Corporate Investigations & White Collar Defense - April 2015

by Manatt, Phelps & Phillips, LLP

In This Issue:

  • It’s Stifling in Here! SEC Rules That Companies Can’t Put Restrictive Language in Confidentiality Agreements That Could Potentially Stifle Whistleblowers
  • An Opinion on Opinions: U.S. Supreme Court Decision in Omnicare
  • Is OFAC the New Black? Schlumberger and PayPal—The Rise in the Enforcement of Sanctions Penalties
  • Wherefore Art Thou Due Process? SEC Administrative Hearings Under Attack
  • So . . . Where You From? The Use of “Country of Origin” Violations as the Basis for False Claims Act Qui Tams Spreads to the Medical Device Industry
  • First Swiss Bank Reaches Resolution with the DOJ Under Its Swiss Bank Program
  • Compliance Is Key, and Woe to the Repeat Offender!

It’s Stifling in Here! SEC Rules That Companies Can’t Put Restrictive Language in Confidentiality Agreements That Could Potentially Stifle Whistleblowers

Why it matters: On April 1, 2015, the SEC announced its first-ever enforcement action against a company for using restrictive language in confidentiality agreements with witnesses interviewed during internal investigations that has the potential to improperly stifle whistleblowers and impede the whistleblowing process. The ruling should encourage companies to review confidentiality, severance and other employment-related agreements to ensure that they do not contain similar language discouraging whistleblowing.

Detailed discussion: In its first-ever enforcement action against a company for putting language in its confidentiality agreements with employees that could potentially stifle whistleblowers, the SEC announced on April 1, 2015 that it had charged Houston-based global technology and engineering firm KBR, Inc. (KBR) with violating Rule 21F-17 enacted under the Dodd-Frank Act to protect the whistleblowing process.

In its press release accompanying the cease-and-desist order filed that day, the SEC alleged that, in connection with internal investigations into possible securities law violations, KBR required witnesses in interviews to sign confidentiality statements containing “language warning that they could face discipline and even be fired if they discussed the matters with outside parties without the prior approval of KBR’s legal department” in violation of Rule 21F-17. Rule 21F-17, which went into effect in August 2011, provides in relevant part that “[n]o person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.”

The SEC’s order quotes the somewhat standard language at issue from KBR’s form confidentiality agreement: “I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.”

Although the SEC admitted that there were no specific allegations that the language in KBR’s confidentiality agreement impeded any KBR employee from reporting a possible securities violation to the SEC or that KBR had ever taken action to enforce the language against anyone, the key issue for the SEC was that it had the potential to do so. As the SEC said in the press release: “Any company’s blanket prohibition against witnesses discussing the substance of the interview has a potential chilling effect on whistleblowers’ willingness to report illegal conduct to the SEC.”

In that connection, Sean McKessy, Chief of the SEC’s Office of the Whistleblower, seemed to give a “heads-up” to other companies that other such actions may be in the works: “Other employers should similarly review and amend existing and historical agreements that in word or effect stop their employees from reporting potential violations to the SEC.” Indeed, The Wall Street Journal reported on February 25 that in the weeks prior the SEC had issued requests to several companies for copies of “every nondisclosure agreement, confidentiality agreement, severance agreement and settlement agreement they entered into with employees since Dodd-Frank went into effect, as well as documents related to corporate training on confidentiality, including ‘all documents that refer or relate to whistleblowing’ and a list of terminated employees.”

To settle the matter, and without admitting to any liability, KBR agreed to pay a penalty of $130,000 and voluntarily amend its confidentiality agreements to add the following language, presumably “blessed” by the SEC, making it clear that employees are free to report possible securities violations to the SEC and other federal agencies without retaliation or first having to contact KBR for approval: “Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.” Importantly, this language does not appear to breach the attorney-client privilege that applies to the communications during the employee interview itself.

SEC Director of Enforcement Andrew Ceresney summed it up by stating that “[b]y requiring its employees and former employees to sign confidentiality agreements imposing pre-notification requirements before contacting the SEC, KBR potentially discouraged employees from reporting securities violations to us . . . SEC rules prohibit employers from taking measures through confidentiality, employment, severance, or other type of agreements that may silence potential whistleblowers before they can reach out to the SEC. We will vigorously enforce this provision.”

In light of the foregoing, now would be a good time for companies to dust off their form agreements having to do with employees (confidentiality, employment, severance, etc.) and review them for language that could be perceived by the SEC to potentially stifle whistleblowers.

See here for the SEC press release issued on 4/1/15 regarding KBR, Inc.

See here for the Order dated 4/1/15, In the Matter of KBR, Inc. Instituting Cease-And-Desist Proceedings Pursuant to Section 21C of the Securities Exchange Act of 1934, Making Findings, and Imposing a Cease-And-Desist Order.

For more on this matter, refer to the 2/25/15 Wall Street Journal article “SEC Probes Companies’ Treatment of Whistleblowers” by Rachel Louise Ensign.

An Opinion on Opinions: U.S. Supreme Court Decision in Omnicare

Why it matters: In an important decision involving subjective statements of opinion under the “omissions” clause of Section 11 of the Securities Act of 1933, the Supreme Court made clear that even an opinion can form the basis of a charge of making a “false and misleading” statement. Will this open the floodgates to alleged false opinion cases being brought under other securities fraud statutes or even under the certification provisions of the False Claims Act?

Detailed discussion: On March 24, 2015, the U.S. Supreme Court issued its decision in the long-running case of Omnicare, Inc. v. Laborers District Council Construction Industry Pension Fund (Omnicare). At issue was whether Section 11 of the ’33 Act applies to statements of opinion contained in a registration statement. In a two-pronged analysis, the Court found that a sincerely held statement of opinion will not create liability as an “untrue statement of material fact” under the first part of Section 11, even if the opinion later proves to be wrong. However, the statement of opinion can create liability under the second part of Section 11 if it omits facts that, if included, would demonstrate to a reasonable investor that the issuer lacked the basis for making that statement of opinion. The Court vacated the Sixth Circuit opinion in the case, determining that court “applied the wrong standard” in its deliberations, and remanded the case so that the proper standard, as articulated by the Court, could be applied. This newly articulated standard could affect not only SEC enforcement cases involving allegedly false statements of opinion by issuers, but also, by analogy, cases involving false certification of legal compliance under the False Claims Act.

First, a brief statement of the underlying facts: Omnicare, a large North American pharmaceutical care services provider, filed a registration statement in December 2005 in connection with a $12.8 million public offering of its common stock. The registration statement contained two statements, detailed below, expressing Omnicare’s opinion that it was operating in compliance with federal and state laws.

In 2006, after the DOJ charged Omnicare in an FCA illegal kickback scheme (settled in 2009), certain pension funds (Funds) that had purchased the company’s stock filed suit against Omnicare claiming, among other things, that Omnicare’s statements of legal compliance were false and misleading in violation of Section 11 of the ’33 Act. The case never got beyond the pleading stage. In 2007, the district court granted Omnicare’s motion to dismiss due to the Funds’ failure to plead a causal connection between Omnicare’s alleged misconduct and the Funds’ losses. In 2009, the Sixth Circuit affirmed the district court opinion except with respect to the Section 11 claim—finding that loss causation is not an element of Section 11 but instead an affirmative defense—and remanded the case back to the district court. The Funds filed an amended complaint re-pleading the Section 11 claim, again citing Omnicare’s “material misstatements and omissions” relating to legal compliance and claiming that Omnicare’s officers and directors did not possess “reasonable grounds” for believing the opinions to be true and complete. In 2012, the district court again granted Omnicare’s motion to dismiss, this time due to the Funds’ failure to plead that Omnicare knew that the opinions stated in the registration statement were false. The Funds again appealed to the Sixth Circuit, which in 2013 reversed and remanded the case back to the district court. Acknowledging that the legal compliance statements at issue expressed Omnicare’s “soft information” opinions, the Sixth Circuit found that under Section 11 a plaintiff need only claim that a statement in a registration statement is objectively false without also having to plead subjective knowledge of falsity.

The U.S. Supreme Court granted certiorari in 2014 to consider how Section 11 pertains to statements of opinion. The Court began its analyses by setting forth the two statements of opinion at issue, including the related caveats to those opinions that Omnicare included in the registration statement:

1. “We believe our contract arrangements with other healthcare providers, our pharmaceutical suppliers and our pharmacy practices are in compliance with applicable federal and state laws.” In a caveat to this statement of opinion, Omnicare referred to several state-initiated enforcement actions against pharmaceutical manufacturers for kick-back schemes, and said that its practices might “be interpreted in the future in a manner inconsistent with our interpretation and application.”

2. “We believe that our contracts with pharmaceutical manufacturers are legally and economically valid arrangements that bring value to the healthcare system and the patients that we serve.” In a caveat to this statement of opinion, Omnicare noted that the federal government had expressed “significant concerns” about some manufacturers’ rebates to pharmacies and warned that Omnicare’s business might suffer “if these price concessions were no longer provided.”

Writing for the majority in the decision handed down on March 24, Justice Kagan stated that the Court’s consideration of whether Section 11 applies to statements of opinion would be in “two steps, corresponding to the two parts in Section 11 and the two theories in the Funds’ complaint.”

With respect to the Funds’ first theory, that Omnicare’s opinions on legal compliance constituted “untrue statement[s] of . . . material fact” under Section 11, the Court analyzed whether an opinion in and of itself can constitute a factual misstatement. Noting that the Funds did not allege that Omnicare’s opinions were dishonestly held, only that they were wrong, the Court found that “that allegation alone will not give rise to liability under Section 11’s first clause because, as we have shown, a sincere statement of pure opinion is not an ‘untrue statement of material fact,’ regardless of whether an investor can ultimately prove the belief wrong.” Finding otherwise would allow investors to “second-guess” and “Monday morning quarterback” an issuer’s subjective opinions. Thus Omnicare’s statements of opinion did not violate the first part of Section 11 even though they ultimately turned out to be wrong.

The Court then went on to consider the Funds’ second theory under Section 11, that in its opinions Omnicare “omitted to state a material fact . . . necessary to make the statements not misleading.” Under this theory, the Court analyzed when an opinion may be rendered misleading by the omission of facts. Noting that “whether a statement is ‘misleading’ depends on the perspective of a reasonable investor,” the Court’s analysis focused on “when, if ever, the omission of a fact can make a statement of opinion like Omnicare’s, even if literally accurate, misleading to an ordinary investor.” The Court noted as “having a kernel of truth” Omnicare’s claim that “no reasonable person, in any context, can understand a pure statement of opinion to convey anything more than the speaker’s own mindset” and that so long as the opinion is sincerely held, it can’t be misleading no matter how many related facts are omitted. In short, “[r]easonable investors do not understand such statements [of opinions] as guarantees, and Section 11’s omissions clause therefore does not treat them that way.”

However, the Court states that “Omnicare takes its point too far, because a reasonable investor may, depending on the circumstances, understand an opinion statement to convey facts about how the speaker has formed the opinion—or, otherwise put, about the speaker’s basis for holding that view. And if the real facts are otherwise, but not provided, the opinion statement will mislead its audience.”

The Court used as an example the statement that “We believe our conduct is lawful.” If the speaker makes that statement without consulting a lawyer, it could be “misleadingly incomplete” even if sincerely made, in that a reasonable investor would expect such an assertion to be based on meaningful legal inquiry. The same is true if the speaker were to make that statement contrary to legal advice or with the knowledge that the government takes the opposite view. The Court went on to hold that “if a registration statement omits material facts about the issuer’s inquiry into or knowledge concerning a statement of opinion, and if those facts conflict with what a reasonable investor would take from the statement itself, then Section 11’s omissions clause creates liability.”

The Court qualified that, in stating an opinion, the speaker is allowed to weigh competing facts and will not be liable for omitting a “minority position” fact that later proves to be true: “A reasonable investor does not expect that every fact known to an issuer supports its opinion statement.” Moreover, the context in which the opinion is made must be considered when analyzing whether the omission is relevant. A reasonable investor, for example, would expect an opinion in a registration statement to not be made “off-the-cuff.” The statement of opinion also can’t be looked at in a vacuum and must take into account the customs and practices of the relevant industry: “The reasonable investor understands a statement of opinion in its full context, and Section 11 creates liability only for the omission of material facts that cannot be squared with such a fair reading.”

The Court said that, in order to gain insight into how a reasonable person understands a statement of opinion, including factual omissions from that opinion, the common law regarding the tort of misrepresentation is relevant. It quoted the Restatement of Torts as recognizing “‘[a] statement of opinion as to facts not disclosed and not otherwise known to the recipient may’ in some circumstances reasonably ‘be interpreted by him as an implied statement’ that the speaker ‘knows facts sufficient to justify him in forming’ the opinion or that he at least knows no facts ‘incompatible with [the] opinion.’” The Court also quoted Prosser and Keaton’s “leading treatise” in this area, which provides that “the expression of an opinion may carry with it an implied assertion, not only that the speaker knows no facts which would preclude such an opinion, but that he does know facts which justify it.” The Court goes on to quote the treatise that this is especially true in situations where—as in a registration statement—a speaker “holds himself out or is understood as having special knowledge of the matter which is not available to the plaintiff.”

The Court also looked to the congressional intent behind the adoption of Section 11, that issuers “tell the whole truth” to investors, stating “[f]or that reason, literal accuracy is not enough: An issuer must as well desist from misleading investors by saying one thing and holding back another. Omnicare would nullify that statutory requirement for all sentences starting with the phrases ‘we believe’ or ‘we think.’ But those magic words can preface nearly any conclusion, and the resulting statements, as we have shown, remain perfectly capable of misleading investors.”

The Court concluded by remanding the case back to the lower courts. In the Court’s view, “[n]either court below considered the Funds’ omissions theory with the right standard in mind – or indeed, even recognized the distinct statutory questions that theory raises . . . . We therefore follow our ordinary practice of remanding for a determination of whether the Funds have stated a viable omissions claim (or, if not, whether they should have a chance to replead).” In remanding the case, however, the Court emphasized that the Funds must identify the specific facts left out of Omnicare’s registration statement. Mere recitation of the statutory omissions language would not be sufficient, nor would the Funds’ conclusory allegation that Omnicare lacked “reasonable grounds for the belief” it stated in its opinion statements regarding legal compliance.

Furthermore, the Court stated that any analysis of whether Omnicare’s opinions were misleading must look at the context in which they were made: “The court must take account of whatever facts Omnicare did provide about legal compliance, as well as other hedges, disclaimers or qualifications it included in the registration statement.” This specifically includes the “caveats” to the legal compliance opinions that Omnicare included about states initiating enforcement actions against drug manufacturers for giving rebates to pharmacies, that the federal government had expressed concerns about the practice, and that the relevant laws “could” be interpreted in the future in a manner that would harm Omnicare’s business.

It is possible that courts wrestling with false certification cases under the False Claims Act—where a certification of legal compliance with the law is either an express or implied condition of payment of a claim for federal funds—might look to the Omnicare opinion in deciding whether a false certification has taken place and is actionable.

See here for the U.S. Supreme Court decision in Omnicare, Inc., et al, Petitioners v. Laborers District Council Construction Industry Pension Fund et al. (No. 13-435) (3/24/15).

Is OFAC the New Black? Schlumberger and PayPal—The Rise in the Enforcement of Sanctions Penalties

Why it matters: In recent years, international banks have been the government’s favored target for the imposition of huge penalties arising from violations of the U.S. sanctions laws, most recently in the Commerzbank case (discussed in our March newsletter). However, two recent cases, Schlumberger and PayPal, illustrate that the government is cracking down on sanctions violations in other global industry sectors.

Detailed discussion: In the recent high-profile cases involving international banks BNP Paribas and Commerzbank, the government exacted significant penalties arising from the banks’ doing business with blacklisted countries in violation of the U.S. sanctions laws. Two recent government enforcement actions, one by the DOJ and the other by OFAC, illustrate that the government is looking beyond international banks to seek penalties for U.S. sanctions violations from global companies operating in other industry sectors.

Schlumberger: Schlumberger, Ltd. is a global oilfield services organization. On March 25, 2015, the DOJ announced that Schlumberger Oilfield Holdings Ltd. (SOHL), a subsidiary of Schlumberger, agreed to plead guilty and pay a penalty of over $232.7 million (including a criminal forfeiture of over $77.5 million and a criminal fine of over $155.2 million) for willfully violating the U.S. sanctions laws by facilitating trade with Iran and Sudan. The criminal indictment and statement of offense filed on March 25 set out the following facts: From roughly 2004 to 2010, Drilling & Measurements (D&M), a business segment of Schlumberger headquartered in Sugar Land, Texas, provided oilfield services to customers in Iran and Sudan through SOHL’s non-U.S. subsidiaries. Among other things, D&M employees were found to have approved capital expenditure requests from Iran and Sudan for the manufacture of new oilfield drilling tools, which requests were often worded so as to disguise the identities of the embargoed locations. In addition, headquarters personnel at D&M made and implemented business decisions involving, and provided technical services to, D&M operations in Iran and Sudan.

During the relevant time period, Schlumberger had sanctions compliance policies and procedures in place designed to ensure that U.S. sanctions laws were not violated, including a “Recusal Program” whereby U.S. citizens were required to recuse themselves from involvement in business related to Iran and Sudan. However, the government found that Schlumberger failed to effectively enforce its policies and procedures, and failed to provide adequate compliance training and supervision of D&M personnel (including non-U.S.-citizen D&M employees living in the U.S.) pursuant to such programs. These “failures” were found to have contributed to D&M’s “willful” violation of the U.S. sanctions laws.

In addition to the hefty penalty, the plea agreement requires that SOHL agree to a three-year corporate probation period during which it must continue to cooperate with the government and not commit any additional violations of U.S. law. In addition, the plea agreement requires Schlumberger to hire an independent consultant to review its internal sanctions policies and procedures as well as its company-generated sanctions compliance audit reports.

PayPal: While the amount of the penalty is not as significant as in Schlumberger, OFAC demonstrated that it will aggressively pursue enforcement of its various U.S. sanctions programs in the case of PayPal, Inc., a licensed money services business headquartered in San Jose, California (PayPal). On March 25, OFAC announced that it had entered into a civil settlement of over $7.7 million with PayPal in connection with claims that it violated multiple OFAC sanctions programs. OFAC found that, from roughly late 2009 through mid-2013, PayPal processed 486 transactions (totaling approximately $44,000) involving embargoed countries (Cuba, Iran and Sudan) and/or the accounts of embargoed individuals on OFAC’s lists of “Specially Designated Global Terrorists” and “Weapons of Mass Destruction Proliferators and Their Supporters.” In many cases, the transactions giving rise to the sanctions violations contained explicit references to the embargoed locations or individuals.

In one case, which OFAC deemed to be an “egregious” violation of its Weapons of Mass Destruction Proliferators Sanctions Regulations, PayPal said that it at first failed to identify the embargoed individual whose name was on the account, Turkish national Kursud Zafer Cire, because its automated filter (designed to catch and identify transactions involving Specially Designated Nationals or SDNs) was not “working properly.” Even when the filter started working and the next five transactions involving Cire’s account were flagged, PayPal’s risk management employees dismissed the warnings in violation of PayPal’s internal policies and procedures. The sixth time a transaction involving Cire was flagged, a risk management employee followed internal procedures by creating a “case” for the match, restricting Cire’s account and requesting additional information from Cire. However, upon receiving the requested information, including a copy of Cire’s passport that showed a birth date and place identical to the person on the SDN list, a risk management employee dismissed the match due to an “apparent misunderstanding” of why the filter had flagged Cire’s account for review. It was not until the seventh time Cire’s account was flagged that PayPal appropriately blocked the account and reported it to OFAC.

OFAC cited many “aggregating factors” in the case, including its finding that PayPal’s compliance program was inadequate to prevent the sanctions violations. It cited as “mitigating factors” PayPal’s substantial cooperation with OFAC’s investigation and its hiring of new management in its compliance division, which undertook various measures to strengthen PayPal’s OFAC screening processes, identify OFAC-related issues in its payment system and generally implement more effective controls.

To sum up, in addition to concerns about FCPA compliance, it is apparent that corporations operating in the global arena now have to be alert to U.S. sanctions compliance as well. As U.S. Attorney Ronald C. Machen Jr. (District of Columbia) said at the Schlumberger press conference, “Today’s announcement should send a clear message to all global companies with a U.S. presence: whether your employees are from the U.S. or abroad, when they are in the United States, they will abide by our laws or you will be held accountable.”

See here to read the criminal information in U.S. v. Schlumberger Oilfield Holdings, Ltd. (filed 3/25/15).

See here to read the statement of offense to the plea agreement in U.S. v. Schlumberger Oilfield Holdings, Ltd (3/25/15).

See here to read the OFAC enforcement information for 3/25/15 relating to PayPal, Inc.

For more on this matter, refer to the following:

DOJ press release issued on 3/25/15 regarding Schlumberger.

Plea agreement dated 3/25/15 between U.S. v. Schlumberger Oilfield Holdings Ltd.

Wherefore Art Thou Due Process? SEC Administrative Hearings Under Attack

Why it matters: The SEC has of late come under attack in the courts and congressional hearings for the “Kafkaesque” nature of its administrative hearings. Specifically, critics argue that the administrative hearings deprive defendants of the due process protections afforded by the U.S. Constitution. The most recent legal challenge was filed in U.S. District Court on April 1, 2015 by New York financier Lynn Tilton in response to SEC proceedings initiated against her the day before. But Tilton and the other challengers could face an uphill battle in light of a recent federal court ruling dismissing a similar challenge on jurisdictional grounds, citing the plaintiff’s failure to exhaust administrative remedies in the very proceedings they are challenging.

Detailed discussion: On March 30, 2015, the SEC announced that it was charging self-described “Diva of Distressed” Lynn Tilton (Tilton) and her investment firms Patriarch Partners LLC and related Patriarch limited liability companies (collectively, Patriarch) with fraud and breach of fiduciary duty for, among other things, hiding from investors the poor performance of loan assets in three collateralized loan obligation funds they manage in violation of the federal securities laws. The SEC chose to bring these charges in its own administrative forum instead of in a United States District Court, having that day filed an Order Scheduling Hearing and Designating Presiding Judge (OIP). The OIP directed that (1) a public hearing be held within 60 days before a designated administrative law judge (ALJ) and (2) an initial decision be issued within 300 days addressing the veracity of the allegations contained in the OIP and determining what remedial action, if any, should be taken, including injunctive relief and/or the payment of monetary penalties and disgorgement. In its press release, the SEC stated that “[t]he matter will be scheduled for a public hearing before an administrative law judge for proceedings to adjudicate the Enforcement Division’s allegations and determine what, if any, remedial actions are appropriate.”

On April 1, 2015, Tilton fired back at the SEC by filing a complaint in U.S. District Court seeking declaratory and injunctive relief and demanding a jury trial. The complaint focused on the constitutionality of the SEC administrative hearing process, as well as the use of SEC-employed ALJs to preside over them, and the overall lack of constitutionally protected due process rights afforded in such administrative proceedings. In brief, Tilton and Patriarch alleged:

1. The U.S. District Court has lawful subject matter jurisdiction and the Court should exercise such jurisdiction in this case because “(a) without judicial review at this state, meaningful judicial review will be foreclosed; (b) Plaintiffs’ claim [that the SEC ALJ program is unconstitutional] is wholly collateral to the review provisions of the securities laws, and (c) Plaintiffs’ claim is not within the particular expertise of the SEC.” The complaint provides detailed facts and legal arguments throughout on each of these points in an apparent effort to defeat the SEC’s likely response that they failed to exhaust administrative remedies. One example: Even though Tilton and Patriarch had been under “wide-ranging and in-depth” investigation by the SEC for “an unusually prolonged” period in excess of five years prior to the issuance of the OIP on March 30, the OIP’s requirement of “curtailed” proceedings, including a “speedy” hearing within 60 days and a decision within 300 days, deprives Tilton and Patriarch of “meaningful judicial review.”

2. ALJs are U.S. “officers” that have not been appointed by the SEC Commissioners as required by Article II of the Constitution. Rather, they are hired by the SEC’s Office of Administrative Law Judges and their appointment and salary are specified by statute. They wield great authority and enjoy “at least two – and likely more” layers of tenure protection and thus cannot be easily removed, all in violation of Article II.

3. An SEC administrative proceeding lacks the due process rights afforded to defendants in federal court in that it is “an internal SEC hearing, litigated by SEC trial attorneys and governed by the SEC’s Rules of Practice . . . in which an SEC ALJ serves as finder of fact and of law.” Moreover, unlike in federal court, there is no right to a jury trial and neither the Federal Rules of Civil Procedure nor the Federal Rules of Evidence apply. The SEC’s Rules of Practice don’t allow for counterclaims or motions to dismiss, discovery is limited, and depositions are generally not permitted. Appeals from ALJ decisions go to the SEC itself, which has the discretion to deny them. Even though SEC decisions affirming ALJ rulings can eventually be appealed to a federal court, irreparable harm to the defendant’s (in this case, Tilton’s) livelihood, business and reputation will have been caused by the years-long delay and considerable expense of bringing such an appeal.

4. The securities laws, “guided by no statute, regulation, or established practice”, grant the SEC the discretion to commence proceedings against Tilton and Patriarch either in federal district court or an SEC administrative proceeding. There are no guidelines in place that govern how the SEC chooses the appropriate venue in a particular case, making the SEC’s choice arbitrary. The SEC had the full authority to bring Tilton’s case in district court, but its choice of an administrative proceeding is “inappropriate” because it is not supported by the SEC’s history or the underlying facts of this case.

Tilton’s complaint is just the latest constitutional challenge to SEC administrative hearings brought in the federal courts. For example, two recent complaints focused primarily on the ALJ constitutionality argument: Gray Financial Group, Inc. v. SEC, No. 1:15-cv0492 (N.D.Ga.), filed on February 19, 2015; and Stilwell v. SEC, No. 14-cv7931 (S.D.N.Y.), filed on October 1, 2014. The complaint in Bebo v. SEC, No. 15-cv00003 (E.D. Wis.), filed on January 2, 2015, raised both the lack of due process and the ALJ constitutionality arguments in its attack on SEC administrative proceedings.

Worth noting is that all three of the Gray, Bebo and Stilwell complaints contained almost identical language to that contained in the Tilton complaint attempting to establish the court’s subject matter jurisdiction and to avoid dismissal based on failure to exhaust administrative remedies, namely that the plaintiff’s claims (a) will lack meaningful judicial review in the administrative proceeding, (b) are wholly collateral to the review provisions of the securities laws, and (c) are not within the particular expertise of the SEC. However, on March 3, 2015, the Bebo complaint was dismissed for lack of subject matter jurisdiction. That court relied on an established line of “exhaustion of remedies” cases to justify its dismissal, stating that “Bebo’s claims are subject to the exclusive remedial scheme set forth in the Securities Exchange Act. Bebo must litigate her claims before the SEC and then, if necessary, on appeal to the Court of Appeals for the Seventh Circuit.” The court went on to conclude that “[u]ltimately, Bebo’s argument regarding the lack of meaningful judicial review lies in her objection to being subject to a procedure that she contends is wholly unconstitutional. But, as one judge observed, district court jurisdiction ‘is not an escape hatch for litigants to delay or derail an administrative action when statutory channels of review are entirely adequate.’”

It remains to be seen whether other courts confronting these constitutionality arguments targeted at SEC administrative proceedings will find the Bebo court’s dismissal precedential with respect to its finding that subject matter jurisdiction is lacking. The Stilwell case was settled on March 16, perhaps because the SEC did not want to adjudicate the issue. The Gray case is still pending. The plaintiff there filed an amended complaint on March 31 and a motion for limited expedited discovery on April 3, and to this date no motion to dismiss has been filed by the SEC. The Tilton complaint, filed after the Bebo dismissal, is certainly drafted to anticipate a motion to dismiss on the grounds of exhaustion of remedies.

Another recent development of note: On April 13, 2014, oral argument was heard before the D.C. Court of Appeals in the case of Jarkesy et al. v. SEC, No. 14-cv5196 (D.C. Cir.), regarding the constitutionality of the SEC’s administrative proceedings. George Jarkesy, a Texas-based hedge fund manager, had filed a complaint in district court on January 19, 2014 alleging due process claims similar to the other cases in connection with administrative proceedings instituted against him by the SEC. On June 10, 2014, Jarkesy’s complaint was dismissed by the U.S. District Court for lack of subject matter jurisdiction on exhaustion of remedies grounds. The D.C. Court of Appeals agreed to take the case on appeal, and oral arguments were heard on April 13. The D.C. Circuit’s decision will be greatly anticipated.

In the meantime, Congress recently held hearings regarding the due process fairness of the SEC’s administrative hearings. On March 19, 2015 (just in time for Tilton to reference it in paragraph 30 of her complaint), Director of Enforcement Andrew Ceresney had an uncomfortable interlude attempting to justify the SEC’s administrative proceedings in the Q&A following his testimony before the House Financial Services Subcommittee (the topic of which was “Oversight of the SEC’s Division of Enforcement”).

In his opening comments, Rep. Scott Garrett (R-NJ) said that “[w]hile bringing more cases through the administrative proceedings can lead to lower costs for the agency and increases in efficiency, it’s important to realize that those benefits come with a cost. The cost is less due process protections for defendants. Because the SEC’s administrative proceedings use the SEC’s procedural rules, respondents are forced to operate on a condensed timeframe, and do not have the benefit of some of the fundamental due process protections under the Federal Civil Procedures Act and the Federal Rules of Evidence, such as full discovery rights, and the right to a jury trial, and the exclusion of hearsay evidence.”

Garrett went on to express concerns about the difficult process of appealing ALJ decisions: “Moreover, initial appeals of administrative law judges—ALJ rulings—must be made to the full commission, and ALJ’s employer, rather than federal district court. While the commission’s decision may [then] be appealed to the D.C. Circuit Court of Appeals, the SEC’s interpretation of the securities laws generally will be given significant deference. Appealing an administrative decision is a time-consuming and expensive proposition.”

In the Q&A portion of the hearing, Garrett began by asking Ceresney about previous comments Ceresney had made that seemed to imply that the SEC “threatens” targets with administrative proceedings in order to force settlements (the implication: targets would rather settle than undergo an administrative hearing). Garrett asked how the SEC makes the decision to bring a case as an administrative proceeding over filing it in federal court, and whether Ceresney could provide the Committee with established written guidelines it follows in making its decision. Ceresney responded that “we use a number of facts and circumstances” as “internal guidance” for the staff, elaborating that the staff will choose administrative proceedings (1) in cases that “we can only bring as administrative proceedings,” such as “failures to supervise and causing violations,” (2) “cases where we need quick relief [for investors]” because “administrative proceedings can be much more quick than district court actions . . . we can get a decision within 300 days” and (3) cases involving “technical . . . complicated” rules that “sophisticated fact finders” such as ALJs can understand and which would be more difficult for a jury to grasp. However, with respect to Garrett’s question as to whether any of this is written down as official “guidelines,” Ceresney said he would have to consult his staff and get back to them.

During the course of the Q&A in response to different questioners, Ceresney gave the following 2014 statistics: The SEC brought a majority of its cases, or 57%, in federal court and 43% as administrative proceedings. The SEC was successful in 11 out of the 18 federal court cases (13 of which were jury trials), and it had a success rate of nearly 100% in its administrative proceedings. In response to these statistics, specifically the nearly 100% success rate in the administrative proceedings, Rep. Sean Duffy (R-Wis.) questioned sharply: “You won every case. How about with regard to the cases you brought in federal court? One hundred percent there? No? You won 11 out of 18 [cases]? . . . You think there could be any correlation when you actually hire the judges, and you set the rules, that you win all the cases? . . . And you might say ‘You know what, I want to bring more cases in front of the judges that I hire and abide by the rules that I set as opposed to letting these cases go to federal court . . . and, lo and behold, I win them all. And I believe in due process. That’s a great way to administer justice when you work at the SEC.” To this Ceresney replied, “We are not afraid to try cases in federal court. In fact, we won 11 of our last 13 jury trials in federal court . . . . And we still bring a majority of our cases in district court, so we are not shying away from using district court.”

One of the last questioners was Rep. Bruce Poliquin (R-Maine), who grilled Ceresney about the inherent unfairness in the SEC’s administrative proceedings process. After a back-and-forth where it was established that the ALJs are paid for by the SEC and the proceedings primarily take place in SEC headquarters, Poliquin said that “if you’re not in federal court to pursue these alleged violations of the securities law and they’re held, effectively on government property . . . and you folks . . . are hiring and paying for these judges, that I would make the argument . . . that they may not be completely impartial.”

Given the tenor of these congressional comments, it appears that Tilton may have chosen a good time to file her lawsuit as the drumbeat gets louder regarding the constitutionality of the SEC’s administrative proceedings. However, the Bebo court’s decision to dismiss that case for lack of subject matter jurisdiction due to the failure to exhaust administrative remedies signals that these challenges could face an uphill battle. And it remains to be seen whether recent congressional skepticism about this issue will translate into legislative action.

See here to read the complaint in Lynn Tilton; Patriarch Partners, LLC; Patriarch Partners VIII, LLC; Patriarch Partners XIV, LLC; and Patriarch Partners XV, LLC v. Securities and Exchange Commission, No. 15 cv 02472 (4/1/15).

See here to read the Decision and Order in Bebo v. Securities and Exchange Commission, No. 15-C-3 (3/3/15).

For more on this matter, refer to the congressional transcript of the House Financial Services Subcommittee on SEC Division of Enforcement dated 3/19/15.

So . . . Where You From? The Use of “Country of Origin” Violations as the Basis for False Claims Act Qui Tams Spreads to the Medical Device Industry

Why it matters: Medical device manufacturers, beware! On April 2, 2015, the DOJ announced that Memphis-based medical device manufacturer/supplier Medtronic had agreed to pay the government $4.1 million in settlement of a suit that had been brought under the qui tam provisions of the FCA alleging that Medtronic had sold medical devices to the government in violation of the “country of origin” restrictions of the Trade Agreements Act of 1979 (TAA). This constitutes only the second time that the FCA qui tam provisions have been so invoked with respect to the manufacture of medical devices and the “country of origin” question. The first time was in connection with an $8.3 million settlement in September 2014 involving the Memphis operations of U.K. medical device manufacturer/supplier Smith & Nephew, in which medical device “country of origin” violations under the TAA were also alleged. The Medtronic and Smith & Nephew qui tam cases have similar fact patterns, right down to the same whistleblower who had never even worked at Medtronic.

Detailed discussion: On April 2, 2015, the DOJ announced that Memphis-based Medtronic and its affiliated companies (Medtronic) had agreed to pay $4.41 million to resolve allegations that they violated the FCA by making false statements to the U.S. Department of Veterans Affairs (VA) and U.S. Department of Defense (DoD) regarding the country of origin of certain Medtronic medical device products sold to those agencies. The government alleged that, from 2007 to 2014, Medtronic sold to the VA and DoD medical devices it certified would be manufactured in the U.S. or other approved countries designated in the TAA, when in fact the products were manufactured in the TAA “prohibited” countries of China and Malaysia.

In the press release, the DOJ stated that “[t]his settlement illustrates the government’s emphasis on combating health care fraud and marks another achievement for the Health Care Fraud Prevention and Enforcement Action Team (HEAT) initiative” using the “powerful tool” of the FCA. Indicating that the government has turned its focus onto the medical device manufacturing industry, Acting Assistant Attorney General Benjamin C. Mizer of the DOJ’s Civil Division said that “[t]oday’s settlement demonstrates our commitment to ensure that our service members and our veterans receive medical products that are manufactured in the United States and other countries that trade fairly with us . . . . The Justice Department will take action to hold medical device companies to the terms of their government contracts.”

The government pointed out that the Medtronic lawsuit was brought by three individuals under the qui tam provisions of the FCA, which permit private citizens, or “relators,” to file lawsuits on behalf of the U.S. government and receive a portion of the proceeds of any recovery. In this case, the DOJ announced that the three “whistleblowers” would share an award of almost $750,000.

The qui tam complaint filed on October 5, 2012 identifies two of the three whistleblowers as “Original Source” Memphis-based Medtronic employees who worked in shipping/receiving and human resources, respectively, during the relevant time period.

The complaint identifies the third whistleblower as Samuel Adam Cox, III, a Memphis resident who “worked as an information-technology consultant and executive in the medical device industry in 2007 and 2008.” The complaint refers to the then ongoing Smith & Nephew case, stating that Cox “began investigating country-of-origin violations by medical-surgical-supply companies with operations in or near Memphis after blowing the whistle on such violations by his former employer, Smith & Nephew Inc.” While it does not appear that Cox ever worked at Medtronic, the complaint establishes Cox as an “Original Source” for purposes of the qui tam provisions because he “conducted an independent investigation into Medtronic’s wrongdoing and acquired documents and other evidence supporting the allegations in this Complaint.” Consequently, Cox “has direct and independent knowledge of the false claims and certifications that Medtronic . . . submitted to the Government.”

The case referred to in the Medtronic complaint—where Cox “blew the whistle” on former employer Smith & Nephew—is reportedly the first time the FCA qui tam provisions were used in a medical device “country of origin” context. As noted in the factual allegations set forth in the Order Denying Defendant Smith & Nephew, Inc.’s Motion to Dismiss, Cox filed a qui tam motion against Smith & Nephew on December 1, 2008 alleging that the company violated the FCA by making false statements to the VA regarding the true country of origin of certain Smith & Nephew medical devices sold under two contracts with that agency. Cox alleged that, while working at the Memphis facilities of Smith & Nephew as the company’s Information Technology Global Director of Enterprise Resource Planning from mid-December 2007 through his termination in September 2008, he became aware that the medical devices sold to the VA under the contracts were in fact made in the “prohibited” country of Malaysia in contravention of the TAA. Cox alleged that he attempted to bring the violations to the attention of his superiors but was dismissed. In September 2008 he reported what he knew to Smith & Nephew’s whistleblower hotline, and was terminated soon thereafter.

After a protracted litigation with respect to which the government declined to intervene (although Cox’s attorneys thanked the DOJ for being “instrumental in crafting the settlement”), on September 4, 2014 a settlement was announced pursuant to which Smith & Nephew agreed to pay the government a penalty of $8.3 million. As the whistleblower, Cox received the hefty sum of $2.3 million.

In a press release issued on September 4, 2014 announcing the settlement, Cox’s attorneys Sanford Heisler LLP (who represented Cox in both the Medtronic and Smith & Nephew settlements) gave a strong indication that we will be seeing more settlements like this “inaugural” one where FCA qui tam provisions are used in medical device “country of origin” actions—a statement that is borne out by the April 2 Medtronic settlement and seems to imply that there may be others in the works. One of Cox’s attorneys stated that the case “reaffirms the vital role that whistleblowers play in uncovering fraud against the government.” Another said that “Mr. Cox should be commended for having the courage and integrity to expose this wrongdoing and the tenacity to fight this battle on behalf of the United States.” And a third summed it up with an emphatic warning to the medical device manufacturing industry: “Today’s settlement sends a clear message to those medical device companies that routinely violate the Trade Agreements Act by misrepresenting the ‘Country of Origin’ of goods sold under contract to U.S. Government agencies . . . . This inaugural settlement will create a ripple effect for other medical device companies that choose to turn a blind eye to their obligations under the Trade Agreements Act. The Government has turned its attention to these flagrant violations and is stepping up enforcement.”

Medical device manufacturers, take heed: the gauntlet has been dropped.

See here to read the DOJ press release dated 4/2/15 regarding the Medtronic settlement.

See here to read the complaint in United States of America ex rel. Samuel Adam Cox, III, Meayna Phanthavong, and Sonia Adams v. Medtronic, Inc., Medtronic USA, Inc., and Medtronic Sofamor Danek USA, Inc., Civil No. 12-sc-2562 (PAM/JSM).

See here to read the press release dated 9/4/14 issued by Cox’s attorneys Sanford Heisler regarding the Smith & Nephew settlement.

See here to read the Order Denying Defendant Smith & Nephew, Inc.’s Motion to Dismiss in United States ex rel. Cox v. Smith & Nephew Inc., 749 F. Supp. 2d 773 (W.D. Tenn. 2010).

For more on this matter, refer to the press release dated 4/2/15 issued by Cox’s attorneys Sanford Heisler regarding the Medtronic settlement.

First Swiss Bank Reaches Resolution with the DOJ Under Its Swiss Bank Program

Why it matters: On March 30, 2015, the DOJ announced that it had entered into a non-prosecution agreement with BSI SA under its Swiss Bank Program, pursuant to which the bank agreed to pay a penalty of $211 million. It is the first such successful resolution with a Swiss bank since the program was announced by the DOJ in 2013.

Detailed discussion: As part of its ongoing efforts to combat offshore tax evasion, the DOJ announced the “Swiss Bank Program” on August 29, 2013. The program provides a path for Swiss banks to resolve potential criminal liabilities arising from undeclared U.S.-related accounts used to evade U.S. taxes. Swiss banks eligible to enter the program were required to advise the Department by December 31, 2013, that they had reason to believe that they had committed tax-related criminal offenses in connection with such undeclared U.S.-related accounts (banks already under criminal investigation for such activities and all individuals were expressly excluded from the program).

Under the program, a Swiss bank will be eligible for a non-prosecution agreement (NPA) if it meets all of the following requirements: (1) makes a complete disclosure of its cross-border activities; (2) provides detailed information on an account-by-account basis in which U.S. taxpayers have a direct or indirect interest; (3) cooperates in treaty requests for account information; (4) provides detailed information as to other banks that transferred funds into secret accounts or that accepted funds when secret accounts were closed; (5) agrees to close accounts of accountholders who fail to come into compliance with U.S. reporting obligations; and (6) pays appropriate penalties.

On March 30, 2015, BSI SA (BSI), one of the ten largest private banks in Switzerland, became the first bank to enter into an NPA with the DOJ under the Swiss Bank Program, pursuant to which it agreed to pay the DOJ a penalty of $211 million. In a press release announcing the deal, Acting Deputy Attorney General Sally Quillian Yates said that “[w]hen we announced the program, we said that it would enhance our efforts to pursue those who help facilitate tax evasion and those who use secret offshore accounts to evade taxes. And it has done just that. We are using the information that we have learned from BSI and other Swiss banks in the program to pursue additional investigations into both banks and individuals.”

The agreed-upon “Statement of Facts” (Exhibit A to the BSI NPA) states that, for decades prior to and through 2013, BSI knowingly conducted a U.S. cross-border banking business that aided thousands of U.S. clients in opening undeclared accounts in Switzerland and concealing the assets and income they held in such accounts. This concealment took many forms, including (a) assisting clients in using sham offshore entities or “bogus” financial insurance products (known as “insurance wrappers”) as nominee beneficial owners of the undeclared accounts; (b) accepting and suggesting the use of IRS forms that falsely stated under penalty of perjury that the sham entities beneficially owned the assets in the undeclared accounts; (c) providing offshore debit cards to repatriate funds from the undeclared accounts; (d) facilitating withdrawals of funds from the undeclared accounts back to the United States through nominee non-U.S. accounts; and (e) structuring transfers of funds from the undeclared accounts to evade currency transaction reporting requirements.

The DOJ found that BSI has held and managed approximately 3,500 U.S. client accounts, both declared and undeclared, with peak assets under management of $2.78 billion since August 2008. Approximately 2,160 of these accounts were acquired by BSI as part of its purchase of other Swiss banks in 2006 and 2008, respectively. The remaining accounts were opened by BSI directly. Private bankers, or relationship managers (RMs), were the primary contacts for U.S. clients with undeclared accounts at BSI. Prior to 2009, the RMs could open the undeclared accounts on their own volition. In January 2009, the bank required new U.S. client accounts to also be approved by senior management to ensure compliance with its U.S. client policies. BSI acquired U.S. accounts predominantly from direct referrals, walk-ins and business arrangements with external asset managers (EAMs). As of the end of 2008, approximately 265 RMs and 198 EAMs were responsible for managing at least one U.S. client account. The RMs were compensated by BSI in part based on the amount of business they generated for the bank. The EAMs were also compensated by BSI based on the amount of business generated but pursuant to a negotiated fee structure. During 2008 and most of 2009, BSI accepted an “inflow” of U.S. accounts from EAMs that were forced to exit their prior banking arrangement due to the UBS investigation. After 2009, the circumstances under which BSI would accept such EAM accounts were limited.

The findings detail how BSI maintained the undeclared U.S. accounts in different units throughout the bank, although the accounts were primarily serviced at the bank’s international desk in Zurich (referred to internally as the “North America” or “U.S.” desk due to the disproportionately high percentage of U.S. clients it serviced); its two Latin America desks in Zurich and Geneva; EAM desks in Lugano, Geneva and Zurich; and 22 other private banking desks in Geneva, Lugano and the greater Ticino area. The RMs typically communicated with U.S. clients by telephone, fax, email and mail, and prior to 2008, several RMs traveled to the United States one to two times per year to maintain existing relationships with U.S. clients. In July 2008 BSI adopted U.S. business travel restrictions for senior management and RMs with more than ten declared U.S. accounts.

The DOJ found that BSI offered U.S. clients a variety of traditional Swiss banking services that it knew could assist in the concealment of assets and income from the IRS. For example, approximately two-thirds of the U.S. clients paid BSI a quarterly fee to use a “hold mail” service. Another one-third of the U.S. clients paid a quarterly fee to use code name or numbered account services pursuant to which the identity of the accountholder could be replaced with a code name or number on bank statements and other documentation (in accordance with Swiss law, however, BSI’s internal records still reflected the accountholder’s identity).

In some cases, the findings show that the RMs assisted their clients in structuring U.S. accounts so that they appeared to be held by non-U.S. legal structures, such as offshore corporations or trusts, thus aiding the clients to conceal their undeclared accounts from the IRS. The DOJ found that, after August 2008, 12% of BSI’s U.S. client accounts were held in the name of offshore structures incorporated or based in the British Virgin Islands, Panama and Liechtenstein.

In late 2008 and 2009, in the wake of the UBS investigation, the findings show that BSI began to assess the risk of its cross-border business and issued a series of policies that served to (a) eliminate undeclared U.S. client accounts that were not financially worth the risk; (b) cut off the paper trail back to the United States for accounts not reportable by the bank to the IRS; and (c) insulate the bank’s exposure for undeclared U.S. client accounts behind its contractual relationships with EAMs. Although these policies helped remediate some of the bank’s undeclared U.S. accounts, the DOJ found that these efforts were “flawed” because RMs were still allowed to open and maintain undeclared U.S. accounts that were highly profitable. Starting in 2010, however, BSI issued a series of gradually restrictive policies that resulted in the bank exiting most of its undeclared U.S. client accounts by the end of 2012.

In December 2013, BSI voluntarily entered into the DOJ’s Swiss Bank Program. The Statement of Facts details the ways in which BSI has fully cooperated with the U.S. government throughout its investigation and made timely and comprehensive disclosures regarding its U.S. cross-border business.

See here to read the BSI NPA Exhibit A “Statement of Facts” (3/30/15).

See here to read the Joint Statement between the DOJ and the Swiss Federal Department of Finance establishing the Swiss Bank Program (8/29/13).

For more on this matter, refer to the following:

DOJ Press Release issued 3/30/15.

BSI NPA (3/30/15).

BSI NPA Exhibit B “Resolution” (3/30/15).

Compliance Is Key, and Woe to the Repeat Offender!

Why it matters: Recent remarks by top U.S. enforcement officials underscore the ever-increasing importance the government places on robust corporate compliance programs. Moreover, it appears that the government won’t be reticent to withdraw existing deferred prosecution and non-prosecution agreements and criminally charge repeat offenders.

Detailed discussion: Assistant Attorney General Leslie Caldwell and the SEC Director of Enforcement Andrew Ceresney, speaking at separate conferences last month, both stressed the importance to the government of robust corporate compliance programs by banks, financial institutions and other corporate entities operating internationally. Moreover, Caldwell indicated that the government would not hesitate to revoke existing deferred prosecution and non-prosecution agreements (DPAs and NPAs) and criminally charge repeat offenders.

Speaking before the ACAMS Anti-Money Laundering & Financial Crime Conference on March 16, 2015, Caldwell started her discussion of corporate compliance by saying “[t]he health of the global economy depends on both creating access for a wide range of participants and preventing abuse and corruption. To accomplish these goals, banks and other financial institutions must maintain robust, effective anti-money laundering and other compliance programs that account for international business realities.”

Caldwell went on to say that “robust compliance programs are essential to preventing fraud and corruption. But they also are an important factor for prosecutors in determining whether to bring charges against a business entity that has engaged in some form of criminal conduct.” Caldwell said that prosecutors will look at “the existence and effectiveness of the corporation’s pre-existing compliance program” and the remedial measures, if any, that the corporation took once it learned of the misconduct. Of course, there is no “one-size-fits-all” compliance program, and the most effective ones will be “tailored to the unique needs, risks and structure of each institution.” She then detailed the seven familiar “hallmarks” of an effective compliance program generally, and listed an additional three specific ones that would be essential in anti-money laundering and sanctions compliance programs: Know your customer, comply with U.S. laws, and be candid with regulators.

In a speech before CBI’s Pharmaceutical Compliance Congress on March 3, 2015, SEC Director of Enforcement Andrew Ceresney also emphasized the importance to the pharmaceutical industry of robust FCPA corporate compliance programs. After discussing the types of FCPA violations that can arise in the pharmaceutical industry, Ceresney said “[t]he best way for a company to avoid some of the violations that I have just described is a robust FCPA compliance program. I can’t emphasize enough the importance of such programs.”

Ceresney went on to say that “[t]he best companies have adopted strong FCPA compliance programs that include compliance personnel, extensive policies and procedures, training, vendor reviews, due diligence on third-party agents, expense controls, escalation of red flags, and internal audits to review compliance.” He said that “the hallmarks of an effective compliance program” can be found in the SEC/DOJ Resource Guide on the FCPA, and went on to highlight a few familiar ones.

These speeches by key government enforcement officials emphasize the importance the government places on corporate compliance programs. With respect to enforcement, the strength (“robustness”) or weakness of such programs, as well as a corporation’s adherence to the program, will be assessed when determining corporate liability.

In her speech, Caldwell also discussed DPAs and NPAs as “useful enforcement tools in criminal cases” because the government can “require improved compliance programs, remedial steps or the imposition of a monitor,” among other things. She emphasized that DPAs and NPAs “have teeth” because of “the potential penalties triggered by a breach.”

Caldwell then went on to forcefully state that the government will not hesitate to find a corporation in breach of a DPA or NPA: “Let me be clear: in the Criminal Division, we will hold banks and other entities that enter into DPAs and NPAs to the obligations imposed on them by those agreements. . . . Make no mistake: the Criminal Division will not hesitate to tear up a DPA or NPA and file criminal charges, where such action is appropriate and proportional to the breach.” Moreover, “where a bank that violates a DPA or NPA is a repeat offender with a history of misconduct, or where a violating bank fails to cooperate with an investigation or drags its feet, that bank will face criminal consequences for its breach of the agreement.”

The government has not declared a breach of a corporate DPA or NPA since their use became frequent in the last decade, and Caldwell did not refer to any specific cases in her speech. However, there have been recent indications that the government could be close to undertaking such steps in the near future. On April 1, 2015, in connection with HSBC’s 2013 DPA relating to violations of U.S. sanctions and anti-money laundering laws, the DOJ filed a quarterly status report with the court with respect to the First Annual Follow-Up Review Report submitted by independent monitor Michael G. Cherkasky. U.S. Attorney (and current Attorney General nominee) Loretta E. Lynch, writing for the government, said in the filing that, generally, “the government concurs with the Monitor’s assessment that HSBC Group continued to act in good faith to meet the requirements of the DPA.” However, in connection with HSBC’s development of effective AML and sanctions compliance programs, “the Monitor believes that HSBC Group’s progress has been too slow. The Monitor does not believe this is the result of bad faith or lack of commitment by HSBC Group’s senior leadership, but does believe that HSBC Group can—and must—do more.” The government’s report summed up that “HSBC must continue and enhance its progress in order to maintain compliance with the DPA’s very strict terms. The Department of Justice will continue to closely monitor HSBC’s progress in complying with the DPA’s elevated standards of compliance, and stands ready to pursue all available remedies should HSBC fail to adhere to the DPA’s terms.”

In addition, the government has recently extended corporate DPAs in cases where compliance and/or cooperation is in question. On March 15, 2015, the government extended by one year the three-year DPA it had entered into with Biomet, Inc., in 2012 in connection with FCPA violations in certain of Biomet’s foreign territories. In April 2014, Biomet had disclosed in a prior filing that it had become aware of alleged improprieties in Brazil and Mexico in October 2013, some of which predated the 2012 DPA. In its 8-K filed on March 13, 2015, disclosing the one-year DPA extension, Biomet said that “[t]he DOJ has informed Biomet that it retains its rights under the DPA to bring further action against Biomet relating to the conduct in Brazil and Mexico disclosed in 2014 or the violations set forth in the DPA. The DOJ could, among other things, revoke the DPA or prosecute Biomet and/or the involved employees and executives.”

On December 9, 2014, the DOJ extended by three years the two-year DPA it had entered into with Standard Chartered Bank in 2012 in connection with U.S. sanctions violations. In the Notice on Consent of Amendment to Deferred Prosecution Agreement filed on December 9, the government said that, while the bank had taken a number of steps to enhance its sanctions compliance program, “[n]evertheless, SCB’s U.S. economic sanctions compliance program has not yet reached the standard required by the DPA. Therefore, in order to fully comply with the DPA and the Factual Statement, SCB must make additional substantial improvements to its U.S. economic sanctions compliance program.” Moreover, in light of new information obtained by the government potentially revealing additional historical sanctions violations after the time period specified in the DPA’s Factual Statement (2001 to 2007), “the government has determined that the implementation of an independent compliance monitor and a 36-month extension of the DPA are necessary for SCB to demonstrate fulfillment of its obligations under the DPA and the Factual Statement.”

Finally, the interesting facts of the case involving Marubeni Corporation should be noted: In January 2012, Marubeni Corporation had entered into a DPA with the DOJ for violations of the FCPA arising out of Marubeni’s involvement in a bribery scheme with Nigerian government officials. On February 24, 2014, the DOJ moved to dismiss the pending charges, stating that Marubeni had fully complied with its obligations under the DPA and had paid a penalty in excess of $54 million; this motion was granted by the court on February 26. Then, two weeks later, on March 19, 2014, Marubeni pled guilty to an eight-count criminal information charging it with separate FCPA violations arising from an Indonesian bribery scheme to secure a lucrative power project and agreed to pay an additional criminal penalty of $88 million. While the DOJ said in its March 19 press release that “[t]he company refused to play by the rules, then refused to cooperate with the government’s investigations[, n]ow Marubeni faces the consequences for its crooked business practices in Indonesia,” no mention was made of Marubeni’s 2012 DPA or its apparent successful completion of that DPA. Conversely, the DOJ did not mention a pending investigation of Marubeni for the Indonesian bribery scheme in its February 24 motion to dismiss the DPA relating to the Nigerian FCPA violations. This apparent discrepancy can be explained by the fact that the Indonesia conduct to which Marubeni pled guilty predated the 2012 DPA by several years, so although Marubeni successfully completed the 2012 DPA, the government was not likely to agree to the other one in light of the company’s apparent history of multiple violations.

The message is clear: The government is looking to corporations to be vigilant about establishing, revising and updating their compliance programs to fit the ever-changing regulatory landscape both home and abroad. Moreover, those corporations that enter into DPAs or NPAs with the government must closely adhere to them lest they find themselves back at square one and under criminal prosecution.

See here to read Assistant Attorney General Leslie Caldwell’s Remarks at the ACAMS Anti-Money Laundering & Financial Crime Conference (3/16/15).

See here to read SEC Director of Enforcement Andrew Ceresney’s Remarks at CBI’s Pharmaceutical Compliance Congress (3/3/15).

For more on this matter, refer to the following:

U.S. Department of Justice Quarterly Status Report dated 4/1/15 in connection with United States v. HSBC Bank USA, N.A. and HSBC Holdings plc (Criminal Docket No. 12-763 (JG)).

Form 8-K filed by Biomet, Inc. on 3/13/15.

Notice on Consent of Amendment to Deferred Prosecution Agreement filed 12/9/15 in United States of America v. Standard Chartered Bank (Case No: 12-CR-262 (JEB)).

DOJ Press Release dated 3/19/14 re: Marubeni Corporation Agrees to Plead Guilty to Foreign Bribery Charges and to Pay an $88 Million Fine.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Written by:

Manatt, Phelps & Phillips, LLP

Manatt, Phelps & Phillips, LLP on:

Readers' Choice 2017
Reporters on Deadline

Related Case Law

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide

JD Supra Privacy Policy

Updated: May 25, 2018:

JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.

This Privacy Policy describes how JD Supra, LLC ("JD Supra" or "we," "us," or "our") collects, uses and shares personal data collected from visitors to our website (located at (our "Website") who view only publicly-available content as well as subscribers to our services (such as our email digests or author tools)(our "Services"). By using our Website and registering for one of our Services, you are agreeing to the terms of this Privacy Policy.

Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the "My Account" dashboard (available if you are logged into your JD Supra account).

Collection of Information

Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account ("Registration Data"), such as your:

  • Email
  • First Name
  • Last Name
  • Company Name
  • Company Industry
  • Title
  • Country

Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.

Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.

Your interactions with our Website and Services: As is true of most websites, we gather certain information automatically. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information to analyze trends, to administer the Website and our Services, to improve the content and performance of our Website and Services, and to track users' movements around the site. We may also link this automatically-collected data to personal information, for example, to inform authors about who has read their articles. Some of this data is collected through information sent by your web browser. We also use cookies and other tracking technologies to collect this information. To learn more about cookies and other tracking technologies that JD Supra may use on our Website and Services please see our "Cookies Guide" page.

How do we use this information?

We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:

  • Operate our Website and Services and publish content;
  • Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
  • Measure readership and usage of the Website and Services;
  • Communicate with you regarding your questions and requests;
  • Authenticate users and to provide for the safety and security of our Website and Services;
  • Conduct research and similar activities to improve our Website and Services; and
  • Comply with our legal and regulatory responsibilities and to enforce our rights.

How is your information shared?

  • Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
  • If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
  • Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
  • Our Website may offer you the opportunity to share information through our Website, such as through Facebook's "Like" or Twitter's "Tweet" button. We offer this functionality to help generate interest in our Website and content and to permit you to recommend content to your contacts. You should be aware that sharing through such functionality may result in information being collected by the applicable social media network and possibly being made publicly available (for example, through a search engine). Any such information collection would be subject to such third party social media network's privacy policy.
  • Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
  • Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.

How We Protect Your Information

JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at

Children's Information

Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.

Information for EU and Swiss Residents

JD Supra's principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.

  • Our Legal Basis for Processing: Generally, we rely on our legitimate interests in order to process your personal information. For example, we rely on this legal ground if we use your personal information to manage your Registration Data and administer our relationship with you; to deliver our Website and Services; understand and improve our Website and Services; report reader analytics to our authors; to personalize your experience on our Website and Services; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. Please see Article 6(1)(f) of the E.U. General Data Protection Regulation ("GDPR") In addition, there may be other situations where other grounds for processing may exist, such as where processing is a result of legal requirements (GDPR Article 6(1)(c)) or for reasons of public interest (GDPR Article 6(1)(e)). Please see the "Your Rights" section of this Privacy Policy immediately below for more information about how you may request that we limit or refrain from processing your personal information.
  • Your Rights
    • Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
    • Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
    • Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.

You can make a request to exercise any of these rights by emailing us at or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

You can also manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard.

We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use "automatic decision making" or "profiling" as those terms are defined in the GDPR.

  • Timeframe for retaining your personal information: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. For example, if you are an author, your personal information may continue to be published in connection with your article indefinitely. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • Onward Transfer to Third Parties: As noted in the "How We Share Your Data" Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can make a request for this information by emailing us at or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.

Access/Correct/Update/Delete Personal Information

For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to

Changes in Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our Privacy Policy will become effective upon posting of the revised policy on the Website. By continuing to use our Website and Services following such changes, you will be deemed to have agreed to such changes.

Contacting JD Supra

If you have any questions about this Privacy Policy, the practices of this site, your dealings with our Website or Services, or if you would like to change any of the information you have provided to us, please contact us at:

JD Supra Cookie Guide

As with many websites, JD Supra's website (located at (our "Website") and our services (such as our email article digests)(our "Services") use a standard technology called a "cookie" and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.

How We Use Cookies and Other Tracking Technologies

We use cookies and other tracking technologies to:

  1. Improve the user experience on our Website and Services;
  2. Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user's login session and requires a valid username and password to obtain. It is required to access the user's profile information, subscriptions, and analytics;
  3. Track anonymous site usage; and
  4. Permit connectivity with social media networks to permit content sharing.

There are different types of cookies and other technologies used our Website, notably:

  • "Session cookies" - These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
  • "Persistent cookies" - These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
  • "Web Beacons/Pixels" - Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.

JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:

  • HubSpot - For more information about HubSpot cookies, please visit
  • New Relic - For more information on New Relic cookies, please visit
  • Google Analytics - For more information on Google Analytics cookies, visit To opt-out of being tracked by Google Analytics across all websites visit This will allow you to download and install a Google Analytics cookie-free web browser.

Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the "Like," "Tweet," or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.

Controlling and Deleting Cookies

If you would like to change how a browser uses cookies, including blocking or deleting cookies from the JD Supra Website and Services you can do so by changing the settings in your web browser. To control cookies, most browsers allow you to either accept or reject all cookies, only accept certain types of cookies, or prompt you every time a site wishes to save a cookie. It's also easy to delete cookies that are already saved on your device by a browser.

The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser's "Help" function or alternatively, you can visit which explains, step-by-step, how to control and delete cookies in most browsers.

Updates to This Policy

We may update this cookie policy and our Privacy Policy from time-to-time, particularly as technology changes. You can always check this page for the latest version. We may also notify you of changes to our privacy policy by email.

Contacting JD Supra

If you have any questions about how we use cookies and other tracking technologies, please contact us at:

- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.