Subject to Inquiry

Subject to Inquiry


Government Investigations and White Collar Litigation Group
Enforcement and Prosecution Policy and Trends, Financial Institution Regulation

Beware What You Share: Privilege Waiver Risks in Investigations

In responding to regulatory and government investigations, firms are often faced with the question of how to balance the desire to cooperate with the need to preserve privilege over an internal investigation.  Financial institutions face this question additionally in their reporting requirements to regulators, including Form U-5 filings and Suspicious Activity Reports.  Two recent decisions illustrate the risk of a waiver of privilege when a firm provides information relating to witness or client interviews.

In the first case, a U.S. Magistrate Judge in the Southern District of Florida held that providing “oral downloads” of otherwise-privileged witness interview notes and memoranda to the Securities and Exchange Commission effectively waived privilege.  SEC v. Herrera, 2017 WL 6041750 (S.D. Fla. December 5, 2017).  The court in Herrera ruled that there is little or no distinction between (a) producing actual interview notes and memoranda to a regulator and (b) orally summarizing that written material’s meaningful substance.

In the second case, the D.C. District Court held that a written submission made to the Department of Justice, which was based on privileged conversations, constituted an implied waiver of the attorney-client privilege for the privileged communications that formed the basis of the submitted responses.  In re Grand Jury Investigation, 2017 WL 4898143 (D.D.C. October 2, 2017).  The court reasoned that the submitted responses contained information obtained by the attorney from her clients, that privilege was impliedly waived as to the content of the submitted responses and that the implied waiver extended to communications relating to the same subject matter.

Firms feeling pressure to cooperate by providing information should be careful about providing information beyond historical facts, and should keep in mind that it is usually safer to provide documents than information from interviews.  Remember also that generally the government is prohibited by policy from asking for a privilege waiver.  And understand that the waiver issues identified above can snowball into subject matter waivers of unpredictable scope.  So think twice (or more) before considering providing information from witness or client interviews in any form.  That said, if a firm decides after careful thought that it must cooperate by providing information from interviews, it should consider the following practice points:

  • Provide “general impressions,” and present information in a broad thematic manner.  Do not quote.  Use hypotheticals, rather than actual questions and answers from the interview.
  • Do not organize the information in a witness-specific manner.  Present information in a way that particular statements cannot be attributed to specific individuals.
  • Avoid relaying the contents of witness interviews in “substantial part.”  Specifically, if a court conducts an in camera review, notes of the oral download should not match the original interview notes.

E.g. S.E.C v. Vitesse, 2011 WL 2899082, at *3 (S.D.N.Y. July 14, 2011); U.S. v. Treacy, 2009 WL 812033, at *2 (S.D.N.Y. March 24, 2009).  As noted, this course of action is risky.  Proceed with caution.

Compliance, Financial Institution Regulation

CFPB Announces Intent to Reconsider Disclosure Rule

On December 21, 2017, the Consumer Financial Protection Bureau (CFPB) issued a public statement regarding implementation of the Home Mortgage Disclosure Act (HMDA), noting that it plans to reconsider aspects of the mortgage data rule.

The HMDA, enacted in 1975, requires many lenders to report information concerning applications they receive for particular mortgage loans and other loans they purchase. The Dodd-Frank Act directed the CFPB to expand the collection of this data, prompting the Bureau to issue a rule in 2015 that required financial institutions to collect and report additional mortgage information beginning in 2018. The CFPB then issued a final rule in August of 2017 regarding this collection of information.

Despite this relatively recent final rulemaking, the CFPB has announced that it “intends to engage in a rulemaking to reconsider various aspects of the 2015 HMDA Rule such as the institutional and transactional coverage tests and the rule’s discretionary data points.” According to the CFPB, this rulemaking will likely re-examine, among other things, lending-activity criteria that determines whether data and transactions must be reported.

At this point, it is unclear how the regulations will change, but it appears likely that the modifications will reduce the amount of information about borrowers that banks and other lenders are required to submit to regulators. Further, the number and types of institutions required to report certain information could be reduced. For now, lenders will have to comply with the rule coming into effect, though the CFPB has said that it “does not intend to require data resubmission unless data errors are material.” Moreover, the Bureau doesn’t intend to assess penalties with respect to data collected in 2018 and reported in 2019, and will only use examinations of 2018 data as diagnostic, to aid in identifying compliance weaknesses.

This announcement may signal a new approach by the CFPB, which traditionally has taken an expansive view toward regulation of financial institutions, particularly as this news comes less than a month after Mick Mulvaney, the Director of the Office of Management and Budget, took the reins at the CFPB. This new rulemaking should be closely tracked so financial institutions may appropriately adjust their compliance programs to this shifting landscape.


Pending U.S. Supreme Court Case Could Impact Judicial Deference to Agency Rulemaking

A petition for certiorari pending before the U.S. Supreme Court has the potential to narrow the application of Chevron deference to agency rulemaking.  Under Chevron U.S.A. v. Natural Resources Defense Council, a 1984 Supreme Court case that is widely considered a foundational case in administrative law, courts interpreting an ambiguous provision of a federal statute defer to an agency’s interpretation of that statute.  During Justice Neil Gorsuch’s confirmation proceedings, commentators noted his expressed skepticism of deference to agencies and speculated that his confirmation might lead to the trimming of Chevron deference and thus the scope of agencies’ authority to interpret the laws they enforce and implement.

The now-pending case of Perez-Guzman v. Sessions, No. 17-302, involves a complex statutory and regulatory scheme under immigration law pertaining to the circumstances in which an alien whose prior removal order has been reinstated may apply for asylum.  Perez-Guzman, the party seeking the Supreme Court’s review, casts the case as presenting the question of whether a court must defer to an agency’s interpretation when the agency is interpreting two statutory provisions that conflict with each other.  He argues that when ambiguity arises in that circumstance, rather than from a “gap” in a statute that Chevron presumes Congress intended for the agency to fill, it is for a court to resolve the conflict between the laws at issue.

Perez-Guzman also points to a concurrence in an earlier case by two current members of the Court signaling that they would not apply Chevron deference in this circumstance, thus suggesting that multiple members of the Court may be inclined to hear the case.  After Perez-Guzman filed his petition in August, the government waived its right to respond to the petition.  Thereafter, the Court requested the government to respond, often an indication that at least one Justice has interest in the case.  In its response, the Solicitor General states that review is unwarranted because the Chevron issue need not be decided and that an earlier case effectively resolved this issue against Perez-Guzman.

Perez-Guzman has attracted significant amicus support from immigration attorneys and the Cato Institute alike.  The Court will likely decide whether to take up the case in January or February.

Enforcement and Prosecution Policy and Trends

FINRA Continues to Prioritize Examinations of High-Risk and Recidivist Brokers

In its 2017 Regulatory and Examination Priorities Letter, FINRA made clear that one of its top priorities is identifying high-risk brokers and ensuring that their firms properly monitor them. To assist it in doing so, FINRA has established a dedicated examination unit to identify and examine brokers who may pose a high risk to investors. That unit’s charge is also to (1) review firms’ supervisory procedures for hiring or retaining statutorily disqualified and recidivist brokers; and (2) evaluate firms’ branch office inspection programs and supervisory systems.

At the November 1, 2017 Securities Industry and Financial Markets Association (“SIFMA”) Compliance and Legal Society Regional Seminar in New York, Michael Solomon, FINRA’s Senior Vice President and Regional Director, updated and expanded on this examination unit’s progress in identifying and examining high-risk brokers.

  1. Use of Data Analytics to Identify High-Risk Brokers

Mr. Solomon noted that to assist the unit in its mission, FINRA now uses an analytical model that processes its in-house data to identify high-risk brokers and predict “bad behavior.” Mr. Solomon stated that the data FINRA uses in its analytical model includes, but is not limited to the following:

  1. Regulatory actions against the broker;
  2. 4530 Reports;
  3. The broker’s employment history[1]; and
  4. The exams that the broker attempts to take (or not take).

Based on this data, the model looks for common attributes among brokers known to have engaged in bad behavior and creates a list of high-risk brokers for further review. FINRA then conducts a “qualitative” assessment of those brokers, looking at information such as (1) outside business activities, (2) liens, and (3) criminal activities. Through that analysis, FINRA identifies the “highest-risk” brokers, and conducts a targeted and focused examination of them accordingly.

  1. Results to Date

Mr. Solomon stated that FINRA’s use of data analytics to target high-risk brokers has been quite effective. Frequently, the brokers identified for examination voluntarily depart from their respective employers. Moreover, of the brokers it has designated as “high-risk,” 55 percent are no longer registered with FINRA, while 14 percent (approximately 132 brokers) have been permanently barred. Finally, through these examinations, FINRA has identified certain “flags” that signal potential abuse – specifically, (1) instances in which brokers “live off” a small number of clients; and (2) suspicious wires from client’s brokerage accounts.

III.       Message to Firms

With respect to the firms that hire high-risk brokers, Mr. Solomon stated that the priority of FINRA’s exam unit will be to:

  1. Review firms’ supervisory procedures for hiring high-risk brokers;
  2. Examine the actual due diligence the firms conducted on those brokers[2] prior to their hire; and
  3. Assess whether firms have adequate supervisory plans in place to detect and prevent future misconduct by brokers who have previously engaged in misconduct.

With respect to firms’ monitoring of high-risk brokers, Mr. Solomon suggested that they closely look for trends in clients’ wires – even if the wires are to the clients’ personal accounts. Moreover, Mr. Solomon emphasized that firms should contact clients about their account activity when they see suspicious behavior, suggesting that FINRA will not look kindly at firms who fail to do so.

Given the impressive results of this newly established exam unit, we anticipate this continuing to be an area of emphasis for FINRA throughout 2018.

[1] Mr. Solomon stated that the employment history data includes (1) the number of firm’s for which the broker worked, to identify “firm jumping”; (2) the location(s) of the broker’s employment; and (3) the broker’s association with firms that have experienced regulatory problems.

[2] FINRA’s January 4, 2017 Regulatory and Examination Priorities Letter stated that FINRA will examine whether firms conduct a national search of reasonably available public information to verify the accuracy and completeness of an applicant’s Form U4. FINRA will also continue to monitor for timely submissions of disclosures required on Forms U4 and U5.

Enforcement and Prosecution Policy and Trends

The Cloak of Legal Professional Privilege

The recent judgment in the case of Serious Fraud Office (SFO) v Eurasian Natural Resources Corporation Ltd [2017] EWHC 1017 (QB) is a matter of major concern for companies and those involved in advising them on the best approach to the prospect of investigation by the U.K. SFO. We understand that this English High Court judgment is to be the subject of an appeal, but companies and their legal advisers could consider the practical steps below to minimize the risk of claims for Legal Advice Privilege (‘LAP’) or Litigation Privilege (‘LP’) being unsuccessful.

Step 1: LAP – To deal with the Court’s finding that communications by corporate lawyers with third parties (including employees) who are not authorized to seek or receive legal advice, and therefore not the ‘client’ for privilege purposes, are not covered by ‘LAP’.

The corporate should in advance of any such communication state in writing that the person giving the initial formal instructions to the external investigating lawyer is authorized by the corporate to obtain legal advice on its behalf.

Step 2: LP – To deal with the Court’s finding that a reasonable anticipation of a criminal investigation (as opposed to a reasonable anticipation of a prosecution or other sufficiently adversarial proceeding) does not, without more, constitute a reasonable anticipation of litigation for the purpose of establishing LP.

The corporate should formally make a record, if appropriate on the discovered facts, that on the information currently available, it entertains a concern that the material gives rise to a real likelihood of a prosecution of the company, and the purpose of the instructions to the external lawyer is to give advice to the Board regarding such concern.

Step 3: LP – To deal with the same finding as described under ‘Step 2’ above.

The lawyer should indicate in writing whether, on the basis of the information initially provided by the corporate, there would appear to be a reasonable anticipation of proceedings by the SFO.

Step 4: LAP – To deal with the Court’s findings (a) as described under ‘Step 1’ above and (b) that any documents prepared by the lawyer in this context must be with the dominant purpose of providing the corporate with advice as regards the likelihood of future litigation.

If the corporate should decide to instruct the lawyer to proceed with interviews, then in advance of any such interview the lawyer should inform the person to be interviewed that the dominant purpose of the interview is to enable the lawyer to provide the corporate with advice regarding the likelihood of future litigation. The conveying of this information should be the subject of a written record.

Step 5: LAP – To deal with the Court’s finding that a lawyer’s basic record of what a witness said would not attract ‘LAP’ unless it would betray the trend of the legal advice.

Following every such interview, the lawyer should record in writing some form of qualitative assessment of what has been said by the person interviewed, together with any thoughts as to its importance or relevance to the legal advice being sought.

We do not suggest that pursuing these five steps will guarantee that in any individual case the SFO or the Court would be persuaded that interviews and lawyers’ ‘working notes’ fall within the protection afforded by Legal Professional Privilege – each case will depend on its facts. However, adopting this procedure may provide both corporates and lawyers with a good chance that the material in question will properly carry the cloak of privilege.

Please contact Vivian Robison if you have any questions relating to Legal Professional Privilege.

Anti-Bribery and Corruption

Expansion of FCPA “Pilot Program” is Good for Companies, but Heed the Fine Print

Deputy Attorney General Rod Rosenstein’s Nov. 29 announcement that the Department of Justice FCPA “Pilot Program” will be permanently expanded is good news for companies that repeatedly faced the dilemma of whether or not to investigate and disclose FCPA issues discovered internally. However, companies should be careful to read the fine print of the policy before rushing into disclosure.

The disclosure dilemma

First, a brief look at the disclosure dilemma. A company that suspects FCPA issues, especially a public company with independent board members, has a strong legal incentive to respond to such a red flag by investigating the matter. But once facts are discovered that show or at least strongly indicate potential wrongdoing, what to do next has been a more complicated decision. Voluntary disclosure to enforcement authorities often led to enforcement proceedings and/or actions that result in severe adverse consequences to companies and their shareholders. Those adverse consequences might include a prosecution, a deferred prosecution agreement or at the very least, an extensive and expensive government investigation.

The fine print

The new policy essentially gives a pass to companies that find, fix and disclose. But before companies rush headlong to the disclosure window, several reservations in the DOJ policy announcement are worth noting.

  1. Culpable individuals are not covered. While corporations may escape criminal prosecution, culpable individuals can expect to be investigated and prosecuted.
  2. Voluntary disclosure and remediation do not guarantee that a company will not be prosecuted criminally. Rather, the policy has a presumption of a declination of prosecution.
  3. The policy creates an expectation of full and complete cooperation. Any company that is aware of or suspects FCPA violations will be expected to come forward with evidence and cooperate fully and completely in any follow-up investigation. That means conducting an internal investigation that meets government expectations for thoroughness and competence such that proof against culpable individuals would stand up in a court of law.
  4. The commitment to compliance must be real. To benefit from the policy the company will have to demonstrate that its compliance commitment is real and its compliance program meets standards articulated by the government, even if scaled to the size and complexity of the business entity employing it.
  5. Remediation must be genuine and sufficient. A company will have to show remedial steps that are genuine and sufficient to assure the government that the conduct in question is unlikely to recur.

A sea change

Taking these conditions of participation in this voluntary disclosure program into account does nothing to diminish the tremendous value to US companies that this change in enforcement policy presents. This policy is essentially an assurance that in the almost all circumstances a company that polices its own operations effectively, diligently looks into possible FCPA violations, and discloses and remediates any that it finds, will not be prosecuted. That is a sea change in announced intentions by the Department of Justice and will tip the balance in most cases toward engaging in remediation and voluntary disclosure. The relative certainty that this policy provides should be a welcome step in a more positive relationship between government enforcers and the vast majority of US businesses that are committed to legal compliance and strong business ethics. It should also help to eliminate the trend to “gotcha” prosecutions of the past that led to outlandish penalties greatly disproportionate to the underlying conduct that they supposedly were addressing.

Enforcement and Prosecution Policy and Trends, Securities and Commodities

SEC to Begin Regulating Initial Coin Offerings More Heavily

On November 16, 2017, U.S. Securities and Exchange Commission (SEC) Chairman Jay Clayton announced in a symposium on cybersecurity and financial crimes that the SEC would start taking enforcement action against coin offering issuers who fail to register with the SEC.

As cryptocurrencies, like Bitcoin, have become increasingly popular, startup companies have turned to a method known as an initial coin offering (“ICO”) to raise capital. Law 360 explains, “ICOs are used by the creators of blockchain-based structures to raise funds, usually for projects. . . . Instead of stock, investors receive tokens that can either be traded in the secondary market or used within the blockchain project.” This method closely resembles an initial public offering, but the key difference is that ICOs have largely been able to avoid federal regulations. These offerings have flown under the radar, at least up until now, because the technology is still in its early stages.

This unregulated method of raising capital creates the potential for significant fraud and abuse. As such, the SEC intends to regulate the practice, so much so that the Securities and Exchange Commission decided to form a Cyber Unit earlier this year. According to the SEC, the Cyber Unit will focus on targeting cyber-related misconduct, such as:

  • Market manipulation schemes involving false information spread through electronic and social media;
  • Hacking to obtain material nonpublic information;
  • Violations involving distributed ledger technology and initial coin offerings;
  • Misconduct perpetrated using the dark web;
  • Intrusions into retail brokerage accounts; and
  • Cyber-related threats to trading platforms and other critical market infrastructure

The creation of a Cyber Unit within the SEC is a clear indicator that the SEC will regulate cryptocurrency more heavily. As Chairman Clayton noted, “I think that now we have given the market a sufficient warning where we can move from level-setting the field to enforcing it.”

ICOs are not just in the crosshairs of American regulators, rather European regulators have also raised significant concerns about the practice. In fact, earlier this November, the European Securities and Markets Authority (ESMA) issued a statement warning firms involved in ICOs that they need to “comply with relevant legislation” and that “[a]ny failure to comply with the applicable rules will constitute a breach.”

Given the increasingly burdensome regulatory environment surrounding initial coin offerings and cryptocurrency, startups and other companies utilizing ICOs would be well advised to seek legal counsel so as to comply with all federal laws and or SEC regulations.

Anti-Bribery and Corruption, Enforcement and Prosecution Policy and Trends

SEC Expected to Expedite FCPA Investigations in Light of Kokesh

On November 9, 2017, Steven R. Peikin, Co-Director of the SEC’s Division of Enforcement, delivered a keynote speech at a conference commemorating the 40th anniversary of the enactment of the Foreign Corrupt Practices Act (“FCPA”) in which he reflected on “the past, present, and future” of the SEC’s enforcement of the FCPA.

After confirming the SEC’s commitment to robust FCPA enforcement, Peikin noted that a “principal challenge” the SEC is now facing is “the interplay between the length of time it takes to conduct an FCPA investigation and the statute of limitations” imposed by the recent Supreme Court decision in Kokesh v. SEC, 137 S. Ct. 1635 (2017).  Specifically, in June 2017, the Supreme Court unanimously held that SEC enforcement actions seeking disgorgement are subject to a five-year statute of limitations.  Id. at 1639.  Accordingly, in light of Kokesh, the SEC is no longer able to seek disgorgement from defendants for claims that accrue outside of the five-year limitations period.

Although Kokesh is not unique to FCPA matters, Peikin anticipates that the ruling “will have particular significance for [the SEC’s] FCPA cases” for two main reasons.  First, it is common practice for the SEC to seek disgorgement in FCPA matters.  Second, FCPA investigations are among the most lengthy for the SEC because: (a) “[i]n many instances, by the time a foreign corruption matter hits [the SEC’s] radar, the relevant conduct may already be aged;” and (b) once initiated, FCPA investigations are time-consuming in that they are factually complex and require the collection of evidence from foreign jurisdictions.

Therefore, Peikin declared that the SEC has “no choice but to respond by redoubling [its] efforts to bring cases as quickly as possible” in order to pursue all available remedies.  Peikin also expects that the Enforcement Division will continue to work closely with foreign law enforcement and regulators to both maximize efficiencies and to target assets held outside of the United States.

The full text of Peikin’s speech can be found at:

Enforcement and Prosecution Policy and Trends, Financial Institution Regulation, Securities and Commodities, Uncategorized

SEC Approves New PCAOB Standard

Recently, the SEC approved the PCAOB’s new auditor reporting standard, AS 3101, The Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion. Hailed as the most significant change to the auditor report’s format in over 70 years, AS 3101 significantly changes the format of the existing auditor’s report, arming investors and market participants with increased information to navigate an ever-expanding and increasingly complex and global marketplace.

Adopted by the PCAOB on June 1, 2017, AS 3101 requires auditors to provide new information about the audit and present a more informative and relevant auditor’s report to investors and other financial statement users. The new requirements include:

  • Communication of critical audit matters (CAMs) – i.e., matters communicated or required to be communicated to the audit committee and that: (1) relate to accounts or disclosures that are material to the financial statements; and (2) involved especially challenging, subjective, or complex auditor judgment;
  • Disclosure of the year the auditor began serving as the issuer’s auditor; and
  • A number of other improvements to the auditor’s report to clarify the auditor’s role and responsibilities, and make the auditor’s report easier to read.

The most controversial aspect of the new standard, the communication of CAMs, met with opposition from industry trade groups citing several concerns to the SEC:

  • Disclosure of immaterial information;
  • Replacing of management as the source of original information;
  • Imposing additional expenses on firms; and
  • A chilling effect on the audit committee/auditor relationship.

SEC Chairman Jay Clayton acknowledged these concerns, but expressed his support for the SEC’s unanimous decision to approve the PCAOB’s new standard. Clayton noted that AS 3101 “provide[s] investors with meaningful insights into the audit . . . [such as the] auditor’s perspective on matters discussed with the audit committee that relate to material accounts.” Clayton identified company independent audit committees “as one of the most significant and efficient drivers of value to Main Street investors [and] impairing or otherwise negatively affecting the work of well-functioning audit committees could have significant adverse effects on investors.”

AS 3101 will come into effect for large accelerated filers with fiscal years ending on or after June 30, 2019 and for all other companies to which the requirement applies with fiscal years ending on or after December 15, 2020. The PCAOB will be monitoring its progress through a post-implementation review.

Only time will tell whether the new disclosures will provide the intended benefit to the marketplace.

Enforcement and Prosecution Policy and Trends, Immigration and Worksite Enforcement

Increased Immigration Worksite Enforcement Looming in 2018

 The days of speculation may have ended. Immigration and Customs Enforcement’s (ICE) acting director recently made clear that Form I-9 audits and worksite enforcement actions will surge in the coming year.

In line with the Trump Administration’s tough position on immigration and its budget requests, most employers have anticipated increased immigration-focused audits and enforcement actions. But we did not see a noticeable uptick during the first three quarters of 2017.

Lest employers become complacent, on October 17, ICE’s Acting Director Thomas Homan announced that ICE would increase worksite audits by “four or five times” in the next year. This comes after a January Executive order and more recent statement by ICE announcing plans to hire 10,000 new worksite enforcement officers.

All the signs now clearly point to an increase in audits and worksite enforcement in 2018. It will take time to hire and train this large volume of new officers. Therefore, it won’t be until next year—likely next summer—before we see a big impact on employers. This provides a short window for many companies to shore up their immigration compliance efforts or else face substantial penalties. Even simple mistakes, like paperwork violations, can cost companies between $220 and $2,191 per Form I-9.  The most recent increased penalties are available here.

As a start, it is always a good practice to conduct internal I-9 audits to ensure compliance.  The Department of Justice and ICE have provided joint guidance on conducting internal audits: Companies should also ensure they are using the most recent version of the Form I-9.  This version was published in July 2017 and became mandatory in September 2017.  Finally, companies should ensure they retain experienced immigration compliance counsel to assess the adequacy of immigration policies and procedures, ensure compliant Form I-9 practices, and defend the company should a government audit or investigation arise.