Compliance, Enforcement, and Risk Management Posts
With 2019 coming to a close, we wanted to take a look at what can be learned from the FTC’s cybersecurity enforcement actions this year. As we have previously noted, the FTC came under criticism last year in the LabMD decision for not providing companies with sufficient clarity as to what it expects in terms of their cybersecurity measures.
DOJ Announces Revised Export Control and Sanctions Enforcement Policy for Companies, Including Financial InstitutionsH. Christopher Boehning, Jessica S. Carey, Christopher D. Frey, Michael E. Gertzman, Roberto J. Gonzalez, Brad S. Karp, Mark F. Mendelsohn, Richard S. Elliott, Karen R. King and Anand Sithian
On December 13, the U.S. Department of Justice’s National Security Division announced a new policy designed to encourage business organizations to make voluntary self-disclosures to the DOJ in connection with potentially willful export control and economic sanctions violations.
Headwinds and Shifting Priorities: Beyond the Numbers in the SEC Enforcement Division’s 2019 Annual ReportRobin M. Bergen, Matthew C. Solomon, Alex Janghorbani, Jenny Paul and Samuel H. Chang
On November 6, 2019, the SEC’s Division of Enforcement released its annual report (the “Report”) describing its enforcement actions from fiscal year 2019.
Privacy regulators increasingly are prescribing rules around third-party vendor and data processing management. As of March 1, 2019, for instance, New York’s Department of Financial Services (NYDFS) requires that Covered Entities establish policies and procedures for assessing the risks posed by vendors, determining minimum cybersecurity and privacy practices, conducting due diligence, and following up with periodic assessments.
On Nov. 5, the U.S. Department of Justice issued a press release announcing the formation of the new Procurement Collusion Strike Force (PCSF) focusing on deterring, detecting, investigating and prosecuting antitrust crimes.
The NBA is reportedly going to even greater lengths to ensure that teams won’t tamper with players and their agents.
This article demonstrates the central role that the law controlling corporate investigations plays in determining the effects of corporate criminal liability and enforcement policies.
The Securities and Exchange Commission announced that it canceled its meeting to vote on controversial rule changes to its whistle-blower program.
During its meeting in New York City on October 17 and 18, the ALI Council reviewed drafts for seven Institute projects. Drafts or portions of drafts for six projects received Council approval, subject to the meeting discussion and to the usual prerogative to make nonsubstantive editorial improvements.
On April 30, 2019, the U.S. Department of Justice (“DOJ”), Criminal Division, released updated guidance to DOJ prosecutors on how to assess corporate compliance programs when conducting an investigation, in making charging decisions, and in negotiating resolutions. This guidance emphasizes DOJ’s laser focus on compliance programs, requiring companies under investigation to carefully evaluate, test, and likely upgrade their programs well before the investigation is over.