Corporate Enforcement

Subscribe to Corporate Enforcement via RSS

On October 3, 2019, the governments of the United Kingdom and United States signed the first-ever executive agreement governing cross-border data requests (the “Agreement”) pursuant to the US Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”).[1]  As contemplated by the CLOUD Act, the Agreement provides a mechanism for the governments to access and share data stored abroad by electronic communications services providers (“CSP”) in their respective countries in a timely manner.  The Agreement will enter into effect following a 180 day Congressional review period required by the CLOUD Act and a similar review by the UK Parliament.   
Continue Reading United Kingdom and United States Governments Sign First-Ever CLOUD Act Agreement

Have the right policies in place

– Ensure clear, readily accessible, and (where necessary) country-specific policies are in place indicating the permitted uses of company devices and other IT equipment, including messaging services. If you allow employees to use their own devices to perform work, make sure your policies adequately address issues of access in the context of investigations.
Continue Reading Be Prepared: How to Proactively Account for Data Privacy

On September 18, 2019, the Securities and Exchange Commission (“SEC”) filed its first civil suit alleging violations of broker-dealer registration requirements in U.S. digital asset markets.  In a case filed in the U.S. District Court for the Central District of California, the SEC alleged that Defendants ICOBox and its founder, Nikolay Evdokimov, illegally conducted an unregistered public securities offering for their 2017 initial coin offering (“ICO”), and have operated an unregistered brokerage service facilitating the launch of ICOs in digital asset securities since 2017.
Continue Reading SEC Files First Suit Against Alleged Unregistered Broker-Dealer Operating in Digital Asset Markets

Many investigations, particularly those that are cross-border in nature, are likely to present data privacy issues, and managing these issues is frequently a key consideration in an investigation.  By keeping data privacy laws in mind as soon as an investigation starts, an organization will avoid the risk that it has failed to satisfy certain requirements, thereby exposing itself to the possibility of a fine or sanction from a regulator.
Continue Reading Incorporating Data Privacy Considerations Into Investigations

Companies that face non-public government investigations frequently confront challenging questions regarding whether and when to disclose the existence of the investigation, how much to disclose, and any duty to update the disclosure as the investigation proceeds. The SEC recently filed a settled complaint alleging that Mylan committed accounting and disclosure violations for failing to timely

When a company receives a request for information from an investigating authority, one initial issue is whether to cooperate with the request or to assume an adversarial (or at least non-cooperative) position.  Even if the company ultimately decides to contest the authority’s characterization of the conduct, it is often in the company’s best interest to agree to cooperate with the investigation and the authority’s requests (to the extent they are reasonable and lawful).  In this vein, there are three important ways to establish and maintain a cooperative posture with an investigating authority, while also protecting the company’s interests in the process.
Continue Reading Best Practices for Negotiating the Scope of an Investigative Request

One critical issue to consider in responding to an investigative request is whether by producing the requested data, the company will be waiving a privilege or violating legal confidentiality obligations, including data privacy restrictions.
Continue Reading Before You Press Send: Protecting Privilege and Complying With Limitations on Data Dissemination When Responding to an Investigative Request

The SFO recently released its much anticipated Corporate Co-Operation Guidance (the “Guidance”). It provides details of the types of behaviour expected by the SFO in order for an organisation to receive credit for its cooperation, including through the offer of a Deferred Prosecution Agreement (“DPA”) or by the SFO determining that it is not in

In what appears to be an industry-wide sweep involving American Depositary Receipts (“ADRs”), over the last few years the SEC has brought enforcement actions against 13 financial institutions – including depositary banks and brokers that borrow and lend “pre-released” ADRs.  On August 16, 2019, the SEC announced the latest of these actions against two brokers

Upon receiving a request for information from a governmental authority or other agency, it is critical to make early strategic decisions about how to respond to the request and effectively frame the scope of the inquiry.  Generally speaking, there are two overarching goals that typically inform a company’s strategy for responding to requests for information: (i) to provide the requesting authority the information it seeks as efficiently as possible while maintaining credibility and (ii) to appropriately frame and cabin the scope of inquiry to minimize the burden on the company.  To do so, the party receiving the request should first explore a number of foundational questions to understand the context of and motivation for the request.
Continue Reading Five Important Questions for Addressing an Investigative Request