Consumer Financial Protection Bureau Stands Up to Protect Whistleblowers from Overly Broad NDAs

by Benjamin Calitri

Benjamin Calitri

Photo courtesy of author

Protections for whistleblowers from overly expansive non-disclosure agreements (NDAs) aimed at preventing whistleblowers from providing information to law enforcement and regulators have been expanding exponentially in the past year. The Securities and Exchange Commission’s (SEC) enforcement of Rule 21F-17(a) has gained teeth by increasing the monetary sanctions for enforcement. The Commodity Futures Trading Commission (CFTC) took its first enforcement of Regulation 165.19(b) against Trafigura for the use of NDAs meant to silence whistleblowers. The latest agency to take action against overly expansive NDAs is the Consumer Financial Protection Bureau (CFPB), which has announced that their employee protection regulation applies to NDAs that seek to silence whistleblowers.

Continue reading

PCCE to Host Senior DOJ Officials on September 17th to Discuss Newly-Announced Whistleblower Program

Photos of speakers

On September 17th, 2024, the Program on Corporate Compliance and Enforcement will host U.S. Department of Justice officials Nicole Argentieri and Brent Wible as well as other experts for a discussion on the Department of Justice’s newly-announced whistleblower pilot program.

After PDAAG Argentieri’s remarks, Brent Wible will engage in a moderated fireside chat and will be taking questions from the audience.

Following remarks and the fireside chat, there will be a moderated panel discussion by a panel of experts in corporate enforcement, compliance, and whistleblower programs from both the private sector and government.  Panelists include:

  • Jane Norberg, Partner, Arnold & Porter LLP
  • Preston Pugh, Partner, Crowell & Moring LLP
  • Daniel Richman, Paul J. Kellner Professor of Law, Columbia Law School
  • Max Rodriquez, Principal and Founder, Law Office of Max Rodriguez  
  • Andrew Weissman, Professor of Practice, NYU School of Law

The event will be in-person only at NYU School of Law. Check-in will open at 5:30 pm. The program will begin 6 PM in Lipton Hall at 108 W 3rd Street, Lower Level, New York NY 10012. There will be a reception following the event from 8:00 – 8:30 PM. 

Pre-registration is required to attend. Click here to registerWe expect that 2 credits of NY CLE will be offered for attendees who sign in and out at the venue.

We look forward to seeing you!

Where’s the Beef? Demonstrating “Timely & Appropriate” Remediation

by Jonny Frank, Michele Edwards, and Christopher Hoyle

photos of the authors

Left to right: Jonny Frank, Michele Edwards and Christopher Hoyle. Photos courtesy of StoneTurn Group, LLP.

This article is part 4 in a series on remediation. Read part 1 on Root Cause Analysis here, part 2 on Read Across and Remediation here, and part 3 on Corrective Action Plans here.

Organizations seeking credit for “timely and appropriate” remediation under the DOJ’s Corporate Enforcement Policy (“CEP”) must show they conducted a comprehensive root cause analysis, addressed the root cause findings, and implemented an effective compliance program.[1] Additional guidance on DOJ expectations appears in Criminal Division memos on the evaluation of compliance programs,[2] and the selection of corporate compliance monitors.[3] The SEC has similar expectations.[4]

Building on our discussion of Root Cause Analysis (“RCA”), Similar Misconduct, and Timely and Effective Corrective Action Plans, this article suggests key steps to demonstrate the remediation and compliance program effectiveness to the board, prosecutors, regulators and other stakeholders.   

Continue reading

Risks of Cross Border Operations: Chiquita Brands International Found Liable for Financing Terrorism

by Timothy Harkness, Peter Linken, Scott Eisman, and Maylin Meisenheimer

photos of the authors

From left to right: Timothy Harkness, Peter Linken, Scott Eisman and Maylin Meisenheimer (Photos courtesy of Freshfields Bruckhaus Deringer LLP)

Doing business in conflict zones has always been complicated. Increased litigation has compounded those risks in recent years. A June 2024 federal jury verdict against Chiquita Brands International illustrates the changing legal landscape. The jury in Florida found Chiquita liable for financing Autodefensas Unidas de Colombia (“AUC”), a Colombian paramilitary group, and awarded a bellwether group of plaintiffs $38.3 million in damages. A second bellwether trial against Chiquita is scheduled for later this year, and thousands of related claims against Chiquita remain pending. Although the Chiquita litigation has spanned almost two decades, this jury verdict represents the first liability determination and paves the way for the second bellwether trial and eventual resolution of all pending claims. As each plaintiff was awarded around $2 million, Chiquita could be facing hundreds of millions of dollars in damages as the broader litigation includes vastly more victims.

The Chiquita verdict is a signal to corporations that U.S. courts may be more willing to find them liable for actions that occurred abroad and that plaintiffs may increasingly choose to file these claims in U.S. courts. In Chiquita, the alleged actions took place in Colombia and the claims at issue were brought under Colombian law, but this is just one example among many. In Kaplan v. Lebanese Canadian Bank, for example, the Second Circuit held that the plaintiffs plausibly pleaded that Lebanese Canadian Bank had aided and abetted acts of international terrorism under the Antiterrorism Act (“ATA”) by alleging that the bank had processed transactions in Lebanon for individuals closely affiliated with Hezbollah. As companies weigh the risks of doing business abroad and how best to structure their operations, this verdict should be at the forefront of their minds.

Continue reading

DOJ Launches New Whistleblower Incentive Program

by Kevin ChambersTerra ReynoldsDouglas K. Yatter, and Lilia B. Vazova

Photos of authors.

From left to right: Kevin Chambers, Terra Reynolds, Douglas K. Yatter, and Lilia B. Vazova. (Photos courtesy of Latham & Watkins LLP)

DOJ’s pilot program aims to fill gaps in existing federal whistleblower programs and incentivize prompt corporate self-disclosure alongside individual whistleblower tips.

Following the March 2024 announcement of its intention to introduce a new corporate whistleblower incentive program, on August 1, 2024, the Department of Justice (DOJ) launched a three-year pilot program for rewarding whistleblowers who alert DOJ to significant corporate misconduct. DOJ’s new program, modeled after whistleblower programs run by the Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission (CFTC), and the Financial Crimes Enforcement Network (FinCEN), may generate a significant number of tips about potential misconduct and adds an important new dimension for companies’ compliance measures and handling of investigations.

Continue reading

The EU AI Act is Officially Passed – What We Know and What’s Still Unclear

by Avi Gesser, Matt KellyRobert Maddox, and Martha Hirst 

Photos of authors.

From left to right: Avi Gesser, Matt Kelly, Robert Maddox, and Martha Hirst. (Photos courtesy of Debevoise & Plimpton LLP)

The EU AI Act (the “Act”) has made it through the EU’s legislative process and has passed into law; it will come into effect on 1 August 2024. Most of the substantive requirements will come into force two years later, from 1 August 2026, with the main exception being “Prohibited” AI systems, which will be banned from 1 February 2025.

Despite initial expectations of a sweeping and all-encompassing regulation, the final version of the Act reveals a narrower scope than some initially anticipated.

Continue reading

The Supreme Court’s Business Docket: October Term 2023 in Review

by John F. Savarese, Kevin S. Schwartz, Noah B. Yavitz, Adam L. Goodman, and Akua Abu

Photos of the authors

Left to right: John F. Savarese, Kevin S. Schwartz, Noah B. Yavitz, Adam L. Goodman, and Akua F. Abu. (Photos courtesy of the authors)

In early July, the Supreme Court concluded its most consequential Term in years, with a flood of decisions on contentious issues ranging from abortion access to the regulation of social media companies and gun possession to presidential immunity. The Court’s business docket was no less active. While the Consumer Financial Protection Bureau narrowly survived a constitutional challenge to its funding mechanism, the Court’s conservative majority elsewhere struck body blows to the administrative state—including the long-anticipated reversal of the Chevron doctrine of judicial deference to agency interpretation of ambiguous statutes. Beyond this headline-grabbing showstopper, the Court issued a string of commercially significant decisions, affecting bankruptcy, arbitration, securities, and employment law. We summarize below the key business decisions from this Term and flag a few key cases to watch in the coming Term.

Continue reading

SEC Releases New Guidance on Material Cybersecurity Incident Disclosure

by Eric T. JuergensErez LiebermannBenjamin R. Pedersen, Paul M. Rodel, Anna Moody, Kelly Donoghue, and John Jacob

Photos of authors.

Top left to right: Eric T. Juergens, Erez Liebermann, Benjamin R. Pedersen, and Paul M. Rodel. Bottom left to right: Anna Moody, Kelly Donoghue, and John Jacob. (Photos courtesy of Debevoise & Plimpton LLP)

On June 24, 2024, the staff of the Division of Corporation Finance of the Securities and Exchange Commission (the “SEC”) released five new Compliance & Disclosure Interpretations (“C&DIs”) relating to the disclosure of material cybersecurity incidents under Item 1.05 of Form 8-K. A summary of the updates is below, followed by the full text of the new C&DIs.  While the fact patterns underlying the new C&DIs focus on ransomware, issuers should consider the guidance generally in analyzing disclosure obligations for cybersecurity events.

Continue reading

Cyber Experts React to Court Decision in the SEC’s SolarWinds Enforcement Action

Editor’s Note: PCCE has been watching the developments in the SEC’s enforcement action against SolarWinds and its CISO over allegedly misleading disclosures and controls failures related to the compromise of its Orion product by putative Russian hackers. In this post, cybersecurity experts and lawyers discuss the recent decision by U.S. District Judge Paul Engelmayer to dismiss most of the SEC’s claims in the case.

Photos of the authors

Top left to right: Randal Milch, Judy Titera, James Haldin, and Alan Wilson. Bottom left to right: Matthew Beville, Elizabeth Roper, and Jerome Tomas. (Photos courtesy of authors)

Continue reading

FinCEN Requires Reporting From Dissolved Companies

by Matthew Bisanz, Adam D. Kanter, Brad A. Resnikoff, and Marcella Barganz

Photos of the authors.

From left to right: Matthew Bisanz, Adam D. Kanter, Brad A. Resnikoff, and Marcella Barganz. (Photos courtesy of Mayer Brown LLP)

On July 8, 2024, the Financial Crimes Enforcement Network (“FinCEN”) issued interpretive guidance explaining that the beneficial ownership information (“BOI”) reporting requirement applies to certain legal entities that have been dissolved or otherwise ceased to exist after January 1, 2024. This new guidance dramatically expands the reporting requirement under the Corporate Transparency Act (“CTA”) and raises significant issues regarding compliance and liability for noncompliance.

The new guidance is effective immediately. Persons who own or manage entities that will dissolve in 2024, or have already dissolved this year—or which were not dissolved irrevocably—should review the guidance to determine their reporting obligations.

Continue reading