Supreme Court Punches SEC APs Right in the Seventh Amendment

by Andrew J. Ceresney, Charu A. Chandrasekhar, Arian M. June, Robert B. Kaplan, Julie M. Riewe, Kristin A. Snyder, and Jonathan R. Tuttle

Photos of the authors

Top left to right: Andrew J. Ceresney, Charu A. Chandrasekhar, Arian M. June, and Robert B. Kaplan. Bottom left to right: Julie M. Riewe, Kristin A. Snyder, and Jonathan R. Tuttle. (Photos courtesy of Debevoise & Plimpton LLP)

Recently, in a long-awaited ruling with significant implications for the securities industry and administrative agencies more generally, the U.S. Supreme Court affirmed the Fifth Circuit’s decision in Jarkesy v. SEC, holding that the Seventh Amendment right to a jury trial precluded the U.S. Securities and Exchange Commission (the “SEC”) from pursuing monetary penalties for securities fraud violations through in-house administrative adjudications. The key takeaways are:

  • The Court’s ruling was limited to securities fraud claims, but other SEC claims seeking legal remedies may be impacted, as well as claims by other federal agencies that may have been adjudicated in-house previously.
  • We expect that the SEC will continue its practice of bringing new enforcement actions in district court, except when a claim only is available in the administrative forum.
  • Because of the majority decision’s focus on fraud’s common-law roots, the decision raises questions about whether the SEC may bring negligence-based or strict liability claims seeking penalties administratively.
  • The Court did not resolve other constitutional questions concerning the SEC’s administrative law judges, including whether the SEC’s use of administrative proceedings violates the non-delegation doctrine and whether the SEC’s administrative law judges are unconstitutionally protected from removal in violation of Article III.
  • We anticipate additional litigation regarding these unresolved issues.

Continue reading

CNIL Publishes New Guidelines on the Development of AI Systems

by David Dumont and Tiago Sérgio Cabral

Photos of the authors

David Dumont and Tiago Sérgio Cabral (photos courtesy of Hunton Andrews Kurth LLP)

On June 7, 2024, following a public consultation, the French Data Protection Authority (the “CNIL”) published the final version of its guidelines addressing the development of AI systems from a data protection perspective (the “Guidelines”). Read our blog on the pre-public consultation version of these Guidelines.

In the Guidelines, the CNIL states that, in its view, the successful development of AI systems can be reconciled with the challenges of protecting privacy.

Continue reading

Incident Response Plans Are Now Accounting Controls? SEC Brings First-Ever Settled Cybersecurity Internal Controls Charges

by Andrew J. Ceresney, Charu A. Chandrasekhar, Luke Dembosky, Erez Liebermann, Benjamin R. Pedersen, Julie M. Riewe, Matt Kelly, and Anna Moody

Photos of the authors

Top left to right: Andrew J. Ceresney, Charu A. Chandrasekhar, Luke Dembosky and Erez Liebermann. Bottom left to right: Benjamin R. Pedersen, Julie M. Riewe, Matt Kelly and Anna Moody. (Photos courtesy of Debevoise & Plimpton LLP)

In an unprecedented settlement, on June 18, 2024, the U.S. Securities & Exchange Commission (the “SEC”) announced that communications and marketing provider R.R. Donnelley & Sons Co. (“RRD”) agreed to pay approximately $2.1 million to resolve charges arising out of its response to a 2021 ransomware attack. According to the SEC, RRD’s response to the attack revealed deficiencies in its cybersecurity policies and procedures and related disclosure controls. Specifically, in addition to asserting that RRD had failed to gather and review information about the incident for potential disclosure on a timely basis, the SEC alleged that RRD had failed to implement a “system of cybersecurity-related internal accounting controls” to provide reasonable assurances that access to the company’s assets—namely, its information technology systems and networks—was permitted only with management’s authorization. In particular, the SEC alleged that RRD failed to properly instruct the firm responsible for managing its cybersecurity alerts on how to prioritize such alerts, and then failed to act upon the incoming alerts from this firm.

Continue reading

Treasury and FSOC Sharpen Focus on Risks of AI in the Financial Sector

by Alison M. Hashmall, David Sewell, Beth George, Andrew Dockham, Megan M. Kayo and Nathaniel Balk

Photos of the authors

Top left to right: Alison M. Hashmall, David Sewell and Beth George. Bottom Left to Right: Andrew Dockham, Megan M. Kayo and Nathaniel Balk. (Photos courtesy of Freshfields Bruckhaus Deringer LLP)

On June 6-7, 2024, the Financial Stability Oversight Council (FSOC or the Council) cosponsored a conference on AI and financial stability with the Brookings Institution (the FSOC Conference).  The conference was billed as “an opportunity for the public and private sectors to convene to discuss potential systemic risks posed by AI in financial services, to explore the balance between encouraging innovation and mitigating risks, and to share insights on effective oversight of AI-related risks to financial stability.” The FSOC Conference featured noteworthy speeches by Secretary of the Treasury Janet Yellen (who chairs the Council), as well as Acting Comptroller of the Currency Michael Hsu.  And in a further sign of increased regulatory focus on AI in the financial industry, the Treasury Department also released a request for information on the Uses, Opportunities, and Risk of Artificial Intelligence (AI) in the Financial Services Sector (the AI RFI) while the conference was happening – its most recent, and most comprehensive, effort to understand how AI is being used in the financial industry.

In this blog post, we first summarize the key questions raised and topics addressed in the AI RFI.  We then summarize the key takeaways from FSOC’s conference on AI and discuss how these developments fit within the broader context of actions taken by the federal financial regulators in the AI space. Lastly, we lay out takeaways and the path ahead for financial institutions as they continue to navigate the rapid development of AI technology.

Continue reading

European Union Finally Adopts Corporate Sustainability Due Diligence Directive

by Samantha Rowe, Patricia Volhard, Jin-Hyuk Jang, John Young, Ulysses Smith, Jesse Hope, Harry Just, and Andrew Lee

Photos of the authors

Top left to right: Samantha Rowe, Patricia Volhard, Jin-Hyuk Jang and John Young. Bottom left to right: Ulysses Smith, Jesse Hope, Harry Just and Andrew Lee. (Photos courtesy of Debevoise & Plimpton LLP)

On 24 May 2024, the European Council (the “Council”) formally adopted the Corporate Sustainability Due Diligence Directive (the “CSDDD” or the “Directive”). The regime introduces human rights, environmental and governance due diligence obligations for in scope companies’ and their subsidiaries’ operations, and in their “chain of activities”, which are companies’ supply and distribution chains.

Continue reading

The Need to Integrate Externalities, Market Failures, and Collective Action Problems in Antitrust Analysis—Thoughts on the US House Judiciary Committee Report on ESG Investigation and the Rebuttal Report

by Maurits Dolmans

Photo of the author.

Photo courtesy of Cleary Gottlieb Steen & Hamilton LLP.

On June 11, 2024, the US House Judiciary Committee released an interim staff report titled “Climate Control: Exposing the Decarbonization Collusion in Environmental, Social and Governance (ESG) Investing” (the “Majority Report). This was followed by a hearing by the House Judiciary Committee on June 12.

The Majority Report contains strongly worded conclusions.  It argues that a “climate cartel’ of left-wing environmental activists and major financial institutions has colluded to force American companies to ‘decarbonize’ and reach ‘net zero.’”  Organizations like Climate Action 100+, Ceres, CalPERS, and Arjuna, for instance, allegedly “declared war on the American way of life,” to limit how Americans “drive, fly, and eat.”  They did this “by forcing corporations to disclose their carbon emissions, to reduce their carbon emissions, and … handcuffing company leadership and muzzling corporate free speech and petitioning.”  Employing nice alliteration, it is said they “collude to kill carbon.”  It is suggested that corporate compliance with the goals of the Paris Agreement raises prices to American consumers—ignoring the OPEC+ output reductions, the wars in Ukraine and the Middle East, and the Houthi attacks on shipping, but also the long-term costs of climate change, the findings of the International Energy Agency that no new fossil fuel development is needed to meet current and expected demand, and that renewables and nuclear energy are increasingly cheaper than fossil fuels.  The Majority Report boasts of the effect of antitrust threats in causing firms to shy away from cooperation to mitigate the climate risk.

Continue reading

US Antitrust Regulators Threaten Ephemeral Messaging Users and Their Counsel with Obstruction Charges

by Jeremy Calsyn, Nowell Bamberger, Charles P. Balaan, and Joseph M. Kay

Photos of authors

Left to right: Jeremy Calsyn, Nowell Bamberger, Charles P. Balaan, and Joseph M. Kay (photos courtesy of Cleary Gottlieb Steen & Hamilton LLP)

In recent months, federal regulators have made statements that companies and their counsel may be subject to criminal prosecution if they fail to preserve ephemeral messaging data when they receive a subpoena or other legal process.  In January 2024, the Deputy Assistant Attorney General for Criminal Enforcement at the DOJ Antitrust Division warned “failure to produce” ephemeral messaging may result in obstruction charges.[1]  Speaking at the ABA Antitrust Spring Meeting in April 2024, a lawyer for the Antitrust Division echoed that the DOJ “will not hesitate to bring obstruction charges” against company counsel and their clients if clients fail to properly retain so-called “ephemeral messages.[2]  This is consistent with other recent warnings from the DOJ.[3]

The agencies’ focus on features of ephemeral messaging, which they argue can be used to hamper investigations, ignores the fact that ephemeral messaging applications have a legitimate role in the workplace where data security and management is paramount.  Despite the advantages of ephemeral messaging, clients should be aware of the legal and other risks presented by these applications and implement clear information retention policies that account for the organization’s duty to preserve information for litigation and government investigations. 

Continue reading

Recently Enacted AI Law in Colorado: Yet Another Reason to Implement an AI Governance Program

by Avi GesserErez Liebermann, Matt KellyMartha HirstAndreas Constantine PavlouCameron Sharp, and Annabella M. Waszkiewicz

Photos of the authors.

Top left to right: Avi Gesser, Erez Liebermann, Matt Kelly, and Martha Hirst. Bottom left to right: Andreas Constantine Pavlou, Cameron Sharp, and Annabella M. Waszkiewicz. (Photos courtesy of Debevoise & Plimpton LLP)

On May 17, 2024, Colorado passed Senate Bill 24-205 (“the Colorado AI Law” or “the Law”), a broad law regulating so-called high-risk AI systems that will become effective on February 1, 2026.  The law imposes sweeping obligations on both AI system deployers and developers doing business in Colorado, including a duty of reasonable care to protect Colorado residents from any known or reasonably foreseeable risks of algorithmic discrimination.

Continue reading

Succor Borne Every Minute

by Michael Atleson

Federal Trade Commission

Earnest chats with objects are not so unusual. Mark “The Bird” Fidrych, the famed Detroit Tiger, used to stand on the pitching mound whispering to the baseball. Forky, the highly animate utensil from Toy Story 4, once posed deep questions about friendship to a ceramic mug. And many of us have made repeated queries of the Magic 8 Ball despite its limited set of randomly generated answers.

Our talking to computers also goes way back, and that history is getting weirder. We’re seeing a wave of avatars and bots marketed to provide companionship, romance, therapy, or portals to dead loved ones, and even meet religious needs. It may be a function of AI companies making chatbots better at human mimicry in order to convince us that chatbots have social value worth paying for. Consider that some of these companies compare their products to magic (they aren’t), talk about the products having feelings (they don’t), or admit they just want people to feel that the products are magic or have feelings.

Continue reading

DOJ National Security Division Issues First-Ever Declination Under Enforcement Policy

by Satish M. Kini, David A. O’Neil, Jane Shvets, Rick Sofield, Douglas S. Zolkind, Carter Burwell, Connor R. Crowley, and Hillary Hubley

Photos of the authors

Top left to right: Satish M. Kini, David A. O’Neil, Jane Shvets, and Rick Sofield. Bottom left to right: Douglas S. Zolkind, Carter Burwell, Connor R. Crowley, and Hillary Hubley. (Photos courtesy of Debevoise & Plimpton LLP)

Key Takeaways

  • Even in criminal national security matters, early self-reporting, remediation and cooperation can enable companies to avoid prosecution and penalties.
  • Federal enforcement agencies are continuing to collaborate in investigating and prosecuting criminal cases at the intersection of national security and corporate crime.
  • Multinational corporations and academic institutions should be aware of the risk of outsiders fraudulently affiliating themselves with legitimate institutions to skirt export control laws.

Continue reading