Category Archives: Enforcement

Supply Chain Due Diligence Obligations in Germany, France and the EU: An Overview

by Amélie Champsaur, Mirko von Bieberstein, Guillaume de Rancourt, Sebastian Kummler, Camille Kernevès, Andreas Wildner, and Marc Christopher Baldauf

Photos of authors

Top from left to right: Amélie Champsaur, Mirko von Bieberstein, Guillaume de Rancourt, Sebastian Kummler.
Bottom left to right: Camille Kernevès, Andreas Wildner, and Marc Christopher Baldauf. (Photos courtesy of Cleary Gottlieb Steen & Hamilton LLP).

Germany and France, the two largest economies in the EU, have adopted laws to hold companies accountable for violations concerning human rights and environmental protection along their supply chain. With the German Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz, LkSG”) and the French Duty of Vigilance Law (Loi de vigilance,Vigilance Law”) both countries have already implemented a respective regulatory framework that would be refined by a future European Corporate Sustainability Due Diligence Directive (“CS3D”), which would mandate all other Member States to implement similar laws.

The following provides an overview of the key aspects of the LkSG and the Vigilance Law, draws comparisons between the LkSG and the Vigilance Law and gives an outlook on the envisaged CS3D for supply chain due diligence in the EU in the future, based on the latest proposal.

Continue reading

FTC Cracks Down on Mass Data Collectors: A Closer Look at Avast, X-Mode, and InMarket

by Staff at the Federal Trade Commission

Federal Trade Commission

Three recent FTC enforcement actions reflect a heightened focus on pervasive extraction and mishandling of consumers’ sensitive personal data.

Proposed Settlements with Avast[1], X-Mode[2], and InMarket[3]

In mid February, the FTC announced a proposed settlement to resolve allegations that Avast, a security software company, unfairly sold consumers’ granular and re-identifiable browsing information—information that Avast amassed through its antivirus software and browser extensions after telling consumers that Avast’s software would protect their privacy, and that any disclosure of their browsing information would only be in aggregate and anonymous form.

In January of this year, the FTC announced proposed settlements with two data aggregators, X-Mode Social and InMarket, to resolve a host of allegations stemming from how those companies handled consumers’ location data. Both companies, the FTC alleged, collected precise location data from consumers’ phones through the data aggregators’ own mobile apps and those of third parties (via software development kits, or “SDKs,” provided by the data aggregators). X-Mode, the FTC alleged, sold consumers’ location data to private government contractors without first telling consumers or obtaining consumers’ consent to do so. And InMarket, the agency alleged, used consumers’ location data to sort them into particularized audience segments—like “parents of preschoolers,” “Christian church goers,” “wealthy and not healthy,” etc.—that InMarket then provided to advertisers.

Continue reading

WilmerHale Global Anti-Bribery Year-in-Review: 2023 Developments and Predictions for 2024

by Kimberly Parker, Jay Holtmeier, Erin Sloane, Christopher Cestaro, Sandra Redivo, Matthew Girgenti, Elliot Shackelford, and Keun Young Bae

Top left to right: Kimberly Parker, Jay Holtmeier, Erin Sloane, and Christopher Cestaro.
Bottom left to right: Sandra Redivo, Matthew Girgenti, Elliot Shackelford, and Keun Young Bae. (Photos courtesy of Wilmer Cutler Pickering Hale and Dorr LLP).

Although publicly announced Foreign Corrupt Practices Act (FCPA) enforcement activity remains lower than the levels reached a few years ago, 2023 saw a modest increase in the overall number of FCPA enforcement actions (26 in 2022 vs. 27 in 2023).  This was seen especially in the number of corporate resolutions (12 in 2022 vs. 15 in 2023).  The combined total of monetary penalties decreased, from $1.56 billion in 2022 to $776 million in 2023.  Nonetheless, senior officials at the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) again signaled, through policy changes and public announcements, that anti-corruption enforcement is a priority and that there will be significant and growing enforcement efforts going forward.  Below are the key takeaways regarding FCPA enforcement in 2023 and trends to keep in mind as we look ahead to 2024.

Continue reading

“Expect Some Illumination”: A Fresh Look at U.S. Congressional Hearings in the Era of Sanctions and Export Controls as the New FCPA

by Brent Carlson and Michael Huneke

Photos of the authors.

From left to right: Brent Carlson and Michael Huneke (Photos courtesy of authors)

The 118th U.S. Congress has taken an active and bipartisan interest in U.S. sanctions and export controls. With reports that U.S. executives have been asked to testify before the U.S. House Select Committee on the Chinese Communist Party[1] and recent hearings before a U.S. Senate subcommittee previewing further questions for both companies and regulators,[2] U.S. companies whose products might require a license for export to China or that might be found in Russian or Iranian weapons should prepare for congressional scrutiny—and congressional pressure on the U.S. Executive Branch departments to deliver enforcement results. Continue reading

DOJ Continues to Modernize its Criminal Antitrust Enforcement Strategy

by Richard A. Powers

(Photo courtesy of the author)

Over the past few years, the Justice Department has been hard at work on a comprehensive update to the way it detects, investigates, and prosecutes price-fixing cartels. Several recent announcements, including at last week’s ABA White Collar Conference, preview the DOJ Antitrust Division’s next steps in this generational shift—the goals of which are to refine disclosure incentives, promote individual accountability, and obtain trial convictions.

First, on March 7, 2024, Deputy Attorney General Lisa Monaco announced the DOJ is kicking off a 90-day whistleblower “policy sprint”; the finish line is a new program to complement existing regulators’ programs, rewarding qualifying whistleblowers for bringing non-public, previously unknown misconduct to the DOJ’s attention. The Antitrust Division has long sought to encourage individual self-reporting as a complement to its corporate VSD policy, so expect that this initiative will aim to improve that incentive structure. Next, the DOJ updated the Justice Manual to incorporate the M&A safe harbor policy that it announced last fall. Notably for antitrust practitioners, the JM updates included changes to the Antitrust Division’s leniency policy that provide much-needed clarification on how companies that detect potential collusion at an M&A target can avoid inheriting those liabilities by promptly reporting to DOJ. Third, senior Antitrust Division officials continue to emphasize that they are focused on developing investigations through affirmative investigative techniques, such as wiretaps and whistleblowers.

Continue reading

U.S. Cybersecurity and Data Privacy Outlook and Review – 2024

by Alexander H. Southwell and Snezhana Stadnik Tapia

Photos of authors

From left to right: Alexander H. Southwell and Snezhana Stadnik Tapia (photos courtesy of Gibson, Dunn & Crutcher LLP)

As with previous years, the privacy and cybersecurity landscape continued to evolve substantially over the course of 2023. We recently provided a review of some of the most significant developments on this topic in the U.S. in the eleventh edition of Gibson Dunn’s U.S. Cybersecurity and Data Privacy Outlook and Review.

Below we summarize the past year’s developments and future prospects, including the wave of new privacy and cyber legal and regulatory advances at the federal and state levels. This past year, states continued to take the lead on enacting privacy legislation and branches of the federal government focused on data security, sensitive data, and artificial intelligence (“AI”). The surge of civil litigation with respect to web-tracking technologies also endured. In 2024, we expect an amplified focus on privacy and cybersecurity issues, as well as with respect to emerging technologies such as AI, to continue.

Continue reading

The Future of ESG: Thoughts for Boards and Management in 2024

by Martin Lipton, Steven A. RosenblumAdam. O. EmmerichKaressa L. CainKevin S. Schwartz, and Carmen X. W. Lu

Top left to right: Martin Lipton, Steven A. Rosenblum, and Adam. O. Emmerich.
Bottom left to right: Karessa L. Cain, Kevin S. Schwartz, and Carmen X. W. Lu. (Photos courtesy of Wachtell, Lipton, Rosen & Katz).

The term “ESG” has steadily faded from the investor and corporate lexicon over the past year in the wake of cultural and political clashes over its meaning and purpose. “Anti-ESG” legislation adopted by several states has created legal and financial hurdles around the term. Institutional investors have gone quiet on ESG amid public criticism and congressional subpoenas. BlackRock has publicly disavowed the term for having become too politicized. The use of “ESG” in earnings calls has dropped precipitously. 

Continue reading

How Not to Stand Out Like a Sore Thumb (Part 2): A Fresh Look at the “High Probability” Definition of Knowledge Applied to Export Controls and Sanctions Enforcement

by Brent Carlson and Michael Huneke

Photos of the authors.

From left to right: Brent Carlson and Michael Huneke (Photos courtesy of authors)

Media coverage concerning the widespread use of U.S. or Western microelectronics in recovered Russian- or Iranian-manufactured missiles and drones is putting pressure on governments, manufacturers, and exporters to consider ways to reduce more effectively the flows of such items to prohibited end-users. Even considering that many of the items are ubiquitous consumer electronics, the discovery of such items after mass-casualty events—including fatalities—on the front lines puts manufacturers and exporters on the front pages and in the crosshairs of U.S. regulators, prosecutors, media, and congressional committees. However the items arrived on the battlefield, their presence begs the questions of how and through whom they arrived. Continue reading

How Not to Stand Out Like a Sore Thumb (Part 1): A Fresh Look at the “Willful” Intent Standard for Criminal Liability in Export Controls and Sanctions Corporate Enforcement

by Brent Carlson and Michael Huneke

Photos of the authors.

From left to right: Brent Carlson and Michael Huneke (Photos courtesy of authors)

“The ‘willfulness’ standard for criminal prosecutions appears nearly insurmountable to reach.”

So concluded a “90-Day Review Report” issued January 2, 2024 by the Chairman of the Foreign Affairs Committee of the U.S. House of Representatives, following congressional hearings in May and December 2023.[1] The report further contended that “the statutory requirement to prove ‘willfulness’” for there to be a criminal violation of U.S. export controls (and sanctions) is a “high bar” that “often results in [the Department of Commerce’s Bureau of Industry & Security (“BIS”)] export enforcement personnel pursuing administrative enforcement actions with lower penalties,” compared to the alternative (unstated but implied by the report) of U.S. Department of Justice (“DOJ”) personnel pursuing criminal penalties.[2]

This conclusion is not accurate. BIS is not itself responsible for criminal enforcement, yet it has partnered closely with the DOJ’s National Security Division—including by co-leading the inter-agency Disruptive Technology Strike Force launched on February 16, 2023—to bring several high-profile convictions or resolutions. Nor is the requirement to prove willfulness “insurmountable” for U.S. federal prosecutors, whose cases achieve the standard regularly and can do so not only with direct evidence of intent but also indirect evidence, i.e., the relevant facts and circumstances. Such facts and circumstances often—especially in the eyes of jurors—make the willful nature of criminal evasion schemes stand out like a sore thumb. Continue reading

SEC Continues to Elevate its Enforcement of Rule 21F-17(a)

by Benjamin Calitri

Photo of Author

Benjamin Calitri (photo courtesy of Kohn, Kohn, and Colapinto LLP)

In January 2024, the SEC announced an $18 million settlement with J.P Morgan Securities for violations of Rule 21F-17(a), demonstrating its increased enforcement of the whistleblower rule, which prohibits any person from “tak[ing] any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement.” This follows a $10 million enforcement against D.E. Shaw, showing the SEC’s new stance of Rule 21F-17(a): sanctions that are actually large enough to deter illegal NDAs.

The SEC Enforcement Order found that J.P. Morgan Securities (JPMS) typically requested certain clients sign a Release if they received a credit or settlement of over $1,000, regardless of whether JPMS admitted or denied any error or wrongdoing in connection with the credit or settlement.

Continue reading