Corporate Enforcement

Subscribe to Corporate Enforcement via RSS

There have been plenty of press reports about the SEC’s settlement with Elon Musk arising from his tweeting about taking Tesla private.  But the concurrent settlement with Tesla itself provides interesting lessons for disclosure and governance at public companies.

Tesla agreed to pay a $20 million penalty and agreed to several “undertakings” to strengthen its governance and controls including a requirement that it add two independent directors to its Board.  And, under his own settlement, Musk agreed to step down for three years as chairman of the Board of Directors, although he is allowed to continue as CEO. 
Continue Reading The Tesla Settlement – What It Means for Other Companies

On October 15, 2018, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced a $16 million settlement with Anthem, Inc. over alleged violations of federal privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA).  The settlement resolves an investigation following a data breach that exposed protected health information of nearly 79 million people.  According to OCR, the incident is the largest health data breach to date in the United States and Anthem’s payment similarly represents the largest HIPAA settlement to date.  The settlement is consistent with OCR’s recent focus on enforcing regulatory requirements to conduct an accurate and thorough risk analysis and maintain appropriate mechanisms to monitor systems that contain protected health information and to control access to that information. It also highlights the agency’s distinct cybersecurity remediation approach.
Continue Reading The U.S. Department of Health And Human Services Settles With Anthem for Record $16M Over Alleged HIPAA Violations

Last month, Guatemalan President Jimmy Morales effectively shut down the operation of the UN-operated International Commission against Impunity in Guatemala (called by its Spanish initials, “CICIG”) by declining to renew its mandate past its September 2019 expiration date and by barring the head of CICIG, Iván Velásquez, from re-entering the country.  CICIG, a uniquely independent organ of the United Nations (“U.N.”), was created in 2007 to support and assist Guatemalan institutions in identifying, investigating, and prosecuting public corruption.  Over the past decade, it has investigated nearly 200 public officials, and its efforts led to the prosecution and ultimate resignation of former Guatemalan President, Otto Pérez Molina.[1] 
Continue Reading Anti-Corruption in Guatemala: A Critical Moment for CICIG

The £16.4 million fine imposed by the UK Financial Conduct Authority on Tesco Personal Finance plc provides a salutary lesson on the regulatory exposure associated with failing adequately to prepare for and respond to a cyber-attack – one of the FCA’s stated regulatory priorities.

The episode illustrates how cybersecurity failures can expose a business not

On September 27, 2018, in remarks delivered at the 5th Annual Global Investigations Review New York Live Event, Deputy Assistant Attorney General Matthew S. Miner reported on the accomplishments of the Department of Justice (“DOJ”) over the course of the last twelve months.  Importantly, he also discussed recent changes to the DOJ’s policies on prosecution of business organizations and how those changes have been implemented.[1]  Miner highlighted the DOJ’s efforts to incentivize and provide guidance to companies to self-report, cooperate and remediate corporate misconduct while underscoring the importance of robust compliance programs to detect and prevent wrongdoing and to obtain full credit in resolving investigations by the DOJ.
Continue Reading DOJ Remarks Highlight Changes to White Collar Policy

On September 4, 2018, the Securities and Exchange Commission (“SEC”) announced a $25.2 million settlement with French pharmaceutical company Sanofi (“Sanofi” or the “Company”) for violating the books and records and internal controls provisions of the Foreign Corrupt Practices Act (“FCPA”) in connection with a scheme to bribe foreign officials to increase sales of Sanofi products.[2]  The Sanofi settlement encompasses conduct by three Sanofi subsidiaries organized in Kazakhstan, Lebanon and the United Arab Emirates (“UAE”).  The Sanofi settlement follows a recent enforcement action by U.S. authorities against another French company—Société Générale—for FCPA violations.[3]  In announcing the Sanofi resolution, the SEC signaled its intention to focus further on bribery risk in the pharmaceutical industry.
Continue Reading Sanofi Settles FCPA Charges With SEC for $25.2 Million

On August 27, 2018, the Securities and Exchange Commission (“SEC”) announced a $34.5 million settlement with investment management firm Legg Mason, Inc. (“Legg Mason” or the “Company”) for violating the internal controls provision of the Foreign Corrupt Practices Act (“FCPA”) in connection with a scheme to bribe Libyan government officials to secure investments from Libyan state-owned financial institutions.[1]  The SEC settlement follows a June 2018 non-prosecution agreement between Legg Mason and the U.S. Department of Justice (“DOJ”) regarding the same conduct.[2]  Under the non-prosecution agreement, Legg Mason agreed to pay $64.2 million.  The Legg Mason settlements reflect the increased focus of U.S. authorities on coordinating with other authorities in imposing penalties on a company, including not “piling on,” and the continued enforcement of the FCPA, while highlighting the potential risks under the FCPA of not having proper controls in place for assessing use of third party intermediaries.
Continue Reading Legg Mason Settles FCPA Charge with SEC for $34.5 Million

When the U.S. Department of Justice opened an investigation against Volkswagen AG (“VW“) and its subsidiaries Audi AG (“Audi”) and Volkswagen Group of America, VW instructed an international law firm to conduct an internal investigation and to represent it (i.e., only VW) before the U.S. Department of Justice.  The lawyers, including German lawyers based in the firm’s Munich office, conducted the internal investigation throughout the Volkswagen group.  Audi, though not a client of the law firm, allowed the internal investigation within its sphere and accessed the internal investigation’s findings via VW.  In January 2017, VW and the U.S. Department of Justice concluded a plea agreement covering 2.0 liter diesel engines designed and produced by VW and installed in VW and Audi vehicles and 3.0 liter engines designed and produced by Audi and installed in VW vehicles.
Continue Reading German Federal Constitutional Court: Seizure of Documents Relating to an Internal Investigation at German Office of International Law Firm Found Not to Violate Constitutional Rights

Yesterday the U.S. Department of Justice (“DOJ”) announced a non-prosecution agreement (“NPA”) with a Hong Kong-based subsidiary of Credit Suisse Group AG arising out of the so-called “princelings” scandals of recent years—the practice of hiring unqualified, but politically-connected, relatives of Chinese officials to garner business from state-owned firms.[1]  Per Credit Suisse’s admissions, “bankers discussed and approved the hiring of close friends and family of Chinese officials in order to secure business,” resulting in $46 million “in profits from business mandates with Chinese” state-owned enterprises.  As part of the resolution, Credit Suisse agreed to a $47 million criminal penalty, to continue to cooperate with DOJ, and to enhance its compliance program, including adopting additional controls around hiring.  In addition, Credit Suisse agreed to pay nearly $25 million in disgorgement and $4.8 million in prejudgment interest to the Securities and Exchange Commission (“SEC”).  In its press release, DOJ stated that it was giving Credit Suisse a 15 percent discount from the bottom end of the U.S. Sentencing Guidelines for its cooperation in the investigation, while also (as discussed more below) noting steps the firm did not take that worked to limit the amount of such cooperation credit.  While this is hardly the first of the “princelings” cases, it does demonstrate DOJ’s continued commitment to the cooperation framework it laid out in its FCPA Corporate Enforcement Policy (“Enforcement Policy”) late last year.[2]
Continue Reading Recent Settlement Highlights Cooperation Parameters Under the Department of Justice’s FCPA Corporate Enforcement Policy

On June 25, 2018, the Second Circuit amended its opinion in United States v. Martoma, an insider trading case that has received significant attention as a vehicle to clarify the “personal benefit” element of tippee liability in insider trading cases in the Second Circuit.  While the Second Circuit again upheld the insider trading conviction of former S.A.C. Capital Advisors portfolio manager Mathew Martoma, this time it appears to have breathed life back into its “meaningfully close personal relationship” requirement for establishing insider trading liability against an individual who receives and trades on confidential information (a “tippee”).  Those  following the evolution of insider trading doctrine should pay close attention to lower courts’ interpretations of the “meaningfully close personal relationship” test, and what prosecutors must show to satisfy this requirement, in the wake of Martoma.
Continue Reading Second Circuit Potentially Revives Newman’s “Meaningfully Close Personal Relationship” Test, Amends Martoma Decision