Mar. 29, 2023

DOJ’s Pilot Program on Clawbacks to Foster Individual Accountability Poses Challenges for Companies

The DOJ Criminal Division’s new pilot program on compensation incentives and clawbacks is intended both to increase personal accountability and inspire organizations to be more proactive in fostering compliance via compensation. The pilot is meant to “encourage companies who do not already factor compliance into compensation to retool their programs and get ahead of the curve,” said Deputy Attorney General Lisa Monaco when she announced the program in a speech on March 3. The three-year program, which became effective on March 15, requires companies to implement compliance-related criteria into their compensation and bonus systems when entering into criminal resolutions. The program also provides for possible fine reductions if corporations claw back compensation from culpable employees and those who had supervisory authority over them or who were “willfully blind” to the misconduct. Yet some defense counsel foresee potential roadblocks that might impede the pilot program’s effectiveness. See “2022 FCPA Year in Review: Clawbacks, Messaging Apps and More Enforcement to Come” (Dec. 21, 2022) and “Revised Monaco Memo Affects Compensation, Clawbacks and Monitorships” (Oct. 26, 2022).

Ericsson Pleads Guilty and Faces Other Consequences for Failing to Comply with 2019 DPA

Swedish-based multinational telecommunications company Ericsson has agreed to plead guilty to two charges originally deferred by a 2019 DPA: one count of conspiracy to violate the anti-bribery provisions of the FCPA and one count of conspiracy to violate the internal controls and books and records provisions of the FCPA and to pay an additional criminal penalty of $206,728,848 which includes the elimination of any cooperation credit originally awarded by the DPA. Ericsson will also be required to serve a term of probation through June 2024 and has agreed to a one-year extension of the independent compliance monitor.  See “Lessons from Telecom Giant Ericsson’s Billion-Dollar Record-Setting Deal” (Jan. 8, 2020).

How the New DOJ and PNF Corporate Enforcement Guidelines Affect Self-Reporting, Cooperation and Remediation

The first two months of 2023 have seen considerable corporate enforcement guidance announcements in both the United States and France. The DOJ issued revised guidance governing voluntary disclosures, cooperation, remediation, and evaluation of compliance programs. And the French National Prosecutor Office similarly announced new guidelines on its corporate enforcement efforts and negotiated resolutions. In this guest article, Dan Kahn, a partner at Davis Polk, and Sophie Scemla, a partner at Gidde Loyrette Nouel, explain that though there are differences in the agencies’ approaches to corporate enforcement, these differences are becoming increasingly smaller, and the similarities are growing larger. They discuss how these changes are important for companies to consider as they determine whether and when to voluntarily-self disclose identified misconduct, and how to approach cooperation and remediation. See “Insiders Tsao, Soltes and Kahn Share Insights on Investigations” (Jan. 4, 2023).

SEC Sanctions Goldman Sachs for Failing to Follow ESG Policies and Procedures

Taking into account environmental, social and governance factors in the investment process involves certain unique challenges, including inconsistent terminology, disparate methodologies and insufficient data. Nevertheless, a fundamental compliance rule continues to hold true for advisers that venture into ESG territory: “Say what you do, and do what you say.” Goldman Sachs Asset Management, L.P. (GSAM) recently ran afoul of that dictate on both counts. In a recently settled enforcement proceeding, the SEC claimed that GSAM failed to adopt appropriate policies and procedures for governing certain ESG products. Moreover, after it did adopt ESG policies and procedures, it failed to follow them. “Today’s action reinforces that investment advisers must develop and adhere to their policies and procedures over their investment processes, including ESG research, to ensure investors receive the advisory services they would expect to receive from an ESG investment,” said Andrew Dean, Co-Chief of the Enforcement Division’s Asset Management Unit in the SEC’s press release. This article details the alleged compliance shortcomings and the terms of the settlement. See “No Longer a Slap on the Wrist: SEC Penalties and Sentences on the Rise” (Jan. 18, 2023).

Lessons From Hive Ransomware Multinational Takedown: Coordination and Defensive Priorities

infrastructure of one of the most prolific and extremely active ransomware groups, Hive, responsible for many ransomware attacks, including against hospitals. With access to Hive’s computer networks since last summer, the FBI obtained decryption keys for 336 victims across the globe, preventing them from paying $130 million worth of demanded extortion payments – evidence of its ability to provide substantial assistance to victims of cybercrimes. In this second installment of our two-part article series, with insights from legal and cybersecurity experts, we offer measures to prevent these attacks and discuss the importance of coordination with law enforcement, including how it worked in this instance. Part one discussed the history and tactics of Hive, the takedown and contributing factors to the decline in ransomware. See our two-part series on a ransomware tabletop’s 360-degree incident response view: “Days One to Four” (Feb. 1, 2022); and “Day Five Through Post-Mortem” (Feb. 15, 2023).