Subject to Inquiry

Subject to Inquiry

White Collar, Congressional, SEC, Energy Enforcement & Other Government Inquiries

Government, Regulatory & Criminal Investigations Group
CFPB, Financial Regulation, Identity Theft

White House Proposes Expansive Data Breach Notification Bill

Last week, President Obama proposed wide-reaching legislation to establish a uniform, nationwide standard for data breach notifications that envisions a significant enforcement role for the Consumer Financial Protection Bureau (CFPB). The proposal, titled the Personal Data Notification and Protection Act, can be found here. In terms of the types of covered data, the White House proposal significantly expands on prior breach notification bills. The proposal, however, includes certain exemptions from the individual notice requirements that apply to small businesses and to breaches that do not pose a reasonable risk of harm to the affected individuals. The proposal designates the Federal Trade Commission (FTC) as the primary enforcement agency with broad rulemaking authority, but requires the FTC to coordinate with the CFPB where the data breach relates to “financial information or information associated with the provision of financial products or services.” The proposal would also preempt state law data breach notice procedures.

The President’s bill broadly defines the categories of covered data and further groups them into data that is sensitive on its own, or sensitive in combination with other data elements. The result is a proposal that applies to a wider range of data breaches as compared to prior, similar bills. For example, in a departure from previous bills, the White House proposal requires businesses to comply with notice requirements where disclosure consists solely of driver’s license or passport numbers. Prior bills triggered notification only where the disclosure of driver’s license or passport numbers were accompanied by the individual’s name.

Other notable business requirements of the proposal include, but are not limited to, the following:

  • 30-day notice to individuals
  • Individual notice by mail, telephone or, under certain conditions, email
  • Media notice where the breach affects more than 5,000 individuals in a single state
  • Notice to the federal government under certain circumstances, including where the breach involves more than 5,000 individuals
  • Notice to credit reporting agencies where the breach involves more than 5,000 individuals

Businesses that do not access, store, or use covered data for more than 10,000 individuals during a 12-month period are exempt from the individual notice requirements. Likewise, the businesses that conduct a “risk assessment” concluding that the data breach did not result in, and will not result in, harm to affected individuals, is also exempt from the individual notice requirements. To qualify for this safe harbor protection, within 30 days of discovery of the breach, the business must notify the FTC of the results of its “risk assessment” and its intent to invoke the safe harbor.


Financial Regulation, Legislation, News, Regulation

House Takes Action to Delay Volcker Rule

On Wednesday, the House passed a bill that would further delay the full implementation of the Volcker Rule – a highly controversial rule introduced under the Dodd-Frank Wall Street Reform and Consumer Protection Act that prohibits banks from engaging in proprietary trading and from holding certain investments. With the passage of this bill, compliance with the Volcker Rule’s provision prohibiting banks from holding collateralized loan obligations would not be required until 2019, a two-year delay. It is estimated that the total collateralized loan obligation market totals somewhere between $84 billion and $105 billion, most of which is held by banks subject to the Volcker Rule.

Even though the House passed this bill, it is unlikely that the bill will survive the president’s desk, even if it passes in the Senate. On Monday, the White House announced that President Obama would veto the bill if it makes it to his desk. It is important to note that the bill is part of a compilation of 11 bills aimed at softening the Volcker Rule, and that most of the other bills passed the House by wide margins in 2013 and 2014. Fighting over the implementation and scope of the Volcker Rule is nothing new. The passage of this bill and the president’s announcement make it clear that tension and fighting over the implementation of the Volcker Rule is not likely to go away any time soon.

CFPB, Financial Regulation

CFPB Director Cordray Touts Mortgage Servicing Progress, New Consumer Tools

At a January 13 Brookings Institution event, Consumer Financial Protection Bureau (CFPB) Director Richard Cordray delivered remarks on the current state of the mortgage market.Touting the recently enacted CFPB mortgage rules as evidence of progress in protecting consumers from abusive mortgage practices, Cordray noted several signs of the improving mortgage market, including rising demand from first-time homebuyers and falling foreclosure rates.

Cordray also outlined a new CFPB initiative called “Owning a Home,” which is “designed to empower consumers with the information they need to make good decisions and talk to lenders with confidence.” Cordray emphasized the CFPB’s desire to “change the culture of how consumers go about obtaining mortgages” from one of “getting a mortgage” to one of “shopping for a mortgage.” To that end, the Owning a Home initiative includes a variety of tools on the CFPB’s website designed to provide guidance to consumers concerning available mortgage loan options.

Cordary’s remarks echo the CFPB’s drumbeat concerning mortgage lending and servicing in recent years, insisting on a transparent and consumer-centered approach designed, as Cordray put it, to act as “new guardrails to prevent irresponsible lending long after memories of the crisis may have faded.”


CFPB, Financial Regulation

Consumer Financial Protection Bureau Names New Enforcement Chief

The Consumer Financial Protection Bureau announced last week that Tony Alexis, the acting director of enforcement, will become the CFPB’s next director of enforcement. Alexis succeeds Kent Markus, the bureau’s enforcement chief since January 2012. Marcus, who has been on medical leave for over a year, is expected to return to work in February as a senior adviser to Steve Antonakes, the bureau’s deputy director.

Alexis joined the CFPB in 2012 from Mayer Brown. Alexis was a partner in the firm’s Washington, D.C., office from 2008-2012, where he focused his practice on complex commercial litigation and white collar matters. Before joining Mayer Brown, Alexis held a variety of positions in the federal government. He was an assistant U.S. attorney in the District of Columbia as well as a trial attorney in the Commercial Litigation Branch of the U.S. Department of Justice. Alexis becomes the CFPB’s third chief of enforcement since the bureau’s inception in 2010, with Richard Cordray being the first and Marks being the second. The number of enforcement actions brought by the CFPB has steadily increased since 2012, and McGuireWoods expects the trend to continue with the appointment of Alexis.


Ethics Rules, Government Ethics, Political Law

A Question of Ethics: May Former Staffers Discuss Legislation With Current Staffers?

Roll Call | January 6, 2015

Q. I have just completed more than a decade of service as a House staffer and am now preparing for a job in the private sector. I know there are rules about what I can and cannot do, and I am trying to make sure I understand them all. I am particularly concerned about restrictions on my communications with former staffers, as I have many friends on the Hill whom I am sure I will still often see. I know I can’t lobby them during the cooling off period, but what if I run into some of them, we start talking shop, and they ask what I think about a proposed bill? Am I not allowed to answer?

A. It happens every two years. A host of new members and staffers arrive on the Hill, while a host of old ones move out. And, just as the newbies must quickly learn rules governing congressional employees, those moving into the private sector must familiarize themselves with the restrictions on former Hill staffers. There are many, so you are wise to be concerned.

The specific restrictions you’ve asked about apply during the “cooling-off period” and limit what members and staffers can do within one year of leaving the House. As you may know, the restriction does not apply to all staffers, only to those whose salary is at least 75 percent of members’. I’ll presume this includes you, but mention it just in case.

Several activities are prohibited during the cooling-off period, including, for example, lobbying a federal official on behalf of a foreign government. Your question concerns the restriction on communications with members and staffers during the cooling-off period. It provides that you may not communicate or appear before any member, officer or employee of the House or Senate with the intent to influence, on behalf of any person, the official actions of the member, officer or employee. The restriction bars “certain types of contacts with certain categories of officials,” says the House ethics manual, “basically former colleagues and those most likely to be influenced on the basis of the former position.”

Last month, the House Committee on Ethics issued guidance on post-employment restrictions, clarifying what former staffers may and may not do during the cooling-off period. It cautions that the term “communication” is defined very broadly for purposes of the restrictions. Specifically, a communication is “the act of imparting or transmitting information with the intent that the information be attributed to the former official.”

The memorandum also sets forth several helpful fact patterns. For example, suppose that during your cooling-off period you were to call a current member and request that she meet with one of your clients. This, the memorandum states, would violate the restriction even if you did not intend to be present at the requested meeting. The request itself, the guidance states, would be a communication intended to influence official action.

The guidance also includes an example addressing a circumstance similar to the one you raise. It concerns a former member who had become a lobbyist and was asked by a current member about the views of one of the lobbyist’s clients on a pending piece of legislation. According to the ethics committee’s guidance, the lobbyist may not respond by stating the client’s views to the member. “There is no exception in the statute for covered communications that are solicited by a current Member or staff person,” the guidance states. In other words, if a communication meets the definition of forbidden communications, it is illegal regardless of whether it came in response to a question by a member or staffer.

This raises an obvious question. During the cooling-off period, what can you say if a member or staffer asks for your client’s views on pending legislation? The memorandum issued last month has an answer. “It may be permissible,” the memorandum says, to refer the member or staffer to one of your colleagues who is not subject to post-employment restrictions.

By the way, I know you didn’t ask about the penalties here, but they are worth mentioning as they are no small deal. A violation of the cooling-off period restrictions is a federal crime, punishable by up to one year in jail and a $50,000 fine. You’re right to be careful.

© Copyright 2015, Roll Call Inc. Reprinted with permission. Widely regarded as the leading publication for Congressional news and information, Roll Call has been the newspaper of Capitol Hill since 1955. For more information, visit

Corporate Compliance, FCPA Investigations

DOJ, SEC Inquiry into Och-Ziff Capital “Placement Fee” Payment Highlights Continuing FCPA Scrutiny

Och-Ziff Capital Management (Och-Ziff), a publicly traded hedge fund, hasdisclosed that it is the subject of an ongoing investigation by the U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC). The inquiry focuses on a “placement fee” Och-Ziff paid in 2007 to a London middleman − Lebanese businessman Mohamad Ali Ajami − to aid Och-Ziff in landing a deal to manage money for the Libyan Investment Authority, Libya’s sovereign-wealth fund. In addition to Och-Ziff, U.S. authorities are investigating Micheal L. Cohen, Och-Ziff’s former head of European investing, who oversaw investments in Libya and other countries in Africa.

Mr. Ajami, it is alleged, gave some of the placement fee he received from Och-Ziff to another intermediary, a Tunisian with ties both to former Libyan dictator Col. Moammar Gadhafi’s son, the now-imprisoned Saif al-Islam, and then-deputy chief of the Libyan Investment Authority, Mustafa Zarti. The U.S. government is investigating whether any portion of this placement fee violated the Foreign Corrupt Practices Act (FCPA), which prohibits, among other activities, providing anything of value to a foreign official to assist in obtaining or retaining business. For its part, Och-Ziff acknowledges the payment to Mr. Ajami. However, Och-Ziff claims it was unaware that the payment went beyond Mr. Ajamai and that Mr. Ajami assured Och-Ziff that he had complied with all laws.

Around the time of the payment of the placement fee, Och-Ziff loaned $40 million to the Magna Group, a company co-founded by Mr. Ajami, for the purpose of developing commercial real estate on the Tripoli, Libya, waterfront. Mr. Ajami’s nephew, who worked on the developments, was found guilty of corruption and sentenced to prison for conspiring with his uncle to pay bribes and forge documents.

This investigation should remind all businesses subject to the FCPA of the risks of using intermediaries when engaging in activity with the potential for contact with foreign officials. As the Organization for Economic Cooperation and Development (OECD) described in its recent analysis of the extent of foreign bribery, some three-quarters of the 427 cases of bribery analyzed involved payments through intermediaries. These intermediaries included, among others, local sales and marketing agents, distributors and local “consulting” firms.

While it may be the case that intermediaries make payments to foreign officials without the principal’s knowledge, a lack of awareness will not insulate such principals from investigation or scrutiny. Given the severe sanctions that may result from a finding of foreign bribery − including civil or criminal penalties, the implementation of a stringent compliance program and imprisonment of individuals − it is critical that entities subject to the FCPA appreciate their responsibilities when entering into arrangements with intermediaries − a primary vehicle for delivering illicit bribes, as described in detail by DOJ and SEC throughout their joint Resource Guide to the FCPA, numerous enforcement actions and other sources of guidance.

In addition to requiring compliance with U.S. and local laws and (as appropriate) the company’s code of conduct, the principal should understand the risks of contracting with a particular intermediary. Key risk factors include the countries in which the intermediary will operate on the principal’s behalf (and the risks of foreign corruption posed by those countries), the size of the company, and any historical relationship between the parties. Such risk-based diligence should also include an understanding of the reputation and relationships, if any, the intermediary has with foreign officials. Further, the principal should assess whether the services of the intermediary are in fact necessary for the transaction in question. If so, the nature of the services provided should be detailed in any contract, and the principal should seek to ensure the services are in fact being performed and that the costs of such services are commensurate with the services being provided in that marketplace. Finally, principals using intermediaries should consider performing ongoing due diligence/monitoring through some combination of the following: exercising audit rights, requesting annual compliance certifications and providing periodic training.

While no company can ensure that its counterparties will comply with all applicable laws, companies can take meaningful steps to demonstrate their commitment to compliance, which steps may make all the difference if an investigation into foreign bribery is commenced.

CFPB, Financial Regulation

State Attorneys General Urge CFPB to Regulate Arbitration Clauses in Consumer Agreements

Late last year, the attorneys general of California, New York, Illinois and 13 other states urged the CFPB to use its statutory authority to “regulate pre-dispute mandatory arbitration clauses in consumer agreements for financial products or services.”

In a letter to CFPB Director Richard Cordray, the attorneys general emphasized their consumer protection responsibilities and argued that “the average consumer nominally assents to all kinds of contracts without any opportunity or bargaining power to negotiate better terms.”

According to the authors, the pre-dispute mandatory arbitration requirements often found in those contracts – provisions that waive a consumer’s right to seek relief in court and often preclude class relief – deprive consumers of any effective redress for unlawful business practices. In addition, according to the authors, such provisions diminish the creation of “judicial precedents that can set preventative standards for corporate conduct” with the result that “corporations ared less likely to be held accountable for wrongdoing.”

Although the letter proposes no specific regulation, it requests that the CFPB impose “prohibitions, conditions or limitations” on the use of such arbitration provisions. If any such regulation were implemented, it would represent a significant development in the law concerning the enforceability of arbitration provisions, which are generally governed by the Federal Arbitration Act enacted in 1925.


New York, Zombie Debt and the CFPB

Earlier this month, New York adopted enhanced consumer debt collection regulations proposed by the New York State Department of Financial Services (NYDFS). The regulations, among other things, require debt collectors to provide consumers additional disclosures, entitle consumers to more information about the money they owe and make it more difficult to collect on time-barred or “zombie” debt. For example, prior to collecting any payment, the collector must notify the consumer if the statute of limitations has expired and that, if the consumer is sued on the debt, the consumer may be able to avoid a judgment by informing the court that the debt is time-barred. This is in direct response to the reality that most consumers do not retain legal counsel and are unfamiliar with the law, and that the majority of consumer debt collection actions result in default judgment.

New York’s new regulations – taking effect on March 3, 2015, and August 30, 2015 – exceed the protections provided by the federal Fair Debt Collection Practices Act (FDCPA), the benchmark regulation for consumer debt collection. But, as the CFPB has stated, the FDCPA is the floor, not the ceiling, when it comes to protecting consumers from abusive and deceptive debt collection practices. New York Governor Andrew Cuomo announced, “These new tools and disclosures will protect New Yorkers across the state, and I am pleased that our administration is leading the way on this issue.” Other states undoubtedly will follow New York’s lead and toughen their own consumer collection regulations.

The CFPB is also in the process of developing consumer debt collection rules. In November 2013, the CFPB – the first federal agency with the purported authority to enact comprehensive debt collection rules – issued an Advanced Notice of Proposed Rulemaking on this issue. Creditors, who largely are exempt from the FDCPA, will likely be subject to the CFPB’s anticipated regulations. Indeed, the CFPB has already made clear its view that creditors may be liable for unfair, deceptive or abusive acts or practices (UDAPP) in violation of Title X of the Dodd-Frank Act. Original creditors need to remain mindful of the FDCPA and analogous state consumer debt collection regulations, and closely watch the CFPB’s actions in this arena. And creditors will need to ensure that their policies and procedures for collecting debt reach the ceiling and don’t just scrape the floor.


CFPB Reaches Settlement Agreement with Debt Relief Company and Law Firm

Last Thursday, December 4, 2014, the Consumer Financial Protection Bureau (CFPB) reached a settlement agreement with Premier Consulting Group LLC  and the  Law Office of Michael Lupoloverrequiring the defendants to pay a fine of roughly $69,000 for allegedly charging consumers illegal upfront fees for debt relief services. The Telemarketing Sales Rule prohibits companies from collecting fees for debt relief services in advance of any settlement. 16 C.F.R. § 310.4(a)(5)(i).

The complaint in this matter, filed in May 2013, alleges that Premier collected approximately $187,000 from consumers in advance of settling any debts, and that the Law Office of Michael Lupolover collected $112,000. In addition to the monetary penalty, the settlement agreement also requires the defendants to comply with additional steps to prevent future violations, including the submission of a compliance plan, reporting requirements and expanded record retention policies.

In addition, the complaint alleged that two defendants not included in last week’s settlement agreement, Mission Abstract LLC and Michael Levitis, impersonated a government agency when dealing with consumers and gave false statements regarding fees for their debt relief services. These charges led to the CFPB’s first criminal prosecution referral when the U.S. Attorney for the Southern District of New York brought mail and wire fraud charges against Mission, Levitis and five employees. Levitis was sentenced in November 2013 to nine years in prison and was ordered to forfeit $2.2 million and pay a $15,000 fine.


Ethics Rules, Government Ethics, Political Law

A Question of Ethics: The Year in Government Ethics

Roll Call | December 9, 2014

As long as there are governments, there will be government corruption. The temptations to abuse power are never going away, and neither is human frailty, which means government ethics will remain an important issue for, well, forever.

A look back on 2014 reveals yet another year of explosive government ethics stories, scandals and legal developments. As has been the custom for the year’s final column, I asked several of the top practitioners in the field to name the biggest government ethics stories of the year.

Before turning to those, I have one of my own to mention for its impact on the actual day-to-day operations of the practice of congressional ethics. Last month, John Sassaman stepped down as chief counsel of the Senate Select Committee on Ethics, a position he held for more than six years. Sassaman presided over many high-profile investigations during his tenure and, perhaps more importantly, led a staff that was invariably prompt and thoughtful in responding to questions about Senate Ethics rules. Long known as one of the most well-liked employees of the Senate, Sassaman leaves big shoes to fill.

Robert Walker, former chief counsel of the Senate Ethics Committee who is now with Wiley Rein, cited the death of Carol Dixon, the longtime director of advice and education at the House Ethics Committee, as the ethics story of the year.

“For many years, and for so many people in the House, she was the face, the voice, the source of House ethics advice,” Walker said. “If an institution can show emotion, her memorial service this summer showed how deeply and broadly the House was touched by both her life and her death.”

In terms of impact, Walker also named the Securities and Exchange Commission’s issuance of a subpoena to the House Ways and Means Committee and a committee staffer, seeking evidence relating to an insider trading investigation.

“The SEC’s action in this test case already gets the prize for chutzpah, but if the courts uphold the SEC’s subpoenas — even in part — against the House’s assertion of total immunity from investigation under the Speech or Debate Clause of the Constitution, there will be no denying that the [Stop Trading on Congressional Knowledge] Act drastically changed the rules of the game in D.C. on the private sector’s use and exchange of nonpublic government information,” Walker said.

Setting these aside, one story was a near-unanimous pick as the ethics story of the year: the trial and convictions of former Virginia Gov. Bob McDonnell and his wife, Maureen. On Sept. 4, after a five-week trial and three days of deliberations, a jury in a U.S. District Court in Richmond found the pair guilty of multiple counts of corruption stemming from gifts received from a political donor. The charges alleged the gifts violated not state gift rules, but rather broad federal prohibitions against depriving others of the intangible right to honest services.

“Hands down,” said Stefan Passantino of McKenna, Long & Aldridge. “There’s no competition,” said Meredith McGehee, policy director of the Campaign Legal Center, a public interest group focused on campaign finance and government ethics. “The major development,” said Walker.

From Hollywood appeal to legal implications, each expert cited different reasons for the significance of the McDonnell story. “Not only did the lurid trial … spare no detail in delving into the personal lives of all involved,” Passantino said, “it also provided a catalyst for Virginia — and states everywhere — to take a hard look at their gift and travel rules.”

Although technically not a case focused on campaign finance, McGehee said it nevertheless raised questions going right to the heart of the Supreme Court’s campaign finance decision in Citizens United. “The buying and selling of access, the insistence/delusion that no favors were bought, and characters that are right out of a novel,” she said.

Walker noted the warning the convictions sounded for other government officials and their families. “After an indictment that to some looked shaky,” he said, the message was “that no official act is so small or routine that it can be sold with impunity.”

With this and so much other alleged misconduct in the news this year, one prominent practitioner wondered whether the biggest story of the year may be voters’ indifference to government corruption. Skadden attorney Ken Gross, former associate general counsel of the Federal Election Commission, cited the large number of instances in which an incumbent won re-election in November despite allegations of ethical abuses.

“Black clouds that were exploited in negative advertising against these members did not shake the electorate,” Gross said. “Perhaps the level of cynicism is so high among voters that ethics charges don’t resonate. That may be the biggest scandal of all.”

© Copyright 2014, Roll Call Inc. Reprinted with permission. Widely regarded as the leading publication for Congressional news and information, Roll Call has been the newspaper of Capitol Hill since 1955. For more information, visit