Category Archives: Corporate Enforcement

DOJ Tells Tech Companies to Develop “Responsible Encryption”

by Laura Goodall, Michael Mugmon, and John F. Walsh

On November 29, 2018, in a speech at the Georgetown University Law School, Deputy Attorney General Rod Rosenstein renewed his call for tech companies to build into their products the means for law enforcement to legally access decrypted data, the development of so-called “responsible encryption.”[1] Mr. Rosenstein analogized such encryption to requirements that buildings disable elevators in the event of a fire but still retain firemen’s access, and he beseeched the private sector to work with the government to mitigate the security threats posed by rapid technological advances.

Summary of Mr. Rosenstein’s Address

Detailing the threat of ransomware, Mr. Rosenstein warned that the “malicious use of technology will be more pernicious and pervasive tomorrow than it is today, and even more difficult to combat.” To “forestall those ominous consequences,” he proposed three steps: Continue reading

New DOJ Policy Revises “Yates Memorandum”

by Michael W. Peregrine and Rebecca Martin

A new Department of Justice policy (the “Policy”) modifies critical elements of the prominent 2015 “Yates Memorandum” on individual accountability. Introduced on November 29 by Deputy Attorney General Rod J. Rosenstein (the “DAG”), the Policy is manifested, in part, by specific revisions to Justice Manual (previously referred to as the U.S. Attorneys’ Manual).

The Policy clarifies the relationship between the scope of a defendant’s disclosures regarding individuals and qualifying for cooperation credit, particularly in the context of civil litigation. In so doing, it also raises critical compliance oversight issues for corporate governance. Continue reading

OFAC Reaches Settlement with Cobham Holdings, Inc. for Violations Resulting from Deficient Screening Software

by H. Christopher Boehning, Jessica S. Carey, Michael E. Gertzman, Roberto J. Gonzalez, Brad S. Karp, Richard S. Elliott, Rachel M. Fiorill, and Karen R. King

On November 27, 2018, the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”) announced a nearly $90,000 settlement agreement with Virginia-based Cobham Holdings, Inc. (“Cobham”), a global provider of technology and services in aviation, electronics, communications, and defense, on behalf of its former subsidiary, Aeroflex/Metelics, Inc. (“Metelics”).[1] The settlement involves three shipments of goods through distributors in Canada and Russia to an entity that did not appear on OFAC’s Specially Designated Nationals and Blocked Persons List (the “SDN List”), but was blocked under OFAC’s “50% rule” because it was 51% owned by a company sanctioned under the Russia/Ukraine sanctions program. This is the second OFAC action of which we are aware that has relied on the 50% rule.  The apparent violations appear to have been caused by Metelics’s (and Cobham’s) reliance on deficient third-party screening software.

While difficult to predict, OFAC’s decision to pursue this action—involving only three shipments, a violation of the 50 percent rule, and where the root cause of the apparent violations is attributable to deficient sanctions screening software—may signal a raising of OFAC’s compliance expectations, consistent with Treasury Under Secretary Sigal Mandelker’s warning in a recent speech that private sector companies “must do more to make sure [their] compliance systems are airtight.”[2]

Below, we describe the settlement, OFAC’s penalty calculation, and several lessons learned. Continue reading

Virtual Currencies, Manipulation, Cooperation, and More: CFTC Enforcement Division’s 2018 Annual Report

by Nowell Bamberger, Robin Bergen, and Emily Michael

On November 15, 2018, the Division of Enforcement (the “Division”) of the U.S. Commodity Futures Trading Commission (“CFTC”) released its Annual Report on the Division of Enforcement (PDF: 1.95 MB) (the “Report”), highlighting the enforcement division’s recent initiatives and reinforcing its focus on cooperation and self-reporting.  The Report provides a succinct overview of the Division’s enforcement priorities over the last year, discusses its overall enforcement philosophy, sets out key metrics about the cases brought in the last year, and highlights its key initiatives for the coming year.  While the Division’s priorities—preserving market integrity, protecting customers, promoting individual accountability, and increasing coordination with other regulators and criminal authorities—do not mark a departure from prior guidance, the Report does highlight the Division’s particular focus on individual accountability and a few target areas of enforcement.  Continue reading

National Bank Supervision Manual

by Sullivan & Cromwell LLP

OCC’s New and Revised Sections of Policies and Procedures Manual Relating to Enforcement Actions Suggest Continued Heightened Interest in Actions Against Individuals

Summary

Historically, the Office of the Comptroller of the Currency (the “OCC”) has applied a single set of internal policies and procedures to enforcement actions brought against individuals (institution-affiliated parties (“IAPs”)) and institutions (national banks, federal savings associations, and federal branches and agencies of foreign banks (collectively, “banks”)).  On November 13, the OCC issued a new section to its Policies and Procedures Manual (“PPM”) specific to enforcement actions against IAPs (the “IAP PPM”)[1] and simultaneously updated the existing sections for Bank Enforcement Actions and Related Matters (the “Bank PPM”)[2] and for Civil Money Penalties (“CMPs”) (the “CMP PPM”).[3]  The new IAP PPM generally breaks no new ground, and most changes to the Bank PPM and CMP PPM align those two sections with, and reflect the issuance of, the IAP PPM.  There are, however, several notable additions and modifications to the new and revised sections that serve to improve the clarity and transparency of the OCC’s enforcement action process. 

Beyond those distinctions, the issuance of a standalone IAP PPM suggests a continued, if not increased, focus by the OCC on actions against IAPs going forward, and is consistent with the broader theme, evidenced over the last several years, of regulatory and law enforcement focus on holding individuals accountable in cases of financial institution wrongdoing.[4]  The new OCC IAP PPM suggests a continual focus on holding individuals accountable for corporate misconduct in the financial industry. Continue reading

Getting Comfortable with Collective Knowledge

by Mihailis E. Diamantis

Doctrines for attributing knowledge to corporations seem to be stuck between doing far too little and the risk of doing far too much.  Respondeat superior forces plaintiffs and prosecutors to find a single corporate employee with all the relevant knowledge.[1]  This means corporations automatically win against knowledge-based allegations when, as will predictably happen, knowledge is dispersed across corporate personnel.  The familiar solution is to introduce some way to aggregate knowledge.  But the doctrine that does just that—the collective knowledge doctrine—has met with widespread skepticism.[2]  The worry is that the collective knowledge doctrine treats corporations as knowing too much by triggering knowledge-based penalties for mere negligence in maintaining lines of communication.[3]  As a result, few courts have adopted the collective knowledge doctrine since it was introduced more than thirty years ago.[4]

If judges and scholars are ever going to get comfortable with moving beyond respondeat superior, they need to think hard about the informational logic of the collective knowledge doctrine.  As I argue in a working paper, The Corporation and the Epistemologist,[5] that logic is poorly understood.  Discussions vacillate without warning between two versions of the doctrine: one of which is entirely toothless, the other of which is worryingly permissive.  Once these two versions are distinguished, the search for a happy compromise can begin. Continue reading

What’s in a Name? That Which We Now Call the Justice Manual Has a Familiar, But Distinctive, Scent

by Katya Jestin, David Bitkower, Matthew D. Cipolla, Anne Cortina Perry, and Jessica A. Martinez

On September 25, 2018, Deputy Attorney General Rod Rosenstein announced the rollout of the “Justice Manual” – a revised and renamed version of the U.S. Attorneys’ Manual, a long-used reference for Department of Justice (DOJ) policies and procedures.[1] The most significant changes appear to be confined to anticipated codifications of well-publicized new policies (although one such policy was, puzzlingly, omitted). But some other changes have not been previously addressed by Department leadership, and may provide insight into the Department’s mindset in light of recent events.

The recent rollout was the culmination of a yearlong review and overhaul of the Manual, the first in more than 20 years.[2] This initiative to streamline DOJ policies and revamp the U.S. Attorneys’ Manual was announced by Deputy AG Rosenstein last October in a speech at NYU. Rosenstein explained in his initial announcement that the project would work to identify redundancies, clarify ambiguities, eliminate surplus language, and update the Manual to reflect current law and DOJ practice, including through the incorporation of outstanding policy memoranda.[3] According to DOJ’s recent announcement, the name change from “U.S. Attorneys’ Manual” to “Justice Manual” not only reflects this significant undertaking by DOJ employees, but also emphasizes the applicability of the Manual to the entire Department, beyond the U.S. Attorneys’ Offices.[4] Continue reading

Director of the Serious Fraud Office Lisa Osofsky Keynote on Future SFO Enforcement

by Lisa Osofsky

Thank you.

I have just completed my first month as Director of the Serious Fraud Office.

As a new director, I have spent my first weeks meeting the talented and hardworking SFO team – from lawyers to investigators to accountants to computer experts to the administrative team who are the backbone of every government agency all around the globe.   I have come to an office with strong values and a commitment to justice, a dedication for searching for the truth.  Continue reading

Rulemaking Commenters Debate the SEC’s Proposed Changes to Its Whistleblower Program

by Gerald Hodgkins, Arlo Devlin-Brown, David Kornblau, and Jenny Park

Over 3,000 commenters submitted letters to the Securities and Exchange Commission (“SEC”) concerning the agency’s recently proposed amendments to its whistleblower rules.[1] This response reflects the perceived importance of the SEC’s proposal to companies and employees.

The most controversial of the proposed amendments would allow the SEC discretion to decrease the size of an award if it determines that the award would otherwise be too large to advance the goals of the whistleblower program.[2] Under current rules, if a whistleblower qualifies for an award, the SEC determines the size of the award by considering a number of specified factors that can increase or decrease the award amount within the range of 10 to 30 percent of the monetary sanctions recovered.[3] To decrease the amount of an award, the SEC can consider only the culpability of the whistleblower; whether the whistleblower unreasonably delayed reporting the misconduct to the SEC; and whether the whistleblower interfered with the company’s internal compliance and reporting systems.[4] Continue reading

DOJ Extends FCPA Corporate Enforcement Policy Principles to Non-FCPA Misconduct Discovered in the M&A Context

by John F. Savarese, Ralph M. Levene, David B. Anders, Marshall L. Miller, and Daniel H. Rosenblum

In an important speech, Deputy Assistant Attorney General Matthew Miner of the Department of Justice’s Criminal Division announced on Thursday that DOJ will “look to” the principles of the FCPA Corporate Enforcement Policy (PDF: 50.6 KB) in evaluating “other types of potential wrongdoing, not just FCPA violations” that are uncovered in connection with mergers and acquisitions.  As a result, when an acquiring company identifies misconduct through pre-transaction due diligence or post-transaction integration, and then self-reports the relevant conduct, DOJ is now more likely to decline to prosecute if the company fully cooperates, remediates in a complete and timely fashion, and disgorges any ill-gotten gains. Continue reading