Subject to Inquiry

Subject to Inquiry


Government Investigations and White Collar Litigation Group
Enforcement and Prosecution Policy and Trends

Implications of Judge Kavanaugh’s Nomination for Criminal Sentencing

Imagine an individual who is convicted of fraudulently obtaining $5,000 but simultaneously acquitted by a jury of conspiring to fraudulently obtain $1 million. Yet at sentencing, the court bases its sentence of the defendant not on the $5,000 fraud of which he was convicted but on the $1 million conspiracy for which the judge finds him culpable. Under the federal sentencing guidelines, the dollar amount of a fraud or theft is a primary determinant of the recommended sentence. Although the guidelines sentence is only advisory, the judge is required to calculate and consider it; in this circumstance, a defendant’s sentence could potentially increase from probation to three years. Yet even though the court has in some way contradicted the jury’s verdict, such a result is in many cases allowed under current law. Besides seeming unfair, the ability of prosecutors to use acquitted conduct at sentence may allow them to bring more numerous charges against defendants under the assumption that even if the jury acquits the defendant on the majority of charges that same conduct will still be available at sentencing.

The justification for a court’s use of acquitted conduct at sentencing is that under current law a judge may find facts by a preponderance of evidence at sentencing, a lower standard than the beyond a reasonable doubt standard the jury uses. Yet a number of judges have expressed concern about the potential violation of the Sixth Amendment Right to Jury Trial implicated by these facts. Justices Scalia, Thomas, and Ginsburg raised concerns regarding similar issues in a dissent from a denial of a cert petition. Donald Trump’s recent Supreme Court nominee, Judge Brett Kavanaugh, has also indicated his sympathy to the idea that a court sentencing a defendant on the basis of acquitted conduct seems unjust. In one case, he echoed and endorsed a defendant’s words that the defendant “just fe[lt] as though, you know, that that’s not right. That I should get punished for something that the jury and my peers, they found me not guilty.” Judge Kavanaugh has also written that even though judges may sentence on the basis of acquitted conduct, they have the discretion to effectively ignore that conduct and impose a lower sentence.

Judge Kavanaugh’s writing on this topic, however, has always noted that binding precedent from the Supreme Court and his own D.C. Circuit permits sentencing on the basis of acquitted conduct. Should Judge Kavanaugh be elevated to the Supreme Court, he would be in a position to do something about that in conjunction with other Justices who have expressed similar concerns.

Enforcement and Prosecution Policy and Trends

Supreme Court Narrows Ability to Recover Internal Investigation Costs

In January, this blog previewed the Supreme Court’s grant of certiorari in Lagos v. United States to resolve a circuit split regarding whether companies could recover costs of internal investigations under the Mandatory Victims Restitution Act (MVRA). At the end of May, the Court issued a unanimous opinion sharply curtailing the ability to recover such costs.

The MVRA allows victims of financial fraud to recoup expenses caused by the criminal activity. Before Lagos, six circuits read the MVRA’s provision mandating reimbursement for “expenses incurred during the participation in the investigation or prosecution of the offense” to apply broadly to costs that were “foreseeable.” Only the DC Circuit disagreed with this interpretation, limiting reimbursement for internal investigations only to those that were directly requested or required by the government. In Lagos, the Fifth Circuit joined the other six circuits holding that the MVRA required a freight company’s CEO to repay a defrauded lender’s costs of conducting an internal investigation to uncover the scheme. The Fifth Circuit also found that the MVRA covered the lender’s attorney’s fees in the freight company’s bankruptcy proceedings.

In an opinion by Justice Breyer, the Supreme Court held that the MVRA “does not cover the costs of a private investigation that the victim chooses on its own to conduct.” In fact, the MVRA does not cover the costs of an investigation conducted before the government’s investigation even if the victim shares that information with the government. Nor does the MVRA cover costs associated with ancillary civil proceedings like a bankruptcy case, human resources review, or licensing proceeding. In fact, while the Court expressly declined to address the D.C. Circuit’s view about whether the MVRA covered the costs of investigation requested by the government, some of its reasoning hinted at an even more restrictive interpretation. In particular, the Court expressed concern about district courts reviewing the results of an internal investigation to determine which witness interviews or document reviews were “really ‘necessary’ to the investigation.”

In light of Lagos, corporate counsel should expect that most internal investigation costs – and certainly any costs for ancillary proceedings – will not be reimbursable under the MVRA. In situations where recovering investigative costs might be a priority, corporate counsel should consider partnering with law enforcement as early in the process as possible. Counsel should carefully document the specific request from law enforcement – and even consider requesting a subpoena – to ensure that each action would be considered a “necessary” component of the government’s investigation.

Enforcement and Prosecution Policy and Trends

State Regulators Announce Cryptocurrency Crackdown

On May 21, the North American Securities Administrators Association (“NASAA”) announced a massive and coordinated series of enforcement actions by U.S. state and Canadian provincial regulators to combat fraudulent practices involving cryptocurrency-related investment products.

As cryptocurrencies have gained in popularity, companies have increasingly turned to a method known as an initial coin offering (“ICO”) to raise capital. ICOs, however, are ripe for potential fraud. As the Washington Post has explained, “consumers face higher risks of being misled at a time when the intense demand for bitcoin has prompted many retail investors to take extreme steps to gain exposure to the currency…”

Given ICOs’ high risk of fraud, state regulators are increasingly scrutinizing such offerings as well as other practices involving cryptocurrency-related investments. In fact, according to NASAA, state regulators have opened nearly 70 inquiries and investigations into cryptocurrency-related companies. Moreover, there are 35 pending or completed enforcement actions related to ICOs or cryptocurrencies since the beginning of May. In short, state agencies are using state securities laws to crack down on fraud and deception in the cryptocurrency market.

These coordinated state actions have caught the attention of federal regulators as well. U.S. Securities and Exchange Commission (“SEC”) Chairman Jay Clayton issued a statement praising the NASAA for taking action. Chairman Clayton warned “fraudsters in this space that many sets of eyes are watching, and that regulators are coordinating on an international level to take strong actions to deter and stop fraud.” Chairman Clayton further reminded investors that “regulators are committed to protecting investors in these markets.”

As the recent NASAA announcement and SEC Chairman Clayton’s comments demonstrate, regulators in the United States and abroad are increasingly turning their attention to the cryptocurrency market. The intensifying spotlight on ICO’s and cryptocurrency should encourage companies pursuing an ICO or other activities involving cryptocurrency-related investments to seek legal counsel and to comply with all state laws, federal laws, and SEC regulations.

Enforcement and Prosecution Policy and Trends, Fraud, Deception and False Claims

Series of DOJ Enforcement Policy Announcements Provides Promising Guidance

In a series of key policy announcements between November 2017 and May 2018, the Department of Justice has demonstrated an increasingly coherent perspective on how it will handle key aspects of white collar criminal enforcement. The policies largely reiterate a message federal prosecutors have delivered for years regarding what they want to see from companies that discover misconduct in their ranks: prompt voluntary self-disclosure of violations; full cooperation with DOJ investigations; swift, meaningful remediation; and implementation and maintenance of effective compliance programs. What is different is the increasing certainty DOJ is willing to provide in return, including concrete benefits such as a presumption of declination or significant reduction of penalties. DOJ is also seeking to deliver more rational resolutions to complex cases to prevent “piling on” by multiple enforcement agencies in the U.S. or abroad — a policy that reflects the increasing reality and inequity many companies face when seeking to resolve large-scale white collar matters across an often balkanized and disjointed enforcement landscape.

We are early in the assessment of this still-developing evolution of DOJ policy, but on initial review these seem to be positive steps of which companies of all sizes should take heed.

DOJ Announcements

In November 2017, Deputy Attorney General Rod Rosenstein announced the implementation of a revised Foreign Corrupt Practices Act (FCPA) Corporate Enforcement Policy, which followed and supplanted a multi-year FCPA Pilot Program that had been initiated under the Obama Administration. Rosenstein noted in announcing the new policy that it “enables the Department to efficiently identify and punish criminal conduct, and it provides guidance and greater certainty for companies struggling with the question of whether to make voluntary disclosures of wrongdoing.” Justifying this new policy, he stated that “[t]he government should provide incentives for companies to engage in ethical corporate behavior. That means fully cooperating with government investigations, and doing what is necessary to remediate misconduct — including implementing a robust compliance program. Good corporate behavior also means notifying law enforcement about wrongdoing.”

The new policy’s primary thrust is that if a company “satisfies the standards of voluntary self-disclosure, full cooperation, and timely and appropriate remediation, there will be a presumption that the Department will resolve the company’s case through a declination.” That presumption can be overcome if there are aggravating circumstances, or if the offender is a recidivist. Importantly, this new policy has been incorporated into the U.S. Attorneys’ Manual, a step Rosenstein has made clear over the past few months should and will be DOJ practice going forward whenever new polices are put in place.

On March 1, 2018, John Cronan, acting assistant attorney general for the Criminal Division, took this new policy a significant step forward by publicly announcing that the principles of the FCPA Corporate Enforcement Policy would not stay confined to FCPA actions, but would also be applied to all of the Criminal Division’s corporate criminal investigations as non-binding guidance.

The next day, Rosenstein explained this shift during remarks at an event in San Diego, stating that corporate America “is often the first line of defense for detecting and deterring fraud” and that real compliance measures “help the department preserve its finite resources.” Further, he made clear that DOJ wants to “reward companies that invest in strong compliance measures.” Rosenstein assured the audience that DOJ will not “employ the hammer of criminal enforcement to extract unfair settlements” but is “committed to finding effective ways to ensure that individual wrongdoers are held accountable for corporate criminal behavior.” And while he reaffirmed that of course corporate misconduct can be “serious or pervasive enough” to warrant action against an entity, the DOJ will “think carefully about accountability and fairness.”

Two weeks ago, Rosenstein announced yet another policy shift to encourage “coordination” among law enforcement when “imposing multiple penalties for the same conduct” and to “enhance relationships with … law enforcement partners in the United States and abroad, while avoiding unfair duplicative penalties.” Through its third major policy announcement in six months, DOJ is seeking to “discourage disproportionate enforcement of laws by multiple authorities” – “piling on,” so to speak. Rosenstein made clear in his remarks that such piling on can deprive companies of certainty and finality, and harm “innocent employees, customers, and investors who seek to resolve problems and move on.”

This so-called “piling on” policy has four essential features. First, it affirms that “criminal enforcement authority” shouldn’t be used “for purposes unrelated to the investigation and prosecution of a possible crime” (i.e., DOJ shouldn’t threaten prosecution simply to induce a larger settlement). Second, it encourages coordination among law enforcers to achieve an “overall equitable result.” Third, DOJ attorneys are encouraged to “coordinate with other federal, state, local, and foreign enforcement authorities seeking to resolve a case with a company for the same misconduct.” Fourth, several factors are established to evaluate whether multiple penalties are justified in a particular case, such as egregiousness, statutory mandates, risk of delay in finalizing a resolution, and the quality of a company’s disclosures and cooperation.

Policy Evolution

The DOJ has historically moved at a very deliberate pace from an enforcement policy perspective, and has been loath to cede discretion or flexibility in how it resolves high-stakes investigations. That makes this relative flurry of policy announcements potentially significant. Although DOJ has certainly retained a significant amount of prosecutorial discretion, it has anchored these policies on far more concrete benefits to cooperating corporations. For many companies navigating the discovery of potentially significant corporate misconduct, these policies could make the decision whether to self-disclose easier. At least, that is the clear hope for DOJ.

These policies also appear calibrated to address a few other key DOJ principles:

  • Compliance Programs Are Critical: The importance for corporations to implement and operate robust and effective compliance programs is nothing new. This concept has for years been enshrined in the standards of the U.S. Sentencing Guidelines, the Principles of Prosecution of Business Organizations and countless other sources of federal judicial, law enforcement and regulatory guidance. However, the focus on compliance programs has shifted over time from being one of many important factors to increasingly being a threshold necessary to qualify for credit. The FCPA Corporate Enforcement Policy drives that point home. It requires implementation of an effective compliance and ethics program as part of the timely and appropriate remediation required to qualify for full credit under the policy, including:
    • Ensuring there is a culture of compliance;
    • Dedicating appropriate resources to compliance;
    • Staffing the compliance function with personnel of adequate quality and experience;
    • Providing the compliance function adequate authority and independence;
    • Performing effective risk assessments;
    • Compensating and promoting compliance personnel appropriately;
    • Auditing to ensure effectiveness; and
    • Implementing an appropriate reporting structure.
  • Individuals Remain in the Crosshairs: If anyone needed a reminder that the principles of the Yates Memo are alive and well within DOJ, the recent policy announcements should suffice. In reiterating what DOJ means by “full cooperation,” the FCPA Corporate Enforcement Policy provides, among other things, that corporations must:
    • Disclose all relevant facts and attribute them to specific sources (where it would not violate attorney-client privilege) (i.e., no general narratives);
    • Disclose all facts related to involvement in the misconduct by the company’s officers, employees or agents;
    • Disclose all facts regarding potential misconduct by third-parties; and
    • Do all of the above on a proactive basis.
  • Full Cooperation and Appropriate Remediation Means Full Cooperation and Appropriate Remediation: The FCPA Corporate Enforcement Policy makes explicit the extent to which companies will need to be detailed, fulsome and proactive in cooperating with DOJ in its investigations, and will need to take extensive and demonstrable steps — on a prompt basis — to remediate identified misconduct. The underlying concepts of what is outlined in the policy are familiar, but there is every reason to expect that DOJ will hold companies to a high standard in measuring satisfaction of these standards given the significant benefits being offered in the form of declination or significant penalty reductions.
  • DOJ Is Looking to Streamline ; In the announcements of these policies, Rosenstein and the other DOJ representatives have made repeated reference to efficiency and to effective allocation of DOJ resources. Although the proof will be in the pudding, DOJ seems to be signaling through the comments and the structure of these policies a desire to streamline enforcement matters, shorten the often extended multi-year timelines that have become a structural reality for complex white collar matters and thereby free prosecutorial resources for other enforcement priorities.

What This Means for Companies

Corporations that discover misconduct in their ranks never face easy decisions in the wake of that discovery, and these recent policy announcements will not alleviate that sting. However, for many they will offer a level of comfort and confidence by providing an increasingly clear and certain roadmap they can follow in investigating, remediating and disclosing the misconduct. Those companies best suited to take advantage of these policies will be the ones that study these policies now, and both internalize and operationalize the messages being sent. This is particularly true with respect to investment in and continuous improvement of compliance and ethics programs. This is the one area where corporations not currently under investigation have the most agency to control their fate in anticipation of (and in an effort to foreshorten, if not avoid) future investigations.

This article originally appeared in The FCPA Blog.

Enforcement and Prosecution Policy and Trends, Financial Institution Regulation

No Changes to CFPB This Year

In a statement on Thursday, April 26, a key House Republican on CFPB issues effectively admitted that despite his own efforts and those of the Trump Administration including Acting CFPB Director, Mick Mulvaney, Congress will almost certainly make no changes to the structure of the CFPB this year.  As a result, there will probably be no change from a single-Director to a Commission, nor will changes be made to the way in which the CFPB is funded, or to the Director’s independent status.

In remarks to the U.S. Chamber of Commerce, Jeb Hensarling, Chairman of the House Financial Services Committee, conceded that he is now willing to accept the bi-partisan banking deregulatory bill that passed the Senate recently as S. 2155, which makes no changes to the CFPB’s structure.  As we reported previously, several Senate Democrats who supported S. 2155 have made clear they would not accept amendments to it by the House that would weaken the CFPB.

Chairman Hensarling indicated that he would still like to pursue his CFPB reforms as separate bills, but most observers agree that if those reforms cannot be attached to the Senate bill, they will not become law this year.  White House statements indicate that President Trump would like to sign S. 2155 into law by Memorial Day.

Enforcement and Prosecution Policy and Trends, Financial Institution Regulation

Senate Votes to Strike Down Key CFPB Bulletin on Lending Discrimination in the Indirect Auto Market

On Wednesday, the U.S. Senate voted almost entirely along party lines to invalidate, under the Congressional Review Act, the Consumer Financial Protection Bureau’s (CFPB) (in)famous 2013 Bulletin on lending discrimination in the indirect auto market via discretionary mark-ups and dealer compensation policies.  The 2013 Bulletin, construing the Equal Credit Opportunity Act and its implementing rule, Regulation B, had served as the basis for a number of substantial CFPB enforcement actions against indirect auto lenders, with large fines and loud protests from industry.

The U.S. House of Representatives has been poised to vote down the 2013 Bulletin for some time, and is very likely to follow the Senate’s lead and make the invalidation effective.  If as expected the House does act, this would mark the second time in the past year that Congress has voted to strike down a rule issued by the CFPB.  (Last December, the Government Accountability Office’s General Counsel issued a formal legal opinion concluding that the 2013 Bulletin was, in fact, a “rule” subject to the Congressional Review Act, paving the way for yesterday’s Senate vote.)  The first instance, of course, was Congress’ decision to invalidate the CFPB’s rule regarding arbitration.

Despite the Senate’s action Wednesday, efforts to weaken the CFPB by statute along the lines proposed by its Acting Director Mick Mulvaney and Republican congressmen continue to face challenges in Congress.  While such proposals have passed and would likely easily pass again in the House of Representatives, no such measure was included in the recent package of reforms that passed the Senate with bipartisan support.  Several of the Senate Democrats who voted for that package have indicated that they are not inclined to support measures that would weaken the CFPB structurally. 


Enforcement and Prosecution Policy and Trends, Financial Institution Regulation, Securities and Commodities

Does United States v. Ying Expand the Knowledge Requirement for “Classical” Insider Trading?

On March 14, 2018, the SEC and DOJ sued Jun Ying, a former Chief Information Officer within an Equifax Inc. business unit, for insider trading. Specifically, they accused him of knowing about a significant Equifax data breach prior to its public disclosure and, while in possession of that material nonpublic information, exercising his Equifax options and selling those shares. When Equifax subsequently announced the data breach its stock price fell, giving Ying a loss avoided of over $117,000.

This fact pattern, were that all there is, seems a rather straightforward, uncontroversial application of the “classical” theory of insider trading. Under that theory, a corporate insider, such as Ying, violates Section 10(b) and SEC Rule 10b5 by trading in the company’s securities “on the basis” of material nonpublic information about the corporation. Chiarella v. United States, 445 U.S. 222, 230 (1980); United States v. Newman, 773 F.3d 438 (2d Cir. 2014) (abrogated on other grounds by Salman v. United States, 137 S. Ct. 420 (2016)). According to the SEC’s Rule 10b5-1, a trade is “made ‘on the basis of’ material non-public information . . . if the person making the purchase or sale was aware of the material nonpublic information when the person made the purchase or sale.” Rule 10b5-1(b) (emphasis added). To prove a criminal violation, the DOJ must also establish that the defendant acted “willfully,” 15 U.S.C. § 78ff(a), defined in this context as “a realization on the defendant’s part that he was doing a wrongful act under the securities laws.” Newman, 773 F.3d at 447 (quoting United States v. Cassese, 428 F.3d 92, 98 (2d Cir. 2005)).

However, here, both the SEC and DOJ acknowledge in their charging papers that, at the time of his trading, Ying was not “aware” of Experian’s data breach – at least not explicitly. Indeed, when he traded, Equifax had disclosed this information to only a select few insiders, of which Ying was not one. To the contrary, Equifax had explicitly lied to Ying and told him that the data breach he and his team were working on was for an Equifax client. As one of Equifax’s business lines is assisting clients with data breaches, this explanation seemed plausible. As time went on, however, the behavior of his superiors and colleagues made Ying suspicious that there was no “client” and that it was Equifax that had been breached. Based on his suspicions, Ying exercised his outstanding Equifax options and sold his shares.

But suspicions were all they were – Ying is alleged to have “put 2 and 2 together” according to the SEC’s Complaint. Indeed, Equifax did not reveal to Ying that it was the hacking victim until days later. Nevertheless, notwithstanding his avowed lack of actual knowledge, Ying was charged with criminal insider trading by the DOJ and sued civilly by the SEC.

Clearly the government believes that, notwithstanding his lack of actual knowledge, Ying’s strong suspicion that Equifax, and not a client, had suffered a data breach, is sufficient to satisfy the knowledge requirement of Rule 10b-5 and create insider trading liability. This expands Rule 10b5-1’s knowledge requirement beyond actual awareness and into the realm of constructive knowledge at best, and mere suspicion at worst.

Thus, as this case progresses, it will be interesting to see whether the facts show Ying had constructive knowledge of Equifax’s data breach or something less, and whether as a matter of law, whatever he “was aware of” at the time he traded, is deemed sufficient to create liability.

While we have not seen cases addressing whether actual, as opposed to constructive, knowledge is required in the classical insider trading context, under the “misappropriation theory” of insider trading, a tippee must have actual knowledge that a tipper received a personal benefit in connection with the disclosure of the material nonpublic information in order to be convicted of insider trading. United States v. Newman, 773 F.3d 438 (2d Cir. 2014) (reversing tippee criminal convictions because the government failed to prove the tippees had actual knowledge that the tipper received a personal benefit in connection with disclosure of the material nonpublic information). Absent actual knowledge of the personal benefit, there is no liability. Id. Given that a tippee can be quite removed from the actual insider who initially tipped the information, one can see how courts would be reluctant to impose anything other than an actual knowledge requirement for insider trading liability. For corporate insiders, however, a court may feel that constructive knowledge is sufficient given the unique information available to insiders that they can use to potentially piece together what is, in fact, material nonpublic information. Clearly this is the government’s view of what Ying did here. See, e.g., SEC Complaint at para. 33 (“Ying used the information entrusted to him as an Equifax employee to conclude that Equifax was the victim of the breach, and that the ‘breach opportunity’ idea suggesting a client was the victim was merely a cover story.”).

The battle lines are drawn. Stayed tuned to see how it is resolved.

Enforcement and Prosecution Policy and Trends

Supreme Court Holds DOJ’s Feet to the Fire in Tax Crime Case

In Marinello v. United States, an opinion released yesterday, the Supreme Court adopted a narrowing interpretation of the tax code’s broadest criminal provision, the “tax obstruction” statute 26 U.S.C. § 7212(a).  The Court’s opinion is good news for taxpayers, their advisors, and the sound administration of the law.

Marinello concerned whether the crime of “corruptly … endeavor[ing] to obstruct the due administration” of the tax laws (i) prohibits obstruction only of pending IRS audits and collection efforts, or (ii) instead applies more broadly.  The government urged that the crime included conduct well before any IRS audit, so long as it was motivated by a desire to cheat on one’s taxes – including otherwise-lawful conduct like dealing in cash, or avoiding the creation of records not required by law.

DOJ urged a broad interpretation of the tax obstruction statute because the tax laws themselves are broad: tax administration is “continuous, ubiquitous, and universally known,” DOJ argued.  But the Court correctly recognized that the breadth of the tax laws is itself a reason for caution, to avoid making every lapse in bookkeeping or business judgment a potential tax crime.  And a person of ordinary moral sensibilities might recognize that (say) using cash or discarding receipts makes the IRS’s job harder.  He might even realize some of these practices could invalidate a tax deduction, if he thought about it.  But he would not believe such conduct to be a crime.  On the government’s view, it could be – limited only by DOJ’s self-restraint.

Marinello wisely prohibits that result, requiring the government to prove the intent to obstruct a pending or foreseeable tax administration “proceeding” before it can obtain a § 7212(a) conviction.  That “proceeding” must be something beyond processing tax returns and refunds, or other functions IRS performs in the background.  In practice, Marinello means DOJ will charge tax obstruction only where obstructive conduct concerns some direct interaction between a taxpayer and an IRS employee – an audit, civil summons enforcement, dealings with the Appeals Office, enforced collection, Tax Court proceedings, or a tax crime investigation.

Off limits to DOJ going forward are tax obstruction charges based on pre-audit activities, like employing or promoting fraudulent tax shelters, or accounting misconduct.  Of course, such conduct can still be prosecuted using the more traditional crimes like tax evasion, conspiracy, or filing false returns.

And that’s the main virtue of Marinello: holding the government to its burden of proof under the traditional tax crimes.  DOJ’s pre-Marinello view (followed by most circuits until today) let the government salvage felony tax charges in failed tax evasion cases.  Indeed, the primary effect of § 7212(a) in cases without a pending proceeding was to make tax obstruction a backstop felony charge when the defendant’s conduct looked like tax evasion, but the government could not prove a tax loss or the falsity of a document submitted under penalties of perjury.  The broad view, in other words, made it easier for the government to charge felonies that should have been declinations or misdemeanors like failure to file.

Moreover, the broader view of §  7212(a)  allowed the government to bring charges based on otherwise-legal conduct which did not directly threaten the integrity of the tax system, but merely risked doing so.  Indeed, DOJ frequently used §  7212(a) to prosecute lawful conduct that, it contended, was rendered illegal by an intent to cheat on one’s taxes – actions like dealing in cash, as in Marinello, or using offshore banks or shell companies.

But there’s no reason for such a broad crime to exist.  The DOJ has a valid prosecutorial interest in false returns and the underpayment of taxes.  If a taxpayer intends for dealing in cash or other pre-“proceeding” conduct to result in underpaid taxes or false returns, the government should prosecute with the traditional tools at its disposal.  But it should be compelled to pay the price those statutes require: proving an actual harm to the tax system via a false return or lost tax revenue.  Otherwise-legal conduct several degrees removed from the government’s real interests should not be enough.

In other words, tax crimes are intended to protect the federal fisc and ensure the integrity of self-reporting.  They do not create a general code of accounting or business ethics.  No harm, no foul.

Marinello also answers the question of whether audit avoidance – tax planning intended to lower the audit profile of a client’s return or transaction – can, by itself, be tax obstruction.  The answer is no, except in the exceedingly rare cases where a “proceeding” is already pending.  But that answer provides only limited comfort, as DOJ can still pursue overly aggressive planning for clients under other statutes.

In sum, Marinello continued the Court’s recent trend of reining in DOJ’s interpretation of broadly worded white collar crimes.  And it appropriately recognizes that prosecutorial discretion and mental state requirements are not reliable limits on criminal laws broad enough to reach innocent conduct.  The net effect will be holding DOJ’s feet to the fire, deterring it from bringing cases that don’t provably implicate the core interests of tax enforcement.


“White Hat” Ethical Hackers and Corporate Investigations

This post originally appeared in our sister publication, Password Protected.

A “white hat” is an ethical computer hacker who specializes in penetration testing and other testing methodologies to ensure the security of an organization’s information systems. According to the Ethical Hacking Council, “The goal of the ethical hacker is to help the organization take pre-emptive measures against malicious attacks by attacking the system himself or herself; all the while staying within legal limits.” White hat hackers usually present their skills as benefitting their clients and broader society. They may be reformed black hat hackers or may simply be knowledgeable of the techniques and methods used by hackers. However, white hats have been known to offer broader hacking services, such as information gathering about persons or entities at odds with those hiring the white hat. Ethical hackers have been compared to digital versions of private investigators or investigative reporters.

In considering whether to engage a white hat hacker, there are a number of precautions that a company should take to increase the likelihood that the white hat will be credible, professional and ethical and only engage in lawful activities during the course of the engagement.

Credibility. Consider existing relationships, references and certifications. For example, the EC-Council offers a Certified Ethical Hacker accreditation. Many large consulting firms provide ethical hacking services. References from trusted peers are also extremely important.

Background Check. Conduct a thorough background check. Although the white hat may be affiliated with a reputable consulting firm, verify his or her experience and credentials and investigate possible criminal history. Do not assume that what the hacker tells you is true.

Engagement Letter. Have the hacker sign an engagement letter or similar contract that clearly defines the engagement, prohibits any illegal or unethical conduct, and addresses liabilities, indemnification and remedies where appropriate. Specify the hacking methods that are and are not acceptable and which information systems, networks and data may be accessed. Require the hacker to provide proof of adequate professional liability insurance.

Confidentiality Agreement. Require the hacker to sign a confidentiality or non-disclosure agreement that strictly prohibits the use or sharing with others of any information gathered as part of the engagement and that specifies the penalties for violation or references penalties set forth in the primary agreement.

Oversight. Monitor the hacker’s activity and be on the lookout for any suspicious activity—both during and after the white hat’s work. Ensure that the hacker remains within the scope of work defined within the engagement letter. If the scope of work changes, revise the engagement letter accordingly. Keep in mind that access to information systems presents opportunities to set conditions for future remote access or other unauthorized, nefarious activities.

Work Product. Consider the desired work product that will be developed over the course of the white hat’s engagement and whether the white hat should report to the General Counsel or outside counsel to protect privilege. In order to be admissible in evidence in civil litigation, the white hat must be willing to submit a signed affidavit, which describes under oath the results of the investigation, and to possibly testify. Not every white hat makes a good witness.


Supreme Court Holds Internal Complainants Are Not Dodd-Frank Whistleblowers

In an important case clarifying the scope of the anti-retaliation provision of the Dodd-Frank Wall Street Reform and Consumer Protection Act, the U.S. Supreme Court held on Feb. 21, 2018, that the law unambiguously requires an individual to report a securities law violation to the SEC in order to claim whistleblower protection under the provision. This means an employee who makes only an internal report may be protected by the Sarbanes-Oxley Act of 2002, but is not also protected under Dodd-Frank.

In 2010, Congress passed Dodd-Frank and established a robust whistleblower program designed to motivate employees to report securities law violations to the U.S. Securities and Exchange Commission (SEC). In addition to entitling whistleblowers to cash rewards, Dodd-Frank includes an anti-retaliation provision that prohibits employers from discriminating against or terminating employees for making such reports to the SEC.

The interplay between the definition of “whistleblower” and the identification of protected activity under Dodd-Frank has confounded the courts since shortly after Congress passed the law. A “whistleblower” is an individual who reports a securities law violation to the SEC.  However, “protected activity” includes making disclosures required or protected under the Sarbanes-Oxley Act, which does not require a report to the SEC.

To harmonize these provisions, some courts concluded that including Sarbanes-Oxley-protected reports created a narrow exception to the requirement that an employee provide information to the SEC in order to claim whistleblower status under Dodd-Frank. The SEC likewise expanded the definition of “whistleblower” when it issued its final rule implementing Dodd-Frank to cover an employee who reported security violations to his or her supervisor, but not to the SEC. This definition was codified in 17 C.F.R. § 240.21F-2. In 2015, the SEC reiterated that whistleblower protection is not contingent on an employee providing information to the SEC, but even covers internal reports of wrongdoing.

In the case before the Supreme Court, Paul Somers sued his former employer, Digital Realty Trust Inc., alleging that Digital Realty fired him shortly after he reported to senior management (but not to the SEC) suspected securities law violations. Both the U.S. District Court for the Northern District of California and the U.S. Court of Appeals for the Ninth Circuit found Dodd-Frank ambiguous and deferred to the SEC’s final rule and interpretive guidance. The case presented the Supreme Court with a circuit split, in which the Ninth and Second Circuits held that employees were protected by merely reporting to their supervisor, while the Fifth Circuit held that employees must provide information to the SEC to avail themselves of the law’s protections.

The Supreme Court found no ambiguity in Dodd-Frank’s anti-retaliation provision, which protects an individual who provides “information relating to a violation of the securities laws to the Commission.” The court found that, not only does the plain language of the law require a report be made to the SEC, but also that Dodd-Frank’s “core objective” was to motivate reports to the SEC. Dodd-Frank’s purpose, the court found, was narrower than that of the Sarbanes-Oxley Act, which was designed to disturb the “corporate code of silence” that kept employees from reporting fraud “even internally.”

This case presents a welcome resolution to the circuit split over whether internal whistleblowers can maintain a Dodd-Frank anti-retaliation lawsuit against their employers. The distinction and decision are important because significant differences exist between the anti-retaliation provisions of Dodd-Frank and Sarbanes-Oxley. To seek relief under Sarbanes-Oxley, an individual must file a complaint with the Secretary of Labor within 180 days of the alleged violation. By contrast, Dodd-Frank’s whistleblower provision contains a six-year statute of limitations and no administrative exhaustion requirement. The two laws also provide for different remedies.

To read the Supreme Court’s opinion, click here.

For further information about Sarbanes-Oxley, Dodd-Frank or whistleblower protections, please contact the authors, your McGuireWoods contact or a member of McGuireWoods’ labor and employment or government investigation and white collar litigation groups.

We use cookies to enhance your experience of our website. By continuing to use this website, you agree to the use of these cookies. For more information and to learn how you can change your cookie settings, please see our policy.