Corporate Investigations & White Collar Defense - October 2015

Manatt, Phelps & Phillips, LLP

In This Issue:

  • "Wherefore Art Thou Due Process?" Part III
  • Do You Have to Whistle to the SEC to Get Protection Under Dodd-Frank? The Second Circuit Says No, Splits With Fifth Circuit
  • SEC-CFTC Enforcement Roundup: What Do Cybersecurity, a Foreign Political Party, "Distribution-in-Guise," a Missing Bank CD Worth Millions and Bitcoin Have in Common? All Figured Predominantly in Recent SEC and CFTC Actions of Note
  • September 2015: Major Settlements for Healthcare Providers Under the Stark Law and False Claims Act
  • When Regulatory Failings Turn Criminal—The Car Edition
  • Keeping an Eye Out—Updates and Briefly Noted

"Wherefore Art Thou Due Process?" Part III

Why it matters: It is time for another installment in our continuing "Wherefore Art Thou Due Process?" coverage into the ongoing constitutional challenges to the SEC's "in-house" administrative proceedings. September 2015 saw the D.C. Circuit in Jarkesy et al. v. SEC (following the Seventh Circuit's August 2015 decision in Bebo v. SEC) rule in favor of the SEC on lack of subject matter jurisdiction and exhaustion of administrative remedies grounds. District court rulings that went the other way—holding the proceedings "likely" unconstitutional—in the Southern District of New York (Duka v. SEC) and the Northern District of Georgia (Hill v. SEC and Gray Financial Group, Inc. v. SEC) are now before the Second Circuit and the Eleventh Circuit, respectively, on appeal, with a potential circuit split in the works. Moreover, there is no consensus on the issue within the Southern District of New York itself, where, in contrast to Duka, a district court recently dismissed the plaintiff's case in Tilton v. SEC and, like the D.C. Circuit in Jarkesy and the Seventh Circuit in Bebo, sided with the SEC in finding lack of subject matter jurisdiction and failure to exhaust administrative remedies. The Tilton case is also on appeal to the Second Circuit, and all eyes will be watching to see on which side of the issue the Second Circuit comes down. In addition, September 2015 saw the SEC propose new rules for its in-house administrative proceedings in a likely attempt to appease critics who argue that the proceedings lack due process, and forcefully reiterate its position by rejecting the plaintiffs' constitutional challenge in In the Matter of Timbervest, LLC. Read on for the latest.

Detailed discussion: Two circuit courts, the D.C. Circuit and the Seventh Circuit, have now ruled that a defendant in an SEC administrative proceeding must first exhaust all administrative remedies before turning to the federal courts for help. The Second Circuit and the Eleventh Circuit are currently considering appeals from Southern District of New York (S.D.N.Y.) and Northern District of Georgia decisions, respectively, that found the opposite and ruled the proceedings "likely unconstitutional." The Second Circuit is also considering an appeal from an S.D.N.Y. case that, like the D.C. Circuit and the Seventh Circuit, ruled in favor of the SEC on lack of subject matter jurisdiction/exhaustion of remedies grounds. For its part, the SEC recently proposed new regulations to amend its Rules of Practice concerning how its administrative proceedings are run with respect to discovery and timing of hearings, among other things, in an apparent attempt to appease critics who question their constitutionality on due process grounds. Moreover, the SEC Commissioners handed down their opinion in In the Matter of Timbervest, LLC (on review from the administrative law judge's initial decision), in which they forcefully rejected the plaintiffs' constitutionality arguments. We previously covered all of this in our April newsletter under "Wherefore Art Thou Due Process? SEC Administrative Hearings Under Attack," our June newsletter under "Wherefore Art Thou Due Process?: The Sequel" and in our August newsletter under "Keeping an Eye Out—Updates and Briefly Noted." We update you on the latest developments here.

D.C. and Seventh Circuit Opinions: On September 29, 2015 in the case of Jarkesy et al. v. SEC, in a unanimous opinion written by Judge Srinivasan, the D.C. Circuit affirmed the district court's dismissal of the case for lack of subject matter jurisdiction and held that "the securities laws provide an exclusive avenue for judicial review that Jarkesy may not bypass by filing suit in district court." Briefly, the relevant facts of the case are that the SEC initiated administrative proceedings against the defendant George Jarkesy, Jr. (Jarkesy) and the unregistered investment adviser company he managed, Patriot28, LLC (collectively, Jarkesy or plaintiffs), in March 2013 alleging that they engaged in fraudulent conduct in violation of the securities laws. On January 29, 2014, a few days before the administrative proceedings were scheduled to start, the plaintiffs filed an action in D.C. district court seeking injunctive and declaratory relief that the SEC's administrative proceedings violated their "fundamental constitutional rights" to due process and equal protection, among other claims. The district court denied the plaintiffs' request for injunctive relief, and the administrative proceeding went forward, resulting in the administrative law judge (ALJ) adversely ruling against the plaintiffs in October 2014. A petition for appeal before the SEC is pending. Further, the district court dismissed the case for lack of subject matter jurisdiction, finding that the "'statutory and regulatory regime under which the SEC's Enforcement Division brought the instant matter against the plaintiffs preclude[d]' the court from hearing their claims" and that they would have to exhaust their administrative remedies under that regime prior to seeking redress in federal court.

On appeal, the Court framed the issue before it as "whether the district court has jurisdiction over all, or any, of Jarkesy's claims, or whether Congress has implicitly precluded Jarkesy's district-court suit by channeling his challenges through the securities laws' scheme of administrative adjudication and judicial review in a court of appeals." The Court concluded that the district court did not have such jurisdiction in the face of the statutory scheme put in place by Congress, stating that "[t]he securities laws contain a … comprehensive structure for the adjudication of securities violations in administrative proceedings." Addressing and distinguishing or rejecting Jarkesy's constitutional and procedural arguments one by one, the Court stated that "none [of the arguments] dissuades us from our initial conclusion that Congress has implicitly precluded the district court's jurisdiction over cases of this type. Quite the contrary. The rationale underlying Congress's decision to create statutory schemes like the one before us is that 'coherence and economy are best served if all suits pertaining to designated agency decisions are segregated in particular courts'—here, in a court of appeals after a final Commission decision."

The Court noted that its ruling was "one of a growing number of decisions to address the same question," citing the "divergent conclusions" on the issue recently reached by district courts in the S.D.N.Y. and the Northern District of Georgia (citing in a footnote to the Duka and Hill cases, among others). The Court chose, however, to follow the decision recently reached by the Seventh Circuit on August 24, 2015 in Bebo v. SEC (discussed below), stating that its fellow circuit had "found no district-court jurisdiction . . . and we reach the same conclusion for many of the same reasons." The Court concluded that "[a]s the recent slew of cases demonstrates, Jarkesy's case is hardly unique. Many respondents in SEC proceedings join substantive defenses to their securities charges together with challenges to the Commission's actions or authority. It makes good sense to consolidate all of each respondent's issues before one court for review, and only after an adverse Commission order makes that review necessary. By contrast, a system like the one Jarkesy envisions—where respondents '"jump the gun" by going directly to the district court to develop their case' instead of seeing agency proceedings through to conclusion … has comparatively little merit. Such a system … would create substantial uncertainty about what sort of claims could properly be adjudicated outside the administrative scheme. And—again, as Jarkesy's case has shown—it could also likely result in parallel litigation of the same issues before a district court and an agency, with two courts of appeals possibly being confronted with two different sets of rulings down the road. We cannot conclude Congress had that intent. Jarkesy must continue to press his various challenges to the Commission's enforcement proceeding before the Commission itself. Should the agency's final order be adverse to him, Jarkesy can then raise his challenges in a petition for review to a court of appeals."

As noted above, the D.C. Circuit in Jarkesy specifically followed the Seventh Circuit's August 24, 2015 decision in Bebo v. SEC. Briefly, the Bebo case involved administrative proceedings being initiated against Laurie A. Bebo (Bebo), the former CEO of Assisted Living Concepts, Inc., by the SEC in December 2014. The SEC alleged that Bebo had violated federal securities laws by manipulating internal books and records, making false representations to auditors, and making false disclosures to the SEC. The case was assigned to an ALJ and hearings were conducted through June 2015. At the time of the Seventh Circuit's opinion, the ALJ had not yet rendered an opinion. Rather than waiting for conclusion of the administrative proceedings, however, Bebo filed suit in federal district court challenging the constitutionality of the administrative proceedings. The district court dismissed Bebo's case for lack of subject matter jurisdiction on March 3, 2015, holding that "the administrative review scheme established by Congress stripped it of jurisdiction to hear this type of challenge," and Bebo appealed to the Seventh Circuit. Writing for the unanimous panel, Judge David F. Hamilton affirmed the district court's decision dismissing Bebo's case for lack of subject matter jurisdiction, stating that it is "'fairly discernible' from the statute that Congress intended plaintiffs in Bebo's position 'to proceed exclusively through the statutory review scheme' set forth in 15 U.S.C. § 78y" and that the facts of the case "do not adequately support Bebo's attempt to skip the administrative and judicial review process here… If aggrieved by the SEC's final decision, Bebo will be able to raise her constitutional claims in this circuit or in the D.C. Circuit. Both courts are fully capable of addressing her claims .... As a result, she must pursue judicial review in the manner prescribed by the statute." The Court concluded that "[w]e see no evidence from the statute's text, structure, and purpose that Congress intended for plaintiffs like Bebo who are already subject to ongoing administrative enforcement proceedings to be able to stop those proceedings by challenging the constitutionality of the enabling legislation or the structural authority of the SEC."

Recent Developments in S.D.N.Y. Cases: As we noted above, two S.D.N.Y. cases that reached divergent conclusions about this issue are currently on appeal to the Second Circuit, and it will be interesting to see on which side the Second Circuit comes down. On September 17, 2015, there was action in both of these cases. In Tilton v. SEC, the Second Circuit agreed to stay the SEC's administrative proceedings against Tilton while it considers Tilton's challenge to the constitutionality of those proceedings. S.D.N.Y. Judge Ronnie Abrams had dismissed Tilton's complaint for lack of subject matter jurisdiction and failure to exhaust administrative remedies on June 30, 2015. On that same date in Duka v. SEC, S.D.N.Y. Judge Richard M. Berman denied the SEC's request that he delay enforcement of his order staying the SEC's administrative proceeding against Duka pending a decision by the Second Circuit on appeal. In his lengthy opinion, Judge Berman reiterated his beliefs that, among other things, the district court does have subject matter jurisdiction over the matter, the SEC's administrative proceedings likely violate Article 2 of the Constitution (the "Appointments Clause"), and the SEC needs to address increasing allegations of "in-house bias" in the administrative proceedings and pressure on ALJs to rule in favor of the SEC. Judge Berman also addressed and respectfully disagreed with the Seventh Circuit's opinion in Bebo (the D.C. Circuit had not yet handed down its opinion in Jarkesy at the time of Judge Berman's opinion). Judge Berman had previously held in Duka on August 12, 2015 that the SEC's administrative proceedings were "likely unconstitutional," mirroring the holdings of Judge Leigh Martin May of the Northern District of Georgia in Hill v. SEC and Gray Financial Group, Inc. v. SEC, both of which cases are now on appeal to the Eleventh Circuit. We will be watching with avid interest to see how the Second and Eleventh Circuits rule in these cases, with a potential circuit split in the works.

Proposed SEC Regulations; SEC Ruling in Timbervest: On September 24, 2015, apparently as a result of all of these challenges to the administrative proceedings both in the courts and legal commentary, the SEC announced proposed amendments to the rules governing its administrative proceedings. SEC chair Mary Jo White said in the press release that the proposed regulations "seek to modernize our rules of practice for administrative proceedings, including provisions for additional time and prescribed discovery for the parties." The press release outlined "three primary changes" to the SEC's Rules of Practice that would serve to (1) "[a]djust the timing of administrative proceedings, including by extending the time before a hearing occurs in appropriate cases"; (2) "[p]ermit parties to take depositions of witnesses as part of discovery"; and (3) "[r]equire parties in administrative proceedings to submit filings and serve each other electronically, and to redact certain sensitive personal information from those filings." In addition, the press release states that the changes would also "make certain other clarifying and conforming changes," including instituting procedures "related to the mechanics of the proposed expanded deposition practice, such as location, methods of recording, forms of objections, and duties of the deposition officer." Finally, the proposed changes would "simplify the requirements for seeking Commission review of an initial decision and provide enhanced transparency into the timing of the Commission's decisions in such appeals." Our take on the proposals? There is less here than meets the eye. While the proposal regarding depositions is potentially significant, the proposed rule relating to continuances is simply an acknowledgement of the ordinary due process argument relating to defendants being given sufficient time to prepare for the hearing. As for the proposed rule regarding electronic filing, welcome to the 21st century! The public now has 60 days to comment on the proposed rules.

One last thing: To no one's surprise, on September 17, 2015, the SEC Commissioners specifically rejected the plaintiff's constitutional challenge to the SEC's administrative proceedings in In the Matter of Timbervest, LLC et al. (as we previously reported, respondent had petitioned the SEC for review of the administrative law judge's initial decision and oral argument was heard before a packed room on June 8, 2015), ruling that "we reject Respondents' challenges to the constitutionality of the Commission's administrative forum. Specifically, we find that: (1) Commission administrative law judges are not 'inferior officers' covered by the Appointments Clause of the U.S. Constitution; (2) the two layers of tenure protection that ALJs enjoy do not unconstitutionally impede the President's ability to 'take care that the laws be faithfully executed'; and (3) the decision to file this enforcement matter in the administrative forum as opposed to federal court did not violate Respondents' Fifth Amendment right to equal protection of the laws." Next step for Timbervest? It can choose to appeal to either the D.C. or Eleventh Circuits. We will keep an eye out and report back.

See here to read the D.C. Circuit's 9/29/15 opinion in Jarkesy et al. v. SEC, No. 14-5196 (D.C. Cir. 2015).

See here to read the SEC's 9/24/15 press release titled "SEC Proposes to Amend Rules Governing Administrative Proceedings."

See here and here to read the SEC's Proposed Rules amending the Commission's Rules of Practice (Release Nos. 34-75976 and No. 34-75977, issued 9/24/15).

For more on this subject, read (1) the Seventh Circuit's 8/24/15 opinion in Bebo v. SEC, No. 15-1511 (Seventh Cir. 2015), (2) S.D.N.Y. Judge Richard M. Berman's 9/17/15 decision and order in Duka v. SEC, 15 Civ. 357 (RMB), and (3) the 9/17/15 opinion of the SEC Commissioners in In the Matter of Timbervest, et al., Admin. Proc. File No. 3-15519.

Do You Have to Whistle to the SEC to Get Protection Under Dodd-Frank? The Second Circuit Says No, Splits With Fifth Circuit

Why it matters: Another day, another circuit split. On September 10, 2015, the Second Circuit in Berman v. Neo@Ogilvy LLC held that a relator does not have to specifically give information to the SEC in order to be able to take advantage of the whistleblower retaliatory protection provisions of Dodd-Frank. In so holding, the Second Circuit created a split with the Fifth Circuit, which had held in the 2013 case of Asadi v. G.E. Energy (USA), LLC that the "plain language" of the statute requires relators to go to the SEC with their whistleblowing in order to qualify for anti-retaliatory protections thereunder.

Detailed discussion: On September 10, 2015, the Second Circuit held in Berman v. Neo@Ogilvy LLC that a relator need not specifically provide information to the SEC in order to qualify for the whistleblower retaliatory protection provisions in Section 21F of Dodd-Frank. In so holding, the Court created a split with the Fifth Circuit, which had held in the 2013 case of Asadi v. G.E. Energy (USA), LLC that Section 21F requires a relator to go to the SEC in order to be afforded whistleblower protections under Section 21F.

The Second Circuit, in a majority opinion written by Judge Jon O. Newman, framed the issue before the Court at the outset: "This appeal presents the recurring issue of statutory interpretation that arises when express terms in one provision of a statute are arguably in tension with language in another provision of the same statute." The Court noted that, in the case before it, that tension occurs within the whistleblower protection provisions of Section 21F and that the SEC had issued an interpretive rule in 2011 "endeavoring to harmonize the provisions that are in tension." Cue the question of whether the SEC's interpretation of Section 21F should be given "Chevron deference" (i.e., the principle of administrative law established by the U.S. Supreme Court in 1984 in Chevron U.S.A., Inc. v. Natural Resources Defense Council, Inc. that requires courts to defer to reasonable and permissible interpretations of statutes made by the governmental agencies charged with enforcing them). More on this later.

The Court briefly summarized the facts of the underlying case as follows: Plaintiff-Appellant Daniel Berman (Berman) was the finance director of media agency Defendant-Appellee Neo@Ogilvy LLC (Neo) from October 2010 to April 2013. His responsibilities at Neo included overseeing Neo's financial reporting (including ensuring compliance with Generally Accepted Accounting Principles (GAAP)). In addition, Berman was responsible for the internal accounting procedures of Neo and its parent, Defendant-Appellee WPP Group USA, Inc. (WPP). In January 2014, Berman sued Neo and WPP in federal district court alleging that he was discharged in violation of the whistleblower protection provisions of Section 21F of Dodd-Frank. In his complaint, Berman alleged that during the course of his employment at Neo, he had discovered various practices that, he claimed, amounted to accounting fraud as well as violations of GAAP and the relevant provisions of both Dodd-Frank and the Sarbanes-Oxley Act of 2002 (Sarbanes-Oxley). Berman further alleged that when he reported these improper practices to higher-ups within Neo in April 2013, he was terminated. In August 2013, Berman reported his allegations to the WPP Audit Committee. While Berman was employed at Neo and for approximately six months after he was terminated, however, he did not report any of the allegedly improper practices to the SEC. The first time Berman went to the SEC with his claims was October 2013. Primarily for that reason, the district court judge dismissed Berman's complaint in December 2014, ruling in relevant part that the provisions of Section 21F "provided whistleblower protection only to those discharged for reporting alleged violations to the Commission" and that, because Berman had been terminated long before he went to the SEC, he could not benefit from the Dodd-Frank whistleblower protection provisions.

The Second Circuit reversed and remanded the case to the district court for further proceedings, holding that "the pertinent provisions of Dodd-Frank create a sufficient ambiguity to warrant our deference to the SEC's interpretive rule, which supports Berman's view of the statute," i.e., that reporting violations specifically to the SEC is not a prerequisite to qualifying for whistleblower protection under Section 21F.

The Court began its analysis with a review of the relevant provisions of Section 21F and highlighted the "arguable tension" between subsection 21F(a)(6), which specifically defines "whistleblower" to mean an individual who reports violations "to the Commission" (emphasis added), and subdivision (iii) of subsection 21F(h)(1)(A), which, "unlike subdivisions (i) and (ii), does not within its own terms limit its protection to those who report wrongdoing to the SEC. On the contrary, subdivision (iii) expands the protections of Dodd-Frank to include the whistleblower protection provisions of Sarbanes-Oxley, and those provisions, which contemplate an employee reporting violations internally, do not require reporting violations to the Commission."

The Court thus stated that "[i]n statutory terms, the issue presented is whether the 'whistleblower' definition in subsection 21F(a)(6) of Dodd-Frank applies to subdivision (iii) of subsection 21F(h)(1)(A). In operational terms, the issue is whether an employee who suffers retaliation because he reports wrongdoing internally, but not to the SEC, can obtain the retaliation remedies provided by Dodd-Frank." The Court pointed out that, to this last question, "[t]he SEC believes he can," citing to "Exchange Act Rule 21F-2" (Section 21F Interpretive Rule) issued by the SEC in 2011, which clarifies in the "Prohibition Against Retaliation" section that, as the retaliation protection provisions in Section 21F (h)(1)(A) cross-reference the reporting provisions of Sarbanes-Oxley—which protect an individual who reports wrongdoing internally without going to the SEC—then an individual does not specifically have to go to the SEC in order to qualify for Section 21F retaliatory protections. The Court also looked to the language in the SEC's release accompanying the issuance of the Section 21F Interpretive Rule, where the SEC made clear that it interprets the anti-retaliation protection provisions of Section 21F to extend to "individuals who report to persons or governmental authorities other than the Commission" (emphasis added).

After reviewing the applicable statutory language, the Court went on to state that "the more precise issue in the pending appeal is whether the arguable tension between the definitional section of subsection 21F(a)(6) and subdivision (iii) of subsection 21(F)(h)(1)(A) creates sufficient ambiguity as to the coverage of subdivision (iii) to oblige us to give Chevron deference to the SEC's rule." The Court answered this question in the affirmative, after a comprehensive review of the (a) case law involving the issue of statutory interpretation generally (specifically citing to the U.S. Supreme Court's recent decision in Burwell v. King), (b) legislative history surrounding the enactment of Section 21F (which yielded no clarification as to legislative intent) and (c) decisions reached by other courts facing the same issue (specifically referencing the Fifth Circuit's contrary decision in Asadi, discussed below). Thus, after giving Chevron deference to the SEC's Section 21F Interpretive Rule, the Court held that "Berman is entitled to pursue Dodd-Frank remedies for alleged retaliation after his report of wrongdoing to his employer, despite not having reported to the Commission before his termination."

In reaching its conclusion to grant Chevron deference to the SEC's interpretation of Section 21F, the Court noted that the Fifth Circuit in the 2013 Asadi decision had ruled the other way when confronted with the same issue and had held the Section 21F(a)(6) definition of "whistleblower"—and specifically the words "to the Commission" contained therein—to be controlling: "The plain language of the Dodd-Frank whistleblower-protection provision creates a private cause of action only for individuals who provide information relating to a violation of the securities laws to the SEC …. Because Asadi failed to do so, his whistleblower-protection claim fails." The Court pointed out, however, that while some district courts had specifically followed the Fifth Circuit's ruling in Asadi—indeed, a Northern District of California judge just did so on September 8, 2015 in Davies v. Broadcom Corporation—"a far larger number of district courts have deemed the statute ambiguous and deferred to the SEC's [Section 21F Interpretive] Rule." Thus the Court reasoned that "although our decision creates a circuit split, it does so against a landscape of existing disagreement among a large number of district courts."

It should be noted at this point that on August 4, 2015, the SEC issued a release titled "Interpretation of the SEC's Whistleblower Rules under Section 21F of the Securities Exchange Act of 1934" where it reiterated its position that a relator does not have to provide information to the SEC in order to qualify for whistleblower protection under Section 21F. The SEC specifically cited to the Fifth Circuit's Asadi decision, calling it "not consistent with Rule 21F-2 [i.e., the Section 21F Interpretive Rule]" and stating its belief that the decision "would undermine the overall goals in implementing the whistleblower program." The Second Circuit did not cite to this latest August 4 interpretive release by the SEC regarding Section 21F, but it would surely have only bolstered the Court's decision to grant Chevron deference to the SEC in this matter.

In his dissent, Judge Dennis Jacobs took the strict constructionist approach to interpreting Section 21F and cited to the Fifth Circuit's Asadi decision when he stated that "[t]he majority and the [SEC] have altered a federal statute by deleting three words ('to the Commission') from the definition of 'whistleblower' in the Dodd-Frank Act. No doubt, my colleagues in the majority, assisted by the SEC or not, could improve many federal statutes by tightening them or loosening them, or recasting or rewriting them. I could try my hand at it. But our obligation is to apply congressional statutes as written. In this instance, the alteration creates a circuit split, and places us firmly on the wrong side of it."

See here to read the Second Circuit's 9/10/15 opinion in Berman v. NEO@Ogilvy LLC, No. 14-4626 (2d Cir. 2015).

See here to read the SEC's 8/4/15 release titled "Interpretation of the SEC's Whistleblower Rules under Section 21F of the Securities Exchange Act of 1934."

SEC-CFTC Enforcement Roundup: What Do Cybersecurity, a Foreign Political Party, "Distribution-in-Guise," a Missing Bank CD Worth Millions and Bitcoin Have in Common? All Figured Predominantly in Recent SEC and CFTC Actions of Note

Why it matters: In September 2015, the SEC and CFTC were busy announcing resolutions of enforcement actions involving both unique facts (Hitachi doing business in South Africa with a "front" for the African National Congress; a former Lieutenant Governor for Kentucky acting as a "front" for a convicted felon) and cutting-edge matters (cybersecurity and virtual currency). Intrigued? Read on.

Detailed discussion: Following is a summary of the unique and cutting-edge enforcement matters in which the SEC and the CFTC were involved in September 2015 (starting with the most recent):

Front and Center—SEC Charges Hitachi With "Books and Records/Internal Accounting Controls" Violations of the FCPA Involving Dealings With a "Front" for the African National Congress: In an unusual case involving unabashedly blatant dealings with a foreign political party, the SEC announced on September 28, 2015 that Japanese corporation Hitachi, Ltd. (Hitachi), a Tokyo-based conglomerate that specializes in the construction of power stations, and whose ADRs traded on the New York Stock Exchange, agreed to pay $19 million to settle civil charges that it violated the books and records and internal accounting controls provisions of the Foreign Corrupt Practices Act (FCPA). The SEC alleged that Hitachi had inaccurately recorded in its financial statements certain improper payments its South African subsidiary had made to Chancellor House Holdings (Pty) Ltd. (CHH), a known "front" for the African National Congress (ANC), South Africa's ruling political party.

A brief statement of the facts contained in the complaint (which were neither admitted nor denied by Hitachi): In 2005, Hitachi created an indirect South African subsidiary (Hitachi Subsidiary) for the purpose of establishing a "local presence" in that country in order to pursue "lucrative public and private contracts." In order to qualify for benefits under South Africa's Black Empowerment Act of 2003, Hitachi sold 25% of the stock in the Hitachi Subsidiary to CHH for approximately $190,000. The facts show that Hitachi chose CHH because its connections to the ANC suggested it could exert influence over the bidding process and because it had no operational capability, an unusual requirement. Indeed, Hitachi and CHH specifically entered into an undisclosed arrangement whereby CHH would receive "success fees" in connection with government contracts that were secured "substantially as a result" of CHH's efforts.

During the course of the arrangement, stories were released in the press, and the press directly contacted Hitachi's executives, noting that CHH was a "front" for the ANC. Nevertheless, Hitachi decided to stick with the arrangement. Hitachi was awarded power station contracts in South Africa worth approximately $5.6 billion, and in April and July of 2008 Hitachi paid CHH—and the ANC—"success fees" aggregating over $1.1 million. According to the complaint, these "success fees" were improperly recorded in the Hitachi Subsidiary's 2008 financial statements as "consulting fees," and that the Hitachi Subsidiary's inaccurate financials were subsequently consolidated into Hitachi's 2009 financial statements filed with the SEC. Moreover, in its 2010 and 2011 financial statements, the Hitachi Subsidiary recorded "dividends" to CHH aggregating over $5 million, which, per the complaint, were in reality "amount[s] due for payment to a foreign political party in exchange for its political influence in assisting Hitachi land two government contracts." Due to the increasing reports in the South African press about the corruption inherent in CHH's relationship with the Hitachi Subsidiary, Hitachi temporarily withheld payment of the dividends to CHH pending assurance from CHH that it would not pass the dividends on to "any political party or official"; however, Hitachi ended up paying CHH over $5 million in dividends plus interest in June 2012. Interestingly, the complaint also points out the fact that, in February 2014, Hitachi repurchased CHH's 25% stake in the Hitachi Subsidiary for approximately $4.4 million, raising the aggregate payments to CHH from the venture to over $10.5 million—a return on investment of over 5000%.

As SEC Director of Enforcement Andrew J. Ceresney said in the press release, "Hitachi's lax internal control environment enabled its subsidiary to pay millions of dollars to a politically-connected front company for the ANC to win contracts with the South African government." Hitachi agreed to pay a $19 million fine and to a "cease and desist" order.

See here to read the SEC's 9/28/15 press release titled "SEC Charges Hitachi With FCPA Violations."

Once More Into the Breach—SEC Charges Investment Adviser With Failing to Adopt Proper Cybersecurity Measures in Advance of Major Security Breach: On September 22, 2015, the SEC announced that R.T. Jones Capital Equities Management (R.T. Jones), a Saint Louis-based investment adviser, agreed to pay a $75,000 penalty and be censured in order to settle charges that it failed to establish cybersecurity policies and procedures (required by the federal securities laws) in advance of a security breach that "compromised the personally identifiable information (PII) of approximately 100,000 individuals, including thousands of the firm's clients."

The facts in the SEC's order, which were neither admitted to nor denied by R.T. Jones, show that, during the nearly four-year period from September 2009 through July 2013, R.T. Jones stored the sensitive PII of over 100,000 individuals, which included thousands of R.T. Jones' clients, on its third-party-hosted Web server (Server). In July 2013, the Server was attacked by an unknown hacker who gained access to the PII contained thereon, leaving it vulnerable to theft. The SEC found that, during the period in question, R.T. Jones had "failed entirely to adopt written policies and procedures reasonably designed to safeguard customer information," giving as examples R.T. Jones' failure to "conduct periodic risk assessments, implement a firewall, encrypt PII stored on its server, or maintain a response plan for cybersecurity incidents." After R.T. Jones discovered the breach, it took mitigating measures such as hiring a cybersecurity consulting firm (which traced the attack to China) to determine the breach's scope, notifying every affected individual about the breach, and offering free identity-theft monitoring through a third-party provider. According to the SEC, to date R.T. Jones has not received any indications of individuals suffering financial harm as a result of the attack.

The SEC found R.T. Jones to be in violation of Rule 30(a) of Regulation S-P promulgated under the '33 Act. As Marshall S. Sprung, Co-Chief of the SEC's Asset Management Unit, said in the press release, "As we see an increasing barrage of cyber attacks on financial firms, it is important to enforce the safeguards rule even in cases like this when there is no apparent financial harm to clients. Firms must adopt written policies to protect their clients' private information and they need to anticipate potential cybersecurity events and have clear procedures in place rather than waiting to react once a breach occurs."

In its September 22, 2015 press release, the SEC announced an "investor alert" issued that day by its Office of Investor Education and Advocacy, which offered steps for investors to take if they become victims of identity theft or data breach. Also, relevant to this matter, in a separate press release issued on September 15, 2015 the SEC's Office of Compliance Inspections and Examinations (OCIE) issued an alert regarding its Cybersecurity Examination Initiative, in which the OCIE made clear that it will continue to conduct examinations of registered broker-dealers and investment advisers to ensure they have compliant cybersecurity measures in place and identified (on an attached appendix) the specific cybersecurity areas the OCIE will be focusing on during its second round of examinations of those firms later this year.

See here to read the SEC's 9/22/15 press release titled "SEC Charges Investment Adviser with Failing to Adopt Proper Cybersecurity Policies and Procedures Prior to Breach."

Don't Fly Like This Eagle—First "Distribution-in-Guise" Case Announced by the SEC: On September 21, 2015, the SEC announced that New York-based investment adviser First Eagle Investment Management, LLC (First Eagle) and its affiliated distributor FEF Distributors, LLC (FEF) agreed to pay approximately $40 million (consisting of disgorgement of almost $25 million plus prejudgment interest of $2.3 million and a penalty of $12.5 million) to settle charges that they had improperly used mutual fund assets to pay for the marketing and distribution of fund shares. The case is the first one to arise out of the SEC's recently announced "Distribution-in-Guise Initiative," designed to protect mutual fund shareholders from bearing the costs when firms improperly use fund assets to pay for distribution-related services by, as in this case, "masking the payments as sub-transfer agency (sub-TA) payments." As the SEC made clear in its press release and order, whereas "[f]inancial intermediaries often provide both distribution and shareholder services to mutual funds"—including shareholder services typically provided by the funds' transfer agent, such as sub-TA services—"[i]t is unlawful to use fund assets to pay for [such intermediaries' costs for] distribution and marketing, unless such payments are made pursuant to the fund's 12b-1 plan" approved by the fund's board.

The findings contained in the SEC's order (which were neither admitted to nor denied by First Eagle and FEF) detail a complicated scheme that can be briefly summarized as follows: From January 2008 through March 2014, First Eagle and FEF caused the First Eagle Funds (Funds) to pay nearly $25 million for distribution and marketing (D&M) services provided by two financial intermediaries with whom FEF had contracted in 2000 and 2005 (formalized in 2007), respectively. As the Funds' boards had not approved the payment of D&M services from Fund assets under the Funds' Rule 12b-1 plans, First Eagle and FEF misrepresented the payments to the Funds' boards as being for sub-TA services (which were so authorized). Moreover, the Funds' prospectus disclosures during that time inaccurately stated that First Eagle and FEF were bearing the financial intermediaries' D&M expenses from their own assets.

The SEC found in the order that First Eagle "willfully violated" Section 206(2) of the Investment Advisers Act of 1940 and Section 34(b) of the Investment Company Act of 1940 (Investment Company Act). Moreover, the SEC found that First Eagle and FEF caused the Funds to violate Section 12(b) of the Investment Company Act and Rule 12b-1 thereunder. In addition to paying almost $40 million in disgorgement and penalties, First Eagle and FEF also agreed to cease and desist from further violations and return the $25 million in disgorgement to the Funds' shareholders. The SEC also required FEF to retain an independent compliance consultant to "conduct a comprehensive review of FEF's supervisory, compliance, and other policies and procedures designed to prevent and detect the prohibited use of the Funds' assets to engage, directly or indirectly, in financing any activity which is primarily intended to result in the sale of shares issued by the Funds."

See here to read the SEC's 9/21/15 press release titled "SEC Charges Investment Adviser With Improperly Using Mutual Fund Assets to Pay Distribution Fees, First Case Brought Under 'Distribution-in-Guise Initiative.'"

CFTC Pronounces Bitcoin and Other "Virtual" Currencies to Be Commodities Subject to Its Regulation in Its First Action Against an Unregistered Bitcoin Trading Platform: On September 17, 2015, the CFTC announced that it had settled charges against San Francisco-based Coinflip, Inc., d/b/a Derivabit (Coinflip) and its CEO for conducting activity related to commodity options, including specifically operating a facility for the trading and processing of commodity options, in violation of the Commodity Exchange Act (CEA) and relevant CFTC regulations. The CFTC billed this as its "first action against an unregistered Bitcoin options trading platform" and found, for the first time, that "Bitcoin and other virtual currencies are properly defined as commodities" under the CEA. As a result, the CFTC found that the "commodity option transactions" at issue in this case must be conducted in compliance with the applicable provisions of the CEA and CFTC regulations applicable to "swaps" (the CEA definition that includes commodity options contracts) or must fall within the "trade option" exemption therefor.

The facts in the CFTC's order show that from March through August 2014, Coinflip and its CEO operated an online facility named "Derivabit" that offered to connect buyers and sellers of Bitcoin option contracts via "put and call options" for the delivery of Bitcoins on the Derivabit platform. The CFTC found that the Bitcoin "commodity option transactions were not conducted in compliance with a provision of the CEA or a provision of the Regulations otherwise applicable to swaps, and were not conducted pursuant to the Regulation 32.3 'trade option' exemption." The CFTC further found that Coinflip had been operating a facility for the trading of swaps but had failed to register as a "Swap Execution Facility" or a "Designated Contract Market" as required under the CEA and CFTC regulations.

Coinflip and its CEO agreed to cease and desist from further violations of the CEA and Regulations, and to comply with the undertakings specified in the CFTC order. As CFTC Director of Enforcement Aitan Goelman said in the press release, "While there is a lot of excitement surrounding Bitcoin and other virtual currencies, innovation does not excuse those acting in this space from following the same rules applicable to all participants in the commodity derivatives markets."

See here to read the CFTC's 9/17/15 press release titled "CFTC Orders Bitcoin Options Trading Platform Operator and Its CEO to Cease Illegally Offering Bitcoin Options and to Cease Operating a Facility for Trading or Processing of Swaps Without Registering.

The Case of the Missing Bank CD and the Felon: SEC Charges BDO USA and Five of Its Partners With Issuing "False and Misleading" Audit Opinions: Sometimes truth is stranger than fiction. On September 9, the SEC announced that national audit firm BDO USA, LLP (BDO) agreed to pay over $2 million (consisting of $600,000 in disgorgement of its audit fees plus interest and a $1.5 million penalty) to settle charges that it dismissed "red flags" and issued "false and misleading" unqualified audit opinions about the financial statements of one of its clients, staffing services company General Employment Enterprises (GEE). Also as part of the settlement, BDO admitted to wrongdoing and agreed to various "undertakings related to its quality controls." The five BDO partners charged in the incident agreed to a settlement suspending them from practicing public company accounting for varying periods of time and requiring them to pay penalties ranging from $30,000 to $10,000. On the client side of the equation, the SEC announced that, while it had settled with two of GEE's former executives (who will each pay a $150,000 penalty), the SEC had filed fraud charges in Manhattan district court against GEE's then chairman of the board and majority shareholder Stephen B. Pence (Pence), who also happens to be a former U.S. attorney and former lieutenant governor for the state of Kentucky. The SEC's orders instituting the settlements and the complaint contain sordid allegations involving a missing certificate of deposit worth millions, suspicious payments into company accounts and a "behind the scene" convicted criminal pulling the strings.

A brief summary of the facts as set forth in the SEC's orders entered against BDO and the five partners reveals some questionable goings-on: During its 2009 audit of GEE, BDO was advised by GEE that $2.3 million (representing approximately half of GEE's assets and substantially all of its cash) that had purportedly been invested in a 90-day nonrenewable certificate of deposit (CD) had not been repaid by the bank on its maturity date. BDO further learned upon investigation that there was no record of GEE ever purchasing said CD from the bank. There ensued multiple conflicting stories from GEE management, Pence and other board members about the whereabouts of the missing CD/$2.3 million. Shortly thereafter, GEE received a series of deposits into its accounts aggregating, coincidently, $2.3 million from three entities that were unaffiliated with the bank, one of which was allegedly owned by Pence (who was at that time the chairman of the board and the majority shareholder of GEE). When BDO questioned the deposits, GEE claimed—with no satisfactory backup—that they were "the proceeds of an agreement to assign the purported CD to an unrelated party in return for the value of the CD." The two BDO partners in charge of the audit then consulted with three senior BDO partners about the strange facts uncovered in the audit: the missing CD and $2.3 million, the mysterious deposits equaling the missing amount that showed up later, and the conflicting explanations from GEE executives and board members (including Pence). As a result, BDO issued a five-page letter to GEE setting forth the facts and demanding that the audit committee conduct an independent investigation. A few days later, however, and apparently without BDO ever receiving any coherent explanation from GEE about anything, BDO inexplicably withdrew its demand and subsequently issued unqualified opinions on the financial statements included in GEE's 2009 and 2010 annual reports.

Making things "curiouser and curiouser," the facts in the SEC's complaint against Pence allege that Pence gave off the "false appearance" of acting independently as chairman and majority stockholder of GEE during the time in question but was in reality "acting as an agent" for and doing the bidding of a convicted felon named Wilbur Anthony Huff (Huff). The complaint further alleges that Huff funded Pence's acquisition of a majority stake in GEE and gifted Pence with an aggregate of $500,000 and a $50,000 Cadillac Escalade in 2009-2010. Moreover, the complaint points out that Huff is currently serving time in prison for, among other things, "misappropriating the $2.3 million in question from General Employment." Coincidence? The SEC thinks not. The complaint charges Pence with violations of Section 10(b) of the '34 Act and its related Rules by making false and misleading statements to BDO about the existence of the purported CD, the missing $2.3 million and the "dubious related-party" deposits, and signing GEE's 2009 annual report knowing that it contained misleading statements and omissions about those matters.

See here to read the SEC's 9/9/15 press release titled "SEC Charges BDO and Five Partners in Connection With False and Misleading Audit Opinions."

September 2015: Major Settlements for Healthcare Providers Under the Stark Law and False Claims Act

Why it matters: September 2015 saw the announcement by the DOJ of three major settlements with healthcare providers involving violations of both the Stark Law (relating to improper compensation arrangements with referring physicians) and the False Claims Act (triggered by the Stark Law violations and involving the fraudulent billing of Medicare and Medicaid for the referring physicians' services). These cases are illustrative of the government's continuing emphasis on combating healthcare fraud, including specifically Medicare and Medicaid financial fraud, through the efforts of its Health Care Fraud Prevention and Enforcement Action Team (established in 2009 as a partnership between the DOJ and the Office of Health and Human Services). Read on for the details.

Detailed discussion: In September 2015, the DOJ announced three settlements with healthcare providers involving violations of the Physician Self-Referral Law (known as the Stark Law) and resulting false billing allegations under the False Claims Act (FCA). All three of the cases were brought under the qui tam whistleblower provisions of the FCA, which permit private citizens to bring suit on behalf of the government for alleged false claims and share in the proceeds of any recovery. To briefly recap the relevant statutes, the Stark Law prohibits physicians from referring patients to receive "designated health services" (including tests and procedures) payable by Medicare or Medicaid from entities with which the physician or an immediate family member has a financial relationship (unless a stated exception applies). As used in the Stark Law, and relevant to the cases discussed here, a "financial relationship" includes bonus and other compensation arrangements paid to a physician based on such referrals. Moreover, a Stark Law violation will usually trigger a violation under the FCA, which makes it illegal for an entity to submit claims for payment to Medicare or Medicaid that it "knows or should know" are false or fraudulent. In the press release for the Adventist Health System settlement (discussed below), DOJ Civil Division head Benjamin C. Mizer summed up the issue as follows: "Unlawful financial arrangements between health care providers and their referral sources raise concerns about physician independence and objectivity. Patients are entitled to be sure that the care they receive is based on their actual medical needs rather than the financial interests of their physician." As you will see, in each of the cases discussed below, the local U.S. Attorney has taken up the government's FCA/Stark Law enforcement drumbeat with great gusto.

Adventist Health System: On September 21, 2015, the DOJ announced that Adventist Health System (Adventist), a Florida-based healthcare system that operates hospitals and other healthcare facilities in 10 states, agreed to pay $115 million to settle allegations that it violated the FCA by submitting false claims to Medicare and Medicaid. The allegations centered around "improper compensation arrangements" Adventist had with its physicians, pursuant to which Medicare and Medicaid were fraudulently billed "for services rendered to patients referred by employed physicians who received bonuses based on a formula that improperly took into account the value of the physicians' referrals to Adventist Hospitals." The settlement also resolved allegations that the bills submitted to Medicare and Medicaid for the physician's referred services contained "improper coding modifiers" that resulted in overpayment for the services rendered. The three qui tam whistleblowers' share of the settlement had not yet been determined at press time. In a press release, the acting U.S. Attorney for the Western District of North Carolina said "Adventist-owned hospitals … allegedly paid doctors' bonuses based on the number of tests and procedures they ordered. This type of financial incentive is not only prohibited by law, but can undermine patients' medical care. Would-be violators should take notice that my office will use the False Claims Act to prevent and pursue health care providers that threaten the integrity of our healthcare system and waste taxpayer dollars."

North Broward Hospital District: On September 15, 2015, the DOJ announced that North Broward Hospital District (North Broward), described as a "special taxing district that operates hospitals and other health care facilities in Broward County, Florida," agreed to pay $69.5 million to settle allegations that it had violated the FCA by maintaining "improper financial relationships" with nine of its physician employees by compensating them "beyond the fair market value of their services" in violation of the Stark Law, and then fraudulently billing Medicare and Medicaid for such services. The physician qui tam whistleblower was awarded approximately $12 million for his share of the settlement. The U.S. Attorney said in the press release that "[o]ur citizens deserve medical treatment uncorrupted by excessive salaries paid to physicians as a reward for the referral of business rather than the provision of the highest quality healthcare. This office will be steadfast in continuing to devote all necessary resources to ensure that anyone rendering medical care does so for the sole benefit of the patient and in compliance with the law."

Columbus Regional Healthcare System: On September 4, 2015, the DOJ announced that Georgia-based Columbus Regional Healthcare System (Columbus Regional) and Dr. Andrew Pippas (Pippas) agreed to pay $25 million (with additional conditional payments of up to $10 million) and $425,000, respectively, to settle allegations that they violated the FCA by submitting fraudulent claims to Medicare and Medicaid. The fraudulent claims allegedly arose out of the "excessive salary and directorship payments" paid by Columbus Regional to Pippas from 2003-2013 in violation of the Stark Law. The settlement also resolved allegations that, from 2006-2013, Columbus Regional and Pippas submitted claims for payment to Medicare and Medicaid for services at higher levels than supported by the documentation, including claims submitted between 2010-2012 for radiation therapy at higher levels than what was actually provided. The press release provides that a portion of the total settlement money being paid by Columbus Regional and Pippas will go to the State of Georgia to cover its share of the Medicaid losses. Columbus Regional also agreed as part of the settlement to enter into a "corporate integrity agreement" with the Office of Health and Human Services—Office of the Inspector General that requires Columbus Regional to implement measures "designed to avoid or promptly detect future conduct" that would, as it did in this case, run afoul of the Stark Law and FCA. As of press time, the qui tam whistleblower's award had not yet been determined. In the press release, the U.S. Attorney said "[t]he maximum amount of this settlement, some $35 million, is appropriate given the number of alleged violations involving the False Claims Act and the Stark Act. Access to health care is on everyone's mind, especially with respect to rural communities. The type of conduct alleged in this case puts that access at risk. This settlement reflects on the one hand, the Department of Justice's commitment to make sure that hospitals and physicians who commit violations of federal law are held to account, and on the other hand, especially with the requirement of the monitoring agreement, makes sure that we continue to have appropriately functioning health care providers accessible to the wide array of communities they serve."

See here to read the DOJ's 9/21/15 press release titled "Adventist Health System Agrees to Pay $115 Million to Settle False Claims Act Allegations."

See here to read the DOJ's 9/15/15 press release titled "Florida Hospital District Agrees to Pay United States $69.5 Million to Settle False Claims Act Allegations."

See here to read the DOJ's 9/4/15 press release titled "Georgia Hospital System and Physician to Pay More Than $25 Million to Settle Alleged False Claims Act and Stark Law Violations."

When Regulatory Failings Turn Criminal—The Car Edition

Why it matters: It has been a rough 18 months for the automobile industry. On September 17, 2015, the DOJ announced criminal charges against General Motors Company arising from undisclosed potentially deadly safety defects with its cars that resulted in the company entering into a deferred prosecution agreement with the government and forfeiture of $900 million. Moreover, as the late, great Yogi Berra would say, the General Motors case was "déjà vu all over again" to the March 2014 DOJ criminal action against Toyota Motor Corporation, which also arose from undisclosed potentially deadly safety defects with its cars and similarly resulted in a deferred prosecution agreement and a $1.2 billion penalty. Then, on September 21, 2015, multiple news outlets cited government sources to report that the DOJ has launched a criminal investigation into the recent admission by Volkswagen that it defrauded consumers by knowingly rigging emissions tests of its diesel-powered cars in the United States. Matters such as these traditionally fall under the purview of U.S. regulators such as the National Highway Traffic Safety Administration (in the case of the General Motors and Toyota matters) and the Environmental Protection Agency (in the case of the Volkswagen matter) … and, it seems of late, the Department of Justice, as such regulatory failings have become increasingly criminalized.

Detailed discussion: On September 17, 2015, U.S. Attorney for the Southern District of New York Preet Bharara announced that criminal charges had been filed against Detroit-based General Motors Company (GM) for concealing, from 2012-2014, a "potentially deadly" safety defect from its U.S. regulator, the National Highway Traffic Safety Administration (NHTSA), and misleading consumers about the safety of certain of its cars. The safety defect was described as a defective ignition switch that could too easily knock the car out of the "run" position, resulting in sudden engine shutoff/stalls and disabling the affected cars' front air bags. GM admitted to knowledge of at least 15 deaths and a number of serious injuries caused by the defective switch. In connection with the charges, U.S. Attorney Bharara announced that GM had agreed to enter into a three-year deferred prosecution agreement (DPA) under which GM admitted to the charges and statement of facts and consented to the imposition of an independent monitor to "review and assess policies, practices and procedures relating to GM's safety-related public statements, sharing of engineering data and recall processes." The DPA also required GM to pay $900 million in forfeiture pursuant to a parallel civil action being filed concurrently in the Southern District of New York.

The agreed facts contained in the DPA and other documents filed in the Southern District of New York show that GM knew about the defect in the ignition switch as early as 2002 before the affected cars went into production. In 2004-2005, when the drivers of the cars began to experience sudden stalls while driving, GM did a cost-benefit analysis and decided to leave the switches "as is" (even though the facts show that a simple, inexpensive fix—costing less than $1.00 per car - could have greatly reduced the risk) and opted instead to issue an advisory to the car dealerships with tips drivers should take to minimize sudden stalls. In June 2005, GM made public statements acknowledging the defective switches but assured the public that they did not pose a safety concern. The facts show that by spring of 2012, GM had learned that the defective switches could also cause the non-deployment of the car's front air bags, and was aware of several deaths and serious injuries in crashes where the front air bags didn't deploy that were likely caused by the defective switches. The facts make clear that this knowledge went beyond the GM engineers investigating the crashes and extended to certain supervisors and attorneys at the company. During the nearly two-year period between spring 2012 (when GM learned about the connection between the defective switches and front air bag non-deployment) and February 2014, although no new cars were manufactured with the defective switches, GM still certified "as meeting all safety standards" existing cars with the defective switches as part of its "certified pre-owned" program. It was not until February 2014 that GM first notified the NHTSA and the public about the connection between the defective switches and the non-deployment of the front air bags, and a recall of more than 700,000 of the affected GM cars commenced (which, by March 2014, had risen to over 2 million vehicles recalled). The facts show that the delay in disclosure to the NHTSA and public was caused by the actions of "certain personnel responsible for shepherding safety defects through GM's internal recall process, who delayed the recall until GM could fully package, present, explain and handle the deadly problem" (no word yet on whether any individuals will be charged pursuant to the DOJ's highly publicized recent pronouncement on holding individuals accountable, recently reported on by us in our September 21, 2015, alert titled "New DOJ Policy Alert: Here's Looking at You, Kid—DOJ Announces Six Specific steps to Hold Individual 'Corporate Wrongdoers' Accountable").

The DOJ makes clear in its press release that, since the start of its criminal investigation in February 2014, GM has been a "model citizen" in terms of cooperation with the government, listing GM's "exemplary actions to demonstrate acceptance and acknowledgement of responsibility for its conduct" as follows: "GM, among other things, conducted a swift and robust internal investigation, furnished the government with a continuous flow of unvarnished facts gathered during the course of that internal investigation, voluntarily provided, without prompting, certain documents and information otherwise protected by the attorney-client privilege, provided timely and meaningful cooperation more generally in the federal criminal investigation, terminated wrongdoers and established a full and independent victim compensation program that has to date paid out hundreds of millions of dollars in awards."

While the government most certainly gave GM some mitigation credit for its cooperation post-February 2014, GM was held criminally accountable for the egregiousness of its actions in the years prior. As U.S. Attorney Bharara said in the DOJ's press release, "[f]or nearly two years, GM failed to disclose a deadly safety defect to the public and its regulator. By doing so, GM put its customers and the driving public at serious risk. Justice requires the filing of criminal charges, detailed admissions, a significant financial penalty, and the appointment of a federal monitor. These measures are designed to make sure that this never happens again." Added Attorney General Loretta E. Lynch, "[e]very consumer has the right to expect that car manufacturers are taking their safety seriously. The Department of Justice is committed to ensuring that the products Americans buy are safe; that consumers are protected from harm; and that auto companies follow the law."

All of this sounds eerily familiar to the events of March 19, 2014, when the DOJ announced a three year DPA with Japanese carmaker Toyota Motor Corporation (Toyota) in connection with statements it made to the NHTSA and consumers in the fall of 2009 and early 2010 related to two safety defects that could cause unintended acceleration in its Toyota and Lexus vehicles (“floor mat entrapment” and “sticky pedal,” respectively). The DPA also similarly imposed upon Toyota an independent monitor to “review and assess policies, practices and procedures relating to Toyota’s safety-related public statements and reporting obligations,” and also required Toyota to pay a $1.2 billion financial penalty pursuant to a parallel civil action in the Southern District of New York.

It appears that German carmaker Volkswagen could be next. On September 21, 2015, Bloomberg (as well as The Wall Street Journal and multiple other news sources) reported, based on information from highly placed government sources, that the DOJ has launched a criminal investigation into the recent admission by Volkswagen that over a five-year period it knowingly added software designed to rig emissions tests to approximately 482,000 of its diesel-powered Volkswagen and Audi cars sold in the United States. According to the Environmental Protection Agency (EPA), which first announced the fraud in a news conference on September 18, the "deceive devices" added to the cars tricked U.S. regulators into believing that the cars' emissions met Clean Air Act standards, but in reality the cars emitted as much as 40 times the legal limit of pollutants. Volkswagen allegedly perpetrated a massive fraud on the EPA and U.S. consumers who thought they were doing something good for the environment, and such deception can be criminal and costly. At this point, we ask the same question we wondered about above: In addition to charges against Volkswagen itself, will we also be seeing criminal charges against individual Volkswagen employees pursuant to the DOJ's recent Yates Memo? We will be watching, and report back.

See here to read the DOJ's 9/17/15 press release titled "U.S. Attorney of the Southern District of New York Announces Criminal Charges Against General Motors and Deferred Prosecution Agreement with $900 Million Forfeiture."

See here to read the 9/16/15 Deferred Prosecution Agreement between the DOJ and General Motors Company (attached as Exhibit A to the Verified Complaint), including all exhibits to the DPA containing the information and agreed statement of facts.

See here to read the 3/19/15 DOJ press release titled "Justice Department Announces Criminal Charge Against Toyota Motor Corporation and Deferred Prosecution Agreement with $1.2 Billion Financial Penalty."

For more on this subject, read the 9/21/15 Bloomberg Business article by Del Quentin Wilber and Greg Farrell titled "Volkswagen Said Focus of U.S. Criminal Probe on Emissions."

Keeping an Eye Out—Updates and Briefly Noted

  • U.S. Supreme Court declines review of United States v. Newman: On 10/5/15, the U.S. Supreme Court denied cert. in U.S. v. Newman, leaving in place the Second Circuit's controversial decision making it more difficult for the government to prove insider trading against "downstream" tippees. We previously reported on the government's petition for certiorari in this case in our August 2015 newsletter under "Are the Circuits A-Splitting? The Ninth Circuit Declines to Follow the Second Circuit's Insider Trading Decision in U.S. v. Newman."
  • DOJ Yates Memo: On 9/22/15, Assistant Attorney General Leslie Caldwell delivered remarks at the Second Annual Global Investigations Review Conference about the 9/9/15 Yates Memo, which announced the six specific steps the DOJ will be taking to hold individual "corporate wrongdoers" accountable. Caldwell's main message was that the Yates Memo "strongly reinforced what we have been doing for a long time." After citing several corporate investigations in which individual employees were also charged, Caldwell reviewed the six steps highlighted in the Yates Memo and provided helpful guidance. For example, with respect to the first step requiring corporations to turn over information about their culpable employees in order to get mitigating cooperation credit, Caldwell emphasized that "a company cannot provide what it does not have" and that it will still be eligible for cooperation credit even if it does not, in good faith, have information about individual employees to turn over. We previously reported on the Yates Memo in our 9/21/15 bulletin titled "New DOJ Policy Alert: Here's Looking at You, Kid—DOJ Announces Six Specific Steps to Hold Individual 'Corporate Wrongdoers' Accountable."
  • Guilty plea in massive cyber data breach conspiracy: On 9/15/15, the DOJ announced that a Russian national pleaded guilty in the District of New Jersey in connection with the largest cyber data breach conspiracy prosecuted in the United States. The Russian national defendant and four co defendants allegedly hacked into the networks of corporate victims, including NASDAQ, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard. The worldwide hacking and data breach scheme compromised more than 160 million credit card numbers and resulted in hundreds of millions of dollars in losses. The original indictment in the case was filed in 2009.
  • First settlement in newswire insider trading case: On 9/14/15, the SEC announced that Ukraine-based Jaspen Capital Partners Limited and its CEO agreed to pay $30 million to settle allegations that they profited from trading on nonpublic corporate information hacked from newswire services. We previously reported on this case in our September 2015 newsletter under "No Dog Days of August for the SEC—A Recap of a Busy Month."
  • DOJ FIFA investigation: On 9/14/15, U.S. Attorney General Loretta Lynch gave an update on the DOJ's ongoing FIFA investigation and indicated that more charges will be forthcoming against both "individuals and entities." Attorney General Lynch made these remarks at a 9/14/15 press conference with the Swiss Attorney General in Zurich, Switzerland. We previously reported on the FIFA investigation in our June 2015 newsletter under "The Unfolding FIFA Scandal: Will the DOJ Show the Banks a Red Card?"

Written by:

Manatt, Phelps & Phillips, LLP

Manatt, Phelps & Phillips, LLP on:

Readers' Choice 2017
Reporters on Deadline

Related Case Law

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide

JD Supra Privacy Policy

Updated: May 25, 2018:

JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.

This Privacy Policy describes how JD Supra, LLC ("JD Supra" or "we," "us," or "our") collects, uses and shares personal data collected from visitors to our website (located at (our "Website") who view only publicly-available content as well as subscribers to our services (such as our email digests or author tools)(our "Services"). By using our Website and registering for one of our Services, you are agreeing to the terms of this Privacy Policy.

Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the "My Account" dashboard (available if you are logged into your JD Supra account).

Collection of Information

Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account ("Registration Data"), such as your:

  • Email
  • First Name
  • Last Name
  • Company Name
  • Company Industry
  • Title
  • Country

Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.

Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.

Your interactions with our Website and Services: As is true of most websites, we gather certain information automatically. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information to analyze trends, to administer the Website and our Services, to improve the content and performance of our Website and Services, and to track users' movements around the site. We may also link this automatically-collected data to personal information, for example, to inform authors about who has read their articles. Some of this data is collected through information sent by your web browser. We also use cookies and other tracking technologies to collect this information. To learn more about cookies and other tracking technologies that JD Supra may use on our Website and Services please see our "Cookies Guide" page.

How do we use this information?

We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:

  • Operate our Website and Services and publish content;
  • Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
  • Measure readership and usage of the Website and Services;
  • Communicate with you regarding your questions and requests;
  • Authenticate users and to provide for the safety and security of our Website and Services;
  • Conduct research and similar activities to improve our Website and Services; and
  • Comply with our legal and regulatory responsibilities and to enforce our rights.

How is your information shared?

  • Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
  • If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
  • Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
  • Our Website may offer you the opportunity to share information through our Website, such as through Facebook's "Like" or Twitter's "Tweet" button. We offer this functionality to help generate interest in our Website and content and to permit you to recommend content to your contacts. You should be aware that sharing through such functionality may result in information being collected by the applicable social media network and possibly being made publicly available (for example, through a search engine). Any such information collection would be subject to such third party social media network's privacy policy.
  • Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
  • Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.

How We Protect Your Information

JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at

Children's Information

Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.

Information for EU and Swiss Residents

JD Supra's principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.

  • Our Legal Basis for Processing: Generally, we rely on our legitimate interests in order to process your personal information. For example, we rely on this legal ground if we use your personal information to manage your Registration Data and administer our relationship with you; to deliver our Website and Services; understand and improve our Website and Services; report reader analytics to our authors; to personalize your experience on our Website and Services; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. Please see Article 6(1)(f) of the E.U. General Data Protection Regulation ("GDPR") In addition, there may be other situations where other grounds for processing may exist, such as where processing is a result of legal requirements (GDPR Article 6(1)(c)) or for reasons of public interest (GDPR Article 6(1)(e)). Please see the "Your Rights" section of this Privacy Policy immediately below for more information about how you may request that we limit or refrain from processing your personal information.
  • Your Rights
    • Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
    • Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
    • Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.

You can make a request to exercise any of these rights by emailing us at or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

You can also manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard.

We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use "automatic decision making" or "profiling" as those terms are defined in the GDPR.

  • Timeframe for retaining your personal information: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. For example, if you are an author, your personal information may continue to be published in connection with your article indefinitely. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • Onward Transfer to Third Parties: As noted in the "How We Share Your Data" Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can make a request for this information by emailing us at or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.

Access/Correct/Update/Delete Personal Information

For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to

Changes in Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our Privacy Policy will become effective upon posting of the revised policy on the Website. By continuing to use our Website and Services following such changes, you will be deemed to have agreed to such changes.

Contacting JD Supra

If you have any questions about this Privacy Policy, the practices of this site, your dealings with our Website or Services, or if you would like to change any of the information you have provided to us, please contact us at:

JD Supra Cookie Guide

As with many websites, JD Supra's website (located at (our "Website") and our services (such as our email article digests)(our "Services") use a standard technology called a "cookie" and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.

How We Use Cookies and Other Tracking Technologies

We use cookies and other tracking technologies to:

  1. Improve the user experience on our Website and Services;
  2. Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user's login session and requires a valid username and password to obtain. It is required to access the user's profile information, subscriptions, and analytics;
  3. Track anonymous site usage; and
  4. Permit connectivity with social media networks to permit content sharing.

There are different types of cookies and other technologies used our Website, notably:

  • "Session cookies" - These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
  • "Persistent cookies" - These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
  • "Web Beacons/Pixels" - Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.

JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:

  • HubSpot - For more information about HubSpot cookies, please visit
  • New Relic - For more information on New Relic cookies, please visit
  • Google Analytics - For more information on Google Analytics cookies, visit To opt-out of being tracked by Google Analytics across all websites visit This will allow you to download and install a Google Analytics cookie-free web browser.

Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the "Like," "Tweet," or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.

Controlling and Deleting Cookies

If you would like to change how a browser uses cookies, including blocking or deleting cookies from the JD Supra Website and Services you can do so by changing the settings in your web browser. To control cookies, most browsers allow you to either accept or reject all cookies, only accept certain types of cookies, or prompt you every time a site wishes to save a cookie. It's also easy to delete cookies that are already saved on your device by a browser.

The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser's "Help" function or alternatively, you can visit which explains, step-by-step, how to control and delete cookies in most browsers.

Updates to This Policy

We may update this cookie policy and our Privacy Policy from time-to-time, particularly as technology changes. You can always check this page for the latest version. We may also notify you of changes to our privacy policy by email.

Contacting JD Supra

If you have any questions about how we use cookies and other tracking technologies, please contact us at:

- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.