On July 25, 2019, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act” or the “Act”), which expands data breach notification obligations under New York law and for the first time imposes affirmative cybersecurity obligations on covered entities.
The Act makes five principal changes
As discussed in our most recent blog post, on April 30, 2019, the Criminal Division of the U.S. Department of Justice (“DOJ” or “the Department”) announced updated guidance for the Criminal Division’s Evaluation of Corporate Compliance Programs (“the Guidance”). The Guidance is relevant to the exercise of prosecutorial discretion in conducting an investigation of a corporation, determining whether to bring charges, negotiating plea or other agreements, applying sentencing guidelines and appointing monitors.[1] The Guidance focuses on familiar factors: the adoption of a well-designed compliance program that addresses the greatest compliance risks to the company, the effective implementation of the company’s compliance policies and procedures, and the adequacy of the compliance program at the time of any misconduct and the response to that misconduct. The Guidance makes clear that there is no one-size-fits-all compliance program and that primary responsibility for the compliance program will lie with senior and middle management and those in control functions.
Continue Reading DOJ Guidance on Corporate Compliance Programs: A Checklist for Directors
On April 30, 2019, the Criminal Division of the U.S. Department of Justice announced updated guidance for the Criminal Division’s Evaluation of Corporate Compliance Programs (“the Guidance”) in charging and resolving criminal cases. This memorandum highlights key updates and discusses the themes present across versions of the Guidance. Overall, this newest version places greater emphasis
In a recent speech at the annual ABA White Collar Crime Conference in New Orleans, Assistant Attorney General Brian Benczkowski of the Criminal Division of the Department of Justice (“DOJ”) announced certain changes to the FCPA Corporate Enforcement Policy (“the Enforcement Policy” or “Policy”) to address issues that the DOJ had identified since its implementation.[1] These and other recent updates have since been codified in a revised Enforcement Policy in the Justice Manual.[2]
The Enforcement Policy, first announced by the DOJ in November 2017, was initially applicable only to violations of the FCPA, but was subsequently extended to all white collar matters handled by the Criminal Division.[3] The Policy was designed to encourage companies to voluntary self-disclose misconduct by providing more transparency as to the credit a company could receive for self-reporting and fully cooperating with the DOJ. Among other things, the Enforcement Policy provides a presumption that the DOJ will decline to prosecute companies that meet the DOJ’s requirement of “voluntary self-disclosure,” “full cooperation,” and “timely and appropriate remediation,” absent “aggravating circumstances” – i.e. relating to the seriousness or frequency of the violation. For more information on the Enforcement Policy, read our blog post explaining it here.
Continue Reading DOJ Updates FCPA Corporate Enforcement Policy
As discussed in Cleary Gottlieb’s December 21, 2018 Alert Memorandum, on December 18, 2018, the U.S. Court of Appeals for the D.C. Circuit issued an important ruling in In re Grand Jury Subpoena, holding, inter alia, that foreign state-owned corporations are subject to criminal jurisdiction in the United States and upholding Special Counsel
On December 18, 2018, the District of Columbia Circuit Court of Appeals issued an important ruling in In re Grand Jury Subpoena, holding that foreign state-owned corporations are subject to criminal jurisdiction in the United States and that the exceptions to sovereign immunity set forth in the Foreign Sovereign Immunities Act (the “FSIA”)[1] apply to criminal as well as to civil cases.[2] The court also rejected the foreign sovereign entity’s argument that it should be excused from complying with a subpoena because doing so would violate the law of the respondent’s country of incorporation. Although In re Grand Jury Subpoena arises in the context of enforcing a grand jury subpoena, its language and holding could potentially be extended to criminal prosecutions of a foreign state or state-owned entity.
Continue Reading D.C. Circuit Rules in Special Counsel Mueller Investigation That State-Owned Corporations Are Subject to Criminal Jurisdiction in the United States
On Friday, October 12, 2018, during remarks at the NYU School of Law Program on Corporate Compliance and Enforcement Conference on Achieving Effective Compliance, Assistant Attorney General Brian A. Benczkowski of the Department of Justice announced new guidance, issued on October 11, relating to the imposition and selection of corporate compliance monitors in Criminal Division
On August 24, 2018, the Second Circuit in United States v. Hoskins issued a decision limiting the FCPA’s reach, holding that foreign nationals who cannot be convicted as principals under the FCPA also cannot be held liable for conspiring to violate or aiding and abetting a violation of the statute. The decision, written by Judge
DOJ has expanded its efforts to give more concrete guidance to companies facing FCPA risk to M&A transactions and the question of successor liability. In a speech on July 25, 2018, at the American Conference Institute’s 9th Global Forum on Anti-Corruption Compliance in High Risk Markets, Deputy Assistant Attorney General Matthew S. Miner highlighted DOJ’s views on successor liability for FCPA violations by acquired companies.[1] Miner sought to clarify DOJ’s policy regarding the voluntary disclosure of misconduct by successor companies and to highlight the benefits of such disclosure as spelled out in the joint DOJ and SEC FCPA Resource Guide (the “Resource Guide”).[2] In general, as with other recent pronouncements and actions by DOJ, such as the FCPA Corporate Enforcement Policy,[3] Miner’s speech seemed intended to highlight ways in which firms can gain cooperation credit (up to and including a declination) in FCPA investigations.
Continue Reading DOJ Remarks Provide Guidance on Addressing FCPA Risk in M&A Transactions
On July 11, 2018 the U.S. Department of Justice (“DOJ”), Bureau of Consumer Financial Protection (“CFPB”), the Securities and Exchange Commission (“SEC”) and the Federal Trade Commission (“FTC”) announced the establishment of a new Task Force on Market Integrity and Consumer Fraud (the “Task Force”).[1] Deputy Attorney General Rod Rosenstein made the announcement on behalf of the Task Force, joined by Acting Director Mick Mulvaney of the CFPB, Chairman Jay Clayton of the SEC and Chairman Joe Simons of the FTC.
Continue Reading DOJ Announces New Inter-Agency Task Force on Market Integrity and Consumer Fraud