Companies Face Increased Criminal Enforcement Risk From Aging Infrastructure-Related Disasters

by Alexander C.K. Wyman, Aron Potash, and Mik a el a Wynne Gilbert-Lurie

From left to right: Alexander C.K. Wyman, Aron Potash, and Mikaela Wynne Gilbert-Lurie. (Photos courtesy of Latham & Watkins LLP)

Utilities and energy companies can implement strategies to mitigate risks from more frequent environmental disasters and infrastructure failures.

In the early morning of June 11, 2023, a tanker truck carrying gasoline up I-95 in Philadelphia crashed and caught fire, and the overpass above buckled and collapsed. The section of the highway is critical to the roughly 160,000 vehicles that cross it daily. The immediate cause of the collapse is believed to be either the heat from the flames or the impact of the explosion weakening the steel beams supporting the overpass. Some, however, identified a more fundamental problem: “the fragility of the state’s aging infrastructure.”[1]

While the I-95 collapse presents a recent example of the significant risks associated with the US’s aging infrastructure, it is by no means unique. Many of the roads, bridges, dams, and electrical grids that keep the country running are decades old and often in need of repair. Infrastructure failures combined with environmental disasters can be catastrophic, and the consequences dire, for the public, the environment, and the utility or corporate entity potentially responsible for operating the failed infrastructure component. Moreover, a vicious cycle is often at work with respect to the environment and infrastructure failures in which, for example, extreme weather causes an infrastructure breakdown that in turn may result in environmental damage.

Continue reading →

Seven Steps to Mitigate Hazing Risks

by Helen V. Cantwell, Mary Beth Hogan, Arian June, Daniel Alford, Omid Golmohammadi, and Michael Compton McGregor

Top left to right: Helen V. Cantwell, Mary Beth Hogan, and Arian June. Bottom right to left: Daniel Alford, Omid Golmohammadi, and Michael Compton McGregor. (Photos courtesy of Debevoise & Plimpton LLP)

Hazing and abuse in athletics at academic institutions have reached a boiling point recently, with high-profile allegations levied at top universities. These incidents are not only painful for those students personally affected, but they can also result in intense media coverage, reputational harm, and legal actions.

As recent events have shown, it is imperative for academic institutions to have a plan for both preventing and addressing hazing. The best approach is to be proactive, as no institution is above scrutiny and most, if not all, institutions have room for improvement. In order to help mitigate potential legal, financial and reputational risks, administrators and board trustees at these institutions should consider taking the following steps:

Continue reading →

SEC Files Two More Actions Alleging Employee Severance Agreements Violated Whistleblower Protections

by Sidney Bashago, Angela T. Burgess, Adam Kaminsky, Emily Roberts, Veronica M. Wissel, Martine M. Beamon, Jennifer S. Conway, Kyoko Takahashi Lin, and Travis S. Triano

From top left to right: Sidney Bashago, Angela T. Burgess, Adam Kaminsky, Emily Roberts, and Veronica M. Wissel From bottom left to right: Martine M. Beamon, Jennifer S. Conway, Kyoko Takahashi Lin, and Travis S. Triano. (Photos courtesy of Davis Polk & Wardwell LLP)

The SEC has announced settlement of enforcement actions against two companies stemming from each company’s use of separation agreements that allegedly violated Dodd-Frank whistleblower protection rules. The settled enforcement actions demonstrate that whistleblower protection remains a priority for the SEC’s Enforcement Division.

Continue reading →

Reading the Fine Print: The NYDFS Assessment of Comments on its Proposed Cybersecurity Amendments

by Matthew L. Levine

Matthew L. Levine (Photo courtesy of the author)

The New York State Department of Financial Services (“DFS”) has issued its long-awaited proposed revision to “Part 500,” the agency’s groundbreaking Cybersecurity Regulation.[1] This revision may be the basis for the final rule that will go into effect in stages after the Notice of Adoption is published in the State Register.

A catalog of analysis by law and consulting firms has already popped up online concerning the specific changes proposed, and not proposed, in this latest revision. There is no question that, when implemented, the regulation’s final changes are likely to have a material impact on financial institutions regulated by DFS.

Yet another document that accompanied the proposed revision should not be overlooked: the DFS “Assessment of Public Comments” (the “Assessment”). The rough equivalent of the “fine print” accompanying the proposal, the Assessment responds to an extensive body of commentary received by DFS from financial institutions, trade groups, law firms and others after DFS issued a previous iteration of the proposed amendments in November 2022.[2]

Continue reading →

Collecting, Using, or Sharing Consumer Health Information? Look to HIPAA, the FTC Act, and the Health Breach Notification Rule

by the Federal Trade Commission

Federal Trade Commission

Does your business collect, use, or share consumer health information? When it comes to privacy and security, you’ve probably thought about the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the HIPAA Privacy, Security, and Breach Notification Rules (HIPAA Rules). But did you know you also may need to comply with the Federal Trade Commission Act and the FTC’s Health Breach Notification Rule? Learn more about your obligations under these laws to maintain the privacy and security of consumers’ health information and provide notification if you experience a breach. Continue reading →

Integrated Intelligence: Acquiring, Interpreting and Disseminating Knowledge to Support Enterprise Risk Management and Corporate Governance

by Lawrence Cunningham and Arvin Maskin

From left to right: Lawrence Cunningham and Arvin Maskin. Photos courtesy of the authors.

Enterprise risk management (“ERM”) and corporate governance are two sides of the same coin, being united by the importance of relevant decision-makers acquiring, interpreting and disseminating intelligence about risk and oversight. The goal of ERM is to help corporate managers visualize, interpret, contextualize and prioritize various forms of risk input in a timely and objective manner, and to convert it to insightful and actionable intelligence to enhance the quality, reliability and transparency of corporate decision-making and board oversight (“corporate governance”). This modern-day “distant early warning” system attempts to preempt crisis-level events and mitigate the impact of unexpected or unavoidable occurrences of consequence, while seizing on opportunities to be innovative, competitive, and resilient.

Continue reading →

FTC Alleges “Serial Acquirer” Theory in Challenge to Consummated PE Deals

by Andrew J. Nussbaum, Jonathan M. Moses, Nelson O. Fitts, Adam L. Goodman, and Itai Y. Thaler

From left to right: Andrew J. Nussbaum, Jonathan M. Moses, Nelson O. Fitts, Adam L. Goodman, and Itai Y. Thaler. (Photos courtesy of Wachtell, Lipton, Rosen & Katz)

Last week, the Federal Trade Commission sued U.S. Anesthesia Partners, Inc. (“USAP”) and its private equity investor, Welsh, Carson, Anderson & Stowe, as well as a number of Welsh Carson entities, in federal district court, alleging that USAP and Welsh Carson conspired to monopolize and reduce competition for anesthesia services in Texas. The FTC’s complaint alleges that, beginning in 2012, Welsh Carson, through its investment in USAP — which varied between 23% and 50.2% over the relevant period — directed a “roll-up scheme” to acquire and consolidate over a dozen Texas anesthesia practices; caused price increases across the state; and coordinated prices and allocated markets with some of the remaining independent anesthesia providers. The complaint claims violations of the Sherman Act, the Clayton Act, and the FTC Act, and seeks unspecified “structural relief” that could include restitution and divestitures.

Continue reading →

CFTC Director of Enforcement Ian McGinley to Announce Updates to the CFTC’s Corporate and Individual Enforcement Policies at PCCE Event on October 17, 2023

CFTC Seal

CFTC Director of Enforcement Ian McGinley to Announce Updates to the CFTC’s Corporate and Individual Enforcement Policies, Followed by Panel Discussion of Past Senior CFTC Enforcement Officials

On October 17th, 2023, the Program on Corporate Compliance and Enforcement will host an announcement followed by a fireside chat with the CFTC Director of Enforcement, Ian McGinley, at NYU School of Law. Director McGinley will be taking questions from the audience. Pre-registration is required to attend.

Please register by clicking here

Continue reading →

Artificial Intelligence: The New Boardroom Challenge

by William Savitt, Mark F. Veblen, Noah B. Yavitz and Courtney D. Hauck

Left to right: William Savitt, Mark F. Veblen, Noah B. Yavitz and Courtney D. Hauck (Photos courtesy of Wachtell, Lipton, Rosen & Katz)

Executives of major U.S. technology companies and labor leaders gathered at the Capitol recently to discuss the regulation of artificial intelligence with ranking members of Congress. On the agenda? Nearly everything — the impact of AI on the future of industrial organization; on the future of work and labor relations; on the future of capitalism and the U.S. economy; and, according to some, on the future of human civilization itself. The gathering was notable, but no longer unusual, as every week brings news of significant developments in AI capabilities and the legal rules that will govern them.

Continue reading →

Know Your Customer, But Also Yourself: A Fresh Look at Sanctions & Export Controls Risk Assessments in the Era of the “New FCPA”

by Brent Carlson and Michael Huneke

From left to right: Brent Carlson, Michael Huneke (Photos courtesy of the authors)

We have written recently about liability pitfalls caused by misperceived “loopholes” in sanctions and export controls regimes.[1] We have also written about the meaning and practical implications of the U.S. government’s emphasis on sanctions enforcement as the “new FCPA,” discussing how to identify and respond to circumstances posing a high probability of sanctions or export controls evasion.[2]

Having identified these new priority issues, what is the first step towards a solution? Risk assessments are the starting point.[3] Assess your own risk, but do so in an updated—and more effective—manner that reflects the evolving economic sanctions and export controls enforcement environment. Here are some suggestions to help with the assessment.

Continue reading →