have been personally sanctioned[4] has strained this partnership, fueling concerns among financial sector compliance officers that they are being unfairly targeted.[5]

Law enforcement and regulatory officials have responded to these concerns with assurances that both the ethos of a partnership and their even-handed enforcement approach remain intact.[6] Officials have stressed that in the rare instances in which financial sector compliance officers have been held personally accountable, the majority had engaged in affirmative misconduct.[7] Rarer still, they contend, are cases where compliance officers were found to have exhibited “wholesale” or “broad-based” failures in carrying out responsibilities assigned to them.[8] In these particular cases, officials have stressed that the enforcement actions proceed only when, after carefully weighing the evidence, the facts indicate that the compliance officers “crossed a clear line.”[9] Continue reading →

Global Magnitsky Sanctions Target Human Rights Abusers and Government Corruption Around the World

by David S. Cohen, Kimberly A. Parker, Jay Holtmeier, Ronald I. Meltzer, David M. Horn, Lillian Howard Potter, and Michael Romais

On December 20, 2017, President Trump issued a new Executive Order (PDF: 235 KB) (EO) targeting corruption and human rights abuses around the world.

The EO implements last year’s Global Magnitsky Human Rights Accountability Act (the Global Magnitsky Act), which authorized the president to impose sanctions against human rights abusers and those who facilitate government corruption.[1] The US Department of the Treasury’s Office of Foreign Assets Control (OFAC), which will administer the EO, also added 15 individuals and 37 entities to its Specially Designated Nationals and Blocked Persons List (SDN List). Continue reading →

Ditching Deterrence: Preventing Crime by Reforming Corporations Rather than Fining Them

by Mihailis E. Diamantis

“Corporate criminal law . . . operates firmly in a deterrence mode.”[1] The ultimate goal of that deterrence is prevention. But recent evidence suggests that deterrence—and in particular, the corporate fine (the favorite tool of deterrence theorists)[2]—is not particularly good at the job.[3] For a host of structural and practical reasons, corporate fines do not influence corporate behavior as we might have hoped. In a forthcoming article, Clockwork Corporations: A Character Theory of Corporate Punishment, I propose abolishing the corporate fine and offer an alternative framework for structuring corporate punishment.[4] The proposal expands on a strategy prosecutors already employ, albeit imperfectly, as part of corporate deferred prosecution agreements: mandating corporate reform.[5] On this new approach, such government-directed reform would be the exclusive means of corporate punishment, and judges and judge-appointed monitors, rather than prosecutors, would be in the driver’s seat. This “character” theory of punishing corporations could beat deterrence theory at its own game by preventing more corporate crime. Continue reading →

Securities Fraud Class Action Suits following Cyber Breaches: The Trickle Before the Wave

by Michael S. Flynn, Avi Gesser, Joseph A. Hall, Edmund Polubinski III, Neal A. Potischman, Brian S. Weinstein, Peter Starr and Jessica L. Turner

Overview

Large-scale data breaches can give rise to a host of legal problems for the breached entity, ranging from consumer class action litigation to congressional inquiries and state attorneys general investigations. Increasingly, issuers are also facing the specter of federal securities fraud litigation.[1]

The existence of securities fraud litigation following a cyber breach is, to some extent, not surprising. Lawyer-driven securities litigation often follows stock price declines, even declines that are ostensibly unrelated to any prior public disclosure by an issuer. Until recently, significant declines in stock price following disclosures of cyber breaches were rare. But that is changing. The recent securities fraud class actions brought against Yahoo! and Equifax demonstrate this point; in both of those cases, significant stock price declines followed the disclosure of the breach. Similar cases can be expected whenever stock price declines follow cyber breach disclosures. Continue reading →