As discussed in Cleary Gottlieb’s December 21, 2018 Alert Memorandum, on December 18, 2018, the U.S. Court of Appeals for the D.C. Circuit issued an important ruling in In re Grand Jury Subpoena, holding, inter alia, that foreign state-owned corporations are subject to criminal jurisdiction in the United States and upholding Special Counsel
Second Circuit Denies Gupta Appeal of Insider Trading Conviction—Continuing to Give Broad Meaning to “Personal Benefit” Requirement
On January 11, the Second Circuit Court of Appeals denied the appeal of Rajat Gupta, who was seeking to undo his insider trading conviction. Relying on the Second Circuit’s decision in United States v. Newman, Gupta argued that—to satisfy the requirement that Gupta personally benefit from tipping inside information—the Government must show “a quid pro quo – in which [Gupta] receive[d] an ‘objective, consequential . . . gain of a pecuniary or similarly valuable nature.’”[1] In other words—intangible benefits should not, standing alone, constitute a personal benefit sufficient to uphold a criminal conviction. The Second Circuit rejected this argument, finding that the Supreme Court’s decisions in Dirks v. SEC and Salman v. United States foreclosed such a narrow definition of “benefit,” opting instead for a test that looked at “varying sets of circumstances”—including those that involve indirect, intangible, and nonquantifiable gains, such as an anticipated quid quo pro that can be inferred from an ongoing, business relationship—to satisfy the “personal benefit” test.[2] This case is the latest in a line of decisions—in the Supreme Court, as well as the Second and Ninth Circuits—to reject defendants’ arguments for a narrow definition of the “personal benefit” element of insider trading law based on Newman.
Continue Reading Second Circuit Denies Gupta Appeal of Insider Trading Conviction—Continuing to Give Broad Meaning to “Personal Benefit” Requirement
FINRA Provides Updated Cybersecurity Guidance to Broker-Dealer Firms
On December 20, 2018, the Financial Industry Regulatory Authority (“FINRA”) released a Report on Selected Cybersecurity Practices for broker-dealer firms. This report reflects FINRA’s current perspective on the cybersecurity threat landscape based on observations from its examinations of securities firms. Below we discuss the report’s key observations and contextualize these insights for members of the financial industry.
Continue Reading FINRA Provides Updated Cybersecurity Guidance to Broker-Dealer Firms
D.C. Circuit Rules in Special Counsel Mueller Investigation That State-Owned Corporations Are Subject to Criminal Jurisdiction in the United States
On December 18, 2018, the District of Columbia Circuit Court of Appeals issued an important ruling in In re Grand Jury Subpoena, holding that foreign state-owned corporations are subject to criminal jurisdiction in the United States and that the exceptions to sovereign immunity set forth in the Foreign Sovereign Immunities Act (the “FSIA”)[1] apply to criminal as well as to civil cases.[2] The court also rejected the foreign sovereign entity’s argument that it should be excused from complying with a subpoena because doing so would violate the law of the respondent’s country of incorporation. Although In re Grand Jury Subpoena arises in the context of enforcing a grand jury subpoena, its language and holding could potentially be extended to criminal prosecutions of a foreign state or state-owned entity.
Continue Reading D.C. Circuit Rules in Special Counsel Mueller Investigation That State-Owned Corporations Are Subject to Criminal Jurisdiction in the United States
SEC Investigative Report Urges Public Companies to Guard Against Cyber Threats When Implementing Internal Accounting Controls
On October 16, 2018, the Securities and Exchange Commission released a Report of Investigation that cautioned public companies to consider cyber threats when designing and implementing internal accounting controls. The report was based on an investigation of nine victims of email cyber-fraud schemes for potentially failing to have adequate internal accounting controls, in violation of the Securities Exchange Act of 1934. The report highlights the need for companies to reassess their controls in light of the current cybersecurity risk environment. By describing the remedial steps taken by the investigated companies, it further provides guidance about the key areas that companies should consider when assessing their own policies and procedures.
Continue Reading SEC Investigative Report Urges Public Companies to Guard Against Cyber Threats When Implementing Internal Accounting Controls
DOJ Announces New Inter-Agency Task Force on Market Integrity and Consumer Fraud
On July 11, 2018 the U.S. Department of Justice (“DOJ”), Bureau of Consumer Financial Protection (“CFPB”), the Securities and Exchange Commission (“SEC”) and the Federal Trade Commission (“FTC”) announced the establishment of a new Task Force on Market Integrity and Consumer Fraud (the “Task Force”).[1] Deputy Attorney General Rod Rosenstein made the announcement on behalf of the Task Force, joined by Acting Director Mick Mulvaney of the CFPB, Chairman Jay Clayton of the SEC and Chairman Joe Simons of the FTC.
Continue Reading DOJ Announces New Inter-Agency Task Force on Market Integrity and Consumer Fraud
State Regulators Reach Settlement With Equifax in Connection With Massive Data Breach
On June 27, 2018, Equifax Inc., the credit reporting agency, agreed to implement stronger data security measures under a consent order with the New York State Department of Financial Services (“NYDFS”) and seven other state banking regulators.[1] The order imposes detailed duties on Equifax’s Board of Directors in response to criticisms raised by the regulators during an examination of Equifax’s cybersecurity and internal audit functions. The examination followed the company’s massive 2017 data breach, which exposed sensitive personal information of nearly 148 million customers. Equifax agreed to the order without admitting or denying any charges of “unsafe or unsound information security practices.”
Continue Reading State Regulators Reach Settlement With Equifax in Connection With Massive Data Breach
Divided Supreme Court Requires Warrants for Cell Phone Location Data
On June 22, 2018, the United States Supreme Court decided Carpenter v. United States, in which it held that the government must generally obtain a search warrant supported by probable cause before acquiring more than seven days of historical cell-site location information (“CSLI”) from a service provider. Noting “the deeply revealing nature of CSLI,
Supreme Court Holds Mandatory Federal Restitution Statute Does Not Cover Certain Professional Costs Incurred by Corporate Victims
On May 29, 2018, the U.S. Supreme Court issued an unanimous opinion in Lagos v. United States. Lagos presented the issue of whether costs incurred during and as a result of a corporate victim’s investigation (rather than a governmental investigation) must be reimbursed by a criminal defendant under the Mandatory Victims Restitution Act (“MVRA”).
Yahoo’s Successor Settles First-Ever Case Involving SEC Charges for Failing to Disclose a Cybersecurity Incident
On April 24, 2018, Altaba, formerly known as Yahoo, entered into a settlement with the Securities and Exchange Commission (the “SEC”), pursuant to which Altaba agreed to pay $35 million to resolve allegations that Yahoo violated federal securities laws in connection with the disclosure of the 2014 data breach of its user database. The case