Investigations, Enforcement, & Compliance Alerts

Recent enforcement actions targeting a CEO, CFO, and an audit committee chair underscores the SEC's focus on gatekeeper accountability.

The Securities and Exchange Commission recently announced charges and million-dollar penalties against four companies for allegedly making materially misleading disclosures regarding cybersecurity risk and intrusions relating SolarWinds hack.

On October 22, 2024, the Department of Justice announced a False Claims Act (FCA) settlement related to a government contractor’s failure to adhere to certain cybersecurity requirements. Specifically, Pennsylvania State University (Penn State) has agreed to pay US$1.25M to resolve allegations that it violated the FCA by failing to comply with cybersecurity requirements in fifteen contracts or subcontracts involving the Department of Defense (DOD) or the National Aeronautics and Space Administration (NASA). The DOJ announcement is available here: https://www.justice.gov/opa/pr/pennsylvania-state-university-agrees-pay-125m-resolve-false-claims-act-allegations-relating.

It is no longer a secret that the U.S. Department of Justice (DOJ) has recently, and in some ways radically, increased its enforcement of the Foreign Agents Registration Act (FARA or the Act) and related foreign influence and lobbying laws that require adequate disclosure and transparency about domestic activities performed on behalf of foreign governments, companies, nonprofits, and other foreign actors. The uptick in recent prosecutions centered around improper foreign influence has been highlighted by the latest indictment of New York Mayor Eric Adams for allegedly receiving bribes and soliciting illegal campaign contributions from foreign sources tied to Turkey. He’s the third politician in just the last year who has been charged with crimes involving foreign influence operations—in the case of New Jersey Senator Bob Menendez, it was Egypt, and for Texas Congressman Henry Cuellar, it was Azerbaijan and a Mexican bank.

On October 16, 2024, the New York Department of Financial Services (DFS) released an important industry guidance letter aimed at addressing the novel, complex cybersecurity risks associated with artificial intelligence (AI).

On September 25, 2024, the Securities and Exchange Commission (the SEC) announced settled charges against 25 entities and individuals for late beneficial-ownership and insider-transaction reports. The SEC had levied penalties on these filers because of failures to timely report information about their holdings and transactions in public-company stock. Without admitting or denying the charges, 2 public companies, 13 other entities, and 10 individuals agreed to cease committing and causing violations and pay civil penalties. The civil penalties ranged from $10,000 to $200,000 for individuals, and $40,000 to $750,000 for the entities involved, including $200,000 each for two public companies that were charged with contributing to filing failures by certain corporate insiders and failing to report their insiders’ filing delinquencies.

The Securities and Exchange Commission (SEC) recently charged a public company with violations of Regulation Fair Disclosure (“Regulation FD”) stemming from social media posts by the company’s CEO. These charges are evidence of a trend toward increased Regulation FD enforcement by the SEC.

Last month, the U.S. Department of Defense (DOD) published a Proposed Rule setting out planned revisions to the Defense Federal Acquisition Regulations (DFARS) to implement the requirements of the Cybersecurity Maturity Model Certification program (CMMC 2.0) proposed in December 2023.[1] CMMC 2.0 is a framework for verifying a DOD contractor’s implementation of cybersecurity measures that the DOD requires to protect sensitive unclassified information including Controlled Unclassified Information (CUI), and Federal Contract Information (FCI). The Proposed Rule revises the DFARS to reference the CMMC 2.0 requirements that were proposed in December 2023. This includes changes to the existing CMMC clause at DFARS 252.204-7021, the creation of a new solicitation provision to accompany DFARS 252.204-7021 which will provide notice of the CMMC 2.0 requirement, the establishment of a plan for a phased rollout of the Proposed Rule, and the addition of certain new definitions. The Proposed Rule’s comment period ends on October 15, 2024.

The U.S. Department of Justice (DOJ) recently updated its Evaluation of Corporate Compliance Programs (ECCP) to reflect emerging challenges in corporate compliance.

On August 27, 2024, the New York State Department of Financial Services (DFS) entered a Consent Order with Nordea Bank Abp and its New York branch requiring Nordea to pay $35 million within ten days of the Order. DFS’s investigation into Nordea Bank focused on the inadequacies of its Know Your Customer (KYC) and anti-money laundering (AML) policies, practices, and procedures at its banks in Latvia, Lithuania, Estonia, and Denmark—opened after the fall of the Soviet Union. DFS also found that Nordea failed to comply with the federal Bank Secrecy Act. As a result, Nordea was found to have violated 3 N.Y.C.R.R. § 116.2 for failing to maintain an effective and compliant AML program, failing to conduct adequate due diligence in its correspondent bank and Relationship Management Application relationships, and 3 N.Y.C.R.R. § 504.3 by failing to maintain an adequate transaction monitoring system.

The Department of Justice has formally launched a three-year pilot of its Corporate Whistleblower Awards Program (Pilot Program), which is likely to increase the number of government investigations of corporate wrongdoing—and related recoveries—in key areas over the course of the next several years. Under the Pilot Program, whistleblowers who provide DOJ’s Criminal Division with truthful information about corporate misconduct may be eligible for significant monetary awards.  In back-to-back statements, Deputy Attorney General Lisa Monaco and Principial Deputy Assistant Attorney Nicole Argentieri announced the launch of the Pilot Program and filled in some of the blanks from prior announcements about the Pilot Program.

The U.S. Department of Justice recently succeeded in its prosecution of former Ontrak CEO Terren Peizer for insider trading, which involved the misuse of his 10b5-1 trading plan. This post provides an overview of the case’s background and outcome, and highlights key lessons that directors and officers of public companies should consider.

On June 28, the Supreme Court overruled the longstanding Chevron deference doctrine in Loper Bright Enterprises v. Raimondo. Now, courts must interpret ambiguous statutes independently—without being required to accept an agency’s “permissible” interpretation of an ambiguous statute. 

With the Davis-Bacon Act (DBA) as a significant consideration for many federal contractors and grant recipients on federally funded construction contracts, grants, and loans, compliance with the Department of Labor’s (DOL) 2023 updates to the DBA regulations (the DOL Final Rule) is now hanging in the balance.

The Supreme Court of the United States’ recent decisions in Loper Bright Enterprises et al. v. Raimondo, 603 U.S. (2024) and Corner Post v. Board of Governors, Federal Reserve System, 603 U.S. __ (2024), may provide federal contractors with new arguments and opportunities to challenge agency regulations in litigation and bid protests.

The Supreme Court’s recent decision in Snyder v. United States, No. 23-138 (U.S. June 26, 2024), narrowed the federal program bribery statute, 18 U.S.C. § 666, to prohibit only bribery.

In Loper Bright v. Raimondo and Relentless v. Department of Commerce, the Supreme Court overruled its landmark decision in Chevron U.S.A. Inc. v. Natural Resources Defense Council, Inc. (1984) in a 6-3 decision. Courts will now interpret federal statutes without being required to accept an agency’s “permissible” interpretation of an ambiguous statute.

On June 27, 2024, the Supreme Court handed down its decision in SEC v. Jarkesy, holding that the Seventh Amendment entitles defendants to a jury trial in an Article III court when the SEC seeks civil penalties for securities fraud. 

The Federal Improvement in Technology Procurement Act (FIT Procurement Act) was introduced by Senators Gary Peters (D-MI) and Ted Cruz (R-TX) in late March 2024.

On May 3, 2024, the federal government took steps to ban federal purchases of semiconductor products from certain U.S. foreign adversaries in a proposed rule that would affect the majority of federal contracts. The proposed rule would amend the Federal Acquisition Regulation (FAR) to implement section 5949 of the 2023 National Defense Authorization Act (Pub. L. 117-263) (NDAA).