On July 12 and 16, 2018, the U.S. Commodity Futures Trading Commission (“CFTC”) announced two awards to whistleblowers, one its largest-ever award, approximately $30 million, and another its first award to a whistleblower living in a foreign country. These awards—along with recent proposed changes meant to bolster the Securities and Exchange Commission’s (“SEC” or “Commission”) own whistleblower regime—demonstrate that such programs likely will continue to be significant parts of the enforcement programs of both agencies and necessarily help shape their enforcement agendas in the coming years.
The Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) authorized the CFTC to pay awards of between 10 and 30 percent to whistleblowers who voluntarily provide original information to the CFTC leading to the successful enforcement of an action resulting in monetary sanctions exceeding $1 million. Following the introduction of implementing rules, the CFTC’s program became effective in October 2011. Over the next six-and-a-half years, the CFTC has paid whistleblower bounties on only four prior occasions, with awards ranging from $50,000 to $10 million. The $30 million award announced last week, thus, reflects a significant increase. This week’s award to a foreign whistleblower also represents another first for the CFTC’s program and reflects the global scope of the program. Continue reading →
Corporate governance has long been an area of focus for boards and recent proposals in the UK have ensured that this remains the case.
The Financial Reporting Council consulted in late 2017 on proposed changes to its Corporate Governance Code for quoted companies. The final text of the changes is expected to be published this summer, for introduction in 2019.
The focus on governance extends beyond the quoted company arena. Legislation laid before Parliament in June 2018 will, amongst other things, require large UK private companies to disclose in their annual directors’ report details of the corporate governance arrangements they have operated during the previous year. At the same time, a consultation has been launched on proposed corporate governance principles for large private companies, which the government hopes will be adopted by those companies as an appropriate framework when complying with the new governance-related reporting requirement. Continue reading →
Last week, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released an updated Cybersecurity Framework (PDF: 1,038 KB) that revises NIST’s baseline recommendations for the design of cybersecurity risk management programs. In announcing its release, Commerce Secretary Wilbur Ross described the updated Framework as “a must do for all CEOs” and recommended that “every company” adopt the Framework as its “first line of defense.” As with the prior version, the updated NIST Framework provides a useful tool to guide and benchmark company approaches to cybersecurity risk and will impact how regulators evaluate cybersecurity programs and incident responses across sectors. Continue reading →
[Following personal reflections on his return to private life from public service, former U.S. Secretary of Homeland Security Jeh Charles Johnson delivered the following keynote address at the Global Cyber Threats: Corporate and Governmental Challenges to Protecting Private Data cybersecurity conference held by the Program on Corporate Compliance and Enforcement at New York University School of Law on April 6, 2018.]
Like millions of other Americans, my world was rocked by the terrorist attack that occurred a few blocks from here on September 11, 2001. Like many of you, I am a New Yorker, and was in Manhattan that day. September 11 also happens to be my birthday. I have a vivid recollection of the day, both before and after 8:46 a.m., when the first plane hit the World Trade Center. At 9:59 a.m., when the first tower collapsed, it was perhaps the only time in my life when my mind could not believe what my eyes were seeing. Neither would I have been able to comprehend then that 15 years later, there would be something called the Department of Homeland Security, that I would lead it, and that the Secretary’s New York office would occupy the 50th floor of a taller, stronger World Trade Center tower standing in the same place. Continue reading →
Since the financial crisis—and more recently in the wake of the Wells Fargo sales practices scandal and the benchmark manipulation enforcement actions—bank regulators in the United States and around the world have become increasingly focused on reforming institutional culture and pursuing other actions to mitigate employee misconduct risk. The Federal Reserve Board’s recent and unprecedented enforcement action against Wells Fargo, which we have discussed previously, is a stark demonstration of regulators’ vigorous focus on these issues. In addition to misconduct that may take place against customers, counterparties, and markets, the recent attention on sexual harassment and employee treatment has also raised questions about the capacity of companies across sectors to address misconduct that takes place within the walls of the company itself. Continue reading →
In a stinging rebuke, the Federal Reserve on February 2nd issued an enforcement action barring Wells Fargo from increasing its total assets and mandating substantial corporate governance and risk management actions. The Federal Reserve noted in its press release that Wells will replace three current board members by April and a fourth board member by the end of the year. In addition, the Federal Reserve released three supervisory letters publicly censuring Wells’ board of directors, former Chairman and CEO John Stumpf and a past lead independent director. These actions are a sharp departure from precedent, both in their severity and their public nature. They come on the heels of significant actions already taken by Wells, including appointing a former Federal Reserve governor as independent Chair and replacing a number of independent directors as well as its General Counsel. Continue reading →
Many constituents have a vested interest in determining a firm’s culture of compliance: regulators, investors, prospective employees, among others. Investment advisers registered with the Securities and Exchange Commission must demonstrate their compliance culture during periodic examinations by the Office of Compliance, Inspection and Examinations. Current and former SEC examination staff often state that the primary indicator of a healthy compliance culture is the “tone from the top.” There are a number of steps that a firm can take to demonstrate that top management fosters an effective compliance culture. Continue reading →
Large-scale data breaches can give rise to a host of legal problems for the breached entity, ranging from consumer class action litigation to congressional inquiries and state attorneys general investigations. Increasingly, issuers are also facing the specter of federal securities fraud litigation.
The existence of securities fraud litigation following a cyber breach is, to some extent, not surprising. Lawyer-driven securities litigation often follows stock price declines, even declines that are ostensibly unrelated to any prior public disclosure by an issuer. Until recently, significant declines in stock price following disclosures of cyber breaches were rare. But that is changing. The recent securities fraud class actions brought against Yahoo! and Equifax demonstrate this point; in both of those cases, significant stock price declines followed the disclosure of the breach. Similar cases can be expected whenever stock price declines follow cyber breach disclosures. Continue reading →
Effective anti-corruption compliance programs include protections for whistleblowers that raise corruption concerns. Article 13.3 of Russia‘s 2008 Federal Law No. 273-FZ on Counteracting Corruption (the “Anti-Corruption Law”) addressed Russian lawmakers’ expectations regarding effective compliance programs. But the law was silent on whistleblower protections. Recently proposed legislation in Russia may help address this gap.
Even before the Anti-Corruption Law came into effect, Russian law included several provisions that could be interpreted to provide some protection for whistleblowers. For example, Russian employment law prohibits discrimination and sets out an exhaustive list of permissible grounds for dismissing an employee for cause; firing an employee for blowing the whistle on potential corruption is not among them. As a result, firing an employee for whistleblowing could ran afoul of Russian employment law. In addition, the Russian government can protect individuals whose security might be threatened as a result of their participation in criminal proceedings that involve alleged corruption. The state might, for example, provide such witnesses with physical protection, relocate them, or even give them new identities. Continue reading →
In late June, FIFA, the world’s governing soccer organization, released the “Garcia Report,” chronicling the extensive corruption and conflicts of interest that occurred in FIFA’s awarding of the men’s 2018 and 2022 World Cup venues. Part1 summarized the report’s findings. Part 2 discusses how specific steps and safeguards can mitigate the risks of misconduct and ensure cooperation among FIFA officials – and at any organization.
FIFA’s problems started at the top. FIFA’s investigators found an astounding number of executive committee members committed misconduct and showed disdain for the investigation. FIFA’s failures were systemic and reflected a culture of corruption. An organization’s culture cannot be fixed simply by strengthening rules or creating a targeted compliance program. Indeed, these are meaningless if the leaders themselves are corrupt. Executives must have integrity and show a commitment to everyone’s compliance with the law. FIFA needs to identify candidates for its executive committee that have shown integrity and a dedication to complying with rules and laws. Continue reading →