Global Crisis Management Series:  This post is part 1 in a series concerning topics further elaborated on in Cleary Gottlieb’s Global Crisis Management Handbook—a desk reference for spotting issues and avoiding common mistakes when faced with a crisis.  The current version is available here.

A company faced with a crisis needs to act quickly to assess and determine the scope of any potential liability in order to guide its first response and frame the forthcoming investigation.  Issues overlooked in the early phases of an investigation could prove very costly down the road, limiting options or potentially subjecting a company to greater penalties.  Understanding the full scope of potential liability early in an investigation allows a company to develop a plan of action through consideration of how such penalties can potentially be mitigated and whether it is sensible to set aside reserves for potential fines and other expenses associated with an investigation.  The severity of such penalties may also shed light on who needs to be informed, including for example, whether any public disclosures will be necessary.  Continue Reading Assessing Risks and Potential Liability in Responding to a Crisis

On May 15, 2019, the U.S. Securities and Exchange Commission (“SEC”) and the U.S. Commodity Futures Trading Commission (“CFTC”) announced that they entered into an Enhanced Multilateral Memorandum of Understanding Concerning Consultation and the Exchange of Information (“Enhanced MMoU”) under the auspices of the International Organization of Securities Commissions (“IOSCO”), along with nine other international financial regulators.[1]  Both the SEC and CFTC are already signatories to IOSCO’s predecessor memorandum of understanding with 121 other signatories.  However, the Enhanced MMoU provides for significant enhancements in cross-border enforcement cooperation—including the ability to compel testimony outside of the United States—that, if widely adopted, could increase the signatory regulators’ abilities to undertake (and coordinate) multilateral cross-border investigations. Continue Reading SEC and CFTC Chairs Sign Enhanced Multilateral Memorandum of Understanding Expanding Cross-Border Enforcement Cooperation

On May 6, 2019, the Financial Industry Regulatory Authority (“FINRA”) issued Regulatory Notice 19-18, addressing members’[1] anti-money laundering (“AML”) compliance programs.  This notice focused extensively on members’ monitoring for suspicious activities and subsequent suspicious activity report (“SAR”) filing obligations, providing 97 examples of “money laundering red flags” to securities industry market participants.  Where applicable to a members’ business operations, FINRA encouraged broker-dealers to take a “risk-based approach” to AML compliance and incorporate these red flags into their AML programs, even though the organization noted that merely doing so will not satisfy all obligations.  Where any red flags are detected, FINRA encouraged firms to consider whether “additional investigation, customer due diligence measures or a SAR filing may be warranted.”

Continue Reading FINRA Publishes AML Red Flags to Help Broker-Dealers Satisfy Suspicious Activity Monitoring and Reporting Requirements

On April 16, 2019, the U.S. Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert addressing all registered broker-dealers and investment advisers’ (together, “Firms”)[1] privacy-related obligations under Regulation S-P (“Reg S-P”).  The Risk Alert set out the most frequent Reg S-P deficiencies OCIE identified during examinations over the past two years, and encouraged registrants to review their written privacy policies and procedures as well as the consistency with which these policies and procedures have been implemented.  The Alert is the latest in a series of recent privacy and cybersecurity guidance documents issued by the SEC, including the February 2018 Commission Statement and Guidance on Public Company Cybersecurity Disclosures and October 2018 Report of Investigation on cyber-related frauds and public company accounting controls.

This Risk Alert is consistent with the SEC’s approach of seeking to influence the conduct of registrants by providing guidance on specific compliance issues, followed by Risk Alerts noting common exam deficiencies, prior to pursuing enforcement actions.  Investment advisers and broker-dealers should  take this as a prompt to review their relevant policies and procedures to ensure they are appropriate and being followed in practice. Continue Reading SEC Privacy Risk Alert may Foreshadow Upcoming Reg S-P Enforcement Against Broker-Dealers, Investment Advisers

On May 13, 2019, the Supreme Court issued its opinion in Cochise Consultancy, Inc. v. United States ex rel. Hunt with respect to the applicable statute of limitations in a FCA action in which the Government has declined to intervene.  The FCA sets forth two limitation periods applicable to FCA actions and provides that an action must be brought within the longer of either (i) within 6 years after the date on which the violation occurred; or (ii) within three years of the date when facts material to the right of action are known or reasonably should have been known by a relevant official of the United States.  In no event may an action be brought more than 10 years after the date on which the violation was committed.  The issues in Cochise Consultancy were whether the second, alternative, limitations period applies to an action in which the government has intervened and whether, if so, the relevant official includes the private relator.  These issues are important because, if the longer period applies, a relator can bring an action long after (and more than 3 years after) she learned of the FCA violation. Continue Reading Supreme Court Rules in Favor of Longer Time Limits for Non-intervened FCA Actions

On May 8, 2019, the Division of Enforcement of the Commodity Futures Trading Commission released an Enforcement Manual – the first public document of its kind from the Division.

Though the Manual does not reveal any significant shifts in policy, it will undoubtedly serve as an important resource for individuals and entities dealing with CFTC enforcement actions. The Division’s decision to publish an enforcement manual continues a trend of providing more public guidance regarding the Division’s enforcement practices and policies. In recent years, the CFTC has also asserted itself as an increasingly active enforcement authority, and this publication suggests that the Division intends that trend to continue.

Please click here to read the full alert memorandum.

On May 2, 2019, FINRA proposed new rules to designate “high-risk” firms and strengthen its ability to impose additional obligations on those firms.[1]

  • Proposed Rule 4111 would authorize FINRA to designate “Restricted Firms” based on the number of event disclosures made by the firm and its registered persons. Restricted Firms would be subject to limitations on their operations and could be required to maintain restricted deposits that could only be withdrawn with FINRA’s consent.
  • Proposed Rule 9559 would create an expedited appeals process, including a process for challenging a designation as a Restricted Firm and any obligations imposed.

FINRA expects that only a small number of large firms (500 or more registered representatives) would be affected by the proposed rules, and that only zero to two would have been impacted in any given year had the rules been effective from 2013-2018.[2]

Early signals from FINRA about this rulemaking generated concern that the standards would be overly subjective, leading to uncertainty in application.  We believe, however, that the proposed rules on balance reflect a reasonable, and largely objective, approach given FINRA’s stated goal to “impose tailored obligations” on those firms that “present heightened risk of harm to investors.”[3] Continue Reading FINRA Proposes Rules Targeting Firms With History of Misconduct

On May 2, 2019, the U.S. Department of the Treasury’s Office of Foreign Assets Control released “A Framework for OFAC Compliance Commitments”, providing general guidance on the elements OFAC considers to compose an effective sanctions compliance program.

Broadly, the framework endorses a risk-based approach to compliance (recognizing that no two compliance programs will be identical) and the need for a formal SCP that includes five essential components: management commitment, risk assessment, internal controls, testing and auditing, and training.  The Framework is not a regulatory requirement, nor does it prescribe specific controls; rather, it indicates the elements that OFAC will look for in evaluating a company’s compliance efforts in the context of any enforcement action.

The Framework also sets out prescriptive compliance commitments OFAC will seek in future enforcement actions, largely codifying commitments seen in recent settlements.

This memorandum summarizes the Framework and recent OFAC enforcement actions imposing compliance commitments.

On May 7, 2019, the Department of Justice issued formal guidance to DOJ’s False Claims Act litigators on the circumstances in which DOJ will grant credit for cooperation during FCA investigations.

The guidance explains the factors that DOJ considers in determining whether to award cooperation credit in FCA investigations and the types of credit available.

Please click here to read the full alert memorandum.

On May 2, 2019, the United States District Court for the Southern District of New York issued an important decision delineating the boundaries between conducting a proper internal investigation and acting as an arm of the government.

For the government, the consequences of “outsourcing” an investigation to a company and its counsel could be exclusion of evidence collected as a result of that internal investigation, including statements made by a company employee in an interview, or even dismissal of an indictment.

In United States v. Connolly, Chief Judge Colleen McMahon held that the Department of Justice, Commodity Futures Trading Commission (“CFTC”), and other agencies had effectively outsourced their investigation of potential LIBOR manipulation at Deutsche Bank to the bank and its lawyers and that as a consequence the Fifth Amendment rights of the former Deutsche Bank trader who was on trial, Gavin Black, were likely compromised when he was compelled under threat of termination to submit to an interview by Deutsche Bank’s external counsel.  The conviction was ultimately sustained, but only because the compelled statements were not used to obtain a conviction.  The ruling has potentially broad implications for conducting internal investigations because of the significant obligations that attach to those deemed to be government agents, even beyond the important Fifth Amendment rights at issue in Connolly.

Please click here to read the full alert memorandum.