Tag Archives: John F. Savarese

White Collar and Regulatory Enforcement in the Era of COVID-19

by John F. Savarese, Ralph M. Levene, Wayne M. Carlin, and David B. Anders

When we issued our memorandum (PDF: 231KB) on “what to expect in 2020” concerning white collar and regulatory enforcement developments, we certainly did not expect that just two months later, 41 states would effectively be locked down due to the coronavirus pandemic, many courts would be closed, and governments would be intensely focused on adopting measures responsive to the global health crisis. What we’re now seeing in the white collar/regulatory world is that, instead of pushing forward at their usual pace, prosecutors and regulators are adjusting to a new reality in which live testimony is impractical, courts are on pause and most everyone is working from home. It is impossible to predict when the normal cadence of such investigations will resume, but inquiries of all kinds will undoubtedly return to their normal pace and intensity when the crisis abates. Continue reading →

Controlling Material, Non-Public Information During the Coronavirus Pandemic

by John F. Savarese, Wayne M. Carlin, and David B. Anders

In an unusual statement issued earlier this week, the Co-Directors of the SEC’s
Division of Enforcement, Stephanie Avakian and Steven Peikin, reminded market
participants of the critical importance of maintaining proper control over the
dissemination of material, non-public information, adhering to the restrictions
imposed by Regulation FD on selective disclosures, and assuring compliance with
policies and procedures designed to prevent insider trading and other conduct that
would undermine market integrity. They stressed in particular that, as companies and
markets cope with the outbreak of COVID-19 and the continuing coronavirus
pandemic, corporate insiders are likely learning new material, non-public information
“that may hold an even greater value than under normal circumstances.”
Continue reading →

FTC Discusses Management and Board Roles as Core Elements of Revised Data Breach Enforcement Model

by Andrew R. Brownstein, Steven A. Rosenblum, John F. Savarese, Marshall L. Miller, and Jeohn Salone Favors

In a blog post published this week, the Director of the FTC’s Consumer Protection Bureau detailed recent changes to the FTC’s baseline approach to remedial orders in data breach enforcement actions. The changes were spurred in part by a 2018 Court of Appeals decision (PDF: 125 KB) that found an FTC order’s requirement that a company implement “reasonable” data security measures to have been too vague to be enforceable. The FTC has reworked its routine enforcement practice to ensure that remedial data security orders include significantly greater specificity about compliance expectations for companies subject to enforcement action and for third-party assessors engaged to conduct FTC-mandated monitoring and audits of targeted companies’ data security practices.

Continue reading →

Protecting Attorney-Client Privilege and Respecting Fifth Amendment Rights While Cooperating with the Government

by John F. Savarese and Carol Miller

In 2018, two cases illustrated the potential hazards that can arise when companies’ efforts to cooperate with the government later provide a basis for individuals questioned during internal investigations to claim that their Fifth Amendment rights against self-incrimination were compromised. While these cases, which we summarize below, have the greatest impact in connection with the representation of individuals in such investigations, companies responding to white collar inquiries need to keep these new developments in mind, particularly in conducting internal investigations and working in a cooperative mode with the government. Companies and their counsel must be mindful of these issues both to insure that individual employee rights are protected and to protect as much as possible the confidentiality and integrity of the company’s review. Continue reading →

State-Level Actors on the Frontlines of U.S. Cybersecurity and Data Privacy Regulation and Enforcement

by John F. Savarese, Marshall L. Miller, and Jeohn Salone Favors

While the General Data Protection Regulation (GDPR) significantly expanded the powers of European national data protection authorities in 2018, legislative and enforcement developments in the United States over the last year showcased the growing role and importance of state attorneys general and other state regulators in the realm of cybersecurity and data privacy.

In 2018, California passed a data privacy law akin to the GDPR and enacted legislation addressing internet-based bot activity and security of devices connected to the Internet of Things. With passage of legislation in Alabama in March 2018, all 50 states now have data breach notification laws, with requirements as to notification content, timing, and recipients varying across jurisdictions. And prescriptive cybersecurity regulations promulgated by New York State’s Department of Financial Services continued to take effect in rolling fashion. Absent preemptive legislation at the federal level, where proposals are stalled in Congress, we can expect data protection and privacy laws and regulations to proliferate at the state level, as state legislatures and regulators vie for the mantle of lead cybersecurity enforcer. Continue reading →

DOJ Extends FCPA Corporate Enforcement Policy Principles to Non-FCPA Misconduct Discovered in the M&A Context

by John F. Savarese, Ralph M. Levene, David B. Anders, Marshall L. Miller, and Daniel H. Rosenblum

In an important speech, Deputy Assistant Attorney General Matthew Miner of the Department of Justice’s Criminal Division announced on Thursday that DOJ will “look to” the principles of the FCPA Corporate Enforcement Policy (PDF: 50.6 KB) in evaluating “other types of potential wrongdoing, not just FCPA violations” that are uncovered in connection with mergers and acquisitions. As a result, when an acquiring company identifies misconduct through pre-transaction due diligence or post-transaction integration, and then self-reports the relevant conduct, DOJ is now more likely to decline to prosecute if the company fully cooperates, remediates in a complete and timely fashion, and disgorges any ill-gotten gains. Continue reading →

DOJ Applies Principles of FCPA Corporate Enforcement Policy in Other White-Collar Investigations, Increasing Opportunity for Corporate Declinations

by John F. Savarese, Ralph M. Levene, Wayne M. Carlin, David B. Anders, Marshall L. Miller, and Jonathan Siegel

Late last week, the Department of Justice’s Criminal Division announced at an ABA white-collar conference that it has begun using the FCPA Corporate Enforcement Policy (PDF: 51 KB) as “nonbinding guidance” in other areas of white-collar enforcement beyond the FCPA. As a result, absent aggravating factors, DOJ may more frequently decline to prosecute companies that promptly self-disclose misconduct, fully cooperate with DOJ’s investigation, remediate in a complete and timely fashion, and disgorge any ill-gotten gains. As a first example of this approach, the officials pointed to DOJ’s recent decision (PDF: 1,743 KB) to decline charges against Barclays PLC, after the bank agreed to pay back $12.9 million in wrongful profits, following individual charges arising out of a foreign exchange front-running scheme. Continue reading →

SEC Releases New Guidance on Cybersecurity Disclosures and Controls

by John F. Savarese, David A. Katz, Wayne M. Carlin, David B. Anders, Sabastian V. Niles, Marshall L. Miller, and Jonathan Siegel

Yesterday, in keeping with a heightened governmental focus on cybersecurity, as exemplified by the Justice Department’s formation of a new Cyber-Digital Task Force (PDF: 62 KB) earlier this week, the Securities and Exchange Commission announced new guidance on cybersecurity disclosures by public companies (the “Guidance (PDF: 139 KB)”).

Much of the Guidance tracks 2011 interpretive guidance from the SEC’s Division of Corporation Finance and retains a focus on “material” cyber risks and incidents. However, the expanded details and heightened pressure to disclose indicated in the Guidance, along with its issuance by the Commission itself, signal that the SEC expects public companies to consider more detailed disclosure of cyber risks and incidents, and to maintain “comprehensive” policies and procedures in this area. The SEC is also encouraging, though not requiring, forward-leaning approaches, such as with respect to disclosures about the company’s cyber risk management programs and the engagement of the board of directors with management on cybersecurity issues. SEC Chairman Jay Clayton has also directed (PDF: 92 KB) SEC staff to monitor corporate cyber disclosures. Continue reading →

White Collar and Regulatory Enforcement: What to Expect in 2018

by John F. Savarese, Ralph M. Levene, Wayne M. Carlin, David B. Anders, Jonathan M. Moses, Marshall L. Miller, Louis J. Barash, and Carol Miller

Introduction

In our memo last year, we acknowledged that it was close to impossible to predict the likely impact that the newly elected Trump administration would have on white-collar and regulatory enforcement. (White Collar and Regulatory Enforcement: What to Expect in 2017 (PDF: 240 KB) Instead, we set out a list of initiatives we urged the new administration to consider, including clarifying standards for when cooperation credit would be given, reducing the use of monitors, and giving greater weight to a company’s pre-existing compliance program when exercising prosecutorial discretion, among other suggestions. While the DOJ under Attorney General Jeff Sessions has, for example, taken some steps toward clarifying the applicable standards for cooperation and increasing incentives to disclose misconduct in the FCPA area, few other policy choices or shifts in approach have been articulated or implemented. Continue reading →

Second Circuit Limits Judicial Scrutiny of Deferred Prosecution Agreements

by John F. Savarese, Ralph M. Levene, David B. Anders, Marshall L. Miller, and Christopher R. Deluzio

In an anticipated and important decision, the Second Circuit Court of Appeals overturned a district court’s order requiring the unsealing of an independent monitor’s report detailing HSBC’s compliance with a deferred prosecution agreement. United States v. HSBC Bank USA, N.A. (PDF: 284 KB) (Nos. 16-308, 16- 353, 16-1068, 16-1094, July 12, 2017). In so doing, the Second Circuit substantially limited a district court’s power to scrutinize DPAs, thereby following a course similarly embraced by the D.C. Circuit (as discussed in our prior memo (PDF: 27 KB).

In the district court, Judge Gleeson granted the joint request by DOJ and HSBC to approve the DPA, subject to the Court’s ongoing oversight of the DPA’s implementation pursuant to the Court’s asserted “supervisory authority”—a decision we discussed in our earlier memo (PDF: 21 KB). As part of its oversight, the Court ordered the government to file under seal an independent monitor’s report, which eventually led to a member of the public requesting access to the report. Construing that request as a motion to unseal, the Court granted the motion, finding that the monitor’s report was a “judicial document” subject to the public’s qualified First Amendment right of access. The government and HSBC appealed. Continue reading →

Compliance and Enforcement