Late last week, the Department of Justice’s Criminal Division announced at an ABA white-collar conference that it has begun using the FCPA Corporate Enforcement Policy as “nonbinding guidance” in other areas of white-collar enforcement beyond the FCPA. As a result, absent aggravating factors, DOJ may more frequently decline to prosecute companies that promptly self-disclose misconduct, fully cooperate with DOJ’s investigation, remediate in a complete and timely fashion, and disgorge any ill-gotten gains. As a first example of this approach, the officials pointed to DOJ’s recent decision to decline charges against Barclays PLC, after the bank agreed to pay back $12.9 million in wrongful profits, following individual charges arising out of a foreign exchange front-running scheme. Continue reading
In 2010, in the wake of the financial crisis, Congress passed comprehensive financial regulation reform legislation known as the Dodd-Frank Act (Pub.L. 111-203). Section 922 of the Dodd-Frank Act established both a bounty award program as well as anti-retaliation protection for whistleblowers who report securities law violations.
Pursuant to the mandate of Section 922, the US Securities and Exchange Commission (“SEC”) established an Office of the Whistleblower, and implemented its final rules on the Dodd-Frank Program through a comprehensive rulemaking process that involved significant public input in May 2011. Continue reading
Yesterday, in keeping with a heightened governmental focus on cybersecurity, as exemplified by the Justice Department’s formation of a new Cyber-Digital Task Force earlier this week, the Securities and Exchange Commission announced new guidance on cybersecurity disclosures by public companies (the “Guidance”).
Much of the Guidance tracks 2011 interpretive guidance from the SEC’s Division of Corporation Finance and retains a focus on “material” cyber risks and incidents. However, the expanded details and heightened pressure to disclose indicated in the Guidance, along with its issuance by the Commission itself, signal that the SEC expects public companies to consider more detailed disclosure of cyber risks and incidents, and to maintain “comprehensive” policies and procedures in this area. The SEC is also encouraging, though not requiring, forward-leaning approaches, such as with respect to disclosures about the company’s cyber risk management programs and the engagement of the board of directors with management on cybersecurity issues. SEC Chairman Jay Clayton has also directed SEC staff to monitor corporate cyber disclosures. Continue reading
by Brad S. Karp, Jessica S. Carey, Andrew J. Ehrlich, Roberto Finzi, Michael E. Gertzman, Michele Hirshman, Daniel J. Kramer, Lorin L. Reisner, Richard A. Rosen, Audra J. Soloway, Richard C. Tarlowe, Andrew D. Reich, and Joseph Delich
A federal magistrate judge in the Southern District of Florida recently ruled that a law firm had waived work product protection over notes and memoranda of witness interviews when it provided “oral downloads” of those interviews to the Securities and Exchange Commission (“SEC”).
In a December 5, 2017 opinion, SEC Herrera, No. 17-cv-20301 (S.D. Fla. Dec. 5, 2017), Magistrate Judge Jonathan Goodman indicated that he was “not convinced” that “there is a meaningful distinction between the actual production of a witness interview note or memo and providing the same or similar information orally.”
The opinion serves as an important reminder of the risks of waiver—and the need to take steps to minimize those risks—when disclosing information to a government agency. Continue reading
In our memo last year, we acknowledged that it was close to impossible to predict the likely impact that the newly elected Trump administration would have on white-collar and regulatory enforcement. (White Collar and Regulatory Enforcement: What to Expect in 2017) Instead, we set out a list of initiatives we urged the new administration to consider, including clarifying standards for when cooperation credit would be given, reducing the use of monitors, and giving greater weight to a company’s pre-existing compliance program when exercising prosecutorial discretion, among other suggestions. While the DOJ under Attorney General Jeff Sessions has, for example, taken some steps toward clarifying the applicable standards for cooperation and increasing incentives to disclose misconduct in the FCPA area, few other policy choices or shifts in approach have been articulated or implemented. Continue reading
On January 12, 2018, the Supreme Court granted a writ of certiorari in Raymond J. Lucia Cos., Inc. v. SEC, No. 17 130, a case raising a key constitutional issue relating to the manner in which the U.S. Securities and Exchange Commission’s (SEC or Commission) appoints its administrative law judges (ALJs). The Court will decide “[w]hether administrative law judges of the [SEC] are Officers of the United States within the meaning of the Appointments Clause.” The answer to this question matters because if SEC ALJs are “officers,” then they should have been appointed by the Commission itself instead of hired through traditional government channels—and the Commission only exercised its ALJ appointment authority in late-2017. Although the question is limited to SEC ALJs, any decision could also impact ALJs at other agencies government-wide.
At this point, both the petitioner and the Solicitor General (SG) actually agree that ALJs are officers. In its response to the cert petition raising this issue in Lucia, the SG, in an about-face, had abandoned the SEC’s long-held defense of the manner in which it appoints its ALJs. Up until now, in an attempt to fend off an asserted constitutional defect in their AJL’s method of appointment, the SEC has argued (with SG approval) that ALJs are “mere employees” of the SEC, and not “officers.” The day after the SG dropped this position—and with no warning in its briefing—the Commission took the step to appoint the current ALJs. Continue reading
This past year marked the 40th anniversary of the U.S. Foreign Corrupt Practices Act (“FCPA”). Since its enactment in 1977, the U.S. Department of Justice (the “DOJ”) has brought approximately 300 FCPA enforcement actions, while the U.S. Securities and Exchange Commission (the “SEC”) has brought approximately 200 cases. This anniversary year, the first year of the Trump administration, demonstrated that the FCPA continues to be a powerful tool in combating corruption abroad and encouraging compliance at global companies.
Below are six key take-aways regarding FCPA enforcement in 2017: Continue reading
Many constituents have a vested interest in determining a firm’s culture of compliance: regulators, investors, prospective employees, among others. Investment advisers registered with the Securities and Exchange Commission must demonstrate their compliance culture during periodic examinations by the Office of Compliance, Inspection and Examinations. Current and former SEC examination staff often state that the primary indicator of a healthy compliance culture is the “tone from the top.” There are a number of steps that a firm can take to demonstrate that top management fosters an effective compliance culture. Continue reading
Prominent law enforcement and regulatory officials have referred to financial sector compliance officers, as “essential partners” in ensuring compliance with relevant laws and regulations, whose “difficult job[s]” merit “appreciat[ion] and respect.” Officials have noted the critical role these professionals play in shaping the culture of financial institutions, as well as the industry more generally. However, a series of recent enforcement actions in which financial sector compliance officers have been personally sanctioned has strained this partnership, fueling concerns among financial sector compliance officers that they are being unfairly targeted.
Law enforcement and regulatory officials have responded to these concerns with assurances that both the ethos of a partnership and their even-handed enforcement approach remain intact. Officials have stressed that in the rare instances in which financial sector compliance officers have been held personally accountable, the majority had engaged in affirmative misconduct. Rarer still, they contend, are cases where compliance officers were found to have exhibited “wholesale” or “broad-based” failures in carrying out responsibilities assigned to them. In these particular cases, officials have stressed that the enforcement actions proceed only when, after carefully weighing the evidence, the facts indicate that the compliance officers “crossed a clear line.” Continue reading
Large-scale data breaches can give rise to a host of legal problems for the breached entity, ranging from consumer class action litigation to congressional inquiries and state attorneys general investigations. Increasingly, issuers are also facing the specter of federal securities fraud litigation.
The existence of securities fraud litigation following a cyber breach is, to some extent, not surprising. Lawyer-driven securities litigation often follows stock price declines, even declines that are ostensibly unrelated to any prior public disclosure by an issuer. Until recently, significant declines in stock price following disclosures of cyber breaches were rare. But that is changing. The recent securities fraud class actions brought against Yahoo! and Equifax demonstrate this point; in both of those cases, significant stock price declines followed the disclosure of the breach. Similar cases can be expected whenever stock price declines follow cyber breach disclosures. Continue reading