DOJ Continues to Modernize its Criminal Antitrust Enforcement Strategy

by Richard A. Powers

(Photo courtesy of the author)

Over the past few years, the Justice Department has been hard at work on a comprehensive update to the way it detects, investigates, and prosecutes price-fixing cartels. Several recent announcements, including at last week’s ABA White Collar Conference, preview the DOJ Antitrust Division’s next steps in this generational shift—the goals of which are to refine disclosure incentives, promote individual accountability, and obtain trial convictions.

First, on March 7, 2024, Deputy Attorney General Lisa Monaco announced the DOJ is kicking off a 90-day whistleblower “policy sprint”; the finish line is a new program to complement existing regulators’ programs, rewarding qualifying whistleblowers for bringing non-public, previously unknown misconduct to the DOJ’s attention. The Antitrust Division has long sought to encourage individual self-reporting as a complement to its corporate VSD policy, so expect that this initiative will aim to improve that incentive structure. Next, the DOJ updated the Justice Manual to incorporate the M&A safe harbor policy that it announced last fall. Notably for antitrust practitioners, the JM updates included changes to the Antitrust Division’s leniency policy that provide much-needed clarification on how companies that detect potential collusion at an M&A target can avoid inheriting those liabilities by promptly reporting to DOJ. Third, senior Antitrust Division officials continue to emphasize that they are focused on developing investigations through affirmative investigative techniques, such as wiretaps and whistleblowers.

Continue reading

Paying Criminal Whistleblowers: DOJ Announces A Program to Pay For Tips, and the SFO Is Considering Doing So Too

by Joshua A. Naftalis, Matt Getz, and Tracey Dovaston

From left to right: Joshua A. Naftalis, Matt Getz, and Tracey Dovaston. (Photos courtesy of Pallas Partners LLP).

In the past two weeks, the U.S. Department of Justice (DOJ) and the U.K. Serious Fraud Office (SFO) each made announcements about paying financial bounties to whistleblowers.  On March 7, 2024, U.S. Deputy Attorney General Lisa Monaco announced a new DOJ whistleblower program that will compensate individual whistleblowers for reporting corporate or financial misconduct previously unknown to DOJ.  This announcement followed a February 13, 2024 speech by SFO Director Nick Ephgrave, who said that he supported the idea of paying whistleblowers.    

Continue reading

State Governments Move to Regulate AI in 2024

by Louis W. Tompros, Arianna Evers, Eric P. Lesser, Allie Talus, and Lauren V. Valledor

Photos of authors

(Left to right) Louis W. Tompros, Arianna Evers, Eric P. Lesser, Allie Talus, and Lauren V. Valledor (Photos courtesy of Wilmer Cutler Pickering Hale and Dorr LLP)

Recently, New York Governor Kathy Hochul proposed sweeping artificial intelligence (AI) regulatory measures intended to protect against untrustworthy and fraudulent uses of AI. Presented as part of her FY 2025 Executive Budget, the bill would amend existing penal, civil rights and election laws—establishing a private right of action for voters and candidates impacted by deceptive AI-generated election materials and criminalizing certain AI uses, among other measures. Governor Hochul’s proposals are part of a wider trend of governors and state lawmakers taking more expansive measures to regulate AI that deserve attention from businesses developing and using AI.

Continue reading

FCC Ruling on AI-Facilitated Fraud Illustrates the Need for Forward-Looking Enterprise Risk Management

by William Savitt, Mark F. Veblen, Noah B. Yavitz, and Courtney D. Hauck

From left to right: William Savitt, Mark F. Veblen, Noah B. Yavitz, and Courtney D. Hauck (Photos courtesy of Wachtell, Lipton, Rosen & Katz)

In response to a recent boom in AI-powered robocall scams, the U.S. Federal Communications Commission announced yesterday a Declaratory Ruling confirming that the Telephone Consumer Protection Act, which regulates telemarketing and robocalls, also applies to calls using AI-generated voices. Other federal agencies and state legislatures have similarly moved to police the use and abuse of audio “deepfakes” — in which widely available tools can be used to generate realistic voice simulations from brief recordings. As technology continues to outpace regulation, boards must embrace a proactive approach to risk management, accounting for AI’s capacity to compromise long-standing practices in cybersecurity and internal controls.

Continue reading

30 Days to Form ADV: Have You Reviewed Your AI Disclosures?

by Charu ChandrasekharAvi GesserKristin SnyderJulie M. RieweMarc PonchioneMatt KellySheena PaulMengyi Xu, and Ned Terrace

Photos authors

Top left to right: Charu Chandrasekhar, Avi Gesser, Kristin Snyder, Julie M. Riewe, and Marc Ponchione.
Bottom left to right: Matt Kelly, Sheena Paul, Mengyi Xu, and Ned Terrace. (Photos courtesy of Debevoise & Plimpton LLP)

Registered investment advisers (“RIAs”) have swiftly embraced AI for investment strategy, market research, portfolio management, trading, risk management, and operations. In response to the exploding use of AI across the securities markets, Chair Gensler of the Securities and Exchange Commission (“SEC”) has declared that he plans to prioritize securities fraud in connection with AI disclosures and warned market participants against “AI washing.” Chair Gensler’s statements reflect the SEC’s sharpening scrutiny of AI usage by registrants. The SEC’s Division of Examinations included AI as one of its 2024 examination priorities, and also launched a widespread AI sweep of RIAs focused on AI in connection with advertising, disclosures, investment decisions, and marketing. The SEC previously charged an RIA in connection with misleading Form ADV Part 2A disclosures regarding the risks associated with its use of an AI-based trading tool.

Continue reading

President Biden Issues Executive Order Granting Authorities to Regulate the Transfer of Sensitive U.S. Data to Countries of National Security Concern

by Eric J. Kadel Jr., Sharon Cohen Levin, Nicole Friedlander, Anthony J. Lewis, Andrew J. DeFilippis, Joshua Spiegel, and George L. McMillan

photos of authors

Top left to right: Eric J. Kadel Jr., Sharon Cohen Levin, Nicole Friedlander, Anthony J. Lewis.
Bottom left to right: Andrew J. DeFilippis, Joshua Spiegel and George L. McMillan. (Photos courtesy of Sullivan & Cromwell LLP).

SUMMARY

On February 28, 2024, President Biden issued Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (the “Executive Order”), delegating new authorities to the U.S. Department of Justice (“DOJ”) and other agencies to regulate the transfer of sensitive U.S. data to countries of national security concern. The Executive Order focuses primarily on personal and other sensitive information, such as U.S. persons’ financial information, biometric data, personal health data, geolocation data, and information relating to government personnel and facilities.[1]

Continue reading

Commerce Department Proposes Cybersecurity/AI Reporting and “KYC” Requirements for Certain Cloud Providers

by Robert Stankey, K.C. Halm, Michael T. Borgia, Andrew M. Lewis, and Assaf Ariely

Photos of authors

Left to right: Robert Stankey, K.C. Halm, Michael T. Borgia, Andrew M. Lewis, and Assaf Ariely (photos courtesy of Davis Wright Tremaine LLP)

IaaS providers would need to verify foreign users’ identities (aka “know your customer”) and report certain AI model training activities under the proposed rules

The U.S. Department of Commerce’s (“Commerce”) Bureau of Industry and Security (“BIS”) has issued a proposed rule (the “Proposed Rule”) that would impose significant diligence, reporting, and recordkeeping requirements on U.S. providers of Infrastructure as a Service (IaaS) and their foreign resellers. IaaS is generally considered to be a cloud computing model that provides users with remote access to servers, storage, networking, and virtualization.

The Proposed Rule would require U.S. IaaS providers to:

  • Implement and maintain a “Customer Identification Program” (CIP), which must include detailed know-your-customer (KYC) procedures for identifying and reporting foreign customers to Commerce; and
  • Report transactions involving foreign persons that “could result in the training of a large AI model with potential capabilities that could be used in malicious cyber-enabled activity.”

Continue reading

U.S. Cybersecurity and Data Privacy Outlook and Review – 2024

by Alexander H. Southwell and Snezhana Stadnik Tapia

Photos of authors

From left to right: Alexander H. Southwell and Snezhana Stadnik Tapia (photos courtesy of Gibson, Dunn & Crutcher LLP)

As with previous years, the privacy and cybersecurity landscape continued to evolve substantially over the course of 2023. We recently provided a review of some of the most significant developments on this topic in the U.S. in the eleventh edition of Gibson Dunn’s U.S. Cybersecurity and Data Privacy Outlook and Review.

Below we summarize the past year’s developments and future prospects, including the wave of new privacy and cyber legal and regulatory advances at the federal and state levels. This past year, states continued to take the lead on enacting privacy legislation and branches of the federal government focused on data security, sensitive data, and artificial intelligence (“AI”). The surge of civil litigation with respect to web-tracking technologies also endured. In 2024, we expect an amplified focus on privacy and cybersecurity issues, as well as with respect to emerging technologies such as AI, to continue.

Continue reading

An Update on the SEC’s Cybersecurity Reporting Rules

by Scott H. Kimpel

Scott H. Kimpel (Photo courtesy of Hunton Andrews Kurth LLP).

As we pass the two-month anniversary of the effectiveness of the U.S. Securities and Exchange Commission’s (“SEC’s”) Form 8-K cybersecurity reporting rules under new Item 1.05, this blog post provides a high-level summary of the filings made to date.

Continue reading

The Future of ESG: Thoughts for Boards and Management in 2024

by Martin Lipton, Steven A. RosenblumAdam. O. EmmerichKaressa L. CainKevin S. Schwartz, and Carmen X. W. Lu

Top left to right: Martin Lipton, Steven A. Rosenblum, and Adam. O. Emmerich.
Bottom left to right: Karessa L. Cain, Kevin S. Schwartz, and Carmen X. W. Lu. (Photos courtesy of Wachtell, Lipton, Rosen & Katz).

The term “ESG” has steadily faded from the investor and corporate lexicon over the past year in the wake of cultural and political clashes over its meaning and purpose. “Anti-ESG” legislation adopted by several states has created legal and financial hurdles around the term. Institutional investors have gone quiet on ESG amid public criticism and congressional subpoenas. BlackRock has publicly disavowed the term for having become too politicized. The use of “ESG” in earnings calls has dropped precipitously. 

Continue reading