Category Archives: U.S. Department of Justice (DOJ)

DOJ, FBI Issue Guidance for Public Companies Seeking to Delay Disclosure of Material Cybersecurity Incidents

by Michael T. Borgia and Patrick J. Austin

Left to right: Michael T. Borgia and Patrick J. Austin (Photos courtesy of Davis Wright Tremaine LLP)

Public companies may only request a delay of the SEC’s disclosure requirements for national security or public safety reasons

As we discussed in our prior blog post, the Securities and Exchange Commission (SEC) recently finalized its Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule for public companies (the “Rule”). The Rule requires, among other things, that public companies disclose “material” cybersecurity incidents on Form 8-K (Form 6-K for foreign private issuers). Item 1.05 of Form 8-K must include the “material aspects of the nature, scope, and timing of the incident, and the material impact or reasonably likely material impact on the registrant, including its financial condition and results of operations,” and the form must be filed within four business days of determining that an incident is material. The Rule permits companies to delay disclosure beyond four business days only where the U.S. Attorney General determines that disclosure “would pose a substantial risk to national security or public safety.” The Rule’s cyber incident disclosure requirements go into effect on December 18, 2023.

Continue reading →

DOJ Leadership Discusses FCPA Enforcement Trends and Guidance

by Greg D. Andres, Uzo Asonye, Sidney Bashago, Martine M. Beamon, Robert A. Cohen, Daniel S. Kahn, Tatiana R. Martins, Fiona R. Moran, Paul J. Nathanson, and Patrick S. Sinclair

Top left to right: Greg D. Andres, Uzo Asonye, Sidney Bashago, Martine M. Beamon, and Robert A. Cohen
Bottom left to right: Daniel S. Kahn, Tatiana R. Martins, Fiona R. Moran, Paul J. Nathanson, and Patrick S. Sinclair
(Photos courtesy of Davis Polk & Wardwell LLP)

In a recent speech, Acting Assistant Attorney General Nicole M. Argentieri laid out how the DOJ is increasing its use of data analytics to proactively identify FCPA cases, deepening its cooperation with international counterparties, actioning its 2023 revisions to the Corporate Enforcement Policy concerning cooperation credit, and beginning to require forfeiture or disgorgement as part of all corporate resolutions.

Continue reading →

Questions about the “Carrot” and “Stick” Remain: Unpacking DOJ’s New M&A Safe Harbor Policy, Part I

by Joel M. Cohen and Marietou Diouf

From right to left: Joel M. Cohen and Marietou Diouf (Photos courtesy of White & Case LLP)

On October 4, 2023, United States Deputy Attorney General (DAG) Lisa Monaco announced a new Department of Justice (DOJ) Mergers & Acquisitions Safe Harbor policy that encourages companies to self-disclose criminal misconduct discovered by an acquiring company during the acquisition of a target company. Under the policy, the acquiring party will receive a presumption of criminal declination if it promptly and voluntarily discloses criminal misconduct, cooperates with any ensuing investigation, and engages in appropriate remediation, restitution and disgorgement.

The Safe Harbor policy is a clear continuation of the DOJ’s push for corporate voluntary self-disclosure (VSD). But as with many DOJ policy pronouncements, the devil is in the details. It remains unclear what it will take for an acquiring company to obtain the “carrot” DOJ is dangling and poses questions as to the “stick” the DOJ might wield if a self-disclosure does not achieve safe harbor, or more broadly, if an acquirer fails to identify criminal misconduct in the acquisition process. Continue reading →

DOJ Ends No-Poach Prosecution of SCA

by David B. Anders, Carrie M. Reilly, Kevin S. Schwartz, and Yolanda Bustillo

From left to right: David B. Anders, Carrie M. Reilly, Kevin S. Schwartz, and Yolanda Bustillo. Photos courtesy of Wachtell, Lipton, Rosen & Katz.

Today, almost three years after the Antitrust Division brought criminal charges against Surgical Care Affiliates (“SCA”), the District Court for the Northern District of Texas granted the government’s motion to dismiss the indictment, with prejudice, marking the latest setback in the agency’s aggressive enforcement of labor market cases. Earlier this year, we noted that the Antitrust Division’s prosecution of criminal wage‑fixing and no-poach agreements warranted reconsideration given the many problems these cases present. The Antitrust Division’s decision to dismiss its case against SCA signals that the agency may have done just that.

Continue reading →

FinCEN and BIS Issue Joint Notice Emphasizing That Financial Institutions Should Monitor for Possible Export Control Violations

by Jessica S. Carey, John P. Carlin, Roberto J. Gonzalez, Brad S. Karp, Richard S. Elliott, David Fein, David Kessler, Nathan Mitchell, and Jacobus J. Schutte

Top left to right: Jessica S. Carey, John P. Carlin, Roberto J. Gonzalez, Brad S. Karp, and Richard S. Elliott. Bottom left to right: David Fein, David Kessler, Nathan Mitchell, and Jacobus J. Schutte. (Photos courtesy of Paul, Weiss, Rifkind, Wharton & Garrison LLP)

On November 6, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) and the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) jointly issued a notice (the “Notice”) announcing a new Suspicious Activity Report (“SAR”) key term, “FIN-2023-GLOBALEXPORT,” that financial institutions should reference when reporting potential efforts by individuals or entities seeking to evade U.S. export controls.[1]

Continue reading →

The Conviction of Sam Bankman-Fried – Yes, Fraud, but also Regulatory Arbitrage

by Maria T. Vullo

Maria T. Vullo (Photo courtesy of the author)

The much-anticipated jury verdict,[1] convicting former FTX CEO Sam Bankman-Fried (SBF) of seven felonies, after less than five hours of deliberations, demonstrates the strength of the prosecution’s case and that juries have no patience for financial fraud. While many reports correctly note that fraud is at the core of the FTX/SBF case, the verdict also sends a clear message that regulatory arbitrage should not be tolerated.

Continue reading →

Former Prosecutors and Industry Experts React to Sam Bankman-Fried Trial Verdict

The NYU School of Law Program on Corporate Compliance and Enforcement (PCCE) is following the collapse of FTX and the civil and criminal enforcement actions arising from FTX’s and its founder’s alleged misconduct. In this post, several white collar defense, former federal prosecutors, and cryptocurrency experts, offer their reactions to the verdict in the Sam Bankman-Fried (SBF) trial on November 2, 2023.

Top left to right: William Komaroff, Seetha Ramachandran, David I. Miller, and Ijeoma Okoli
Bottom left to right: Jessica Lonergan, Tarek Helou, Elizabeth Roper, and Chehak Gogia
(Photos courtesy of authors)

Continue reading →

Guidance from Attachment C: Recent Resolutions Include DOJ Updates to the Requirements for an Effective Compliance Program

by Kathryn Cameron Atkinson, Joshua Drew, Matteson Ellis, and James G. Tillen

From left to right: Kathryn Cameron Atkinson, Joshua Drew, Matteson Ellis, and James G. Tillen. (Photos courtesy of Miller & Chevalier.)

Continuing with recent policy updates, the U.S. Department of Justice (DOJ) has revised its detailed requirements for effective corporate compliance programs found in “Attachment C“[1] to better reflect its policy guidance and incorporate lessons learned from recent cases and monitorships. These edits focus on management commitment, training, third party management, remediating misconduct, monitoring and testing, compensation structures, and consequence management.

Attachment C requirements present a clear guide to DOJ thinking on critical compliance program elements. They have become standardized over the years, and when DOJ revises or alters them, it is a noteworthy development for compliance professionals as well as practitioners. Companies defending their programs before DOJ will need to be prepared to address these new program criteria.

Continue reading →

Assessing the Tornado Cash Indictment against FinCEN’s 2019 Guidance Applying Money Transmission Rules to Crypto Businesses

by Benjamin Gruenstein, Evan Norris, and Daniel Barabander

From left to right: Benjamin Gruenstein, Evan Norris, and Daniel Barabander. Photos courtesy of the authors

Introduction

On August 23, 2023, the U.S. Attorney’s Office for the Southern District of New York announced the unsealing of an indictment against Roman Storm and Roman Semenov charging, among other things, conspiracy to operate an unlicensed money transmitting business in connection with their role as founders of Tornado Cash, from at least March 2022 until August 8, 2022.[1] A significant focus of the indictment is the “secret note” that customers used when depositing to and withdrawing from Tornado Cash, a “mixing service” that the indictment alleges “combined multiple unique features to execute anonymous financial transactions in various cryptocurrencies for its customers.” (¶¶ 1, 15, 18, 24.) However, despite allegations that the secret note was transmitted through various components of Tornado Cash that the founders controlled when a customer withdrew funds, in reality, the customer never relinquished control over the secret note. Rather, she sent only a “proof” that revealed nothing about the secret note and could only be validated by the smart contract to send funds directly from the smart contract to the customer. In this way, the founders may have exercised “necessary” control over funds, meaning that when the customer used Tornado Cash, components of the system the founders allegedly controlled may have been necessary to send the message to transfer the value in that particular transaction. However, based on our review of how the secret note worked during the period when the founders are alleged to have conspired to operate a money transmission business, the founders did not exercise “sufficient” control, meaning these components could not have transferred value independently from the customer. This is because Tornado Cash and its founders had no ability during this period to access the secret note to dictate how funds would be transferred.

This distinction between types of control is critical. Under the U.S. Department of the Treasury’s Financial Crimes Enforcement Network’s (“FinCEN”) non-binding 2019 guidance, a “money transmitter” must have “total independent control” over customer funds to qualify as such, which we interpret based on our review of the guidance to require both “necessary” and “sufficient” control.[2] Without access to a customer’s secret note, the Tornado Cash founders could not have had the requisite control over customer funds to qualify as a money transmitter under FinCEN’s 2019 guidance.[3]

Continue reading →

DOJ Announces New Safe Harbor Policy to Encourage Acquiring Companies to Timely Disclose Misconduct Uncovered During M&A Transactions

by Jacquelyn M. Kasulis, Zachary S. Brez, Nick Niles, Meghan Dolan, Grace Zhu, Shruti Chandhok, Brian Benczkowski, Mark Filip, John Lausch, Kim B. Nemirow, Marcus Thompson, Asheesh Goel, Cori A. Lable, Erin Nealy Cox, and David Weiner

Top left to right: Jacquelyn M. Kasulis, Zachary S. Brez, Nick Niles, Meghan Dolan, and Grace Zhu.
Middle left to right: Brian Benczkowski, Mark Filip, John Lausch, Kim B. Nemirow, and Marcus Thompson.
Bottom left to right: Asheesh Goel, Cori A. Lable, Erin Nealy Cox, and David Weiner.
Not pictured: Shruti Chandhok.
(Photos courtesy of Kirkland & Ellis LLP)

Overview

Deputy Attorney General Lisa Monaco recently announced that the Department of Justice has adopted a new Mergers & Acquisitions Safe Harbor Policy, in remarks delivered at the Society of Corporate Compliance and Ethics’ 22nd Annual Compliance & Ethics Institute on October 4, 2023. Under the Safe Harbor Policy, acquiring companies will receive a presumption of declination of prosecution if they: (1) promptly and voluntarily disclose criminal misconduct within six months from closing of an acquisition, (2) cooperate with the DOJ’s investigation and (3) engage in timely and appropriate remediation, restitution and disgorgement. The Safe Harbor Policy, which will be applied department-wide, is a continuation of the DOJ’s efforts to incentivize voluntary self-disclosure and encourage companies to prioritize compliance.

Continue reading →