Federal Reserve Imposes $186 Million in Civil Money Penalties Against Deutsche Bank for Violations of OFAC and AML Orders and Danske Bank-Related Failures

Photo courtesy of the author

Within the past year, federal law enforcement and regulatory agencies have repeatedly signaled that recidivist violations of law by corporate entities are likely to result in substantial penalties. Those signals include recidivism-specific policy statements, such as the Justice Department’s revision of its Corporate Enforcement Policy[1] to reflect its “more holistic approach to corporate recidivism”[2] and the Office of the Comptroller of the Currency’s (OCC’s) recent revisions of its Policies and Procedures Manual to address banks’ failure to correct persistent weaknesses.[3]

But those signals also include specific enforcement actions that carried substantial financial penalties, such as the Justice Department’s $315 million criminal penalty against ABB[4] and $206.7 million criminal penalty against Ericsson[5], and the Consumer Financial Protection Bureau/OCC $250 million enforcement actions against Bank of America for illegal activity in its consumer business.[6]

Continue reading →

Revisiting The New Paradigm

by Martin Lipton, Steven A. Rosenblum, Karessa L. Cain, Elina Tetelbaum, and Carmen X. W. Lu

Left to right: Martin Lipton, Steven A. Rosenblum, Karessa L. Cain, Elina Tetelbaum, and Carmen X. W. Lu (photos courtesy of Wachtell, Lipton, Rosen & Katz)

In view of the attacks on “woke” corporations, ongoing legislative opposition to the consideration by investors and corporations of environmental, social and governance (ESG) issues, legal challenges to elements of ESG itself (notably, initiatives designed to further diversity, equity and inclusion), and the attendant political polarization, we undertook to revisit The New Paradigm: A Roadmap for an Implicit Corporate Governance Partnership Between Corporations and Investors to Achieve Sustainable Long-Term Investment and Growth that we prepared for the International Business Council of the World Economic Forum in September 2016.

Continue reading →

Oregon Consumer Privacy Act Signed Into Law

by Nancy Libin, Michael T. Borgia, John D. Seiver, David L. Rice, and Patrick J. Austin

Left to right: Nancy Libin, Michael T. Borgia, John D. Seiver, David L. Rice, and Patrick J. Austin (photos courtesy of Davis Wright Tremaine LLP)

Oregon becomes the 12th state with a comprehensive consumer data privacy law

The Oregon Consumer Privacy Act (OCPA) became law on July 18, 2023. Oregon is the twelfth state to enact a comprehensive consumer data privacy law, joining California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Florida, and Texas. The OCPA goes into effect July 1, 2024 (the same date as the recently enacted privacy laws in Texas and Florida). The effective date for non-profits—which, unlike under most other state privacy laws, are not exempt under the OCPA—is delayed until July 1, 2025.

Continue reading →

DOJ, BIS and OFAC Release Guidance on Voluntary Self-Disclosures

By Eric J. Kadel, Sharon Cohen Levin, Anthony J. Lewis, Shari D. Leventhal, and Edoardo Saravalle

Left to right: Eric J. Kadel, Sharon Cohen Levin, Anthony J. Lewis, Shari D. Leventhal, and Edoardo Saravalle (Photos courtesy of Sullivan & Cromwell LLP)

DOJ, BIS and OFAC Issue Joint Guidance on Policies Relating to Voluntary Self-Disclosures of Potential Violations of Sanctions, Export Controls and Other National Security Laws

Summary

On July 26, 2023, the Department of Justice, the Department of Commerce and the Department of the Treasury released a Tri-Seal Compliance Note describing voluntary self-disclosure and whistleblower policies applicable to U.S. sanctions, export controls and other national security laws. The release does not impose new obligations, but provides an overview that (i) clarifies the salient aspects of the agencies’ voluntary self-disclosure policies (particularly following recent updates to these policies), (ii) suggests the differences between each agency’s approach to voluntary self-disclosures (including with respect to the mitigation of civil or criminal liability) and (iii) underscores the agencies’ goal of shifting the private sector’s risk calculus toward greater voluntary self-disclosures.

Continue reading →

SEC Adopts New Cybersecurity Rules for Issuers

by Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Matthew E. Kaplan, Erez Liebermann, Benjamin R. Pedersen, Paul M. Rodel, Steven J. Slutzky, Matt Kelly, Kelly Donoghue, John Jacob, Amy Pereira, Mengyi Xu, and Chris Duff

Top left to right: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Matthew E. Kaplan, Erez Liebermann, Benjamin R. Pedersen, and Paul M. Rodel.
Bottom left to right: Steven J. Slutzky, Matt Kelly, Kelly Donoghue, John Jacob, Amy Pereira, Mengyi Xu, and Chris Duff.
(photos courtesy of authors)

On July 26, 2023, the SEC adopted the long-anticipated final rules on cybersecurity risk management, strategy, governance, and incident disclosure for issuers. The new rules are part of the SEC’s larger efforts focused on cybersecurity regulation with a growing universe of rules aimed at different types of SEC registrants, including: (i) its proposed cybersecurity rules for registered investment advisers and funds and market entities, including broker-dealers, (ii) its proposed amendments to Reg S-P and Reg SCI and (iii) existing cybersecurity obligations under SEC regulations, including Reg S-P, Reg S-ID, and the recently amended Form PF.

Continue reading →

DC Circuit Enjoins FINRA Disciplinary Proceeding, Questions Constitutionality of Hearing Officers

by Sara Raisner and Mark Lanpher

Sara Raisner and Mark Lanpher (Photos courtesy of Shearman & Sterling)

On July 5, the United States Court of Appeals for the D.C. Circuit granted an emergency injunction blocking the Financial Industry Regulatory Authority (“FINRA”) from halting the securities business of Alpine Securities Corporation (the “Company”) through an expedited hearing process pending the Company’s appeal challenging the constitutionality of FINRA’s enforcement proceedings. Alpine Securities Corporation, et al v. Financial Industry Regulatory Authority, Inc., 1:23-cv-01506-BAH (July 5, 2023). While noting that this was not a decision on the merits, the court found that the Company had shown a likelihood that it will succeed on the merits in its challenge to the structure of FINRA enforcement actions, having at this early stage “raised a serious argument that FINRA impermissibly exercises significant executive power.”

Continue reading →

SEC v. Ripple: A Tale of Two Token Transaction Types

Editor’s Note: The NYU Law Program on Corporate Compliance and Enforcement is following the recent decision in SEC v. Ripple Labs, Inc., in which the district court decided competing summary judgment motions for both the SEC and Ripple by holding that contractual sales of XRP, Ripple’s native token, to institutional investors were securities while the XRP token itself was not. In this post, attorneys at Latham & Watkins LLP take a deep dive into the court’s holdings and their implications for the crypto industry.

by Jack Barber, Jenny Cieplak, Benjamin Naftalis, John Sikora, Stephen P. Wink, Douglas K. Yatter, Luca Marquard, Adam Zuckerman, and Deric Behar

Top left to right: Jack Barber, Jenny Cieplak, Benjamin Naftalis, John Sikora, and Stephen P. Wink.
Bottom left to right: Douglas K. Yatter, Luca Marquard, Adam Zuckerman, and Deric Behar.
(Photos courtesy of Latham & Watkins LLP)

A bifurcated decision in a highly anticipated digital assets enforcement action may not provide the clarity that market participants want or need.

On July 13, 2023, Judge Analisa Torres of the US District Court for the Southern District of New York issued an order on motions for summary judgment in the civil enforcement action brought by the Securities and Exchange Commission (SEC) on December 22, 2020, against Ripple Labs Inc. (Ripple), its former CEO (Christian Larsen), and its former COO and current CEO (Brad Garlinghouse). The SEC’s claims include the unlawful offer and sale of securities in violation of Section 5 of the Securities Act of 1933 (the Securities Act), as well as aiding and abetting the allegedly unlawful offer and sale of securities by the individual defendants (see this Latham blog post for more information).

Continue reading →

Achieving Sensible AI Regulation

by Melissa MacGregor (SIFMA), Avi Gesser, Matt Kelly, Stephanie Thomas, and Ned Terrace

Top righ to left: Melissa MacGregor (SIFMA), Avi Gesser, and Matt Kelly.
Bottom right to left: Stephanie Thomas, Ned Terrace, and Esther Tetruashvily.
(Photos courtesy of the authors).

The proliferation of AI tools and rapid pace of AI adoption have led to calls for new regulation at all levels. President Biden recently said “[w]e need to manage the risks [of AI] to our society, to our economy, and our national security.” The Senate Judiciary Subcommittee on Privacy, Technology and the Law recently held a hearing on “Rules for Artificial Intelligence” to discuss the need for AI regulation, while Senate Majority Leader Schumer released a strategy to regulate AI.

Continue reading →

Crypto Experts React to the SEC v. Ripple Decision

Editor’s Note: The NYU Law Program on Corporate Compliance and Enforcement is following the recent decision in SEC v. Ripple Labs, Inc., in which the district court decided competing summary judgment motions for both the SEC and Ripple by holding that contractual sales of XRP, Ripple’s native token, to institutional investors were securities while the XRP token itself was not. In this post, former SEC attorneys and federal prosecutors and current securities regulatory and white collar attorneys react to the decision.

Top left to right: Joseph Hall, Robert Cohen, Fiona Moran, and Zachary Zweihorn, and David Miller.
Bottom left to right: Daniel Payne, Avi Weitzman, Nicolas Morgan, and Ijeoma Okoli.
(Photos courtesy of the authors)

Continue reading →

Certification Under the EU-U.S. Data Privacy Framework

by Dr. Martin Braun, Kirk J. Nahra, Tamar Y. Pinto, Shannon Togawa Mercer, Itsiq Benizri, and Valentino Halim

Top left to right: Dr. Martin Braun, Kirk J. Nahra, and Tamar Y. Pinto.
Bottom left to right: Shannon Togawa Mercer, Itsiq Benizri, and Valentino Halim.
(Photos courtesy of Wilmer Cutler Pickering Hale and Dorr LLP)

On July 10, 2023, the European Commission adopted an adequacy decision for the new EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the successor to the EU-U.S. Privacy Shield, which the Court of Justice of the European Union deemed invalid on July 16, 2020. The U.S. Department of Commerce (“DoC”) is charged with administering and monitoring the EU-U.S. DPF program.

On July 17, 2023, the DoC International Trade Administration launched its EU-U.S. DPF website. Companies are now able to review the key requirements for participating organizations, including how to join the program and how to recertify.

Continue reading →