Category Archives: Compliance

Energy Market Manipulation Remains a Hot Issue at FERC

by Jonathan G. Cedarbaum, H. David Gold, and Nathaniel B. Custer

Since the passage of the Energy Policy Act of 2005, fraud and market manipulation have been top enforcement priorities of the Federal Energy Regulatory Commission (FERC or the Commission).  FERC’s most recent annual report on enforcement (PDF: 2.72 MB) shows that, in fiscal year 2018, FERC opened some 16 investigations into market manipulation (out of 24 total) and recovered almost $150 million in civil penalties and disgorgement of profits, much of which was from market manipulation cases. 

Recent case law, meanwhile, indicates that courts interpret FERC’s authority in this sphere permissively. The courts, for example, have sided with FERC in allowing considerable time to bring enforcement actions in market manipulation cases, notwithstanding statute of limitations defenses raised by the regulated entities subject to enforcement. 

Energy companies and other businesses subject to FERC’s enforcement authority should continue to monitor developments in this area and make sure that their compliance programs are up to date. Continue reading

CFTC Enters the Market for Anti-Corruption Enforcement

by Alice S. Fisher, Douglas K. Yatter, William R. Baker III, Douglas N. Greenburg, Robyn J. Greenberg, and Benjamin A. Dozier

New enforcement advisory encourages reporting of foreign corrupt practices that the agency intends to pursue under the Commodity Exchange Act.

On March 6, 2019, the Division of Enforcement (Division) of the US Commodity Futures Trading Commission (CFTC or Commission) announced that it will work alongside the US Department of Justice (DOJ) and the US Securities and Exchange Commission (SEC) to investigate foreign bribery and corruption relating to commodities markets.[1] CFTC Enforcement Director James McDonald announced the agency’s new interest in this area as the Division issued an enforcement advisory on self-reporting and cooperation for violations of the Commodity Exchange Act (CEA) involving foreign corrupt practices.[2]

For companies and individuals who participate in the markets for commodities and derivatives — or whose activities may impact those markets — the CFTC announcement adds a new dimension to an already crowded and complex landscape for anti-corruption enforcement. A range of industries, including energy, agriculture, metals, financial services, cryptocurrencies, and beyond, must now consider the CFTC and the CEA when assessing global compliance and enforcement risks relating to bribery and corruption. This article summarizes the new developments and outlines key considerations for industry participants and their legal and compliance teams. Continue reading

The Weakness in Two-Factor Authentication—Your Lost Phone Policy

by Avi Gesser, John R. Kapp, and Michelle Adler

Two-Factor authentication is one of the most common measures that companies use to reduce cyber risk, but it is not very effective if companies don’t also have a good lost phone protocols.

Various regulations and industry rules require two-factor authentication (also referred to as multi-factor authentication or MFA) including the NYDFS cyber rules (PDF: 97.5 KB), the NIST identification and authentication requirements, the Payment Card Industry (PDF: 1.05 MB) (“PCI”) Data Security Standard 8.3, as well as the proposed amendments to GLBA.

MFA involves confirming that a purposed user of a certain login credential and password is actually the authorized user, by employing an additional verification method, such as a passcode sent to an employee’s phone by text message or through an authenticator app like Duo or Google Authenticator.  But, not all forms of verification are equal.  In 2016, the NIST considered not recommending SMS messages as a form of second-factor authentication due to their susceptibility to being redirected by attackers. Continue reading

NFA Members Should Prepare for Onerous New Breach Notification Requirements

by Avi Gesser, Jai Massari, Kelsey Clark, and Daniela Dekhtyar-McCarthy

On April 1, 2019, new cybersecurity requirements outlined in the NFA’s Interpretive Notice to NFA Compliance Rules 2-9, 2-36 and 2-49 will come into effect.  These new requirements apply to NFA Members, including registered futures commission merchants, commodity trading advisors, commodity pool operators, introducing brokers, retail foreign exchange dealers, and swap dealers.  They are designed to “establish general requirements relating to Members’ information systems security programs (ISSPs) but leave the exact form of an ISSP up to each Member.”  These ISSP obligations relate to, among others, approval and third-party cyber diligence (see our previous blog post).

Perhaps the most significant new obligation is the imposition of onerous breach notification requirements, which require NFA Members to notify the NFA “promptly” of any cybersecurity incident related to its commodity interest business that results in:

  • any loss of customer or counterparty funds;
  • any loss of an NFA Member’s own capital; or
  • the NFA Member providing notice to customers or counterparties under state or federal law.

Continue reading

The Future of Anti-Corruption Enforcement Involving Brazil and the United States

by Bruce E. Yannett, David. A. O’Neil, Andrew M. Levine, Kara Brockmeyer, and Daniel Aun

The beginning of the year allows us to look back at recent developments in the white collar front involving Brazil and the United States, and prompts us to consider what to expect going forward, especially in light of the election of President Jair Bolsonaro and the appointment of former judge Sergio Moro as Minister of Justice. 

Lava Jato, Carne Fraca, and Zelotes are among the Brazilian anti-corruption operations that have echoed in the United States over the last few years.  Intensified cooperation between authorities in the two countries has fueled countless investigations, settlements, convictions, and related civil litigation.  U.S. criminal enforcement also has reverberated in Brazil, with the FIFA prosecutions being perhaps the most headline-making example.  Continue reading

CFTC Publishes Examination Priorities for 2019

By Seth Davis, Paul M. ArchitzelPetal P. Walker and Joseph M. Toner

On February 12, 2019, the Commodity Futures Trading Commission (CFTC or Commission) published for the first time its examination priorities for the coming year.[1] The release of the priorities will provide legal and compliance staff of CFTC-regulated entities greater insight into the Commission’s examination programs and assist them in better preparing for, and successfully navigating, an examination. The Commission bases its priorities on four pillars: (1) effective communication, (2) a risk-based determination of priorities, (3) continuous improvement and (4) efficiency. Continue reading

Strong Whistleblower Protections Reflect a Positive Compliance Culture

By Maria T. Vullo

In a recent submission (PDF: 2.36 MB) to Congress, the U.S. Securities & Exchange Commission (SEC) reported that, for fiscal year 2018, the SEC paid the largest whistleblower awards since the institution of its program in 2012 following the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank).  Specifically, in FY 2018, the SEC awarded 13 individuals over $168 million collectively for tips that led to actions by the SEC to protect investors.[1]

Other statutes likewise provide financial incentives to whistleblowing.  Under the False Claims Act (FCA), for example, persons who report fraud in government contracting can receive up to 30 percent of the government’s recovery in an action.  Many states, including New York, have enacted state-level equivalents of the FCA.  For many decades, the FCA has contributed to large recoveries to the U.S. Treasury, with an expansion of recoveries in part due to the reporting of violations by whistleblowers. Continue reading

“They Wanted the Barrels”: A Case Study in Behavioral Influences on Corporate-Compliance Decisionmaking

by Jonathan J. Rusch

In 2011, during NATO’s bombing campaign against Libyan ruler Muammar Qaddafi’s forces, NATO bombs hit a particular oil company’s storage facility containing thousands of barrels of chemicals used in oil drilling.  While most barrels were destroyed, a substantial number were intact but their contents were permanently altered, due to extreme heat from bomb explosions and fires.  The chemical changes made the barrels’ contents useless for their intended purpose.[1]

Some days later, the oil company’s compliance lawyer with responsibility for the region was contacted by an oilfield operations manager for the company.  The manager said that they had been approached by unnamed “authorities” in eastern Libya, who were offering millions of dollars to buy the chemicals to use for drilling for water. He explained that the company would not permit use of the altered chemicals to drill for oil because they no longer met company quality standards.

The oilfield manager also told the lawyer, “We need this deal” and “We haven’t had any significant revenue for years.”  He showed the lawyer “photos of the damaged chemicals and the letters requesting the deal from the authorities,” as well as “the approvals from the commercial lawyers and a chain of emails from our leaders showing their desperation to screw some profit out of this situation.”  The manager also asserted that “the authorities were running out of patience. They had a window in which they had to get drilling and if we couldn’t help them they would need to find someone who could. So time was of the essence and all that was lacking was the compliance seal of approval.” Continue reading

Protecting Attorney-Client Privilege and Respecting Fifth Amendment Rights While Cooperating with the Government

by John F. Savarese and Carol Miller

In 2018, two cases illustrated the potential hazards that can arise when companies’ efforts to cooperate with the government later provide a basis for individuals questioned during internal investigations to claim that their Fifth Amendment rights against self-incrimination were compromised.  While these cases, which we summarize below, have the greatest impact in connection with the representation of individuals in such investigations, companies responding to white collar inquiries need to keep these new developments in mind, particularly in conducting internal investigations and working in a cooperative mode with the government.  Companies and their counsel must be mindful of these issues both to insure that individual employee rights are protected and to protect as much as possible the confidentiality and integrity of the company’s review. Continue reading

Is a European Anti-Corruption Prosecutor Needed?

by Jonathan J. Rusch

In a January 17 interview with the French news-magazine L’Obs, former French Prime Minister Bernard Cazeneuve argued that a European anti-corruption prosecutor is needed “to restore a balance, to correct the asymmetry of the Euro-Atlantic relationship in the fight against corruption from which European companies are currently suffering.”

In the interview, Cazeneuve — now a partner with the August Debouzy law firm specializing in compliance issues – stated that “it cannot be ruled out that in a context of rising protectionism under the Trump Administration, ‘compliance’ rules are also used to protect the economic and industrial interests of certain powers.  Faced with such a reality, it would be very naive not to seek to protect our own interests!”  At the same time, Cazeneuve said that “in a global economy, corruption is a long-term factor that impoverishes companies and distorts competition. Only the law can regulate what needs to be and create the conditions for a global level playing field. Preventing corruption in French companies is still the best way to protect them from the often intrusive procedures of U.S. prosecuting authorities.” Continue reading