Category Archives: Enforcement

Crypto Experts React to Recent SDNY Ethereum Fraud Indictment

The NYU Law Program on Corporate Compliance and Enforcement (PCCE) is following the U.S. Attorney’s Office for the Southern District of New York’s recent indictment of two individuals for allegedly attacking and stealing $25 million from the Ethereum blockchain. The indictment in the case, United States v. Peraire-Bueno, 24 Cr. 293 (SDNY), is available here.  Below, several crypto experts and former prosecutors provide their reactions to the case.

Photos of the authors

Left to right: Maria Vullo, Daniel Payne, Elizabeth Roper, Usman Sheikh, Justin Herring, and Robertson Park (photos courtesy of the authors)

Continue reading

EPA Announces New Enforcement Policy Requiring Civil-Criminal Coordination

by Steven P. Solow and Chloe Graham

From left to right: Steven P. Solow, and Chloe Graham (Photos courtesy of Baker Botts LLP)

The Assistant Administrator for EPA’s Office of Enforcement and Compliance Assurance (OECA) announced a new Strategic Civil-Criminal Enforcement Policy (Policy) that is perhaps the most significant change in environmental enforcement since the passage of the basic environmental laws decades ago. At bottom, the new Policy addresses the long-standing concern that the decision to enforce a matter civilly or criminally ultimately depended on whose “desk” it landed on.

Continue reading

Implications of the SEC’s “Shadow Trading” Verdict

by John F. SavareseWayne M. Carlin, and David B. Anders

Photos of the authors

From left to right: John F. Savarese, Wayne M. Carlin, and David B. Anders (photos courtesy of Wachtell, Lipton, Rosen & Katz).

Last week, a jury in San Francisco returned a verdict in SEC v. Panuwat, finding that a corporate executive engaged in insider trading when he learned about an impending acquisition of his employer and then traded in the securities of an unrelated company in the same industry. The case has widely been described as “novel” but, in bringing this case, the SEC did not seek to extend existing law. Panuwat simply applied well-established principles of insider trading law to a new fact pattern. Yet in doing so, this action may well have implications for corporate trading policies. 

Continue reading

Prohibited AI Practices—A Deep Dive into Article 5 of the European Union’s AI Act

by Dr. Martin Braun, Anne Vallery, and Itsiq Benizri

photo of authors

From left to right: Dr. Martin Braun, Anne Vallery and Itsiq Benizri. (Photos courtesy of Wilmer Cutler Pickering Hale and Dorr LLP).

Article 5 of the AI Act essentially prohibits AI practices that materially distort peoples’ behavior or that raise serious concerns in democratic societies.

As explained in our previous blog post, this is part of the overall risk-based approach taken by the AI Act, which means that different requirements apply in accordance with the level of risk. In total, there are four levels of risk: unacceptable, in which case AI systems are prohibited; high risk, in which case AI systems are subject to extensive requirements; limited risk, which triggers only transparency requirements; and minimal risk, which does not trigger any obligations.

Continue reading

Cross-Border Implications of the FCA’s Consultation Paper on Publishing Information About the Opening and Progress of Investigations

by Michael A. Asaro, James Joseph Benjamin Jr., Ezra Zahabi, and Joe Hewton

photos of the authors

From left to right: Michael A. Asaro, James Joseph Benjamin Jr., Ezra Zahabi, and Joe Hewton. (Photos courtesy of Akin Gump Strauss Hauer & Feld LLP).

Last month, the United Kingdom Financial Conduct Authority (FCA) announced that it is considering new procedures under which it would publicly identify firms that are under investigation as soon as the investigation has been opened.[1] The consultation period closes on April 30, 2024. (See our recent client alert here). The proposed new approach—which, if adopted, would be a dramatic break from historical practice—would result in public disclosure before any charges have been filed and before the FCA has determined whether the firm actually did anything wrong. In this article, we draw comparisons between the investigation disclosure regimes in the U.K. and the United States. We also provide commentary on the FCA’s proposals.

Continue reading

A Whole New National Security Ballgame: Key Practical Takeaways for Export Control Compliance from the 2024 BIS Update Conference

by Brent Carlson and Michael Huneke

Photos of the authors.

From left to right: Brent Carlson and Michael Huneke (Photos courtesy of authors)

On March 27–29, 2024, the U.S. Department of Commerce’s Bureau of Industry & Security (“BIS”) hosted an Update Conference on Export Controls & Policy. The event was a major outreach effort by the U.S. government. Nearly 100 BIS and other U.S. agency officials engaged with 1,200 attendees over three days.

As was appropriate for an event coinciding with Opening Day of the U.S. Major League Baseball season, BIS officials emphasized that they—and those they regulate—are playing a whole new national security ballgame. This theme ran through every topic. It also drives the key practical takeaways that we highlight below for in-house compliance professionals assessing evasion and diversion risks and responding to reports of the same—particularly reports that some U.S. companies recently received directly from the U.S. government. Continue reading

Blockchain Analytics: A Reliable Use of Artificial Intelligence for Crime Detection and Legal Compliance

by Sujit Raman and Thomas Armstrong

photos of authors

From left to right: Sujit Raman and Thomas Armstrong. (Photos courtesy of authors).

Everyone these days is talking about artificial intelligence and how to use it responsibly. Among law enforcement and compliance professionals, discussions around the responsible use of AI are nothing new. Even so, recent advances in machine learning have turbocharged AI’s transformative potential in detecting, preventing, and—in a particular sense—even predicting illicit activity. These advances are especially notable in the field of blockchain analytics: the process of associating digital asset wallets to real-world entities.

In a recent, pathbreaking opinion and order, U.S. District Judge Randolph Moss rejected a criminal defendant’s challenge to the government’s evidentiary use of blockchain analytics to link him to illicit financial activity.[1] Many courts—including, just a few days ago, a U.S. district court in Massachusetts[2]—have relied on the validity of blockchain analytics when taking pre-trial actions like issuing seizure orders and authorizing arrest warrants; Judge Moss’s opinion is the first trial court examination of this powerful analytic capability. Taken together, this growing body of legal authority forcefully affirms the reliability—and therefore admissibility in court—of evidence derived from such analytics.

Continue reading

Supply Chain Due Diligence Obligations in Germany, France and the EU: An Overview

by Amélie Champsaur, Mirko von Bieberstein, Guillaume de Rancourt, Sebastian Kummler, Camille Kernevès, Andreas Wildner, and Marc Christopher Baldauf

Photos of authors

Top from left to right: Amélie Champsaur, Mirko von Bieberstein, Guillaume de Rancourt, Sebastian Kummler.
Bottom left to right: Camille Kernevès, Andreas Wildner, and Marc Christopher Baldauf. (Photos courtesy of Cleary Gottlieb Steen & Hamilton LLP).

Germany and France, the two largest economies in the EU, have adopted laws to hold companies accountable for violations concerning human rights and environmental protection along their supply chain. With the German Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz, LkSG”) and the French Duty of Vigilance Law (Loi de vigilance,Vigilance Law”) both countries have already implemented a respective regulatory framework that would be refined by a future European Corporate Sustainability Due Diligence Directive (“CS3D”), which would mandate all other Member States to implement similar laws.

The following provides an overview of the key aspects of the LkSG and the Vigilance Law, draws comparisons between the LkSG and the Vigilance Law and gives an outlook on the envisaged CS3D for supply chain due diligence in the EU in the future, based on the latest proposal.

Continue reading

FTC Cracks Down on Mass Data Collectors: A Closer Look at Avast, X-Mode, and InMarket

by Staff at the Federal Trade Commission

Federal Trade Commission

Three recent FTC enforcement actions reflect a heightened focus on pervasive extraction and mishandling of consumers’ sensitive personal data.

Proposed Settlements with Avast[1], X-Mode[2], and InMarket[3]

In mid February, the FTC announced a proposed settlement to resolve allegations that Avast, a security software company, unfairly sold consumers’ granular and re-identifiable browsing information—information that Avast amassed through its antivirus software and browser extensions after telling consumers that Avast’s software would protect their privacy, and that any disclosure of their browsing information would only be in aggregate and anonymous form.

In January of this year, the FTC announced proposed settlements with two data aggregators, X-Mode Social and InMarket, to resolve a host of allegations stemming from how those companies handled consumers’ location data. Both companies, the FTC alleged, collected precise location data from consumers’ phones through the data aggregators’ own mobile apps and those of third parties (via software development kits, or “SDKs,” provided by the data aggregators). X-Mode, the FTC alleged, sold consumers’ location data to private government contractors without first telling consumers or obtaining consumers’ consent to do so. And InMarket, the agency alleged, used consumers’ location data to sort them into particularized audience segments—like “parents of preschoolers,” “Christian church goers,” “wealthy and not healthy,” etc.—that InMarket then provided to advertisers.

Continue reading

WilmerHale Global Anti-Bribery Year-in-Review: 2023 Developments and Predictions for 2024

by Kimberly Parker, Jay Holtmeier, Erin Sloane, Christopher Cestaro, Sandra Redivo, Matthew Girgenti, Elliot Shackelford, and Keun Young Bae

Top left to right: Kimberly Parker, Jay Holtmeier, Erin Sloane, and Christopher Cestaro.
Bottom left to right: Sandra Redivo, Matthew Girgenti, Elliot Shackelford, and Keun Young Bae. (Photos courtesy of Wilmer Cutler Pickering Hale and Dorr LLP).

Although publicly announced Foreign Corrupt Practices Act (FCPA) enforcement activity remains lower than the levels reached a few years ago, 2023 saw a modest increase in the overall number of FCPA enforcement actions (26 in 2022 vs. 27 in 2023).  This was seen especially in the number of corporate resolutions (12 in 2022 vs. 15 in 2023).  The combined total of monetary penalties decreased, from $1.56 billion in 2022 to $776 million in 2023.  Nonetheless, senior officials at the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) again signaled, through policy changes and public announcements, that anti-corruption enforcement is a priority and that there will be significant and growing enforcement efforts going forward.  Below are the key takeaways regarding FCPA enforcement in 2023 and trends to keep in mind as we look ahead to 2024.

Continue reading