Moving on from Three Bank Failures: Addressing Concentration Risk, Contagion, and Moral Hazard

Editor’s Note: The NYU Program on Corporate Compliance and Enforcement (PCCE) has been following the recent collapse of three banks in the U.S. and will be publishing articles exploring the reasons for the banks’ failures and the broader regulatory, policy, and legal implications arising therefrom.

by Maria T. Vullo

Maria T. Vullo (Photo courtesy of the author)

Over the past ten days, three midsize U.S. banks have failed: Silvergate Capital (Silvergate), a $12 billion bank, announced its voluntary liquidation on March 8, 2023[1]; Silicon Valley Bank (SVB), a $210 billion bank, was closed by its California state regulator with the Federal Deposit Insurance Corporation (FDIC) appointed receiver on March 10, 2023[2]; and Signature Bank (Signature), a $110 billion bank, was closed by its New York state regulator with the FDIC appointed receiver on March 12, 2023. While Silvergate voluntarily closed its doors with a promise to return all depositor funds, for both SVB and Signature, the FDIC triggered the “systemic risk” exception to the “least costly” requirement of receivership, in order to provide full insurance protection to all depositors.[3] As receiver, the FDIC has removed senior management, appointed new chief executive officers, and bank operations are continuing while the FDIC considers possible acquisitions and other remedies.[4]

Media reports are littered with opinions as to the potential causes of these bank failures, and some of the reporting includes finger pointing at the crypto industry. While additional facts undoubtedly will be disclosed in the weeks and months ahead, based on current information, it would be overly simplistic to blame the failures of SVB and Signature on any one cause, given that various market, regulatory and human factors appear to have contributed to their demise.

Continue reading →

FTC Continues Enforcement Focus on the Use and Disclosure of Health Information for Advertising

by Kirk J. Nahra, Ali A. Jessani, Arianna Evers, and Samuel Kane

From left to right: Kirk J. Nahra, Ali A. Jessani, Arianna Evers, and Samuel Kane. (Photos courtesy of Wilmer Cutler Pickering Hale & Dorr LLP.)

On Thursday, March 2, the FTC announced an enforcement action against BetterHelp, Inc., an online mental health counseling service, relating to claims that the company’s collection and use of consumer health data were unfair and deceptive acts and practices under Section 5 of the FTC Act. As part of the settlement, BetterHelp will be required to pay $7.8 million, which the FTC will use to provide partial refunds for consumers who enrolled in and paid for BetterHelp services between August 2017 and December 2020. The BetterHelp enforcement decision comes just over a month after the FTC reached a historic settlement order with another company in the healthcare space, GoodRx, for similar alleged violations.

Continue reading →

White Collar Defense Attorneys React to DOJ and SEC Enforcement Actions for Misuse of 10b5-1 Plans

Editor’s Note: Recently, both the DOJ and the SEC brought, for the first time ever, criminal and civil insider trading charges against a corporate executive for his alleged fraudulent misuse of a 10b5-1 trading plan, which typically allows corporate insiders to pre-schedule sales of company shares to avoid accusations of insider trading. In this post, several former federal prosecutors and white collar defense attorneys provide their reactions to this case and its implications for future insider trading cases.

Top row from left to right: Brian Jacobs, Gina Parlovecchio, Rachel Maimin, and Kathleen McGee.
Bottom row from left to right: Robert Johnston, Marc Rein, and Katherine Goldstein. (photos courtesy of authors’ respective firms)

Continue reading →

“Not a Flash in the Pan” – Government Enforcers Say Sanctions and Export Control Enforcement Against Corporations Is Here to Stay

Editor’s Note: the NYU Program on Corporate Compliance and Enforcement is publishing reactions to the American Bar Association’s annual White Collar Crime National Institute in Miami on March 2 and 3, 2023.

From left to right: Michael Kim Krouse, Amy Jeffress, Jayce Born, and Baruch Weiss (photos courtesy of Arnold & Porter LLP)

by Michael Kim Krouse, Amy Jeffress, Jayce Born, and Baruch Weiss

Hot on the heels of DAG Monaco’s speech this morning, this afternoon featured a timely panel on the government’s enforcement agenda for sanctions and export controls. The speakers included Matthew Axelrod, Assistant Secretary for Export Enforcement, Bureau of Industry and Security, US Department of Commerce; Matthew Olsen, Assistant Attorney General, National Security Division, US Department of Justice; Andrea Gacki, Director, Office of Foreign Assets Control, US Department of Treasury; and Steve Francis, Acting Executive Associate Director for Homeland Security Investigations, US Department of Homeland Security.

Continue reading →

Federal Court Holds Financial Institution Liable for Business Email Compromise Loss

by Michael Borgia, Dsu-Wei Yuen, Andrew Lorentz, and Michael Buckalew

From left to right: Michael Borgia, Dsu-Wei Yuen, and Andy Lorentz (Photos courtesy of Davis Wright Tremaine LLP)

While ransomware attacks usually grab the headlines, business email compromise (BEC) attacks continue to cause massive financial losses for businesses. The FBI’s Internet Crime Complaint Center (IC3), reported BEC losses in the United States of nearly $2.4 billion in 2021.[1] And the problem grew worse during the COVID-19 pandemic: losses from BECs increased 65 percent globally from July 2019 to December 2021.[2]

BECs typically involve a variety of social engineering techniques (for example, domain spoofing) to obtain credentials for a corporate email account. Once inside the email account, attackers typically search for discussions of upcoming vendor payments or other financial transactions and trick victims into transferring funds to an attacker-controlled bank account, instead of the account of the legitimate recipient. A very common type of BEC involves an attacker posing as a company’s vendor and emailing “updated” bank account details for electronic payment of the vendor’s invoices. While these misdirected funds sometimes can be recovered through quick reporting to the involved financial institutions and law enforcement, recovery efforts often are difficult. Attackers promptly disperse the funds by transferring them to multiple foreign bank accounts or converting them to cryptocurrency and transferring them to multiple wallets.

Continue reading →

Explaining MiCA: Part of the EU’s Approach to Crypto and Digital Asset Regulation

by Katja Langenbucher

Professor Katja Langenbucher

FTX, Kraken, TerraLuna, and similar cases have recently prompted the SEC to move ahead with a long list of enforcement actions. While some applaud the securities regulator‘s push ahead, others criticize its lack of explicit rule-making. Yet some would prefer a banking regulator to step in and authorize a national trust bank charter for issuers of stablecoins. Against this background, the upcoming EU Markets in Crypto Assets Regulation (MiCA) provides an illustration of a tailor-made regime combining elements of securities and banking regulation.

MiCA is part of the larger EU digital finance package which includes rules on operational resilience (DORA), a DLT pilot regime for security tokens, and amendments to several financial services Directives. Arguably, the “libra/diem-scare” to monetary autonomy was a main driver pushing the EU Commission to consider new legislation. Additionally, the differing speed of legislators across EU Member States brought about the risk of unhelpful regulatory competition, suggesting a level playing field strategy instead.

Continue reading →

U.S. Cybersecurity and Data Privacy Outlook and Review – 2023

by Alexander H. Southwell and Snezhana Stadnik Tapia

Left to right: Alexander H. Southwell and Snezhana Stadnik Tapia. (Photos courtesy of Gibson Dunn & Crutcher LLP)

As with recent years, privacy and cybersecurity law and policy continued to evolve substantially over the course of 2022 in an effort to keep up with technological developments and shifting consumer expectations and policy priorities. Recently, in the tenth edition of Gibson Dunn’s U.S. Cybersecurity and Data Privacy Outlook and Review, we provided a review of some of the most significant developments on this topic in the U.S.

Below we summarize the past year’s developments and future prospects, including the wave of new privacy and cyber laws and regulations at the federal and state levels due in large part to increased attention on protective privacy and cyber hygiene. This past year also saw a substantial uptick in scrutiny and enforcement by federal and state regulators, as well as civil litigation, and we expect this amplified focus on privacy and cybersecurity issues to continue. Although the full impact of these developments is yet to be realized, one thing is clear: in 2023, the flurry of regulatory, enforcement, and litigation activity will likely continue and require close monitoring.

Continue reading →

Global Anti-Bribery Year-in-Review: 2022 Developments and Predictions for 2023

by Jay Holtmeier, Kimberly A. Parker, Erin G.H. Sloane, Christopher Cestaro, Meghan E. Kaler, and Caroline R. Geist-Benitez

From left to right: Jay Holtmeier, Kimberly A. Parker, Erin G.H. Sloane, Christopher Cestaro, Meghan E. Kaler, and Caroline R. Geist-Benitez. (Photos courtesy of Wilmer, Cutler, Pickering, Hale & Dorr LLP)

While Foreign Corrupt Practices Act (FCPA) enforcement activity has not come close to returning to the heights seen a few years ago, 2022 reflected significant increases from the prior year in both the number of cases against corporate defendants (eight vs. four) and the combined total of monetary penalties levied ($1.56 billion[1] vs. $459 million). Consistent with this upward trend of enforcement activity, the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) continue to signal that anti-corruption enforcement is a priority and to provide further detail and clarification regarding their approach to corporate enforcement. Below are the key takeaways regarding FCPA enforcement in 2022 and trends to keep in mind as we look ahead to 2023.

Continue reading →

U.S. Attorney’s Offices Issue Nationwide Corporate Voluntary Self-Disclosure Policy

by Joon H. Kim, Lev L. Dassin, Jonathan S. Kolodner, Lisa Vicens, Andrés Felipe Sáenz, and Roberta Mayerle

From left to right: Joon H. Kim, Lev L. Dassin, Jonathan S. Kolodner, Lisa Vicens, Andrés Felipe Sáenz, and Roberta Mayerle (Photos courtesy of Cleary Gottlieb Steen & Hamilton)

On February 22, 2023, the Department of Justice announced a new corporate Voluntary Self-Disclosure Policy for U.S. Attorney’s Offices nationwide (the “USAO Policy”).[1] The USAO Policy sets forth clearer and concrete benefits for companies that voluntarily and timely self-report misconduct as had been directed by the September 15, 2022 memorandum from the Deputy Attorney General for the Department of Justice (“DOJ”) (the “Monaco Memorandum”).[2] The USAO Policy also follows the significant revisions to the DOJ Criminal Division’s Corporate Enforcement and Voluntary Self-Disclosure Policy recently announced on January 17, 2023 (the “Corporate Enforcement Policy”).[3]

The USAO Policy applies to all U.S. Attorney’s Offices and is effective immediately. As such, it standardizes what was previously a patchwork of different practices across U.S. Attorney’s Offices and fills a gap where no comprehensive voluntary self-disclosure policy previously existed.

Continue reading →

Regulatory Priorities at the ABA White Collar Conference: Market Protection, Crypto, and ESG

by Robertson Park

Robertson Park (photo courtesy of Davis Wright Tremaine LLP)

The ABA White Collar Conference this year offered a slightly more forthcoming group of government agency representatives from the DOJ, SEC, and the CFTC. Maybe it was the lifting of the pandemic fog, and maybe it was the March heat in Miami, but it was certainly a more assertive and transparent government narrative. The arc is clearly up across the enforcement and regulatory landscape. The enforcement panel reminded me of the movie The Graduate, where Dustin Hoffman is presented the distilled single word of advice –“Plastics.” The enforcers weren’t focused on one word of advice, but equally focused on several — “protect markets” — “Crypto”— and “ESG.” The first two are already apparent in ongoing and recent investigations and prosecutions. The latter presents a more troubling landscape for companies.

Continue reading →