FATF “Gray Lists” Turkey, Citing Concerns with Turkey’s Banking and Real Estate Sectors and Potential Terrorism Financing

by H. Christopher Boehning, Jessica Carey, Christopher Frey, Michael Gertzman, Roberto Gonzalez, Brad Karp, Richard Elliott, Rachel Fiorill, and Jacobus Schutte 

In a significant move, the Financial Action Task Force (“FATF”), the international anti-money laundering body tasked with developing policies to combat money laundering and terrorism financing, has added Turkey to its list of jurisdictions subject to increased monitoring (also known as the FATF “Gray List”).[1]  With the addition of Turkey (as well as, through separate actions, Jordan and Mali), the FATF Gray List now includes 23 countries that FATF has determined to have “strategic deficiencies” in their anti-money laundering (“AML”) and counter-terrorism financing (“CFT”) laws and regulations compared to international best practices and the standards maintained by FATF. [2]  Turkey is the largest economy to be included on the Gray List.

Continue reading

A Historic First in Consumer Product Safety Act Enforcement: Corporate Criminal Penalties for Late Reporting Under Section 15

by Kelsie Sicinski, Michelle F. Gillice, Jennifer A. Karmonick, and Murad Hussain 

On October 29, the status quo fundamentally changed for consumer product safety enforcement. On that date, the Department of Justice (DOJ) announced the resolution of criminal charges against a Chinese manufacturer and its two subsidiaries under the Consumer Product Safety Act (CPSA). This was the very first corporate criminal enforcement action brought under the CPSA, which resulted in a guilty plea from the US subsidiary, a deferred prosecution agreement (DPA) for the Chinese parent and its Hong Kong subsidiary, and $91 million in monetary penalties and forfeitures. This development makes clear that an intentional delay in reporting a consumer product safety defect, hazard, or risk to the Consumer Product Safety Commission (CPSC) has the potential to lead to both civil and criminal corporate liability under the CPSA.

Continue reading

OFAC and FinCEN Update Ransomware Guidance to Include New Red-Flag Indicators and Additional Sanctions Designations

by Luke Dembosky, Avi Gesser, Satish Kini, Aseel Rabie, and HJ Brehmer

On November 8, 2021, the U.S. Department of the Treasury (“Treasury”) announced a new set of sanctions against criminal ransomware actors, the virtual currency exchange Chatex and three companies providing material support and assistance to Chatex. By designating these entities, which have direct ties with the previously sanctioned SUEX OTC, S.R.O. (“SUEX”), Treasury is suggesting that it will continue to use all tools available to identify and take action against those involved in facilitating ransomware payments. 

Continue reading

New York DFS Issues Guidance for Adoption of Affiliates’ Cybersecurity Programs

by Greg Andres, Matthew Bacal, Martine Beamon, Angela Burgess, Robert Cohen, Gabriel Rosenberg, Margaret Tahyar, James Haldin, Matthew Kelly, and Daniel Newman

The New York DFS issued new guidance regarding a covered entity’s reliance on an affiliate’s cybersecurity program. The guidance explains DFS’s view that, when a covered entity relies on an affiliate’s program, DFS has authority to examine the affiliate’s program.

Since 2017, New York’s Cybersecurity Regulation, 23 N.Y.C.R.R. Part 500, has required any “Covered Entity”—that is, any entity regulated by New York’s Department of Financial Services (DFS)—to maintain a risk-based cybersecurity program consistent with certain prescriptive technical and procedural requirements. These requirements, the DFS has maintained, are designed to ensure that the Covered Entity’s program adequately protects the Covered Entity’s information systems and the nonpublic information maintained on them.

Continue reading

Increasing Disclosures and Data to Increase Inclusion

by Jean Lee

The SEC is considering a new rule that would require businesses to disclose more information about the diversity within their companies, a promising sign that corporate America is embracing transparency and accountability when it comes to diversity, equity and inclusion (DEI). Better data is an essential step towards progress on DEI efforts at disclosing companies—a philosophy that drives the Minority Corporate Counsel Association’s (MCCA) work and the release of our new Diversity Scorecard.

Continue reading

Virtual Currency Platforms and Ransomware Attacks: OFAC Advisories Highlight Increasing Overlap of Sanctions and Cybersecurity Risks Associated with Virtual Currency Platforms and Ransomware Attacks (Part II of II)

by John Barker, Ronald Lee, Soo-Mi Rhee, Tal Machnes, and Christine Choi 

This is part II of a two-part post. For Part I, which outlines two OFAC advisory opinions on US sanction risks associated with cyber related activities, including virtual currency platforms, click here

Focus on Virtual Currency Platforms

OFAC’s increased focus on cybersecurity, generally, has also put a spotlight on the sanctions risks specific to the virtual currency industry. Indeed, concurrent with the release of its September 2021 Updated Advisory, OFAC added SUEX OTC, S.R.O. (SUEX), a Russian virtual currency exchange, to the SDN List for facilitating financial transactions for ransomware actors—the first such designation of a virtual currency exchange. According to Treasury, over 40% of SUEX’s known transactions were associated with illicit actors, and the exchange facilitated transactions involving at least eight ransomware variants. In designating SUEX, Treasury observed that the virtual currency sector plays a “critical role” in sanctions compliance.[1]

Continue reading

Federal Agencies Announce Ramp-Up of Redlining Enforcement

by Rick Fischer, Nancy Thomasand Jeremy Mandell

The Department of Justice (DOJ) joined other federal agencies in announcing an increased focus on fair lending issues. On October 22, 2021, DOJ announced a new initiative to crack down on “modern-day” redlining. DOJ is partnering with the Consumer Financial Protection Bureau (CFPB), and the Office of the Comptroller of the Currency (OCC) in this initiative, which will also involve increased coordination among the three agencies, federal prosecutors, and state attorneys general. To kick off the new initiative, DOJ, the CFPB, the OCC, and the U.S. Attorney’s Office for the Western District of Tennessee announced a consent order against Trustmark National Bank for alleged illegal redlining.

Continue reading

Cybersecurity and AI Whistleblowers: Unique Challenges and Strategies for Reducing Risk

by Avi Gesser, Anna R. Gressel, Corey Goldstein, and Michael Pizzi

Several recent developments have caused companies to review their whistleblower policies and procedures, especially in the areas of cybersecurity and artificial intelligence (“AI”).

Continue reading

New York Expands Whistleblower Law

by Harris M. Mufson, Gabrielle Levin, Jason C. Schwartz, and Katherine V.A. Smith

New York Governor Kathy Hochul recently signed a new law dramatically expanding protections for whistleblowers in New York. New York’s whistleblower law (New York Labor Law Section 740) previously limited anti-retaliation protections to employees who raised concerns about “substantial and specific danger to the public health and safety” or “health care fraud”. As outlined below, the amended law, which will go into effect on January 26, 2022, expands the scope of who is protected and what is deemed “protected activity” under Section 740. It also contains additional key changes and requirements for employers.

Continue reading

Virtual Currency Platforms and Ransomware Attacks: OFAC Advisories Highlight Increasing Overlap of Sanctions and Cybersecurity Risks Associated with Virtual Currency Platforms and Ransomware Attacks (Part I of II)

by John Barker, Ronald Lee, Soo-Mi Rhee, Tal Machnes, and Christine Choi 

This is part I of a two-part post. For Part II, click here.

In the last few months, the Office of Foreign Assets Control (OFAC) of the US Department of Treasury (Treasury) has issued two advisories that highlight the heightened US sanctions risk associated with cyber related activities, including ransomware attacks and the virtual currency platforms that ransomware payers often use to facilitate payments.

Continue reading