Earlier this month, the Supreme Court vacated and remanded a high-profile insider trading case, United States v. Blaszczak, to the Second Circuit “for further consideration in light of Kelly v. United States.”[1] Kelly is more commonly known as the “Bridgegate” decision, in which the Supreme Court restricted the application of federal fraud statutes to schemes seeking to obtain property, to the exclusion of schemes primarily targeting regulatory actions by government officials. In light of the remand, the Second Circuit will now reconsider its endorsement in Blaszczak of liability under Title 18 for a scheme targeting “political intelligence.”
Continue Reading Second Circuit to Reconsider the Scope of Insider Trading Prosecutions Under Federal Fraud Statutes After Supreme Court’s Bridgegate Decision
SDNY District Court Rules Foreign Sovereigns Are Not Immune From Criminal Jurisdiction In U.S. Court
On October 1, 2020, the SDNY District Court issued an important ruling in U.S. v. Halkbank, holding that foreign state-owned entities (“SOEs”) can be subject to criminal jurisdiction in the United States.
The Court denied the defendant Turkish state-owned bank’s motion to dismiss an indictment charging it with conspiracy, bank fraud, and money laundering
DOJ Charges Former Uber Executive for Alleged Role in Attempted Cover-Up of 2016 Data Breach
On August 20, 2020, the Department of Justice (“DOJ”) announced that it had charged Joseph Sullivan, the former Chief Security Officer (“CSO”) of Uber Technologies Inc. (“Uber”), with obstruction of justice and misprision of a felony for allegedly attempting to cover up Uber’s 2016 data incident during the course of an investigation by the Federal Trade Commission (“FTC”).
Continue Reading DOJ Charges Former Uber Executive for Alleged Role in Attempted Cover-Up of 2016 Data Breach
OCC Imposes $80 Million Penalty in Connection with Bank Data Breach
In a landmark enforcement action related to a bank data breach, the Office of the Comptroller of the Currency (“OCC”) assessed an $80 million civil monetary penalty and entered into a cease and desist order with the bank subsidiaries of Capital One on August 6, 2020. The actions follow a 2019 cyber-attack against Capital One. The Federal Reserve Board also entered into a cease and desist order with the banks’ parent holding company. The OCC actions represent the first imposition of a significant penalty against a bank in connection with a data breach or an alleged failure to comply with the OCC’s guidelines relating to information security.
Continue Reading OCC Imposes $80 Million Penalty in Connection with Bank Data Breach
Federal Court Compels Production of Data Breach Forensic Investigation Report
On June 25, 2020, a federal district court in the Eastern District of Virginia held that a bank must produce in discovery a report generated by its cybersecurity forensic investigator following a 2019 data breach involving unauthorized access to personal information of customers and individuals who had applied for accounts.[1] Even though the report was produced at the direction of outside counsel, the court rejected arguments that the forensic report is protected from disclosure by the work product doctrine. Instead, the court determined that the report was not produced primarily in anticipation of litigation based on several factors, including the similarity of the report to past business-related work product by the investigator and the bank’s subsequent use and dissemination of the report. This decision raises questions about the scope of work product protection for forensic expert and other similar reports in the context of an internal investigation.
Continue Reading Federal Court Compels Production of Data Breach Forensic Investigation Report
Supreme Court Puts the Brakes on the “Bridgegate” Scandal and Affirms That Property Must Be the Object of Federal Fraud Schemes
On May 7, 2020, the Supreme Court unanimously held in Kelly v. United States that the “Bridgegate” political retribution scheme did not violate the wire fraud or federal-program fraud statutes. Although the government proved that the defendants devised and facilitated the closing of multiple lanes of the George Washington Bridge in September 2013, resulting in
CISA Alert: North Korean Cyber Threat Poses Increased Risk for Financial Institutions
On April 15, 2020, the U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation issued an advisory alert providing guidance on the North Korean cyber threat and steps to mitigate that threat (the “Alert”).[1] The U.S. Government has repeatedly warned the private sector that North Korea, formally known as the Democratic People’s Republic of Korea (“DPRK”), routinely engages in malicious cyber activities and has specifically targeted financial institutions.
This Alert serves as a reminder, especially during this pandemic as businesses go remote and virtual to an unprecedented degree, that the cyber threat, including from the DPRK, remains a critical risk for all companies. Financial institutions in particular, a traditional target of North Korean cyber activity, should take steps to ensure they are protecting themselves from and responding effectively to malicious cyber intrusions.
Continue Reading CISA Alert: North Korean Cyber Threat Poses Increased Risk for Financial Institutions
Insider Trading Risk During the COVID-19 Outbreak
On March 20, 2020, news outlets reported that four U.S. Senators sold millions of dollars in stock following classified briefings to the Senate on the threat of a COVID-19 outbreak. Three days later, the Co-Directors of the Securities and Exchange Commission’s (“SEC”) Division of Enforcement, Stephanie Avakian and Steven Peikin, issued a statement reminding market participants of their obligations with respect to material non-public information (“MNPI”) and of the SEC’s commitment to protecting investors from fraud and ensuring market integrity.[1]
Continue Reading Insider Trading Risk During the COVID-19 Outbreak
Priorities, Trends and Developments in Enforcement and Compliance
The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2020”.
Enforcement of anti-bribery, sanctions and money laundering laws remains a top priority for US authorities. In 2019, the US Department of Justice and civil regulators issued new or updated policies aimed at
The CCPA Takes Shape with Proposed Regulations, as Companies are Encouraged to Comply by January 1
The final version of the California Consumer Privacy Act of 2018 is coming into view.
On October 10, California’s Attorney General released the long-anticipated draft regulations to implement the CCPA, and on October 12, the Governor signed into law five amendments to the CCPA passed during the 2019 legislative session. (We previously discussed the CCPA