Category Archives: Corporate Compliance

New DOJ Policy Revises “Yates Memorandum”

by Michael W. Peregrine and Rebecca Martin

A new Department of Justice policy (the “Policy”) modifies critical elements of the prominent 2015 “Yates Memorandum” on individual accountability. Introduced on November 29 by Deputy Attorney General Rod J. Rosenstein (the “DAG”), the Policy is manifested, in part, by specific revisions to Justice Manual (previously referred to as the U.S. Attorneys’ Manual).

The Policy clarifies the relationship between the scope of a defendant’s disclosures regarding individuals and qualifying for cooperation credit, particularly in the context of civil litigation. In so doing, it also raises critical compliance oversight issues for corporate governance. Continue reading

OFAC Reaches Settlement with Cobham Holdings, Inc. for Violations Resulting from Deficient Screening Software

by H. Christopher Boehning, Jessica S. Carey, Michael E. Gertzman, Roberto J. Gonzalez, Brad S. Karp, Richard S. Elliott, Rachel M. Fiorill, and Karen R. King

On November 27, 2018, the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”) announced a nearly $90,000 settlement agreement with Virginia-based Cobham Holdings, Inc. (“Cobham”), a global provider of technology and services in aviation, electronics, communications, and defense, on behalf of its former subsidiary, Aeroflex/Metelics, Inc. (“Metelics”).[1] The settlement involves three shipments of goods through distributors in Canada and Russia to an entity that did not appear on OFAC’s Specially Designated Nationals and Blocked Persons List (the “SDN List”), but was blocked under OFAC’s “50% rule” because it was 51% owned by a company sanctioned under the Russia/Ukraine sanctions program. This is the second OFAC action of which we are aware that has relied on the 50% rule.  The apparent violations appear to have been caused by Metelics’s (and Cobham’s) reliance on deficient third-party screening software.

While difficult to predict, OFAC’s decision to pursue this action—involving only three shipments, a violation of the 50 percent rule, and where the root cause of the apparent violations is attributable to deficient sanctions screening software—may signal a raising of OFAC’s compliance expectations, consistent with Treasury Under Secretary Sigal Mandelker’s warning in a recent speech that private sector companies “must do more to make sure [their] compliance systems are airtight.”[2]

Below, we describe the settlement, OFAC’s penalty calculation, and several lessons learned. Continue reading

National Bank Supervision Manual

by Sullivan & Cromwell LLP

OCC’s New and Revised Sections of Policies and Procedures Manual Relating to Enforcement Actions Suggest Continued Heightened Interest in Actions Against Individuals

Summary

Historically, the Office of the Comptroller of the Currency (the “OCC”) has applied a single set of internal policies and procedures to enforcement actions brought against individuals (institution-affiliated parties (“IAPs”)) and institutions (national banks, federal savings associations, and federal branches and agencies of foreign banks (collectively, “banks”)).  On November 13, the OCC issued a new section to its Policies and Procedures Manual (“PPM”) specific to enforcement actions against IAPs (the “IAP PPM”)[1] and simultaneously updated the existing sections for Bank Enforcement Actions and Related Matters (the “Bank PPM”)[2] and for Civil Money Penalties (“CMPs”) (the “CMP PPM”).[3]  The new IAP PPM generally breaks no new ground, and most changes to the Bank PPM and CMP PPM align those two sections with, and reflect the issuance of, the IAP PPM.  There are, however, several notable additions and modifications to the new and revised sections that serve to improve the clarity and transparency of the OCC’s enforcement action process. 

Beyond those distinctions, the issuance of a standalone IAP PPM suggests a continued, if not increased, focus by the OCC on actions against IAPs going forward, and is consistent with the broader theme, evidenced over the last several years, of regulatory and law enforcement focus on holding individuals accountable in cases of financial institution wrongdoing.[4]  The new OCC IAP PPM suggests a continual focus on holding individuals accountable for corporate misconduct in the financial industry. Continue reading

Do DOJ Policy and ISO Compliance Standard Overlap; and What Are the Pros and Cons For Applying the ISO Standard?

by Daniel Lucien BÜHR

In February 2017, the Fraud Section of the United States Department of Justice’s Criminal Division published a document entitled “Evaluation of Corporate Compliance Programs.” This document lists the assessment criteria for effective corporate compliance programs. The DOJ recognises that each company’s risk profile and the solutions it adopts to reduce risks should be evaluated on their own merits. The DOJ therefore tailors its determination to each case. However, even tailored determinations raise many of the same questions. The DOJ document explains the questions the DOJ may ask about a corporate compliance program. However, it gives no guidance on how companies can actually provide the right answers.

In December 2014, the International Organization for Standardization published ISO International Standard 19600 – Compliance management systems – Guidelines, which helps organisations establish, develop, implement, evaluate, maintain and improve an effective and responsive compliance management system. It is the first international standard on state-of-the-art compliance management and provides the conceptual basis for other international standards, such as ISO 37001 – Anti-bribery management systems.

The DOJ document and ISO Standard 19600 differ, yet they have a shared preventive goal. A comparison between the DOJ document and the ISO Standard 19600 shows that US policy and the Standard are largely compatible, and that ISO 19600 is an appropriate tool for companies to get to a level of compliance management that allows them to provide the right answers to the DOJ’s questions, should that be necessary: Risk and Compliance Management (PDF: 296 KB). The table in the comparison illustrates the overlap between the DOJ and ISO guidance; the flowchart opposite the table illustrates the iterative “plan-do-check-act” management system that the Standard advocates. The colour scheme of both graphics indicates the topical overlap. Continue reading

Director of the Serious Fraud Office Lisa Osofsky Keynote on Future SFO Enforcement

by Lisa Osofsky

Thank you.

I have just completed my first month as Director of the Serious Fraud Office.

As a new director, I have spent my first weeks meeting the talented and hardworking SFO team – from lawyers to investigators to accountants to computer experts to the administrative team who are the backbone of every government agency all around the globe.   I have come to an office with strong values and a commitment to justice, a dedication for searching for the truth.  Continue reading

What Employers Need To Know About California’s New #Metoo Laws

by Elizabeth A. Ising, Stewart L. McDowell, Jason C. Schwartz, Katherine V.A. Smith, Lori Zyskowski, Sean Sullivan, Elizabeth A. Dooley, Alice YN Ha, Jordan E. Johnson, Dustin G. May, Arturo Pena Miranda, and Matthew T. Sessions

On September 30, 2018, Governor Edmund G. Brown signed several new workplace laws, and vetoed others, that arose out of the #MeToo movement.  We briefly review the newly signed legislation and also highlight bills that Governor Brown rejected.  Unless otherwise indicated, these new laws will take effect on January 1, 2019.  Continue reading

DOJ Extends FCPA Corporate Enforcement Policy Principles to Non-FCPA Misconduct Discovered in the M&A Context

by John F. Savarese, Ralph M. Levene, David B. Anders, Marshall L. Miller, and Daniel H. Rosenblum

In an important speech, Deputy Assistant Attorney General Matthew Miner of the Department of Justice’s Criminal Division announced on Thursday that DOJ will “look to” the principles of the FCPA Corporate Enforcement Policy (PDF: 50.6 KB) in evaluating “other types of potential wrongdoing, not just FCPA violations” that are uncovered in connection with mergers and acquisitions.  As a result, when an acquiring company identifies misconduct through pre-transaction due diligence or post-transaction integration, and then self-reports the relevant conduct, DOJ is now more likely to decline to prosecute if the company fully cooperates, remediates in a complete and timely fashion, and disgorges any ill-gotten gains. Continue reading

You Want What?: Responding to Individual Requests Under the GDPR

 by Jeremy Feigelson, Jane Shvets, and Christopher Garrett

With the EU General Data Protection Regulation (“GDPR”) in force for less than two months, many companies are already experiencing an increase in requests from individuals seeking to obtain a copy, or request correction or erasure, of their personal data under Articles 15 to 17 of the GDPR.

Do we have to respond?

Yes. A response is required even if the response is that the company will not honour the request because a relevant exemption applies. Continue reading

CFTC Announces Two Significant Awards By Whistleblower Program

by Breon S. Peace, Nowell D. Bamberger, and Patrick C. Swiber

On July 12 and 16, 2018, the U.S. Commodity Futures Trading Commission (“CFTC”) announced two awards to whistleblowers, one its largest-ever award, approximately $30 million, and another its first award to a whistleblower living in a foreign country.[1]  These awards—along with recent proposed changes meant to bolster the Securities and Exchange Commission’s (“SEC” or “Commission”) own whistleblower regime—demonstrate that such programs likely will continue to be significant parts of the enforcement programs of both agencies and necessarily help shape their enforcement agendas in the coming years.

The Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) authorized the CFTC to pay awards of between 10 and 30 percent to whistleblowers who voluntarily provide original information to the CFTC leading to the successful enforcement of an action resulting in monetary sanctions exceeding $1 million.[2]  Following the introduction of implementing rules, the CFTC’s program became effective in October 2011.  Over the next six-and-a-half years, the CFTC has paid whistleblower bounties on only four prior occasions, with awards ranging from $50,000 to $10 million.  The $30 million award announced last week, thus, reflects a significant increase.  This week’s award to a foreign whistleblower also represents another first for the CFTC’s program and reflects the global scope of the program. Continue reading

UK Financial Conduct Authority Issues Near-Final Rules on Extension of Senior Managers and Certification Regime and Introduces New Financial Services Directory

by Karolos Seeger, Simon Witney, and Andrew Lee

Following the consultation papers published in July and December 2017, the UK Financial Conduct Authority (“FCA”) on 4 July 2018 provided responses to the industry feedback it received and issued near-final rules on extending the Senior Managers and Certification Regime (“SMCR”) to almost all FCA-regulated firms.[1] Notably, the FCA has confirmed that the new rules will apply from 9 December 2019. We summarise below the limited changes from the FCA’s initial SMCR proposals, the main features of which have been covered in our previous client updates.[2]

In addition, the FCA has published a consultation paper regarding the introduction of a new directory of financial services workers (the “Directory”).[3] This will be available from 10 December 2019 for banks, building societies, credit unions and insurers, and from 9 December 2020 for all other firms. The key aspects of the Directory and firms’ significant related notification obligations are outlined below. Continue reading