Category Archives: Corporate Civil Liability and Enforcement

DOJ Issues Guidance on Cooperation In False Claims Act Investigations

by Jennifer Kennedy Park, Breon S. Peace, and Lisa Vicens

DOJ Issues Guidance on Cooperation In False Claims Act Investigations

On May 7, 2019, the Department of Justice (“DOJ” or “the Department”) issued formal guidance to DOJ’s False Claims Act (“FCA”) litigators on the circumstances in which DOJ will grant credit for cooperation during FCA investigations.[1] The guidance explains the factors that DOJ considers in determining whether to award cooperation credit in FCA investigations and the types of credit available.[2] 

Under the guidance, cooperation credit in FCA cases may be earned by voluntarily disclosing misconduct unknown to the government, cooperating in an ongoing investigation or undertaking remedial measures in response to a violation of the FCA.  Aside from taking these steps, a company may receive at least partial credit by identifying individuals with relevant information about the conduct, preserving relevant documents and information beyond existing business practice or legal requirements, and assisting in an ongoing investigation by disclosing relevant facts, among others.  Cooperation credit will take the form of reducing the penalties or damages multiple sought by the DOJ.  The maximum credit that a defendant receives may not surpass the amount of full compensation the government would receive for losses caused by the defendant’s misconduct.  This amount includes government damages, lost interest, costs of investigation and relator share. Continue reading

DOJ Updates Guidance on Evaluating Corporate Compliance Programs

by Matthew L. Biben, Kara Brockmeyer, Helen V. Cantwell, Andrew J. Ceresney, Andrew M. Levine, David A. O’Neil, David Sarratt, Jonathan R. Tuttle, Mary Jo White, Bruce E. Yannett, Lisa Zornberg, Ryan M. Kusmin, Jil Simon

On April 30, 2019, Assistant Attorney General Brian Benczkowski announced an updated version of the Evaluation of Corporate Compliance Programs (the “Updated Guidance”).[1] This Updated Guidance supersedes a document of the same name that the Fraud Section of DOJ’s Criminal Division published online in February 2017 without any formal announcement (the “2017 Guidance”). Although not breaking much new ground, we believe the Updated Guidance can serve as a valuable resource for those grappling with how best to design, implement, and monitor an effective corporate compliance program.

In contrast to the 2017 Guidance—which listed dozens of questions to consider in evaluating a compliance program without providing much context—the Updated Guidance employs a more holistic approach. It focuses on three fundamental questions drawn from the Justice Manual:

  • Is the corporation’s compliance program well designed?
  • Is the program implemented effectively?
  • Does the program work in practice?[2]

Continue reading

Lorenzo v. SEC — Supreme Court Issues Decision on “Scheme Liability” Under Rule 10b-5

by Sullivan & Cromwell LLP

U.S. Supreme Court Rules That Defendants Can Be Held Primarily Liable for Securities Scheme Fraud for Knowingly Disseminating the Misstatements of Others

Summary

Yesterday, in a widely watched securities case, the U.S. Supreme Court held in Lorenzo v. SEC[1] that a defendant who disseminates the material misstatement of another—and thus cannot be liable under SEC Rule 10b-5(b) for “making” the statement—can nevertheless be liable under other provisions of the securities laws that proscribe “any device, scheme, or artifice to defraud” or “any act, practice or course of business which operates or would operate as a fraud or deceit.”  The Court’s decision may affect long-standing case law in various federal circuits—including those covering New York and California—which had held that alleged frauds solely involving material misstatements or omissions could not be pursued under provisions other than Rule 10b-5(b).  Although Lorenzo potentially broadens the scope of conduct subject to securities fraud liability based on dissemination of material misstatements, the opinion emphasizes certain factual circumstances present in this case that may limit its future application in other circumstances. Continue reading

CFTC Publishes Examination Priorities for 2019

By Seth Davis, Paul M. ArchitzelPetal P. Walker and Joseph M. Toner

On February 12, 2019, the Commodity Futures Trading Commission (CFTC or Commission) published for the first time its examination priorities for the coming year.[1] The release of the priorities will provide legal and compliance staff of CFTC-regulated entities greater insight into the Commission’s examination programs and assist them in better preparing for, and successfully navigating, an examination. The Commission bases its priorities on four pillars: (1) effective communication, (2) a risk-based determination of priorities, (3) continuous improvement and (4) efficiency. Continue reading

Strong Whistleblower Protections Reflect a Positive Compliance Culture

By Maria T. Vullo

In a recent submission (PDF: 2.36 MB) to Congress, the U.S. Securities & Exchange Commission (SEC) reported that, for fiscal year 2018, the SEC paid the largest whistleblower awards since the institution of its program in 2012 following the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank).  Specifically, in FY 2018, the SEC awarded 13 individuals over $168 million collectively for tips that led to actions by the SEC to protect investors.[1]

Other statutes likewise provide financial incentives to whistleblowing.  Under the False Claims Act (FCA), for example, persons who report fraud in government contracting can receive up to 30 percent of the government’s recovery in an action.  Many states, including New York, have enacted state-level equivalents of the FCA.  For many decades, the FCA has contributed to large recoveries to the U.S. Treasury, with an expansion of recoveries in part due to the reporting of violations by whistleblowers. Continue reading

Hong Kong Court Confirms the SFC’s Broad Powers to Share Investigation Materials With Overseas Regulators

By Gareth Hughes, Mark Johnson, Emily Austin, Adam Lee, Christy Leung, Ralph Sellar, Cameron Sim and Emily Lam

Background

In 2014, the Securities and Futures Commission (the “SFC”) commenced an investigation into share trades undertaken by the First Applicant in 2013, after receiving a report from another licensed corporation indicating suspected market manipulation activities by a fund managed by the First Applicant. The trades concerned shares in Nitto Denko Corporation, a Japanese company listed on the Tokyo Stock Exchange.

During the course of the investigation, the SFC sought and obtained various materials from the First Applicant and its majority shareholder and responsible officer, the Second Applicant, pursuant to section 181 of the Securities and Futures Ordinance (the “SFO”). This section empowers the SFC to require the production of information including information about a client, details of a transaction and instructions relating to a transaction from a licensed person. Failure to comply with a demand from the SFC under section 181 without a reasonable excuse is a criminal offence.

In July 2014, the SFC received and acceded to a request for assistance from two Japanese regulators, the Financial Services Agency (the “FSA”) and the Securities and Exchange Surveillance Commission (the “SESC”). In particular, the SFC permitted the Japanese regulators to attend an SFC interview with the Second Applicant and provided them with materials previously disclosed by the Applicants in response to the SFC’s requests for information. Continue reading

The Rise of Cyber Negligence Claims: Plaintiffs Find Receptive Judges by Going Back to Basics

By Avi Gesser and David Robles

New cyber regulations, such as the California Consumer Privacy Act, have companies concerned about expanding potential liability.  Companies fear that private rights of action are being created that will allow consumers to sue by alleging that the companies failed to protect their personal information.  But attention should also be paid to plaintiffs’ recent successes in applying existing legal frameworks—such as basic tort law—to cyber cases.  We have previously written about the use of state consumer protection acts to recover in data breach cases.  Recently, plaintiffs have also made some significant inroads in bringing negligence actions against companies that have experienced cyber events.

On January 28, 2019, the U.S. District Court for the Northern District of Georgia issued a decision in the Equifax Consolidated Consumer Class Action, allowing the consumers’ negligence claims against Equifax to move forward.  Judge Thrash found that the consumers had sufficiently alleged injuries resulting from the breach, pointing to the “unauthorized charges on their payment cards as a result of the Data Breach” as actual, concrete injuries that are legally cognizable under Georgia law.  The Court rejected Equifax’s arguments that the consumer’s injuries should be attributed to the hackers and could have been caused by data breaches at other companies.  The Court noted that allowing companies “to rely on other data breaches to defeat a causal connection would ‘create a perverse incentive for companies: so long as enough data breaches take place, individual companies will never be found liable.’”  Critically, the Court found that, given the foreseeable risk of a data breach, Equifax owed consumers an independent legal duty of care to take reasonable measures to safeguard their personal information in Equifax’s custody.  In doing so, the Court found that the economic loss doctrine was not a bar to the consumers’ recovery because Equifax owed an independent duty to safeguard personal information. Continue reading

How SEC Enforcement is Getting Back to Basics

by Russell G. Ryan

Since leaving the Securities and Exchange Commission in 2004, I’ve done my share of critiquing SEC enforcement policy. So it’s only fair, nearly two years into the tenure of current SEC leadership, to give credit where it’s due.

And as it happens, plenty of credit is due in at least six areas of SEC enforcement policy:

Better Accountability

About ten years ago, the SEC departed from historical practice by delegating to senior enforcement staff the commissioners’ legal responsibility for launching formal investigations and unleashing the power to issue subpoenas. Some of us publicly expressed concerns at the time about this dilution of political accountability, given the severe reputational harm and financial expense that can result from investigations, even if no wrongdoing is ever uncovered.  Continue reading

Microchipping Employees and Biometric Privacy Laws – It’s Time To Start Paying Attention

By Avi Gesser, David Popkin, and Michael Washington

Until recently, biometric privacy was a niche area of the law that had little application to most companies.  But with the rapid growth in commercial biometric data collection, including voice samples, fingerprints, retina scans, and facial geometry, as well as some recent developments in the applicable case law, it’s probably time for companies to start paying attention.  Indeed, one of our top privacy law predictions for 2019 was a judicial expansion of the notion of harm, which happened quicker than we anticipated in the context of gathering biometric data.

On January 25, 2019, the Illinois Supreme Court decided Rosenbach v. Six Flags Entertainment Corporation, 2019 IL 123186 (PDF: 61.7 KB), unanimously finding that plaintiffs could bring a private cause of action for violations of the notice and consent requirements of the state’s biometric privacy law without any showing of harm.  In Six Flags, a mother sued the owner of a theme park on behalf of her teenaged son after he was fingerprinted in connection with the purchase of a season pass to the park.  Neither the son nor the mother consented in writing to the taking of the fingerprint or signed any written release. Further, the park did not provide any documentation about their retention schedule or guidelines for retaining and then destroying the data.  The court found that individuals possess a right to privacy in and control over their biometric identifiers. Continue reading

Detoxing Corporate Culture: How To Assess Toxic Cultural Elements

by Benjamin van Rooij, Adam Fine, and Judy van der Graaf

All views here represent the authors’ own views and not their organizations.

There is a cultural moment in the world of corporate compliance. Following recent major corporate scandals, there is now growing recognition among corporate boards and beyond  that truly changing corporate misconduct means addressing the toxic elements within cultures.

The central question for companies and regulators is how to assess toxic cultural elements.

Toxic corporate culture exists when organizations, whose chief business and business means are legal, develop structural violations of rules over a period of time.

Our recent paper (PDF: 1.06 MB), published in Administrative Science,  offers an in-depth analysis of what toxic cultural elements played a role in three major corporate scandals: BP’s polluting and unsafe oil exploration practices, VW’s diesel emission cheating practices, and Wells Fargo’s fake and unauthorized accounts schemes. In all three cases, the illegal behavior spanned over a decade and investigators concluded that corporate culture was to blame. Yet in all three cases, no one had yet systematically sought to understand what toxic cultural elements sustained the illegal conduct. We developed an analytical framework to examine toxicity in organizational cultures on three levels: structures, values, and practices (see Table 1 below[1]). Continue reading