On November 28, 2022, the Council of the European Union (EU) gave final approval to implement the EU Corporate Sustainability Reporting Directive (CSRD), ushering in a new, expanded environmental, social, and corporate governance (ESG) disclosure regime for many companies with a connection to Europe. In 2025, the CSRD will require many companies to file reports disclosing certain information for the 2024 fiscal year. Companies should review the CSRD disclosure requirements now to understand the scope of their obligations.  

Continue Reading The ESG Disclosure Wave: Final Approval for the EU’s Corporate Sustainability Reporting Directive

The U.S. Department of Justice (DOJ) recently released new guidance announcing several policy changes to further strengthen and clarify its approach to prosecuting corporate crime. The guidance, released through a memorandum by Deputy Attorney General Lisa Monaco (the Monaco Memo), instructs prosecutors about factors to consider when evaluating corporate cooperation and compliance programs in the context of potential criminal resolutions.

Notably, the Monaco Memo advises that “prosecutors should consider whether the corporation has implemented effective policies and procedures governing the use of personal devices and third-party messaging platforms to ensure that business-related electronic data and communications are preserved.” This guidance is applicable to all third-party text and social media messaging platforms, and it is especially significant given the recent proliferation of business use of ephemeral messaging applications that provide an option to have messages automatically disappear from a recipient’s conversation history.

Companies would be wise to promptly review their business communications policies and procedures, in light of both possible DOJ oversight, as well as emerging privacy, security, and employment law scrutiny.

Continue Reading Recent DOJ Guidance on Personal Devices and Third-Party Messaging Applications Applies to Any Company DOJ May Scrutinize

Just this week, the Securities and Exchange Commission announced its enforcement results from fiscal year 2022. The Commission recovered a record $6.4 billion in penalties and disgorgement from companies and individuals. The announcement touted the 760 total enforcement actions in FY 2022—a nine percent increase from the year before—and summarized areas of innovation and growth within the Enforcement Division. Two such areas are familiar refrains that are worth highlighting: (1) the SEC leveraging its investigative process—emphasizing its use of data analytics—to identify suspicious activity; and (2) its penalties against “gatekeepers” (i.e., individuals and companies who owe a heightened duty of trust and responsibility to clients and investors).

Continue Reading Play it again, SEC: Two Familiar Refrains from the FY 2022 Enforcement Results

On October 18, 2022, the Department of Justice (DOJ) announced a guilty plea by Lafarge, S.A., a French building materials company, and its Syria-based subsidiary, for providing material support to designated Foreign Terrorist Organizations. The case represents the first criminal prosecution of a company for providing material support to terrorism and demonstrates that the agency is putting teeth behind its recent pronouncements that that it will prioritize national security-related investigations.

Last year, the DOJ announced that one of the agency’s top priorities was fighting corporate crime, with an enhanced focus on national security issues.  As Deputy Attorney General Lisa Monaco explained, “[c]orporate crime has an increasing national security dimension — from the new role of sanctions and export control cases to cyber vulnerabilities that open companies up to foreign attacks.” In September 2022, the DOJ updated its enforcement guidance, notably confirming that misconduct posing a grave threat to national security will be an aggravating factor in deciding whether to take enforcement action in corporate criminal matters. The Lafarge case and other recent enforcement actions highlight the DOJ’s commitment to these principles and portend heightened focus on prosecuting corporations whose compliance and oversight missteps result in threats to U.S. national security.

Continue Reading DOJ Continues to Prioritize National Security-Related Cases with First Corporate Terrorism Support Prosecution

On September 27, 2022, the United States Securities and Exchange Commission (SEC) announced a settlement with Oracle Corporation (Oracle) to resolve allegations that its subsidiaries in India, Turkey, and the United Arab Emirates violated the Foreign Corrupt Practices Act (FCPA) by creating off-the-books slush funds and using those slush funds to bribe foreign government officials.

Without admitting or denying the SEC’s findings, Oracle agreed to cease and desist from violating the anti-bribery, books and records, and accounting provisions of the FCPA and to pay approximately $8 million in disgorgement and a $15 million penalty.

Notably for both attorneys and companies, the SEC’s order provides insights into how to design an effective corporate compliance program to minimize legal risk, including FCPA risk.

The SEC’s Findings

The SEC found that, from at least 2014 to 2019, Oracle’s subsidiaries in India, Turkey, and the United Arab Emirates “used discount schemes and sham marketing reimbursement payments” to finance slush funds, which were held by Oracle’s “channel partners” (i.e., distributors and resellers) in those markets. The subsidiaries transacted through these channel partners during the relevant period under Oracle’s indirect sales model, by which channel partners sell Oracle products to end customers. According to the SEC, the subsidiaries and the complicit channel partners used the slush funds—which employees of the subsidiaries referred to as the “buffer,” “moneybox,” “pool,” and “wallet”—to bribe government officials in return for business. Specifically, the SEC determined that, among other things, (i) employees of Oracle Turkey and Oracle UAE used slush funds to pay for travel for government officials, including to Oracle’s annual technology conference in California; (ii) an Oracle Turkey employee directed cash bribes to government officials; (iii) an Oracle UAE employee paid approximately $130,000 in bribes to the chief technology officer of a state-owned entity (SOE) in return for six contracts in 2018 and 2019; (iv) Oracle India employees funneled $330,000 to an entity known for paying government officials; and (v) an Oracle India employee maintained a spreadsheet indicating that $67,000 was available to make payments to a government official.

Continue Reading Key Compliance Takeaways from Oracle’s $23M FCPA Settlement with the SEC

The U.S. Securities and Exchange Commission (SEC) is putting some muscle behind Regulation Best Interest (Reg BI). On June 16, 2022, nearly two years after Reg BI went into effect, the SEC filed its first federal lawsuit to enforce the rule against a broker-dealer and its registered representatives.

The SEC sued Western International Securities, Inc. (Western), a dually registered broker-dealer and investment advisor, along with five of its registered representatives, in the U.S. District Court for the Central District of California for allegedly violating Reg BI’s care obligation; the defendants allegedly recommended certain high-risk, speculative bonds to retail customers without themselves fully understanding the associated asset risks and without establishing how the investments served the customers’ best interests. The SEC also charged Western with violating its compliance obligation under Reg BI for allegedly failing to maintain adequate policies and procedures and other controls.

The fact that the SEC sued registered representatives — notwithstanding allegations that their firm had inadequate internal controls and policies —  is a strong statement that individuals must use their best judgment to make their own independent inquiries and determinations about the products they recommend to their clients. Registered representatives cannot hide behind their firm’s guidance and control failures to escape primary liability under Reg BI.

Continue Reading SEC’s First Reg BI Lawsuit Takes Strong Position on Individual Liability

On September 29, 2022, the Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) issued its highly anticipated Final Rule implementing the beneficial ownership information (“BOI”) reporting requirements of the Corporate Transparency Act (“CTA”) legislation. The Final Rule brings about the most significant revisions to the U.S. anti-money laundering/countering the financing of terrorism (“AML/CFT”) compliance framework in more than 20 years, implementing sweeping beneficial ownership disclosure requirements applicable to all U.S. companies and foreign companies doing business with or within the U.S.

The Final Rule generally tracks FinCEN’s earlier Proposed Rule from December 7, 2021, discussed in our prior article here, although there have been a few amendments to the earlier proposal. Below we provide a brief summary of key provisions and takeaways from the Final Rule, which goes into effect on January 1, 2024.

Continue Reading FinCEN Issues Highly Anticipated Final Rule on Beneficial Ownership Reporting under the Corporate Transparency Act

On September 15, 2022, Deputy Attorney General (DAG) Lisa Monaco, announced several significant policy updates impacting the U.S. Department of Justice’s (DOJ) enforcement practices for both corporations and individuals. Speaking to attendees at the NYU Program on Corporate Compliance and Enforcement (PCCE), DAG Monaco detailed a series of initiatives, some of which appear to have emerged from the Corporate Crime Advisory Group formed last fall to conduct a full-scale review of the DOJ’s corporate enforcement efforts. The DOJ simultaneously released a memorandum outlining the guidance announced by DAG Monaco. 

The new guidance bolsters enforcement priorities that DAG Monaco has emphasized over the past year. As discussed in further detail below, the Department’s policy updates are substantive and have significant ramifications on both the individual and corporate level, including: (1) continued focus on individual accountability; (2) enhanced policies to predictably reward voluntary self-disclosure; (3) further clarity on the impact of corporate recidivism considerations on negotiated resolutions with the DOJ; and (4) new metrics for evaluating effective corporate compliance, including compliance conscious compensation structures and policies on the use of personal devices and third party messaging applications.

Continue Reading DOJ Announces Sweeping Policy Updates Targeting Corporate Criminal Enforcement and Individual Accountability

The DOJ recently garnered a win in its spoofing case against two precious metals traders who prosecutors alleged had engaged in widespread market manipulation and fraud through a practice known as “spoofing.” But the verdict is also in on the DOJ’s novel attempt utilize racketeering charges against traders accused of spoofing: the jury found the defendants not guilty of the alleged RICO violations. While the case highlights the DOJ’s continued crackdown on market manipulation schemes, it also illustrates the limits of the government’s reach.

Background

The DOJ’s case against the traders dates back to 2019, when prosecutors unveiled sweeping charges alleging that the traders had engaged in thousands of deceptive trading sequences for gold, silver, platinum, and palladium futures contracts between May 2008 and August 2016.  The DOJ alleged that by engaging in these practices, the traders violated the Commodity Exchange Act’s anti-spoofing provisions, which prohibit disruptive trading practices, including “bidding or offering with the intent to cancel the bid or offer before execution.” 

However, in addition to the usual spoofing and other financial crime-related offenses, the indictment charged the traders with a racketeering conspiracy.  When the indictment became public back in 2019, commentators predicted that the DOJ’s inclusion of RICO charges could make the government’s case simpler to prove.  Instead of convincing the jury through a complicated series of orders, cancellations, price movements, and trades (i.e., the typical evidence used to establish a pattern of spoofing), the path to conviction under the RICO Act was supposed to be more straightforward.  In this case, the indictment alleged that “the defendants and their co-conspirators were members of an enterprise—namely, the precious metals desk at [the bank]—and conducted the affairs of the desk through a pattern of racketeering activity, specifically, wire fraud affecting a financial institution and bank fraud.”

Continue Reading DOJ Secures Spoofing Conviction, but Loses on Novel RICO Charges