During a speech delivered on July 25, 2018 at the American Conference Institute 9th Global Forum on Anti-Corruption Compliance in High Risk Markets, Deputy Assistant Attorney General Matthew Miner, who oversees the U.S. Department of Justice’s (“DOJ”) Fraud Section (which includes the DOJ’s Foreign Corrupt Practices Act (“FCPA”) Unit), announced that successor companies that identify potential FCPA violations in connection with a merger or acquisition and disclose that conduct to the DOJ will be treated in conformance with the DOJ’s FCPA Corporate Enforcement Policy (the “Policy”). Continue reading
Last week, the White House, reacting to the Supreme Court’s June 21, 2018 decision in Lucia v. SEC, issued an Executive Order exempting Administrative Law Judges, or ALJs, from the competitive civil service. This post considers what the order might mean for the Securities and Exchange Commission and other agencies that use ALJs to adjudicate enforcement cases. Lucia held that the SEC’s ALJs are “officers” subject to the Constitution’s Appointments Clause, which means they have to be appointed by (as relevant here) the head of the agency – that is, the SEC’s Commissioners. Previously ALJs were hired through an examination-based process handled by the Office of Personnel Management, or OPM (effectively the human resources department of the federal government). OPM typically presented an agency with a list of eligible candidates ranked on the basis of the examination, among other things, and the agency selected an ALJ from among the top three candidates on the list. Continue reading
One of the most frequently discussed white collar issues of late has been the benefits of voluntarily self-disclosing to the U.S. Department of Justice (“DOJ”) allegations of misconduct involving a corporation. This is the beginning of periodic analyses of white collar issues unique to financial institutions, and in this issue we examine whether and to what extent a financial institution can expect a benefit from DOJ for a voluntary self-disclosure (“VSD”), especially with regard to money laundering or Bank Secrecy Act violations. Although the public discourse regarding VSDs tends to suggest that there are benefits to be gained, a close examination of the issue specifically with respect to financial institutions shows that the benefits that will confer in this area, if any, are neither easy to anticipate nor to quantify. A full consideration of whether to make a VSD to DOJ should include a host of factors beyond the quantifiable benefit, ranging from the likelihood of independent enforcer discovery; to the severity, duration, and evidentiary support for a potential violation; and to the expectations of prudential regulators and any associated licensing or regulatory consequences, as well as other factors. Continue reading
The Eleventh Circuit Court of Appeals recently vacated a Federal Trade Commission cease-and-desist order that required a medical laboratory company to implement a “reasonably designed” cybersecurity program after customer data on the company’s systems were compromised. LabMD, Inc. v. Federal Trade Commission (PDF: 548 KB). The decision represents a judicial curb on FTC enforcement efforts seeking expansive cease-and-desist orders requiring companies to maintain “reasonable” or “appropriate” data security systems in the wake of cyber incidents. By limiting the FTC to orders that prohibit specific unfair conduct, or that require specific responsive remedial action, this ruling may alter the cyber enforcement landscape and affect the balance between the FTC and companies affected by cyber incidents. Continue reading
Earlier today, President Trump signed into law the “Economic Growth, Regulatory Relief, and Consumer Protection Act,” which provides certain limited amendments to the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”), as well as certain targeted modifications to other post-financial crisis regulatory requirements. In addition, the legislation establishes new consumer protections and amends various securities- and investment company-related requirements. The legislation, which enjoyed substantial bipartisan support, was adopted on May 22, 2018, in the U.S. House of Representatives, by a vote of 258 to 159, and in the U.S. Senate, by a vote of 67 to 31, on March 14, 2018.
The legislation preserves the fundamental elements of the post-Dodd-Frank regulatory framework, but it includes modifications that will result in some meaningful regulatory relief for smaller and certain regional banking organizations. Continue reading
Corporate misconduct allegations often result in investigations by multiple agencies, including foreign, federal, state, and local authorities. Without proper coordination, companies risk being hit with duplicative penalties for the same misconduct. Duplicative corporate penalties can be avoided, but coordinating a corporate resolution with multiple authorities is hard to navigate.
Within the United States, federal prosecutors often have overlapping jurisdiction with other federal criminal and civil prosecutors, federal and state regulators, and local prosecutors. In international investigations, federal prosecutors also have to cooperate with foreign authorities with overlapping jurisdiction. All of these players can have a legitimate interest in protecting the public from economic crimes. Regulatory competition, however, often leads government authorities to want to take the lead over other authorities. Other times, government authorities jump from the sidelines onto the field of play when a corporate resolution is near and refuse to leave the field without a share of the penalties. A coordinated resolution is difficult to achieve in either case. In the end, the overlapping jurisdiction and regulatory competition can either lead to (1) each authority “piling on” their share of penalties or (2) a coordinated resolution that identifies the collective harm caused by the company’s misconduct, the appropriate penalties for that harm, and the fair allocation of the penalties among the interested government players. Continue reading
by Liz Campbell
Prosecuting corporate criminality is not straightforward. As a result of these difficulties, the UK Parliament is turning to an indirect form of corporate criminal liability: the Bribery Act 2010 introduced the corporate offence of failure to prevent bribery (FtPB), and this provision has been emulated with respect to the failure to prevent the facilitation of tax evasion in the Criminal Finances Act 2017.
In brief, a relevant commercial organisation (C) is guilty of FtPB if a person associated with C bribes another person with the intention of obtaining or retaining business or an advantage for C. An ‘associated’ person is an individual or body who ‘performs services’ for or on behalf of the organisation, and this definition was framed broadly intentionally. Crucially, the corporate entity can rely on the section 7(2) defence that it had “adequate procedures” in place designed to prevent persons associated with it from bribing. Continue reading
In R (AL) v Serious Fraud Office, the English High Court considered the SFO’s obligations to individuals prosecuted following the deferred prosecution agreement (“DPA”) in July 2016 with a company anonymised as “XYZ Ltd”. The Court’s decision is likely to force the SFO to adopt a much more aggressive approach in relation to company counsel’s notes of interviews conducted during a company’s internal investigation. In particular, when those interview notes are potentially relevant to the defences of individuals being prosecuted, this judgment is likely to lead to the SFO putting further pressure on companies to produce the notes, through court proceedings if necessary. We analyse these and other issues covered by the judgment below. Continue reading
Last week, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released an updated Cybersecurity Framework (PDF: 1,038 KB) that revises NIST’s baseline recommendations for the design of cybersecurity risk management programs. In announcing its release, Commerce Secretary Wilbur Ross described the updated Framework as “a must do for all CEOs” and recommended that “every company” adopt the Framework as its “first line of defense.” As with the prior version, the updated NIST Framework provides a useful tool to guide and benchmark company approaches to cybersecurity risk and will impact how regulators evaluate cybersecurity programs and incident responses across sectors. Continue reading
by Jason Driscoll
This post is the second part of a two-part post by the author.
In my previous post (DeCoster v. United States: Testing the Limits of the Responsible Corporate Officer Doctrine), I discussed how the Food and Drug Administration (“FDA”) and the Department of Justice (“DOJ”) have revived the Responsible Corporate Officer (“RCO”) doctrine in an attempt to increase compliance with the Federal Food, Drug, and Cosmetic Act (“FDCA”). In light of the incarcerative sentences in the Quality Egg case, I addressed the DOJ’s new strategy of seeking enhanced sanctions in RCO cases. In United States v. Quality Egg, LLC, the government brought FDCA Section 333(a)(1) misdemeanor food adulteration cases against two corporate officers—Jack and Peter DeCoster—ultimately securing three-month prison sentences premised largely on the RCO doctrine. On appeal, the DeCosters argued that the incarcerative sentences violated due process absent evidence of mens rea or actus reus. The Eighth Circuit affirmed the sentences, however, holding that a three-month strict liability prison sentence was “relatively light” doing “no grave damage” to an offender’s reputation. A petition for a writ of certiorari followed, inviting the Supreme Court to review the doctrine for the first time since 1975, but was denied. Continue reading