Global Crisis Management Series:  This post is part 8 in a series concerning topics further elaborated on in Cleary Gottlieb’s Global Crisis Management Handbook—a desk reference for spotting issues and avoiding common mistakes when faced with a crisis.  The current version is available here.

U.S. whistleblower protections broadly provide public and private sector employees with protection from retaliation for reporting potential concerns about misconduct.  Companies that are ill-prepared to handle complaints internally not only face potential lawsuits from whistleblowers, but also open themselves up to substantial regulatory scrutiny and perhaps enforcement actions.  Continue Reading Five Building Blocks for Effective Internal Controls to Comply with U.S. Whistleblower Protections

In late July 2019, U.S. federal and state regulators announced three headline‑grabbing data privacy and cybersecurity enforcement actions against Equifax and Facebook.  Although coverage of these cases has focused largely on their striking financial penalties, as important are the terms the settlements imposed on the companies’ operations as well as their officers, directors, and compliance professionals—and what they signal about potential future enforcement activity to come. Continue Reading July 2019 Privacy and Cybersecurity Enforcement: Lessons for Management and Directors

Global Crisis Management Series:  This post is part 7 in a series concerning topics further elaborated on in Cleary Gottlieb’s Global Crisis Management Handbook—a desk reference for spotting issues and avoiding common mistakes when faced with a crisis.  The current version is available here.

While legal protections for whistleblowers in the United States were first adopted in the late 1970s for federal employees, statutory protections enacted in the last 20 years have substantially increased protection beyond the federal workforce to certain private-sector employees.  These protections create a number of potential issues for companies today, ranging from employee retaliation lawsuits to regulatory investigations.

This note provides a high-level description of the primary whistleblower legal protections in the United States today.  Companies are well-advised to keep these protections in mind as they implement and enhance their compliance programs.  The right policies and procedures—tailored to a company’s particular risk profile—can reduce the risk of whistleblower complaints and ensure that concerns are appropriately investigated internally and remediated as necessary to reduce costly and intrusive regulatory scrutiny.  Continue Reading Whistleblowers: Who Are They and Why Should You Care?

On July 25, 2019, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act” or the “Act”), which expands data breach notification obligations under New York law and for the first time imposes affirmative cybersecurity obligations on covered entities.

The Act makes five principal changes to existing New York law:

  1. Expanding the law’s jurisdiction to entities that maintain private information of New York residents, regardless of whether or not such entities actually conduct business within the State;
  2. Broadening the scope of “private information” triggering notification obligations in the event of a breach, including to biometric data;
  3. Expanding the definition of a “breach” to include unauthorized “access” to private information, in addition to unauthorized “acquisition” of such information;
  4. Increasing civil penalties for violations of notification obligations; and
  5. For the first time, affirmatively requiring covered businesses to develop, implement, and maintain “reasonable” data security safeguards, which include, among other things, conducting risk assessments and addressing identified risks.

The first four provisions go into effect on October 23, 2019, while the fifth provision requiring companies to adopt and maintain a cybersecurity compliance program becomes effective on March 21, 2020.

Please click here to read the full alert memorandum.

Global Crisis Management Series:  This post is part 6 in a series concerning topics further elaborated on in Cleary Gottlieb’s Global Crisis Management Handbook—a desk reference for spotting issues and avoiding common mistakes when faced with a crisis.  The current version is available here.

The overall success of an investigation depends on the flow of communications between those overseeing an investigation, those conducting it and the company’s relevant stakeholders.  As such, it is necessary to identify responsibilities and define the structure of communications at the outset of the investigation.  Continue Reading Dealing with an Investigation: Communication

Global Crisis Management Series:  This post is part 5 in a series concerning topics further elaborated on in Cleary Gottlieb’s Global Crisis Management Handbook—a desk reference for spotting issues and avoiding common mistakes when faced with a crisis.  The current version is available here.

Effectively dealing with a crisis often requires disclosure to government authorities, shareholders, and other stakeholders, even when many facts remain unknown.  Companies must toe a delicate line when assessing when, to whom, and how much to disclose, especially in the absence of complete information.  Continue Reading Disclosure and Notification Considerations When Managing a Crisis

On July 3, SEC Chairman Jay Clayton issued a statement signaling a policy change in SEC settlements and the consideration of applications for waiver of collateral consequences flowing from those settlements, such as the loss of certain significant procedural advantages in (or even outright exemption from) the securities registration process.[1]  In practice, this change could both streamline the process of settling enforcement actions with the SEC and provide additional certainty to settling entities, which, under the current regime, must decide whether to settle a matter before completing and knowing the outcome of negotiations over waivers. Continue Reading SEC to Allow Settling Parties to Submit Simultaneous Settlement Offers and Applications for Waiver from Disqualifications

Global Crisis Management Series:  This post is part 4 in a series concerning topics further elaborated on in Cleary Gottlieb’s Global Crisis Management Handbook—a desk reference for spotting issues and avoiding common mistakes when faced with a crisis.  The current version is available here.

Depending on the matter, data collection and management can be among the most daunting and logistically difficult tasks. Ensuring that the full relevant universe of data is being preserved and considered and that accurate recordkeeping is being performed is essential to managing large volumes of information and, in turn, facilitating fact-finding goals and risk assessment. Continue Reading Dealing with an Investigation: Data Collection and Management

Last month, Representative Jim Himes (D-Conn) and his co-sponsors, Representatives Carolyn B. Maloney (D-NY) and Denny Heck (D-WA), introduced H.R. 2534:  The Insider Trading Prohibition Act.  Unlike its substantially similar predecessor, H.R. 1625, which was introduced by Representative Himes on March 25, 2015, H.R. 2534 has gained some momentum in the U.S. House of Representatives, having been unanimously approved by the Financial Services Committee in May 2019.  Although the bill is only at the preliminary stage, if the proposal eventually proceeds further in the process of becoming law, it will represent a potentially significant shift in and clarification of U.S. insider trading laws. Continue Reading H.R. 2534: Insider Trading Prohibition Act – Congress Considers Enacting Changes to Insider Trading Law Under Section 10(b)

Last month, Representative Maxine Waters, Chair of the House Financial Services Committee, introduced a discussion draft of the “Bad Actor Disqualification Act of 2019” (the “Proposed Act”).  Similar to proposed legislation Rep. Waters introduced in 2015 and 2017, the effect of the Proposed Act, if passed, would be to dramatically increase the burdens on institutions seeking waivers from disqualifications under the federal securities laws, including those for Well-Known Seasoned Issuers (“WKSI”), certain exemptions from registering securities offerings, and protection from fraud claims predicated on forward-looking statements.  Indeed—given that the Proposed Act would require that all waiver applications be open to public comment and hearing and vote by the Securities and Exchange Commission (“Commission” or “SEC”), and that the Commission be barred from considering the “direct costs” of a denial to the applicant, but rather only the interests of the public, investors, and market integrity—the effect may be to essentially eliminate waiver applications and grants in all but the most severe cases.  The Proposed Act targets “the largest financial institutions on Wall Street,” which, unsurprisingly given their business models, request and receive a disproportionate share of waivers.  However, by its terms the Proposed Act applies more broadly to all issuers and is not limited to financial institutions.

Please click here to read the full alert memorandum.