Corporate Investigations & White Collar Defense - May 2015

by Manatt, Phelps & Phillips, LLP

In This Issue:

  • It’s an Absolute Privilege to Meet You! Texas Supreme Court Rules That Internal Investigation Report Provided by Shell Oil to DOJ Enjoys “Absolute Privilege”
  • Deutsche Bank: The Latest Bank Implicated in the Wide-Ranging LIBOR Manipulation Investigation
  • Between a (Black)Rock and a Hard Place: BlackRock Advisors and Its Compliance Officer Settle with the SEC for Failing to Disclose Conflict of Interest
  • Judge Leon, Meet the Fokker: Court Shoots Down DPA
  • Will Ripple Have a Ripple Effect? Government Announces Settlement in Concurrent Criminal and Civil Enforcement Actions Against Virtual Currency Exchanger
  • Whistle While You Work: April Showers Bring Big Whistleblower Awards, Some to Compliance Officers
  • Keeping an Eye Out—Updates and Briefly Noted

It’s an Absolute Privilege to Meet You! Texas Supreme Court Rules That Internal Investigation Report Provided by Shell Oil to DOJ Enjoys “Absolute Privilege”

Why it matters: On May 15, 2015, the Texas Supreme Court ruled that an internal investigation report provided by Shell Oil Company to the DOJ in 2009 in connection with an FCPA investigation enjoys “absolute privilege” and therefore cannot be the basis for a defamation case against the company. The Court based its finding on the fact that Shell Oil Company was a target of the DOJ’s investigation at the time and submitted the internal investigation report to the DOJ in “serious contemplation of the fact that it might be prosecuted.”

Detailed discussion: On May 15, 2015, the Texas Supreme Court ruled in the case of Shell Oil Company and Shell International, E&P, Inc. v. Robert Writt that an internal investigation report provided to the DOJ by Shell Oil Company (Shell) in 2009 enjoys “absolute privilege” and therefore could not be the basis for a subsequent defamation suit against the company.

A brief summary of the background: In February 2007, Shell contractor Vetco Gray (Vetco) had been convicted and fined $26 million for criminal violations of the FCPA resulting from bribes it had paid to Nigerian customs officials through Panalpina, Inc. (Panalpina), a freight forwarding and customs clearing company. Five months later, in July 2007, the DOJ notified Shell in writing that it was commencing an investigation into Shell’s engagement of Panalpina. Shell agreed to cooperate with the DOJ and voluntarily conduct an internal investigation into its dealings with Panalpina. Shell also agreed to report its findings to the DOJ, with the understanding that the DOJ would treat the report as confidential.

The DOJ subsequently identified several individuals as potential witnesses and persons of interest in its investigation and requested that Shell produce information about them. One of the individuals so identified was Writt, a Shell employee who worked on the Bonga project and whose duties included serving as the contract holder between Shell and Vetco and approving Vetco’s reimbursement expenses. Over the course of its internal investigation, Writt was interviewed several times by Shell’s outside counsel about his knowledge of the potentially illegal payments made to Panalpina. In February 2009, Shell included those interviews as part of its internal investigation report (2009 report) provided to the DOJ, which established that Writt was aware of “several red flags” concerning Panalpina’s customs clearing process and had provided inconsistent information about what he knew. At the same time, Shell terminated Writt’s employment, stating in the termination letter that Writt’s conduct in connection with the Bonga project was a “significant, substantial and unacceptable” violation of Shell’s business principles and employee code of conduct. Writt then sued Shell both for wrongful termination and for defamation, claiming that the report contained false accusations that he had approved bribery payments and participated in illegal conduct.

While Shell’s summary judgment motion was pending in Writt’s wrongful termination/defamation case, the DOJ formally charged Shell with criminal violations of the FCPA which led to the DOJ and Shell entering into a DPA in 2010. The district court in Writt’s case subsequently granted Shell’s summary judgment motion with respect to the defamation claim, finding that the 2009 report was absolutely privileged. While Writt’s wrongful termination claim proceeded to trial (the jury found against him), Writt appealed the summary judgment decision as to the defamation claim. The court of appeals reversed, finding that the 2009 report only enjoyed a conditional privilege because, at the time it was turned over to the DOJ, it could not be “conclusively established” that Shell did so under a serious threat of prosecution or “preliminarily to a proposed judicial proceeding.” The court of appeals reasoned that, prior to the DOJ formally initiating criminal proceedings against Shell in 2010, Shell’s internal investigation and cooperation with the DOJ were voluntary, and the fact that the criminal proceedings were later initiated did not change the “conditionally privileged” nature of the 2009 report.

The Texas Supreme Court reversed the court of appeal’s decision and reinstated the district court’s, stating at the outset that the question before it on de novo review was “whether the providing of a report regarding possible criminal activity to a government agency was an absolutely privileged communication or a conditionally privileged one.” After an analysis of the two kinds of privileges available in defamation cases under Texas law, “absolute privilege and conditional or qualified privilege,” and the situations in which each such privilege would apply, the Texas Supreme Court agreed with Shell and held that the absolute privilege would apply to the 2009 report because “the summary judgment evidence is conclusive that when Shell provided its internal investigation report to the DOJ, Shell was a target of the DOJ’s investigation and information in the report related to the DOJ’s inquiry. The evidence is also conclusive that when it provided the report, Shell acted with serious contemplation of the possibility that it might be prosecuted.” Thus, the Court held that “Shell’s providing its report to the DOJ was an absolutely privileged communication.”

See here to read the Texas Supreme Court’s decision in Shell Oil Company and Shell International, E&P, Inc. v. Robert Writt, No. 13-0552 (Tex. 2015).

Deutsche Bank: The Latest Bank Implicated in the Wide-Ranging LIBOR Manipulation Investigation

Why it matters: On April 23, 2015, Deutsche Bank entered into a three year deferred prosecution agreement with the DOJ, including a corporate monitor requirement, in connection with charges that the bank manipulated LIBOR and engaged in a price-fixing conspiracy to rig Yen LIBOR and EURIBOR. In addition, Deutsche Bank’s U.K. subsidiary agreed to plead guilty to one count of wire fraud. Together, Deutsche Bank and its U.K. subsidiary will pay the DOJ and other investigating agencies an aggregate amount exceeding $2.5 billion in criminal penalties and disgorgement—over $750 million of which is the largest criminal penalty imposed by the DOJ alone in connection with the LIBOR resolutions. As Assistant Attorney General of the Criminal Division Leslie R. Caldwell remarked, “[t]oday’s resolution of the LIBOR investigation with Deutsche Bank is in some respects the most significant one yet.”

Detailed discussion: On April 23, 2015, the DOJ announced that Deutsche Bank AG (Deutsche Bank), headquartered in Germany, was the latest bank to be implicated in the DOJ’s investigation of the manipulation of the London Interbank Offered Rate (LIBOR). Pursuant to the DOJ’s press release, Deutsche Bank entered into a three year deferred prosecution agreement (DPA) with the DOJ, which requires a corporate monitor, to resolve wire fraud and antitrust charges grounded in manipulation of LIBOR and engaging in a price-fixing conspiracy involving Yen LIBOR and the Euro Interbank Offered Rate (EURIBOR). In addition, Deutsche Bank’s wholly-owned U.K. subsidiary DB Group Services (UK) Limited (DBGS) agreed to plead guilty to one count of wire fraud for its role in the manipulation of LIBOR in relation to interest rate derivatives trades executed by DBGS employees.

Deutsche Bank and DBGS will pay the DOJ criminal penalties aggregating approximately $775 million ($625 million from Deutsche Bank and $150 million from DBGS). When combined with fines imposed in related agency actions (i.e., $800 million to the Commodity Futures Trading Commission; $600 million to the New York Department of Financial Services; and $344 million to the U.K. Financial Conduct Authority), the total amount Deutsche Bank is paying out exceeds $2.5 billion.

On the conference call with press in conjunction with the DOJ press release, Caldwell emphasized that “[t]his is the first LIBOR resolution that imposes a monitor.” Caldwell went on to state that “[t]oday’s guilty plea, significant financial penalty, deferred prosecution agreement and corporate monitor reflect the department’s consideration of several factors, including the seriousness of Deutsche Bank’s misconduct and the level of cooperation Deutsche Bank provided in the government’s investigation. Deutsche Bank’s cooperation at the outset of the government’s investigation was not full and complete, but it improved over time, and today’s resolution takes that fact into account.” The press release noted that the DOJ “also considered the extensive remedial measures undertaken by Deutsche Bank’s management and its enhanced compliance program” when entering into the DPA.

According to the two separate Statements of Facts (collectively, Statement) incorporated into the DPA and the Plea Agreement with DBGS, respectively, from 2003 through early 2011, Deutsche Bank and DBGS derivatives traders worked with the employees who set Deutsche Bank’s daily LIBOR submissions (submitters) to manipulate the LIBOR submissions favorable to their trading positions. The Statement cites to classic “conflict of interest” situations created by the way the traders and submitters were organized, including where the LIBOR submitter and the derivatives trader were one and the same person, and where the submitters were directly supervised by a trader who stood to benefit from the LIBOR manipulation.

As set out in the Statement, the LIBOR manipulations were accomplished through telephone calls, face-to-face requests (for example, in DBGS’s London office, USD LIBOR submitters sat in close physical proximity to USD LIBOR traders and reported to the same manager), and in writing via emails and electronic “chats.” The Statement cites to Deutsche Bank’s “poor compliance culture” as the root of its troubles, finding that management either had an “awareness of the scheme” but did nothing to stop it, or it “fail[ed] to recognize warning signs” such as a trading set-up that encouraged “conflicts of interest” and “prioritized making money above compliance and business ethics.”

The Statement also describes how, during the relevant time period, traders at Deutsche Bank worked with traders at other banks to manipulate Yen LIBOR and EURIBOR submissions to benefit the other traders’ positions.

The DOJ’s resolution with Deutsch Bank follows resolutions with five other banks in the wide-ranging LIBOR manipulation investigation, including Barclays Bank PLC and UBS AG, although as the government has strongly hinted in the past few months, the DPAs and NPAs it is entering into with these banks are not set in stone and will be pulled for repeat offenders. The government did just that with respect to UBS this week: on May 20, 2015, the government announced that, due to UBS’s breach, it was voiding the 2012 NPA and that UBS was pleading guilty to LIBOR manipulation. UBS will pay a criminal penalty of $203 million, an amount that comes in addition to the over $1 billion in penalties and fines paid by UBS to global law enforcement and regulators when it entered into the NPA. In the same May 20 press release, the DOJ stated that Barclays Bank was one of four banks that were pleading guilty for conspiring to rig the FOREX market. While the DOJ found the conspiracy to be in breach of Barclays’ 2012 NPA, that NPA remains intact for now but Barclays was assessed an additional $60 million criminal penalty for the breach.

See here to read the Deferred Prosecution Agreement in U.S. v. Deutsche Bank AG (4/23/15).

See here to read the Statement of Facts, Attachment A to the Deferred Prosecution Agreement in U.S. v. Deutsche Bank AG (4/23/15).

See here to read the Statement of Facts, Exhibit 3 to the Plea Agreement in U.S. v. DB Group Services UK Limited (4/23/15).

See here to read the DOJ Press Release dated 4/23/15 entitled “Deutsche Bank’s London Subsidiary Agrees to Plead Guilty in Connection with Long-Running Manipulation of LIBOR.”

See here to read the DOJ Press Release dated 4/23/15 entitled “Assistant Attorney General Leslie R. Caldwell Delivers Remarks for the Deutsche Bank Manipulation of Libor Conference Call.”

For more on this matter, read (1) the DOJ Press Release dated 4/23/15 entitled “Assistant Attorney General Bill Baer Delivers Remarks for the Deutsche Bank Manipulation of Libor Conference Call,” (2) the Plea Agreement in U.S. v. DB Group Services UK Limited (4/23/15), and (3) the DOJ’s press release dated 5/20/15 entitled “Five Major Banks Agree to Parent-Level Guilty Pleas.”

Between a (Black)Rock and a Hard Place: BlackRock Advisors and Its Compliance Officer Settle with the SEC for Failing to Disclose Conflict of Interest

Why it matters: On April 20, 2015, the SEC announced that it had charged BlackRock Advisors LLC with breach of fiduciary duty for failing to disclose to clients and fund boards a conflict of interest created by the outside business activity of one of its top-performing portfolio managers. BlackRock agreed to pay $12 million to the SEC to settle the charges. BlackRock’s former chief compliance officer was also found to be at fault and agreed to a $60,000 settlement. The case was the first brought under an SEC rule requiring investment advisors to report compliance violations.

Detailed discussion: The SEC announced on April 20, 2015 that Delaware-based financial manager BlackRock Advisors LLC (BlackRock) agreed to pay a $12 million penalty to settle charges that it had breached its fiduciary duty by failing to disclose to clients and fund boards a conflict of interest arising from the outside business activity of one of its top-performing portfolio managers. As part of the settlement, BlackRock also agreed to engage an independent compliance professional to conduct an internal review of BlackRock’s written policies and procedures relating to the outside activities of BlackRock employees. BlackRock’s former chief compliance officer, Bartholomew A. Battista (Battista), was separately charged and agreed to pay $60,000 in settlement.

“This is the first SEC case to charge violations of Rule 38a-1 for failing to report a material compliance matter such as violations of the adviser’s policies and procedures to a fund board,” said Julie M. Riewe, Co-Chief of the SEC Enforcement Division’s Asset Management Unit.

A brief recap of the findings contained in the SEC’s order: In January 2007, one of BlackRock’s portfolio managers, Daniel J. Rice III (Rice), formed family-owned and operated oil-and-natural gas company Rice Energy L.P. (Rice Energy) at the same time as Rice was managing energy-focused funds and separately managed accounts at BlackRock. Rice personally invested approximately $50 million in Rice Energy and was its general partner; his three sons were the CEO, CFO and a VP. The SEC found all of this to be in violation of BlackRock’s private investment policy. In early 2010, Rice Energy formed a joint venture with publicly-traded coal company Alpha Natural Resources, Inc. (“ANR”). By June 2011, ANR stock was, at 9.4%, the largest holding in the $1.7 billion BlackRock Energy & Resources Portfolio, which was managed by Rice.

The findings show that BlackRock’s senior executives, including Battista, were told about Rice’s investment and involvement in Rice Energy as early as January 2007, and that BlackRock’s legal and compliance departments reviewed the matter, but no conflict of interest was found and no disclosures were made to any of the boards of Rice’s managed funds or his advisory clients. The findings also show that, from January 2007 to January 2010, BlackRock did not monitor or reassess Rice’s activities with respect to Rice Energy. In January 2010, Rice informed BlackRock that he intended to go on the board of directors of the Rice Energy-ANR joint venture. The legal and compliance department again reviewed the situation and this time issued a memorandum highlighting the conflicts of interest arising from Rice’s involvement in the joint venture and investment in and access to information about a company (ANR) that is held by funds he manages. BlackRock nonetheless permitted Rice to continue with his activities so long as he agreed to certain parameters, such as not joining the joint venture’s board and pre-clearing with BlackRock any future Rice Energy-related board positions he intended to take. Again, no disclosures were made to any boards of Rice-managed funds or advisory clients, and Rice’s activities were not monitored or followed up on by the company going forward, even though the findings show that Rice raised with and got approval from certain senior BlackRock executives for Rice Energy, related transactions through December 2011. On June 1, 2012, the Wall Street Journal published the first of three articles detailing Rice’s connection to Rice Energy and his simultaneous role as an energy sector portfolio manager at BlackRock.

The SEC found that BlackRock breached its fiduciary duty by failing to disclose to the boards of the Rice-managed funds and advisory clients the conflict of interest created when BlackRock permitted Rice to “form, invest, and participate in [Rice Energy] while Rice was simultaneously managing several billion dollars in energy sector assets held in BlackRock funds and separate accounts… The conflict of interest became more acute once Rice Energy finalized its joint venture with ANR, as the Rice-managed funds and separate accounts held significant positions in ANR stock.”

The SEC also found that BlackRock failed to adopt and implement written compliance and disclosure policies and procedures regarding the outside activities of employees as required by the Advisers Act and its rules. Moreover, the SEC found that these “compliance-related violations” were specifically “caused” by chief compliance officer Battista: “As BlackRock’s CCO, Battista was responsible for the design and implementation of BlackRock’s written policies and procedures reasonably designed to prevent violations of the Advisers Act and its rules. Battista knew and approved of numerous outside activities engaged in by BlackRock employees (including Rice), but did not recommend written policies and procedures to assess and monitor those outside activities and to disclose conflicts of interest to the funds’ boards and implement to advisory clients. As such, Battista caused BlackRock’s failure to adopt and these policies and procedures.”

The SEC further found that BlackRock and Battista “knew or should have known” that Rice’s violation of BlackRock’s private investment policy was a “material compliance matter” that had not been reported to the boards of BlackRock’s registered funds, and that BlackRock and Battista “caused” that reporting failure, in violation of Rule 38a-1 under the Investment Company Act.

In addition to paying the $12 million penalty, BlackRock is required to engage an “Independent Compliance Consultant” to conduct a “comprehensive review” of BlackRock’s written policies and procedures “regarding the outside activities of BlackRock employees and any conflicts of interest derived therefrom” to ensure compliance with the relevant provisions of the Advisers Act and the Investment Company Act.

See here to read the SEC’s press release dated 4/20/15 entitled “SEC Charges BlackRock Advisors With Failing to Disclose Conflict of Interest to Clients and Fund Boards.”

See here to read the SEC’s Order In the Matter of BlackRock Advisors, LLC and Bartholomew A. Battista (4/20/15)

Judge Leon, Meet the Fokker: Court Shoots Down DPA

Why it matters: On February 5, 2015, Judge Richard J. Leon of the D.C. District Court rejected a proposed DPA that had been submitted for his approval in the government’s sanctions violations case against Fokker Services B.V., deeming it to be “anemic.” Was this “second-guessing” an appropriate use of the Court’s supervisory power? Judge Leon says yes, and now the D.C. Circuit will decide.

Detailed discussion: On June 5, 2014, the DOJ charged Dutch aerospace services provider Fokker Services B.V. (Fokker) with sanctions violations for facilitating, over the course of a five-year period commencing in 2005, more than 1100 shipments of aircraft and naval vehicle parts to embargoed countries Iran, Sudan and Burma. Some of those aircraft parts were manufactured in the U.S., making Fokker subject to the U.S. sanctions laws. The DOJ negotiated an 18-month DPA with Fokker under which Fokker agreed to pay a fine of $10.5 million, implement new compliance procedures and comply with the U.S. sanctions laws. The DPA was then filed with the D.C. District Court for approval, as required by the Speedy Trial Act, since the DPA contemplates filing and deferral of criminal charges.

On February 5, 2015, Judge Leon rejected the DPA and sent the parties back to the drawing board. Before getting to the specific facts of the case, the Judge established that approval or rejection of the DPA was within the valid exercise of his supervisory powers. Both the government and Fokker had argued that the court was required to approve the DPA except in limited circumstances where it determines that the defendant didn’t enter into the agreement “willingly or knowingly” or that it was entered into solely to circumvent the Speedy Trial Act. The Judge disagreed, saying “[u]nfortunately for the parties, the Court’s role is not quite so restricted.” The Judge added that his role was not just to serve as a “rubber stamp” (as he believed the parties wanted), but that “[w]hen, as here, the mechanism chosen by the parties to resolve charged criminal activity requires Court approval, it is this Court’s duty to consider carefully whether that approval should be given.”

The Judge cited as precedent the case of United States v. HSBC Bank USA, N.A. and HSBC Holdings PLC (12-CR-763) (E.D.N.Y. 2013), saying that “[m]y fellow District Judge in the Eastern District of New York, Judge John Gleeson, addressed this very issue last year, and I agree with his well-reasoned conclusion” that it is within the supervisory powers of the district court to approve or reject a DPA. In the HSBC case, that court was asked to approve a “heavily publicly criticized” DPA that had been filed by the government in connection with money laundering and sanctions violations charges against two HSBC entities. The government there had argued that the Judge’s sole duty with respect to the DPA was to determine whether it was being entered into to circumvent the Speedy Trial Act, and, if not, then deference to the government should be given and the DPA should be approved without the Judge ever looking at the substance of the agreement. Judge Gleeson disagreed with this argument, finding that “[t]his Court has authority to approve or reject the DPA pursuant to its supervisory power.” The Judge acknowledged that the Speedy Trial Act “is silent as to the standard the court should employ” when evaluating whether to grant its approval of a DPA, and that “[c]ase law on this point is barren both in the Second Circuit and in other Circuits.” He therefore relied on case law involving the courts’ supervisory powers generally as the basis for his decision that such powers applied in the context of DPA approval or rejection, and used this admittedly “novel” exercise of his supervisory powers to, in that case, approve the DPA.

Back to the Fokker case. After determining that it was within his supervisory powers to approve or reject the DPA, and acknowledging that “I do not undertake this review lightly. I am well aware, and agree completely, that our supervisory powers are to be exercised ‘sparingly,’” the Judge analyzed the facts of the Fokker case in the context of the proposed DPA. The Judge found “egregious conduct over a sustained period of time” on the part of Fokker that was “knowing and willful…orchestrated at the highest levels of the company” largely for the benefit of “Iran and its military during the post-9/11 world.” He found the DPA term of “only eighteen months” to be too short, and took issue with the relatively low monetary fine of $10.5 million given Fokker’s earned revenues of approximately $21 million during the relevant time period. He also took issue with the fact that no individuals were being prosecuted and that many employees directly involved in the illegal activity were still employed by the company. Lastly, the Judge was concerned about the lack of an independent monitor or the requirement of periodic reports to verify the company’s compliance with U.S. laws during this “very brief 18-month period,” stating that “the Court is being left to rely solely on the self-reporting of Fokker Services. One can only imagine how a company with such a long track record of deceit and illegal behavior ever convinced the Department of Justice to agree to that!”

For all of these reasons, the Judge rejected the DPA as not constituting “an appropriate exercise of prosecutorial discretion.” The Judge felt it to be “grossly disproportionate to the gravity of Fokker Services’ conduct in a post-9/11 world” and that it would undermine the public’s confidence in the judicial system “to see a defendant prosecuted so anemically for engaging in such egregious conduct for such a sustained period of time and for the benefit of one of our country’s worst enemies.” The Judge stated, however, that while he was rejecting the DPA in its “current form,” he would be open to considering a modified version, but he would expect it to contain, at the very minimum, “a fine that exceeded the amount of revenue generated, a probationary period longer than 18 months, and a monitor trusted by the Court to verify for it and the Government both that this rogue company truly is on the path to complete compliance.”

The government appealed the Fokker case to the D.C. Circuit on March 9, 2015, and it will be interesting to see how the D.C. Circuit rules on this new issue before it. The D.C. Circuit may look for guidance to the Second Circuit’s decision in SEC v. Citigroup Global Markets, Inc., 752 F.3d 285 (2nd Cir. 2014), where that Court addressed the issue on appeal of the proper standard a district court should use when evaluating an SEC consent decree. The Court vacated District Court Judge Jed S. Rakoff’s decision rejecting the SEC consent decree that had been submitted for his approval, finding that he had abused his discretion by applying an incorrect legal standard to the decree that included, in part, assessing the decree’s “adequacy” and requiring that the SEC establish the “truth” of its allegations against Citigroup as a condition of approval of the settlement. The Second Circuit ruled that the “proper standard for reviewing a proposed consent judgment involving an enforcement agency requires that the district court determine whether the proposed consent decree is fair and reasonable, with the additional requirement that the ‘public interest would not be disserved’…in the event that the consent decree includes injunctive relief. Absent a substantial basis in the record for concluding that the proposed consent decree does not meet these requirements, the district court is required to enter the order.” Query whether Judge Leon’s rejection of the Fokker DPA would stand if this standard were to be applied.

Speaking on April 28, 2015 at a PLI panel entitled “Financial Services Cases and Their Implications,” Principal Deputy Attorney General Marshall Miller referred specifically to the Fokker case when he said that “there’s some uncertainty, when one enters into a DPA, of what you’re getting when you file it with the court.” The D.C. Circuit’s decision on the Fokker appeal will hopefully help clear up this uncertainty.

See here to read the decision in U.S. v. Fokker Services B.V. (14-cr-121) (D.D.C. 2015).

See here to read the decision in U.S. v. HSBC Bank U.S.A., N.A. and HSBC Holdings PLC (12-cr-763), (2013 WL 3306161) (E.D.N.Y. 2013).

See here to read the decision in SEC v. Citigroup Global Markets Inc., 752 F.3d 285 (2nd Cir. 2014).

For more on this matter, refer to PLI Panel Discussion “Financial Services Cases and Their Implications” (4/28/15)

Will Ripple Have a Ripple Effect? Government Announces Settlement in Concurrent Criminal and Civil Enforcement Actions Against Virtual Currency Exchanger

Why it matters: On May 5, 2015, the DOJ announced that it had entered into a settlement agreement with virtual currency exchanger Ripple Labs, Inc. and its subsidiary to resolve allegations that the company failed to register as a money services business with FinCen and failed to establish both an appropriate anti-money laundering program and procedures to report suspicious activity as required by the Bank Secrecy Act. The settlement arose from coordinated criminal and civil enforcement actions involving the DOJ, IRS and FinCen, and constituted the first civil enforcement action by FinCen against a virtual currency exchange. Which raises the question: Will this settlement have a Ripple effect in the virtual currency industry?

Detailed discussion: On May 5, 2015, the DOJ announced that it had entered into a three-year settlement agreement with San Francisco-based virtual currency exchanger Ripple Labs Inc. (Ripple) and its wholly-owned subsidiary XRP II LLC (XRP II), to resolve criminal allegations that Ripple and XRP II violated the Bank Secrecy Act (BSA) when they failed to register their virtual currency exchange company as a money services business (MSB) with FinCen and failed to institute and maintain both an appropriate anti-money laundering (AML) program and procedures to report suspicious financial transactions. The settlement agreement requires Ripple to pay FinCen a civil money penalty of $700,000 and the U.S. Attorney’s Office a forfeiture amount of $450,000 (the forfeiture amount is “deemed creditable” toward FinCen’s civil money penalty). Ripple and XRP II must also institute a series of substantial remedial measures and cooperate with the government in other investigations. The criminal enforcement action against Ripple was conducted jointly by the U.S. Attorney’s Office in San Francisco and the IRS’s Criminal Investigation Division, while FinCEN conducted a parallel civil enforcement action. In a separate press release on May 5, FinCen emphasized that this was its first civil enforcement action against a virtual currency exchanger.

The agreed Statement of Facts set forth in an attachment to the settlement agreement details that, in March and April 2013, Ripple engaged in the exchange of its “pre-mined” virtual currency known as “XRP.” In August 2013, Ripple began running its virtual currency business through its wholly-owned subsidiary XRP II. The findings show that, as of 2015, XRP is the second-largest “cryptocurrency” by market capitalization, behind only Bitcoin.

Relevant to the government investigation, Ripple defined itself in federal court filings in an unrelated case as “a currency exchange service providing on-line, real-time currency trading and cash management…[it] facilitates the transfers of electronic cash equivalents and provides virtual currency exchange transaction services for transferrable electronic cash equivalent units having a specified cash value.”

In February 2013, FinCen released guidance specifically clarifying that virtual currency “exchangers” and “administrators” are money service businesses (MSBs) that are subject to the requirements of the BSA and are required to register with FinCen. Moreover, the BSA requires MSBs, whether registered with FinCen or not, to “develop, implement and maintain” an effective AML program (including “Know-Your-Customer/Know-Your-Counterparty procedures), as well as suspicious activity reporting procedures under the Funds Transfer and Funds Travel Rules.

The findings show that during the time it was operating as a virtual currency exchanger in March and April 2013, Ripple did not register with FinCen as an MSB, nor did it have an AML program or suspicious activity reporting procedures in place, despite facilitating multiple XRP transactions exceeding $1.3 million. Ripple formed its subsidiary XRP II in July 2013 and began running its virtual currency exchange business through it by the beginning of August 2013; however, XRP II was not registered as an MSB with FinCen until September 4, 2013. XRP II was also found to have failed to (1) develop a written AML program until late-September 2013, (2) hire an AML compliance officer until January 2014, or (3) conduct an AML risk assessment until March 2014. The findings also show that it wasn’t until approximately August 2014, i.e., a full year after XRP II began conducting its virtual currency business and only after Ripple had learned that it was the subject of a federal criminal investigation, that XRP II began training employees and conducting an independent review of its AML program. During that same time, XRP II was also found to have failed to file suspicious activity reports under the BSA Funds Transfer and Travel Rules when such filings were clearly warranted.

In addition to paying the penalty and forfeiture amount totaling $700,000, Ripple and XRP II are also obligated under the settlement agreement to take extensive remedial measures, including (1) “migrating” their XRP currency exchange service known as “Ripple Trade” (formerly “Ripple Wallet”) to an MSB that is registered with FinCen, (2) implementing and maintaining an effective AML program, hiring an AML compliance officer and creating an effective AML employee training program, (3) submitting to three separate audits (in 2015, 2018 and 2020) of the company’s BSA compliance programs to be conducted by an independent, external reviewer, and (4) conducting a “look-back” for suspicious activity within the prior three years and instituting and maintaining procedures for transaction monitoring and suspicious activity reporting going forward in compliance with the Funds Transfer and Funds Travel Rules.

The fact that this settlement occurred in the uncharted waters of the growing virtual currency industry did not go uncommented on. As U.S. Attorney for the Northern District of California Melinda Haag said in the press release, “[w]e hope that this sets an industry standard in the important new space of digital currency.” FinCen Director Jennifer Shasky Calvery added that “[v]irtual currency exchangers must bring products to market that comply with our anti-money laundering laws… Innovation is laudable but only as long as it does not unreasonably expose our financial system to tech-smart criminals eager to abuse the latest and most complex products.” In addition, Chief Richard Weber of the IRS Criminal Investigation Division invoked images of sheriffs versus gunslingers in the old American West when he said that “[u]nregulated, virtual currency opens the door for criminals to anonymously conduct illegal activities online, eroding our financial systems and creating a Wild West environment where following the law is a choice rather than a requirement.”

On May 6, the day after the announcement of the Ripple settlement, FinCen Director Calvery spoke at the West Coast AML Forum in San Francisco, expounding on the Ripple enforcement action and FinCen’s ongoing efforts to investigate and reign in the developing virtual currency industry. She implied that there may be more such enforcement actions in the works, saying that “FinCEN recently launched a series of supervisory examinations of businesses in the virtual currency industry…these exams will help FinCEN determine whether virtual currency exchangers and administrators are meeting their compliance obligations under the applicable rules. Where we identify problems, we will use our supervisory and enforcement authorities to appropriately penalize non-compliance and drive compliance improvements.” A ripple effect, indeed.

See here to read the DOJ press release dated 5/5/15 entitled “Ripple Labs Inc. Resolves Criminal Investigation.”

See here to read the Settlement Agreement dated 5/5/15 between the U.S. and Ripple Labs Inc., including Statement of Facts and Violations attached as Attachment A.

For more on this matter, refer to the following:

FinCen press release dated 5/5/15 entitled “FinCen Fines Ripple Labs Inc. in First Civil Enforcement Action Against a Virtual Currency Exchanger.”

Remarks of FinCen Director Jennifer Shasky Calvery at the West Coast AML Forum on 5/5/15.

Whistle While You Work: April Showers Bring Big Whistleblower Awards, Some to Compliance Officers

Why it matters: The government is paying out big money to individuals who report corporate wrongdoing under various whistleblower programs. In April, the SEC and the DOJ announced that they were paying an aggregate amount exceeding $8 million to whistleblowers in three separate cases. In addition, a whistleblower in the “Flash Crash” prosecution announced on April 21 that he or she stands to gain millions if a claim made under the CFTC’s whistleblower program ultimately proves successful.

Detailed discussion: In April, the SEC and the DOJ announced they were paying out an aggregate of over $8 million to whistleblowers in three separate actions. Moreover, a lawyer for the alleged whistleblower in the high profile “Flash Crash” case announced on April 21 stands to be rewarded with millions if a claim is successfully made under the CFTC’s whistleblower program.

SEC Awards: Since the inception of the SEC’s whistleblower program—created by the 2010 Dodd-Frank reforms and launched in 2011—the SEC has paid more than $50 million to 16 whistleblowers who provided the SEC with (as alternately described in SEC press releases) “unique and useful” and “high-quality, original” information that contributed to successful enforcement actions in those cases. In April, the SEC announced that it was awarding a combined amount exceeding $2 million to two additional whistleblowers (bringing the total number of such awards up to 18).

First, a brief primer on the mechanics of the SEC’s whistleblower program: Whistleblower awards can range from 10%-30% of the money collected by the SEC in a successful enforcement action with sanctions exceeding $1 million. All rewards are paid out of an investor protection fund established by Congress that is comprised entirely of monetary sanctions paid to the SEC through enforcement actions. The SEC is required by law to keep the identity of whistleblowers confidential and cannot disclose information about them that could directly or indirectly reveal their identities.

On April 22, 2015, the SEC announced that it would be paying an award in the range of $1.4 million to $1.6 million to a corporate compliance officer “who provided information that assisted the SEC in an enforcement action against the whistleblower’s company.” In that case, the award involved a compliance officer who had a “reasonable basis” to believe that alerting the SEC about wrongful goings-on at his company was “necessary to prevent imminent misconduct from causing substantial financial harm to the company or investors.” The press release pointed out that this was the second whistleblower award it had paid out to compliance personnel, referring to the award of over $300,000 it announced on August 14, 2014 to a compliance/internal audit employee who reported corporate wrongdoing to the SEC. As SEC Enforcement Director Andrew Ceresney said in the April 22 press release, “[w]hen investors or the market could suffer substantial financial harm, our rules permit compliance officers to receive an award for reporting misconduct to the SEC… This compliance officer reported misconduct after responsible management at the entity became aware of potentially impending harm to investors and failed to take steps to prevent it.”

On April 28, 2015, the SEC announced that it was paying a whistleblower award of over $600,000 in connection with what it described as its “first retaliation case.” The award constituted the maximum whistleblower award payment possible of 30% of the monetary sanctions collected in connection with In the Matter of Paradigm Capital Management, Inc. and Candace King Weir, File No. 3-15930 (June 16, 2014). The SEC stated in its press release that the whistleblower in this case “suffered unique hardships, including retaliation, as a result of reporting to the Commission.” The retaliation against the whistleblower included removal from then-current job position, stripping of supervisory responsibilities, changing of job function (from head trader to compliance officer), and otherwise “marginalizing” the whistleblower. SEC Enforcement Director Ceresney was again quoted in the press release, saying that “[w]e appreciate and recognize the sacrifice this whistleblower made and the important role the whistleblower played in the success of the SEC’s first anti-retaliation enforcement action.” Sean McKessey, Chief of the SEC’s Office of the Whistleblower, added that “[m]y hope is that the award today encourages potential whistleblowers to come forward in light of our demonstrated commitment to protect them against retaliatory conduct and make significant financial awards to whistleblowers who suffer employment hardships as a result of reporting possible securities law violations.”

On April 30, SEC Chair Mary Jo White gave a speech at the Corporate and Securities Law Institute at Northwestern University School of Law entitled “The SEC as the Whistleblower’s Friend” where she reviewed the 4-year history of the SEC’s whistleblower program and lauded its increasing success, saying that “it is past time to stop wringing our hands about whistleblowers. They provide an invaluable public service, and they should be supported. And, we at the SEC increasingly see ourselves as the whistleblower’s advocate.”

DOJ False Claims Act Qui Tam Award: To briefly recap, the qui tam provisions of the FCA permit private citizens to bring lawsuits on behalf of the government and share in any recovery.

On April 21, 2015, the DOJ announced that three cardiologists would be splitting a whistleblower award of almost $6 million in connection with the settlement of a lawsuit they had brought under the qui tam provisions of the FCA against Citizens Medical Center, a county-owned hospital in Victoria, Texas. In the settlement, Citizens Medical Center agreed to pay the government over $21.7 million to resolve allegations that it violated both the Stark Act and the FCA by engaging in improper financial relationships with referring physicians, which included paying cardiologists amounts in excess of the fair market value of their services and paying bonuses to emergency room doctors that didn’t take into account their cardiology referrals. The nearly $6 million dollar qui tam whistleblower award represents a percentage of the $21.7 million settlement amount and will be shared by the three whistleblowers.

On April 9, 2015, Health Diagnostics Laboratory and Singulex Inc., both cardiovascular disease testing labs based in Virginia and California, respectively, agreed to pay the government a combined total of $48.5 million to resolve allegations that they had violated the anti-kickback provisions of the FCA by paying physicians in exchange for patient referrals and billing federal health care programs for medically unnecessary testing. The case arose from three related qui tam whistleblower lawsuits, but the whistleblowers’ share of the settlement has not yet been determined.

Possible CFTC Award?: A whistleblower in the “Flash Crash” case has come forward. On April 21, 2015, the CFTC and the DOJ both issued press releases announcing the arrest of a U.K. futures trader by the name of Navinder Singh Sarao, who’s long-term “dynamic layering” manipulation via automated trading program of the market for E-Mini S&P 500 futures contracts on the Chicago Mercantile Exchange allegedly contributed to a drop in the U.S. stock market of over 600 points in a five minute span on May 6, 2010, an incident that came to be known as the “Flash Crash.” Sarao is alleged to have gained over $40 million in illegal profits from his manipulation scheme. The CFTC civil enforcement action complaint, filed under seal in Illinois district court on April 17 and unsealed upon Sarao’s April 21 arrest, charged Sarao and his eponymous firm with market manipulation, attempted market manipulation, and “spoofing” (a practice of bidding or offering with the intent to cancel the bid or offer prior to execution). The DOJ’s criminal complaint, which had been filed under seal with the Illinois district court on February 11, was similarly unsealed upon Sarao’s arrest and also charged Sarao and his firm with spoofing as well as wire fraud, commodities fraud, and commodities manipulation.

Also on April 21, the attorney representing an anonymous whistleblower stated that, “after hundreds of hours spent analyzing data and other information,” his client provided the CFTC with “original analysis” that led to Sarao’s arrest, adding that “[o]ur anonymous whistleblower client stands as a testament to the indispensable role whistleblowers play in detecting and reporting market manipulation and other forms of financial fraud.” The CFTC’s whistleblower program, also created by the Dodd-Frank reforms in 2010, is almost identical to that of the SEC—whistleblowers who provide “high quality” information to the CFTC that leads to a successful enforcement action with sanctions in excess of $1 million are eligible for 10%-30% of the money collected. Unlike the SEC, which, as pointed out above, has given out in excess of $50 million in 18 whistleblower awards since 2011, the CFTC only gave its first award of $240,000 in 2014. At any rate, the Flash Crash whistleblower stands to gain millions under the CFTC’s whistleblower program if the CFTC determines that the “original analysis” provided to the CFTC proved to be instrumental in a successful enforcement action against Sarao.

The take-away from April’s abundance of whistleblower awards? Look to more claims being made in the future under the government’s various whistleblower programs as huge awards incentivize individuals to report corporate wrong-doing.

See here to read the SEC’s press release dated 4/22/15 entitled “SEC Announces Million-Dollar Whistleblower Award to Compliance Officer.”

See here to read the SEC’s press release dated 4/28/15 entitled “SEC Announces Award to Whistleblower in First Retaliation Case.”

See here to read the DOJ’s press release dated 4/21/15 entitled “Texas-Based Citizens Medical Center Agrees to Pay United States $21.75 Million to Settle Alleged False Claims Act Violations.”

See here to read the press release dated 4/21/15 issued by the “Flash Crash” whistleblower’s attorneys Hagens Berman entitled “Hagens Berman CFTC Whistleblower Helps CFTC and DOJ Bring Charges Against Flash Crash Market Spoofing Fraudster.”

For more on this matter, read the following:

The CFTC’s press release dated 4/21/15 entitled “CFTC Charges U.K. Resident Navinder Singh Sarao and His Company Nav Sarao Futures Limited PLC with Price Manipulation and Spoofing.”

Order Determining Whistleblower Award Claim in connection with In the Matter of Paradigm Capital Management, Inc. and Candace King Weir, File No. 3-15930 (6/16/14).

Speech given by SEC Chair Mary Jo White on 4/30/15 entitled “The SEC as the Whistleblower’s Advocate.”

DOJ’s press release dated 4/9/15 entitled “Two Cardiovascular Disease Testing Laboratories to Pay $48.5 Million to Settle Claims of Paying Kickbacks and Conducting Unnecessary Testing.”

Keeping an Eye Out—Updates and Briefly Noted

DOJ announced guilty pleas to antitrust violations by Citicorp, JPMorgan Chase & Co., Barclays PLC and The Royal Bank of Scotland for conspiring to rig the FOREX market and imposed fines and penalties in excess of $2.5 billion. At the same time, the Federal Reserve Bank announced that six banks would pay a total of $1.8 billion in fines for “unsafe and unsound practices” in the FOREX market. The DOJ also announced that UBS AG breached its 2012 NPA and is pleading guilty to LIBOR manipulation, paying a penalty of $203 million in addition to the over $1.5 billion paid by UBS and its Japanese subsidiary to the DOJ, CFTC, UK FCA and FINMA when it entered into the NPA (5/20/15).

Assistant Attorney General Leslie Caldwell spoke about cybersecurity at the Georgetown Cybersecurity Law Institute (5/20/15) and about corporate accountability at the 10th Annual Compliance Week Conference (5/19/15).

Second (Vadian Bank AG) and Third (Finter Bank Zurich AG) Swiss banks reached resolution with the DOJ under its Swiss Bank Program (5/8/15 and 5/16/15).

Assistant Attorney General Caldwell spoke about health care fraud investigations at the ABA 25th Annual National Institute on Health Care Fraud (5/14/15).

SEC Enforcement Director Andrew Ceresney spoke about SEC’s company cooperation program at the University of Texas School of Law’s Government Enforcement Institute (5/13/15).

Court accepted Schlumberger’s guilty plea in connection with sanctions violations (5/7/15).

BNP Paribas was sentenced to five years’ probation and a $9 billion penalty for sanctions violations (5/2/15).

SEC released guidelines entitled “Division of Enforcement Approach to Forum Selection in Contested Actions”(5/8/15) and filed a motion to dismiss for lack of subject matter jurisdiction in Gray Financial Group v. SEC (case challenging the constitutionality of SEC administrative hearings) (4/30/15).

DOJ Cybersecurity Unit released guidelines entitled “Best Practices for Victim Response and Reporting of Cyber Incidents” (4/29/15).

HHS OIG, AHLA, AHIA and HCCA jointly released a resource guide entitled “Practical Guidance for Health Care Governing Boards on Compliance Oversight” (4/20/15).

Assistant Attorney General Caldwell spoke about corporate compliance at NYU Law School’s Program on Corporate Compliance and Enforcement (4/17/15).

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Written by:

Manatt, Phelps & Phillips, LLP

Manatt, Phelps & Phillips, LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide

JD Supra Privacy Policy

Updated: May 25, 2018:

JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.

This Privacy Policy describes how JD Supra, LLC ("JD Supra" or "we," "us," or "our") collects, uses and shares personal data collected from visitors to our website (located at (our "Website") who view only publicly-available content as well as subscribers to our services (such as our email digests or author tools)(our "Services"). By using our Website and registering for one of our Services, you are agreeing to the terms of this Privacy Policy.

Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the "My Account" dashboard (available if you are logged into your JD Supra account).

Collection of Information

Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account ("Registration Data"), such as your:

  • Email
  • First Name
  • Last Name
  • Company Name
  • Company Industry
  • Title
  • Country

Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.

Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.

Your interactions with our Website and Services: As is true of most websites, we gather certain information automatically. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information to analyze trends, to administer the Website and our Services, to improve the content and performance of our Website and Services, and to track users' movements around the site. We may also link this automatically-collected data to personal information, for example, to inform authors about who has read their articles. Some of this data is collected through information sent by your web browser. We also use cookies and other tracking technologies to collect this information. To learn more about cookies and other tracking technologies that JD Supra may use on our Website and Services please see our "Cookies Guide" page.

How do we use this information?

We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:

  • Operate our Website and Services and publish content;
  • Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
  • Measure readership and usage of the Website and Services;
  • Communicate with you regarding your questions and requests;
  • Authenticate users and to provide for the safety and security of our Website and Services;
  • Conduct research and similar activities to improve our Website and Services; and
  • Comply with our legal and regulatory responsibilities and to enforce our rights.

How is your information shared?

  • Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
  • If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
  • Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
  • Our Website may offer you the opportunity to share information through our Website, such as through Facebook's "Like" or Twitter's "Tweet" button. We offer this functionality to help generate interest in our Website and content and to permit you to recommend content to your contacts. You should be aware that sharing through such functionality may result in information being collected by the applicable social media network and possibly being made publicly available (for example, through a search engine). Any such information collection would be subject to such third party social media network's privacy policy.
  • Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
  • Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.

How We Protect Your Information

JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at

Children's Information

Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.

Information for EU and Swiss Residents

JD Supra's principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.

  • Our Legal Basis for Processing: Generally, we rely on our legitimate interests in order to process your personal information. For example, we rely on this legal ground if we use your personal information to manage your Registration Data and administer our relationship with you; to deliver our Website and Services; understand and improve our Website and Services; report reader analytics to our authors; to personalize your experience on our Website and Services; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. Please see Article 6(1)(f) of the E.U. General Data Protection Regulation ("GDPR") In addition, there may be other situations where other grounds for processing may exist, such as where processing is a result of legal requirements (GDPR Article 6(1)(c)) or for reasons of public interest (GDPR Article 6(1)(e)). Please see the "Your Rights" section of this Privacy Policy immediately below for more information about how you may request that we limit or refrain from processing your personal information.
  • Your Rights
    • Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
    • Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
    • Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.

You can make a request to exercise any of these rights by emailing us at or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

You can also manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard.

We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use "automatic decision making" or "profiling" as those terms are defined in the GDPR.

  • Timeframe for retaining your personal information: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. For example, if you are an author, your personal information may continue to be published in connection with your article indefinitely. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • Onward Transfer to Third Parties: As noted in the "How We Share Your Data" Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can make a request for this information by emailing us at or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.

Access/Correct/Update/Delete Personal Information

For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to

Changes in Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our Privacy Policy will become effective upon posting of the revised policy on the Website. By continuing to use our Website and Services following such changes, you will be deemed to have agreed to such changes.

Contacting JD Supra

If you have any questions about this Privacy Policy, the practices of this site, your dealings with our Website or Services, or if you would like to change any of the information you have provided to us, please contact us at:

JD Supra Cookie Guide

As with many websites, JD Supra's website (located at (our "Website") and our services (such as our email article digests)(our "Services") use a standard technology called a "cookie" and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.

How We Use Cookies and Other Tracking Technologies

We use cookies and other tracking technologies to:

  1. Improve the user experience on our Website and Services;
  2. Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user's login session and requires a valid username and password to obtain. It is required to access the user's profile information, subscriptions, and analytics;
  3. Track anonymous site usage; and
  4. Permit connectivity with social media networks to permit content sharing.

There are different types of cookies and other technologies used our Website, notably:

  • "Session cookies" - These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
  • "Persistent cookies" - These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
  • "Web Beacons/Pixels" - Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.

JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:

  • HubSpot - For more information about HubSpot cookies, please visit
  • New Relic - For more information on New Relic cookies, please visit
  • Google Analytics - For more information on Google Analytics cookies, visit To opt-out of being tracked by Google Analytics across all websites visit This will allow you to download and install a Google Analytics cookie-free web browser.

Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the "Like," "Tweet," or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.

Controlling and Deleting Cookies

If you would like to change how a browser uses cookies, including blocking or deleting cookies from the JD Supra Website and Services you can do so by changing the settings in your web browser. To control cookies, most browsers allow you to either accept or reject all cookies, only accept certain types of cookies, or prompt you every time a site wishes to save a cookie. It's also easy to delete cookies that are already saved on your device by a browser.

The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser's "Help" function or alternatively, you can visit which explains, step-by-step, how to control and delete cookies in most browsers.

Updates to This Policy

We may update this cookie policy and our Privacy Policy from time-to-time, particularly as technology changes. You can always check this page for the latest version. We may also notify you of changes to our privacy policy by email.

Contacting JD Supra

If you have any questions about how we use cookies and other tracking technologies, please contact us at:

- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.