Large-scale data breaches can give rise to a host of legal problems for the breached entity, ranging from consumer class action litigation to congressional inquiries and state attorneys general investigations. Increasingly, issuers are also facing the specter of federal securities fraud litigation.
The existence of securities fraud litigation following a cyber breach is, to some extent, not surprising. Lawyer-driven securities litigation often follows stock price declines, even declines that are ostensibly unrelated to any prior public disclosure by an issuer. Until recently, significant declines in stock price following disclosures of cyber breaches were rare. But that is changing. The recent securities fraud class actions brought against Yahoo! and Equifax demonstrate this point; in both of those cases, significant stock price declines followed the disclosure of the breach. Similar cases can be expected whenever stock price declines follow cyber breach disclosures. Continue reading →
In a decision that makes clear the importance for counsel conducting internal investigations to think carefully about the consequences of providing oral summaries of witness interviews to government investigators, a federal Magistrate Judge recently held that a law firm waived work product protection for its interview memoranda when counsel provided oral downloads of those interviews to the U.S. Securities and Exchange Commission (“SEC”). Noting that “very few decisions are consequence free events,” the Court held that there was “little to no substantive distinction” for purposes of work product waiver between providing the actual notes and memoranda and reading or orally summarizing the notes. The Court, however, rejected the notion that a waiver of work product protection extends to information the law firm shared with its client’s accounting firm, holding that the accounting firm and the company shared a “common interest.” Continue reading →
The following post provides an overview of the key findings from our research on the enforcement outcomes of the Australian Securities and Investments Commission (ASIC) for the five-year period from 1 July 2011 to 30 June 2016. The full journal article can be accessed here.
ASIC is Australia’s corporate, markets, financial services and consumer credit regulator. This government organization regulates Australian companies, financial markets, financial services organisations and professionals who deal and advise in investments, superannuation, insurance, deposit taking and credit. ASIC dedicates a significant amount of resources (around 70%) to surveillance and enforcement activity, reflecting its view that enforcement is an important part of its regulatory role. Continue reading →
On November 29, 2017, Deputy Attorney General Rod J. Rosenstein announced that the US Department of Justice (DOJ) has implemented a permanent, revised version of the Foreign Corrupt Practices Act (FCPA) Pilot Program. The Pilot Program — which was launched as a one-year trial in April 2016 by then-Assistant Attorney General for the Criminal Division (and now Latham partner) Leslie Caldwell — was extended indefinitely in April 2017 to allow DOJ to evaluate the program’s efficacy. Rosenstein announced that the enhanced policy — now called the FCPA Corporate Enforcement Policy (FCPA Policy) — will be incorporated into the United States Attorneys’ Manual (USAM). Like its predecessor, the FCPA Policy aims to encourage companies to make timely and voluntary disclosures of wrongdoing under the FCPA, while providing additional concrete incentives rewarding corporations for cooperation.
This policy announcement is likely the first of several DOJ policy changes and/or enhancements under the new administration. As detailed in Latham’s October 2017 Client Alert, Rosenstein recently announced that DOJ was reviewing a wide range of existing corporate enforcement policies, including the Pilot Program, DOJ’s policy on “Individual Accountability for Corporate Wrongdoing” (the Yates Memo), and other DOJ policies and memoranda — with the intention of ultimately incorporating the revised policies into the USAM. Continue reading →
The following is the third post in a series of three on recent SEC enforcement. The full report can be accessed here. A note of caution to the readers: the SEC does not share enforcement data. All three posts are based on a database of SEC enforcement actions I have put together along with several research assistants, covering the period between 2007 and 2017. The data was collected by hand, and reviewed at least once. Entries were compared with SEC releases and reports, but the chance of error remains.
The Dodd-Frank Act authorized the SEC to bring almost any enforcement action in an administrative proceeding. Before Dodd-Frank, the SEC could secure civil fines against registered broker-dealers and investment advisers in administrative proceedings, but had to sue in court non-registered firms and individuals, including public companies and executives charged with accounting fraud, as well as traders charged with insider trading violations. After the Dodd-Frank amendment, save for a few remedies that can only be obtained in court, the SEC can choose the forum in which it prosecutes enforcement actions. Continue reading →
The following is the second post in a series of three on recent SEC enforcement. The full report can be accessed here. A note of caution to the readers: the SEC does not share enforcement data. All three posts are based on a database of SEC enforcement actions I have put together along with several research assistants, covering the period between 2007 and 2017. The data was collected by hand, and reviewed at least once. Entries were compared with SEC releases and reports, but the chance of error remains.
I. Enforcement Against Entities
The first post observed that enforcement against individual defendants remained largely unchanged in the second half of the 2017 fiscal year. Enforcement against entities, on the other hand, has changed quite substantially. Fewer entities were targeted in actions brought in the second half of FY 2017: 34% of defendants (165 of 488) in standalone actions in the second half were entities, compared with 47% (201 of 427) in the first half of the year. Continue reading →
Countries around the world are beginning to embrace negotiated corporate criminal settlements, cognizant of U.S. federal prosecutors’ success in using deferred and non-prosecution agreements (hereinafter D/NPAs) to impose both substantial monetary sanctions and mandated reforms. Negotiated settlements, and the mandates they impose, can materially enhance governments’ ability to deter corporate crime when used effectively (Arlen and Kahan 2017).
Yet the existing U.S. approach to mandates needs to be reformed because it suffers from a material weakness: the Department of Justice provides less guidance and formal oversight over mandates imposed through D/NPAs than is required to ensure that prosecutorial authority over mandates is consistent with the Rule of Law.
NYU Program on Corporate Compliance & Enforcement Keynote Address – October 6, 2017
Thank you, Dean Morrison. I appreciate your thoughtful introduction. I am honored to be here with so many distinguished enforcement officials, corporate practitioners, and scholars from around the world.
One of my favorite management parables is about a child who watches her mother prepare a roast beef. The mother cuts the ends off the roast before she puts it in the oven. The child asks why. The mother says that she learned it from her mother. So the child asks her grandmother. The grandmother explains, “When your mother was a child, I cut the ends off because my pan was too small to fit the whole roast beef.”
The moral of the story is that the solutions of the past are not necessarily the right solutions today. Circumstances change. We should not blindly accept past practices. We should be conscientious about reconsidering our assumptions. Continue reading →