Two New Keynote Speakers Added to PCCE’s 4th Annual Directors’ Academy

Photos of Keynote Speakers

Matthew Olsen and Ismail Ramsey

We are honored to announce that Matthew Olsen, the Assistant Attorney General for the National Security Division at the U.S. Department of Justice, and Ismail Ramsey, the U.S. Attorney for the Northern District of California, will be additional keynote speakers at our 4th Annual Directors’ Academy at NYU School of Law on October 31st and November 1st, 2024. The agenda and registration portal are available here

Olsen, who leads the DOJ’s mission to combat terrorism, espionage, cyber crime, and other threats to the national security, and Ramsey, who, as U.S. Attorney for Northern California, is colloquially known as the “Sheriff of Silicon Valley,” overseeing investigations and cases concerning the leading technology companies in the world, will participate in a keynote and fireside chat titled New and Persistent Cyber Threats Overlooked by Boards and Management: Lessons for Boards. The session, which will take place on October 31st, will focus on providing board directors and senior management with the information they need to identify and manage the most critical cyber and national security-related threats to their firms, include the theft of intellectual property. It will be followed immediately by an expert panel to discuss board governance and oversight of cybersecurity. Both sessions will be moderated by Joseph Facciponti, PCCE’s Executive Director and former cybercrime prosecutor at the U.S. Attorney’s Office for the Southern District of New York.

Continue reading

Former Aide to Madagascan President Sentenced for Soliciting Bribes Under UK Bribery Act

by Pamela Reddy, Robin Spedding, and Matthew Unsworth

Photos of the authors

Left to Right: Pamela Reddy, Robin Spedding, and Matthew Unsworth (photos courtesy of Latham & Watkins LLP)

Sentencing of Romy Andrianarisoa, the first ever foreign public official to be convicted under the UK Bribery Act of 2010, provides important takeaways.

On 10 May 2024, Romy Andrianarisoa was sentenced to three and a half years’ imprisonment for soliciting bribes contrary to Section 2 of the Bribery Act 2010 (Bribery Act). Andrianarisoa, former Chief of Staff to President Andry Rajoelina of Madagascar, requested substantial cash payments in exchange for helping UK-headquartered Gemfields Group Ltd (Gemfields) secure mining rights in the country. Her associate, French national Philippe Tabuteau, was also handed a 27-month sentence for his role in the scheme.

Continue reading

FTC Finalizes Expansion of Health Breach Notification Rule’s Broad Applicability to Unauthorized App Disclosures

by Adam H. Greene and Apurva Dharia

Photos of the authors

Adam H. Greene and Apurva Dharia (photos courtesy of Davis Wright Tremaine LLP)

The FTC issued a final rule to lock in changes to the Health Breach Notification Rule (HBNR) that it proposed in May 2023. While the HBNR began as a breach notification rule seemingly focused on a narrow set of applications that store medical records on behalf of consumers, the final rule continues the FTC’s path toward turning the rule into a means of imposing privacy and breach notification restrictions on virtually all health and wellness apps. Consistent with the FTC’s September 2021 policy statement and recent enforcement actions, the final rule further revises the HBNR to apply to most health and wellness apps and to require breach notification in almost any instance in which a consumer’s identifiable health data is disclosed without their authorization (including unauthorized disclosures to advertising platforms).

The HBNR requires vendors of personal health records (PHRs) and PHR related entities to notify individuals, the FTC, and, in some cases, the media, of a breach of unsecured PHR identifiable health information.[1] It also requires third-party service providers to vendors of PHRs and PHR related entities to provide notification to such vendors and PHR related entities following the discovery of a breach. The rule applies to foreign and domestic non-HIPAA covered vendors of “personal health records that contain individually identifiable health information created or received by health care providers.” The HBNR specifies the timing, method, and content of notification, and in the case of certain breaches involving 500 or more people, requires notice to the media. The final rule will go into effect 60 days after its publication in the Federal Register.

Continue reading

New U.S. Law Extends Statute of Limitations for Sanctions Violations and Enhances Regulatory and Enforcement Focus on National Security Priorities

by Anthony Lewis, Eric Kadel Jr., Sharon Cohen Levin, Craig Jones, Adam Szubin, Amanda Houle, and Bailey Springer

Photos of the authors

Top: Anthony Lewis, Eric Kadel Jr., and Sharon Cohen Levin
Bottom: Craig Jones, Adam Szubin, and Amanda Houle
(Photos courtesy of Sullivan & Cromwell LLP)

Statute Doubles the Statute of Limitations for Sanctions Violations, Expands the Scope of Sanctions Programs, and Focuses on China’s Technology Procurement, Iranian Petroleum Trafficking, and Fentanyl Production

Summary

On April 24, President Biden signed into law H.R. 815, a sweeping national security legislative package that—in addition to providing foreign aid funding for Ukraine, Israel, and Taiwan—includes the 21st Century Peace Through Strength Act, which contains a number of provisions implementing the Biden administration’s national security priorities. As summarized below, provisions of the Act align with U.S. authorities’ continued focus on China and emphasis on sanctions enforcement. In particular, the Act:

  • Doubles the statute of limitations for civil and criminal violations of U.S. sanctions programs from five to 10 years—raising questions about retroactive application of the statute and whether authorities will amend current rules on corporate record-keeping practices;
  • Requires additional agency reports to Congress, reflecting a focus on U.S. investments in, and supply-chain contributions to, the development of sensitive technologies used by China—a topic that has likewise been the recent focus of the Department of Justice and the Department of Commerce;
  • Targets the Chinese government’s alleged evasion of U.S. sanctions on Iranian petroleum products and involvement in related financial transactions by directing the imposition of sanctions; and
  • Directs the President to impose sanctions aimed at curbing China’s alleged involvement in fentanyl trafficking and calls for forthcoming guidance for financial institutions in filing related SARs.

Continue reading

Treasury’s Report on AI (Part 1) – Governance and Risk Management

by Charu A. Chandrasekhar, Avi Gesser, Erez Liebermann, Matt Kelly, Johanna Skrzypczyk, Michelle Huang, Sharon Shaji, and Annabella M. Waszkiewicz

Photos of the authors

Top: Charu A. Chandrasekhar, Avi Gesser, Erez Liebermann, and Matt Kelly
Bottom: Johanna Skrzypczyk, Michelle Huang, Sharon Shaji, and Annabella M. Waszkiewicz
(Photos courtesy of Debevoise & Plimpton LLP)

On March 27, 2024, the U.S. Department of Treasury (“Treasury”) released a report on Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector (the “Report”). The Report was released in response to President Biden’s Executive Order (“EO”) 14110 on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, which spearheaded a government-wide effort to issue Artificial Intelligence (“AI”) risk management guidelines consistent with the White House’s AI principles. Continue reading

AI for IAs: How Artificial Intelligence Will Impact Investment Advisers

by Michael McDonald

Photo of the author

Photo courtesy of Davis Wright Tremaine LLP

The use of artificial intelligence and machine learning technology solutions (“AI”) is becoming increasingly common in all industries, including the registered investment adviser (“RIA”) space. A recent survey by AI platform Totumai and market research firm 8 Acre Perspective found that 12% of RIAs currently use AI technology in their businesses and 48% plan to use the technology at some point, which means there is a realistic expectation that 60% of RIAs will be using AI in the near future. Among other use-cases, AI has the potential to be used by RIAs for portfolio management, customer service, compliance, investor communications, and fraud detection. While regulators are not likely to prohibit the use of AI in the industry, they are likely to closely monitor and regulate specific applications and use cases which is why it is essential for RIAs to understand these emerging rules and regulatory frameworks so they can appropriately leverage the many benefits of AI while ensuring their business remains compliant with these new rules of the road. DWT has recently launched a series of webinars entitled, “AI Across All Industries” available here, that has gone in-depth on the legal issues surrounding the use of AI.

Continue reading

Will the Justice Department’s “90-Day Sprint” Creating a New Whistleblower Program Permit Confidential or Anonymous Reporting?

by Stephen M. Kohn

Photo of the auhtor

Photo courtesy of Kohn, Kohn & Colapinto LLP

On March 7, 2024, in speech before the American Bar Association, Deputy Attorney General Lisa Monaco announced a “90-day sprint” to establish a new Justice Department whistleblower program. The DAG’s reason for announcing the new program was clear:

Ever since Dodd-Frank created whistleblower programs at the SEC and the CFTC, those agencies have received thousands of tips, paid out many hundreds of millions of dollars, and disgorged billions in ill-gotten gains from corporate bad actors.

Yet both programs, and similar ones at IRS and FinCEN — by their very nature — are limited in scope. They only cover misconduct within their agencies’ jurisdictions. . .

These programs have proven indispensable — but they resemble a patchwork quilt that doesn’t cover the whole bed. They simply don’t address the full range of corporate and financial misconduct that the Department prosecutes.

So, we are filling these gaps.

The critical issue facing the Justice Department is precisely how they will “fill these gaps.”  Among the most pressing concerns is confidentiality.  Whistleblower advocates have uniformly asked the Justice Department to permit anonymous and confidential reporting as is currently permitted by the U.S. Securities and Exchange Commission (SEC) under the highly successful Dodd-Frank Act.  However, the U.S. Department of Justice (DOJ) has historically not permitted anonymous or confidential whistleblower disclosures to the department.  The current DOJ-approved procedures require all “human sources” to undergo an extensive background screening making anonymous reporting impossible.  Even when a whistleblower is granted confidential informant status, the current procedures permit the DOJ to waive confidentiality essentially at-will. 

Continue reading

Preparing for AI Whistleblowers

by Charu A. Chandrasekhar, Avi Gesser, Arian M. June, Michelle Huang, Cooper Yoo, and Sharon Shaji

Photos of the authors

Top row: Charu A. Chandrasekhar, Avi Gesser, and Arian M. June
Bottom row: Michelle Huang, Cooper Yoo, and Sharon Shaji
(Photos courtesy of Debevoise & Plimpton LLP)

As artificial intelligence (“AI”) use and capabilities surge, a new risk is emerging for companies: AI whistleblowers. Both increased regulatory scrutiny over AI use and record-breaking whistleblower activity has set the stage for an escalation of AI whistleblower-related enforcement. As we’ve previously written and spoken about, the risk of AI whistleblowers is rising as whistleblower protections and awards expand, internal company disputes over cybersecurity and AI increase due to a lack of clear regulatory guidance, and public skepticism mounts over the ability of companies to offer consumer protections against cybersecurity and AI risks.

Continue reading

Wachtell Publishes Financial Institutions M&A Guide for 2024

Editor’s Note: This post contains excerpts from Wachtell, Lipton, Rosen & Katz’s Guide: “Financial Institutions M&A 2024: Seizing Opportunities, Navigating Pitfalls,” the full version of which is available here

by Ed Herlihy, Richard Kim, Nick Demmo, David Shapiro, Matt Guest, Mark Veblen, Brandon Price, and Jake Kling

Photos of the authors

Top left to right: Ed Herlihy, Richard Kim, Nick Demmo, and David Shapiro
Bottom left to right: Matt Guest, Mark Veblen, Brandon Price, and Jake Kling
(Photos courtesy of Wachtell, Lipton, Rosen & Katz)

KEY TRENDS IN FINANCIAL INSTITUTIONS M&A DURING 2023

I. M&A FALLS FOR A SECOND CONSECUTIVE YEAR OWING TO GEOPOLITICAL, MACROECONOMIC AND REGULATORY FACTORS

Financial institutions M&A fell for the second year in a row in 2023. Like most other sectors of the economy, financial institutions faced significant M&A headwinds during the year, including geopolitical instability, elevated inflation, high interest rates, challenging and often volatile equity markets, enhanced antitrust risks and uncertainty, and recessionary fears that softened only towards the end of the year.

Continue reading

Maryland Legislature Passes State Privacy Bill with Robust Requirements and Broad Threshold for Application

by Marshall Mattera and Amanda Pervine

Photo of the author

Marshall J. Mattera (photo courtesy of Hunton Andrews Kurth)

The Maryland legislature recently passed the Maryland Online Data Privacy Act of 2024 (“MODPA”), which was delivered to Governor Wes Moore for signature and, if enacted, will impose robust requirements with respect to data minimization, the protection of sensitive data, and the processing and sale of minors’ data.

Continue reading