To Fix Corporate Crime, Write a Statute

by Miriam Baer

For scholars, jurists and other observers, the body of doctrines collectively known as “corporate criminal law” continues to generate questions about its provenance and mission. Is it just another form of criminal punishment, whose weaknesses mirror the weaknesses we encounter throughout the criminal justice system generally? Or is it so different in design and execution that it functions as something wholly different from criminal law, prompting its own set of first principles and challenges? Should we think of corporate criminal law as a form of regulation, as just another manifestation of criminal law, or as something more transformative that can be used to spur systemic changes in how our society relates to the private sector and to government generally?

Continue reading

Business Texts on Personal Phones: The Growing Compliance and Enforcement Risk and What to Do About It (Part II of II)

by Margaret W. Meyers, Rachel S. Mechanic, Daniel C. Zinman, David B. Massey, and Shari A. Brandt

This is Part II of a two-part post. For Part I, discussing recent enforcement actions related to employees’ use of personal devices, and the challenges employees’ use of personal devices pose for compliance with books and records and communication supervision rules, click here.

Continue reading

DOJ Reverses Course on Definition of “Property” for Fraud on Blaszczak Remand, Leaving Statutory Action the Only Likely Hope for Insider Trading Reform—For Now

by Brooke Cucinella, Stephen M. Cutler, Sarah L. Eichenberger, Nicholas S. Goldin, Joshua A. Levine, Michael J. Osnato, Jr., and Jonathan S. Kaplan

On January 11, 2021, based on the consent—and indeed, at the request of the Department of Justice (“DOJ”)—the Supreme Court vacated and remanded the Second Circuit’s decision in United States v. Blaszczak. Blaszczak was the controversial 2-1 decision that arguably heightened (some say unfairly) the risk of criminal insider trading prosecution by upholding the multi-count convictions of the defendants for, at bottom, illegally trading while in possession of information stolen from the government. The Supreme Court agreed, remanding to the Second Circuit to reconsider its decision in light of the Court’s intervening decision in Kelly v. United States. Kelly overturned the convictions that had stemmed from New Jersey’s infamous BridgeGate scandal by finding that, in that case, the government information at issue was not “property” as would have been required to sustain a conviction under the wire fraud theory, and that while “allocating lanes” on the bridge required “the time and labor of Port Authority employees,” those expenditures were “incidental” to “run-of-the-mine exercise of regulatory power,” rather than a misappropriation of government property.[1]

Continue reading

Should Companies Use Machine Learning for Their Anti-Corruption Programs?: The New Coalition for Integrity Guidance

by Shruti Shah and Jonathan J. Rusch

As they work to maintain the effectiveness of their anti-corruption risk and compliance programs, companies must be increasingly attentive to how well they make use of the data they acquire that are relevant to those programs.  The most recent edition of the U.S. Department of Justice’s “Evaluation of Corporate Compliance Programs” document states that prosecutors should inquire into whether compliance and control personnel “have sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls, and transactions,” and whether “any impediments exist that limit access to relevant sources of data.”[1]

Companies, however, are increasingly awash in such data from a multiplicity of sources: accounts payable, spend data, third-party supplier data, to name just a few.  Many companies make use of rule-based programming, in which human programmers write rules that enable the company to search for and find data indicative of corruption risk.  But some companies are increasingly curious about whether they should use a particular field of artificial intelligence: machine learning, in which computer systems “learn” on their own from data and do not depend on human-written rules.

Continue reading

Compliance, Culture and Evolving Regulatory Expectations

by Mark Steward

Keynote address delivered at the March 31, 2021 conference of New York University School of Law’s Program on Corporate Compliance and Enforcement, titled, Compliance, Culture, and ESG: How Companies Achieve Meaningful Cultural Change and Meet Evolving Regulatory and Stakeholder Expectations.

Highlights

  • The Senior Managers Regime (SMR) has changed the way firms allocate responsibilities, align those responsibilities to relevant controls and ensure oversight as to how these controls operate down the line.
  • The 5 Conduct Questions (5CQ), which start with ‘tone from the top’, are increasingly focussing on ‘tone from within,’ which requires every person in an organisation to be personally accountable and engaged.
  • Every employee of a regulated firm is subject to individual conduct rules, which impose broad obligations.
  • The SMR and 5CQ questions require firms to think about how a system or function might fail because of non-compliance, and they inject a sharper focus on conduct risk into the fabric of an organisation.
  • As demonstrated by enforcement cases, failures are not necessarily failures of compliance, but the consequence of choices made by individuals.

Continue reading

Document Retention in EU Competition Cases

by Alejandro Guerrero and David Wood

On 25 March 2021, the Court of Justice of the EU (“CJEU”) confirmed the fines imposed in Europe on a number of pharmaceutical companies, including Xellia and Alpharma, for entering into anticompetitive ‘pay for delay’ settlement agreements. 

One of the grounds of appeal rejected by the CJEU concerned the impact of the lengthy administrative procedure on Xellia’s and Alpharma’s rights of defence.  The CJEU found that Xellia and Alpharma had not proven that the Commission’s investigatory steps had taken so long as to impact their rights of defence.  In particular, Xellia and Alpharma could not blame the Commission for their own failure to preserve documents that could have assisted their defence. Continue reading

Business Texts on Personal Phones: The Growing Compliance and Enforcement Risk and What to Do About It (Part I of II)

by Margaret W. Meyers, Rachel S. Mechanic, Daniel C. Zinman, David B. Massey, and Shari A. Brandt

With increasing frequency, securities and commodities regulators are focusing on employees’ use of personal mobile devices for business-related communications via applications that are not approved by employers or captured by employers’ archival systems.  For good reason, regulators believe that many employees are less guarded when texting outside of their surveilled work platforms, particularly among workplace friends and colleagues at other firms, and that some employees may even be doing so to further questionable conduct and evade detection.  Regulators and prosecutors brought waves of cases against financial firms based on messages gathered from persistent multiparty Bloomberg chat rooms, so much so that some big banks shut them down in late 2013.  Text messages on unapproved mobile platforms may well serve as the next goldmine for enforcement staff and prosecutors.    

Continue reading

The Dual Threat of Identity Theft Red Flags and Cybersecurity Deficiencies in FINRA and SEC Enforcement

by Marc Gilman

In the last few years, cybersecurity, with an emphasis on protection of customer data, has topped the exam priorities and risk alerts of both the Financial Industry Regulatory Authority (“FINRA”) and the Securities and Exchange Commission (the “SEC”).  And, as the global pandemic pushes the financial services industry into the second year of a work from anywhere business environment, the deployment and continued improvement of cybersecurity controls to secure customer and firm data are critical.

Perhaps it should come as no surprise that regulations underpinning cybersecurity practices are coming to the fore.  A case in point is the announcement of FINRA’s letter of Acceptance, Waiver, and Consent (“AWC”) with Supreme Alliance LLC (“Supreme”) in December 2020 for violations of the SEC’s Regulation S-ID, also known as the identity theft red flags rule, and FINRA Rule 2010.[1]  FINRA’s settlement with Supreme is significant as it potentially signals a more aggressive and meaningful focus on Reg S-ID, which saw its first major enforcement in 2018 when the SEC fined Voya Financial Advisors, Inc. $1 million for violating it as well as the SEC’s Reg S-P.[2] 

This post will analyze the unique fact pattern of Supreme and offer practical suggestions for compliance officers navigating the nuances of identity theft protection and cybersecurity in this new, remote work world.

Continue reading

U.S., EU, U.K., and Other Antitrust Enforcers Enter Collaboration on Antitrust Analysis of Pharma Deals

By D. Jarret Arp, Arthur J. Burke, Ronan P. Harty, Howard Shelanski, and Jesse Solomon

On March 16, 2021, a coalition of international and U.S. antitrust authorities announced their formation of a joint working group to reevaluate their approach to reviewing mergers in the pharmaceutical industry (which today relies largely on an indication-by-indication review of the competitive overlaps between the merging parties).  The issues the working group plans to address are broad and cover theories of harm, analytical methodologies, and remedies.  The formation of this group highlights that pharmaceutical deals will remain a key priority for antitrust agencies—and indicates the potential emergence of more aggressive enforcement that has implications for deal timing, the scope of agency engagement, and increased multilateral collaboration among reviewing agencies.

Continue reading

Unleashing the Hydra: Recent Trends in Parallel Criminal and Regulatory Investigations

by William J. Stellmach, Amelia A. Cottrell, Elizabeth P. GrayPaul J. Pantano Jr., Neal E. Kumar, and Samantha G. Prince

A recent decision by a federal judge in Illinois caps a series of setbacks for federal prosecutors bringing cases born out of parallel investigations with U.S. regulatory agencies.  Increasingly, courts have faulted the U.S. Department of Justice (“DOJ”) and regulatory agencies for failing to ensure that their respective investigations remain separate and distinct, triggering broader disclosure obligations for prosecutors.  Those higher hurdles, while increasing government transparency for those being investigated, may also increase the risk of greater costs for financial institutions and companies confronting multiple, uncoordinated investigations.  If government authorities interpret their latest reversals as mandating less coordination and collaboration with one another, then investigatory targets may ultimately pay the price.

Continue reading