DOJ Enforcement - lightfootwhitecollar.comlightfootwhitecollar.com/materials/bauer.pdf · 1776 K...
Transcript of DOJ Enforcement - lightfootwhitecollar.comlightfootwhitecollar.com/materials/bauer.pdf · 1776 K...
What Keeps a General Counsel Up at Night: Trends in DOJ Enforcement, Congressional Investigations, and Cybersecurity
Lightfoot White Collar Crime Institute May 8, 2019
PresentersJeffrey M. BauerAssistant General CounselInvestigations & LitigationHuntington Ingalls Industries, Inc.4101 Washington Avenue Newport News, VA 23607Telephone: 757‐688‐0191jeffrey.m.bauer@hii‐co.com
Ralph J. CacciaPartnerWhite Collar Criminal DefenseWiley Rein LLP1776 K Street NWWashington, DC 20006Telephone: 202‐719‐[email protected]
DOJ Enforcement
Updated Policy on Pursuing Individuals in Corporate Enforcement Matters (“Yates Memo”) Rosenstein announced revised policy in December 2018
Criminal Matters• “[i]dentify every individual who was substantially involved” in the wrongdoing
Civil Matters • Considers ability to pay • More flexibility for partial credit
Extending the Corporate Enforcement Policy FCPA Corporate Enforcement Policy
In Justice Manual (nonbinding)
Sets forth criteria for potential declination in FCPA cases
Even where declination is inapplicable, DOJ may recommend 25‐50% sentence reduction and may not impose a monitor
Extending the Corporate Enforcement Policy DOJ Considering Extending Policy to Other Areas
Will use the policy as “nonbinding guidance” in all Criminal Division matters involving corporations
DOJ will start using principles of the policy in evaluating wrongdoing uncovered in mergers and acquisitions
Current Enforcement Priorities Opioids Health Care Fraud• Pharma/Medical Devices
Immigration Fraud FCPA Export Control Violations
Congressional Investigations
Powers and Limits of Congressional Investigations Sweeping oversight/investigative authority
Power to issue subpoenas that demand documents or testimony
Failure to comply with a Congressional subpoena can result in a criminal prosecution for contempt of Congress
9
Powers and Limits of Congressional Investigations (cont’d) Investigative powers of Congress are wielded through the committee system
Each committee and subcommittee has the power to subpoena and hold hearings
Limited ability to challenge the scope or propriety of an investigation or a particular subpoena
10
Congressional Committees
The House has 21 committees and several Select committees The Senate has 20 committees, 68 subcommittees, and 4 joint committees Each federal agency has a key appropriator and oversight committee, some have several GAO
11
House Democrats’ Oversight Priorities Axios reported there are at least 85 topics that Democrats have said they’d target or expect to
target, including:
• Muller Report• Trump Family/Trump Finances• Firing of James Comey • Treasury Secretary Steven Mnuchin's
business dealings• White House staff's personal email
use• Cabinet secretary travel, office
expenses, and other misused perks• Discussion of classified information
at Mar‐a‐Lago
• Jared Kushner's ethics law compliance
• Dismissal of members of the EPA board of scientific counselors
• The travel ban• Family separation policy• Hurricane response in Puerto Rico• Election security and hacking
attempts• White House security clearances
12
Possible Bipartisan Oversight Priorities Drug Pricing
Security Clearance Process
“Techlash”
Compliance as a government contractor
Procurement activities and operations of government contractors
Implementation of the Affordable Care Act
Trade policy / Theft of Trade Secrets
National security / Possible FISA Abuse
Campaign finance
#MeToo
13
Spotlight: House Committee on the Judiciary Led by Chairman Jerry Nadler (D‐NY) and ranking member Doug Collins (R‐GA)
Broad jurisdiction: oversight of DOJ, legislative jurisdiction over IP laws, crime & terrorism, immigration and border security, antitrust law, and civil justice issues
Responsible for impeachment proceedings for federal officials
Areas of interest Nadler has specifically mentioned include:• Corporate mergers
• Immigration
• Improper interference with the FBI/DOJ by the White House
• Voter Suppression
14
Spotlight: Senate Committee on the Judiciary Led by Chairman Lindsey Graham (R‐SC) and Ranking Member Dianne Feinstein (D‐
CA)
Broad jurisdiction covering same issues as House Committee
Processes all nominations of Article III federal judges and executive branch nominees within its jurisdiction (DOJ, FBI, DHS, USSS, etc.)
Maintains oversight and investigations staff
Recent areas of interest include:• Tech and election interference
• Cybersecurity
• Antitrust
15
Spotlight: Senate Committee on Commerce, Science, and Transportation Led by Chairman Roger Wicker (R‐MS) and Ranking Member Maria Cantwell
(D‐WA) Jurisdiction over issues including communications, highways, aviation, rail, shipping,
transportation security, climate change, disasters, science, space, interstate commerce, tourism, consumer issues, economic development, technology, competitiveness, product safety, and insurance
The Committee maintains an Office of Oversight and Investigations
Recent areas of interest include:• Data security and breaches
• Federal communications policy
• Transportation safety
16
Spotlight: Senate Homeland Security and Government Affairs Committee Led by Chairman Ron Johnson (R‐WI) and Ranking Member Gary Peters (D‐MI)
Recent activities have looked at:• Opioid crisis • Vulnerabilities with international mail systems• Human trafficking (backpage.com)
17
Cybersecurity
Cyber Threats are Serious and Varied
Hackers may infiltrate and steal corporate emails Ransomware attacks may shut down operations Intellectual property may be stolen DDoS attacks on infrastructure may hinder operations Direct attacks on digital currency operators result in stolen currency Vulnerabilities, white hat hackers, and fake apps can erode public
confidence These threats can lead to litigation, inquiries from regulators,
Congressional oversight, customer and public relations issues
‘Soft’ Regulation Has Been the Touchstone for Cybersecurity Federal government has avoided direct regulation, but has steadily increased
expectations
NIST Cybersecurity Framework provides Federal guidance on improving cybersecurity
Government has favored public/private partnerships to improve security, like the Department of Homeland Security’s National Risk Management Center, which was created in July 2018
Federal Trade Commission demands “reasonable security” under Section 5 of FTCA
Some industries, like financial services and health care, have rules
Overlapping Federal Efforts Address Cyber
Increasing concerns with private sector lead government to ratchet up expectations for vulnerability management, supply chain risk management, and network protection
Executive Orders and agencies offer an array of best practices, recommendations, and expectations
U.S. has a patchwork of regulators/actors
National security issues are increasingly driving cyber policy
Expect increased House congressional oversight on cyber and privacy practices
2018 SEC Guidance Signals Regulatory View on Cyber
Publicly traded companies must disclose material cyber risk
SEC fined Yahoo $35 million for failing to disclose data breach in connection with sale to Verizon
Broker‐Dealer and investment adviser agreed to pay $1 million to settle charges related to failures in cybersecurity policies and procedures surrounding an intrusion that compromised personal information of thousands of customers
National Cyber Strategy On September 20, 2018, the White House released the National Cyber Strategy:
• Portends significant and increased burdens on federal contractors• Cross‐sector solutions• Updated standards and best practices • Full‐lifecycle cybersecurity
States Are Leading Cyber Regulation and Enforcement Action In the absence of preemptive federal legislation, states are acting on cybersecurity
California passed comprehensive cybersecurity and data protection laws
New York’s Department of Financial Services Regulations on Cybersecurity
In the aftermath of a cyber incident, State Attorneys General often aggressively pursue enforcement actions against the victim company
Key Area of Enforcement: Blockchain and Cryptocurrency In March 2018, the FTC announced a Blockchain Working Group, in part to, “facilitate
... external coordination on enforcement actions” and to “to protect consumers and promote competition in light of cryptocurrency and blockchain developments”
In October 2018, NIST published NISTIR 8202, Blockchain Technology Report, which provides a high‐level technical overview of blockchain technology
DOJ and FTC have brought several actions alleging fraud in connection with ICOs
SEC and CFTC have brought actions alleging unlicensed broker dealers using cryptocurrency have violated KYC requirements
Congressional Blockchain Caucus remains active and members have introduced a number of bills to attempt to provide regulatory clarity around blockchain projects
Key Area of Enforcement: Mobile Payment Apps
FTC Action against Venmo (PayPal) (2018)
Enforcement consistent with staff views on peer‐to‐peer payments
State of Texas brought similar action against Venmo in 2016
Note: AML compliance can be in tension with representations to customers
Key Area of Enforcement: Internet of Things Many cybersecurity researchers have criticized IoT device
cybersecurity
Best practices and guidance on IoT Security are being published across the federal government• NIST• FTC• Labeling
In October 2018, the FDA announced new guidance for connected medical devices
Questions?