Author Archives: Serina M. Vash

Comey’s Choice: Unprecedented Situation, Extraordinary Transparency

FBI Director James Comey has come under intense scrutiny in the wake of his letter to Congress on October 28, 2016. On its face, the October 28th letter (PDF: 517 KB) was intended to supplement the Director’s prior testimony before Congress, which detailed the FBI’s decision not to recommend criminal charges against former Secretary Hillary Clinton in connection with her use of a personal email server. But the timing of the correspondence and its incomplete content led to harsh rebuke from both sides of the aisle, accusations by lawmakers that Director Comey violated the Hatch Act (PDF: 195 KB) and criticism by former DOJ prosecutors that the FBI Director broke from longstanding Department of Justice policy.

Federal law and DOJ policy are aimed at assuring that the work of federal employees is carried out with integrity and without regard to politics or political pressure. While criticism of the FBI Director’s decisions is unlikely to abate, a review of the record demonstrates that the FBI Director’s intent was to provide extraordinary transparency in what has been an unprecedented situation. Continue reading →

Why Employees Often Remain Silent and What Needs to be Done to Encourage Speaking Up

by Elizabeth Wolfe Morrison

For a compliance program to be effective, employees must be willing to report suspected wrongdoing. But it cannot be assumed that employees who see or suspect something will say something. It has been estimated that less than half of all employees who witness wrongdoing report it. Wells Fargo is a good case in point. It is clear that a large number of employees recognized that something was not right. Some spoke up and were ignored. Others didn’t even speak up.

We all like to believe that we are ethical people and that when faced with a tough choice we will do the right thing. But the evidence suggests otherwise. Good people often find themselves in situations that create strong social cues or even overt pressures to withhold information about misconduct. The result is what’s known as “employee silence.” Continue reading →

2016 DOJ and SEC FCPA Resolution Tracker

Courtesy of Davis Polk & Wardwell LLP

On October 27, 2016, Davis Polk presented its 2016 DOJ and FCPA Resolution Tracker, updated through the end of Q3. The tracker details key characteristics of corporate and individual FCPA resolutions, and is available through the link below.

Q3 Highlights include: Continue reading →

The Yates Memo: The Promise and Reality A Year Later

by Walt Pavlo

Since the financial crisis of 2008, government prosecutors have come under fire for not prosecuting some of the top bank executives who, many say, were responsible for the financial crisis. To remedy that perception, Assistant Attorney General Sally Quillian Yates announced the DOJ’s new policy on “Individual Accountability For Corporate Wrongdoing (PDF: 449 KB)” (Yates Memo) last year. Its purpose was to hold individuals accountable for bad (illegal) behavior rather than just have corporations pay big fines. In effect, corporations would be tasked with serving up their former employees if they had done something wrong. The DOJ wanted to put a face on the criminal misconduct both to: 1) deter corporate bad behavior and; 2) show the general public that individuals were not getting away with criminal acts without punishment. We were all optimistic. Continue reading →

With Cybercrime on the Rise, Financial Regulators Advance Stricter Cybersecurity Regulations

Courtesy of John F. Savarese and Marshall L. Miller

As ever-increasing cyber attacks target companies in the financial sector and beyond, financial regulators in New York and Washington, D.C. have focused their attention on cybersecurity risk. On October 19, federal banking regulators sought comments (PDF: 506 KB), due January 17, 2017, on enhanced cyber risk-management standards for major financial institutions. Meanwhile, the New York State Department of Financial Services (DFS) recently announced detailed regulations, requiring covered institutions — entities authorized under New York State banking, insurance, or financial services laws —to meet strict minimum cybersecurity standards. And yesterday, the Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an advisory (PDF: 332 KB) on the reporting of cyber events under the Bank Secrecy Act. Continue reading →

Department Releases Intake and Charging Policy for Computer Crime Matters

Courtesy of Assistant Attorney General Leslie R. Caldwell of the Criminal Division
Originally published on Justice Blogs – October 25, 2016

As computers play an ever-greater role in our lives and cybercrime becomes both more commonplace and more devastating, the need for robust criminal enforcement of effective computer crime laws will only become more important. As we’ve said in public remarks last year, we urgently need targeted updates to the Computer Fraud and Abuse Act that will help the department protect our privacy and security online. A number of recent prosecutions have demonstrated our commitment and success in bringing significant prosecutions under these vital statutes. Prosecutors in U.S. Attorney’s Offices across the country, in conjunction with the Computer Crime and Intellectual Property Section (CCIPS) in Washington, have brought cases against hackers and carders like Roman Seleznev and Marcel Lazar and cyberstalkers and sextortionists like Ryan Vallee and Michael Ford, and have conducted challenging and cutting-edge cybercrime operations, such as the takedown of the Darkode hacking forum last year.

It is, of course, not enough to have effective laws; those laws must also be enforced responsibly and consistently. Continue reading →

Has “Compliance” Had its Fifteen (Years) of Fame?

by Michael W. Peregrine

A series of recent developments calls into question to what extent corporate leadership remains committed to organizational compliance efforts.

The modern emphasis on maintaining an “effective” compliance program was one of the principal corporate responsibility reforms to emerge from the embers of Enron, and from the broader Sarbanes-Oxley environment. The provisions of the Federal Sentencing Guidelines establishing the parameters of an effective compliance program (PDF: 527 KB) were adopted in direct response to this environment. The compliance program provisions of the Department of Justice’s (PDF: 2,791 KB) corporate prosecution guidelines also reflect that era. Over the ensuing years, compliance oversight has become a principal responsibility of corporate leadership both as a matter of regulatory expectation and of fiduciary stewardship.

Yet, as the 15th anniversaries of both the Enron bankruptcy and the enactment of the Sarbanes-Oxley Act beckon, anecdotal evidence suggests that corporate compliance may no longer occupy the highest level of interest amongst corporate leadership. That it is no longer the principal corporate imperative that it once was–and may need to be, in order to compete with other legitimate organizational initiatives for leadership attention and support. This is a trend which should, and may well, be reversed. Continue reading →

Compliance Personnel: The “Architects and Engineers” of Automated Compliance Systems

by Onnig H. Dombalagian

As algorithms have increasingly come to dominate trading in financial markets and the delivery of financial services, regulators have responded by increasing reliance on high-tech surveillance. The SEC’s new quantitative tools—such as MIDAS, NEAT, and the Accounting Quality Model—not only monitor markets for fraudulent, unfair and unethical conduct, but reinforce the SEC’s ambition to extract, structure, disseminate and analyze more financial and trading information from issuers, markets, and intermediaries. The SEC is not alone: FINRA’s aborted CARDS initiative would have imposed significant record-keeping requirements on firms so that its automated analytics could identify problematic sales practices and trigger appropriate enforcement action. Continue reading →

Corporate Governance for Banking Institutions Is Different

by Paul L. Lee

Observers have often asked whether corporate governance for banking institutions, i.e., banks and bank holding companies, is (or should be) different from governance for other corporations. The resounding answer from the bank regulatory authorities is that the governance of banking institutions is (and should be) different from the governance of other corporations because of the special credit and liquidity functions performed by banking institutions.[1] These special intermediary functions have historically led to a highly regulated environment for banking institutions, which has directly affected governance processes. The bank regulatory authorities maintain that the directors of banking institutions are responsible to a broader set of stakeholders than just shareholders. The additional stakeholders include depositors (and indirectly the federal deposit insurance fund), creditors and the regulators themselves. Continue reading →

What Does A Corporation Have to “Know” To Be Criminally Prosecuted?

by Steve Solow

Up until around a month ago, if you asked law professors and white collar defense counsel “what does it take for a company to be held criminally liable,” for most serious felonies, you would most likely get an answer that there needs to be a person, who worked for or on behalf of a company, who committed a crime in connection with their job. It’s the standard of respondeat superior, or vicarious liability, that has been in use at least since New York Central & Hudson River Railroad Co. v. United States was decided over one hundred years ago. 212 U.S. 481 (1909).

But a few weeks ago, in what might be an ironic move in light of the September memo from DAG Sally Yates (more on that in a moment), federal prosecutors succeeded in convicting Pacific Gas & Electric (PG&E) of criminal charges (knowing and willful criminal charges) using a theory of “corporate collective knowledge.” Continue reading →

Compliance and Enforcement