U.S. Authorities Charge Adani Defendants with Integrity Washing

by Kevin E. Davis

Photo of the author

Photo courtesy of NYU

Gautam Adani is the founder of one of India’s largest conglomerates and ranks among the country’s prominent business people. He and his nephew Sagar Adani are learning the hard way that, in the U.S. legal system, the coverup can be treated just about as severely as the crime.

The Department of Justice and the Securities and Exchange Commission have accused the Adani defendants of collaborating with executives of a U.S.-listed Mauritian company called Azure Power Global Ltd. in a massive bribery scheme. The conspirators allegedly paid over USD 250 million in bribes to officials in the governments of several Indian states. The bribes were to induce the officials to purchase power that would be supplied by Adani Green Energy Ltd., an Indian company controlled by the Adani defendants, as well Azure. 

Continue reading

Protecting Consumers’ Location Data: Key Takeaways from Four Recent Cases

by Bhavna Changrani

Photo courtesy of the author

Photo courtesy of the author

Since the start of this year, the FTC has announced four groundbreaking cases addressing issues with how businesses collect and, in some cases misuse, people’s location data. If your business collects, buys, sells, or uses location data, take a minute to read about the FTC’s most recent enforcement actions against data brokers and aggregators — MobilewallaGravy/Venntel, InMarket, and X-Mode/Outlogic — and consider these takeaways:

Continue reading

CFPB Issues Final “Open Banking” Rule Requiring Covered Entities to Provide Consumers Access and Transferability of Financial Data

by Jarryd Anderson, Jessica S. Carey, John P. Carlin, Roberto J. Gonzalez, Brad S. Karp, and Kannon Shanmugam

Photos of authors

Top Left to Right: Jarryd Anderson, Jessica Carey, and John Carlin. Bottom Left to Right: Roberto Gonzalez, Brad Karp, and Kannon Shanmugam. (photos courtesy of Paul Weiss)

On October 22, 2024, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) published a 594-page Notice of Final Rulemaking for its “Personal Financial Data Rights” rule, commonly known as the “Open Banking” rule, which will require covered entities—generally, providers of checking and prepaid accounts, credit cards, digital wallets, and other payment facilitators—to provide consumers and consumer-authorized third parties with access to consumers’ financial data free of charge.[1] Covered entities are required to comply with uniform standards to provide access to this financial data through consumer and developer interfaces.[2] The rule imposes requirements on authorized third parties (such as fintechs), as well as data aggregators that facilitate access to consumers’ data, including required disclosures to consumers regarding the third parties’ use and retention of the requested data and a requirement that the data only be used in a manner reasonably necessary to provide the requested product or service (thus foreclosing selling the data or using it for targeted advertising or cross selling purposes).[3]

Continue reading

The CFIUS Colossus: CFIUS’s Expanding Authority Changes the Risk Calculus for M&A Transactions

by Stephenie Gosnell Handler, Michelle Weinbaum, Mason Gauch, and Chris Mullen

Photos of the authors

Left to right: Stephenie Gosnell Handler, Mason Gauch, and Chris Mullen. (Photos courtesy of Gibson Dunn & Crutcher LLP)

A new final rule from the U.S. Department of the Treasury will expand CFIUS’s authority to request information from parties related to a transaction, increases potential penalty amounts, and expedites mitigation agreement negotiations in certain situations. With the exception of modifying the time frame within which parties are required to respond to mitigation agreement proposals, CFIUS largely adopted the language of its April 2024 proposed rule.

On November 18, 2024, the U.S. Department of the Treasury (“Treasury”), as Chair of the Committee on Foreign Investment in the United States (“CFIUS” or “the Committee”) issued a final rule largely codifying a rule proposed in April 2024, with only a handful of small, yet meaningful, changes. As noted in the accompanying press release, the final rule: Continue reading

The New ‘Failure to Prevent Fraud’ Corporate Offence — UK Government Publishes Guidance

by Karolos Seeger, Aisling Cowell, Andrew H. Lee, and Sophie Michalski

Photo of the authors

Left to Right: Karolos Seeger, Aisling Cowell, Andrew H. Lee, and Sophie Michalski (photos courtesy of Debevoise & Plimpton LLP)

On 6 November 2024, the Home Office finally published government guidance on the corporate offence of failure to prevent fraud (the “FTPF Offence”), which was introduced in the Economic Crime and Corporate Transparency Act 2023 enacted last October. The new offence will now come into force on 1 September 2025, giving companies a longer period to prepare than had been expected. 

Continue reading

SEC Acting Director of Enforcement Delivers Remarks at PCCE’s Fall Conference

On November 22, 2024, the NYU Law Program on Corporate Compliance and Enforcement (PCCE) hosted a conference titled “New Directions in Corporate and Individual Enforcement.”  At the conference, Sanjay Wadhwa, Acting Director of Enforcement, Securities and Exchange Commission (SEC), delivered remarks on the SEC’s enforcement priorities and enforcement policy, which are reprinted below and available on the SEC’s website here.  After his remarks, Wadhwa participated in a fireside chat with PCCE’s Executive Director, Joseph Facciponti.

Photo of speaker

Sanjay Wadhwa (©Hollenshead: Courtesy of NYU Photo Bureau)

Good afternoon. Thank you to the Program on Corporate Compliance and Enforcement for the opportunity to speak to you all.

Continue reading

DOJ Announces Changes to Corporate Enforcement Policy at PCCE’s Fall Conference

On November 22, 2024, the NYU Law Program on Corporate Compliance and Enforcement (PCCE) hosted a conference titled “New Directions in Corporate and Individual Enforcement.”  At the conference, Nicole Argentieri, Principal Deputy Assistant Attorney General, Criminal Division, U.S. Department of Justice (DOJ), delivered remarks on DOJ’s corporate enforcement policies, including recent policy changes. A note on DOJ’s blog regarding these changes is reprinted below and is available here. More resources on DOJ’s corporate enforcement policies are available here.

Photo of speaker

Nicole Argentieri, Principal Deputy Assistant Attorney General, DOJ (©Hollenshead: Courtesy of NYU Photo Bureau)

Courtesy of Principal Deputy Assistant Attorney General Nicole M. Argentieri

A crucial element of the Justice Department’s fight against white collar crime is transparency — being clear about what we at the department are doing and why. As someone who has spent significant time as a defense lawyer, I know from personal experience how important it is to be able to explain to your client — whether that client is an individual or a board of directors at a publicly traded company — what is happening in an investigation, how the government might view their actions, and the risks and the benefits of proceeding in a certain way.

Continue reading

SEC Continues Focus on AI and Cyber-Risk Related Enforcement Cases

by Brendan F. Quigley and Matthew R. Baker

photos of authors

Left to right: Brendan F. Quigley and Matthew R. Baker. (Photos courtesy of Baker Botts)

The SEC kicked off its fiscal year by bringing enforcement actions focused on AI and cyber disclosures. As discussed in more detail below:

  • These actions again show SEC Enforcement prioritizing “hot button” issues like AI and cyber, highlighting, for example, a company’s statements about its use of AI in what otherwise appeared to be a fairly garden-variety securities fraud case.
  • The actions largely involve well-worn principles of securities law applied in the context of emerging technologies, including (i) while there may be no obligation to speak on a particular issue (such as AI), if a company does speak, its statements must be full, complete, and not misleading and (ii) companies’ obligation to consider whether existing disclosures need to be updated in light of recent events (such as a cyberattack).
  • The cyber-disclosure actions prompted a lengthy, two-commissioner dissent, accusing the commission of playing “Monday morning quarterback” by bringing the case, highlighting the potential for the upcoming election (and the appointment of commissioners under a new administration) to impact the SEC’s enforcement posture.
  • The dissent in the cyber cases also undertook a lengthy analysis, comparing the allegations in the settled cases to allegations against another company, arising out of the same series of cyberattacks, in an action the SEC litigated in federal district court. As we discussed here and as pointed out by the dissent, the federal district court dismissed many of those allegations. While deciding to settle with the SEC (or any government agency) is always a complicated, multi-faceted decision, the dissent’s comparison of the litigated case and the settled actions shows the need for parties under investigation to seriously consider the merits of potentially litigating cases when appropriate.

Continue reading

Defense Department Unveils Final Rule for CMMC 2.0 Program: The Time Is Now for Defense Contractors To Get Compliant

by Beth Burgin Waller, Anthony Mazzeo, and Patrick Austin

Photos of the authors

Left to right: Beth Burgin Waller, Anthony Mazzeo, and Patrick Austin. (photos courtesy of authors)

If you work for a defense contractor or subcontractor responsible for handling controlled unclassified information (CUI) and/or federal contract information (FCI), the U.S. Department of Defense posted the final rule for the highly anticipated Cybersecurity Maturity Model Certification 2.0 program (CMMC 2.0 or the Final Rule).  Issuance of the Final Rule (full text available here in PDF format) likely means DoD will begin implementing new, stringent cybersecurity standards for defense contractors at some point in early-to-mid 2025.   

Continue reading

Trust, But Verify…Therein Lies the Rub: A Fresh Look at Audits of Export Controls Compliance Programs

by Brent Carlson and Michael Huneke

Photos of the authors

Left to right: Brent Carlson and Michael Huneke (Photos courtesy of the authors)

Export controls have risen to a top corporate compliance priority in recent years, and now even pose enterprise risk for many companies.[1] The combination of new rules and enforcement signals from the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) and increasing bipartisan congressional scrutiny, means that in-house legal and compliance teams face enormous challenges. New, innovative tools and techniques are necessary to stay ahead of the game, and this includes making upgrades to keep a company’s audits effective.

Continue reading