On June 27, 2018, Equifax Inc., the credit reporting agency, agreed to implement stronger data security measures under a consent order with the New York State Department of Financial Services (“NYDFS”) and seven other state banking regulators.[1] The order imposes detailed duties on Equifax’s Board of Directors in response to criticisms raised by the regulators during an examination of Equifax’s cybersecurity and internal audit functions. The examination followed the company’s massive 2017 data breach, which exposed sensitive personal information of nearly 148 million customers. Equifax agreed to the order without admitting or denying any charges of “unsafe or unsound information security practices.”
Continue Reading State Regulators Reach Settlement With Equifax in Connection With Massive Data Breach
Divided Supreme Court Requires Warrants for Cell Phone Location Data
On June 22, 2018, the United States Supreme Court decided Carpenter v. United States, in which it held that the government must generally obtain a search warrant supported by probable cause before acquiring more than seven days of historical cell-site location information (“CSLI”) from a service provider. Noting “the deeply revealing nature of CSLI,
Recent District Court Decision on Applicability of FOIA to Siemens FCPA Monitorship Documents Provides Guidance on Scope of Possible Disclosures
On June 13, 2018, in its latest decision in a long-running litigation, the U.S. District Court for the District of Columbia considered the applicability of certain exemptions under the Freedom of Information Act (“FOIA”) to documents sought by journalists relating to the actions of the independent compliance monitor that Siemens AG was required to retain under the terms of its 2008 plea agreement for violations of the Foreign Corrupt Practices Act (the “FCPA”). Broadly speaking, although the court concluded that portions of the documents that related to Siemens’ business operations and the DOJ’s analysis of the monitor’s activities were exempted from disclosure, the court also required the DOJ to produce other portions of those materials and to reevaluate, based on the court’s decision, whether additional materials had to be disclosed. The decision, and the lengthy litigation over the application of FOIA to these materials, highlight the complexity of identifying the boundaries of the FOIA protection applicable to the typically sensitive and confidential information companies provide to compliance monitors and the risk that such information later will have to be disclosed once it is in the hands of the government.
Continue Reading Recent District Court Decision on Applicability of FOIA to Siemens FCPA Monitorship Documents Provides Guidance on Scope of Possible Disclosures
Deputy Attorney General Rosenstein Announces New Policy to Limit “Piling On” in Enforcement Actions
On May 9, Deputy Attorney General Rod J. Rosenstein provided remarks at the American Conference Institute’s 20th Anniversary New York Conference on the Foreign Corrupt Practices Act and announced a new policy designed to promote coordination and limit the imposition of multiple penalties on a company for the same conduct, which he referred to as
Acquittal of Former UBS Trader Signals Potential Challenges for Government’s Anti-Spoofing Initiative
On April 25, 2018, a jury in the United States District Court in Connecticut acquitted former UBS AG (“UBS”) trader Andre Flotron of conspiring to manipulate the precious metals futures market through “spoofing.” The verdict, the first acquittal in a criminal spoofing-related case since the practice was outlawed by the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) in 2010, reflects the difficulties the government faces in cracking down on the practice.
Continue Reading Acquittal of Former UBS Trader Signals Potential Challenges for Government’s Anti-Spoofing Initiative
DOJ Announces Expansion of Approach Encouraging Self Reporting and Cooperation
On March 1, 2018, U.S. Department of Justice (“DOJ” or the “Department”) officials announced that the Criminal Division is expanding the applicability of a policy that encourages corporate self-reporting and cooperation for violations of the Foreign Corrupt Practices Act (“FCPA”) to reach other types of non-corruption criminal cases. Speaking at the American Bar Association’s National Institute on White Collar Crime in San Diego, John Cronan, Acting Assistant Attorney General for the DOJ Criminal Division, and Benjamin Singer, Chief of the DOJ Securities and Financial Fraud Unit, told attendees that the Criminal Division will apply the FCPA Corporate Enforcement Policy (the “FCPA Enforcement Policy”) as nonbinding guidance in cases other than FCPA cases.
The FCPA Enforcement Policy, which was adopted in November 2017, provided additional guidelines regarding the credit the Department will provide to companies that self‑report FCPA violations and then cooperate with the resulting investigation – including a presumption that self-reporting companies will not be criminally charged. Expanding use of the FCPA Enforcement Policy signals the Department’s perception of its success and a further effort by DOJ to encourage companies to self-report and cooperate. It also provides important guidance for companies faced with a variety of different types of investigations regarding the treatment they can expect, and tools to advocate before the Department for more favorable resolutions.
Continue Reading DOJ Announces Expansion of Approach Encouraging Self Reporting and Cooperation
New DOJ Guidelines on Collecting Cloud–Based Data
In December 2017, the US Department of Justice, Criminal Division’s Computer Crime and Intellectual Property Section (“DOJ”) released guidance for law enforcement to follow when seeking data stored by an entity with a cloud service provider.[1] In short, DOJ suggests that prosecutors should seek data directly from the company, rather than its cloud service provider, so long as doing so will not compromise the investigation.
Continue Reading New DOJ Guidelines on Collecting Cloud–Based Data
Anti-Corruption Developments: A Look Back on 2017, and Ahead to 2018
This past year, which marked the 40th anniversary of the Foreign Corrupt Practices Act, saw significant anti-corruption developments in the United States and abroad, capped by the announcement of a new FCPA corporate enforcement policy by the U.S. Department of Justice. As the year began with a new administration, however, there was initially some uncertainty
The New DOJ FCPA Corporate Enforcement Policy Highlights the Continued Importance of Anti-Corruption Compliance
In a significant development for companies relating to the Foreign Corrupt Practices Act (FCPA), in late November the U.S. Department of Justice (DOJ) announced a new FCPA Corporate Enforcement Policy (the Enforcement Policy).[1]
The Enforcement Policy is designed to encourage companies to voluntarily disclose misconduct by providing greater transparency concerning the amount of credit the DOJ will give to companies that self-report, fully cooperate and appropriately remediate misconduct. Notably, in announcing the Enforcement Policy, the DOJ highlighted the continued critical role that anti-corruption compliance programs play in its evaluation of eligibility under the Enforcement Policy.
Continue Reading The New DOJ FCPA Corporate Enforcement Policy Highlights the Continued Importance of Anti-Corruption Compliance
The SEC Warns That Celebrity Endorsements of Virtual Currency May Violate Federal Securities Laws
The SEC has recently signaled an increased concern with the offerings and marketing of Initial Coin Offerings (“ICOs”),[1] which should be of interest to companies and institutions involved with ICOs. On November 1, 2017, the SEC Division of Enforcement and Office of Compliance Inspections and Examinations (“OCIE”) jointly issued a public statement warning celebrities