On October 1, 2020, the SDNY District Court issued an important ruling in U.S. v. Halkbank, holding that foreign state-owned entities (“SOEs”) can be subject to criminal jurisdiction in the United States.

The Court denied the defendant Turkish state-owned bank’s motion to dismiss an indictment charging it with conspiracy, bank fraud, and money laundering

On September 17, 2020, SEC Commissioner Hester Peirce gave a speech that focused on potential issues raised by investment advisers that—while purporting to follow environmental, social and governance (“ESG”)-labeled investment strategies—did not, in Commissioner Peirce’s words, “walk the ESG walk.”[1]  Her comments are the latest reminder that, while the SEC has continued to struggle with whether to mandate specific ESG disclosures, there seems to be consensus behind the SEC’s focus on determining whether advisers’ disclosures concerning ESG are sufficiently accurate and understandable.  Thus, asset managers would be well served to review and, where warranted, enhance their ESG-related disclosures and compliance policies in an area where the SEC’s Enforcement Division may well be looking to bring cases.
Continue Reading Despite Disagreements, SEC Commissioners Emphasize Need for Clear Disclosure by ESG Funds

On September 15, 2020, the Securities and Exchange Commission issued a cease‑and‑desist order against Unikrn, Inc. concerning its 2017 initial coin offering  of UnikoinGold .  The SEC found that the Unikrn ICO violated the prohibition in Section 5 of the Securities Act of 1933 against the unregistered public offer or sale of securities.  The SEC imposed several remedies, including requiring Unikrn to permanently disable the UnikoinGold token and a civil money penalty of $6.1 million.
Continue Reading SEC Issues Enforcement Action Against Unikrn, Inc. for its ICO, Prompting Rare Public Dissent from Commissioner Hester Peirce

On September 10, 2020, the Division of Enforcement (“Division”) of the Commodity Futures Trading Commission (“CFTC”) released guidance (“CFTC Guidance”) outlining factors the Division will consider when evaluating compliance programs in connection with enforcement actions. The CFTC Guidance ties into guidance released by the Division in May directing staff to consider an entity’s compliance program

On September 3, 2020, the Antitrust Division of the DOJ issued a revised Policy Guide to Merger Remedies, following shortly after it announced a reorganization of its civil enforcement to create an Office of Decree Enforcement and Compliance.

The Policy Guide to Merger Remedies largely codifies a trend towards strengthening of the Division’s preference

On August 20, 2020, the Department of Justice (“DOJ”) announced that it had charged Joseph Sullivan, the former Chief Security Officer (“CSO”) of Uber Technologies Inc. (“Uber”), with obstruction of justice and misprision of a felony for allegedly attempting to cover up Uber’s 2016 data incident during the course of an investigation by the Federal Trade Commission (“FTC”).
Continue Reading DOJ Charges Former Uber Executive for Alleged Role in Attempted Cover-Up of 2016 Data Breach

On August 21, the Financial Crimes Enforcement Network, together with the federal banking agencies, released a statement to clarify banks’ customer due diligence obligations for politically exposed persons. The Statement affirms that (i) there is no regulatory requirement, and no supervisory expectation, for banks’ Bank Secrecy Act / anti-money laundering programs to include “unique, additional

In a landmark enforcement action related to a bank data breach, the Office of the Comptroller of the Currency (“OCC”) assessed an $80 million civil monetary penalty and entered into a cease and desist order with the bank subsidiaries of Capital One on August 6, 2020.  The actions follow a 2019 cyber-attack against Capital One.  The Federal Reserve Board also entered into a cease and desist order with the banks’ parent holding company.  The OCC actions represent the first imposition of a significant penalty against a bank in connection with a data breach or an alleged failure to comply with the OCC’s guidelines relating to information security.
Continue Reading OCC Imposes $80 Million Penalty in Connection with Bank Data Breach

On June 25, 2020, a federal district court in the Eastern District of Virginia held that a bank must produce in discovery a report generated by its cybersecurity forensic investigator following a 2019 data breach involving unauthorized access to personal information of customers and individuals who had applied for accounts.[1]  Even though the report was produced at the direction of outside counsel, the court rejected arguments that the forensic report is protected from disclosure by the work product doctrine.  Instead, the court determined that the report was not produced primarily in anticipation of litigation based on several factors, including the similarity of the report to past business-related work product by the investigator and the bank’s subsequent use and dissemination of the report.  This decision raises questions about the scope of work product protection for forensic expert and other similar reports in the context of an internal investigation.
Continue Reading Federal Court Compels Production of Data Breach Forensic Investigation Report

On June 22, 2020, the Supreme Court held in Liu v. SEC that the Securities and Exchange Commission (“SEC”) may seek, and courts have the power to grant, disgorgement as an equitable remedy for violations of the securities laws. However, the Court also placed potentially important limitations on disgorgement, holding that—to qualify as an equitable