Tag Archives: David Bitkower

New Civil Cyber-Fraud Initiative Uses False Claims Act to Enforce Cybersecurity Requirements

by David Bitkower, Brandon D. Fox, Shoba PillayDavid B. Robbins, and Moshe Broder

The Department of Justice (DOJ) announced a new Civil Cyber-Fraud initiative which will use the False Claims Act (FCA) to enforce government contract cybersecurity requirements. The initiative will be led by the Fraud Section of the DOJ Civil Division’s Commercial Litigation Branch. DOJ believes it can bring its experience and resources from its civil fraud enforcement, procurement, and cybersecurity focused attorneys to make this a successful initiative.

Continue reading

Biden Administration Expands Cybersecurity Requirements for Government Contractors that Are Likely to Have a Broad Impact on the Private Sector

by David Bitkower, David Robbins, Shoba Pillay, Aaron Cooper, and Tali Leinwand

An Executive Order released by the Biden administration last month (the Cybersecurity EO) seeks to bolster the federal government’s cybersecurity defenses and resilience by imposing a variety of requirements on federal agencies and government contractors that are likely to have spillover effects in the private sector.[1] While many federal agencies and contractors already abide by existing agency-specific cybersecurity measures, the Cybersecurity EO establishes additional criteria to ensure that all information systems used or operated by federal agencies “meet or exceed” the cybersecurity requirements set forth in the Cybersecurity EO.[2] In particular, the Cybersecurity EO will directly affect companies that provide information technology (IT) and operational technology (OT) services, cloud computing software, and other technology to the federal government. In turn, the private sector, even when not servicing the federal government, is expected to see a renewed emphasis on security requirements and assessment standards.  

Continue reading

Congress Passes Anti-Money Laundering Legislation Banning Anonymous Shell Companies

by Andrew WeissmannDavid BitkowerTali R. LeinwandSarah F. WeissE.K. McWilliams, and Wade A. Thomson

Last week, a law designed to thwart the use of US shell companies by drug traffickers, terrorists, foreign adversaries, and others seeking to shield the provenance of their funds cleared Congress with bipartisan support. The Senate joined the House in overriding President Donald Trump’s veto of the National Defense Authorization Act for Fiscal Year 2021 (NDAA), which includes a variety of reforms to anti-money laundering (AML) laws.

The key reform requires certain companies to disclose their ultimate owners to the Treasury Department’s Financial Crimes Enforcement Network (FinCEN), making it harder for certain criminals to manipulate shell companies to launder money or evade taxes.[1] Although the law has various loopholes, it enhances the government’s ability to detect and deter the use of shell companies to commit crime.

Continue reading

The Latest Step in DOJ’s Compliance Mission: Takeaways from the Updated Guidance on Evaluating Corporate Compliance Programs

by Anthony S. Barkow, David Bitkower, Erin R. Schrantz, Keisha N. Stanford, Jessica A. Martinez, Manuel C. Possolo

On Monday, June 1, 2020, the Department of Justice (DOJ) Criminal Division released updated guidance regarding the “Evaluation of Corporate Compliance Programs (PDF: 209 KB).”  Now in its third iteration, this guidance replaces the April 2019 version (PDF: 179 KB), which originated from a set of 2017 guidelines from the Fraud Section.  The updated guidance, like prior iterations, seeks to make corporations aware of the criteria DOJ uses when evaluating compliance programs in making enforcement decisions.  In the latest version, DOJ maintains the existing structure and much of the prior content, but makes targeted changes.

The new revisions are part of a continuing trend at DOJ to more holistically assess corporate compliance programs beyond the specific issue that brought the company to the Department’s attention, jettisoning the more tailored approach of the original 2017 guidance.  In addition, the revisions amplify certain themes in DOJ’s compliance review criteria:  (1) whether a company has demonstrable processes to continuously improve its compliance program; (2) the extent to which available data is mined and analyzed to evaluate the company’s compliance efforts; and (3) how compliance is embedded in the day-to-day operations of the business and viewed by rank-and-file employees. Continue reading

What’s in a Name? That Which We Now Call the Justice Manual Has a Familiar, But Distinctive, Scent

by Katya Jestin, David Bitkower, Matthew D. Cipolla, Anne Cortina Perry, and Jessica A. Martinez

On September 25, 2018, Deputy Attorney General Rod Rosenstein announced the rollout of the “Justice Manual” – a revised and renamed version of the U.S. Attorneys’ Manual, a long-used reference for Department of Justice (DOJ) policies and procedures.[1] The most significant changes appear to be confined to anticipated codifications of well-publicized new policies (although one such policy was, puzzlingly, omitted). But some other changes have not been previously addressed by Department leadership, and may provide insight into the Department’s mindset in light of recent events.

The recent rollout was the culmination of a yearlong review and overhaul of the Manual, the first in more than 20 years.[2] This initiative to streamline DOJ policies and revamp the U.S. Attorneys’ Manual was announced by Deputy AG Rosenstein last October in a speech at NYU. Rosenstein explained in his initial announcement that the project would work to identify redundancies, clarify ambiguities, eliminate surplus language, and update the Manual to reflect current law and DOJ practice, including through the incorporation of outstanding policy memoranda.[3] According to DOJ’s recent announcement, the name change from “U.S. Attorneys’ Manual” to “Justice Manual” not only reflects this significant undertaking by DOJ employees, but also emphasizes the applicability of the Manual to the entire Department, beyond the U.S. Attorneys’ Offices.[4] Continue reading

Congress Passes CLOUD Act Governing Cross-Border Law Enforcement Access to Data

by David Bitkower and Natalie Orpett

On March 23, 2018, Congress passed the Clarifying Lawful Overseas Use of Data Act (the CLOUD Act), amending key aspects of U.S. surveillance law and providing a framework for cross-border data access for law enforcement purposes.  The Act addresses two problems that have been the subject of heated debate for the past five years.  First, by amending the Stored Communications Act, 18 U.S.C. §§ 2701 et seq. (SCA), the CLOUD Act clarifies that American law enforcement authorities can compel providers of electronic communication services — such as major email service providers and social media networks — to produce data stored outside the United States.  Second, the Act establishes new rules facilitating foreign law enforcement access to data stored inside the United States.  In short, this new legislation impacts any provider that may receive either U.S. or foreign orders to produce data in furtherance of criminal investigations. Continue reading