As discussed in Cleary Gottlieb’s December 21, 2018 Alert Memorandum, on December 18, 2018, the U.S. Court of Appeals for the D.C. Circuit issued an important ruling in In re Grand Jury Subpoena, holding, inter alia, that foreign state-owned corporations are subject to criminal jurisdiction in the United States and upholding Special Counsel

On December 26, 2018, the SEC announced settled charges against ADT Inc. after finding that ADT, in two earnings releases, gave undue emphasis to non-GAAP adjusted EBITDA figures because they identified the relevant GAAP measures only later and much less prominently.

Without admitting or denying the SEC’s factual or legal claims, ADT agreed to an

On December 18, 2018, the District of Columbia Circuit Court of Appeals issued an important ruling in In re Grand Jury Subpoena, holding that foreign state-owned corporations are subject to criminal jurisdiction in the United States and that the exceptions to sovereign immunity set forth in the Foreign Sovereign Immunities Act (the “FSIA”)[1] apply to criminal as well as to civil cases.[2]  The court also rejected the foreign sovereign entity’s argument that it should be excused from complying with a subpoena because doing so would violate the law of the respondent’s country of incorporation.  Although In re Grand Jury Subpoena arises in the context of enforcing a grand jury subpoena, its language and holding could potentially be extended to criminal prosecutions of a foreign state or state-owned entity.

Continue Reading

On November 15, 2018, the Division of Enforcement (the “Division”) of the U.S. Commodity Futures Trading Commission (“CFTC”) released its Annual Report on the Division of Enforcement (the “Report”), highlighting the enforcement division’s recent initiatives and reinforcing its focus on cooperation and self-reporting.  The Report provides a succinct overview of the Division’s enforcement priorities over the last year, discusses its overall enforcement philosophy, sets out key metrics about the cases brought in the last year, and highlights its key initiatives for the coming year.  While the Division’s priorities—preserving market integrity, protecting customers, promoting individual accountability, and increasing coordination with other regulators and criminal authorities—do not mark a departure from prior guidance, the Report does highlight the Division’s particular focus on individual accountability and a few target areas of enforcement. 
Continue Reading

There have been plenty of press reports about the SEC’s settlement with Elon Musk arising from his tweeting about taking Tesla private.  But the concurrent settlement with Tesla itself provides interesting lessons for disclosure and governance at public companies.

Tesla agreed to pay a $20 million penalty and agreed to several “undertakings” to strengthen its governance and controls including a requirement that it add two independent directors to its Board.  And, under his own settlement, Musk agreed to step down for three years as chairman of the Board of Directors, although he is allowed to continue as CEO. 
Continue Reading

On October 15, 2018, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced a $16 million settlement with Anthem, Inc. over alleged violations of federal privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA).  The settlement resolves an investigation following a data breach that exposed protected health information of nearly 79 million people.  According to OCR, the incident is the largest health data breach to date in the United States and Anthem’s payment similarly represents the largest HIPAA settlement to date.  The settlement is consistent with OCR’s recent focus on enforcing regulatory requirements to conduct an accurate and thorough risk analysis and maintain appropriate mechanisms to monitor systems that contain protected health information and to control access to that information. It also highlights the agency’s distinct cybersecurity remediation approach.
Continue Reading

Last month, Guatemalan President Jimmy Morales effectively shut down the operation of the UN-operated International Commission against Impunity in Guatemala (called by its Spanish initials, “CICIG”) by declining to renew its mandate past its September 2019 expiration date and by barring the head of CICIG, Iván Velásquez, from re-entering the country.  CICIG, a uniquely independent organ of the United Nations (“U.N.”), was created in 2007 to support and assist Guatemalan institutions in identifying, investigating, and prosecuting public corruption.  Over the past decade, it has investigated nearly 200 public officials, and its efforts led to the prosecution and ultimate resignation of former Guatemalan President, Otto Pérez Molina.[1] 
Continue Reading

The £16.4 million fine imposed by the UK Financial Conduct Authority on Tesco Personal Finance plc provides a salutary lesson on the regulatory exposure associated with failing adequately to prepare for and respond to a cyber-attack – one of the FCA’s stated regulatory priorities.

The episode illustrates how cybersecurity failures can expose a business not

On September 27, 2018, in remarks delivered at the 5th Annual Global Investigations Review New York Live Event, Deputy Assistant Attorney General Matthew S. Miner reported on the accomplishments of the Department of Justice (“DOJ”) over the course of the last twelve months.  Importantly, he also discussed recent changes to the DOJ’s policies on prosecution of business organizations and how those changes have been implemented.[1]  Miner highlighted the DOJ’s efforts to incentivize and provide guidance to companies to self-report, cooperate and remediate corporate misconduct while underscoring the importance of robust compliance programs to detect and prevent wrongdoing and to obtain full credit in resolving investigations by the DOJ.
Continue Reading

On September 4, 2018, the Securities and Exchange Commission (“SEC”) announced a $25.2 million settlement with French pharmaceutical company Sanofi (“Sanofi” or the “Company”) for violating the books and records and internal controls provisions of the Foreign Corrupt Practices Act (“FCPA”) in connection with a scheme to bribe foreign officials to increase sales of Sanofi products.[2]  The Sanofi settlement encompasses conduct by three Sanofi subsidiaries organized in Kazakhstan, Lebanon and the United Arab Emirates (“UAE”).  The Sanofi settlement follows a recent enforcement action by U.S. authorities against another French company—Société Générale—for FCPA violations.[3]  In announcing the Sanofi resolution, the SEC signaled its intention to focus further on bribery risk in the pharmaceutical industry.
Continue Reading