State Immunity and the False Claims Act

By Joshua M. Baker

Photo of the author

Photo courtesy of the Young Law Firm.

While litigation under the False Claims Act (FCA) generally can be rather complex, bringing actions under this statute against state agencies involves the additional issue of potential immunity under the Eleventh Amendment. The inquiry as to whether a given state agency can successfully assert such immunity is nuanced and the analysis will vary depending on the jurisdiction in which the case is brought. At the most basic level, the resolution of this issue depends on how the agency is treated under state law. Specifically, courts will look at factors such as how much autonomy the agency has from the state government as such and how much of its funding comes from the state. 

Continue reading

FinCEN Proposes Comprehensive Updates to AML/CFT Program Rules

by David Sewell and Nathaniel Balk

photos of the authors

From left to right: David Sewell and Nathaniel Balk. (Photos courtesy of Freshfields Bruckhaus Deringer LLP)

On June 28, 2024, the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued a proposed rule (the Proposed Rule) to update anti-money laundering (AML) and countering the financing of terrorism (CFT) compliance obligations to reflect revisions to the Bank Secrecy Act (BSA) contained in the Anti-Money Laundering Act of 2020 (AML Act).[1]

FinCEN’s release marks the latest step in the ongoing implementation of the AML Act, which adopted the most significant revisions to the U.S. AML/CFT framework since the adoption of the USA PATRIOT Act in 2001. Although the Proposed Rule in large part clarifies, streamlines, and updates existing regulations, it includes several provisions that materially change AML/CFT compliance obligations for many financial institutions, including most notably a mandatory risk assessment process.

Below, we briefly summarize the Proposed Rule, including its scope, requirements, and potential implications, and highlight open questions and next steps.  

Continue reading

Balancing Victim Compensation and Efficiency in Non-Trial Resolutions: A Comparative Perspective from the International Academy of Financial Crime Litigators

by Stéphane Bonifassi, Lincoln Caylor, Grégoire Mangeat, Léon Moubayed, Jonathan Sack, Andrew Stafford K.C., Wolfgang Spoerr, and Thomas Weibel

Photos of authors.

Top left to right: Stéphane Bonifassi, Lincoln Caylor, Grégoire Mangeat, Léon Moubayed. Bottom left to right: Jonathan Sack, Andrew Stafford K.C., Wolfgang Spoerr, and Thomas Weibel. (Photos courtesy of authors)

Introduction

Negotiated settlements for financial crimes offer a practical approach to resolving cases without lengthy trials. However, they pose a complex dilemma: how to balance efficiency with the need for victims to have a meaningful role in the proceeding and achieve adequate victim compensation. Across various jurisdictions, the approaches to non-trial resolutions reflect differing priorities, with some countries leaning towards expediency and others emphasizing victim rights. This is why the International Academy of Financial Crime Litigators published a working paper on the topic. This piece explores the current state of how victims of financial crime are being compensated in non-trial resolutions across different legal jurisdictions. Furthermore, it identifies some of the challenges and trade-offs lawmakers face when trying to infuse an optimal amount of victim involvement into the settlement process, providing suggestions on how victims of financial crime can be better heard and compensated in settlement procedures.

Continue reading

BlackRock’s Voting Choice Program Expands to Accommodate Diverging Client Priorities with More Tailored Voting Guidelines

by Adam O. Emmerich, David A. Katz, Karessa L. Cain, Elina Tetelbaum, and Carmen X. W. Lu

Photos of the authors

Left to right: Adam O. Emmerich, David A. Katz, Karessa L. Cain, Elina Tetelbaum and Carmen X. W. Lu. (Photos courtesy of Wachtell, Lipton, Rosen & Katz)

In recent years, one of the most significant developments in corporate governance has been the adoption and expansion of voting choice programs by the largest institutional investors.  Such changes have come in response to growing scrutiny and pressure from asset owners and regulators with diametrically opposed and fervently held views on the role of environmental and social issues such as climate change and diversity, equity and inclusion (DEI) in investment decisions.  In furtherance of this trend, BlackRock has now adopted separate voting guidelines tailored towards specific funds and investors.

Early this month, BlackRock released climate and decarbonization stewardship guidelines for its funds with explicit decarbonization or climate-related investment objectives or other funds where clients have instructed BlackRock to apply these guidelines to their holdings.  These new guidelines will supplement BlackRock’s benchmark policies applicable to all assets under management and will focus attention on how companies have aligned their business model and strategies to meet the goals of the Paris Agreement.  A total of 83 funds with $150 billion of combined assets are expected to be covered by the new guidelines.  BlackRock has indicated that it will apply the guidelines to those companies held by covered funds and clients who have opted into the guidelines and that produce goods and services that “contribute to real world decarbonization,” have a “carbon intensive business model” or face “outsized impacts from the low carbon transition,” based on their Scopes 1, 2, and 3 greenhouse gas emissions. 

Continue reading

Does California’s Delete Act Have the “DROP” on Data Brokers?: Updates and Insights from the Recent Stakeholder Session

 by Christine E. Lyon, Christine Chong, Jackson Myers, and Ortal Isaac

Photos of the authors

From left to right: Christine E. Lyon, Christine Chong and Jackson Myers. (Photos courtesy of Freshfields Bruckhaus Deringer LLP)

The California Delete Act will make it easier for California consumers to request deletion of their personal information by so-called “data brokers,” a term that is much broader than companies may expect (see our prior blog post here). In particular, the Delete Act provides for a universal data deletion mechanism—known as the Data Broker Delete Requests and Opt-Out Platform, or “DROP”—that will allow any California consumer to make a single request for the deletion of their personal information by certain, or all, registered data brokers. In turn, by August 2026, data brokers will be required to regularly monitor, process, and honor deletion requests submitted through the DROP.

While the DROP’s policy objectives are fairly straightforward, it is less clear how the DROP will work in practice. For example, what measures will be taken to verify the identity of the consumer making the request, to ensure that the requesting party is the consumer they claim to be? What measures will be taken to verify that a person claiming to act as an authorized agent for a consumer actually has the right to request deletion of that consumer’s personal information? Unauthorized deletion of personal information may result in inconvenience or even loss or harm to individuals, which raises the stakes for the California Privacy Protection Agency (CPPA) as the agency responsible for building the DROP.

Continue reading

Biden Administration Releases Proposed Rule on Outbound Investments in China

by Paul D. Marquardt and Kendall Howell

Photos of authors

From left to right: Paul D. Marquardt and Kendall Howell (Photos courtesy of Davis Polk & Wardwell LLP)

The Biden administration released its proposed rule that would establish a regulatory framework for outbound investments in China, following its advanced notice of proposed rulemaking released last August.

On June 21, 2024, the U.S. Department of the Treasury (Treasury) released its long-awaited notice of proposed rulemaking that would impose controls on outbound investments in China (the Proposed Rule). The Proposed Rule follows Treasury’s advanced notice of proposed rulemaking (the ANPRM) released in August 2023 (discussed in this client update) and implements the Biden administration’s Executive Order 14105 (the Executive Order), which proposed a high-level framework to mitigate the risks to U.S. national security interests stemming from U.S. outbound investments in “countries of concern” (currently only China). Like the Executive Order and ANPRM, the Proposed Rule reflects an effort by the Biden administration to adopt a “narrow and targeted” program and is in large part directed at the “intangible benefits” of U.S. investment (e.g., management expertise, prestige, and know-how), rather than capital alone.[1]

Continue reading

Supreme Court Punches SEC APs Right in the Seventh Amendment

by Andrew J. Ceresney, Charu A. Chandrasekhar, Arian M. June, Robert B. Kaplan, Julie M. Riewe, Kristin A. Snyder, and Jonathan R. Tuttle

Photos of the authors

Top left to right: Andrew J. Ceresney, Charu A. Chandrasekhar, Arian M. June, and Robert B. Kaplan. Bottom left to right: Julie M. Riewe, Kristin A. Snyder, and Jonathan R. Tuttle. (Photos courtesy of Debevoise & Plimpton LLP)

Recently, in a long-awaited ruling with significant implications for the securities industry and administrative agencies more generally, the U.S. Supreme Court affirmed the Fifth Circuit’s decision in Jarkesy v. SEC, holding that the Seventh Amendment right to a jury trial precluded the U.S. Securities and Exchange Commission (the “SEC”) from pursuing monetary penalties for securities fraud violations through in-house administrative adjudications. The key takeaways are:

  • The Court’s ruling was limited to securities fraud claims, but other SEC claims seeking legal remedies may be impacted, as well as claims by other federal agencies that may have been adjudicated in-house previously.
  • We expect that the SEC will continue its practice of bringing new enforcement actions in district court, except when a claim only is available in the administrative forum.
  • Because of the majority decision’s focus on fraud’s common-law roots, the decision raises questions about whether the SEC may bring negligence-based or strict liability claims seeking penalties administratively.
  • The Court did not resolve other constitutional questions concerning the SEC’s administrative law judges, including whether the SEC’s use of administrative proceedings violates the non-delegation doctrine and whether the SEC’s administrative law judges are unconstitutionally protected from removal in violation of Article III.
  • We anticipate additional litigation regarding these unresolved issues.

Continue reading

CNIL Publishes New Guidelines on the Development of AI Systems

by David Dumont and Tiago Sérgio Cabral

Photos of the authors

David Dumont and Tiago Sérgio Cabral (photos courtesy of Hunton Andrews Kurth LLP)

On June 7, 2024, following a public consultation, the French Data Protection Authority (the “CNIL”) published the final version of its guidelines addressing the development of AI systems from a data protection perspective (the “Guidelines”). Read our blog on the pre-public consultation version of these Guidelines.

In the Guidelines, the CNIL states that, in its view, the successful development of AI systems can be reconciled with the challenges of protecting privacy.

Continue reading

Incident Response Plans Are Now Accounting Controls? SEC Brings First-Ever Settled Cybersecurity Internal Controls Charges

by Andrew J. Ceresney, Charu A. Chandrasekhar, Luke Dembosky, Erez Liebermann, Benjamin R. Pedersen, Julie M. Riewe, Matt Kelly, and Anna Moody

Photos of the authors

Top left to right: Andrew J. Ceresney, Charu A. Chandrasekhar, Luke Dembosky and Erez Liebermann. Bottom left to right: Benjamin R. Pedersen, Julie M. Riewe, Matt Kelly and Anna Moody. (Photos courtesy of Debevoise & Plimpton LLP)

In an unprecedented settlement, on June 18, 2024, the U.S. Securities & Exchange Commission (the “SEC”) announced that communications and marketing provider R.R. Donnelley & Sons Co. (“RRD”) agreed to pay approximately $2.1 million to resolve charges arising out of its response to a 2021 ransomware attack. According to the SEC, RRD’s response to the attack revealed deficiencies in its cybersecurity policies and procedures and related disclosure controls. Specifically, in addition to asserting that RRD had failed to gather and review information about the incident for potential disclosure on a timely basis, the SEC alleged that RRD had failed to implement a “system of cybersecurity-related internal accounting controls” to provide reasonable assurances that access to the company’s assets—namely, its information technology systems and networks—was permitted only with management’s authorization. In particular, the SEC alleged that RRD failed to properly instruct the firm responsible for managing its cybersecurity alerts on how to prioritize such alerts, and then failed to act upon the incoming alerts from this firm.

Continue reading

Treasury and FSOC Sharpen Focus on Risks of AI in the Financial Sector

by Alison M. Hashmall, David Sewell, Beth George, Andrew Dockham, Megan M. Kayo and Nathaniel Balk

Photos of the authors

Top left to right: Alison M. Hashmall, David Sewell and Beth George. Bottom Left to Right: Andrew Dockham, Megan M. Kayo and Nathaniel Balk. (Photos courtesy of Freshfields Bruckhaus Deringer LLP)

On June 6-7, 2024, the Financial Stability Oversight Council (FSOC or the Council) cosponsored a conference on AI and financial stability with the Brookings Institution (the FSOC Conference).  The conference was billed as “an opportunity for the public and private sectors to convene to discuss potential systemic risks posed by AI in financial services, to explore the balance between encouraging innovation and mitigating risks, and to share insights on effective oversight of AI-related risks to financial stability.” The FSOC Conference featured noteworthy speeches by Secretary of the Treasury Janet Yellen (who chairs the Council), as well as Acting Comptroller of the Currency Michael Hsu.  And in a further sign of increased regulatory focus on AI in the financial industry, the Treasury Department also released a request for information on the Uses, Opportunities, and Risk of Artificial Intelligence (AI) in the Financial Services Sector (the AI RFI) while the conference was happening – its most recent, and most comprehensive, effort to understand how AI is being used in the financial industry.

In this blog post, we first summarize the key questions raised and topics addressed in the AI RFI.  We then summarize the key takeaways from FSOC’s conference on AI and discuss how these developments fit within the broader context of actions taken by the federal financial regulators in the AI space. Lastly, we lay out takeaways and the path ahead for financial institutions as they continue to navigate the rapid development of AI technology.

Continue reading