U.S. White-Collar and Regulatory Enforcement: Some Thoughts for 2024

by Joshua A. Naftalis and Melissa Kelley

Left to right: Joshua A. Naftalis and Melissa Kelley (Photos courtesy of Pallas Partners LLP)

2023 was another busy year in the U.S. white-collar and regulatory enforcement areas. As we begin 2024, a few of the Government’s recent enforcement policies and priorities should be kept front of mind: (1) the Department of Justice’s (DOJ) focus on corporate criminal enforcement; (2) DOJ’s related prioritization of sanctions evasion and anti-foreign bribery enforcement; (3) the U.S. Securities and Exchange Commission’s (SEC) and the Commodity Futures Trading Commission’s (CFTC) diverging policies on “no-admit/no-deny” settlements; and (4) the cryptoasset space.

Continue reading →

How Not to Stand Out Like a Sore Thumb (Part 1): A Fresh Look at the “Willful” Intent Standard for Criminal Liability in Export Controls and Sanctions Corporate Enforcement

by Brent Carlson and Michael Huneke

From left to right: Brent Carlson and Michael Huneke (Photos courtesy of authors)

“The ‘willfulness’ standard for criminal prosecutions appears nearly insurmountable to reach.”

So concluded a “90-Day Review Report” issued January 2, 2024 by the Chairman of the Foreign Affairs Committee of the U.S. House of Representatives, following congressional hearings in May and December 2023.[1] The report further contended that “the statutory requirement to prove ‘willfulness’” for there to be a criminal violation of U.S. export controls (and sanctions) is a “high bar” that “often results in [the Department of Commerce’s Bureau of Industry & Security (“BIS”)] export enforcement personnel pursuing administrative enforcement actions with lower penalties,” compared to the alternative (unstated but implied by the report) of U.S. Department of Justice (“DOJ”) personnel pursuing criminal penalties.[2]

This conclusion is not accurate. BIS is not itself responsible for criminal enforcement, yet it has partnered closely with the DOJ’s National Security Division—including by co-leading the inter-agency Disruptive Technology Strike Force launched on February 16, 2023—to bring several high-profile convictions or resolutions. Nor is the requirement to prove willfulness “insurmountable” for U.S. federal prosecutors, whose cases achieve the standard regularly and can do so not only with direct evidence of intent but also indirect evidence, i.e., the relevant facts and circumstances. Such facts and circumstances often—especially in the eyes of jurors—make the willful nature of criminal evasion schemes stand out like a sore thumb. Continue reading →

January Surprise: Court Ruling on Post-Employment Restrictive Covenants in Delaware

by Jeremy Ben Merkelson, James K. Goldfarb, Travis J. Distaso, and Gerald Stein

From left to right: Jeremy Ben Merkelson, James K. Goldfarb, Gerald Stein, and Travis J. Distaso (photos courtesy of Davis Wright Tremaine LLP)

Equity and capital forfeiture for competition provisions given less scrutiny than other post-employment restrictive covenants

Companies subject to Delaware law were handed a welcome surprise in a recent Delaware Supreme Court decision bolstering the enforceability of certain post-employment restrictive covenants. The provisions at issue are so called “forfeiture for competition” provisions. They condition post-employment equity interests, distributions, return of capital, or other benefits upon a departing employee’s continuing compliance with certain post-employment restrictive covenants. Forfeiture for competition provisions frequently are at play in equity award agreements with executives and business partners. The recent decision provides for an alternative avenue for securing post-employment restrictive covenants when traditional non-competes may otherwise be unenforceable.

Continue reading →

SEC Continues to Elevate its Enforcement of Rule 21F-17(a)

by Benjamin Calitri

Benjamin Calitri (photo courtesy of Kohn, Kohn, and Colapinto LLP)

In January 2024, the SEC announced an $18 million settlement with J.P Morgan Securities for violations of Rule 21F-17(a), demonstrating its increased enforcement of the whistleblower rule, which prohibits any person from “tak[ing] any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement.” This follows a $10 million enforcement against D.E. Shaw, showing the SEC’s new stance of Rule 21F-17(a): sanctions that are actually large enough to deter illegal NDAs.

The SEC Enforcement Order found that J.P. Morgan Securities (JPMS) typically requested certain clients sign a Release if they received a credit or settlement of over $1,000, regardless of whether JPMS admitted or denied any error or wrongdoing in connection with the credit or settlement.

Continue reading →

New Wave of Website Privacy Lawsuits Under the Pen Register and Trap and Trace Device Theory

by Aidan Gross and Halyna Hnatkiv

From left to right: Aidan Gross and Halyna Hnatkiv (photos courtesy of Hunton Andrews Kurth LLP)

In the latest evolution of lawsuits challenging technologies that track website users, California class action plaintiffs have begun to file under a new theory—the pen register and trap and trace device theory under Section 638.51 of the California Invasion of Privacy Act (“CIPA”).

Over the last two years, courts have seen an influx of putative class action lawsuits targeting businesses with websites that utilize technology to track users’ website interactions. Most of the lawsuits have been filed in California under CIPA. These previous lawsuits alleged a violation of section 631 of CIPA, which protects against (1) intentional wiretapping of any telegraph or telephone wire, line or cable; (2) willfully and without the consent of all parties attempting to learn the contents of a communication in transit; and (3) attempting to use or communicate information obtained as a result of engaging in either activity. The statutory penalty is $5,000 per violation.

The cases have often failed at the motion to dismiss stage. Courts have dismissed some suits for lack of standing given the absence of a concrete injury. A number of courts have found that the information collected must in itself have a reasonable expectation of privacy. Plaintiffs are now trying their luck under the pen register and trap and trace theory. Continue reading →

White-Collar and Regulatory Enforcement: What Mattered in 2023 and What to Expect in 2024

by John F. Savarese, Ralph M. Levene, Wayne M. Carlin, David B. Anders, Sarah K. Eddy, Randall W. Jackson, and Kevin S. Schwartz

Top left to right: John F. Savarese, Ralph M. Levene, Wayne M. Carlin, and David B. Anders.
Bottom left to right: Sarah K. Eddy, Randall W. Jackson, and Kevin S. Schwartz. (Photos courtesy of Wachtell, Lipton, Rosen & Katz)

This past year was yet another notable and intensely active one across the entire range of white-collar criminal and regulatory enforcement areas. We heard continued tough talk from law enforcement authorities, especially concerning the government’s desire to bring more enforcement actions against individuals and on the need to keep ramping up corporate fines and penalties. The government largely lived up to its talking points about increasing the numbers of individual prosecutions and proceedings, particularly with respect to senior executives in the cryptoasset industry. But there were some notable stumbles. The most striking example of this was DOJ’s failure to secure convictions in cases where it attempted to extend criminal antitrust enforcement in unprecedented areas, such as no-poach employment agreements and against certain vertical arrangements—neither of which has historically been viewed as involving per se violations of the federal antitrust laws. And, as in years past, many state attorneys general remained active throughout 2023, using broad state consumer-protection statutes to bring blockbuster cases across a wide array of industries, from ridesharing and vaping to opioids and consumer technology offerings.

Continue reading →

Export Controls Experts Comment on Enhancements to Voluntary Self-Disclosure Policies for Export Control Violations

Panelists John D. Sonderman, Director, Office of Export Enforcement, BIS; Jana del-Cerro, Partner, Crowell & Moring LLP; Michael H. Huneke, Partner, Hughes Hubbard & Reed LLP; Sharon Cohen Levin, Partner, Sullivan & Cromwell LLP; and Joseph Facciponti, Executive Director, PCCE (Moderator) (©Hollenshead: Courtesy of NYU Photo Bureau)

On January 16, 2024, the NYU Law Program on Corporate Compliance and Enforcement hosted Matthew Axelrod, Assistant Secretary for Export Enforcement at the Bureau of Industry and Security (BIS), U.S. Department of Commerce, to deliver remarks on enhancements to BIS’s corporate enforcement policy for voluntary self-disclosures of export control violations. Assistant Secretary Axelrod’s speech was accompanied by the release of an enforcement policy memo, available here. After Secretary Axelrod’s remarks, he participated in a fireside chat and took questions from the audience. The event also featured a panel of experts on export control enforcement policy. A full agenda of the event is available here. In this post, participants from the panel share further thoughts on the issues.

Continue reading →

How to Avoid Risk of SEC Whistleblower Rule Violations in Connection with Settlement Agreement Confidentiality Provisions

by Tami Stark and Joel M. Cohen

Tami Stark and Joel M. Cohen (Photos courtesy of White & Case LLP)

The SEC levied charges against a registered broker-dealer and investment adviser that expand the enforcement of the whistleblower protection rule to encompass settlement agreements with clients.[1] This article should be instructive for other registered entities seeking to avoid rule violations when drafting such agreements.

As of the end of the 2023 fiscal year, the SEC has brought twenty-one enforcement actions involving violations of Rule 21F-17 since the Dodd-Frank Act empowered the SEC with the ability to bring actions against persons, including companies, for impeding reports to the SEC.[2] Last year, these actions arose primarily from employment-related agreements that violated the Rule.[3] For example, in September of 2023, the SEC levied a $10 million civil penalty against an investment adviser for using employee agreements that prohibited the disclosure of “confidential information” unless authorized by the company or required by law or an order of a court or other regulatory or governmental body.[4]

Continue reading →

The NYDFS Plans to Impose Significant Obligations on Insurers Using AI or External Data

by Eric Dinallo, Avi Gesser, Erez Liebermann, Marshal Bozzo, Matt Kelly, Johanna Skrzypczyk, Corey Goldstein, Samuel J. Allaman, Michelle Huang, and Sharon Shaji

Top (from left to right): Eric Dinallo, Avi Gesser, Erez Liebermann, Marshal Bozzo, and Matt Kelly
Bottom (from left to right): Johanna Skrzypczyk, Corey Goldstein, Samuel J. Allaman, Michelle Huang, and Sharon Shaji (Photos courtesy of Debevoise & Plimpton LLP)

On January 17, 2024, the New York State Department of Financial Services (the “NYDFS”) issued a Proposed Insurance Circular Letter regarding the Use of Artificial Intelligence Systems and External Consumer Data and Information Sources in Insurance Underwriting and Pricing (the “Proposed Circular” or “PCL”). The Proposed Circular is the latest regulatory development in artificial intelligence (“AI”) for insurers, following the final adoption of Colorado’s AI Governance and Risk Management Framework Regulation (“CO Governance Regulation”) and the proposed Colorado AI Quantitative Testing Regulation (the “CO Proposed Testing Regulation”), discussed here, and the National Association of Insurance Commissioners’ (“NAIC”) model bulletin on the “Use of Artificial Intelligence Systems by Insurers” (the “NAIC Model Bulletin”), discussed here. In the same way that NYDFS’s Part 500 Cybersecurity Regulation influenced standards for cybersecurity beyond New York State and beyond the financial sector, it is possible that the Proposed Circular will have a significant impact on the AI regulatory landscape.

The PCL builds on the NYDFS’s 2019 Insurance Circular Letter No. 1 (the “2019 Letter”) and includes some clarifying points on the 2019 Letter’s disclosure and transparency obligations. The 2019 Letter was limited to the use of external consumer data and information sources (“ECDIS”) for underwriting life insurance and focused on risks of unlawful discrimination that could result from the use of ECDIS and the need for consumer transparency. The Proposed Circular incorporates the general obligations from the 2019 Letter, adding more detailed requirements, expands the scope beyond life insurance, and adds significant governance and documentation requirements.

Continue reading →

How “Location, Location, Location” Can Lead to “Enforcement, Enforcement, Enforcement”

By Lesley Fair

Lesley Fair (photo courtesy of the author)

Do consumers attend a Christian church? Are they the parents of preschoolers? Would the description “wealthy and not healthy” apply to them? By tracking people’s mobile devices, Texas-based InMarket Media has collected their precise geolocation and cross-referenced their location histories with other personal data to categorize them into roughly 2,000 different audience segments that the company then marketed for the purpose of targeted advertising. According to a proposed FTC complaint, InMarket Media did that without fully informing consumers and without getting their consent to use their location – including information linking them to particularly sensitive places – for commercial purposes.

Continue reading →