The Top 5 Mid-Year Developments in Anti-Money Laundering Enforcement in 2024

by Stephanie Brooker, M. Kendall Day, Ella Capone, Chris Jones, and Ben Schlichting

Photos of the authors

From left to right: Stephanie Brooker, M. Kendall Day, Ella Capone, Chris Jones, and Ben Schlichting. (Photos courtesy of Gibson Dunn & Crutcher LLP)

In this piece, we analyze some of the most important mid-year trends and developments in AML regulation and enforcement thus far in 2024.  Overall, 2024 has been very active, including key proposed and finalized rules, DOJ policy initiatives, and a notable judicial opinion discussed below.  For a longer version of this piece, please visit Gibson Dunn’s website.

Continue reading

Summer Takeaways in SEC Enforcement

by John F. Savarese and 

Photos of authors.

Left to Right: John F. Savarese, Wayne M. Carlin and David B. Anders (Photos courtesy of Wachtell, Lipton, Rosen & Katz)

With the Labor Day holiday now behind us, it is a good time to review the SEC’s active enforcement docket and to look ahead to likely areas of continuing enforcement attention as we head into the fall.  The record over the past few months reflects a continuing emphasis on certain major program areas, along with progress on a new enforcement initiative:

Whistleblower Awards.  The whistleblower program continues to be a tremendous source of investigative leads for the enforcement staff.  In July and August alone, the SEC announced bounty payments to six whistleblowers totaling $196 million.  These announcements included an award of $82 million to a single individual who provided information that led to the opening of an investigation.  In addition, two separate whistleblowers received awards of $37 million each in connection with different matters.

Continue reading

Takeaways from the Dismissal of Most of the Government’s Case Against the SolarWinds CISO

by Ilona Cohen

Photo of the author

Photo courtesy of the author

Last year, the government filed a landmark lawsuit alleging that SolarWinds and its Chief Information Security Officer (CISO) misled the public about the company’s cybersecurity practices before and after a major cyberattack. The charges surprised leaders in the industry and forced many companies to reevaluate their own security programs. In a recent development, however, a judge in New York dismissed most of the charges against the company and SolarWinds’ CISO, leaving many to wonder what these developments mean for them.

The case against SolarWinds was filed by the Securities and Exchange Commission (SEC), a government agency that has interpreted its authority broadly to regulate publicly traded companies. The court did not agree with the SEC’s use of that authority in key respects and dismissed allegations that the statements in SolarWinds’ press releases, blog posts, podcasts, and certain SEC filings, misrepresented the company’s cybersecurity risks and controls.

Continue reading

FinCEN Adopts Rule Extending AML/CFT Requirements to RIAs and ERAs, Further Increasing Regulatory Obligations on Investment Advisers

Photos of authors

Left to Right: David Sewell, Timothy Clark, Ivet Bell, David Nicolardi, and Nathaniel Balk (photos courtesy of authors)

On August 28, 2024, the Financial Crimes Enforcement Network (FinCEN)  adopted a final rule that extends anti-money laundering (AML) and countering the financing of terrorism (CFT) compliance obligations to certain types of investment advisers (the Final Rule), and delegates to the U.S. Securities and Exchange Commission (SEC) the authority to examine investment advisers’ compliance with these obligations.[1] The Final Rule ends a long-running debate over whether to subject investment advisers to AML/CFT obligations after multiple prior proposals to do so had stalled. 

The Final Rule imports standards and requirements that will be familiar to investment advisers affiliated with financial institutions already subject to AML/CFT obligations, but may be new to  smaller and independent investment advisers.  For these entities, the compliance uplift required could be substantial.

Continue reading

Confronting Percoco and Full Play: The Limitations of Honest Services Fraud and the Travel Act as an Alternative Source of Liability for Commercial Bribery

by Hector Correa Gaviria and Berke Gursoy

Photos of the authors

Left to Right: Hector Correa Gaviria and Berke Gursoy (photos courtesy of authors)

On September 1st, 2023, District Court Judge Pamela Chen delivered a startling decision, overturning the honest services fraud convictions of Hernán Lopez, former Fox executive, and FullPlay Group, S.A., an Argentine sports marketing company. Lopez and FullPlay were convicted of federal wire fraud for bribing employees of the Fédération Internationale de Football Association (FIFA) and CONMEBOL (the South American soccer federation under the umbrella of FIFA) to secure lucrative broadcasting contracts for some of Latin America’s most prestigious soccer tournaments and World Cup qualifying matches.

In United States v. Full Play,[1] a federal jury found that Lopez and FullPlay used U.S. wires to defraud FIFA by depriving the international soccer organization of the right to its employees’ faithful and honest services in violation of 18 U.S.C. §§ 1343 and 1346 (jointly referred to as honest services wire fraud “HSF”). However, soon after this conviction, the Supreme Court in Percoco v. United States limited the scope of HSF.[2] They did so by restricting the sources of fiduciary duty that can support an HSF conviction, holding that a limited number of on-point pre-McNally cases was insufficient to sustain an HSF conviction.[3] Through this ruling, Percoco essentially established a limiting principle for HSF; however, it did not articulate a test for when an actionable fiduciary duty under HSF could be found.[4]

In the wake of Percoco, the defendants in Full Play filed a motion for acquittal on their honest services charges.  They argued that under Percoco, honest services fraud does not cover foreign commercial bribery because the statute requires defendants to induce a violation of the bribe-recipient’s fiduciary duty to the victim organization and because the type of fiduciary duty alleged in this case, a duty owed by foreign employees to a foreign employer, is not cognizable under §1346. Judge Chen agreed, holding that there was not “even a smattering” of pre-McNally cases to support the defendants’ HSF convictions.[5]

Though this case is under appeal, the judge’s ruling represents the difficulties of post-Percoco commercial bribery prosecutions through § 1346.[6] This article will argue that the Travel Act, 18 USC § 1952, represents an effective substitute for § 1346 that allows federal prosecution of commercial bribery through both HSF and state-level commercial bribery statutes.

Continue reading

EU Court Upholds Commission’s Power To Demand Data Held by Foreign Companies

by Bill Batchelor, Ryan D. Junck, David A. Simon, Nicola Kerr-Shaw, Bora P. Rawcliffe, and Margot Seve

Photos of the authors

Top left to right: Bill Batchelor, Ryan D. Junck, and David A. Simon. Bottom left to right: Nicola Kerr-Shaw, Bora P. Rawcliffe, and Margot Seve (Photos courtesy of authors)

Summary

In Nuctech Warsaw (T-284/24), the EU Court of Justice held that EU subsidiaries can lawfully be required to provide access to email accounts and data held by their overseas parent company. The ruling involved the following framing:

  • Broad reach of EU extraterritorial investigative powers: The order interprets the European Commission’s (EC’s) investigative powers broadly. EU law applies to conduct with significant effects in the EU, even if the conduct occurs outside the EU. Consequently, the EC may request information from non-EU companies to assess potential EU law violations.
  • Implications for other EU enforcement regimes: The investigation was carried out under the EU Foreign Subsidies Regulation (FSR), but the ruling has implications for the EC’s powers under general antitrust rules and other regulations such as the Digital Markets Act or the Digital Services Act. The judgment follows divergent rulings in the UK that limited the extraterritorial reach of UK regulators’ enforcement powers in fraud and antitrust cases. (See our February 2021 alert “English Supreme Court Limits Serious Fraud Office’s Extraterritorial Reach” for more details.)
  • Siloing access to data within a corporate organization: The ruling held that there was no evidence local subsidiaries could not access China-held data, or that compliance with the EC’s inspection decision would compel the applicants and the group to infringe Chinese law, including criminal law. Therefore, companies should consider:
    • If their IT environment and procedures can be siloed to enable the company to demonstrate that accessing parent company data from the EU is not technically feasible without cooperation from the non-EU entities.
    • Whether law and regulation applicable to a company would prevent it from sharing this data with an EU regulator. If so, this should be well-documented in advance, potentially with external legal counsel validation, so that any refusal to comply with a request for data could be quickly substantiated with specific reference to other applicable laws.

Continue reading

It May Not Be Worth the Paper (or Pixel) It’s Written On (Part 2): A Fresh Look at Common Responses to Bolster Export Controls Compliance Programs as BIS Primes the Corporate Enforcement Engine

by Brent Carlson and Michael Huneke

Photos of the authors

Brent Carlson and Michael Huneke (photos courtesy of authors)

Amid reports of continued export controls diversion[1] to entities in locations including China, Russia, Iran, and North Korea, the U.S. Commerce Department’s Bureau of Industry and Security (“BIS”) has been priming the corporate enforcement engine.[2] This dynamic increases challenges for in-house legal and compliance teams to respond to BIS’ latest moves and bolster compliance program effectiveness. In this new environment, the greatest compliance risks revolve around explaining and defending relationships with distributors and resellers in the face of allegations and reports of product diversion or other “red flags” indicating the same—a task made more nuanced under the “high probability” standard of “knowledge” recently highlighted by BIS in new guidance issued on July 10, 2024 (the “July 10 BIS Guidance”).[3]

In Part 1 we previously discussed the practice of using letters of assurance—and the problems of relying solely upon them without resolving related red flags—to bolster export controls compliance programs in response to the new BIS enforcement playbook.[4] In Part 2 we now examine other common responses based on legacy approaches to export controls and why they are ineffective—and even detrimental—in today’s new and evolving enforcement environment.

Continue reading

CFTC Begins Its Enforcement of NDA Rule with Action Against Trafigura

by Benjamin Calitri

Benjamin Calitri

Photo courtesy of the author

On June 17, 2024, Trafigura Trading LLC (“Trafigura”) agreed to pay $55 million to settle charges brought by the Commodity Futures Trading Commission (“CFTC) that they “traded gasoline while in knowing possession of material nonpublic information, . . . manipulated a fuel oil benchmark to benefit its futures and swaps positions,” and notably that they violated CFTC Regulation 165.19(b) by “requir[ing] its employees to sign employment agreements, and request[ing] that former employees sign separation agreements containing non-disclosure provisions prohibiting them from disclosing company information, with no exception for law enforcement agencies or regulators.” This is the CFTC’s first enforcement of Regulation 165.19(b).

Continue reading

Shining a Light on the Shadows: A Data-Driven Look at Global Anti-Corruption Efforts

by Leonardo Borlini

Photo of author

Photo courtesy of the author

Corruption has been the target of significant international efforts in recent decades. A complex web of international treaties and monitoring mechanisms has emerged, aiming to curb this global scourge. But how effective are these efforts? Are countries truly implementing and complying with their international anti-corruption commitments?

In my recent study, Compliance Mechanisms as a Diagnostic and Prognostic Tool for the Evolution of the International Anti-Corruption Cooperation: A Data-Driven Study, forthcoming in 22(2) International Constitutional Law Journal (2024), I try to shed light on these questions. Using innovative text-as-data analysis, the study delves into the vast trove of evaluation and compliance reports produced by the monitoring mechanisms established by the main international anti-corruption. The findings offer a comprehensive assessment of the successes, failures, and enduring challenges in global anti-corruption cooperation.

Continue reading

Dutch Data Protection Authority Imposes a Fine of 290 Million Euros on Uber

by Sarah Pearce and Ashley Webber

Photos of authors.

Left to right: Sarah Pearce and Ashley Webber (Photos courtesy of the Hunton Andrews Kurth LLP)

On August 26, 2024, the Dutch Data Protection Authority (the “Dutch DPA”), as lead supervisory authority, announced that it had imposed a fine of 290 million euros ($324 million) on Uber.  The fine related to violations of the international transfer requirements under the EU General Data Protection Regulation (the “GDPR”). 

The Dutch DPA launched an investigation into Uber following complaints from more than 170 French Uber drivers to the French human rights interest group the Ligue des droits de l’Homme, which subsequently submitted a complaint to the French Data Protection Authority (the “CNIL”).  The CNIL then forwarded the complaints to the Dutch DPA as lead supervisory authority for Uber.

Continue reading