On September 10, 2020, the Division of Enforcement (“Division”) of the Commodity Futures Trading Commission (“CFTC”) released guidance (“CFTC Guidance”) outlining factors the Division will consider when evaluating compliance programs in connection with enforcement actions. The CFTC Guidance ties into guidance released by the Division in May directing staff to consider an entity’s compliance program

On September 3, 2020, the Antitrust Division of the DOJ issued a revised Policy Guide to Merger Remedies, following shortly after it announced a reorganization of its civil enforcement to create an Office of Decree Enforcement and Compliance.

The Policy Guide to Merger Remedies largely codifies a trend towards strengthening of the Division’s preference

On August 20, 2020, the Department of Justice (“DOJ”) announced that it had charged Joseph Sullivan, the former Chief Security Officer (“CSO”) of Uber Technologies Inc. (“Uber”), with obstruction of justice and misprision of a felony for allegedly attempting to cover up Uber’s 2016 data incident during the course of an investigation by the Federal Trade Commission (“FTC”).
Continue Reading DOJ Charges Former Uber Executive for Alleged Role in Attempted Cover-Up of 2016 Data Breach

On August 21, the Financial Crimes Enforcement Network, together with the federal banking agencies, released a statement to clarify banks’ customer due diligence obligations for politically exposed persons. The Statement affirms that (i) there is no regulatory requirement, and no supervisory expectation, for banks’ Bank Secrecy Act / anti-money laundering programs to include “unique, additional

In a landmark enforcement action related to a bank data breach, the Office of the Comptroller of the Currency (“OCC”) assessed an $80 million civil monetary penalty and entered into a cease and desist order with the bank subsidiaries of Capital One on August 6, 2020.  The actions follow a 2019 cyber-attack against Capital One.  The Federal Reserve Board also entered into a cease and desist order with the banks’ parent holding company.  The OCC actions represent the first imposition of a significant penalty against a bank in connection with a data breach or an alleged failure to comply with the OCC’s guidelines relating to information security.
Continue Reading OCC Imposes $80 Million Penalty in Connection with Bank Data Breach

On June 25, 2020, a federal district court in the Eastern District of Virginia held that a bank must produce in discovery a report generated by its cybersecurity forensic investigator following a 2019 data breach involving unauthorized access to personal information of customers and individuals who had applied for accounts.[1]  Even though the report was produced at the direction of outside counsel, the court rejected arguments that the forensic report is protected from disclosure by the work product doctrine.  Instead, the court determined that the report was not produced primarily in anticipation of litigation based on several factors, including the similarity of the report to past business-related work product by the investigator and the bank’s subsequent use and dissemination of the report.  This decision raises questions about the scope of work product protection for forensic expert and other similar reports in the context of an internal investigation.
Continue Reading Federal Court Compels Production of Data Breach Forensic Investigation Report

On June 22, 2020, the Supreme Court held in Liu v. SEC that the Securities and Exchange Commission (“SEC”) may seek, and courts have the power to grant, disgorgement as an equitable remedy for violations of the securities laws. However, the Court also placed potentially important limitations on disgorgement, holding that—to qualify as an equitable

On April 20, OFAC issued COVID-related guidance indicating that it encourages those subject to its jurisdiction to contact the OFAC staff if they believe they will have difficulty meeting OFAC deadlines (whether reporting deadlines, responses to administrative subpoenas, or other matters).  OFAC also encouraged electronic submission of any communications.  In our experience, OFAC is still functioning at a relatively high level, remote operations notwithstanding, but the staff has also been flexible in responding to the challenges all institutions face.  As OFAC’s guidance and our own experience underline, open communication with the staff is very important.
Continue Reading OFAC Issues Guidance on COVID’s Impact on Compliance and Enforcement

On April 3, 2020, the SEC’s Chief Accountant, Sagar Teotia, issued a Statement on the Importance of High-Quality Financial Reporting in Light of the Significant Impacts of COVID-19 (the “OCA Statement”).  The OCA Statement emphasizes that while the SEC Office of the Chief Accountant (“OCA”) appreciates the challenging environment that companies and their auditors face in attempting to comply with their financial reporting obligations due to COVID-19[1], and will not second-guess their reasonable judgments, OCA expects financial reporting to continue to “provide investors with high-quality financial information.”  The OCA Statement also reaffirms OCA’s views on the importance of gatekeepers by pointing out the critical need for auditor independence in this uncertain economic environment.  In addition to this general theme, the OCA Statement contains several notable points that will have implications for companies in the current situation, both in preparing their financial statements, and in taking steps to mitigate litigation and enforcement risk.
Continue Reading SEC Chief Accountant Weighs in on Accounting Issues During the COVID-19 Outbreak

As the COVID-19 pandemic continues to rapidly unfold, with breathtaking effects on everyday life barely imaginable just weeks ago, enforcement agencies have responded with pronouncements prioritizing investigations into COVID-19-related frauds and have proceeded with some significant non-COVID-19 law enforcement actions likely planned before the full impact of the pandemic could have been predicted.  At the same time, enforcement agencies are having to respond to the same practical challenges and constraints that the rest of society and other large organizations around the world face.  They, like the rest of us, are facing severe travel restrictions, learning to work remotely, and dealing with colleagues and family members who are sick from the virus.  Over the coming weeks and months, enforcement agencies will be managing the COVID-19-focused enforcement priorities and moving forward with their existing matters, while they deal with the practical realities and uncertainties presented by the pandemic.
Continue Reading Law Enforcement Priorities and Practicalities During the COVID-19 Pandemic