Category Archives: Corporate Compliance

What Employers Need To Know About California’s New #Metoo Laws

by Elizabeth A. Ising, Stewart L. McDowell, Jason C. Schwartz, Katherine V.A. Smith, Lori Zyskowski, Sean Sullivan, Elizabeth A. Dooley, Alice YN Ha, Jordan E. Johnson, Dustin G. May, Arturo Pena Miranda, and Matthew T. Sessions

On September 30, 2018, Governor Edmund G. Brown signed several new workplace laws, and vetoed others, that arose out of the #MeToo movement.  We briefly review the newly signed legislation and also highlight bills that Governor Brown rejected.  Unless otherwise indicated, these new laws will take effect on January 1, 2019.  Continue reading

DOJ Extends FCPA Corporate Enforcement Policy Principles to Non-FCPA Misconduct Discovered in the M&A Context

by John F. Savarese, Ralph M. Levene, David B. Anders, Marshall L. Miller, and Daniel H. Rosenblum

In an important speech, Deputy Assistant Attorney General Matthew Miner of the Department of Justice’s Criminal Division announced on Thursday that DOJ will “look to” the principles of the FCPA Corporate Enforcement Policy (PDF: 50.6 KB) in evaluating “other types of potential wrongdoing, not just FCPA violations” that are uncovered in connection with mergers and acquisitions.  As a result, when an acquiring company identifies misconduct through pre-transaction due diligence or post-transaction integration, and then self-reports the relevant conduct, DOJ is now more likely to decline to prosecute if the company fully cooperates, remediates in a complete and timely fashion, and disgorges any ill-gotten gains. Continue reading

You Want What?: Responding to Individual Requests Under the GDPR

 by Jeremy Feigelson, Jane Shvets, and Christopher Garrett

With the EU General Data Protection Regulation (“GDPR”) in force for less than two months, many companies are already experiencing an increase in requests from individuals seeking to obtain a copy, or request correction or erasure, of their personal data under Articles 15 to 17 of the GDPR.

Do we have to respond?

Yes. A response is required even if the response is that the company will not honour the request because a relevant exemption applies. Continue reading

CFTC Announces Two Significant Awards By Whistleblower Program

by Breon S. Peace, Nowell D. Bamberger, and Patrick C. Swiber

On July 12 and 16, 2018, the U.S. Commodity Futures Trading Commission (“CFTC”) announced two awards to whistleblowers, one its largest-ever award, approximately $30 million, and another its first award to a whistleblower living in a foreign country.[1]  These awards—along with recent proposed changes meant to bolster the Securities and Exchange Commission’s (“SEC” or “Commission”) own whistleblower regime—demonstrate that such programs likely will continue to be significant parts of the enforcement programs of both agencies and necessarily help shape their enforcement agendas in the coming years.

The Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) authorized the CFTC to pay awards of between 10 and 30 percent to whistleblowers who voluntarily provide original information to the CFTC leading to the successful enforcement of an action resulting in monetary sanctions exceeding $1 million.[2]  Following the introduction of implementing rules, the CFTC’s program became effective in October 2011.  Over the next six-and-a-half years, the CFTC has paid whistleblower bounties on only four prior occasions, with awards ranging from $50,000 to $10 million.  The $30 million award announced last week, thus, reflects a significant increase.  This week’s award to a foreign whistleblower also represents another first for the CFTC’s program and reflects the global scope of the program. Continue reading

UK Financial Conduct Authority Issues Near-Final Rules on Extension of Senior Managers and Certification Regime and Introduces New Financial Services Directory

by Karolos Seeger, Simon Witney, and Andrew Lee

Following the consultation papers published in July and December 2017, the UK Financial Conduct Authority (“FCA”) on 4 July 2018 provided responses to the industry feedback it received and issued near-final rules on extending the Senior Managers and Certification Regime (“SMCR”) to almost all FCA-regulated firms.[1] Notably, the FCA has confirmed that the new rules will apply from 9 December 2019. We summarise below the limited changes from the FCA’s initial SMCR proposals, the main features of which have been covered in our previous client updates.[2]

In addition, the FCA has published a consultation paper regarding the introduction of a new directory of financial services workers (the “Directory”).[3] This will be available from 10 December 2019 for banks, building societies, credit unions and insurers, and from 9 December 2020 for all other firms. The key aspects of the Directory and firms’ significant related notification obligations are outlined below. Continue reading

Department of Justice Offers Incentive for Antitrust-Based Corporate Compliance

by Michael W. Peregrine and Mary N. Strimel

Board-level audit and compliance committees should support efforts to revise the organizational compliance plan to incorporate specific provisions focused on antitrust law-related guidelines.  This is especially important given the Department of Justice’s (“DOJ”) plans to credit pre-existing compliance programs that incorporate such provisions.  A company’s General Counsel, perhaps teaming with the Chief Compliance Officer, can support the committee in this initiative.

In a recent speech,[1] Principal Deputy Assistant Attorney General (“DAAG”) Andrew Finch stated that the Antitrust Division is examining whether, and to what extent, to recognize and credit pre-existing compliance programs, potentially during charging or at sentencing.  This consideration might mirror the approach taken by the Canadian Competition Bureau, which announced last month that it would recommend fine discounts of up to 20% for companies that have a “credible and effective” compliance program.[2]  Continue reading

Governance and Culture – The Conversation Boards are Having Now

by Ben Morgan and Holly Insley

Corporate governance has long been an area of focus for boards and recent proposals in the UK have ensured that this remains the case.

The Financial Reporting Council consulted in late 2017 on proposed changes to its Corporate Governance Code for quoted companies.  The final text of the changes is expected to be published this summer, for introduction in 2019. 

The focus on governance extends beyond the quoted company arena.  Legislation laid before Parliament in June 2018 will, amongst other things, require large UK private companies to disclose in their annual directors’ report details of the corporate governance arrangements they have operated during the previous year. At the same time, a consultation has been launched on proposed corporate governance principles for large private companies, which the government hopes will be adopted by those companies as an appropriate framework when complying with the new governance-related reporting requirement. Continue reading

Potholes in Compliance: Hidden Risks Under Rule 506(d)’s Bad Actor Disqualification

by Joshua Pirutinsky

I. Introduction

Sometimes the unexpected happens. But preparing for the unexpected is the essence of the compliance function. The failure to effectively prepare for risks unrelated to your core business can be disastrous.  A seemingly innocuous compliance breach could disqualify your firm from participating in a private offering of securities under Rule 506(d), known as the “Bad Actor” Disqualification.   Being a Bad Actor can have detrimental, if not fatal, consequences for your firm – hence the critical importance of making known certain unknowns. Continue reading

Extending the “Failure to Prevent” Model of Corporate Criminal Liability in the UK

by Liz Campbell

Prosecuting corporate criminality is not straightforward. As a result of these difficulties, the UK Parliament is turning to an indirect form of corporate criminal liability: the Bribery Act 2010 introduced the corporate offence of failure to prevent bribery (FtPB), and this provision has been emulated with respect to the failure to prevent the facilitation of tax evasion in the Criminal Finances Act 2017.  

In brief, a relevant commercial organisation (C) is guilty of FtPB if a person associated with C bribes another person with the intention of obtaining or retaining business or an advantage for C.  An ‘associated’ person is an individual or body who ‘performs services’ for or on behalf of the organisation, and this definition was framed broadly intentionally.[1]  Crucially, the corporate entity can rely on the section 7(2) defence that it had “adequate procedures” in place designed to prevent persons associated with it from bribing. Continue reading

NIST Releases an Updated Version of its Cybersecurity Framework

by Sabastian V. NilesMarshall L. Miller, and Jeohn Salone Favors

Last week, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released an updated Cybersecurity Framework (PDF: 1,038 KB) that revises NIST’s baseline recommendations for the design of cybersecurity risk management programs.  In announcing its release, Commerce Secretary Wilbur Ross described the updated Framework as “a must do for all CEOs” and recommended that “every company” adopt the Framework as its “first line of defense.”  As with the prior version, the updated NIST Framework provides a useful tool to guide and benchmark company approaches to cybersecurity risk and will impact how regulators evaluate cybersecurity programs and incident responses across sectors. Continue reading