Tag Archives: Robert A. Cohen

SEC Office of Compliance Inspections and Examinations (OCIE) Issues Observations on Cybersecurity and Resiliency Practices

by Greg D. Andres, Robert A. Cohen, Neil H. MacBride, Annette L. Nazareth, Margaret E. Tahyar, Leor Landa, Michael S. Hong, Matthew J. Bacal, Daniel F. Forester, and Matthew A. Kelly

The SEC Office of Compliance Inspections and Examinations (OCIE) recently published observations (PDF: 854 KB) related to cybersecurity and operational resiliency practices observed in its examinations. OCIE reiterated its continued focus on cybersecurity issues, citing eight risk alerts related to cybersecurity it has published over the last few years.[1] OCIE conducts examinations for compliance with Regulation S-P and S-ID, which apply to broker-dealers and investment advisers, and Regulation SCI, which applies to exchanges and other SCI entities. The publication provides important guidance to regulated entities about the likely subjects of SEC exams, the expectations of its examiners, and the subjects of potential enforcement referrals. Continue reading

DOJ Clarifies Corporate Enforcement Policy

by Greg D. Andres, Martine M. Beamon, Angela T. Burgess, Tatiana R. Martins, Robert A. Cohen, Neil H. MacBride, Paul J. Nathanson, Linda Chatman Thomsen, Kenneth L. Wainstein, and Patrick S. Sinclair

On November 20, 2019, the Department of Justice (“DOJ”) modified its Corporate Enforcement Policy to clarify what level of disclosure is expected from companies in the early stages of an investigation. In short, the Policy reaffirms that companies should disclose known information—and the individuals involved—at the outset of investigations, while recognizing companies may not yet know all the relevant facts or individuals at that time.

The Corporate Enforcement Policy, first introduced as a pilot program concerning FCPA-related investigations in April 2016 and formalized in November 2017 by then–Deputy Attorney General Rod Rosenstein, offers incentives to companies that voluntarily disclose misconduct, timely remediate, and cooperate fully with the DOJ. Absent certain aggravating circumstances, a company following these steps can receive a declination assuming it fully disgorges any associated profits.[1] In March 2018, DOJ extended the Corporate Enforcement Policy beyond FCPA violations as nonbinding guidance concerning any corporate investigation. Since the Policy was introduced, DOJ has issued thirteen public FCPA declinations under its terms.[2]

Continue reading