476 Search Results

July 26, 2018 |
2018 Mid-Year FDA and Health Care Compliance and Enforcement Update – Providers

Click for PDF A year and a half into the new Administration, we are seeing new and shifting enforcement and regulatory trends in the health care provider space. While the staying power of these trends remains uncertain, it is increasingly clear that the Administration is implementing changes—including potentially significant ones—at each of the principal health care enforcement agencies. The first half of 2018 also saw notable case law developments on some of the most hot-button issues facing health care providers, helping to round out an eventful six months across the health care compliance and enforcement landscape. We cover all of these trends and developments in greater depth below. First, while the U.S. Department of Justice (“DOJ”) and U.S. Department of Health and Human Services (“HHS”) stepped up their opioid-related enforcement efforts, other areas of enforcement saw less aggressive pursuit over the past six months compared to the first half of 2017. Notably, DOJ gave several indications of letting up on affirmative enforcement actions, including with the release of then-Associate Attorney General Rachel Brand’s memorandum (the “Brand Memo”), which prohibits DOJ from using guidance documents and sub-regulatory actions to “create binding requirements that do not already exist by statute or regulation.” The Brand Memo and other recent DOJ pronouncements are particularly salient for health care providers, for whom enforcement actions can often be grounded in agency and contractor guidance. That said, if the degree of ongoing criminal and civil enforcement efforts related to opioids is any indication, we anticipate a very busy second half of 2018 for both DOJ and the HHS Office of Inspector General (“HHS OIG”), and the Administration may be poised for a net increase in resolution numbers in the second half of the year and into 2019, notwithstanding the let-up in other areas. Second, the first six months of 2018 also saw several notable case law developments that could have a lasting impact on health care providers. We report below on courts’ ongoing efforts to make sense of the implied certification basis for False Claims Act (“FCA”) liability recognized by the Supreme Court in Universal Health Services, Inc. v. United States ex rel. Escobar. We also survey key developments regarding FCA liability in cases where a difference of medical opinion underlies providers’ alleged liability, as well as courts’ recent approaches toward statistical sampling to prove liability and damages in FCA cases. Finally, we discuss recent regulatory and case law developments salient to two of the most important and prevalent issues for health care providers—the Anti-Kickback Statute (“AKS”) and the Stark Law. As always, a collection of Gibson Dunn’s recent publications and presentations on health care issues impacting providers may be found on our website. And, of course, we would be happy to discuss these developments—and their implications for your business—with you. I. DOJ Enforcement Activity A. False Claims Act Enforcement Activity Between January 1 and June 30, 2018, DOJ announced approximately $201 million in FCA recoveries through settlements with health care providers, significantly below the $817 million figure recovered by DOJ through settlements as of June 30, 2017.[1] This is likely due to the fact that in the first half of 2017, DOJ settled eight cases for more than $30 million (the approximate amount of the single highest settlement in the first half of 2018) including one for $155 million.[2] The total of forty health care provider settlements announced by DOJ during the first half of 2018 is also considerably lower than the fifty-four health care provider settlements announced during the first half of 2017, the forty-nine settlements announced during the first half of 2016, and the fifty-seven settlements announced during the first half of 2015. Given the long road most FCA matters take to resolution—the average FCA case can take two years or more to investigate before the government decides whether to pursue it—it is hard to tell if the lower number of settlements in the first half of 2018 compared to last year is a result of a change in DOJ policies or priorities. But there is reason to think providers may have success pushing back on aggressive FCA enforcement going forward, if the Brand Memo and related statements by DOJ are any indication. The January 25, 2018 Brand Memo cabined the ability of prosecutors to use non-compliance with agency guidance as the basis of an FCA claim.[3] Specifically, the Brand Memo prohibits (1) using non-compliance with other agencies’ “guidance documents as a basis for proving violations of applicable law” in affirmative civil enforcement cases, and (2) using an agency’s “enforcement authority to effectively convert agency guidance documents into binding rules.” The Brand Memo applies to administrative guidance issued by DOJ or any other executive agency. The Brand Memo may have particular relevance to providers in medical necessity cases, which frequently involve non-binding guidance and recommendations, such as where the government’s or relator’s theories are grounded in provisions of the Medical Benefit Policy Manual and/or contractors’ local coverage determinations (NCDs and LCDs). Although the memo’s author, Rachel Brand, has left DOJ, in a June speech, Acting Associate Attorney General Jesse Panuccio reiterated the Brand Memo’s importance to DOJ in its reform of FCA enforcement. As we described in more detail in our June 2018 Client Alert, he also highlighted other measures DOJ is undertaking, including formalizing cooperation credit processes, in an effort to improve FCA enforcement. We will continue to monitor these developments and settlement numbers and will report further in our 2018 Year-End Update. Notwithstanding the lower overall number of settlements, the FCA settlements announced so far this year have rested on the same mélange of legal theories as past years and have involved a number of different types of providers, including hospitals, clinics and single providers, skilled nursing and rehabilitation services, home health care services, and pharmacies. As indicated in the chart above, for the first half of 2018, the vast majority of FCA health care provider settlements have involved clinics and single providers; however, these settlements made up a disproportionately small amount of the financial recoveries—averaging roughly $2.3 million per case. Within this category, the majority of settlements have resolved actions primarily predicated on legal theories of services not provided (eleven cases), while smaller numbers of settlements included additional theories of medically unnecessary or unreasonable services (five cases), unqualified personnel providing care (four cases), upcoding (three cases), AKS claims (two cases), physician self-referral claims (one case), and the provision of sub-standard care (one case).[4] The second highest number of settlements were with “other” medical services, as depicted in the chart. These services included ambulance services, diagnostic laboratory testing, radiation services, ophthalmology services, intra-operative monitoring services, health management/mental health services, and wound care services. Consistent with the recent past, the most prevalent legal theory among health care provider settlements was that the provider had billed government health programs for items or services that were not medically necessary. In many of those cases, medical necessity was the sole underlying theory of liability, reflecting DOJ’s continued focus on issues of medical necessity. DOJ also commonly includes medical necessity allegations in broader and more complex allegations of misconduct. For example, an Arizona-headquartered health care organization, that owns and operates twenty-eight acute-care hospitals in multiple states, agreed to pay over $18 million to settle allegations that twelve of its hospitals in Arizona and Colorado had “knowingly submitted false claims to Medicare by admitting patients who could have been treated on a less costly outpatient basis.”[5] According to the press release, these twelve hospitals had knowingly overcharged Medicare patients for short-stay inpatient procedures that should have been billed on an outpatient basis. In addition to these medically unnecessary inpatient admissions, the hospitals allegedly provided falsified documentation in their reports to Medicare by artificially inflating the number of outpatient observation hours received by patients. In addition to the monetary settlement, the health care organization entered into a corporate integrity agreement with HHS OIG, requiring the company to engage in “significant compliance efforts” over the next five years, including retaining an independent review organization to review the accuracy of the company’s claims for services furnished to Medicaid and Medicare beneficiaries. Lack of medical necessity also served as the underlying legal theory in a settlement with a provider of opioids and other prescription pain killers, as part of the recent focus on cracking down on the nation’s opioid epidemic. In that case, a Tennessee chiropractor and his pain management company agreed to pay $1.45 million, and a pain clinic nurse practitioner agreed to pay $32,000 and surrender her DEA registration, to resolve claims that from 2011 through 2014, the chiropractor and his company “caused pharmacies to submit requests for Medicare and TennCare payments for pain killers, including opioids . . . which had no legitimate medical purpose.”[6] With respect to this settlement, Attorney General Jeff Sessions noted, “[i]f we’re going to end this unprecedented [opioid] drug crisis, which is claiming the lives of 64,000 Americans each year, doctors must stop overprescribing opioids and law enforcement must aggressively pursue those medical professionals who act in their own financial interests, at the expense of their patients’ best interests.”[7] We address the ongoing opioid enforcement efforts further below. In addition to the settlement involving the Arizona-based health care organization, the first half of 2018 saw a number of other settlements involving multiple-facility providers nationwide, many under more than one theory of liability. For example, in one case involving a Louisville, Kentucky-based company that owns and operates about 115 skilled nursing facilities, DOJ alleged that the company had “knowingly submitted false claims to Medicare for rehabilitation therapy services that were not reasonable, necessary and skilled.”[8] The settlement, which was initiated by two individuals under the qui tam provisions of the FCA, required the company to pay more than $30 million and also resolved allegations that the company had submitted forged pre-admission certifications of patient need for skilled nursing to the State of Tennessee’s Medicaid program. In another case, DOJ settled with a dental provider for $23.9 million following allegations that the company had, throughout clinics in seventeen states, submitted false claims for medically unnecessary dental procedures and for procedures not actually provided.[9] DOJ’s case was initiated by five lawsuits filed under the qui tam provision of the FCA. DOJ likewise settled for $22.51 million with a company that manages nearly 700 hospital-based wound care centers nationwide to resolve allegations that the company had knowingly caused wound care centers to bill Medicare for medically unnecessary and unreasonable procedures.[10] That case arose from two separate lawsuits filed by former employees of the company under the qui tam provision of the FCA. The first half of 2018 also saw a relatively high number of resolutions resting on theories of services not provided, including nine settlements based on allegations that services billed for were not provided at all. In one settlement, which involved the coordinated effort of the Alaska Medicaid Fraud Control Unit, HHS OIG, and the Alaska Medicaid Program, an Anchorage-based provider of services to individuals with intellectual and developmental disabilities agreed to pay nearly $2.3 million to resolve allegations it had billed for services not provided and for overlapping services with the same provider.[11] The settlement also required the health care provider to enter into a five-year corporate integrity agreement with HHS OIG. Finally, in one of the largest civil resolutions of the first half of 2018,[12] a judge found a Houston-area laboratory liable for nearly $30.6 million for overbilling Medicare for services (transportation miles) that the company’s lab technicians had never actually traveled.[13] B. FCA-Related Case Law Developments 1. Developments in Implied False Certification Theory Our previous updates discussed in detail the unanimous 2016 Supreme Court decision in Universal Health Services, Inc. v. United States ex rel. Escobar,[14] affirming the validity of an “implied certification” theory for FCA liability following a “rigorous” and “demanding” analysis of whether the alleged fraud was “material” to the government’s decision to pay the claim at issue. Courts have continued to interpret Escobar and unpack the meaning of “materiality” in this context. In January 2018, the Middle District of Florida overturned a $350 million jury verdict on the grounds that the evidence did not support a finding of FCA materiality and scienter where the government continued making payments to the defendants despite being on notice of defendants’ alleged misconduct.[15] Plaintiffs alleged that the defendants, operators of a chain of skilled nursing facilities and a management services organization, misrepresented the conditions of and treatments provided to patients in its facilities. In support of these allegations, plaintiffs presented a variety of paperwork containing defects such as missing dates or signatures. The judge noted that while the defective paperwork was demonstrably non-compliant with contractual requirements for comprehensive care plans, the government nonetheless made payments and took no steps to enforce compliance. With these facts in mind, the judge concluded there was no reason to believe the deviations from the terms of the comprehensive care plans were material to payment, and that overturning the jury verdict was consistent with Escobar which “rejects a system of government traps, zaps, and zingers that permits the government to retain the benefit of a substantially conforming good or service but to recover the price entirely—multiplied by three—because of some immaterial contractual or regulatory non-compliance.”[16] An appeal of this ruling was filed in early July and is pending in the Eleventh Circuit. Courts nationwide continue to disagree about the extent to which government payment after awareness of non-compliance defeats the materiality standard. We will continue to watch as the Supreme Court considers whether to hear at least one cert petition seeking clarification of that precise issue, in United States ex rel. Campie v. Gilead Sciences, Inc., during the 2018 term.[17] 2. Developments in “Objective Falsity” Jurisprudence As we have discussed in prior updates, courts continue to consider the animating logic of the March 2016 AseraCare case, in which the District Court for the Northern District of Alabama, after the government prevailed in the first phase of a bifurcated trial, granted summary judgment sua sponte for the hospice provider on the grounds that the government failed to show evidence of an objective falsehood. In support of its allegation that the defendant hospice provider submitted false claims for services where the patient did not qualify for hospice care, the government had proffered a trial expert’s review of patient medical records. The district court found that a “contradiction based on clinical judgment or opinion alone [i.e. between the government’s expert and another expert or the treating physician] cannot constitute falsity under the FCA as a matter of law.”[18] Other courts have similarly declined to find objective falsity in cases where the challenged care and services were the product of providers’ clinical judgment. For example, in a December 2017 decision, the Central District of California reached a similar conclusion in United States ex rel. Winter v. Gardens Regional Hospital and Medical Center, finding no basis for liability in pleadings premised on questions of medical judgment regarding the appropriateness of hospital admissions.[19] In a similar vein, in June 2017, the district court in United States ex rel. Dooley v. Metic Transplantation Lab held that defendants could only be found to have submitted objectively false claims if they, in their medical opinion, knew that they were selecting medically unnecessary tests.[20] Two recent circuit court decisions, however, held that medical judgments can be challenged as false or fraudulent for purposes of the FCA, at least in certain circumstances. First, in United States v. Paulus, the Sixth Circuit rejected a district court’s decision to overturn the conviction of a medical doctor for allegedly fraudulently ordering an unusually high number of angiograms, and then finding high levels of stenosis based on erroneous and exaggerated readings of those angiograms.[21] The district judge found that the medical interpretation of the amount of stenosis shown on angiograms was “incapable of confirmation or contradiction” and not an “objectively verifiable fact,”[22] but the Sixth Circuit strongly disagreed, stating “[w]e believe we were clear then, but we make it explicit now: The degree of stenosis is a fact capable of proof or disproof.”[23] The Department of Justice lauded the Paulus decision, filing a letter with the Eleventh Circuit stating that Paulus “squarely rejected” the reasoning of AseraCare. In a responsive filing, AseraCare argued that the cases are distinguishable due to the factual nature of the determinations being made—while Paulus involved a factual determination about the measurable degree of blockage in arteries, the judgments in AseraCare centered on life expectancy, which AseraCare describes as a judgment that “necessarily and by law involves a subjective opinion.” The Eleventh Circuit heard oral arguments in AseraCare in March 2017, and a decision is forthcoming. Second, in United States ex rel. Polukoff v. St. Mark’s Hospital,[24] a Tenth Circuit panel held that certifications of “reasonable and necessary” care can be deemed false for purposes of FCA liability if procedures are found to be “not reasonable and necessary under the government’s definition of the phrase.”[25] This decision overturned a District of Utah opinion declaring that a doctor’s opinion regarding the potential uses for patent formen ovale (“PFO”) closures could not be objectively false since the doctor exercised his professional medical judgment in reaching this conclusion.[26] Although PFO closures are typically conducted only on patients who have previously endured a stroke, the provider-defendant believed they had the potential to serve as a “preventative measure” for patients with an “elevated risk of stroke.”[27] As a result of his view that PFO closures had broader potential usage, the doctor performed PFO closures far more often than normal in the industry: in a time period where the Cleveland Clinic performed 37 PFO closures, the defendant performed 861.[28] The Tenth Circuit unanimously rejected the district court’s decision that the doctor’s view of the wider usefulness of PFO closures was sufficient to defeat a finding of falsity, emphasizing that providers cannot use professional judgment as a shield against liability for unnecessary procedures. Rather, for purposes of determining whether a claim is reimbursable, the Tenth Circuit found that government guidance such as the Medicare Program Integrity Manual provides a reliable rulebook for what constitutes “reasonable and necessary” under the FCA.[29] The case will now return to the district court for reconsideration. The extent to which a disagreement in professional opinion can be construed as an indicator of falsity is not fully settled. Following recent cases, it is clear that prosecutors must provide evidence of falsity beyond mere disagreement of another health professional. Nonetheless, the Paulus and Polukoff decisions suggest that providers’ medical judgment may not be protected when other factors suggest that they veer significantly from the mainstream. The Tenth Circuit’s statements about using government manuals to define “reasonable and necessary” for FCA purposes may prompt particular controversy because as other courts have recognized, these manuals lack the force of law, and in any event, they, too, have vague standards that are susceptible to multiple interpretations. In that regard, key questions remain about the parameters of defining falsity in medical necessity determinations; we will continue to monitor pending litigation in this area and will report on further judicial developments. 3. Developments Regarding the Use of Statistical Sampling As noted in prior updates, dating back to our 2014 Year-End Update, we continue to track developments in the use of statistical evidence and sampling to support wide-scale FCA allegations, especially against multi-site providers. Two courts recently rejected plaintiffs’ attempts to use statistical data to establish fraud under the FCA. In United States ex rel. Wollman v. The General Hospital Corporation, the District of Massachusetts granted defendants’ motion to dismiss on the grounds that relator’s allegations based on statistical data fell short of pleading specific details regarding the actual submission of claims.[30] Although the First Circuit generally has relaxed pleading standards and allows the use of statistical evidence to strengthen an inference of fraud, the Wollman court found that relators’ use of statistical data fell short of creating any inference that surgeons committed fraud by billing Medicare and Medicaid for “overlapping” surgeries.[31] Similarly, in April 2018, in United States ex rel. Conroy v. Select Medical Corporation, a magistrate judge in the Southern District of Indiana rejected a relator’s attempt to use statistical sampling to determine “the number of fraudulent Medicare claims and the damages flowing from them.”[32] The court held that the plaintiffs failed to provide any evidence in support of the proposition that showing “a particular Medicare reimbursement claim was fraudulent based on a theory of lack of medical necessity can be done by a random-sampling method.” Instead, the court found that a case-by-case analysis would be necessary to “evaluate whether each particular claim for which the plaintiffs seek relief was actually knowingly false within the meaning of the FCA.”[33] DOJ, despite initially declining to intervene in the case, filed a letter of interest challenging the magistrate judge’s discovery order as “contrary to long-established precedent recognizing statistical sampling as admissible and valid method of proof” in contexts applicable to the FCA.[34] The court has not yet addressed DOJ’s letter. As the government and FCA relators continue to attempt to support region-wide or nationwide cases against multi-facility providers using statistical sampling evidence, these issues are sure to have an important presence in the FCA case law, and we will continue to monitor and report on them. C. Opioid Crisis Enforcement Efforts The government continues to aggressively target the opioid crisis in its criminal, as well as civil, enforcement efforts, with the initial focus on opioid manufacturers widening to include prescribers, and even pharmacy dispensers, of opioids. On June 6, the CEO of a health care company and four physicians were charged in a superseding indictment as part of an investigation into an alleged $200 million health care fraud scheme involving the distribution of medically unnecessary controlled substances and injections that resulted in patient harm.[35] The indictment alleges that the physicians prescribed over 4.2 million dosage units of medically unnecessary controlled substances to Medicare beneficiaries, including some who were addicted to narcotics. Further, the physicians allegedly required the Medicare beneficiaries to consent to medically unnecessary injections, which were billed to Medicare in order to increase revenue for all defendants. Trial in the Eastern District of Michigan is scheduled to begin at the end of July. In our 2017 Mid-Year Update, we highlighted DOJ’s announcement of what was then the largest-ever health care fraud enforcement action, involving charges against more than 400 defendants for more than $1.3 billion in fraud. The enforcement action focused heavily on the prescription and distribution of medically unnecessary prescription drugs, including opioids and other narcotics. On June 28, DOJ announced a new record for the largest health care fraud enforcement action in history.[36] This enforcement action involved charges against 601 individuals across 58 federal districts, allegedly responsible for over $2 billion in fraud losses. Of the individuals charged, 162 defendants (including seventy-six doctors) were charged for playing a role in prescribing and distributing opioids and other narcotics. In the press release, Attorney General Jeff Sessions described the underlying conduct as “despicable crimes” that led DOJ to take “historic new steps to go after fraudsters, including hiring more prosecutors and leveraging the power of data analytics.”[37] Attorney General Sessions emphasized that “[t]his is the most fraud, the most defendants, and the most doctors ever charged in a single operation—and we have evidence that our ongoing work has stopped or prevented billions of dollars’ worth of fraud.”[38] The enforcement action involved coordinated efforts by DOJ’s Criminal Division and Health Care Fraud Unit, HHS OIG, the Drug Enforcement Administration, the Centers for Medicare and Medicaid Services, IRS Criminal Investigations, the Department of Labor, State Medicaid Fraud Control Units, and others. HHS Secretary Alex Azar lauded the “Takedown Day” as “a significant accomplishment for the American people,” stating that every dollar recovered in the operation is “a dollar that can go toward providing healthcare for Americans in need[.]”[39] In the middle of July, DOJ announced Operation Synthetic Opioid Surge, or Operation S.O.S., in an effort to target distribution of synthetic opioids in the districts with the highest rates of overdose deaths.[40] U.S. Attorney’s Offices in key districts will identify a county in which it will prosecute “every readily provable case involving . . . synthetic opioids, regardless of drug quantity.” The goal of the intensive effort, which will be coordinated with the DEA Special Operations Division, is to use these smaller prosecutions to identify larger distribution networks for synthetic opioids and ultimately reduce overdose deaths. The recent takedown and Operation S.O.S. initiative are further evidence of DOJ’s continued prioritization of the opioid crisis by criminally targeting fraudulent distribution of prescription medications; however, DOJ continues to target these issues through civil remedies as well. On February 27, 2018, DOJ announced the formation of a Prescription Interdiction and Litigation Task Force designed to enforce compliance with federal regulations created to prevent improper prescribing of medications. In his speech announcing the Task Force formation, Attorney General Sessions noted that the Task Force would coordinate with various agencies and employ a wide range of enforcement tools—including the FCA—to crack down on illegal prescriptions. II. HHS Enforcement Activity A. HHS OIG Activity 1. 2017 and 2018 Developments and Trends In the period between October 1, 2017, and March 31, 2018, HHS OIG reported 424 criminal actions, a decrease of approximately 9% from the 468 criminal actions reported in the first half of FY 2017.[41] HHS OIG experienced a larger drop—nearly 25%—in the number of civil actions, reporting 349 in the first half of FY 2018, compared to 461 in the first half of FY 2017.[42] While the yearly number of criminal actions has fluctuated over the past several years (see the chart below), the yearly number of civil actions has been steadily rising—a streak which may break in 2018 based on first-half numbers. In the first half of FY 2018, HHS OIG also reported expected investigative recoveries of $1.46 billion.[43] In the first half of FY 2017, by contrast, this figure was approximately $2.04 billion.[44] These recovery figures suggest that FY 2018 may continue the general downward shift in HHS OIG’s yearly expected recoveries over the last several years, as depicted in the chart below. This downward trend may be due in part to decreases in the frequency and magnitude of large settlements with pharmaceutical companies. In FY 2012 and FY 2013, for example, HHS OIG’s year‑end reports highlighted a total of approximately $4.35 billion in settlements with pharmaceutical companies, whereas HHS OIG’s year‑end reports for FY 2014 through FY 2017 highlighted a total of only about $1.32 billion in settlements with pharmaceutical companies.[45] 2. Significant HHS OIG Enforcement Activity a) Exclusions HHS is required to exclude from participation in the federal health care programs any individual or entity that is (1) convicted of a crime related to Medicare, (2) convicted of a crime related to patient abuse or neglect, (3) convicted of felony health care fraud, or (4) convicted of a felony related to the manufacturing, distribution, prescription, or dispensing of a controlled substance.[46] HHS also has permissive authority to exclude individuals and entities falling into sixteen other categories, including those convicted of fraudulent conduct related to health care, those excluded or suspended from a state health care program, and those HHS determines have paid kickbacks as defined by the Anti‑Kickback Statute.[47] In the first half of calendar year 2018, HHS OIG reported 1,525 exclusions from the federal health care programs.[48] Of that number, thirty exclusions were of entities, a 9% drop compared to the same period in calendar year 2017 and a 3% drop compared to the same period in calendar year 2016.[49] Notably, this number is an increase as compared to calendar years 2015 and 2014. The entity exclusions included thirteen pharmacies and four entities identified as either community mental health centers or psychology practices.[50] The remaining 1,495 exclusions reported in the Exclusions Database for the first half of FY 2018 were of individuals, 158 of whom were classified as business owners or executives, and 104 of whom were classified as physicians.[51] Among business owners or executives, approximately 25% were affiliated with home health agencies, approximately 7% with pharmacies, and approximately 12% with clinics.[52] Of the excluded physicians, approximately 66% were family practitioners, general practitioners, internists, or psychiatrists.[53] Consistent with HHS OIG’s focus on pharmacies and on combating the illegal provision of opioids, HHS OIG’s semiannual report to Congress covering the first half of FY 2018 highlighted an exclusion case involving a pharmacy owner in Kentucky who was convicted of illegally dispensing oxycodone, hydrocodone, and pseudoephedrine and was sentenced to thirty years in prison. The pharmacy owner’s exclusion from the federal health care programs will last at least fifty years.[54] b) Civil Monetary Penalties Compared to the same period in calendar year 2017, the first half of calendar year 2018 witnessed an uptick in civil monetary penalties (“CMPs”) as a result of settlement agreements and voluntary self‑disclosures. HHS OIG announced 61 CMPs totaling approximately $46 million,[55] marking an increase of nearly 30% in the number of cases, and a 100% increase in total recovery amount, compared to the first half of calendar year 2017.[56] CMPs resulting from self‑disclosures represented approximately 86% of the CMPs, in terms of dollar value, in the first half of the 2018 calendar year, with the largest self‑disclosure settlement representing approximately six times the amount of the largest settlement not involving self‑disclosure. Self‑disclosure cases also accounted for eight of the top ten settlements by dollar amount. Consistent with the trend in the first half of last year, cases involving allegedly false claims or improper billing practices accounted for the lion’s share—thirty-one cases totaling nearly $35 million— of CMPs imposed by HHS OIG. Employment of individuals who had been excluded from the federal health care programs was the second most common basis for CMPs, accounting for fourteen cases totaling nearly $1.9 million. However, these cases were overshadowed in terms of dollar amount by the eight CMPs involving alleged AKS or Stark Law violations and amounting to nearly $8.9 million in penalties and settlements. The three largest CMPs assessed against providers in the first half of 2018 are summarized below: Northwell Health Inc. (Northwell): On February 13, 2018, after self-disclosing conduct, Northwell agreed to pay approximately $12.7 million to resolve allegations from HHS OIG that Northwell submitted Medicare claims that lacked sufficient documentation for a certain Medicare Local Coverage Determination, “Vertebroplasty and Vertebral Augmentation – Percutaneous, L26439.”[57] Shands Jacksonville Medical Center, Inc. (Shands) and University of Florida Jacksonville Physicians, Inc. (UF JPI): Shands and UF JPI made a self‑disclosure to HHS OIG, and on January 30, 2018, reached a settlement of approximately $4.5 million to resolve allegations that Shands and UF JPI submitted Medicare and Medicaid claims for ophthalmology surgical procedures that were not medically necessary.[58] Nazareth Hall (Nazareth): Following a self‑disclosure, on February 23, 2018, Nazareth reached a settlement of approximately $4 million to resolve HHS OIG allegations that Nazareth submitted Change of Therapy forms for rehabilitative therapy services without following Medicare requirements.[59] c) Corporate Integrity Agreements Although we frequently make observations regarding the types of integrity agreements entered into by HHS OIG, the Government Accountability Office (“GAO”) issued a report earlier this year that provides a comprehensive survey of these agreements from the period spanning from July 2005 through July 2017.[60] The report found that, during this period, HHS OIG entered into 652 agreements[61] with thirty types of entities, but that individual or small group practices, hospitals, and skilled nursing facilities together accounted for over half of all agreements.[62] Cases that ended with integrity agreements most often started with allegations that the relevant entity or individual billed for medically unnecessary services or for services not provided.[63] Significantly, the report also noted that DOJ settlements accompanied 619 of the 652 integrity agreements reached in the period reviewed.[64] Overall, however, the total number of integrity agreements in effect decreased by 44% from 2006 to 2016,[65] as a result of HHS OIG’s self‑described efforts to prioritize entities that pose the most significant fraud risks.[66] In the first half of calendar year 2018, HHS OIG entered into thirteen corporate integrity agreements (“CIAs”), down from twenty-four in the same period in 2017.[67] In one particularly notable example, an Anchorage, Alaska, non‑profit organization that provides services to individuals with developmental disabilities entered into a five‑year CIA with HHS OIG. Under the agreement, the organization was required to implement significant compliance enhancements, including the appointment of a compliance officer and the establishment of a compliance committee, as well as the implementation of specific compliance controls and review procedures at the board of directors level.[68] HHS OIG has signaled that it views these sorts of requirements as a floor, not a ceiling, for providers’ compliance programs. For example, in a case involving a non‑profit hospital operator accused of violating the FCA by seeking Medicare reimbursement for inpatient services that could have been provided on a less costly outpatient basis,[69] HHS OIG imposed a five‑year CIA that specified similar board- and management-level compliance enhancements, despite the fact that the entity had “voluntarily established a Compliance Program” before the CIA was executed.[70] The agreement specified that the procedures it imposed on the hospital operator were to be treated as minimum requirements for its compliance program.[71] In other instances, HHS OIG has used CIAs to require significant compliance undertakings more closely tailored to the alleged conduct at issue. For example, in a CIA that involved a parallel settlement with DOJ, a radiation therapy provider that allegedly violated the AKS was required to implement an oversight program to ensure that certain contractual arrangements were “supported by and consistent with fair market valuation reports conducted by independent, objective, and qualified individuals or entities with fair market valuation expertise[.]”[72] Fair market valuations help provide shelter from liability under AKS and the Stark Law for certain contractual arrangements, such as employment compensation arrangements, as they support the relevant arrangement as an arm’s-length transaction that does not account for the value or volume of referrals. Notably, several of the CIAs entered into so far this year involved individuals in addition to entities. For example, in February, HHS OIG reached a three‑year CIA with a North Carolina eye-care provider and its physician-owner that requires, among other provisions: enhanced training and education, the retention of an independent review organization (“IRO”), and enhanced screening processes for employees and third-party service providers. The physician-owner is required to submit certifications of the practice’s compliance in conjunction with the IRO’s review and reporting activities.[73] In another case, the individual owner of a hospice provider was made a party to a CIA with the provider itself, which imposes a five‑year term and the implementation of a detailed set of management‑level compliance enhancements and controls.[74] And, in at least one case, HHS OIG put in place a CIA that imposes obligations on an individual only, without placing parallel obligations on any entity affiliated with the individual.[75] The agreement requires the individual to do the following, among other things: undergo training on billing, coding, and record documentation, and ensure that the individual’s employees and contractors received such training; engage an IRO to audit the individual’s claims submitted to Medicare and Medicaid; screen the individual’s employees and contractors to ensure their eligibility to participate in the federal health care programs, and remove any individuals who have been excluded from participation; and track and communicate certain “reportable events” to HHS OIG.[76] Under the agreement, breach of any of these obligations would trigger a daily stipulated penalty of $1,000 or $1,500, depending on the obligation breached—as well as the possibility of exclusion from the federal health care programs in the event of certain material breaches.[77] B. CMS Activity 1. Transparency and Data Accessibility Over the past few years, CMS has prioritized improving access to data related to the use of Medicare and Medicaid services. On April 13, 2018, CMS released the seventh update of the Market Saturation and Utilization Tool.[78] This tool provides interactive maps and related data sets showing provider services and utilization data for selected health services, and is one of many tools used by CMS to monitor and manage market saturation as a means to help prevent potential fraud, waste, and abuse. The seventh update includes a trend analysis graphing tool that shows the percentage change and trend over time across the available metrics and health service areas. CMS explained that in addition to serving as a monitoring tool to prevent potential fraud and abuse, “[t]he data can also be used to reveal the degree to which use of a service is related to the number of providers servicing a geographic region.”[79] CMS noted that one of the secondary objectives of making the data public is to “assist health care providers in making informed decisions about their service locations and the beneficiary population they serve.”[80] 2. Continued Implementation of Moratoria As we’ve described in past updates, the Patient Protection and Affordable Care Act authorizes CMS to impose moratoria on certain regions to prevent new provider enrollments in certain geographic areas identified as fraud “hot spots.” The moratoria are imposed after consultation with DOJ and HHS OIG and reviewed for continued necessity every six months. The moratoria, which block any new provider enrollments for Medicare Part B non-emergency ground ambulance providers and Medicare home health agencies in Florida, Illinois, Michigan, Texas, Pennsylvania, and New Jersey, were reviewed and extended again for a six-month period on January 29, 2018.[81] C. OCR and HIPAA Enforcement 1. HIPAA Enforcement Actions HHS’s Office of Civil Rights (“OCR”) reported that as of June 30, 2018, it had reviewed and resolved over 184,614 Health Information Portability and Accountability Act (“HIPAA”) complaints since HIPAA privacy rules went into effect in April 2003.[82] OCR has resolved 96% of these cases (177,194).[83] Since January, OCR has reported only two settlements and one decision from an HHS Administrative Law Judge (“ALJ”), amounting to approximately $7.9 million in fines.[84] If OCR’s enforcement continues at this pace, 2018 will see a dramatic decline in HIPAA enforcement actions. In the 2017 calendar year, OCR announced ten settlements amounting to approximately $19.4 million in fines, and in 2016, OCR reported thirteen settlements totaling approximately $23.5 million.[85] It remains to be seen whether the downtick in enforcement during the first half of 2018 signals a change in priorities, or whether we will see an acceleration of HIPAA settlements in the second half of the year. On February 1, 2018, OCR announced the first HIPAA settlement of the year, with Fresenius Medical Care North America (“FMCNA”), a nationwide dialysis provider that also runs labs, urgent care centers, and post-acute practices. FMCNA agreed to pay $3.5 million and adopt a comprehensive corrective action plan in order to settle potential HIPAA violations in connection with five data breaches that occurred at separate FMCNA-owned entities over a five-month period in 2012, which impacted 521 individuals.[86] Following an investigation, OCR found that FMCNA “failed to conduct an accurate and thorough risk analysis of potential risks and vulnerabilities to the confidentiality, integrity, and availability of all its [electronic protected health information (PHI)].”[87] OCR Director Roger Severino commented, “[t]he number of breaches, involving a variety of locations and vulnerabilities, highlights why there is no substitute for an enterprise-wide risk analysis for a covered entity.”[88] A corrective action plan requires the company to complete a risk analysis and risk management plan, revise policies and procedures, develop an encryption report, and provide employee education on policies and procedures.[89] Less than two weeks later, OCR announced a $100,000 settlement with Filefax, Inc. (“Filefax”), a company that stored and delivered medical records. The case came to the attention of the authorities in February 2015 when OCR received an anonymous complaint alleging that an individual took paper files out of an unlocked dumpster outside of a Filefax office in Illinois and brought it to a nearby paper shredding shop, hoping to receive payment for providing recyclable material. The complaint led to an OCR investigation. Filefax dissolved during the course of the investigation, which ultimately concluded that “Filefax impermissibly disclosed the PHI of 2,150 individuals by leaving the PHI in an unlocked truck in the Filefax parking lot, or by granting permission to an unauthorized person to remove the PHI from Filefax, and leaving the PHI unsecured outside the Filefax facility.”[90] This settlement cautions against the careless handling of PHI and demonstrates that companies cannot escape obligations under the law for HIPAA violations even after closing for business. The receiver appointed to liquidate the assets of Filefax, has agreed to pay the $100,000 and properly store and dispose the remaining medical records in a HIPAA-compliant manner.[91] On June 18, 2018, an HHS ALJ granted summary judgment against the University of Texas MD Anderson Cancer Center (“MD Anderson”), requiring the provider to pay $4.3 million in civil monetary penalties for HIPAA violations.[92] This is the fourth largest amount awarded to OCR by an ALJ or secured in a settlement for HIPAA violations; it is also the second summary judgment victory in OCR’s history of HIPAA enforcement.[93] The litigation arose out of three data breaches from 2012 and 2013 involving the theft of an unencrypted laptop from an MD Anderson employee and the loss of two unencrypted USB thumb drives containing the information of 33,500 individuals. MD Anderson “failed to adopt an effective mechanism” to protect patient data.[94] The ALJ rejected the argument that stolen information is only disclosed when it is viewed by a third party, holding, “The plain language of the regulation doesn’t suggest that. Moreover, to interpret the regulation so narrowly as Respondent suggests would render its prohibitions against unauthorized disclosure to be meaningless.”[95] In a statement regarding the decision, Director Severino underscored that “OCR is serious about protecting health information privacy and will pursue litigation, if necessary, to hold entities responsible for HIPAA violations.”[96] 2. Cybersecurity Protection of patients’ confidential information, and electronically stored information in particular, continues to be a high priority for HHS enforcement, just as cybersecurity and data privacy issues explode in complexity and public attention. As discussed in past updates,[97] OCR continues to issue monthly “Cybersecurity Newsletters” in order to provide guidance on what specific security measures providers can take to decrease exposure to various security threats and vulnerabilities that exist in the health care sector, and how to reduce breaches of electronic-protected health information (“ePHI”).[98] HHS has not said that following the measures outlined in these newsletters creates any kind of safe harbor; rather, the newsletters are designed to “assist” the regulated community to become more knowledgeable about risk areas. Providers would do well to adhere to this guidance to avoid being caught in the crosshairs of OCR.[99] Brief summaries of the newsletters that have been issued so far this year are below. The January newsletter discusses the issue of cyber extortion, which may include stealing sensitive data such as ePHI, and explains what organizations can do to prevent falling victim to attackers, including implementing an organization-wide risk analysis and risk management program, training employees, patching systems, and encrypting sensitive data. Organizations are encouraged to remain vigilant for new and emerging cyber threats.[100] OCR’s February newsletter warns against the dangers of “phishing,” a type of cyberattack used to trick individuals to disclose sensitive information electronically by impersonating a trustworthy source, and provides tips on avoiding phishing attacks.[101] The purpose of the April newsletter is to provide a concise explanation of the differences between a “risk analysis” required by the HIPAA Security Rule’s regulatory requirement and a “gap analysis.” In short, a risk analysis is a comprehensive, enterprise-wide evaluation to identify the ePHI and the risks and vulnerabilities to the ePHI; the results of a risk analysis may be used to make enterprise-wide modifications to ePHI systems. By contrast, a gap analysis is a narrower examination of an enterprise to assess whether certain controls or safeguards required by the Security Rule have been implemented and to spot “gaps.”[102] The May newsletter reminds organizations about the importance of the physical security of workstations to safeguard access to ePHI, which OCR notes is often overlooked. OCR warns that “[f]ailure to take reasonable steps regarding physical security may have serious consequences,” citing investigations that have resulted in hefty fines for violations of HIPAA’s Security Rule.[103] Finally, the June newsletter provides guidance on software vulnerabilities and the necessity of patching software bugs to close security vulnerabilities and prevent hackers from gaining unauthorized access to a user’s computer or an organization’s network. OCR sets forth the responsibilities of HIPAA-covered entities and business associates to conduct a risk analysis of the potential vulnerabilities to the confidentiality of the ePHI they hold; this includes identifying and mitigating risks and vulnerabilities that unpatched software poses to an organization’s ePHI.[104] III. Anti-Kickback Statute During the first six months of 2018, the AKS has remained one of the most prominent theories of liability in health care enforcement actions. That is perhaps unsurprising, since the government typically takes the position that the damages resulting from AKS liability are the full amount of the claims supposedly “tainted” by the alleged kickbacks. But given the interplay between the AKS and the FCA, the numerous resulting elements of proof for an AKS case, and the complexities of the AKS’s many safe harbors, AKS theories also continue to be actively debated in the health law field and in the courts. Below, we summarize the guidance and case law developments that explore the scope of that potential liability. A. Notable HHS OIG Advisory Opinions HHS OIG issued a number of advisory opinions discussing the AKS in the first half of 2018. Notably, the Office gave its imprimatur to each arrangement on which companies requested its input, from sharing savings generated from cost-reduction measures with health care providers to providing support resources to caregivers of patients with chronic conditions. On January 5, HHS OIG considered an arrangement under which neurosurgeons implementing cost-reduction measures with respect to spinal fusion surgeries split the savings from these measures with the medical center in which they operate.[105] These cost-reduction measures included a shift to using certain products only on an as-needed basis and standardizing the selection of certain devices and supplies based on price.[106] In concluding that this arrangement presented a low risk of AKS violations, HHS OIG noted approvingly safeguards designed to reduce neurosurgeons’ incentive to increase referrals to the medical center. These safeguards included distributing the incentive payments on a per-surgeon, rather than per-patient, basis; reviewing patient data to confirm a historically consistent selection of patients; reserving a portion of the savings for administrative expenses that would otherwise be distributed to the neurosurgeons; and tying incentive payments to verifiable cost savings attributable to each recommendation implemented in a procedure.[107] On May 31, HHS OIG opined that an arrangement under which a not-for-profit health center would use state Department of Health grant funds to give a county clinic a computer, videoconferencing software, and other telemedicine items to enable the county clinic to provide health care consultation services remotely would present a low risk of AKS violations.[108] The agency noted that this donation of equipment could conceivably induce the county clinic to refer patients to the health center, but found that the risk of such referrals was low given the clinic would not recommend the health center, or any other specific health care provider, to patients, and that the health center was located 80 miles from the county clinic.[109] On June 14, HHS OIG analyzed the use of a preferred hospital network as part of Medicare Supplemental Health Insurance (“Medigap”) policies, whereby insurance companies would contract with hospitals for discounts on Medicare inpatient deductibles for their policyholders and then provide a $100 credit to policyholders who utilized an in-network hospital for their inpatient stay.[110] HHS OIG first concluded that the arrangement did not meet the requirements for protection under either the safe harbor for waivers of beneficiary coinsurance and deductible amounts or the safe harbor for reduced premium amounts offered by health care plans.[111] The safe harbor for coinsurance and deductible waivers specifically excludes such waivers when they are part of an agreement with insurers, and the safe harbor for reduced premium amounts requires that all enrollees be offered the same cost‑sharing or reduced premium amounts.[112] HHS OIG then concluded that, notwithstanding the absence of safe harbor protection, the arrangement presented a low risk of AKS violations because neither the discounts nor the premium credits would increase per-service Medicare payments, the arrangement would have little impact on patient utilization, and physicians would receive no remuneration as a result of the arrangement.[113] On June 18, HHS OIG issued an opinion regarding whether a non-profit medical center may provide support resources and services to family members and other caregivers who care for patients with chronic conditions.[114] The provider proposed to give those caregivers, among other things, educational sessions, support groups, rental iPods, and low-fee stress reduction workshops.[115] HHS OIG noted that certain services the provider made available to the caregivers alleviated the caregivers’ financial burdens in providing care and could influence the caregivers to refer patients to the provider, and HHS OIG determined that no exception to the Beneficiary Inducements CMP or AKS applied.[116] However, HHS OIG determined that it would not impose sanctions on the provider, because (1) the services mostly benefitted caregivers, and posed a low risk of influencing them to select the provider for any particular federally reimbursable services; (2) all caregivers could access the services; (3) the provider did not “actively market” the services; and (4) the provider’s practices posed little risk of increasing costs incurred by the federal health care programs. For these reasons, HHS OIG concluded that the provider’s conduct would not subject it to sanctions under the AKS.[117] B. Notable Case Law Involving the AKS While the first half of 2018 was relatively quiet with respect to AKS case law, there were a couple of notable opinions. In particular, the Third Circuit rejected a “but for” causation standard for establishing FCA liability predicated on alleged AKS violations, while an Illinois district court rejected an AKS theory as too speculative. We discuss both below. In January, the Third Circuit affirmed a U.S. District Court for the District of New Jersey ruling granting summary judgment to a pharmaceutical company accused of FCA and AKS violations in United States ex rel. Greenfield v. Medco Health Solutions, Inc.[118] The relator alleged that a pharmacy (Accredo Health Group), which provided home care for patients with hemophilia, violated the AKS, and in turn the FCA, when it made donations to two charities that then recommended the company to hemophilia patients.[119] The District Court denied the relator’s motion for summary judgment and granted the company’s, on the ground that the relator was unable to show that the charities’ referral of several federally insured patients resulted from the pharmacy’s charitable contributions.[120] On appeal, the relator argued that the District Court erred in requiring a “direct link” between the contributions and the referrals.[121] The government filed an amicus brief contending that the Court erred “to the extent that it required relator to prove a causal connection between the kickbacks and the claims.”[122] In other words, “the district court incorrectly appeared to believe it was necessary for relator to show that the kickbacks in fact corrupted the charities’ decision to refer patients to” the pharmacy, and that “those referrals and recommendations in fact corrupted the patients’ decisions to use” the company’s services.[123] Instead, the government urged the Court to hold that “relator is not required to prove that the kickbacks caused the charities to make the referrals and recommendations or that the referrals and recommendations caused the patients to use” the pharmacy’s services.[124] The Third Circuit affirmed the District Court’s grant of summary judgment in favor of the company, holding that a relator must, at minimum, show that at least one of the patients for whom the company provided services and submitted reimbursement claims was “exposed to” a referral from one of the charities to which the company donated.[125] Addressing the parties’ respective arguments about what suffices as FCA proof in the AKS context, the Third Circuit explained that “[i]t is not enough . . . to show temporal proximity between [the company’s] alleged kickback plot and the submission of claims for reimbursement. Likewise, it is too exacting to follow [the company’s] approach, which requires a relator to prove that federal beneficiaries would not have used the relevant services absent the alleged kickback scheme.”[126] The Third Circuit therefore largely adopted the government’s view that a “but for” causation standard would be unworkable in this context, holding instead that relators must present “some record evidence that shows a link between the alleged kickbacks and the medical care received by at least one of” the company’s federally insured patients.[127] In United States v. United Healthcare Ins. Co., the U.S. District Court for the Northern District of Illinois granted a health care insurer’s motion to dismiss a relator’s complaint alleging FCA violations predicated on alleged AKS violations.[128] The defendant was a Medicare Advantage plan that offered, among other services, in-home physical examinations to its patients and $25 Walmart gift cards to patients who accepted offers to join the in-home program.[129] The relator, a patient of the company who participated in the in-home program, alleged that the program violated the FCA because the in-home visits were not medically necessary and led to the procurement of risk adjustment data that could lead to a patient receiving a higher risk designation by CMS, thereby increasing the per-month payment the company would receive from the government for that patient.[130] The Court rejected the relator’s theory as too speculative. The Court noted that the company “ha[d] neither received a kickback for its remunerations nor has Medicare been injured through increased reimbursements.”[131] Rather, the company “paid for the in-home examinations itself, and then provided services to its plan participants free of charge. This does not violate the purpose of the Anti-Kickback Statute—’to prevent kickbacks from influencing the provision of services that are charged to Medicare.'”[132] IV. Stark Law The federal physician self-referral law, commonly known as the Stark Law, provides for strict liability for any physician who refers to an entity with which it has a “financial relationship,” which is broadly defined, and even more broadly interpreted by DOJ and HHS OIG. The Stark Law has been a frequent target of proposed reforms for many years (as discussed in our previous alerts ), reflecting industry and regulator recognition that the Stark Law sometimes creates unintentional and unnecessary restrictions on innovative and efficient health care arrangements. But in the main, those reform efforts have stalled and died before offering meaningful relief. During the first half of 2018, however, there were several notable developments relating to the Stark Law that may finally result in actual reform. A. Regulatory and Legislative Updates In January 2018, CMS Administrator Seema Verma announced that CMS, DOJ, and HHS OIG would undertake an inter-agency review of the Stark Law.[133] The review was spurred by feedback from providers as part of CMS’s “Patients Over Paperwork” Initiative,[134] which sought industry feedback about how to reduce burdensome regulations. According to Administrator Verma, the Stark Law was one of the most commonly identified of the “burdensome regulations and burdensome issues.”[135] Administrator Verma noted that the Stark Law was “developed a long time ago” and that there is a “need to bring along some of those regulations” to account for modern developments in payment models and health delivery systems.[136] Although Administrator Verma acknowledged that the solution may require “Congressional intervention,” she confirmed that CMS is committed to “working through it.”[137] In June, CMS requested feedback on possible regulatory changes to the Stark Law, suggesting a willingness to act, separate from any Congressional action.[138] The agency stated that lowering Stark Law hurdles would support coordinated care.[139] Eric Hargan, Deputy Secretary at HHS, further stated that “[r]emoving unnecessary government obstacles to care coordination is a key priority for this Administration.”[140] CMS explained that it is interested in addressing “real or perceived” obstacles to coordinated care that are caused by the Stark Law.[141] Beyond simply clarifying or simplifying the current law, the agency asked commenters whether the existing exceptions to the Stark law are useful and whether the agency should create new exceptions.[142] It also requested that commenters share ideas for defining important concepts such as “commercial reasonableness” and “fair market value” within exceptions to the Stark Law.[143] CMS also asked whether increased transparency could address problems, suggesting that transparency measures could include disclosures about pricing or a physician’s financial relationships. Among other related items, CMS is seeking suggestions regarding: Existing or potential arrangements that involve designated health service (“DHS”) entities and referring physicians that participate in “alternative payment models or other novel financial arrangements,” regardless of whether such models and financial arrangements are sponsored by CMS; Exceptions to the Stark Law that would protect financial arrangements between DHS entities and referring physicians who participate in the same alternative payment model; Exceptions to the Stark Law that would protect financial arrangements that involve “integrating and coordinating care outside of an alternative payment model”; and Addressing the application of the Stark Law to financial arrangements among providers in “alternative payment models and other novel financial arrangements.”[144] B. Notable Stark Law Enforcement There were also two notable Stark Law enforcement actions in the first half of 2018. In January, two California urologists agreed to pay more than $1 million to settle allegations that they had violated the Stark Law and the AKS.[145] The doctors, who own and operate both a urology practice and a radiation oncology center, allegedly submitted and caused the submission of false claims to Medicare for image-guided radiation therapy by billing for their own image-guided radiation therapy referrals to their oncology center. The two practices were separate entities, even though both owned by the urologists, and the financial arrangements did not comply with any exceptions to the Stark Law.[146] This case is a warning for providers who own businesses that provide complementary services. In March, University of Pittsburgh Medical Center Hamot (“Hamot”), a Pennsylvania hospital, and Medicor Associates Inc. (“Medicor”), a cardiology group, agreed to pay $20.75 million to settle allegations that they violated a number of statutes, including the AKS and the Stark Law.[147] DOJ alleged that they orchestrated a kickback scheme for patient referrals when Hamot paid Medicor up to $2 million per year under twelve physician and administrative services arrangements that had been created to secure patient referrals from the cardiology group. Hamot allegedly had no legitimate need for the contracted services, and in some instances the services were duplicative or not performed at all.[148] Notably, the claims were brought by a whistleblower, and the federal government initially declined to intervene. The whistleblower proceeded on his own and won summary judgment on his claims that some of the arrangements violated the Stark Law, which in turn caused false claims to be knowingly submitted to federal health programs in violation of the FCA.[149] The whistleblower received over $6 million as part of the settlement.[150] The whistleblower’s post-declination success may encourage other whistleblowers to proceed on their own, even in complicated Stark Law cases such as this one. V. CONCLUSION As these issues and others important to the health care provider community continue to develop, we will track them and report back in our 2018 Year-End Update.   [1] See Gibson Dunn 2017 Mid-Year FDA and Health Care Compliance and Enforcement Update – Providers (Sept. 4, 2017) [hereinafter “Gibson Dunn 2017 Mid‑Year Update”]. [2] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Electronic Health Records Vendor to Pay $155 Million to Settle False Claims Act Allegations (May 31, 2017), https://www.justice.gov/opa/pr/electronic-health-records-vendor-pay-155-million-settle-false-claims-act-allegations. [3] U.S. Dep’t of Justice, Associate Attorney General Rachel Brand, Limiting Use of Agency Guidance Documents In Affirmative Civil Enforcement Cases (Jan. 25, 2018), https://www.justice.gov/file/1028756/download. [4] The total is greater than twenty-one because some cases had multiple claims. [5] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Banner Health Agrees to Pay Over $18 Million to Settle False Claims Act Allegations (Apr. 12, 2018), https://www.justice.gov/opa/pr/banner-health-agrees-pay-over-18-million-settle-false-claims-act-allegations. [6] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Tennessee Chiropractor Pays More Than $1.45 Million to Resolve False Claims Act Allegations (Jan. 24, 2018), https://www.justice.gov/opa/pr/tennessee-chiropractor-pays-more-145-million-resolve-false-claims-act-allegations. [7] About a month later, at the end of February, Attorney General Sessions announced that there would be a new, special task force devoted to targeting opioid drug manufacturers and distributors who were fueling the opioid epidemic. Dan Mangan, Attorney General Jeff Sessions Announces New Opioid Task Force to Target Drug Manufacturers, Distributors Who Fuel Prescription Painkiller Epidemic, CNBC (Feb. 27, 2018), https://www.cnbc.com/2018/02/27/attorney-general-jeff-sessions-announces-new-opiod-task-force.html. [8] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Signature HealthCARE to Pay More Than $30 Million to Resolve False Claims Act Allegations Related to Rehabilitation Therapy (June 8, 2018), https://www.justice.gov/opa/pr/signature-healthcare-pay-more-30-million-resolve-false-claims-act-allegations-related. [9] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Dental Management Company Benevis and Its Affiliated Kool Smiles Dental Clinics to Pay $23.9 Million to Settle False Claims Act Allegations Relating to Medically Unnecessary Pediatric Dental Services (Jan. 10, 2018), https://www.justice.gov/opa/pr/dental-management-company-benevis-and-its-affiliated-kool-smiles-dental-clinics-pay-239. [10] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Healogics Agrees to Pay Up to $22.51 Million to Settle False Claims Act Liability for Improper Billing of Hyperbaric Oxygen Therapy (June 20, 2018), https://www.justice.gov/opa/pr/healogics-agrees-pay-2251-million-settle-false-claims-act-liability-improper-billing. [11] Press Release, Alaska Dep’t of Law, The ARC of Anchorage to Pay Nearly $2.3 Million Dollars to Settle Medicaid False Claims Act Allegations (Apr. 24, 2018), http://www.law.state.ak.us/press/releases/2018/042418-MFCU.html. [12]Amount not reflected in the data above because the case went to trial. [13]United States ex rel. Drummond v. BestCare Laboratory Services, LLC., No. CV H-08-2441, 2018 WL 1609578, at *3 (S.D. Tex. Apr. 3, 2018). [14] 136 S. Ct. 1989 (2016). [15] United States ex rel. Ruckh v. Salus Rehabilitation, LLC, 304 F. Supp. 3d 1258 (M.D. Fla. 2018). [16] Id. at 1263. [17] In our 2017 Year-End Update, we discussed Gilead Sciences’ petition for certiorari to the Supreme Court, asking for review of the Ninth Circuit’s decision in United States ex rel. Campie v. Gilead Sciences, Inc. The Court has yet to issue a decision on whether they will grant the petition. See Pet. for a Writ of Cert., Gilead Sciences Inc. v. United States ex rel. Campie (filed Dec. 26, 2017). [18] United States ex rel. Paradies v. AseraCare, Inc., 176 F. Supp. 3d 1282 (N.D. Ala. 2016). [19] United States ex rel. Winter v. Gardens Regional Hospital and Medical Center, No. 14-CV-08850, 2017 WL 8793222 (C.D. Cal. Dec. 29, 2017). [20] United States ex rel. Dooley v. Metic Transplantation Lab, No. 13-CV-07039, 2017 WL 4323142 (C.D. Cal. June 27, 2017). [21] United States v. Paulus, 894 F.3d 267 (6th Cir. 2018). [22] United States v. Paulus, 2017 WL 908409 (E.D. Ky. Mar. 7, 2017), rev’d in part, vacated in part, 894 F.3d 267 (6th Cir. 2018). [23] Paulus, 894 F.3d, at 275. [24] United States ex rel. Polukoff v. St. Mark’s Hospital, No. 17-cv-4014, 2018 WL 3340513 (10th Cir. July 9, 2018). [25] Id. [26] United States ex rel. Polukoff v. St. Mark’s Hospital, No. 2:16-cv-00304, 2017 WL 237615 (D. Utah Jan. 19, 2017), rev’d and remanded sub nom. United States ex rel. Polukoff v. St. Mark’s Hospital, No. 17-cv-4014, 2018 WL 3340513 (10th Cir. July 9, 2018). [27] Id. [28] Polukoff, No. 17-cv-4014, 2018 WL 3340513, at *4. [29] Id. at *8. [30] United States ex rel. Wollman v. The General Hospital Corporation, No. 1:15-cv-11890, 2018 WL 1586027 (D. Mass. Mar. 30, 2018). [31] Id. [32] United States ex rel. Conroy v. Select Med. Corp., 307 F. Supp. 3d 896, 905 (S.D. Ind. 2018). [33] Id. [34] The United States’ Statement of Interest in Support of Relators’ Objection to Magistrate Judge’s April 2, 2018 Order Concerning the Use of Statistical Sampling, 307 F. Supp. 3d 896, (S.D. Ind. 2018). [35] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Health Care CEO and Four Physicians Charged in Superseding Indictment in Connection with $200 Million Health Care Fraud Scheme Involving Unnecessary Prescription of Controlled Substances and Harmful Injections (June 6, 2018), https://www.justice.gov/opa/pr/health-care-ceo-and-four-physicians-charged-superseding-indictment-connection-200-million. [36] See Press Release, Office of Pub. Affairs, US Dep’t of Justice, National Health Care Fraud Takedown Results in Charges Against 601 Individuals Responsible for Over $2 Billion in Fraud Losses (June 28, 2018), https://www.justice.gov/opa/pr/national-health-care-fraud-takedown-results-charges-against-601-individuals-responsible-over. [37] Id. [38] Id. [39] Id. [40] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Attorney General Jeff Sessions Announces the Formation of Operation Synthetic Opioid Surge (S.O.S.) (July 12, 2018), https://www.justice.gov/opa/pr/attorney-general-jeff-sessions-announces-formation-operation-synthetic-opioid-surge-sos. [41] See U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Semiannual Report to Congress, at 4 (Oct. 1, 2017 – Mar. 31, 2018), https://oig.hhs.gov/reports-and-publications/archives/semiannual/2018/sar-spring-2018.pdf [hereinafter “2018 SA Report”]; U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Semiannual Report to Congress, at ix (Oct. 1, 2016 – Mar. 31, 2017), https://oig.hhs.gov/reports-and-publications/archives/semiannual/2017/sar-spring-2017.pdf [hereinafter “2017 SA Report”]. [42] See 2018 SA Report at 4; 2017 SA Report at ix. [43] See 2018 SA Report at 4. [44] See 2017 SA Report at ix. [45] See U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Semiannual Report to Congress (Apr. 1, 2012 – Sept. 30, 2012), https://oig.hhs.gov/reports-and-publications/archives/semiannual/2012/fall/sar-f12-fulltext.pdf ; U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Semiannual Report to Congress (Apr. 1, 2013 – Sept. 30, 2013), https://oig.hhs.gov/reports-and-publications/archives/semiannual/2013/SAR-F13-OS.pdf ; U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Semiannual Report to Congress (Apr. 1, 2014 – Sept. 30, 2014), https://oig.hhs.gov/reports-and-publications/archives/semiannual/2014/sar-fall2014.pdf ; U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Semiannual Report to Congress (Apr. 1, 2015 – Sept. 30, 2015), https://oig.hhs.gov/reports-and-publications/archives/semiannual/2015/sar-fall15.pdf ; U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Semiannual Report to Congress (Apr. 1, 2016 – Sept. 30, 2016), https://oig.hhs.gov/reports-and-publications/archives/semiannual/2016/sar-fall-2016.pdf ; U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Semiannual Report to Congress (Apr. 1, 2017 – Sept. 30, 2017), https://oig.hhs.gov/reports-and-publications/archives/semiannual/2017/sar-fall-2017.pdf. [46] 42 U.S.C. § 1320a‑7(a). [47] 42 U.S.C. § 1320a‑7(b). [48] See U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., LEIE Downloadable Databases, https://oig.hhs.gov/exclusions/exclusions_list.asp (last visited June 28, 2018) [hereinafter “Exclusions Database”]. [49] See Gibson Dunn 2017 Mid‑Year Update. [50] See Exclusions Database. [51] See id. [52] See id. [53] See id. [54] See 2018 SA Report at 6, 36. [55] Data gathered through HHS OIG press releases and publicly available information. See generally U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Civil Monetary Penalties and Affirmative Exclusions, http://oig.hhs.gov/fraud/enforcement/cmp/index.asp (last visited July 24, 2018) [hereinafter “CMP Assessments”]; U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Provider Self-Disclosure Settlements, http://oig.hhs.gov/fraud/enforcement/cmp/psds.asp (last visited July 24, 2018) [hereinafter “Provider Self-Disclosure Settlements”]. [56] See Gibson Dunn 2017 Mid‑Year Update at II.A.3.b (stating that “[i]n the first half of the 2017 calendar year, HHS OIG announced 47 CMPs as a result of settlement agreements and self-disclosures and recovered nearly $23 million”). [57] Provider Self‑Disclosure Settlements, supra note 55. [58] Id. [59] Id. [60] See U.S. Gov’t Accountability Office, GAO-18-322, Dep’t of Health & Human Servs.: Office of Inspector General’s Use of Agreements to Protect the Integrity of Federal Health Care Programs (Apr. 2018), https://www.gao.gov/assets/700/691349.pdf. [61] Id. at 8. [62] Id. at 11-12. [63] See id. at 16-17. [64] Id. at 10. [65] Id. (GAO used partial-year data for 2005 and 2017, so compared the full-year data from 2006 through 2016.) [66] Id. [67] See U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., Corporate Integrity Agreement Documents, https://oig.hhs.gov/compliance/corporate-integrity-agreements/cia-documents.asp#cia_list (last visited July 3, 2018) [hereinafter “CIA Documents”]. [68] See Corporate Integrity Agreement Between the Office of Inspector Gen. of the Dep’t of Health & Human Servs. & Arc of Anchorage 1-16 (Apr. 23, 2018), https://oig.hhs.gov/fraud/cia/agreements/Arc_of_Anchorage_04232018.pdf. [69] See Press Release, U.S. Dep’t of Justice, Banner Health Agrees to Pay Over $18 Million to Settle False Claims Act Allegations (Apr. 12, 2018), https://www.justice.gov/opa/pr/banner-health-agrees-pay-over-18-million-settle-false-claims-act-allegations. [70] Corporate Integrity Agreement Between the Office. of Inspector Gen. of the Dep’t of Health & Human Servs. & Banner Health 1 (Apr. 9, 2018), https://oig.hhs.gov/fraud/cia/agreements/Banner_Health_04092018.pdf. [71] Id. [72] Corporate Integrity Agreement between the Office of Inspector Gen. of the Dep’t of Health & Human Servs. & Integrated Oncology Network Holdings, LLC, et al. 22 (Mar. 19, 2018). See also Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Radiation Therapy Company Agrees to Pay up to $11.5 Million to Settle Allegations of False Claims and Kickbacks (Mar. 29, 2018), https://www.justice.gov/opa/pr/radiation-therapy-company-agrees-pay-115-million-settle-allegations-false-claims-and. [73] See Integrity Agreement Between the Office of Inspector Gen. of the Dep’t of Health & Human Servs., Albemarle Eye Center, PLLC, & Jitendra Swarup, M.D. 1-5, 11-13 (Feb. 5, 2018). [74] See Corporate Integrity Agreement Between the Office of Inspector Gen. of the Dep’t of Health & Human Servs. and 365 Hospice, LLC and John C. Rezk 1-15 (Feb. 8, 2018). [75] See generally Integrity Agreement Between the Office of Inspector Gen. of the Dep’t of Health & Human Servs. & Sureshkumar Muttath, M.D. (May 11, 2018), https://oig.hhs.gov/fraud/cia/agreements/Sureshkumar_Muttath_MD_05112018.pdf. [76] Id. at 2-9. [77] See id. at 15-16. [78] Ctrs. for Medicare & Medicaid Servs., Market Saturation and Utilization Dataset 2018-04-13 (Apr. 13, 2018), https://data.cms.gov/Special-Programs-Initiatives-Program-Integrity/Market-Saturation-And-Utilization-Dataset-2018-04-/x3vv-caiy. [79] Ctrs. for Medicare & Medicaid Servs., Market Saturation and Utilization Data Tool (Apr. 13, 2018), https://www.cms.gov/Newsroom/MediaReleaseDatabase/Fact-sheets/2018-Fact-sheets-items/2018-04-13.html. [80] Id. [81] Medicare, Medicaid, and Children’s Health Insurance Programs: Announcement of the Extension of Temporary Moratoria, 83 Fed. Reg. 4147 (Jan. 29, 2018), https://www.federalregister.gov/documents/2018/01/30/2018-01783/medicare-medicaid-and-childrens-health-insurance-programs-announcement-of-the-extension-of-temporary ; see also The Patient Protection and Affordable Care Act of 2010, Pub. L. No. 111-148, § 6401(a) (Mar. 23, 2010). [82] U.S. Dep’t of Health & Human Servs., Health Information Privacy, Enforcement Highlights as of May 31, 2018 (last updated June 13, 2018), https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/data/enforcement-highlights/index.html. [83] Id. [84] Data gathered through HHS press releases and other publicly available information. See generally U.S. Dep’t of Health & Human Servs., HIPAA News Releases & Bulletins, https://www.hhs.gov/hipaa/newsroom (last visited July 25, 2018). [85] Id.; see also 2016 Year-End Health Care Compliance and Enforcement Update – Providers. [86] Press Release, U.S. Dep’t of Health & Human Servs., Five breaches add up to millions in settlement costs for entity that failed to heed HIPAA’s risk analysis and risk management rules (Feb. 1, 2018), https://www.hhs.gov/about/news/2018/02/01/five-breaches-add-millions-settlement-costs-entity-failed-heed-hipaa-s-risk-analysis-and-risk.html. [87] Id. [88] Id. [89] Id. [90] Press Release, U.S. Dep’t of Health & Human Servs., Consequences for HIPAA violations don’t stop when a business closes (Feb. 13, 2018), https://www.hhs.gov/about/news/2018/02/13/consequences-hipaa-violations-dont-stop-when-business-closes.html. [91] Id. [92] Press Release, U.S. Dep’t of Health & Human Servs., Judge rules in favor of OCR and requires a Texas cancer center to pay $4.3 million in penalties for HIPAA violations (June 18, 2018), https://www.hhs.gov/about/news/2018/06/18/judge-rules-in-favor-of-ocr-and-requires-texas-cancer-center-to-pay-4.3-million-in-penalties-for-hipaa-violations.html. [93] Id. [94] Director of the Office for Civil Rights v. The University of Texas MD Anderson Cancer Center, No. C-17-854 at 9 (June 1, 2018), https://www.hhs.gov/sites/default/files/alj-cr5111.pdf. [95] Id. at 10. [96] Press Release, supra note 92. [97] See 2017 Mid-Year FDA and Health Care Compliance and Enforcement Update – Providers. [98] U.S. Dep’t of Health & Human Servs., Security Rule Guidance Material, https://www.hhs.gov/hipaa/for-professionals/security/guidance/index.html (last visited July 25, 2018). [99] Id. [100] U.S. Dep’t of Health & Human Servs., Office of Civil Rights, Cyber Extortion (Jan. 2018), https://www.hhs.gov/sites/default/files/cybersecurity-newsletter-january-2018.pdf. [101] U.S. Dep’t of Health & Human Servs., Office of Civil Rights, Phishing (Feb. 2018), https://www.hhs.gov/sites/default/files/cybersecurity-newsletter-february-2018.pdf. [102] U.S. Dep’t of Health & Human Servs., Office of Civil Rights, Risk Analyses vs. Gap Analyses – What is the difference? (Apr. 2018), https://www.hhs.gov/sites/default/files/cybersecurity-newsletter-april-2018.pdf. [103] U.S. Dep’t of Health & Human Servs., Office of Civil Rights, Workstation Security: Don’t Forget About Physical Security (May 2018), https://www.hhs.gov/sites/default/files/cybersecurity-newsletter-may-2018-workstation-security.pdf. [104] U.S. Dep’t of Health & Human Servs., Guidance on Software Vulnerabilities and Patching (June 2018), https://www.hhs.gov/sites/default/files/cybersecurity-newsletter-june-2018-software-patches.pdf. [105] U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., OIG Advisory Op. 17-09 at 1 (Dec. 29, 2017), https://oig.hhs.gov/fraud/docs/advisoryopinions/2017/AdvOpn17-09.pdf. [106] Id. at 4‑5. [107] Id. at 11. [108] U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., OIG Advisory Op. 18-03 at 2, 7 (May 24, 2018), https://oig.hhs.gov/fraud/docs/advisoryopinions/2018/AdvOpn18-03.pdf. [109] Id. at 6. [110] U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., OIG Advisory Op. 18-04 at 1 (June 7, 2018), https://oig.hhs.gov/fraud/docs/advisoryopinions/2018/AdvOpn18-04.pdf. [111] Id. at 5. [112] Id. [113] Id. at 5-6. [114] Office of Inspector Gen., Dep’t of Health & Human Servs., Advisory Op. No. 18‑05 at 2 (June 18, 2018), https://oig.hhs.gov/fraud/docs/advisoryopinions/2018/AdvOpn18-05.pdf. [115] Id. at 2-3. [116] Id. at 6-7. [117] Id. at 7-9. [118] United States ex rel. Greenfield v. Medco Health Sols., Inc., 880 F.3d 89 (3d Cir. 2018). [119] Id. at 91. [120] See id. at 93. [121] Id. at 93. [122] Id.; see also Brief for the United States of America as Amicus Curiae in Support of Neither Party 9, United States ex rel. Greenfield v. Medco Health Sols., Inc., No. 17-1152 (3d Cir. Apr. 17, 2017), ECF No. 003112595460. [123] Id. at 15. [124] Id. at 23. [125] 880 F.3d at 100. [126] Id. [127] Id. [128] United States v. United Healthcare Ins. Co., No. 15-CV-7137, 2018 WL 2933674, at *11 (N.D. Ill. June 12, 2018). [129] Id. at *3. [130] See id. at 3. [131] Id. at *10. [132] Id. (quoting United States v. Patel, 778 F.3d 607, 616-17 (7th Cir. 2015)). [133] Remarks of Seema Verma, Administrator, CMS, American Hospital Association: Regulatory Relief Town Hall Webcast (Jan. 18, 2018), available at https://youtu.be/vrtey7QPAYg. [134] Ctrs. For Medicare & Medicaid Servs., Patients Over Paperwork, https://www.cms.gov/Outreach-and-Education/Outreach/Partnerships/PatientsOverPaperwork.html (last accessed July 24, 2018, 11:39 a.m.). [135] Remarks of Seema Verma, supra note 133. [136] Id. [137] Id. [138] See Ctrs. For Medicare & Medicaid Servs., Medicare Program; Request for Information Regarding the Physician Self-Referral Law, 83 Fed. Reg. 29524 (June 25, 2018), https://www.federalregister.gov/documents/2018/06/25/2018-13529/medicare-program-request-for-information-regarding-the-physician-self-referral-law. [139] Id. at 29524. [140] Press Release, Ctrs. For Medicare & Medicaid Servs., CMS seeks public input on reducing the regulatory burdens of the Stark Law (June 20, 2018), https://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2018-Press-releases-items/2018-06-20-2.html. [141] 83 Fed. Reg. at 29524. [142] Id. at 29525–26. [143] Id. at 29526. [144] Id. at 29525–26. [145] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Two California Urologists Agree to Pay More than $1 Million to Settle False Claim Act Allegations Related to Radiation Therapy Referrals (Jan. 23, 2018), https://www.justice.gov/opa/pr/two-california-urologists-agree-pay-more-1-million-settle-false-claims-act-allegations. [146] Id. [147] Press Release, Office of Pub Affairs, U.S. Dep’t of Justice, Pennsylvania Hospital and Cardiology Group Agree to Pay $20.75 Million to Settle Allegations of Kickbacks and Improper Financial Relationships (Mar. 7, 2018), https://www.justice.gov/opa/pr/pennsylvania-hospital-and-cardiology-group-agree-pay-2075-million-settle-allegations. [148] Id. [149] Id. [150] Id. The following Gibson Dunn lawyers assisted in the preparation of this client update:  Steve Payne, Jonathan Phillips, John Partridge, Julie Schenker, Reid Rector, Stevie Pearl, Susanna Schuemann, Naomi Takagi, Michael Dziuban, Jacob Rierson, and Emily Riff. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments.  Please contact the Gibson Dunn lawyer with whom you usually work or any of the following members of the firm’s FDA and Health Care practice group: Washington, D.C. Stephen C. Payne, Chair, FDA and Health Care Practice Group (+1 202-887-3693, spayne@gibsondunn.com) F. Joseph Warin (+1 202-887-3609, fwarin@gibsondunn.com) Marian J. Lee (+1 202-887-3732, mjlee@gibsondunn.com) Daniel P. Chung (+1 202-887-3729, dchung@gibsondunn.com) Jonathan M. Phillips (+1 202-887-3546, jphillips@gibsondunn.com) Los Angeles Debra Wong Yang (+1 213-229-7472, dwongyang@gibsondunn.com) San Francisco Charles J. Stevens (+1 415-393-8391, cstevens@gibsondunn.com) Winston Y. Chan (+1 415-393-8362, wchan@gibsondunn.com) New York Alexander H. Southwell (+1 212-351-3981, asouthwell@gibsondunn.com) Denver Robert C. Blume (+1 303-298-5758, rblume@gibsondunn.com) John D. W. Partridge (+1 303-298-5931, jpartridge@gibsondunn.com) Ryan T. Bergsieker (+1 303-298-5774, rbergsieker@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

July 12, 2018 |
Developments in the Defense of Financial Institutions

To Disclose or Not to Disclose: Analyzing the Consequences of Voluntary Self-Disclosure for Financial Institutions Click for PDF One of the most frequently discussed white collar issues of late has been the benefits of voluntarily self-disclosing to the U.S. Department of Justice (“DOJ”) allegations of misconduct involving a corporation.  This is the beginning of periodic analyses of white collar issues unique to financial institutions, and in this issue we examine whether and to what extent a financial institution can expect a benefit from DOJ for a voluntary self-disclosure (“VSD”), especially with regard to money laundering or Bank Secrecy Act violations.  Although the public discourse regarding VSDs tends to suggest that there are benefits to be gained, a close examination of the issue specifically with respect to financial institutions shows that the benefits that will confer in this area, if any, are neither easy to anticipate nor to quantify.  A full consideration of whether to make a VSD to DOJ should include a host of factors beyond the quantifiable benefit, ranging from the likelihood of independent enforcer discovery; to the severity, duration, and evidentiary support for a potential violation; and to the expectations of prudential regulators and any associated licensing or regulatory consequences, as well as other factors. VSD decisions arise in many contexts, including in matters involving the Foreign Corrupt Practices Act (“FCPA”), sanctions enforcement, and the Bank Secrecy Act (“BSA”).  In certain situations, the benefits of voluntary self-disclosure prior to a criminal enforcement action can be substantial.  Prosecutors have at times responded to a VSD by reducing charges and penalties, offering deferred prosecution and non-prosecution agreements, and entering into more favorable consent decrees and settlements.[1]  However, as Deputy Attorney General Rod Rosenstein stated in recent remarks, enforcement policies meant to encourage corporate disclosures “do[] not provide a guarantee” that disclosures will yield a favorable result in all cases.[2]  The outcome of a prosecution following a VSD is situation-specific, and, as such, the process should not be entered into without careful consideration of the costs and benefits. In the context of Bank Secrecy Act and anti-money laundering regulation (“BSA/AML”), VSDs present an uncertain set of tradeoffs.  The BSA and its implementing  regulations already require most U.S. financial institutions subject to the requirements of the BSA[3] to file suspicious activity reports (“SARs”) with the U.S. government when the institution knows, suspects or has reason to suspect that a transaction by, through or to it involves money laundering, BSA violations or other illegal activity.[4]  Guidance from DOJ encourages voluntary self-disclosure, and at least one recent non-prosecution agreement entered with the Department has listed self-disclosure as a consideration in setting the terms of a settlement agreement.[5]  Over the past three years, however, no BSA/AML criminal resolution has explicitly given an institution credit for voluntarily disclosing potential misconduct.  During this same period, DOJ began messaging an expanded focus on VSDs in the context of FCPA violations, announced the FCPA Pilot Project, and ultimately made permanent in the U.S. Attorney’s Manual the potential benefits of a VSD for FCPA violations. This alert addresses some of the considerations that financial institutions weigh when deciding whether to voluntarily self-disclose potential BSA/AML violations to criminal enforcement authorities.  In discussing these considerations, we review guidance provided by DOJ and the regulatory enforcement agencies, and analyze recent BSA/AML criminal resolutions, as well as FCPA violations involving similar defendants. Guidance from the Department of Justice – Conflicting Signals DOJ guidance documents describe the Department’s general approach to VSDs, but, until recently, they left unanswered many questions dealing specifically with self-disclosure by financial institutions.  The Department’s high-level approach to general voluntary self-disclosure is outlined in the United States Attorney Manual (“USAM”).  Starting from the principle that “[c]ooperation is a mitigating factor” that can allow a corporation to avoid particularly harsh penalties, the USAM instructs prosecutors that they “may consider a corporation’s timely and voluntary disclosure” when deciding whether and how to pursue corporate liability.[6] In the FCPA context, a self-disclosure is deemed to be voluntary—and thus potentially qualifying a company for mitigation credit—if (1) the company discloses the relevant evidence of misconduct prior to an imminent threat of disclosure or government investigation; (2) the company reports the conduct to DOJ and relevant regulatory agencies “within a reasonably prompt time after becoming aware of the offense”; and (3) the company discloses all relevant facts known to it, including all relevant facts about the individual wrongdoers involved.[7] DOJ has not yet offered specific instruction, however, on how prosecutors should treat voluntary self-disclosure in the BSA/AML context and, unlike other areas of enforcement, no formal self-disclosure program currently exists for financial institutions seeking to obtain mitigation credit in the money laundering context.  Indeed, the only guidance document to mention VSDs and financial institutions—issued by DOJ’s National Security Division in 2016[8]—specifically exempted financial institutions from the VSD benefits offered to other corporate actors in the export control and sanctions context, citing the “unique reporting obligations” imposed on financial institutions “under their applicable statutory and regulatory regimes.”[9] Despite this lack of guidance, the recent adoption of DOJ’s FCPA Corporate Enforcement Policy may provide insight on how prosecutors could treat voluntary disclosures by financial institutions moving forward.  Enacted in the fall of 2017, the Corporate Enforcement Policy arose from DOJ’s 2016 FCPA Pilot Program, which was created to provide improved guidance and certainty to companies facing DOJ enforcement actions, while incentivizing self-disclosure, cooperation, and remediation.[10]  One year later, based on the success of the program, many of its aspects were codified in the USAM.[11]  Specifically, the new policy creates a presumption that entities that voluntarily disclose potential misconduct and fully cooperate with any subsequent government investigation will receive a declination, absent aggravating circumstances.[12]  In early 2018, Acting Assistant Attorney General John Cronan announced that the Corporate Enforcement Policy would serve as non-binding guidance for corporate investigations beyond the FCPA context.[13] This expanded consideration of VSDs beyond the FCPA space was on display in March 2018, when, after an investigation by DOJ’s Securities and Financial Fraud Unit, the Department publicly announced that it had opted not to prosecute a financial institution in connection with the bank’s alleged front-running of certain foreign exchange transactions.[14]  DOJ’s Securities and Financial Fraud Unit specifically noted that DOJ’s decision to close its investigation without filing charges resulted, in part, from “timely, voluntary self-disclosure” of the alleged misconduct,[15] a sentiment echoed by Cronan in subsequent remarks at an American Bar Association white collar conference regarding the reasons for the declination.[16]  Cronan further commented that “[w]hen a company discovers misconduct, quickly raises its hand and tells us about it, that says something. . . . It shows the company is taking misconduct seriously . . . and we are rewarding those good decisions.”[17] Other Agency Guidance Guidance issued by other enforcement agencies similarly may offer clues as to how financial institutions can utilize VSDs to more successfully navigate a criminal enforcement action. In the context of export and import control, companies that self-disclose to the U.S. Treasury Department’s Office of Foreign Asset Control (“OFAC”) can benefit in two primary ways.  First, OFAC may be less likely to initiate an enforcement proceeding following a VSD, as OFAC considers a party’s decision to cooperate when determining whether to initiate a civil enforcement proceeding.[18]  Second, if OFAC decides it is appropriate to bring an enforcement action, companies that self-disclose receive a fifty-percent reduction in the base penalty they face, as detailed in the below-base-penalty matrix published in OFAC guidance:[19] As depicted by the chart, in the absence of a VSD, the base penalty for egregious violations[20] is the applicable statutory maximum penalty for the violation.[21]  In non-egregious cases, the base penalty is calculated based on the revenue derived from the violative transaction, capped at $295,141.[22]  When the apparent violation is voluntarily disclosed, however, OFAC has made clear that in non-egregious cases, the penalty will be one-half of the transaction value, capped at $147,571 per violation.[23]  This is applicable except in circumstances where the maximum penalty for the apparent violation is less than $295,141, in which case the base amount of the penalty shall be capped at one-half the statutory maximum penalty applicable to the violation.[24]  In an egregious case, if the apparent violation is self-disclosed, the base amount of the penalty will be one-half of the applicable statutory maximum penalty.[25] Other agencies tasked with overseeing the enforcement of financial regulations also have issued guidance encouraging voluntary disclosures.  Although the Financial Crimes Enforcement Network (“FinCEN”) has not provided guidance on how it credits voluntary disclosures,[26] guidance issued by the Federal Financial Institutions Examination Council (“FFIEC”), consisting of the Office of the Comptroller of the Currency (“OCC”), the Federal Reserve, the Federal Deposit Insurance Corporation (“FDIC”), the Office of Thrift Supervision (“OTS”), and the National Credit Union Administration (“NCUA”), has made clear that, in determining the amount and appropriateness of a penalty to be assessed against a financial institution in connection with various types of violations, the agencies will consider “voluntary disclosure of the violation.”[27] In 2016, the OCC published a revised Policies and Procedures Manual to ensure this and other factors are considered and to “enhance the consistency” of its enforcement decisions.[28]  That guidance includes a matrix with several factors, one of which is “concealment.”[29]  In the event that a financial institution self-discloses, they are not penalized for concealment.  Thus, while not directly reducing potential financial exposure, a VSD ensures that a financial institution is not further penalized for the potential violation. It is also worth noting that, unlike DOJ, these regulators do not appear to draw distinctions regarding the type of offense at issue (i.e., FCPA versus BSA versus sanctions violations).  Moreover, financial institutions contemplating not disclosing potential misconduct need to consider whether the nature of the potential misconduct at issue goes to the financial institution’s safety and soundness, adequacy of capital, or other issues of interest to prudential regulators such as the Federal Reserve, OCC, and FDIC.  To the extent such prudential concerns are implicated, a financial institution may be required to disclose the underlying evidence of misconduct and may face penalties for failing to do so. The Securities and Exchange Commission (“SEC”) also has indicated that it will consider VSDs as a factor in its enforcement actions under the federal securities laws.  In a 2001 report (the “Seaboard Report”), the SEC confirmed that, as part of its evaluation of proper enforcement actions, it would consider whether “the company voluntarily disclose[d] information [its] staff did not directly request and otherwise might not have uncovered.”[30]  The SEC noted that self-policing could result in reduced penalties based on how much the SEC credited self-reporting—from “the extraordinary step of taking no enforcement action to bringing reduced charges, seeking lighter sanctions, or including mitigating language in documents . . . use[d] to announce and resolve enforcement actions.”[31]  In 2010, the SEC formalized its cooperation program, identifying self-policing, self-reporting, and remediation and cooperation as the primary factors it would consider in determining the appropriate disposition of an enforcement action.[32]  In 2015, the former Director of the SEC’s Division of Enforcement, reaffirmed the importance of self-reporting to the SEC’s enforcement decisions, stating that previous cases “should send the message loud and clear that the SEC will reward self-reporting and cooperation with significant benefits.”[33]  As of mid-2016, the SEC had signed over 103 cooperation agreements, six non-prosecution agreements, and deferred nine prosecutions since the inception of the cooperation program.[34] Finally, like its federal counterparts, the New York Department of Financial Services (“NYDFS”) has previously signaled, at least in the context of export and import sanctions, that “[i]t is vital that companies continue to self-report violations,”[35] and warned that “those that do not [self-report] run the risk of even more severe consequences.”[36]  The NYDFS has not directly spoken to money laundering enforcement, but financial institutions considering disclosures to New York state authorities should keep this statement in mind.  Similar to the considerations an institution might face when dealing with federal regulators, to the extent DFS prudential concerns are implicated, a financial institution may be required to disclose the underlying evidence of misconduct and face penalties for failing to do so. Recent BSA/AML and FCPA Resolutions Even against this backdrop, over the last few years, voluntary self-disclosure has not appeared to play a significant role in the resolution of criminal enforcement proceedings arising from alleged BSA/AML violations.  Since 2015, DOJ, in conjunction with other enforcement agencies, has resolved BSA/AML charges against twelve financial institutions.[37]  In eleven of those cases, the final documentation of the resolution—the settlement agreements and press releases accompanying the settlement documents—make no mention of voluntary self-disclosure.  Even in the FCPA context, where DOJ has sought to provide greater certainty and transparency concerning the benefits of voluntary disclosure, there is a scant track record of financial institutions making voluntary disclosures in connection with FCPA resolutions.  Since 2015, DOJ has announced FCPA enforcement actions with six financial institutions.  The Justice Department did not credit any of them with voluntarily self-disclosing the conduct.[38] Although recent resolutions have not granted credit for VSDs, financial entities facing enforcement actions should consider how such a disclosure might affect the nature of a potential investigation and the ultimate disposition of an enforcement action.  It is worth noting that in the one recent BSA/AML resolution with a financial institution in which voluntary self-disclosure was referenced—DOJ’s 2017 resolution with Banamex USA—it was in the course of explaining why the financial institution did not receive disclosure credit.  In other words, there is no example of a criminal enforcement action commending a financial institution for a VSD, or of an agency softening the enforcement measures as a result of a VSD.[39]  The fact that the Banamex USA resolution affirmatively explains why the defendant did not receive VSD credit may imply that this type of credit may be available to financial institution defendants when they do make adequate VSDs. Furthermore, over the same time period, prosecutors have credited financial institutions for other forms of cooperation.  For example, in 2015, the Department of Justice deferred prosecution of CommerceWest Bank officials for a BSA charge arising from their willful failure to file a SAR, in part because of the bank’s “willingness to acknowledge and accept responsibility for its actions” and “extensive cooperation with [DOJ’s] investigation.”[40]  Similarly, a 2015 non-prosecution agreement with Ripple Labs Inc. credited the financial institution with, among other factors, “extensive cooperation with the Government.”[41]  These favorable dispositions signal that the government is willing to grant mitigation credit for cooperation, even when financial institutions are not credited with making VSDs. Other Relevant Considerations Relating to VSDs As discussed above, the government’s position regarding the value of VSDs and their effect on the ultimate resolution of a case vary based on the agency and the legal and regulatory regime(s) involved.  Given the lack of clear guidance from FinCEN about how it credits VSDs and the fact that BSA/AML resolutions tend not to explicitly reference a company’s decision to disclose as a relevant consideration, navigating the decision of whether to self-report to DOJ is itself a fraught one.  Beyond the threshold question of whether or not to self-disclose to DOJ, financial institutions faced with potential BSA/AML liability should be mindful of a number of other considerations, always with an eye on avoiding the specter of a full-blown criminal investigation and trying to minimize institutional liability to the extent possible. Likelihood of Discovery:  A financial institution deciding whether to self-disclose to DOJ must contemplate the possibility that the government will be tipped off by other means, including by the prudential regulators, and will investigate the potential misconduct anyway, without the financial institution gaining the benefits available for bringing a case to the government’s attention and potentially before the financial institution has had the opportunity to develop a remediation plan.  Financial institutions that plan to forego self-disclosure of possible misconduct will have to guard against both whistleblower disclosures and the possibility that other institutions aware of the potential misconduct will file a Suspicious Activity Report implicating the financial institution. Timing of Disclosure:  Even after a financial institution has decided to self-report to DOJ, it will have to think through the implications of when a disclosure is made.  A financial institution could decide to promptly disclose to maximize cooperation credit, but risks reporting without developing the understanding of the underlying facts that an internal investigation would provide.  Additionally, a prompt disclosure to DOJ may be met with a deconfliction request, in which the government asks that the company refrain from interviewing its employees until the government has had a chance to do so.  This may slow down the company’s investigation and impede its ability to take prompt and decisive remedial actions, including those related to personnel decisions.  On the other hand, waiting until after the internal investigation has concluded (or at least reached an advanced stage) presents the risk of the government finding out first in the interim.  The financial institution also will have to decide whether to wait longer to report to the government having already designed and begun to implement a remediation plan or to disclose while the remediation plan is still being developed. Selective or Sequential Disclosures:  Given the number of agencies with jurisdiction over the financial industry and the overlaps between their respective spheres of authority, financial institutions contemplating self-disclosure will often have to decide how much to disclose, whether to both prudential regulators and DOJ, and in what order.  In some cases, a financial institution potentially facing both regulatory and criminal liability may be well-advised to engage civil regulators first in the hope that, if DOJ does get involved, they will stand down and piggy-back on a global resolution with other regulators rather than seeking more serious penalties.  Indeed, DOJ prosecutors are required to consider the adequacy of non-criminal alternatives – such as civil or regulatory enforcement actions – in determining whether to initiate a criminal enforcement action.[42]  For example, the non-prosecution agreement DOJ entered in May 2017 with Banamex recognized that Citigroup, Banamex’s parent, was already in the process of winding down Banamex USA’s banking operations pursuant to a 2015 resolution with the California Department of Business Oversight and FDIC and was operating under ongoing consent orders with the Federal Reserve and OCC relating to BSA/AML compliance; consequently, DOJ sought only forfeiture rather than an additional monetary penalty.[43]  Of course, any decision to selectively disclose must be balanced carefully against the practical reality that banking regulators will, in certain instances, notify DOJ of potential criminal violations whether self-disclosed or identified in the examination process.  Whether that communication will occur often is influenced by factors such as the history of cooperation between the institutions or the relationships of those involved.  Nevertheless, the timing and nature of any referral by a regulator to DOJ might nullify any benefit from a selective or sequential disclosure. Conclusion In this inaugural Developments in the Defense of Financial Institutions Client Alert, we addressed whether and to what extent a financial institution should anticipate receiving a benefit when approaching the pivotal decision of whether to voluntarily self-disclose potential BSA/AML violations to DOJ.  We hope this publication serves as a helpful primer on this issue, and look forward to addressing other topics that raise unique issues for financial institutions in this rapidly-evolving area in future editions.    [1]   U.S. Dep’t of Justice, Guidance Regarding Voluntary Self-Disclosures, Cooperation, and Remediation in Export Control and Sanctions Investigations Involving Business Organizations (Oct. 2, 2016), https://www.justice.gov/nsd/file/902491/download.    [2]   Rod Rosenstein, Deputy Att’y Gen., Deputy Attorney General Rosenstein Delivers Remarks at the 34th International Conference on the Foreign Corrupt Practices Act (Nov. 29, 2017), https://www.justice.gov/opa/speech/deputy-attorney-general-rosenstein-delivers-remarks-34th-international-conference-foreign.    [3]   Throughout this alert, we use the term “financial institution” as it is defined in the Bank Secrecy Act.  “Financial institution” refers to banks, credit unions, registered stock brokers or dealers, currency exchanges, insurance companies, casinos, and other financial and banking-related entities.  See 31 U.S.C. § 5312(a)(2) (2012).  These institutions should be particularly attuned to the role that voluntary disclosures can play in the disposition of a criminal enforcement action.    [4]   See, e.g., 31 CFR § 1020.320 (FinCEN SAR requirements for banks); 12 C.F.R. § 21.11 (SAR requirements  for national banks).    [5]   See Non-Prosecution Agreement with Banamex USA, U.S. Dep’t of Justice (May 18, 2017), https://www.justice.gov/opa/press-release/file/967871/download (noting that “the Company did not receive voluntary self-disclosure credit because neither it nor Citigroup voluntarily and timely disclosed to the Office the conduct described in the Statement of Facts”).    [6]   U.S. Dep’t of Justice, U.S. Attorneys’ Manual § 9-28.700 (2017).    [7]   For a definition of self-disclosure in the sanctions space, see U.S. Dep’t of Justice, Guidance Regarding Voluntary Self-Disclosures, Cooperation, and Remediation in Export Control and Sanctions Investigations Involving Business Organizations (Oct. 2, 2016), https://www.justice.gov/nsd/file/902491/download.  For a definition in the FCPA context, see U.S. Dep’t of Justice, U.S. Attorneys’ Manual § 9-47.120 (2017).    [8]   U.S. Dep’t of Justice, Guidance Regarding Voluntary Self-Disclosures, Cooperation, and Remediation in Export Control and Sanctions Investigations Involving Business Organizations, at 4 n.7 (Oct. 2, 2016), https://www.justice.gov/nsd/file/902491/download.  Gibson Dunn’s 2016 Year-End Sanctions Update contains a more in-depth discussion of this DOJ guidance.    [9]   Id. at 2 n.3 [10]   Press Release, U.S. Dep’t of Justice, Criminal Division Launches New FCPA Pilot Program (Apr. 5, 2016), https://www.justice.gov/archives/opa/blog/criminal-division-launches-new-fcpa-pilot-program.  For a more in-depth discussion of the original Pilot Program, see Gibson Dunn’s 2016 Mid-Year FCPA Update, and for a detailed description of the FCPA Corporate Enforcement Policy, see our 2017 Year-End FCPA Update.  For discussion regarding specific declinations under the Pilot Program, in which self-disclosure played a significant role, see our 2016 Year-End FCPA Update and 2017 Mid-Year FCPA Update. [11]   Rod Rosenstein, Deputy Att’y Gen., Deputy Attorney General Rosenstein Delivers Remarks at the 34th International Conference on the Foreign Corrupt Practices Act (Nov. 29, 2017), https://www.justice.gov/opa/speech/deputy-attorney-general-rosenstein-delivers-remarks-34th-international-conference-foreign (announcing that the FCPA Corporate Enforcement Policy would be incorporated into the USAM); U.S. Dep’t of Justice, U.S. Attorneys’ Manual § 9-47.120 (2017). [12]   Id. [13]   Jody Godoy, DOJ Expands Leniency Beyond FCPA, Lets Barclays Off, Law360 (Mar. 1, 2018), https://www.law360.com/articles/1017798/doj-expands-leniency-beyond-fcpa-lets-barclays-off. [14]   U.S. Dep’t of Justice, Letter to Alexander Willscher and Joel Green Regarding Investigation of Barclays PLC (Feb. 28, 2018), https://www.justice.gov/criminal-fraud/file/1039791/download. [15]   Id. [16]   Tom Schoenberg, Barclays Won’t Face Criminal Case for Hewlett-Packard Trades, Bloomberg (Mar. 1, 2018), https://www.bloomberg.com/news/articles/2018-03-01/barclays-won-t-face-criminal-case-over-hewlett-packard-trades. [17]   Id. [18]   31 C.F.R. Pt. 501, app. A, § III.G.1 (2018). [19]   Id. § V.B.1.a.iv (2018). [20]   OFAC has established a two-track approach to penalty assessment, based on whether violations are “egregious” or “non-egregious.”  Egregious violations are identified based on analysis of several factors set forth in OFAC guidelines, including, among others: whether a violation was willful; whether the entity had actual knowledge of the violation, or should have had reason to know of it; harm caused to sanctions program objectives; and the individual characteristics of the entity involved. [21]   31 C.F.R. Pt. 501, app. A, § V.B.2.a.iv (2018). [22]   Id. § V.B.2.a.ii (2018). [23]   Id. § V.B.2.a.i (2018). [24]   Id. [25]   Id. § V.B.2.a.iii (2018). [26]   Robert B. Serino, FinCEN’s Lack of Policies and Procedures for Assessing Civil Money Penalties in Need of Reform, Am. Bar Ass’n (July 2016), https://www.americanbar.org/publications/blt/2016/07/07_serino.html.  It is worth noting, however, that there are certain circumstances in which FinCEN imposes a continuing duty to disclose, such as when there has been a failure to timely file a SAR (31 C.F.R. § 1020.320(b)(3)); failure to timely file a Currency Transaction Report (31 C.F.R. § 1010.306); and failure to timely register as a money-services business (31 C.F.R. § 1022.380(b)(3)).  In circumstances in which a financial institution identifies that it has not complied with these regulatory requirements and files belatedly, the decision whether to self-disclose to DOJ is impacted by the fact that the late filing will often be evident to FinCEN. [27]   Federal Financial Institutions Examination Council: Assessment of Civil Money Penalties, 63 FR 30226-02, 1998 WL 280287 (June 3, 1998). [28]   Office of the Comptroller of the Currency, Policies and Procedures Manual, PPM 5000-7 (Rev.) (Feb. 26, 2016), https://www.occ.gov/news-issuances/bulletins/2016/bulletin-2016-5a.pdf. [29]   Id. at 15-17. [30]   U.S. Secs. & Exch. Comm’n, Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934 and Commission Statement on the Relationship of Cooperation to Agency Enforcement Decisions, Release No. 44969 (Oct. 23, 2001), https://www.sec.gov/litigation/investreport/34-44969.htm. [31]   Id. [32]   U.S. Secs. & Exch. Comm’n, Enforcement Cooperation Program, https://www.sec.gov/spotlight/enforcement-cooperation-initiative.shtml (last modified Sept. 20, 2016). [33]   Andrew Ceresney, Director, SEC Division of Enforcement, ACI’s 32nd FCPA Conference Keynote Address (Nov. 17, 2015), https://www.sec.gov/news/speech/ceresney-fcpa-keynote-11-17-15.html. [34]   Juniad A. Zubairi & Brooke E. Conner, Is SEC Cooperation Credit Worthwhile?, Law360 (Aug. 30, 2016), https://www.law360.com/articles/833392. [35]   Press Release, N.Y. Dep’t Fin. Servs., Governor Cuomo Announced Bank of Tokyo-Mitsubishi UFJ to Pay $250 Million to State for Violations of New York Banking Law Involving Transactions with Iran and Other Regimes (June 20, 2013), https://www.dfs.ny.gov/about/press/pr1306201.htm. [36]   Id. [37]   Press Release, U.S. Dep’t of Justice, U.S. Gold Refinery Pleads Guilty to Charge of Failure to Maintain Adequate Anti-Money Laundering Program (Mar. 16, 2018), https://www.justice.gov/usao-sdfl/pr/us-gold-refinery-pleads-guilty-charge-failure-maintain-adequate-anti-money-laundering; Deferred Prosecution Agreement with U.S. Bancorp, U.S. Dep’t of Justice (Feb. 12, 2018), https://www.justice.gov/usao-sdny/press-release/file/1035081/download; Plea Agreement with Rabobank, National Association, U.S. Dep’t of Justice (Feb. 7, 2018), https://www.justice.gov/opa/press-release/file/1032101/download; Non-Prosecution Agreement with Banamex USA, U.S. Dep’t of Justice (May 18, 2017), https://www.justice.gov/opa/press-release/file/967871/download; Press Release, U.S. Dep’t of Justice, Western Union Admits Anti-Money Laundering and Consumer Fraud Violations, Forfeits $586 Million in Settlement with Justice Department and Federal Trade Commission (Jan. 19, 2017), https://www.justice.gov/opa/pr/western-union-admits-anti-money-laundering-and-consumer-fraud-violations-forfeits-586-million; Non-Prosecution Agreement Between CG Technology, LP and the United States Attorneys’ Offices for the Eastern District of New York and the District of Nevada, U.S. Dep’t of Justice (Oct. 3, 2016), https://www.gibsondunn.com/wp-content/uploads/documents/publications/CG-Technology-dba-Cantor-Gaming-NPA.PDF; Press Release, U.S. Dep’t of Justice, Normandie Casino Operator Agrees to Plead Guilty to Federal Felony Charges of Violating Anti-Money Laundering Statutes (Jan. 22, 2016), https://www.justice.gov/usao-cdca/pr/normandie-casino-operator-agrees-plead-guilty-federal-felony-charges-violating-anti; Press Release, U.S. Dep’t of Justice, Hong Kong Entertainment (Overseas) Investments, Ltd, D/B/A Tinian Dynasty Hotel & Casino Enters into Agreement with the United States to Resolve Bank Secrecy Act Liability (July 23, 2015), https://www.justice.gov/usao-gu/pr/hong-kong-entertainment-overseas-investments-ltd-dba-tinian-dynasty-hotel-casino-enters; Deferred Prosecution Agreement with Bank of Mingo, U.S. Dep’t of Justice (May 20, 2015), https://www.gibsondunn.com/wp-content/uploads/documents/publications/Bank-of-Mingo-NPA.pdf; Settlement Agreement with Ripple Labs Inc., U.S. Dep’t of Justice (May 5, 2015), https://www.justice.gov/file/421626/download; Deferred Prosecution Agreement with Commerzbank AG, U.S. Dep’t of Justice (Mar. 12, 2015), https://www.justice.gov/sites/default/files/opa/press-releases/attachments/2015/03/12/commerzbank_deferred_prosecution_agreement_1.pdf; Deferred Prosecution Agreement with CommerceWest Bank, U.S. Dep’t of Justice (Mar. 10, 2015) https://www.justice.gov/file/348996/download. [38]   Deferred Prosecution Agreement with Société Générale S.A., U.S. Dep’t of Justice (June 5, 2018), https://www.justice.gov/opa/press-release/file/1068521/download; Non-Prosecution Agreement with Legg Mason, Inc., U.S. Dep’t of Justice (June 4, 2018), https://www.justice.gov/opa/press-release/file/1068036/download; Non-Prosecution Agreement with Credit Suisse (Hong Kong) Limited, U.S. Dep’t of Justice (May 24, 2018), https://www.justice.gov/opa/press-release/file/1077881/download; Deferred Prosecution Agreement with Och-Ziff Capital Management Group, LLC, U.S. Dep’t of Justice (Sept. 29, 2016), https://www.justice.gov/opa/file/899306/download; Non-Prosecution Agreement with JPMorgan Securities (Asia Pacific) Ltd, U.S. Dep’t of Justice (Nov. 17, 2016), https://www.justice.gov/opa/press-release/file/911206/download; Non-Prosecution Agreement with Las Vegas Sands Corp., U.S. Dep’t of Justice (Jan. 17, 2017), https://www.justice.gov/opa/press-release/file/929836/download. [39]   See Non-Prosecution Agreement with Banamex USA, U.S. Dep’t of Justice, at 2 (May 18, 2017), https://www.justice.gov/opa/press-release/file/967871/download (explaining that Banamex “did not receive voluntary disclosure credit because neither it nor [its parent company] Citigroup voluntarily and timely disclosed to [DOJ’s Money Laundering and Asset Recover Section] the conduct described in the Statement of Facts”) (emphasis added). [40]   Deferred Prosecution Agreement Between United States and CommerceWest Bank, U.S. Dep’t of Justice, at 2-3 (Mar. 9, 2015), https://www.justice.gov/file/348996/download. [41]   Settlement Agreement Between United States and Ripple Labs Inc., U.S. Dep’t of Justice (May 5, 2015), https://www.justice.gov/file/421626/download; see also Press Release, U.S. Dep’t of Justice, Ripple Labs Inc. Resolves Criminal Investigation (May 5, 2015), https://www.justice.gov/opa/pr/ripple-labs-inc-resolves-criminal-investigation. [42]   See U.S. Attorney’s Manual 9-28.1200 (recommending the analysis of civil or regulatory alternatives). [43]   Non-Prosecution Agreement Between U.S. Dep’t of Justice, Money Laundering and Asset Recovery Section and Banamex USA at 2 (May 18, 2017), https://www.justice.gov/opa/press-release/file/967871/download. The following Gibson Dunn attorneys assisted in preparing this client update:  F. Joseph Warin, M. Kendall Day, Stephanie L. Brooker, Adam M. Smith, Linda Noonan, Elissa N. Baur, Stephanie L. Connor, Alexander R. Moss, and Jaclyn M. Neely. Gibson Dunn has deep experience with issues relating to the defense of financial institutions, and we have recently increased our financial institutions defense and anti-money laundering capabilities with the addition to our partnership of M. Kendall Day.  Kendall joined Gibson Dunn in May 2018, having spent 15 years as a white collar prosecutor, most recently as an Acting Deputy Assistant Attorney General, the highest level of career official in the U.S. Department of Justice’s Criminal Division.  For his last three years at DOJ, Kendall exercised nationwide supervisory authority over every Bank Secrecy Act and money-laundering charge, deferred prosecution agreement and non-prosecution agreement involving every type of financial institution. Kendall joined Stephanie Brooker, a former Director of the Enforcement Division at the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) and a former federal prosecutor and Chief of the Asset Forfeiture and Money Laundering Section for the U.S. Attorney’s Office for the District of Columbia, who serves as Co-Chair of the Financial Institutions Practice Group and a member of White Collar Defense and Investigations Practice Group.  Kendall and Stephanie practice with a Gibson Dunn network of more than 50 former federal prosecutors in domestic and international offices around the globe. For assistance navigating white collar or regulatory enforcement issues involving financial institutions, please contact any Gibson Dunn attorney with whom you usually work, or any of the following leaders and members of the firm’s White Collar Defense and Investigations or Financial Institutions practice groups: Washington, D.C. F. Joseph Warin – (+1 202-887-3609, fwarin@gibsondunn.com) Richard W. Grime (+1 202-955-8219, rgrime@gibsondunn.com) Patrick F. Stokes (+1 202-955-8504, pstokes@gibsondunn.com) Judith A. Lee (+1 202-887-3591, jalee@gibsondunn.com) Stephanie Brooker (+1 202-887-3502, sbrooker@gibsondunn.com) David P. Burns (+1 202-887-3786, dburns@gibsondunn.com) John W.F. Chesley (+1 202-887-3788, jchesley@gibsondunn.com) Daniel P. Chung (+1 202-887-3729, dchung@gibsondunn.com) M. Kendall Day (+1 202-955-8220, kday@gibsondunn.com) David Debold (+1 202-955-8551, ddebold@gibsondunn.com) Stuart F. Delery (+1 202-887-3650, sdelery@gibsondunn.com) Michael S. Diamant (+1 202-887-3604, mdiamant@gibsondunn.com) Adam M. Smith (+1 202-887-3547, asmith@gibsondunn.com) Linda Noonan (+1 202-887-3595, lnoonan@gibsondunn.com) Oleh Vretsona (+1 202-887-3779, ovretsona@gibsondunn.com) Christopher W.H. Sullivan (+1 202-887-3625, csullivan@gibsondunn.com) Courtney M. Brown (+1 202-955-8685, cmbrown@gibsondunn.com) Jason H. Smith (+1 202-887-3576, jsmith@gibsondunn.com) Ella Alves Capone (+1 202-887-3511, ecapone@gibsondunn.com) Pedro G. Soto (+1 202-955-8661, psoto@gibsondunn.com) New York Reed Brodsky (+1 212-351-5334, rbrodsky@gibsondunn.com) Joel M. Cohen (+1 212-351-2664, jcohen@gibsondunn.com) Lee G. Dunst (+1 212-351-3824, ldunst@gibsondunn.com) Mark A. Kirsch (+1 212-351-2662, mkirsch@gibsondunn.com) Arthur S. Long (+1 212-351-2426, along@gibsondunn.com) Alexander H. Southwell (+1 212-351-3981, asouthwell@gibsondunn.com) Lawrence J. Zweifach (+1 212-351-2625, lzweifach@gibsondunn.com) Daniel P. Harris (+1 212-351-2632, dpharris@gibsondunn.com) Denver Robert C. Blume (+1 303-298-5758, rblume@gibsondunn.com) John D.W. Partridge (+1 303-298-5931, jpartridge@gibsondunn.com) Ryan T. Bergsieker (+1 303-298-5774, rbergsieker@gibsondunn.com) Laura M. Sturges (+1 303-298-5929, lsturges@gibsondunn.com) Los Angeles Debra Wong Yang (+1 213-229-7472, dwongyang@gibsondunn.com) Marcellus McRae (+1 213-229-7675, mmcrae@gibsondunn.com) Michael M. Farhang (+1 213-229-7005, mfarhang@gibsondunn.com) Douglas Fuchs (+1 213-229-7605, dfuchs@gibsondunn.com) San Francisco Winston Y. Chan (+1 415-393-8362, wchan@gibsondunn.com) Thad A. Davis (+1 415-393-8251, tadavis@gibsondunn.com) Marc J. Fagel (+1 415-393-8332, mfagel@gibsondunn.com) Charles J. Stevens – Co-Chair (+1 415-393-8391, cstevens@gibsondunn.com) Michael Li-Ming Wong (+1 415-393-8333, mwong@gibsondunn.com) Palo Alto Benjamin Wagner (+1 650-849-5395, bwagner@gibsondunn.com) London Patrick Doris (+44 20 7071 4276, pdoris@gibsondunn.com) Charlie Falconer (+44 20 7071 4270, cfalconer@gibsondunn.com) Sacha Harber-Kelly (+44 20 7071 4205, sharber-kelly@gibsondunn.com) Philip Rocher (+44 20 7071 4202, procher@gibsondunn.com) Steve Melrose (+44 (0)20 7071 4219, smelrose@gibsondunn.com) Paris Benoît Fleury (+33 1 56 43 13 00, bfleury@gibsondunn.com) Bernard Grinspan (+33 1 56 43 13 00, bgrinspan@gibsondunn.com) Jean-Philippe Robé (+33 1 56 43 13 00, jrobe@gibsondunn.com) Audrey Obadia-Zerbib (+33 1 56 43 13 00, aobadia-zerbib@gibsondunn.com) Munich Benno Schwarz (+49 89 189 33-110, bschwarz@gibsondunn.com) Michael Walther (+49 89 189 33-180, mwalther@gibsondunn.com) Mark Zimmer (+49 89 189 33-130, mzimmer@gibsondunn.com) Hong Kong Kelly Austin (+852 2214 3788, kaustin@gibsondunn.com) Oliver D. Welch (+852 2214 3716, owelch@gibsondunn.com) São Paulo Lisa A. Alfaro (+55 (11) 3521-7160, lalfaro@gibsondunn.com) Fernando Almeida (+55 (11) 3521-7095, falmeida@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

July 12, 2018 |
California Consumer Privacy Act of 2018

Click for PDF On June 28, 2018, Governor Jerry Brown signed the California Consumer Privacy Act of 2018 (“CCPA”), which has been described as a landmark privacy bill that aims to give California consumers increased transparency and control over how companies use and share their personal information.  The law will be enacted as several new sections of the California Civil Code (sections 1798.100 to 1798.198).  While lawmakers and others are already discussing amending the law prior to its January 1, 2020 effective date, as passed the law would require businesses collecting information about California consumers to: disclose what personal information is collected about a consumer and the purposes for which that personal information is used; delete a consumer’s personal information if requested to do so, unless it is necessary for the business to maintain that information for certain purposes; disclose what personal information is sold or shared for a business purpose, and to whom; stop selling a consumer’s information if requested to do so (the “right to opt out”), unless the consumer is under 16 years of age, in which case the business is required to obtain affirmative authorization to sell the consumer’s data (the “right to opt in”); and not discriminate against a consumer for exercising any of the aforementioned rights, including by denying goods or services, charging different prices, or providing a different level or quality of goods or services, subject to certain exceptions. The CCPA also empowers the California Attorney General to adopt regulations to further the statute’s purposes, and to solicit “broad public participation” before the law goes into effect.[1]  In addition, the law permits businesses to seek the opinion of the Attorney General for guidance on how to comply with its provisions. The CCPA does not appear to create any private rights of action, with one notable exception:  the CCPA expands California’s data security laws by providing, in certain cases, a private right of action to consumers “whose nonencrypted or nonredacted personal information” is subject to a breach “as a result of the business’ violation of the duty to implement and maintain reasonable security procedures,” which permits consumers to seek statutory damages of $100 to $750 per incident.[2]  The other rights embodied in the CCPA may be enforced only by the Attorney General—who may seek civil penalties up to $7,500 per violation. In the eighteen months ahead, businesses that collect personal information about California consumers will need to carefully assess their data privacy and disclosure practices and procedures to ensure they are in compliance when the law goes into effect on January 1, 2020.  Businesses may also want to consider whether to submit information to the Attorney General regarding the development of implementing regulations prior to the effective date. I.     Background and Context The CCPA was passed quickly in order to block a similar privacy initiative from appearing on election ballots in November.  The ballot initiative had obtained enough signatures to be presented to voters, but its backers agreed to abandon it if lawmakers passed a comparable bill.  The ballot initiative, if enacted, could not easily be amended by the legislature,[3] so legislators quickly drafted and unanimously passed AB 375 before the June 28 deadline to withdraw items from the ballot.  While not as strict as the EU’s new General Data Protection Regulation (GDPR), the CCPA is more stringent than most existing privacy laws in the United States. II.     Who Must Comply With The CCPA? The CCPA applies to any “business,” including any for-profit entity that collects consumers’ personal information, which does business in California, and which satisfies one or more of the following thresholds: has annual gross revenues in excess of twenty-five million dollars ($25,000,000); possesses the personal information of 50,000 or more consumers, households, or devices; or earns more than half of its annual revenue from selling consumers’ personal information.[4] The CCPA also applies to any entity that controls or is controlled by such a business and shares common branding with the business.[5] The definition of “Personal Information” under the CCPA is extremely broad and includes things not considered “Personal Information” under other U.S. privacy laws, like location data, purchasing or consuming histories, browsing history, and inferences drawn from any of the consumer information.[6]  As a result of the breadth of these definitions, the CCPA likely will apply to hundreds of thousands of companies, both inside and outside of California. III.     CCPA’s Key Rights And Provisions The stated goal of the CCPA is to ensure the following rights of Californians: (1) to know what personal information is being collected about them; (2) to know whether their personal information is sold or disclosed and to whom; (3) to say no to the sale of personal information; (4) to access their personal information; and (5) to equal service and price, even if they exercise their privacy rights.[7]  The CCPA purports to enforce these rights by imposing several obligations on covered businesses, as discussed in more detail below.            A.     Transparency In The Collection Of Personal Information The CCPA requires disclosure of information about how a business collects and uses personal information, and also gives consumers the right to request certain additional information about what data is collected about them.[8]  Specifically, a consumer has the right to request that a business disclose: the categories of personal information it has collected about that consumer; the categories of sources from which the personal information is collected; the business or commercial purpose for collecting or selling personal information; the categories of third parties with whom the business shares personal information; and the specific pieces of personal information it has collected about that consumer.[9] While categories (1)-(4) are fairly general, category (5) requires very detailed information about a consumer, and businesses will need to develop a mechanism for providing this type of information. Under the CCPA, businesses also must affirmatively disclose certain information “at or before the point of collection,” and cannot collect additional categories of personal information or use personal information collected for additional purposes without providing the consumer with notice.[10]  Specifically, businesses must disclose in their online privacy policies and in any California-specific description of a consumer’s rights a list of the categories of personal information they have collected about consumers in the preceding 12 months by reference to the enumerated categories (1)-(5), above.[11] Businesses must provide consumers with at least two methods for submitting requests for information, including, at a minimum, a toll-free telephone number, and if the business maintains an Internet Web site, a Web site address.[12]            B.     Deletion Of Personal Information The CCPA also gives consumers a right to request that businesses delete personal information about them.  Upon receipt of a “verifiable request” from a consumer, a business must delete the consumer’s personal information and direct any service providers to do the same.  There are exceptions to this deletion rule when “it is necessary for the business or service provider to maintain the consumer’s personal information” for one of nine enumerated reasons: Complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity. Debug to identify and repair errors that impair existing intended functionality. Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law. Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent. To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business. Comply with a legal obligation. Otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.[13] Because these exceptions are so broad, especially given the catch-all provision in category (9), it is unclear whether the CCPA’s right to deletion will substantially alter a business’s obligations as a practical matter.            C.     Disclosure Of Personal Information Sold Or Shared For A Business Purpose The CCPA also requires businesses to disclose what personal information is sold or disclosed for a business purpose, and to whom.[14]  The disclosure of certain information is only required upon receipt of a “verifiable consumer request.”[15]  Specifically, a consumer has the right to request that a business disclose: The categories of personal information that the business collected about the consumer; The categories of personal information that the business sold about the consumer and the categories of third parties to whom the personal information was sold, by category or categories of personal information for each third party to whom the personal information was sold; and The categories of personal information that the business disclosed about the consumer for a business purpose.[16] A business must also affirmatively disclose (including in its online privacy policy and in any California-specific description of consumer’s rights): The category or categories of consumers’ personal information it has sold, or if the business has not sold consumers’ personal information, it shall disclose that fact; and The category or categories of consumers’ personal information it has disclosed for a business purpose, or if the business has not disclosed the consumers’ personal information for a business purpose, it shall disclose that fact.[17] This information must be disclosed in two separate lists, each listing the categories of personal information it has sold about consumers in the preceding 12 months that fall into categories (1) and (2), above.[18]            D.     Right To Opt-Out Of Sale Of Personal Information The CCPA also requires businesses to stop selling a consumer’s personal information if requested to do so by the consumer (“opt-out”).  In addition, consumers under the age of 16 must affirmatively opt-in to allow selling of personal information, and parental consent is required for consumers under the age of 13.[19]  Businesses must provide notice to consumers that their information may be sold and that consumers have the right to opt out of the sale.  In order to comply with the notice requirement, businesses must include a link titled “Do Not Sell My Personal Information” on their homepage and in their privacy policy.[20]            E.     Prohibition Against Discrimination For Exercising Rights The CCPA prohibits a business from discriminating against a consumer for exercising any of their rights in the CCPA, including by denying goods or services, charging different prices, or providing a different level or quality of goods or services.  There are exceptions, however, if the difference in price or level or quality of goods or services “is reasonably related to the value provided to the consumer by the consumer’s data.”  For example, while the language of the statute is not entirely clear, a business may be allowed to charge those users who do not allow the sale of their data while providing the service for free to users who do allow the sale of their data—as long as the amount charged is reasonably related to the value to the business of that consumer’s data.  A business may also offer financial incentives for the collection of personal information, as long as the incentives are not “unjust, unreasonable, coercive, or usurious” and the business notifies the consumer of the incentives and the consumer gives prior opt-in consent.            F.     Data Breach Provisions The CCPA provides a private right of action to consumers “whose nonencrypted or nonredacted personal information” is subject to a breach “as a result of the business’ violation of the duty to implement and maintain reasonable security procedures.”[21]  Under the CCPA, a consumer may seek statutory damages of $100 to $750 per incident or actual damages, whichever is greater.[22]  Notably, the meaning of “personal information” under this provision is the same as it is in California’s existing data breach law, rather than the broad definition used in the remainder of the CCPA.[23]  Consumers bringing a private action under this section must first provide written notice to the business of the alleged violations (and allow the business an opportunity to cure the violations), and must notify the Attorney General and give the Attorney General an opportunity to prosecute.[24]  Notice is not required for an “action solely for actual pecuniary damages suffered as a result of the alleged violations.”[25] IV.     Potential Liability Section 1798.150, regarding liability for data breaches, is the only provision in the CCPA expressly allowing a private right of action.  The damages available for such a civil suit are limited to the greater of (1) between $100 and $750 per consumer per incident, or (2) actual damages.  Individual consumers’ claims also can potentially be aggregated in a class action. The other rights embodied in the CCPA may be enforced only by the Attorney General—who may seek civil penalties not to exceed $2,500 for each violation, unless the violation was intentional, in which case the Attorney General can seek up to $7,500 per violation.[26] [1]   To be codified at Cal. Civ. Code § 1798.185(a) [2]      Cal. Civ. Code § 1798.150. [3]      By its own terms, the ballot initiative could be amended upon a statute passed by 70% of each house of the Legislature if the amendment furthered the purposes of the act, or by a majority for certain provisions to impose additional privacy restrictions.  See The Consumer Right to Privacy Act of 2018 No. 17-0039, Section 5. Otherwise, approved ballot initiatives in California can only be amended with voter approval. California Constitution, Article II, Section 10. [4]   Cal. Civ. Code § 1798.140(c)(1). [5]   Cal. Civ. Code § 1798.140(c)(2). [6]   Cal. Civ. Code § 1798.140(o). The definition of “personal information” does not include publicly available information, and the CCPA also does not generally restrict a business’s ability to collect or use deidentified aggregate consumer information. Cal. Civ. Code § 1798.145(a)(5). [7]   Assemb. Bill 375, 2017-2018 Reg. Sess., Ch. 55, Sec. 2 (Cal. 2018) [8]   Cal. Civ. Code § 1798.100 and 1798.110. [9]   Cal. Civ. Code § 1798.110(a). [10]     Cal. Civ. Code §§ 1798.100(b); 1798.110(c). [11]     Cal. Civ. Code §§ 1798.110(c); 1798.130(a)(5)(B). [12]   Cal. Civ. Code § 1798.130(a)(1). [13]   Cal. Civ. Code § 1798.105(d). [14]   Cal. Civ. Code § 1798.115. [15]   Cal. Civ. Code § 1798.115(a)-(b). [16]   Cal. Civ. Code § 1798.115(a). [17]   Cal. Civ. Code § 1798.115(c). [18]   Cal. Civ. Code § 1798.130(a)(5)(C). [19]   Cal. Civ. Code § 1798.120(d). [20]   Cal. Civ. Code § 1798.135. [21]   Cal. Civ. Code § 1798.150. [22]   Cal. Civ. Code § 1798.150. [23]   Cal. Civ. Code § 1798.81.5(d)(1)(A) [24]   Cal. Civ. Code § 1798.150(b). [25]   Cal. Civ. Code § 1798.150 (b)(1). [26]   Cal. Civ. Code § 1798.155. The following Gibson Dunn lawyers assisted in the preparation of this client alert: Joshua A. Jessen, Benjamin B. Wagner, Christina Chandler Kogan, Abbey A. Barrera, and Alison Watkins. Gibson Dunn’s lawyers are available to assist with any questions you may have regarding these issues.  For further information, please contact the Gibson Dunn lawyer with whom you usually work or the following leaders and members of the firm’s Privacy, Cybersecurity and Consumer Protection practice group: United States Alexander H. Southwell – Co-Chair, New York (+1 212-351-3981, asouthwell@gibsondunn.com) M. Sean Royall – Dallas (+1 214-698-3256, sroyall@gibsondunn.com) Debra Wong Yang – Los Angeles (+1 213-229-7472, dwongyang@gibsondunn.com) Christopher Chorba – Los Angeles (+1 213-229-7396, cchorba@gibsondunn.com) Richard H. Cunningham – Denver (+1 303-298-5752, rhcunningham@gibsondunn.com) Howard S. Hogan – Washington, D.C. (+1 202-887-3640, hhogan@gibsondunn.com) Joshua A. Jessen – Orange County/Palo Alto (+1 949-451-4114/+1 650-849-5375, jjessen@gibsondunn.com) Kristin A. Linsley – San Francisco (+1 415-393-8395, klinsley@gibsondunn.com) H. Mark Lyon – Palo Alto (+1 650-849-5307, mlyon@gibsondunn.com) Shaalu Mehra – Palo Alto (+1 650-849-5282, smehra@gibsondunn.com) Karl G. Nelson – Dallas (+1 214-698-3203, knelson@gibsondunn.com) Eric D. Vandevelde – Los Angeles (+1 213-229-7186, evandevelde@gibsondunn.com) Benjamin B. Wagner – Palo Alto (+1 650-849-5395, bwagner@gibsondunn.com) Michael Li-Ming Wong – San Francisco/Palo Alto (+1 415-393-8333/+1 650-849-5393, mwong@gibsondunn.com) Ryan T. Bergsieker – Denver (+1 303-298-5774, rbergsieker@gibsondunn.com) Europe Ahmed Baladi – Co-Chair, Paris (+33 (0)1 56 43 13 00, abaladi@gibsondunn.com) James A. Cox – London (+44 (0)207071 4250, jacox@gibsondunn.com) Patrick Doris – London (+44 (0)20 7071 4276, pdoris@gibsondunn.com) Bernard Grinspan – Paris (+33 (0)1 56 43 13 00, bgrinspan@gibsondunn.com) Penny Madden – London (+44 (0)20 7071 4226, pmadden@gibsondunn.com) Jean-Philippe Robé – Paris (+33 (0)1 56 43 13 00, jrobe@gibsondunn.com) Michael Walther – Munich (+49 89 189 33-180, mwalther@gibsondunn.com) Nicolas Autet – Paris (+33 (0)1 56 43 13 00, nautet@gibsondunn.com) Kai Gesing – Munich (+49 89 189 33-180, kgesing@gibsondunn.com) Sarah Wazen – London (+44 (0)20 7071 4203, swazen@gibsondunn.com) Alejandro Guerrero Perez – Brussels (+32 2 554 7218, aguerreroperez@gibsondunn.com) Asia Kelly Austin – Hong Kong (+852 2214 3788, kaustin@gibsondunn.com) Jai S. Pathak – Singapore (+65 6507 3683, jpathak@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

July 11, 2018 |
2018 Mid-Year False Claims Act Update

Click for PDF Six months ago, we remarked in these pages on the largely unchanged and unrelenting pace of False Claims Act (“FCA”) enforcement under the Trump Administration.  Now, with another half-year behind us, the Administration has started to put its stamp on FCA enforcement and to signal openness to less draconian FCA enforcement, at least on the margins.  In a series of internal guidance memoranda and public speeches, high-ranking Department of Justice (“DOJ”) officials have indicated their recognition of the very real costs of overly aggressive and unchecked FCA enforcement by qui tam whistle-blowers and DOJ itself, and laid out some steps they plan to take.  It is still too early to tell what effect, if any, these announcements will have in practice.  But the next six months and beyond are likely to provide telling indications of whether DOJ matches its shift in tone with a real shift in tactics. For now, however, broader FCA trends appear unaffected by these recent developments.  DOJ announced a typically robust, albeit slightly reduced, set of eight- and nine-figure settlements and judgments, including at least two that topped $100 million apiece, over the course of the last six months.  Meanwhile the courts continued to explore the important intricacies and nuances of FCA jurisprudence, with nearly a dozen notable circuit court cases released in just the last half-year.  The Supreme Court also indicated that it might engage again with the FCA by inviting the views of the Solicitor General on important issues arising from the Court’s last seminal decision in Universal Health Services v. United States ex rel. Escobar, 136 S. Ct. 1989 (2016).  And there were also a handful of regulatory and state-law changes that could affect the scope of FCA enforcement going forward. We address all of these and other developments in greater depth below.  We discuss enforcement activity at the federal and state levels first, turn to activity on the legislative front, and then conclude with an analysis of significant court decisions from the past six months.  As always, Gibson Dunn’s recent publications on the FCA may be found on our website, including in-depth discussions of the FCA’s framework and operation, industry-specific presentations, and practical guidance to help companies avoid or limit liability under the FCA.  And, of course, we would be happy to discuss these developments—and their implications for your business—with you. I.    NOTEWORTHY DOJ ENFORCEMENT ACTIVITY DURING THE FIRST HALF OF 2018 The first half of 2018 saw several notable developments in DOJ enforcement activities, including both positive and not-so-positive developments for companies facing FCA exposure.  On the one hand, several internal DOJ guidance documents suggested that the current leadership at DOJ is considering a less aggressive approach to FCA enforcement than we have seen develop increasingly over the last 10 years.  But on the other hand, DOJ also continued to announce significant settlements and stringent enforcement programs, aimed at a wide variety of industries, under a wide variety of theories.  We explore these developments below. A.    DOJ Releases Important Guidance on FCA Enforcement and Signals More Changes to Come Though many have advocated for FCA reform as the number of qui tam cases and enforcement efforts have exploded in recent years, those efforts have not proven too fruitful.  But the new Administration may be a more receptive audience, as recent guidance from DOJ signals the first significant policy changes in recent memory that recognize the burden of FCA exposure.  As we reported in our client alerts on these topics (available here and here), there were three major announcements during the last six months that introduced current, and forthcoming, changes from DOJ. First, on January 10, 2018, Michael Granston, the Director of the Fraud Section of DOJ’s Civil Division, issued a memorandum (the “Granston Memo”) directing government lawyers evaluating a recommendation to decline intervention in a qui tam FCA action to “consider whether the government’s interests are served . . . by [also] seeking dismissal [of the underlying qui tam] pursuant to 31 U.S.C. § 3730(c)(2)(A).”[1]  The memorandum notes that DOJ “has seen record increases in qui tam actions” filed under the FCA, and while the “number of filings has increased substantially over time,” DOJ’s “rate of intervention has remained relatively static.”  Emphasizing that DOJ “plays an important gatekeeper role in protecting the False Claims Act,” the memorandum identifies dismissal of non-intervened cases as “an important tool to advance the government’s interests, preserve limited resources, and avoid adverse precedent.”  The memo then sets forth seven factors that prosecutors should consider when evaluating whether seeking dismissal of a declined qui tam action is appropriate.  Although those factors all stem from existing precedent in cases where DOJ has previously moved for dismissal, the fact that DOJ issued the Granston Memo indicates that DOJ may be more willing to go beyond merely declining unmeritorious cases.  By taking additional steps to dismiss such cases, DOJ may mitigate the extreme burden caused by unbridled qui tam plaintiffs.. Second, on January 25, 2018, then-Associate Attorney General Rachel Brand, the Department’s third-ranking official, issued a memorandum (the “Brand Memo”) that prohibits DOJ from using noncompliance with other agencies’ “guidance documents as a basis for proving violations of applicable law in” affirmative civil enforcement cases and from using “its enforcement authority to effectively convert agency guidance documents into binding rules.”[2]  Agencies commonly issue guidance documents interpreting legislation and regulations, and the government has sometimes employed evidence that a defendant violated such guidance to prove a violation of the underlying statute or regulation—which, in turn, may support a showing that a defendant’s claims or statements were “false” under the FCA.  The memorandum explicitly prohibits DOJ attorneys from engaging in this practice, although it is careful to note that prosecutors can continue to use such guidance as evidence that a defendant knew of its obligations under the law.  The Brand Memo builds on an earlier memo from Attorney General Jeff Sessions, from November 2017, that prohibited DOJ from issuing “guidance documents that purport to create rights or obligations binding on persons or entities outside the Executive Branch” without adhering to rulemaking processes as required by the Administrative Procedure Act (the “Sessions Memo”).[3]  Together, the Brand Memo and Sessions Memo reflect the Administration’s efforts to reign in administrative and regulatory requirements, with the Brand Memo signaling the Administration’s determination to extend that broader policy agenda in the FCA space. Third, DOJ has continued to reinforce its interest in taking measures to promote a more fair and consistent application of the FCA.  In a June 14 speech, Acting Associate Attorney General Jesse Panuccio described five policy initiatives being undertaken by DOJ to reform FCA enforcement, including the Brand and Granston memos highlighted above, as well as three additional areas: (i) cooperation credit; (ii) compliance program credit; and (iii) preventing “piling on.”  As to the latter three, Panuccio noted that DOJ is working on formalizing its practices with regard to cooperation credit and suggested that formal cooperation credit might be expanded to cover situations outside of those in which the defendant makes a self-disclosure.  Cooperation credits in FCA cases have traditionally been less well spelled-out than in some other contexts (e.g., under the Foreign Corrupt Practices Act), and Panuccio’s speech is a step towards formalizing those processes.  He also explained that DOJ will “reward companies that invest in strong compliance measures,” and that to prevent piling on, DOJ attorneys will promote coordination within the agency and with other regulatory bodies to ensure that defendants are subject to fair punishment and receive the benefit of finality that should accompany a settlement. DOJ’s continued focus on these efforts, led by officials at the highest levels within DOJ, suggests that FCA enforcement reform is a priority for the Department. B.    Opioid Enforcement Efforts Continue In our 2017 Year-End FDA and Health Care Compliance and Enforcement Update – Drugs and Devices, we noted the surge in enforcement activities surrounding the opioid epidemic.  From public pronouncements to criminal indictments, the current Administration has demonstrated widespread commitment to enforcement efforts around opioid issues.  The focus is unlikely to let up soon. For the time being, many of the enforcement efforts with regard to opioids have been on the criminal side and not directly related to the FCA.  But given DOJ’s close coordination between its criminal and civil divisions, widespread criminal enforcement efforts against an industry are often correlated with current, or imminent, FCA enforcement. The intense focus on the criminal side can hardly be overstated.  In June, the chief executive officer of a health care company and four physicians were charged in a superseding indictment with numerous crimes, including conspiracy to commit wire fraud and money laundering, as part of an ongoing investigation into the defendants’ alleged $200 million fraudulent health care scheme involving Michigan- and Ohio-based pain clinics, laboratories, and other providers.[4]  This was followed later in June by a DOJ announcement regarding the “National Health Care Fraud and Opioid Takedown.”[5]  Attorney General Sessions announced that DOJ was “charging 601 people, including 76 doctors, 23 pharmacists, 19 nurses, and other medical personnel with more than $2 billion in medical fraud.”[6]  DOJ also announced it has a “new data analytics program that focuses specifically on opioid-related health care fraud.”[7]  DOJ has also made forays into civil litigation by filing a statement of interest in a high-stakes multi-district action against opioid manufacturers and distributors that is premised on allegedly false, deceptive, or unfair marketing practices for prescription opioid drugs.[8] FCA enforcement is not far behind.  On May 15, 2018, for example, an unsealed complaint revealed that the United States had intervened in five lawsuits accusing an Arizona-based opioid manufacturer of paying kickbacks to induce physicians and nurses to prescribe the company’s opioid painkiller for their patients.  The lawsuits allege that these kickbacks took the form of payments for sham speaking engagements, jobs for the prescribers’ friends and relatives, and extravagant meals and other entertainment.  The lawsuits likewise allege that the manufacturer improperly encouraged physicians to prescribe its opioids to patients who did not have cancer—the approved use of the drug—and that company employees also lied to insurers in order to obtain reimbursement under Medicare and TRICARE.[9] C.    Notable Settlements All told, DOJ has announced more than approximately $600 million in settlements this year.  This amount represents a decrease from previous years at the same point, largely because there have been comparatively fewer blockbuster settlements during the last six months.  Still, the cadence of enforcement activity has continued to be steady. 1.    Health Care and Life Sciences Industries On January 10, a dental management company and more than 130 of its affiliated dental clinics agreed to pay $23.9 million, plus interest, to settle allegations that the companies knowingly submitted false claims to state Medicaid programs for unnecessary services on Medicaid-insured youth.  DOJ alleged that the companies incentivized and disciplined dentists to meet goals on procedures performed, ignoring when dentists complained about overutilization.  DOJ alleged that the companies submitted false Medicaid claims in 17 states, and also submitted false claims to an additional program, the Texas Medicaid Program for First Dental Home.  The federal government will receive approximately $14.2 million, plus interest, and states will receive approximately $9.7 million, plus interest.  This investigation was initiated by five whistle-blower lawsuits.  Three of the whistle-blowers, former employees of the dental clinics, will receive a total of more than $2.4 million from the federal portion of the settlement.[10] On March 7, a Pennsylvania hospital and cardiology group agreed to pay approximately $20.8 million combined to resolve claims that the two engaged in improper financial relationships to secure physician referrals.  Specifically, the government alleged that the hospital paid the cardiology group up to $2 million per year under physician and administrative service arrangements for services that were duplicative, not performed, or not needed.  The whistle-blower, a doctor in the cardiology group, received approximately $6 million of the recovered amount.[11] On March 23, a medical device manufacturer and its domestic subsidiary agreed to pay approximately $33.2 million to resolve claims that the subsidiary caused hospitals to submit false claims to government health care programs by knowingly selling materially unreliable point-of-care diagnostic testing devices.  The government claimed that the subsidiary received customer complaints that put it on notice that devices it sold produced erroneous results and failed to take corrective action until FDA inspections prompted a nationwide product recall.  The whistle-blower, a former senior quality control analyst at the subsidiary, will receive approximately $5.6 million of the recovered amount.[12] On March 28, a Virginia ambulance services provider agreed to pay $9 million to settle allegations that it submitted false or fraudulent claims to Medicare, Medicaid, and TRICARE for ambulance transports that were not medically necessary, that did not qualify as Specialty Care Transports, and that should have been billed to other payers.  As part of the settlement, the company entered into a five-year corporate integrity agreement with HHS OIG.[13] On March 29, a Texas company operating radiation therapy centers nationwide, along with its acquirer, agreed to pay up to $11.5 million to settle allegations that the Texas company paid kickbacks to physicians for referring patients to its cancer treatment centers.  The companies also agreed to enter into a five-year corporate integrity agreement with HHS OIG, which includes internal and external monitoring of relationships between the companies and referring physicians.  The Texas company allegedly distributed a share of the profits through a series of leasing companies in which referring physicians were permitted to invest.  The whistle-blower will receive up to $1.7 million as part of the settlement.[14] On April 12, a Florida respiratory equipment supplier agreed to pay approximately $9.7 million to settle allegations that it knowingly submitted false claims for portable oxygen contents to Medicare between January 2009 and March 2012.  Specifically, the government alleged that the company billed Medicare without verifying that beneficiaries used or needed the oxygen, and without obtaining the requisite proof of delivery.  The whistle-blower will receive approximately $1.6 million as part of the settlement.[15] On April 12, an Arizona company that owns acute-care hospitals agreed to pay over $18 million to resolve allegations that 12 of its hospitals knowingly overcharged Medicare patients for short-stay, inpatient procedures that should have been billed on a less costly outpatient basis.  The settlement also resolved claims that the company inflated the number of hours for which patients received outpatient observation in its reports to Medicare.  As part of the settlement, the company entered into a five-year corporate integrity agreement with HHS OIG, which includes the requirement to retain an independent review organization to review the accuracy of claims submitted to federal health care programs.  The whistle-blower, a former employee of the company, will receive approximately $3.3 million of the recovered amount.[16] On April 19, a California diagnostics laboratory agreed to pay $2 million to settle claims that it submitted and caused the submission of false claims to Medicare for Breast Cancer Index tests that were not reasonable and necessary.  The government alleged the company promoted and performed the tests for patients who had not been in remission for five years and who had not been taking tamoxifen.  The government claimed performing tests under such circumstances is medically unnecessary based on published clinical trial data and clinical practice guidelines.[17] On May 10, a Cincinnati-based nonprofit company operating several health care facilities in Ohio and Kentucky agreed to pay $14.25 million to settle allegations that the company provided compensation to six referring physicians in excess of the fair market value for the physicians’ services.  Per the government’s announcement, these issues were self-reported by the nonprofit hospital system.[18] On May 24, a large pharmaceutical company agreed to pay $23.85 million to resolve claims that the company illegally paid the co-pays of Medicare patients taking three of the company’s drugs.  The alleged scheme involved the use of a foundation as a conduit for the remuneration.[19] On May 31, two owners of a Philadelphia pharmacy agreed to pay $3.2 million to resolve claims that over the course of roughly seven years the pair fraudulently billed Medicare for prescription medications that their pharmacy did not actually dispense to its patients.[20] On June 8, a Kentucky-based health care company that owns and operates roughly 115 skilled nursing facilities in several states agreed to pay more than $30 million to resolve allegations that it knowingly submitted false claims to Medicare for medically unreasonable or unnecessary rehabilitation therapy services.  As part of the agreement, the State of Tennessee will receive a portion of the final settlement.  The two relators who initially brought the suit will also receive a yet undetermined portion of the eventual settlement.[21] On June 20, a national wound-care provider agreed to pay $22.5 million to settle allegations that it billed the government for unnecessary and unreasonable hyperbaric oxygen therapy, which is a therapy indicated for certain chronic wounds.  According to the government, the company billed for these unnecessary treatments for five years, between 2010 and 2015.  In addition to the monetary settlement, the company entered into a five-year corporate integrity agreement that subjects the company to independent reviews.[22] On June 25, a hospice chain agreed to pay $8.5 million to resolve allegations that it improperly billed the federal government for hospice services.  The government alleged that the company provided hospice care to patients who were not terminally ill (and therefore ineligible for the services), despite repeated warnings that ineligible patients were being admitted.[23] 2.    Government Contracting and Defense/Procurement On March 15, a Japanese fiber manufacturer and its American subsidiary agreed to pay approximately $66 million to resolve claims that they sold defective Zylon fiber used in bulletproof vests, which the United States purchased for law enforcement agencies.  The government alleged that between 2001 and 2005, the companies knew that Zylon degraded quickly in normal heat and humidity, rendering it unfit for use in bulletproof vests.  Yet, according to the government, the companies published misleading degradation data that understated the defect and engaged in a marketing campaign that advocated for the continued sale of Zylon-containing vests after a body armor manufacturer recalled such vests.  The whistle-blower will receive over $5.7 million as part of the settlement.[24]  The settlement resolves part of a long-running series of FCA cases related to allegedly defective bulletproof vests that goes back several decades and involved several companies.[25] On April 19, a former professional cyclist agreed to pay $5 million to resolve allegations that he submitted millions of dollars in false claims for sponsorship payments to the U.S. Postal Service (“USPS”), which sponsored his cycling team.  The government claimed that the cyclist violated the terms of his team’s USPS sponsorship by using performance enhancing drugs (“PEDs”), as well as making numerous false statements—including statements under oath—denying his PED use to induce the USPS to renew and increase its sponsorship.  The whistle-blower, a former teammate, will receive $1.1 million as part of the settlement.[26] On May 29, a foreign-based federal contractor and several of its subsidiaries agreed to pay $20 million to resolve allegations that the companies knowingly overbilled the United States Navy under contracts to provide ship husbanding services in numerous ports around the world.  As part of the resolution, the whistle-blowers in the case, three former employees of the contractor, will receive approximately $4.4 million.[27] 3.    Financial Services On February 28, an audit firm agreed to pay $149.5 million to resolve potential FCA claims related to the firm’s role as the independent outside auditor for a now-defunct originator of mortgage loans that were insured by the Federal Housing Administration (“FHA”) under the Department of Housing and Urban Development (“HUD”).  As part of a HUD program, the mortgage company was considered to be a Direct Endorsement Lender, and could submit claims to the United States to recover any losses that occurred as a result of a default on a loan insured by the FHA that the company had underwritten and endorsed.  To maintain Direct Endorsement Lender status, the mortgage company was required to submit annual audited financial statements in compliance with HUD requirements.  The audit firm issued audit reports on the mortgage company’s annual financial statements for fiscal years 2002 through 2008.  The United States alleged that the mortgage company was engaged in a fraudulent scheme involving the alleged sale of “fictitious or double-pledged” loans, leading to financial statements that failed to accurately reflect that the company was in financial distress.  The United States also alleged that the audit firm did not identify the mortgage company’s fraudulent conduct and alleged that by continuing to issue audit reports notwithstanding the mortgage company’s misconduct, the company was able to continue originating the insured loans until the mortgage company declared bankruptcy in 2009.  A number of officials from the mortgage company were criminally convicted in connection with the conduct at issue as well. [28] 4.    Other On January 16, a home furnishings company agreed to pay $10.5 million to settle claims that it knowingly made false statements on customs declarations forms to avoid paying antidumping duties on imported bedroom furniture from China.  The company classified the furniture as non-bedroom furniture, which was not subject to the antidumping duties. In connection with the FCA settlement, a whistle-blower will receive approximately $1.9 million.[29] D.    Notable Verdicts and Judgments In addition to the settlements noted above, there were several notable verdicts and judgments in FCA cases during the last six months. On January 11, a federal district court in Florida reversed a $350 million FCA jury verdict.  The jury reached a verdict that a nursing home operator had submitted false claims by allegedly failing to maintain a comprehensive care plan that was “ostensibly required by Medicaid regulation,” alongside other relatively minor infractions.  United States v. Salus Rehab., LLC, 304 F. Supp. 3d 1258, 1260 (M.D. Fla. 2018).  The court overturned the verdict, holding that “[t]he record fatally wants for evidence of materiality and scienter.”  In so holding, the court took umbrage that “relator won judgments for almost $350 million based” only on the theory that “a handful of paperwork defects” and “failure to maintain care plans made” defendants’ claims to Medicare and Medicaid false or fraudulent.  Id.  The court explained that “the relator offered no meaningful and competent proof that the federal or the state government, if either or both had known of the disputed practices (assuming that either or both did not know), would have regarded the disputed practices as material to each government’s decision to pay the defendants and, consequently, that each government would have refused to pay the defendants.”  Id.  It also disagreed that there was any evidence the defendants acted knowingly.  Id.  In so holding, the court affirmed the importance of the Supreme Court’s Escobar decision and its role in enforcing the FCA’s materiality standard. On May 29, the United States District Court in the District of South Carolina entered a judgment totaling approximately $114 million against three individuals found liable under the FCA of paying kickbacks to physicians in exchange for patient referrals.  The underlying claims were initially brought as part of three lawsuits filed by four whistle-blowers, alleging that the kickback scheme caused two blood testing laboratories in Virginia and California to bill federal health care programs for medically unnecessary tests.  The whistle-blowers’ share of the judgment has not yet been determined.[30] II.    LEGISLATIVE ACTIVITY A.    Federal Legislation As with the latter half of 2017, the first half of 2018 has seen little to no federal legislative activity affecting the FCA.  While President Trump’s plan to repeal and replace the Affordable Care Act (“ACA”) could have affected the ACA’s amendments to the FCA—as discussed in our 2017 Mid-Year False Claims Act Update[31]—Congress has not shown any signs that it will pass such a bill in the near future, though some commentators have speculated that Senate Republicans may attempt such a feat in an effort to rally the base for the 2018 elections.[32]  Senator Lindsey Graham (R-S.C.) announced in May that he is working on a new repeal-and-replace bill, but no new bills have been introduced in Congress and Senator Graham’s “effort appears to have little, if any, chance of passing this year.”[33] In a February speech on the Senate floor, Senator Chuck Grassley laid out his views about problems arising from the Supreme Court’s 2016 Escobar decision that are “getting some defendants, and judges, tied in knots.”[34]  In particular, Senator Grassley criticized courts for applying the Supreme Court’s instruction regarding so-called “government knowledge”—that continued government payment, in the face of government knowledge of non-compliance with regulatory or contractual requirements, may be strong evidence that the violation is not material.  According to Grassley, the Court “did not say that in every case, if the government pays a claim despite the fact that someone, somewhere in the bowels of the bureaucracy might have heard about allegations that the contractor may have done something wrong, the contractor is automatically off the hook.”[35]  And he set forth his views of how courts should apply Escobar without “piling on bogus restrictions that are just not in the law.”[36]  Notably, the issue of the interplay between government knowledge and materiality is back before the Supreme Court on a petition for certiorari in United States ex rel. Campie v. Gilead Sciences. Inc., 862 F.3d 890 (9th Cir. 2017), as discussed below.  If the Court takes that case, and rules in a way that bolsters its Escobar decision instead of the viewpoint espoused by Senator Grassley, we will be watching closely to see if the Court’s interpretation prompts a Congressional response. Consistent with the Trump administration’s agenda, Federal regulatory activity implicating the FCA has also remained stagnant.  As noted in our 2017 Year-End False Claims Act Update,[37] the FDA proposed a regulation in January 2017 that would amend and expand the agency’s definition of “intended use” for drugs and devices codified in 21 C.F.R. § 201.128 and 21 C.F.R. § 801.4, but that rule’s effective date was delayed until March 19, 2018 after opposition from industry.[38]  On March 16, the FDA delayed indefinitely the effective date of the portions of the rule relating to intended use “to allow further consideration of the substantive issues raised in the comments received regarding the amendments.”[39] On March 23, 2018, President Trump signed an omnibus appropriations bill authorizing $1.3 trillion in spending, $654.6 billion of which was designated for the Department of Defense—a $60 billion increase from 2017 defense spending.[40]  The bill also includes a $21.2 billion appropriation for infrastructure spending.  This law does not amend the FCA or substantively alter enforcement, but the increase in spending may invite greater FCA enforcement scrutiny or relator actions for the defense and construction contractors who work with the federal government. B.    State Legislation In 2005, Congress created financial incentives for states to enact their own False Claims Acts and make them as effective as the federal FCA in facilitating qui tam lawsuits.  If a state meets this standard, it may be eligible to “receive a 10-percentage-point increase in [its] share of any amounts recovered under such laws.”[41]  The Department of Health and Human Services Office of Inspector General (“HHS OIG”) is tasked with assessing whether a state’s law qualifies.  As reported in our last Mid-Year update,[42] HHS OIG notified 15 states at the end of 2016 that their laws required amendment to meet the federal standard, and it set a “grace period” through the end of 2018 to bring state law into compliance or risk losing the 10% financial incentive.[43]  Since our Year-End update: A Michigan bill that would amend the civil penalties in the Michigan Medicaid False Claims Act to mirror penalties allowed under the federal FCA has not progressed beyond its November 28, 2017 referral to the Senate Judiciary Committee.[44] A similar New York bill died in the Senate and was returned to the Assembly on January 3, 2018.[45] A similar North Carolina bill has not progressed since it was re-referred to the Committee on Rules and Operations of the Senate in April 2017.[46] Other notable state legislative developments include: A Florida bill to exempt information from disclosure under the state’s public records law that is related to an “investigation of violation of Florida False Claims Act” was approved by the governor on March 21, 2018.[47]  As noted in our 2017 Year-End Update, this bill exempts the Florida FCA’s under seal requirements from review and potential repeal under the Sunset Review Act.[48] There has been no action on a Michigan bill that would create a general Michigan False Claims Act since it was referred to the state’s Senate Committee on the Judiciary in January 2017.[49]  The bill would expand Michigan’s current Medicaid False Claims Act beyond the Medicaid context. No action has been taken on a Pennsylvania bill that would create a state False Claims Act; the bill has been in the House Judiciary Committee since March 2017.[50] We expect to see additional state legislative activity in the second half of 2018, as the HHS OIG “grace period” draws to an end.  To date, HHS OIG has informed 12 states that their laws meet the federal standard (Colorado, Connecticut, Illinois, Indiana, Iowa, Massachusetts, Montana, Nevada, Oklahoma, Tennessee, Texas, and Vermont) and has informed 14 states that their laws do not meet the federal standard (California, Delaware, Florida, Georgia, Hawaii, Michigan, Minnesota, New Hampshire, New York, North Carolina, Rhode Island, Virginia, Washington, and Wisconsin).[51]  Three other states were informed prior to recent federal amendments that their state laws did not meet the old federal standard (Louisiana, New Jersey, and New Mexico).[52] III.    NOTABLE CASE LAW DEVELOPMENTS Thus far in 2018, courts have continued to advance the body of FCA case law.  The appellate courts have issued nearly a dozen notable cases in the first part of the year, including decisions that explored the meaning of the Supreme Court’s decision in Universal Health Services, v. United States ex rel. Escobar, 136 S. Ct. 1989 (2016), the FCA’s statute of limitations, and the public disclosure bar.  These decisions clarified some areas of the law, yet deepened splits in others.  As always, we have closely monitored these developments and summarize the most notable decisions below. A.    Post-Escobar Developments Now two years since it was decided, courts continue to grapple with the Supreme Court’s landmark decision in Escobar.  As we have previously discussed in depth (including here), in Escobar, the Supreme Court held that an implied false certification theory of liability under the FCA is actionable when: (1) a claim “does not merely request payment, but also makes specific representations about the goods or services provided” and (2) the defendant’s failure to disclose noncompliance with some “material statutory, regulatory, or contractual requirement[] makes those representations misleading half-truths.”  Id. at 2001.  The Escobar Court further instructed courts to apply a “rigorous” and “demanding” materiality standard, necessitating the plaintiff show something akin to that the government actually refused payment, or would have refused payment had it known of the alleged misrepresentations regarding compliance.  Id. at 2002–03. Since Escobar, lower courts have worked to determine the precise requirements for establishing materiality at the pleading stage.  The fact-intensive analysis involved with materiality has produced some useful guidance for FCA defendants.  For example, conclusory statements by a plaintiff that the government would not have paid had it known of the alleged false statement are insufficient to survive a pleadings challenge, United States ex rel. Mateski v. Raytheon Co., No. 2:06-cv-03614, 2017 WL 3326452, at *7 (C.D. Cal. Aug. 3, 2017), yet, pleading that the government has previously terminated eligibility for similar falsities may be sufficient, depending upon the other allegations asserted, see United States ex rel. Lacey v. Visiting Nurse Serv. of N.Y., No. 14-cv-5739, 2017 WL 5515860, at *10 (S.D.N.Y. Sept. 26, 2017). As in prior years, the appellate courts continued to grapple with the application of Escobar’s “rigorous” and “demanding” materiality requirement in the first half of 2018. 1.    The Sixth Circuit Considers Government Payment Practices In Escobar, the Supreme Court explained that “proof of materiality can include, but is not necessarily limited to, evidence that the defendant knows that the Government consistently refuses to pay claims in the mine run of cases based on noncompliance with the particular statutory, regulatory, or contractual requirement.”  Escobar, 136 S. Ct. at 2003.  The Sixth Circuit recently weighed in on the question of what is required to adequately allege materiality at the pleading stage in such cases. United States ex rel. Prather v. Brookdale Senior Living Communities, Inc., 892 F.3d 822 (6th Cir. 2018) involved alleged false claims for home health services.  Specifically, the relator alleged that the defendant home health provider failed to timely obtain provider physician certifications in violation of a regulation requiring such certifications to “be obtained at the time the plan of care is established or as soon thereafter as possible.”  Id. at 825.  Despite concluding that compliance with the timing regulation was an express condition of payment, the district court had dismissed the claim for failure to adequately allege materiality under the standards articulated in Escobar.  Id. at 826, 832.  The district court reasoned that the complaint failed to identify any instance in which the government denied reimbursement for a similar violation in the entire 50-plus year history of the regulation, which suggested the government did not view violations of the certification regulation as material.  Id. at 834.  In addition, the relator cited materials suggesting the government’s concern focused on ensuring the services were medically necessary, not that the certification was made at a particular time.  Id. 847–48 (J. McKeague, dissenting). By a 2 to 1 vote, the Sixth Circuit reversed.  Id. at 825.  The court faulted the lower court for drawing “a negative inference from the absence of any allegations about past government action.”  Id. at 834.  The majority explained that a relator is “not required to make allegations regarding past government action,” and so absent the government’s actual knowledge of the alleged fraud being pled, its past payment practices were irrelevant to whether an FCA plaintiff has adequately pled materiality in their complaint.  Id.  The court went on to find that the relator adequately alleged materiality, including based on the fact that the timing requirement was an express condition of payment.  Id. at 836.  The majority also concluded that the relator had adequately alleged scienter.  Id. at 838. In contrast, a vigorous dissent took the majority to task for failing to faithfully apply Escobar and for not requiring materiality to be alleged with particularity under Federal Rule of Civil Procedure 9(b) despite the fact that “every [other] Circuit to address this question agrees that Rule 9(b) governs materiality allegations.”  Id. at 845.  As the dissent pointed out, the relator failed to allege that the government routinely refuses to pay claims based on the alleged violations, or that it would have refused to pay particular claims under the circumstances, which ran afoul of Escobar’s guidance that “[t]he government’s payment habits are, by far, the best evidence of materiality.”  Id.  Moreover, the dissent faulted the court for “equating negligence with fraud”; as the dissent pointed out, the complaint alleged facts that were, at best, “only consistent with recklessness” and therefore did not adequately allege scienter.  Id. at 852–53. 2.    The Eleventh Circuit Revives an Implied False Certification Claim  The Eleventh Circuit similarly revived an FCA claim predicated on an implied false certification theory in Marsteller ex rel. United States v. Tilton, 880 F.3d 1302 (11th Cir. 2018).  Marsteller involved allegations that a defense contractor had certified compliance with code of business ethics and conduct requirements applicable to government contractors, but that the company did not comply with those requirements because it failed to disclose evidence of purportedly unethical acts of bribery, and that it provided the government with incomplete pricing data in violation of the Truth in Negotiations Act, 10 U.S.C. § 2306a.  Id.  In a pre-Escobar decision, the district court had dismissed the complaint, after declining the government’s suggestion in a statement of interest “to limit the restrictive reading of the implied certification theory found in” prior precedent, and instead ruling that the theory only encompassed claims for payment made “despite a knowing failure to comply” with an express condition of payment.  Id. at 1309–10. On appeal, the Eleventh Circuit held that the line of cases relied upon by the district court was no longer good law in light of Escobar and remanded the case for the lower court to consider whether “in fairness to the relators, they should have an opportunity to replead their allegations in light of the Supreme Court’s guidance” in Escobar.  Id. at 1312–14.  As the court emphasized, Escobar directs the materiality inquiry towards “whether [the] Government would have attached importance to the violation in determining whether to pay the claim” at issue.  Id. at 1313. In both Marsteller and Prather, the government filed a statement of interest regarding the district court’s materiality analysis, despite having declined to intervene.  In Marsteller, although the Government took no position on the viability of the complaint itself, it nevertheless “respectfully urge[d]” the district court “not to adopt the atextual position that implied certification False Claims Act liability for non-compliance with a contract provision (including regulatory or statutory provisions incorporated therein) necessarily hinges on the presence of an express statement within that provision that payment is conditioned on its compliance.”  880 F.3d at 1309 n.15.  Likewise in Prather, although the government took no position on the complaint at issue in the case, it argued that an express condition of payment is not required under Escobar, and further argued that Escobar does not require an FCA plaintiff to plead prior government denials of payments for similar violations.  United States’ Statement of Interest Regarding Defendants’ Motion To Dismiss Third Amended Complaint at 2–3, 6, Prather, 892 F.3d 822 (No. 17-5826).  If these cases are any indication, FCA defendants can expect to face the government’s opposition in future cases that turn on allegations of materiality. 3.    The Supreme Court Invites the Government’s Views on Gilead In our 2017 Mid-Year False Claims Act Update, we addressed the Ninth Circuit’s materiality analysis in United States ex rel. Campie v. Gilead Sciences. Inc., 862 F.3d 890 (9th Cir. 2017).  As a reminder, in Gilead, the Ninth Circuit reversed dismissal of an implied certification claim.  Id. at 895.  In doing so, the court rejected the argument that the alleged violation was immaterial because the FDA was aware of the falsity and yet did not withdraw product approval.  Id. at 906.  This decision was appealed and the petition for certiorari is currently pending.  See Petition for Writ of Certiorari, Gilead, 862 F.3d 890 (No. 17-936). In April, the Supreme Court invited the U.S. Solicitor General to file a brief expressing the government’s views on the case.  This may signal the Court’s interest in reviewing the matter to provide more guidance on the impact of government acquiescence.  Clarification here would be welcomed, as we have previously noted that a circuit split is developing in this area.  However, in recent years the Supreme Court has asked for the Solicitor General’s views on key FCA issues only to go on to deny certiorari anyway.  See, e.g., United States ex rel. Nathan v. Takeda Pharm., 707 F.3d 451 (4th Cir. 2013), cert. denied 81 U.S.L.W. 3650 (U.S. Mar. 31, 2014) (No. 12-1349). B.    The Eleventh Circuit Deepens a Circuit Split Regarding When the FCA’s Extended Statute of Limitations Applies For most FCA relators, the statute of limitations requires a suit be brought within six years of the underlying alleged violation.  31 U.S.C. § 3731(b)(1).  However, an extended limitations period of up to ten years applies in select cases.  31 U.S.C. § 3731(b)(2) (permitting actions for “3 years after the date when facts material to the right of action are known or reasonably should have been known by the official of the United States charged with responsibility to act in the circumstances, but in no event more than 10 years after the date on which the violation is committed”).  Circuits are split in determining whether this greater, up to ten-year period is only available when the government files or intervenes in the FCA suit, as opposed to being pursued only by the relator after the government declines intervention.  Currently, most courts only apply the extended statute of limitations to suits brought by the government itself, as well as qui tam actions in which the government chooses to intervene.  See United States ex rel. Sanders v. North American Bus Indus. Inc., 546 F.3d 288, 295 (4th Cir. 2008) (holding that “only a subset of civil actions may benefit from the extended limitations period in Section 3731(b)(2)—those in which the government is a party”); United States ex rel. Sikkenga v. Regence Bluecross Blueshield of Utah, 472 F.3d 702, 725–26 (10th Cir. 2006) (“[W]e hold that § 3731(b)(2) was not intended to apply to private qui tam relators at all.”); but see United States ex rel. Hyatt v. Northrop Corp., 91 F.3d 1211, 1214 (9th Cir. 1996) (“[T]here is nothing in the entire statute of limitations subsection which differentiates between private and government plaintiffs at all.”). The Eleventh Circuit recently went the other way, however, in an opinion holding that relators can utilize the extended statute of limitations period even in qui tam cases where the government has declined to intervene.  In United States ex rel. Hunt v. Cochise Consultancy Inc., 887 F.3d 1081 (11th Cir. 2018), the court considered this issue as a matter of first impression in the circuit.  Id. at 1083.  First, the court emphasized that “nothing in § 3731(b)(2) says that its limitations period is unavailable to relators when the government declines to intervene.”  Id. at 1089.  The court also found that “the legislative history provides no convincing support for [the defendant’s] position” that the greater limitations period is only available where the government files suit or intervenes.  Id. at 1097.  The court recognized its decision “is at odds with the published decisions of two other circuits,” but found those opinions unpersuasive because those cases “reflexively applied the general rule that a limitations period is triggered by the knowledge of a party” while failing to consider “the unique role that the United States plays even in a non-intervened qui tam case.”  Id. at 1092. In reaching this decision, the Eleventh Circuit departs from the Fourth and Tenth circuits but largely aligns with the Ninth Circuit.  See Hyatt, 91 F.3d at 1214.  However, on the question of the knowledge required to trigger the limitations period, the Eleventh Circuit concluded, contrary to the Ninth Circuit, that “it is the knowledge of a government official, not the relator, that triggers the limitations period,” further complicating the circuit split.  Hunt, 887 F.3d at 1096. C.    The Third Circuit Examines the Public Disclosure Bar The FCA’s public disclosure bar instructs courts to dismiss a relator’s FCA action if “substantially the same allegations or transactions” were previously publicly disclosed in certain enumerated sources.  31 U.S.C. § 3730(e)(4).  The “original source” exception to this rule, which allows relators to proceed on publicly disclosed allegations if they have “knowledge that is independent of and materially adds to the publicly disclosed allegations or transactions,” 31 U.S.C. § 3730(e)(4)(B), was the subject of a recent Third Circuit decision. In United States ex rel. Freedom Unlimited, Inc. v. City of Pittsburgh, No. 17-1987, 2018 WL 1517159 (3d Cir. Mar. 28, 2018), the district court had dismissed the case at the pleading stage under the public disclosure bar, concluding that the relator “filed a qui tam suit based on information that the city revealed” publicly.  Id. at *3.  The Third Circuit reversed, and in doing so, emphasized the sometimes factual nature of whether there “has been a public disclosure within the meaning of the FCA and whether a relator qualifies as an original source.”  Id. (internal quotations omitted).  In particular, the court noted that the relator claimed to have “directly observed” the defendant’s alleged conduct and had “independent knowledge” of the falsity.  Id.  While taking care to avoid suggesting that dismissal would never be appropriate at the pleading stage, the Third Circuit concluded the lower court “should have given the parties an opportunity to develop the facts in discovery inasmuch as appellants claim that they did not rely on public disclosures.”  Id.  Additionally, because the district court’s opinion pre-dated Escobar, the Third Circuit directed the district court to “rely on the factors set forth in Escobar in making a materiality decision,” to the extent the complaint survived the public disclosure bar.  Id. at *4. D.    Updates to the Causation Standard in Retaliation Claims The FCA’s anti-retaliation provision provides remedies to employees if “discharged, demoted, suspended, threatened, harassed, or in any other manner discriminated against in the terms and conditions of employment because of lawful acts” conducted in furtherance of an FCA claim.  31 U.S.C. § 3730(h)(1).  In a series of recent decisions, several courts have addressed the question of what an employee must show to demonstrate that an adverse action was “because of” the employee’s activity protected under the FCA. In DiFiore v. CSL Behring, LLC, 879 F.3d 71 (3d Cir. 2018), the Third Circuit provided guidance on the causation standard.  There, the district court had required the plaintiff to show “protected activity was the ‘but-for’ cause of an adverse action.”  Id. at 76.  On appeal, the plaintiff argued that the FCA only requires proof that “protected activity was a ‘motivating factor’ in the adverse action[].”  Id.  Rejecting this argument, the Third Circuit affirmed, relying on the Supreme Court’s analysis in a pair of decisions regarding the causation standard in age discrimination and Title VII claims respectively.  Id. (citing Gross v. FBL Financial Services, Inc., 129 S.Ct 2343 (2009) and University of Texas Southwestern Medical Center v. Nassar, 133 S.Ct 2517 (2013)).  As the court noted, the FCA used the “same ‘because of’ language” found in both the Age Discrimination in Employment Act and Title VII that had “compelled the Supreme Court to require ‘but-for’ causation.” Id. at 78.  As a result, in the Third Circuit, a plaintiff must show that he would not have faced the relevant adverse employment action “but for” his alleged protected activity. The Sixth and Seventh Circuits similarly recently indicated a willingness to adopt a “but-for” causation standard in FCA retaliation claims.  In Heath v. Indianapolis Fire Dept., 889 F.3d 872 (7th Cir. 2018), the Seventh Circuit affirmed the district court’s grant of summary judgment for the defendant.  Id. at 874.  The opinion was more notable, however, because—even though the Seventh Circuit had previously adopted a “motivating factor” standard—the Heath court nevertheless raised the question of whether that is the proper standard.  Id.  The court discussed the Supreme Court’s opinion in Nassar and hinted that the similarity between the statutory language in Title VII and the FCA compels the conclusion that a plaintiff must show the adverse employment action was the “but for” result of activity protected under the FCA.  Id. Meanwhile, in Smith v. LHC Group Inc., No. 17-5850, 2018 WL 1136072 (6th Cir. Mar. 2, 2018), the Sixth Circuit reversed dismissal of an FCA retaliation claim and concluded an employer’s subjective intent need not be established to prevail on a theory of constructive discharge.  Id. at *2.  Although the panel’s majority did not address causation, a concurring opinion expressed the view that causation requires a showing of “but-for” causation under Supreme Court’s Nassar and Gross decisions.  Id. at *9 (citing DiFiore). E.    The Third Circuit Explores the Link Between the FCA and the Anti-Kickback Statute The AKS prohibits companies and individuals from offering, paying, soliciting, or receiving “remuneration” to induce or reward referrals of business that will be paid for by Medicare, Medicaid, or other federal health care programs.  42 U.S.C. § 1320a-7b(b).  By submitting a claim resulting from a violation of the AKS, an entity or individual also violates the FCA.  See 42 U.S.C. § 1320a-7b(g) (“[A] claim that includes items or services resulting from a violation of [the AKS] constitutes a false or fraudulent claim for purposes of [the FCA].”) The Third Circuit recently addressed the evidentiary requirement to link FCA claims with violations of the Anti-Kickback Statute.  United States ex rel. Greenfield v. Medco Health Sol’s, Inc., 880 F.3d 89 (3d Cir. 2018).  In Greenfield, a relator claimed a pharmacy (Accredo Health Group) illegally donated to specific charities in order to exclusively receive patient referrals in return.  Id. at 91.  The pharmacy then allegedly violated the FCA by falsely certifying that it complied with the Anti-Kickback statute when seeking reimbursement for the care provided to referred patients.  Id. at 92. The district court entered summary judgment for the defendant-pharmacy, finding the relator “failed to provide evidence of even a single federal claim for reimbursement . . . that was linked to the alleged kickback scheme.”  Id. at 91.  In reaching its conclusion, the district court assumed that even if there was an Anti-Kickback Statute violation, there was an insufficient link to establish an FCA violation.  Id. at 93  Specifically, the district court stated the relator needed to establish a causal link between the pharmacy’s donations and a patient’s subsequent decision to patron the pharmacy.  Id. at 95. On appeal, the Third Circuit affirmed.  The panel first rejected the District Court’s reasoning and concluded that a relator need not provide “proof that the underlying medical care would not have been provided but for a kickback.”  Id. at 100.  Reviewing the legislative history of the FCA and Anti-Kickback Statute, the court concluded that “Congress intended both statutes to reach a broad swath of ‘fraud and abuse’ in the federal healthcare system” and “neither requires a plaintiff to show that a kickback directly influenced a patient’s decision to use a particular medical provider.”  Id. at 96–97. However, the court also rejected the notion that “the taint” of the alleged kickbacks automatically “renders every reimbursement claim false” and concluded that to prevail on summary judgment, it is not enough for a relator to show merely that the defendant “submitted federal claims while allegedly paying kickbacks.”  Id. at 99–100.  In the court’s view, “[a] kickback does not morph into a false claim unless a particular patient is exposed to an illegal recommendation or referral and a provider submits a claim for reimbursement pertaining to that patient.”  Id. at 100.  Instead, the court held, a relator must therefore demonstrate at least one false claim, i.e., “at least one claim that covered a patient who was recommended or referred” in violation of the Anti-Kickback Statute.  Id.  Absent “evidence . . . link[ing the] alleged kickback scheme to any particular claim” in this manner, an FCA defendant is entitled to summary judgment.  Id. IV.    CONCLUSION The first half of 2018 saw developments that could portend important changes on the horizon.  We will monitor these developments, along with other FCA legislative activity, settlements, and jurisprudence throughout the year.  You can look forward to a comprehensive summary in our 2018 False Claims Act Year-End Update, which we will publish in January 2018. [1]      See Memo, U.S. Dep’t of Justice, Factors for Evaluating Dismissal Pursuant to 31 U.S.C. 3730(c)(2)(A) (Jan. 10, 2018), https://assets.documentcloud.org/documents/4358602/Memo-for-Evaluating-Dismissal-Pursuant-to-31-U-S.pdf (emphasis added). [2]      See Memo, U.S. Dep’t of Justice, Limiting Use of Agency Guidance Documents In Affirmative Civil Enforcement Cases (Jan. 25, 2018), https://www.justice.gov/file/1028756/download. [3]      See Memo, U.S. Dep’t of Justice, Prohibition on Improper Guidance Documents (Nov. 16, 2017), https://www.justice.gov/opa/press-release/file/1012271/download. [4]      See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Health Care CEO and Four Physicians Charged in Superseding Indictment in Connection with $200 Million Health Care Fraud Scheme Involving Unnecessary Prescription of Controlled Substances and Harmful Injections (June 6, 2018), https://www.justice.gov/opa/pr/health-care-ceo-and-four-physicians-charged-superseding-indictment-connection-200-million. [5]      See Speech, U.S. Dep’t of Justice, Attorney General Sessions Delivers Remarks Announcing National Health Care Fraud and Opioid Takedown (June 28, 2018), https://www.justice.gov/opa/speech/attorney-general-sessions-delivers-remarks-announcing-national-health-care-fraud-and. [6]      Id. [7]      Id. [8]      See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Justice Department to File Statement of Interest in Opioid Case (Feb. 27, 2018), https://www.justice.gov/opa/pr/justice-department-file-statement-interest-opioid-case. [9]      See Press Release, Office of Pub. Affairs, United States Intervenes in False Claims Act Lawsuits Accusing Insys Therapeutics of Paying Kickbacks and Engaging in Other Unlawful Practices to Promote Subsys, A Powerful Opioid Painkiller (May 15, 2018), https://www.justice.gov/opa/pr/united-states-intervenes-false-claims-act-lawsuits-accusing-insys-therapeutics-paying. [10]     See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Dental Management Company Benevis and Its Affiliated Kool Smiles Dental Clinics to Pay $23.9 Million to Settle False Claims Act Allegations Relating to Medically Unnecessary Pediatric Dental Services (Jan. 10, 2018), https://www.justice.gov/opa/pr/dental-management-company-benevis-and-its-affiliated-kool-smiles-dental-clinics-pay-239. [11]   See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Pennsylvania Hospital and Cardiology Group Agree to Pay $20.75 Million to Settle Allegations of Kickbacks and Improper Financial Relationships (Mar. 7, 2018), https://www.justice.gov/opa/pr/pennsylvania-hospital-and-cardiology-group-agree-pay-2075-million-settle-allegations. [12]   See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Alere to Pay U.S. $33.2 Million to Settle False Claims Act Allegations Relating to Unreliable Diagnostic Testing Devices (Mar. 23, 2018), https://www.justice.gov/opa/pr/alere-pay-us-332-million-settle-false-claims-act-allegations-relating-unreliable-diagnostic. [13]   See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Ambulance Company to Pay $9 Million to Settle False Claims Act Allegations (Mar. 28, 2018), https://www.justice.gov/opa/pr/ambulance-company-pay-9-million-settle-false-claims-act-allegations. [14]   See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Radiation Therapy Company Agrees to Pay Up to $11.5 Million to Settle Allegations of False Claims and Kickbacks (Mar. 29, 2018), https://www.justice.gov/opa/pr/radiation-therapy-company-agrees-pay-115-million-settle-allegations-false-claims-and. [15]   See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Rotech Agrees to Pay $9.68 Million to Settle False Claims Act Liability Related to Improper Billing for Portable Oxygen (Apr. 12, 2018), https://www.justice.gov/opa/pr/rotech-agrees-pay-968-million-settle-false-claims-act-liability-related-improper-billing. [16]   See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Banner Health Agrees to Pay Over $18 Million to Settle False Claims Act Allegations (Apr. 12, 2018), https://www.justice.gov/opa/pr/banner-health-agrees-pay-over-18-million-settle-false-claims-act-allegations. [17]   See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, San Diego Laboratory Agrees to Pay $2 Million to Settle False Claims Act Allegations Related to Unnecessary Breast Cancer Testing (Apr. 19, 2018), https://www.justice.gov/opa/pr/san-diego-laboratory-agrees-pay-2-million-settle-false-claims-act-allegations-related. [18]     See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Ohio Hospital Operator Agrees to Pay United States $14.25 Million to Settle Alleged False Claims Act Violations Arising From Improper Payments to Physicians (May 10, 2018), https://www.justice.gov/opa/pr/ohio-hospital-operator-agrees-pay-united-states-1425-million-settle-alleged-false-claims-act. [19]     See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Drug Maker Pfizer Agrees to Pay $23.85 Million to Resolve False Claims Act Liability for Paying Kickbacks (May 24, 2018), https://www.justice.gov/opa/pr/drug-maker-pfizer-agrees-pay-2385-million-resolve-false-claims-act-liability-paying-kickbacks. [20]     See Press Release, U.S. Atty’s Office for the Eastern Dist. of Pa., U.S. Dep’t of Justice, Pharmacy owners agree to pay $3.2 million to resolve False Claims case (May 31, 2018), https://www.justice.gov/usao-edpa/pr/pharmacy-owners-agree-pay-32-million-resolve-false-claims-case. [21]     See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Signature HealthCARE to Pay More Than $30 Million to Resolve False Claims Act Allegations Related to Rehabilitation Therapy (June 8, 2018), https://www.justice.gov/opa/pr/signature-healthcare-pay-more-30-million-resolve-false-claims-act-allegations-related. [22]     See Press Release, U.S. Atty’s Office for the Middle Dist. Of Fla., U.S. Dep’t of Justice, Healogics Agrees To Pay Up To $22.51 Million To Settle False Claims Act Liability For Improper Billing Of Hyperbaric Oxygen Therapy (June 20, 2018), https://www.justice.gov/usao-mdfl/pr/healogics-agrees-pay-2251-million-settle-false-claims-act-liability-improper-billing. [23]     See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Caris Agrees to Pay $8.5 Million to Settle False Claims Act Lawsuit Alleging That it Billed for Ineligible Hospice Patients (June 25, 2018), https://www.justice.gov/opa/pr/caris-agrees-pay-85-million-settle-false-claims-act-lawsuit-alleging-it-billed-ineligible. [24]   See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Japanese Fiber Manufacturer to Pay $66 Million for Alleged False Claims Related to Defective Bullet Proof Vests (Mar. 15, 2018), https://www.justice.gov/opa/pr/japanese-fiber-manufacturer-pay-66-million-alleged-false-claims-related-defective-bullet. [25]     See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Point Blank Pays U.S. $1 Million for the Sale of Defective Zylon Bulletproof Vests (Nov. 7, 2011), https://www.justice.gov/opa/pr/point-blank-pays-us-1-million-sale-defective-zylon-bulletproof-vests; Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, U.S. Sues First Choice Armor & Equipment for Providing Defective Bullet-Proof Vests to Law Enforcement Agencies (Aug. 3, 2009), https://www.justice.gov/opa/pr/us-sues-first-choice-armor-equipment-providing-defective-bullet-proof-vests-law-enforcement. [26]   See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Lance Armstrong Agrees to Pay $5 Million to Settle False Claims Allegations Arising From Violation of Anti-Doping Provisions of U.S. Postal Service Sponsorship Agreement (Apr. 19, 2018), https://www.justice.gov/opa/pr/lance-armstrong-agrees-pay-5-million-settle-false-claims-allegations-arising-violation-anti. [27]     See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, United States Settles Lawsuit Alleging That Contractor Falsely Overcharged the U.S. Navy for Ship Husbanding Services (May 29, 2018), https://www.justice.gov/opa/pr/united-states-settles-lawsuit-alleging-contractor-falsely-overcharged-us-navy-ship-husbanding. [28]     See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Deloitte & Touche Agrees to Pay $149.5 Million to Settle Claims Arising From Its Audits of Failed Mortgage Lender Taylor, Bean & Whitaker (Feb. 28, 2018), https://www.justice.gov/opa/pr/deloitte-touche-agrees-pay-1495-million-settle-claims-arising-its-audits-failed-mortgage. [29]     See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Bassett Mirror Company Agrees to Pay $10.5 Million to Settle False Claims Act Allegations Relating to Evaded Customs Duties (Jan. 16, 2018), https://www.justice.gov/opa/pr/bassett-mirror-company-agrees-pay-105-million-settle-false-claims-act-allegations-relating. [30]     See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, United States Obtains $114 Million Judgment Against Three Individuals for Paying Kickbacks for Laboratory Referrals and Causing Claims for Medically Unnecessary Tests (May 29, 2018), https://www.justice.gov/opa/pr/united-states-obtains-114-million-judgment-against-three-individuals-paying-kickbacks. [31]   2017 Mid-Year False Claims Act Update, Gibson Dunn (July 12, 2017), https://www.gibsondunn.com/2017-mid-year-false-claims-act-update/. [32]   See, e.g., Quin Hillyer, Obamacare Repeal May Be Closer Than You Think, Wash. Examiner (Apr. 26, 2018), https://www.washingtonexaminer.com/opinion/obamacare-repeal-may-be-closer-than-you-think. [33]   Peter Sullivan, Graham Working on New ObamaCare Repeal Bill, The Hill (May 16, 2018), http://thehill.com/policy/healthcare/388000-graham-working-on-new-obamacare-repeal-bill. [34]     Prepared Senate Floor Statement by Senator Chuck Grassley of Iowa, Interpreting the False Claims Act; S. Comm. on the Judiciary (Feb. 13, 2018), https://www.grassley.senate.gov/news/news-releases/interpreting-false-claims-act. [35]     Id. [36]     Id. [37]   2017 Year-End False Claims Act Update, Gibson Dunn (Jan. 5, 2018), https://www.gibsondunn.com/2017-year-end-false-claims-act-update/. [38]   Industry opponents worried that expanding the definition of “intended use” could “spawn[] a flurry of unwarranted FCA lawsuits.”  Id. [39]   See Clarification of When Products Made or Derived From Tobacco Are Regulated as Drugs, Devices, or Combination Products; Amendments to Regulations Regarding “Intended Uses”; Partial Delay of Effective Date, U.S. Dep’t of Health & Human Servs.—Food and Drug Admin. (Mar. 16, 2018), https://s3.amazonaws.com/public-inspection.federalregister.gov/2018-05347.pdf.  The portions of the rule relating to the regulation of tobacco products went into effect on March 19, 2018. [40]   Mark A. Rush, David I. Kelch & Isaac T. Smith, The False Claims Act in 2017: The Year in Review and What to Watch in 2018, BNA (Apr. 25, 2018), https://www.bna.com/false-claims-act-n57982091498/; see also Pub. L. No. 115-141 (2018) (final law). [41]   State False Claims Act Reviews, Dep’t of Health & Human Servs.—Office of Inspector Gen., https://oig.hhs.gov/fraud/state-false-claims-act-reviews/index.asp. [42]   See supra note 37. [43]   See supra note 41 (collecting letters to states). [44]   S.B. 0669, 2017 Reg. Sess. (Mich. 2017), http://www.legislature.mi.gov/(S(y01pr1bmjos4hv4bgw5wcuid))/mileg.aspx?page=getobject&objectname=2017-SB-0669&query=on. [45]   A.B. A07989, 2017-2018 Leg. Sess. (N.Y. 2017), http://nyassembly.gov/leg/?default_fld=&leg_video=&bn=A07989&term=2017&Summary=Y&Actions=Y. [46]   S.B. 378, 2017-2018 Reg. Sess. (N.C. 2017), https://www2.ncleg.net/BillLookup/2017/s378. [47]   H.B. 7013, 2017 Reg. Sess. (Fla. 2017), https://www.flsenate.gov/Session/Bill/2018/7013. [48]   See supra note 37. [49]   S.B. 0065, 2017 Reg. Sess. (Mich. 2017), http://www.legislature.mi.gov/(S(2eethmzh3ynmq4revoals1xd))/mileg.aspx?page=GetObject&objectname=2017-SB-0065. [50]   H.B. 1027, 2017-2018 Reg. Sess. (Penn. 2017), http://www.legis.state.pa.us/cfdocs/billInfo/billInfo.cfm?sYear=2017&sInd=0&body=H&type=B&bn=1027. [51]     See supra note 41. [52]     See id. The following Gibson Dunn lawyers assisted in preparing this client update: F. Joseph Warin, Stephen Payne, Robert Blume, Timothy Hatch, Alexander Southwell, Charles Stevens, Joseph West, Benjamin Wagner, Stuart Delery, Winston Chan, Andrew Tulumello, Karen Manos, Monica Loseman, Robert Walters, Reed Brodsky, John Partridge, James Zelenay, Jonathan Phillips, Ryan Bergsieker, Jeremy Ochsenbein, Sean Twomey, Reid Rector, Allison Chapin, Eva Michaels, Joshua Rosario, Jasper Hicks, and Trenton Van Oss. Gibson Dunn’s lawyers have handled hundreds of FCA investigations and have a long track record of litigation success.  Among other significant victories, Gibson Dunn successfully argued the landmark Allison Engine case in the Supreme Court, a unanimous decision that prompted Congressional action.  See Allison Engine Co. v. United States ex rel. Sanders, 128 S. Ct. 2123 (2008).  Our win rate and immersion in FCA issues gives us the ability to frame strategies to quickly dispose of FCA cases.  The firm has more than 30 attorneys with substantive FCA expertise and more than 30 former Assistant U.S. Attorneys and DOJ attorneys.  For more information, please feel free to contact the Gibson Dunn attorney with whom you work or the following attorneys. Washington, D.C. F. Joseph Warin (+1 202-887-3609, fwarin@gibsondunn.com) Stuart F. Delery (+1 202-887-3650, sdelery@gibsondunn.com) Joseph D. West (+1 202-955-8658, jwest@gibsondunn.com) Andrew S. Tulumello (+1 202-955-8657, atulumello@gibsondunn.com) Karen L. Manos (+1 202-955-8536, kmanos@gibsondunn.com) Stephen C. Payne (+1 202-887-3693, spayne@gibsondunn.com) Jonathan M. Phillips (+1 202-887-3546, jphillips@gibsondunn.com) New York Reed Brodsky (+1 212-351-5334, rbrodsky@gibsondunn.com) Alexander H. Southwell (+1 212-351-3981, asouthwell@gibsondunn.com) Denver Robert C. Blume (+1 303-298-5758, rblume@gibsondunn.com) Monica K. Loseman (+1 303-298-5784, mloseman@gibsondunn.com) John D.W. Partridge (+1 303-298-5931, jpartridge@gibsondunn.com) Ryan T. Bergsieker (+1 303-298-5774, rbergsieker@gibsondunn.com) Dallas Robert C. Walters (+1 214-698-3114, rwalters@gibsondunn.com) Los Angeles Timothy J. Hatch (+1 213-229-7368, thatch@gibsondunn.com) James L. Zelenay Jr. (+1 213-229-7449, jzelenay@gibsondunn.com) Palo Alto Benjamin Wagner (+1 650-849-5395, bwagner@gibsondunn.com) San Francisco Charles J. Stevens (+1 415-393-8391, cstevens@gibsondunn.com)Winston Y. Chan (+1 415-393-8362, wchan@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

July 10, 2018 |
2018 Mid-Year Update on Corporate Non-Prosecution Agreements (NPAs) and Deferred Prosecution Agreements (DPAs)

Click for PDF This publication marks our tenth year tracking corporate non-prosecution agreements (“NPAs”) and deferred prosecution agreements (“DPAs”).[1]  What a decade it has been.  In our time analyzing and reporting on these resolutions, we have seen the pendulum swing from 22 agreements concluded in a single year (in 2009 and 2017), to a high of 102 agreements (in 2015)—a yield that surprised even the enforcement agencies executing them.  We also have seen greater standardization of certain agreement terms as enforcement agency experience has developed, removal of certain terms—like mandatory privilege waivers—as prosecutorial policy has evolved, and application to an ever-widening scope of laws and conduct.  In a testament to the efficacy of DPAs in addressing allegations of corporate misconduct, we also have watched as countries around the globe have moved toward formalizing processes to adopt similar agreements.  We look forward to observing and sharing with you the changes that the next decade will bring. This client alert, the twentieth in our biannual series on NPAs and DPAs: (1) compiles statistics regarding NPAs and DPAs through the present; (2) highlights important developments in enforcement agency policy impacting penalties imposed in these corporate agreements; (3) revisits the role of the judiciary in DPA oversight, driven by recent judicial pronouncements; (4) reports on several recent developments in corporate monitorships, including an evaluation of recent DPAs that provide important lessons in how to avoid them; (5) analyzes NPAs and DPAs released to date in 2018; and (6) tours the ever-expanding number of jurisdictions adopting DPA-style regimes. NPAs and DPAs in 2018 The Department of Justice (“DOJ” or “the Department”) has entered into 12 agreements thus far in 2018, of which six are NPAs and six are DPAs.  The Securities and Exchange Commission (“SEC” or “the Commission”) has not entered into any NPAs or DPAs this year.  This year’s 12 agreements to date represent an increase of three agreements from what we saw at this point in 2017, when there were nine agreements.  It is also early in 2018, and there are many investigations in the enforcement pipeline that may provide additional resolutions in the coming months. Notably, while the SEC has not entered into any NPAs or DPAs in recent months, it nevertheless has signaled a continued favorable view of NPAs and DPAs through recently proposed amendments to the rules governing its whistleblower program.  In particular, if adopted, the proposed rule amendments would expressly allow the SEC to make award payments to whistleblowers on the basis of NPA and DPA recoveries, to “ensure that whistleblowers are not disadvantaged because of the particular form of action that the Commission, DOJ or a state attorney general acting in a criminal case may elect to pursue.”[2]  The rules presently are silent regarding whether whistleblowers can recover for actions that lead to NPAs and DPAs, as opposed to other forms of award. Chart 1 below shows all known corporate NPAs and DPAs since 2000. Chart 2 below illustrates the total monetary recoveries related to NPAs and DPAs from 2000 through the present.  Although we are only half-way through 2018, overall recoveries have already been relatively strong at nearly $2.5 billion, driven by a handful of high-value resolutions. Corporate Enforcement Developments Impacting NPAs and DPAs: DOJ’s “Piling on” Memorandum On May 9, 2018, Deputy Attorney General Rod Rosenstein announced a new policy regarding the coordination of corporate resolution penalties.  In his remarks to the New York City Bar White Collar Crime Institute, Rosenstein stated that the government should “discourage disproportionate enforcement of laws by multiple authorities.”[3]  Through amendments to the U.S. Attorneys’ Manual,[4] DOJ now expressly discourages the “piling on” of penalties relating to the same misconduct by “instructing Department components to appropriately coordinate with one another and with other enforcement agencies in imposing” any penalties.[5]  Rosenstein focused on the concept of “fairness,” and acknowledged that “piling on” can deprive a corporation of certainty and finality, as well as negatively impact employees, investors, and customers.[6] The memorandum states that in reaching a resolution, DOJ “should consider the totality of fines, penalties, and/or forfeiture imposed by” all enforcement agencies and regulators to achieve a just and fair result.[7]  Rosenstein highlighted four key features of the new policy.  First, the policy reinforces that the federal government should not use its criminal enforcement authority “for purposes unrelated to the investigation and prosecution of a possible crime.”[8]  For example, the government should not threaten “criminal prosecution solely to persuade a company to pay a larger settlement in a civil case.”[9]  Second, the policy directs DOJ officials to coordinate among themselves to “achieve an overall equitable result.”[10]  Rosenstein specified that such coordination “may include crediting and apportionment of financial penalties, fines, and forfeitures.”[11]  Third, the policy instructs DOJ attorneys “to coordinate with other federal, state, local, and foreign enforcement authorities seeking to resolve a case with a company for the same misconduct.”[12]  Finally, the policy identifies factors that DOJ may use to determine “whether multiple penalties serve the interests of justice,” such as “egregiousness of the wrongdoing; statutory mandates regarding penalties; the risk of delay in finalizing a resolution; and the adequacy and timeliness of a company’s disclosures and cooperation.”[13] DOJ’s “piling on” policy reflects efforts in certain negotiated resolutions to avoid unfairly punishing corporations and duplicative penalties.  We have seen DOJ credit monetary resolutions with other enforcement agencies—both foreign and domestic—in several of the highly coordinated NPAs and DPAs in recent history.  Just this year, for example, on January 18, 2018, HSBC Holdings PLC (“HSBC”) entered into a DPA with the DOJ Fraud Section[14] to resolve criminal charges filed against HSBC in the Eastern District of New York for two counts of alleged wire fraud impacting two bank clients.[15]  The government considered a number of factors in reaching its resolution with HSBC, including (1) the approximately $46.4 million that HSBC allegedly gained from the conduct; (2) the bank’s substantial remedial measures, such as improved internal controls and the termination of involved employees; and (3) HSBC’s commitment to enhance compliance and internal controls.[16]   DOJ did not grant credit for voluntarily disclosing the conduct, but it did award cooperation credit after HSBC made adjustments midstream to improve its responsiveness, and the quality of information conveyed, to the government.[17]  HSBC agreed to pay a monetary penalty of approximately $63.1 million to the U.S. Treasury.[18]  Significantly, in calculating restitution and disgorgement, the DOJ Fraud Section considered the bank’s monetary settlement of almost $8.1 million with Cairn Energy, one of the two bank clients allegedly impacted by the conduct at issue.[19]  With respect to the second bank client, the DOJ Fraud Section mandated a payment of $38.4 million as disgorgement, less the amount HSBC would pay to the bank client as restitution.[20] Similarly, on February 12, 2018, U.S. Bancorp (“USB”) and the Office of the U.S. Attorney for the Southern District of New York entered into a DPA.[21]  The DPA resolved criminal charges against USB, consisting of two alleged violations of the Bank Secrecy Act (“BSA”) by USB’s subsidiary, U.S. Bank National Association, for willfully failing to maintain an adequate anti-money laundering program and willfully failing to file a Suspicious Activity Report.[22]  The DPA specified that USB would pay the United States $528 million, less $75 million paid to the Office of the Comptroller of the Currency (“OCC”), to satisfy a civil penalty levied in a parallel OCC regulatory action.[23] In recognition of international enforcement considerations, DOJ acknowledged a resolution with the Parquet National Financier (“PNF”) in Paris in its agreement with Société Générale S.A. (“SocGen”).  Approximately one month after DOJ’s release of the “piling on” memorandum, on June 5, 2018, SocGen entered into a DPA with the DOJ Fraud Section and the U.S. Attorney for the Eastern District of New York.  As discussed in more depth in our 2018 Mid-Year Foreign Corrupt Practices Act (“FCPA”) Update, the DPA resolved criminal charges against SocGen filed in the Eastern District of New York for one count of alleged conspiracy violating the FCPA’s anti-bribery provisions and one count of allegedly transmitting false commodities reports.[24]  As part of the three-year DPA, the company agreed to pay a penalty of over $585 million to resolve the FCPA charges; however, DOJ also agreed to credit SocGen $292.8 million in light of its parallel resolution with PNF.[25]  With respect to the second charge, the company agreed to pay a $275 million penalty, for a combined criminal penalty of more than $860 million.[26]  Notably, SocGen’s DPA did not impose a compliance monitor, which a representative from France’s Anti-corruption Authority (“AFA”)—discussed further below—attributed to DOJ’s acknowledgment that, through SocGen’s monitorship with French authorities, “[DOJ] could get the information they needed from the good cooperation of the company and the good cooperation of French authorities.”[27] We applaud DOJ’s acknowledgement of the importance of coordination and cooperation to achieve equity in cases where a company is facing multiple government inquiries arising from the same set of facts.  Not only does such coordination help avoid unduly harsh and duplicative fines, it allows for more efficient resolutions and consistency in outcomes.  One of the growing trends of the past decade in white collar enforcement—prompted by conscious effort and outreach by enforcers—has been an increase in cross-border collaboration and information sharing.  Particularly where a company is facing overlapping investigations by regulators in multiple countries that do not recognize the concept of double jeopardy for international settlements, this kind of affirmative policy statement is key to promoting fair treatment of companies with cascading benefits to the many innocent stakeholders that depend upon them. Judicial Oversight of DPAs In recent years, we have reported on the continuing debate about judicial oversight of DPAs, evidenced by a growing trend of federal judges evaluating and approving or rejecting DPAs on their merits.  Nowhere was this trend more apparent than in the protracted disputes between the courts and the parties to proposed DPAs in the anti-money laundering and sanctions matter involving HSBC in the Eastern District of New York, and the sanctions matter involving Fokker Services in the District of Columbia, both covered extensively in our 2015 Mid-Year through 2017 Year-End Updates.  These cases each involved judicial efforts to engage with the merits of DOJ charging decisions (by now-former Judge John Gleeson of the U.S. District Court for the Eastern District of New York in HSBC and by Judge Richard Leon of the U.S. District Court for the District of Columbia in Fokker), a move that the Second Circuit and D.C. Circuit both soundly rejected on appeal.[28]  Although the movement toward greater judicial involvement in DPAs stalled somewhat following the Second Circuit’s decision in HSBC and the D.C. Circuit’s decision in Fokker, as described below, the first half of 2018 suggests that an appetite remains among some members of the judiciary to test the limits of permissible judicial oversight, and that certain members of Congress also may seek to grant greater oversight of DPAs to the judiciary. Fallout from HSBC and Fokker In the USB case described above, Judge Lewis A. Kaplan has criticized the HSBC and Fokker decisions in connection with his consideration of the USB DPA.  At a hearing on February 22, 2018, Judge Kaplan expressed his disapproval of the current lack of judicial oversight of DPAs, describing DPAs as “troublesome,” insofar as they allow corporations to avoid criminal prosecution by paying a fine instead of forcing culpable individuals to “pay the price” for their criminal activities.[29]  He added, “it seems to this judge that both the interests of deterrence and the interests of just punishment are better served in all or most cases by prosecution of the individuals responsible” because “[c]rimes for which corporations are legally responsible are always committed by individuals.”[30]  Nevertheless, Judge Kaplan concluded that he had “no discretion whatsoever” in the matter because of Second and D.C. Circuit precedent that limits judges’ authority to supervise DPAs.[31] Similarly, in connection with the Transport Logistics International, Inc. (“TLI”) DPA—discussed further in our 2018 Mid-Year FCPA Update—District of Maryland Judge Theodore Chuang criticized the DPA, which TLI and DOJ had entered into, before reluctantly approving it.  At a March 12, 2018 hearing on the agreement, echoing Judge Kaplan, Judge Chuang stated, “the thing that always bothers me about deferred prosecution agreements is that it seems as if the discussion is always about what do we do to save the company when it’s the company and its personnel who were engaged in crimes.”[32]  In his April 2, 2018 order approving the agreement, Judge Chuang noted that a DPA “should be reserved for companies that have engaged in extraordinary cooperation and have entirely rid themselves of all remnants of the prior criminal activity,” and worried that the TLI DPA created a risk of “insufficient deterrence” of repeat behavior in the future.[33]  Nevertheless, Judge Chuang concluded he was compelled to approve the agreement, citing the Fokker decision, where the D.C. Circuit held that a “district court may not ‘impose its own views about the adequacy of the underlying criminal charges’ and may only reject a DPA if it is not ‘geared to enabling the defendant to demonstrate compliance with the law’ and is instead ‘a pretext intended merely to evade the Speedy Trial Act’s time constraints.'”[34] As we have discussed in prior updates, we respectfully disagree with Judges Kaplan and Chuang that DPAs somehow represent a choice by prosecutors between penalizing a company and charging individuals.  In our experience, prosecutors do not forego holding individuals accountable in favor of imposing financial penalties on corporations.[35]  Indeed, as exemplified by agreements like TLI, NPAs and DPAs often form part of a suite of resolutions applied to various corporate entities and individuals involved in alleged misconduct.  In recent years, DPAs also have commonly included terms requiring continued cooperation and the sharing of facts to assist the government with effectively prosecuting any culpable individuals.[36]  It is also shortsighted to think that a lack of individual prosecutions signals a failure to pursue the individuals behind corporate misdeeds.  Building effective cases against individuals can be exceptionally challenging for complex white collar crimes, particularly without the kind of corporate cooperation and disclosure that an NPA or DPA may inspire.  Indeed, the USB matter involved a criminal charge focused on a collective corporate act, namely the alleged failure to have an effective anti-money laundering program in violation of 31 U.S.C. Section 5318, Chapter 3; attributing this alleged failure to any single individual might result in unjust and arbitrary outcomes.  Moreover, when personal liberties are at stake, individual defendants have a much greater appetite for trial, necessitating careful evaluation of the true viability of available evidence to secure a conviction.  It appears to us that—particularly in the post-Yates Memorandum era—prosecutors are bringing more individual cases notwithstanding any parallel corporate resolution. The “Ending Too Big to Jail Act” Judges criticizing the current role of DPAs in criminal enforcement also have found some support in Congress.  On March 14, 2018, Senator Elizabeth Warren (D-Mass.) introduced the Ending Too Big to Jail Act, aimed at increasing accountability for large financial institutions that violate the law.[37]  In an accompanying press release, Senator Warren asserted, “The fraud on Wall Street won’t stop until executives know they will be hauled out in handcuffs for cheating their customers and clients.”[38] Among other things, the legislation would require judicial oversight of DPAs between DOJ and financial institutions and prohibit a court from approving a DPA unless it determines that the agreement is in the public interest.[39]  In making such a determination, a court would have to consider:  (1) “whether any reforms required under the agreement are likely to prevent similar unlawful behavior in the future,” and (2) “whether any penalties under the agreement are sufficient to compensate victims and deter future unlawful actions.”[40]  Moreover, if the defendant at issue has previously been convicted or entered into a DPA with the government in connection with a related activity, a court would be prohibited from approving the agreement without good cause.[41]  The legislation also would authorize courts to oversee the implementation of DPAs, periodically request status reports, and require that DPAs be publicly filed.[42] Senator Warren’s bill has received mixed reviews.  On one hand, it has been endorsed by the AFL-CIO, Public Citizen, Americans for Financial Reform, and Professor Brandon Garrett of the University of Virginia School of Law.[43]  Similarly, in April, Mehrsa Baradaran of the University of Georgia School of Law published an article in Fortune commending the bill as a “much-needed balance in the scales of justice.”[44]  On the other hand, Peter Henning of the New York Times has argued that even if it were to pass—which, he says, is unlikely—it would fail to achieve its goal of increasing the number of prosecutions for corporate crimes because “[a]bsent proof of an executive’s involvement, or at least knowledge, of the fraud, a willful violation . . . would be difficult to prove.”[45] Developments in Corporate Monitorships Corporate monitorships often go hand in hand with white collar investigation resolutions, most often DPAs.  Even in cases where one ultimately is not imposed, the specter of a monitor frequently factors—either explicitly or implicitly—in negotiations with enforcement agencies.  Corporate monitorships can be exceptionally costly, and there are many pitfalls of monitor relationships—mission creep, company resource drain, and infeasible recommendations, to name a few—that must be deftly navigated when one is imposed.  In the sections that follow, we look first at  agreements that shed light on potential strategies for avoiding a corporate monitor in favor of self-reporting, and then at recent litigation and policy developments that may bear on monitor selection in cases where one cannot be successfully avoided. Avoiding the Independent Compliance Monitor Although NPAs and DPAs frequently impose robust self-evaluation and reporting requirements that can be challenging and costly to meet, virtually all companies strive for self-reporting rather than corporate monitorships due to the relative predictability, lack of disruption, and cost of self-reporting arrangements.  There is no blueprint for avoiding a corporate monitor beyond staying out of the investigative spotlight in the first place, but several recent NPAs and DPAs have included language that lends insight into the considerations that may sway enforcement agencies toward or away from an independent monitor requirement. Between 2016 and the present, there have been 17 agreements that imposed a compliance monitor, 21 agreements that required self‑reporting, and at least 26 agreements that imposed neither requirement.  Deciphering an agency’s decision to impose a monitor in lieu of self-reporting can be like reading tea leaves for anyone but the parties involved, but DOJ has recently made a handful of express statements in NPAs and DPAs that begin to shed light on at least some of its monitoring decisions. Of the 17 agreements imposing monitors from 2016 to present, for example, three have included an express emphasis on DOJ’s perception that the companies’ compliance programs were underdeveloped and/or only recently adopted.  One of these agreements, DOJ’s January 2017 DPA with Sociedad Química y Minera de Chile (“SQM”), imposed an independent compliance monitor for a period of two years, with the possibility of a one‑year extension,[46] noting: Although the Company has taken a number of remedial measures, the Company is still in the process of implementing its enhanced compliance program, which has not had an opportunity to be tested, and thus the Company has agreed to the imposition of an independent compliance monitor for a term of two years to diminish the risk of reoccurrence [sic] of the misconduct[.][47] The other two agreements, the 2018 Panasonic Avionics Corporation (“PAC”) DPA (discussed in detail below) and DOJ’s December 2016 settlement with Teva Pharmaceuticals (“Teva”) adopted similar language.  Like the SQM DPA, the PAC DPA also provided for a two‑year monitorship term with the possibility of a one‑year extension,[48] and noted that PAC “to date has not fully implemented or tested its enhanced compliance program, and thus the imposition of an independent compliance monitor for a term of two years . . . is necessary to prevent the reoccurrence [sic] of misconduct[.]”[49]  The Teva agreement—still one of the largest FCPA settlements in history—also cited Teva’s “compliance program enhancements,” but noted that they “are more recent and have accordingly not been tested.  Thus the Company has agreed to the imposition of an independent compliance monitor to diminish the risk of reoccurrence [sic] of the misconduct[.]”[50]  The Teva DPA imposed a monitorship for the full three‑year term of the agreement.[51]  In all three instances, DOJ seems to have focused not only on the design and implementation of compliance programs, but also on the testing of those programs in the ordinary course of business.[52] On the other side of the coin, seven of 21 agreements that have imposed self-monitoring have provided insight into the reasons why corporate monitors were avoided.  These agreements included a DPA with SocGen in 2018; DPAs with SBM Offshore (“SBM”) and Keppel Offshore & Marine Ltd. (“Keppel”) in 2017; an NPA with JPMorgan Securities (Asia Pacific) Limited (“JPMorgan-APAC”) in 2016; and NPAs with Credit Suisse (Hong Kong) Limited (“Credit Suisse”) in 2018, Legg Mason, Inc. (“Legg Mason”), and Imagina Media Audiovisual SL (“Imagina Media”), all of which included language very similar to the following: [B]ased on the Company’s remediation and the state of its compliance program, and the Company’s agreement to report to the United States  . . . the United States determined that an independent compliance monitor was unnecessary.[53] Each of these seven agreements imposed a three-year term (including three years of self-reporting) and contained extensive sections outlining the remedial and compliance efforts undertaken by the companies.  By way of illustration, we have briefly highlighted relevant provisions from a sampling of these agreements, below. Credit Suisse NPA (2018):  DOJ provided partial cooperation credit to Credit Suisse for, among other things, conducting an internal investigation, making factual presentations to DOJ, voluntarily making foreign employees available for interviews, producing documents from foreign countries and providing translations of those documents, and collecting and presenting evidence to DOJ.[54]  Although the Credit Suisse NPA noted that DOJ did not provide Credit Suisse with full voluntary disclosure, cooperation, or remediation credit, the company also received consideration for (1) adopting multiple, enumerated controls surrounding hiring, including post-hiring monitoring; (2)  requiring improved FCPA and anti-corruption training for all personnel, including job-specific training; (3) continued enhancements to the company’s internal controls and compliance programs; and (4) continued cooperation with on-going investigations, including any investigations into the conduct of officers, subsidiaries, employees, agents, and other third parties.[55]  For additional information regarding the Credit Suisse NPA, please see our 2018 Mid-Year FCPA Update. Société Générale S.A. DPA (2018): The SocGen DPA addressed two lines of alleged conduct: one relating to the FCPA, and the other relating to the London Interbank Offered Rate (“LIBOR”). With regard to the FCPA charges, the SocGen DPA notes that DOJ did not credit SocGen for voluntarily and timely disclosing the conduct underlying the FCPA charges resolved by the DPA.  SocGen did, however, receive substantial credit for cooperating with DOJ’s investigation of the FCPA conduct, including conducting a “thorough and robust” investigation, collecting “voluminous” evidence in other countries, and providing “frequent and regular updates” to DOJ regarding facts learned during the internal investigation.[56]  Nevertheless, SocGen’s DPA noted that the company did not receive full cooperation credit because of “issues that resulted in a delay during the early stages of the investigation, which led [DOJ], without the assistance of the company, to develop significant independent evidence of the company’s misconduct . . . .”[57]  In addition to cooperation credit, SocGen received consideration for (1) the fact that its wholly owned subsidiary pled guilty to conspiracy to violate the anti-bribery provisions of the FCPA; (2) remedial measures, including separation of employees related to the alleged FCPA conduct, creating a new anti-bribery and corruption compliance program, and enhancing anti-corruption training for all management and relevant employees; (3) providing all relevant facts known to it, including facts about individuals; (4) compliance program and internal controls enhancements; and (5) SocGen’s entering into civil and criminal resolutions abroad arising from the same conduct.[58] With regard to the LIBOR charges, the SocGen DPA notes that DOJ did not credit SocGen for voluntary disclosure.[59]  SocGen did receive partial cooperation credit for cooperation with DOJ’s investigation, including conducting a “thorough” internal investigation, collecting and producing “voluminous” evidence located in other countries, and providing frequent and regular updates to DOJ of facts learned during the company’s internal investigation.[60]  SocGen did not, however, receive full cooperation credit because “its cooperation with the government was incomplete during the early stages of the investigation,” and SocGen only became cooperative after DOJ had independently developed “significant evidence” of the alleged conduct.  Nevertheless, SocGen also engaged in remedial measures, including (1) separating implicated employees from the company; (2) implementing “substantial efforts to strengthen compliance;” (3) creating a new LIBOR oversight position; (4) implementing a new code of conduct; and (5) conducting a 100% review of all LIBOR submissions.[61]  As with the FCPA allegations above, SocGen also received consideration for providing all relevant facts, including facts relating to implicated individuals.[62] Keppel DPA (2017):  Keppel engaged in “substantial cooperation” with DOJ’s investigation by (1) completing a “thorough internal investigation;” (2) responding timely to DOJ’s requests; (3) “proactively identifying issues and facts that would likely be of interest” to DOJ; (4) providing extensive documents and evidence (including from foreign countries); (5) facilitating interviews of individuals; and (6) providing “all relevant facts known to it,” including information that assisted DOJ in prosecuting relevant individuals.[63]  Keppel’s remediation efforts included (1) disciplinary action against 17 former or current employees; (2) separation of seven employees involved in the alleged misconduct; (3) financial sanctions against 12 current or former employees; (4) demotion of and/or warnings to an additional seven employees for failing to detect or mitigate alleged misconduct; (5) $8.9 million in financial sanctions against current and former employees; and (6) other disciplinary and remediation measures.[64]  Keppel’s DPA fixed a three‑year term for the company’s self‑reporting requirement, with the possibility of a one‑year extension.[65] SBM DPA (2017):  DOJ credited SBM for making a full (though alleged untimely) disclosure of the alleged conduct, carrying out a “thorough internal investigation,” providing extensive documents and information to DOJ (including from overseas), making individuals available for DOJ interviews, and providing information that assisted DOJ’s prosecution of culpable individuals.[66]  SBM also terminated two of the three then‑current employees responsible for the alleged misconduct, and undertook a comprehensive review of agents that included the temporary cessation of payments to all agents and the termination of some agency relationships.[67]  In addition, SBM hired a full-time Chief Governance and Compliance Officer, engaged an independent company to design a new compliance program, created a whistleblower hotline, and trained its sales and marketing personnel.[68]  Finally, SBM submitted to similar oversight by the Dutch authorities in connection with a parallel investigation.[69]  SBM’s self‑reporting requirement was imposed for the full three years of the DPA, with the possibility of a one‑year extension.[70] JPMorgan-APAC NPA (2016):  JPMorgan-APAC received full cooperation credit in connection with its NPA based on its “thorough internal investigation,” “regular factual presentations,” facilitation of interviews of employees based overseas in the United States, and extensive production of documents and information to DOJ, including about relevant individuals.[71]  JPMorgan-APAC and JPMorgan also “engaged in extensive remedial measures” that involved separation or other discipline for nearly 30 employees; over $18.3 million in financial sanctions levied against current or former employees; enhanced hiring controls; a doubling of JPMorgan’s compliance resources, particularly in the APAC region; and enhanced compliance and FCPA programs and training.[72]  The NPA imposed the self‑reporting requirement for the full three‑year term of the agreement.[73] Although each case, and every negotiation, is unique, these agreements support a view that the stronger and more robust an existing compliance program, and the swifter and more dramatic a company’s remediation of identified compliance gaps and misconduct, the more likely DOJ will look favorably upon self-reporting, rather than a corporate monitor. Increased Focus on Monitor Candidates and Selection This year has seen an increased focus on monitor candidates and monitor selection, both in the courts and at DOJ.  The following section highlights a recent case in which the U.S. District Court for the District of Columbia ordered the names of several independent compliance monitor candidates be disclosed, and a new addition to DOJ’s template monitor selection criteria requiring attention to diversity principles in candidate identification. Tokar v. U.S. Department of Justice As the use of independent compliance monitors in DPAs, NPAs, and other negotiated agreements has increased, so has scrutiny of monitor selection.  Courts, in particular, have proven increasingly willing to wade into issues surrounding the selection of external monitors or the confidentiality of the work product they produce.  A recent decision rendered by the U.S. District Court for the District of Columbia in Tokar v. U.S. Department of Justice could have significant implications for the confidentiality of the monitor selection process and the privacy of the candidates considered for a monitor position. The process by which corporate compliance monitors are selected has been governed since 2008 by the Morford Memorandum,[74] by which DOJ established a series of guidelines for the vetting and selection of corporate monitors in response to a perception that the process was marred by conflicts of interest and favoritism.  According to this process, the government and corporate defendants are encouraged to consider a pool of “at least three qualified monitor candidates,” where practicable.  Although the Morford Memorandum does not fully define the concept of a “qualified candidate,” it provides examples of the skills and expertise that might be useful in a monitor role, citing attorneys, as well as “accountants, technical or scientific experts, and compliance experts,” as backgrounds that could benefit a monitor.[75] Critics, however, assert that, in practice, the monitor selection process remains opaque and continues to favor certain types of candidates over others.  Some, including the plaintiff in the Tokar case, have alleged that DOJ skews towards selecting criminal defense lawyers, many of whom are former prosecutors, to the exclusion of career compliance professionals who have deep experience implementing compliance programs that prevent companies from being repeat offenders.[76] In April 2015, journalist Dylan Tokar sought to investigate “manipulation” in the monitor selection process.[77]  Tokar filed a Freedom of Information Act (“FOIA”) request for records related to the vetting and selection of corporate compliance monitors in fifteen different FCPA settlements between DOJ and corporate defendants, including the names of monitor candidates.[78] On December 8, 2016, Tokar filed suit in the U.S. District Court for the District of Columbia to compel a response to his FOIA request.[79]  Six weeks later, DOJ provided Tokar with the information, but DOJ redacted the names and firms of candidates not selected for monitorships under FOIA exemptions 6, for “personnel and medical files and similar files the disclosure of which would constitute a clearly unwarranted invasion of personal privacy,” and 7(C), for records “compiled for law enforcement purposes . . . that could reasonably be expected to constitute an unwarranted invasion of personal privacy.”[80] Both parties moved for summary judgment.  DOJ argued that its redactions were justified by established FOIA exemptions to protect the privacy of third parties.[81] Contrarily, Tokar argued that DOJ’s redactions were impermissible under FOIA because “[t]he corporate compliance monitor candidates . . . have no privacy interest in the disclosure of their names and places of employment,” and regardless, the public interest in how DOJ enforces the anti-corruption laws outweighs any such privacy interest.[82] In an opinion issued on March 29, 2018, Judge Rudolph Contreras ordered DOJ to release the names and firm affiliations of the monitorship candidates.  Although the court acknowledged that individuals have “more than a de minimis privacy interest in their anonymity,” Judge Contreras concluded that “the public interest in learning these individuals’ identities outweighs that privacy interest, and therefore, the individuals’ names and firms must be released.”[83]  He further noted that any “embarrassment” to the individuals whose names were revealed would be mitigated by those individuals’ freedom to choose whether to be considered for a monitorship in the first place.[84] Panasonic Avionics Corporation (DPA) Also relevant to monitor selection, DOJ’s April 30, 2018 DPA with PAC, a wholly owned subsidiary of Panasonic Corporation (“Panasonic”), contains a provision that, for the very first time, expressly instructs that compliance monitor selections “shall be made in keeping with the Department’s commitment to diversity and inclusion.”[85]  According to a DOJ spokesperson, although the diversity provision was added to the DOJ Fraud Section’s standard template agreement in 2017, the April 30, 2018 DPA with PAC provided the first opportunity for it to be used.[86]  The spokesperson explained that the provision is consistent with DOJ’s “long-standing policy” to “embrace[] diversity of opinion and background.”[87]  The PAC DPA is discussed in greater detail immediately below. Other Recent NPAs and DPAs In addition to the agreements discussed at length in the preceding sections, the following NPAs and DPAs have been issued this year. Cultural Resources Analysts, Inc. (DPA) On February 5, 2018, Cultural Resource Analysts, Inc. (“CRA”) and DOJ entered into a DPA.[88]  The DPA resolved violations of the Archaeological Resources Protection Act.[89]  On December 22, 2017, the National Park Service issued a notice of violation to CRA for excavation activities that occurred on or around May 20, 2016, and August 8, 2017.[90]  The government agreed to the DPA for a number of reasons, including CRA’s voluntary disclosure of the underlying conduct and CRA’s compliance with the procedures in the notice of violation.[91]  As part of the DPA, CRA admitted responsibility for the conduct outlined in the notice of violation, agreed to pay a penalty of $15,024, agreed to return all artifacts discovered during the conduct, and agreed to obtain proper permits prior to the commencement of future projects.[92]  In return, the government deferred prosecution of CRA and current and former directors, officers, and employees who admitted knowledge of the conduct and cooperated with the government.[93]  We note that the CRA DPA unusually did not include a fixed term, and would therefore appear to apply indefinitely.  The provision for deferred prosecution of individuals also is unusual in that DPAs more commonly expressly disclaim any deferral of individual prosecutions and require companies to cooperate with any government investigations of individual misconduct.  This DPA is an excellent example of the myriad ways in which resolutions can be tailored to the specific needs of individual cases. Imagina Media (NPA) On July 10, 2018, DOJ announced an NPA with Imagina Media as part of a coordinated settlement with Imagina Media and its U.S. subsidiary, US Imagina, LLC.[94]  In connection with allegations that two of US Imagina, LLC’s executives had paid more than $6.5 million in bribes to high-ranking officials in the Caribbean Football Union and four Central American national soccer federations to secure media and marking rights to those federations’ World Cup qualifier matches, U.S. Imagina, LLC pleaded guilty to a criminal information charging it with two counts of wire fraud conspiracy.  Imagina Media entered into a related NPA in connection with the associated conduct of one of its co-Chief Executive Officers.  Under the terms of the NPA, Imagina Media agreed to pay the criminal penalty of $21,883,320 imposed on Imagina US LLC as part of its plea agreement.  The NPA was set for a term of three years. Legg Mason (NPA) On June 4, 2018, concurrently with the SocGen DPA, DOJ announced an NPA with Legg Mason, Inc.[95]  Both resolutions stem from SocGen’s payment of more than $90 million to a Libyan intermediary, while allegedly knowing that the intermediary was using a portion of those payments to bribe Libyan government officials in connection with $3.66 billion in investments placed by Libyan state-owned banks with SocGen.  A number of those investments were managed by a subsidiary of Legg Mason.  The NPA, which secured a penalty from Legg Mason of $64.2 million, had a term of three years.  For additional analysis of this agreement, please see our 2018 Mid-Year FCPA Update. Panasonic Avionics Corporation (DPA) On April 30, 2018, DOJ announced the PAC DPA, which resolved charges arising out of alleged criminal violations of the internal accounting controls and books and records provisions of the FCPA.  To resolve the matter, PAC agreed to pay $137.4 million in criminal penalties.[96]  In a related proceeding, Panasonic agreed to pay $143 million in disgorgement to the SEC, for a combined settlement amount of U.S. criminal and regulatory penalties of over $280 million.[97] Notably, PAC received a 20% discount from the low end of the range suggested under the U.S. Sentencing Guidelines, even though it did not voluntarily self-disclose the misconduct.  DOJ noted that this was attributable to PAC’s “cooperation and remediation, which, although untimely in certain respects, did include causing several senior executives who were either involved in or aware of the misconduct to be separated from PAC or Panasonic.”[98]  Furthermore, in Panasonic’s $143 million civil settlement, the SEC noted that the parent company afforded cooperation to the SEC “in the later stages of the staff’s investigation,”[99] which suggests that the company may have been less cooperative during the early stages of the investigation.  This outcome demonstrates a pattern that we have seen several times before in enforcement actions: that it is better late than never for companies to take steps toward full cooperation, and that even in the face of egregious conduct, companies can make a comeback with regulators through direct advocacy and open engagement coupled with substantive remediation. As discussed above, the PAC DPA also is the only agreement in 2018 (to date) to impose a monitorship requirement.  The PAC DPA imposed an independent compliance monitor for a period of two years, and also required an additional year of self-reporting to DOJ.[100] Red Cedar Services, Inc. (NPA) and Santee Financial Services, Inc. (NPA) In April 2018, DOJ entered into separate NPAs with two companies, Red Cedar Services, Inc. (“Red Cedar”) and Santee Financial Services, Inc. (“STS”), relating to charges arising under the Racketeer Influenced and Corrupt Organizations Act (“RICO”), and allegations relating to wire fraud and anti-money laundering.[101]  Notably, the NPAs arise from the same predicate investigation as the USB DPA.  Both Red Cedar and STS—corporations established by Indian tribes (the Modoc Tribe of Oklahoma and the Santee Sioux Tribe of Nebraska, respectively)—allegedly entered into business agreements concerning payday lending with an individual named Scott Tucker and various entities controlled by Tucker.[102]  Under the payday lending agreements, Tucker and the entities controlled by Tucker allegedly provided capital to make loans and allegedly opened, or caused to be opened, bank accounts in the names of entities controlled by Red Cedar and STS, without meaningful involvement by these entities.[103]  In return for monthly payments, Tucker allegedly used the agreements with these entities to evade state usury laws using claims of sovereign immunity.  The NPA Statements of Fact further alleged that, in related state court litigation concerning Tucker’s payday lending business, representatives of the Modoc and Santee tribes submitted false affidavits overstating the involvement of the tribes in Tucker’s loan business.[104]  As a condition of its NPA, Red Cedar agreed to forfeit $2 million; STS agreed to forfeit $1 million.  The NPAs both were set for a term of one year.[105] Rite Aid Corporation (NPA) On January 24, 2018, DOJ announced an NPA with national pharmacy chain Rite Aid Corporation (“Rite Aid”) to resolve potential criminal charges arising under the Controlled Substances Act (“CSA”) from Rite Aid’s alleged improper sale of pseudoephedrine (“PSE”), a common precursor in the production of methamphetamine, between January 2009 and October 2012.[106]  The NPA noted that Rite Aid sold over 850,000 grams of PSE for over $5 million during that time period, and that Rite Aid failed to adequately train its employees in the responsible sale of PSE products to ensure not only that PSE buyers did not exceed applicable purchase limits, but that Rite Aid employees denied sales to persons they suspected not to have a legitimate medical purpose for purchasing PSE products.[107] As part of the settlement, Rite Aid accepted full responsibility for its role in these improper sales, and agreed to pay a total of $4 million in restitution, representing approximately 80% of its gross sales of PSE in West Virginia during the subject period.[108]  Notably, the entire $4 million penalty was designated for agencies in West Virginia, with $2.6 million going to the West Virginia Crime Victims Compensation Fund and the remaining $1.4 million allocated to the West Virginia Department of Health and Human Resources, which specifically agreed as a condition of its participation in the settlement that these funds would be used to fund substance abuse treatment within the state.[109] Among the factors the U.S. Attorney’s Office cited in support of this settlement were Rite Aid’s willingness to accept full responsibility for its actions and the considerable remediation efforts Rite Aid had undergone since October 2012, which it promised to continue as part of the agreement.  These efforts included (1) selling only tamper-resistant single-ingredient PSE products; (2) keeping PSE products out of view of customers; (3) selling PSE products only in the pharmacy area; (4) screening PSE sales via a centralized computer system; and (5) training store employees on how to identify suspicious PSE customers and encouraging them to report suspicious activity involving PSE sales to the authorities.[110] Notably, resolutions under the CSA generally are civil rather than criminal in nature, making the Rite Aid NPA highly unusual.  Indeed, we are aware of only one other agreement—an NPA with the United Parcel Service, Inc., in 2013—that addressed potential criminal misconduct under the CSA.  More commonly, DOJ elects for civil charges and a large financial settlement.  On January 17, 2017, for example, DOJ announced that DOJ and the Drug Enforcement Administration had entered a record $150 million civil settlement and five-year compliance monitorship with McKesson Corporation, one of the nation’s largest drug distributors, for allegedly failing to implement and maintain an effective compliance program for detecting and responding to suspicious orders of controlled substances.[111] International DPA Developments As use of corporate NPAs and DPAs has become more established in the United States, countries around the globe have increasingly looked to the U.S. model, and derivative models like the United Kingdom’s DPA regime, in expanding their own resolution toolboxes.  This section first provides updates from the United Kingdom, which was second to adopt DPAs as a means for resolving corporate enforcement actions, and France, which formally established its own DPA-like program just last year.  It then briefly surveys developments around the globe—from Canada to Switzerland—in countries that have adopted, or are considering adopting, similar regimes.       United Kingdom Although the U.K. Serious Fraud Office (“SFO”) has not entered into any new DPAs during the first six months of 2018, agency officials have made clear that “[w]e are open for business” with “no shortage of work in the pipeline.”[112]  In June 2018, the U.K. Attorney General’s Office named a new Director of the SFO, Lisa Osofsky, who will officially assume the role on September 3, 2018.[113]  Until then, Interim Director Mark Thompson will “maintain business as usual at the SFO and continue the mandate set by the previous Director.”[114] Recent remarks from prominent SFO officials suggest that this mandate will include upholding the agency’s firm cooperation requirement for achieving a DPA.  In June, Camilla de Silva, Joint Head of Bribery and Corruption, provided an anti-corruption enforcement update at the Herbert Smith Freehills Corporate Crime Conference 2018.  During her speech, de Silva emphasized the importance of legitimate cooperation for companies hoping to secure a DPA in lieu of prosecution, stating that “[t]he SFO will only invite a company to enter into an agreement to defer prosecution where the company has genuinely cooperated with the SFO.”[115]  Because, in the SFO’s view, a DPA is advantageous in that it allows a company to avoid a criminal conviction and associated collateral consequences, de Silva explained that the bar to securing a DPA is “necessarily a high one.”[116] During another speaking engagement earlier this year, de Silva provided insight into the SFO’s expectations for corporate cooperation.  First, the SFO considers when the company first contacted the SFO.[117]  She described DPAs as “a reward for openness – the sooner you come in, self-report and the more you are open with us, the more you have to be rewarded for.”[118]  Second, the SFO evaluates the company’s internal investigation efforts, including the willingness of the company to provide the SFO with access to the results of the internal investigation, the thoroughness of the work completed to date, and the collection and preservation of relevant data.[119]  With regard to self-reporting, we note that the neither the SFO nor the judiciary historically has uniformly required self-reporting for corporations hoping to secure a DPA; rather, self-reporting historically has been a highly important, but not a definitive, factor.[120] During the 12th International Pharmaceutical and Medical Device Compliance Congress in May, de Silva also highlighted the importance of remediation in the DPA context, including making relevant changes to a company’s compliance program and removing responsible senior employees.[121]  When the SFO is evaluating whether to offer a DPA as a resolution, she explained, evidence that the company has “address[ed] past inadequacies by taking steps to remediate [. . .] would be a positive consideration.”[122]       France In our 2017 Year-End Update, we discussed France’s first application of the corporate settlement provision in France’s Law on Transparency, Fight Against Corruption and Modernization of Economic Life (Loi relatif à la transparence, à la lutte contre la corruption et à la modernisation de la vie économique) (“Sapin II”).[123]  We previously covered the development of this long-anticipated legislation in our 2016 Mid-Year Update and 2016 Year-End Update. One key provision of Sapin II allows the Public Prosecutor (procureur de la République) to offer legal entities an agreement known as a Convention judiciaire d’intérêt public (“CJIP”) in lieu of court proceedings when the investigating magistrate has found a sufficient factual basis for imposing liability and the legal entity recognizes responsibility for its acts.[124] As discussed in our 2017 Year-End Update, the National Financial Prosecutor of France announced the first negotiated resolution under Sapin II on November 28, 2017, with a Swiss subsidiary of HSBC.  Since that inaugural agreement, France has utilized CJIP agreements four times to settle charges arising from two investigations.  Three companies, as discussed further below, agreed to monitors as part of CJIPs. Agreements with Kaeffer Wanner, Set Environment, and SAS Poujaud Three of the four agreements entered thus far in 2018 stemmed from allegations that certain French companies agreed to pay bribes to an employee of Electricité de France (“EDF”), a French public utility company, in exchange for new or renewed government contracts.  The investigation into these allegations was prompted by a whistleblower tip to EDF, that one of its employees was requesting and accepting commissions in exchange for allocating or retaining public contracts.  In July 2011, after EDF received the whistleblower tip and conducted an initial internal investigation, it reported the allegations to French police.  French prosecutors initiated a preliminary inquiry shortly thereafter. In February 2012, the employee of EDF who allegedly solicited or accepted the bribes was formally placed under criminal investigation for corruption charges.[125]  Subsequently, the investigation allegedly established that certain French companies, including Kaeffer Wanner (“KW”), Set Environment (“Set”), and SAS Poujaud (“Poujaud”) agreed to pay bribes to this employee to continue their contracts with EDF.  KW, Set, and Poujaud acknowledged their responsibility for the activities giving rise to the charges of active public corruption brought against them and agreed to enter into CJIP agreements with PNF.[126]  The companies were fined up to the amount of the benefits that resulted from the aforementioned alleged bribes, within a cap of 30% of their average revenue calculated over the previous three years.[127] In addition to fines, KW and Set agreed to monitorships by the French anti-corruption authority AFA, an agency created in 2017 under Sapin II.  Unlike in the United States where enforcement agencies do not directly oversee the monitor’s day-to-day work, AFA agents and experts appointed by AFA directly operate monitorships in France.  Although the prosecutor determined that KW already had a compliance program in place, the CJIP nevertheless required that KW submit to an eighteen-month monitorship to ensure adherence to the existing compliance program.  Set agreed to a two year monitorship.  Under the terms of the CJIPs, each company will bear the monitoring costs, up to €290,000 (approximately $340,655) for KW and up to €200,000 (approximately $234,935) for Set.  In a recent interview with Global Investigations Review, AFA compliance expert Julien Laumain reported that these monitorships are underway.  Although AFA’s approach remains a “work in progress,” Laumain outlined AFA’s five-stage monitorship process: (1) an “inventory of the company’s anti-corruption system” performed by AFA agents and resulting in a Phase 1 report issued within three months; (2) a company-proposed action plan—provided within six months—to improve the company’s anti-corruption compliance program; (3) AFA’s one-month review and consideration of the action plan; (4) company implementation of the action plan, including quarterly reviews by AFA and reports to prosecutors that entered into the CJIP; and (5) a final audit report prepared by AFA, including an assessment of whether the company has met AFA’s anti-corruption compliance goals.[128]  Laumain also remarked on France’s involvement in foreign monitorships, including requirements that French companies subject to a U.S. monitor provide information to AFA first.[129] Set and KW  agreed to the CJIPs on February 14 and 15, 2018, respectively, and the Vice President of the High Court of Nanterre approved both CJIPs on February 23, 2018.[130]  The CJIPs and the High Court’s decisions became binding and public on March 7, 2018, after the expiration of the ten-day opt-out period.  The CJIP with Poujaud was concluded on May 7, 2018, and approved by the Vice President of the High Court of Nanterre on May 25, 2018.[131]  The CJIPs and the High Court’s decisions became binding and public on June 4, 2018. CJIP Agreement with Société Générale SA PNF reached a CJIP agreement with French Bank SocGen to settle claims that SocGen paid bribes to obtain investments from Libyan state-owned financial institutions.  Under the CJIP agreement, which was ratified by PNF on May 24, 2018, SocGen agreed to pay penalties of €250,150,755 (approximately  $289,367,252).[132]  SocGen also agreed to implement a compliance program and cooperate with a two-year compliance monitorship supervised by AFA.  SocGen will pay up to €3,000,000 (approximately $3,524,022) for the cost of the monitor.  The President of the High Court of Paris (Tribunal de grande instance de Paris) approved the CJIP agreement on June 4, 2018, and it became public ten days later at the conclusion of the opt-out period.[133] The CJIP agreement with SocGen was announced in conjunction with a settlement reached between SocGen, DOJ, and the U.S. Commodity Futures Trading Commission (“CFTC”).  The agreement with DOJ is discussed in a preceding portion of this Update.       Canada’s “Remediation Agreement Regime” Last year, as addressed in our 2017 Year-End Update, the Government of Canada concluded  a public comment period regarding the possible adoption of a DPA regime.  At the close of this process, the Canadian legislature introduced an amendment in March 2018 to create a so-called “made-in-Canada” version of a DPA program, called a Remediation Agreement Regime.[134]  The legislation was introduced in conjunction with an announcement regarding changes to the already-existing Integrity Regime, which provides for potential debarment from contracting of government suppliers that have been charged or admitted guilt of the offences identified in Canada’s Ineligibility and Suspension Policy.[135]  These two measures are intended to work together to create “incentives for corporations to self-report and [to] encourage[] stronger corporate compliance.”[136]   The bill introducing the Remediation Agreement Regime was passed by both houses of Parliament and received Royal Assent on June 21, 2018.[137] According to the new legislation, and in line with nearly all comments received by the Government during the public comment period,[138] remediation agreements will only be available to organizations; individuals are ineligible.[139]  One question addressed in the Government’s discussion paper was what factors should be considered relevant for DPA negotiation purposes.[140]  Many of the factors that were offered by participants in the process made it into the text of the law, which states that a prosecutor must consider the following factors when deciding whether to offer a remediation agreement: (a) the circumstances in which the act or omission that forms the basis of the offence was brought to the attention of investigative authorities; (b) the nature and gravity of the act or omission and its impact on any victim; (c) the degree of involvement of senior officers of the organization in the act or omission; (d) whether the organization has taken disciplinary action, including termination of employment, against any person who was involved in the act or omission; (e) whether the organization has made reparations or taken other measures to remedy the harm caused by the act or omission and to prevent the commission of similar acts or omissions; (f) whether the organization has identified or expressed a willingness to identify any person involved in wrongdoing related to the act or omission; (g) whether the organization—or any of its representatives—was convicted of an offence or sanctioned by a regulatory body, or whether it entered into a previous remediation agreement or other settlement, in Canada or elsewhere, for similar acts or omissions; (h) whether the organization — or any of its representatives — is alleged to have committed any other offences, including those not listed in the schedule to this Part; and (i) any other factor that the prosecutor considers relevant.[141] Although the final factor appears to be a “catch-all,” the law explicitly states that, “if the organization is alleged to have committed an offense under section 3 or 4 of the Corruption of Foreign Public Officials Act,” which covers bribing foreign public officials—much like the FCPA in the United States—the prosecutor “must not consider the national economic interest, the potential effect on relations with a state other than Canada[,] or the identity of the organization or individual involved.”[142] The new law states that a remediation agreement requires judicial approval, and that approval must be granted if the court finds that the agreement is in the public interest, and the terms of the agreement are fair, reasonable and proportionate.[143]  At the end of the term of the DPA, if the accused organization has complied with the terms and conditions of the agreement, the prosecutor applies to the judge for an order of successful completion.[144]  The judge issues an order stating that the terms of the agreement have been met.[145]  Accordingly, “[t]he order stays the proceedings against the organization for any offence to which the agreement applies, the proceedings are deemed never to have been commenced and no other proceedings may be initiated against the organization for the same offence.”[146] The approving court has the discretion to decide not to publish the remediation agreement and subsequent order “if it is satisfied that the non‑publication is necessary for the proper administration of justice.”[147]  In deciding whether this standard is satisfied, the court is instructed to consider, among other factors, “society’s interest in encouraging reporting . . . and the participation of victims in the criminal justice process,” “whether it is necessary to protect the identify” of any individuals involved, and the potential adverse impact on the Government’s investigation or prosecution.[148] Although the terms of the agreement will vary based on the circumstances, certain terms are required in all agreements, such as a statement of facts and an admission of responsibility.[149]  Terms must also include the organization’s obligation to cooperate in the Government’s investigation, to forfeit any gains based on the alleged conduct, and to make reparations and pay a penalty.[150]  Although not mandatory, a remediation agreement could appoint an independent monitor “to verify and report to the prosecutor on the organization’s compliance.”[151] The new Remediation Agreement Regime will come into effect on September 18, 2018, 90 days after it received Royal Assent.[152]          Poland In May of this year, Poland’s Ministry of Justice proposed legislation that would drastically alter prosecutors’ ability to charge corporations with violations of the Polish criminal code while also allowing corporate defendants to resolve such charges through U.S.-style DPAs. Under current Polish law, corporations may be criminally charged only if a “related” individual has previously been convicted of one of the specific offenses enumerated in the relevant statute.[153]  Polish law gives broad meaning to those individuals who qualify as “related” for purposes of attributing liability to the corporation, and the theoretical limits of this potential corporate liability under Polish law approach the very broad contours of respondeat superior liability in the United States.  Assuming this prerequisite can be met, corporations can then be prosecuted if they derived some form of economic benefit, even indirectly, from the individual’s actions and failed to exercise sufficient diligence in selecting or supervising him or her.[154]  Under the proposed legislation, however, corporations may be charged independently of any prosecutions of relevant individuals.[155]  Furthermore, prosecutors could charge corporations for a variety of categories of criminal offenses, as opposed to simply those enumerated in the actual legislation.[156]  In addition, the draft statute increases the maximum penalty that could be imposed upon corporations from the current cap of zł5 million to zł30 million (from approximately $1.3 million to $8 million).[157]  Finally, failure to internally investigate whistleblower reports and remediate any issues identified would, under the new legislation, result in a zł60 million (approximately $16 million) increase in any potential fine.[158]  Nevertheless, the proposed legislation offers opportunities for potential corporate defendants to mitigate their exposure.  Not unlike in the United States and now the United Kingdom, if a corporation self-discloses misconduct, provides authorities with evidence related to specific individuals implicated in that misconduct, agrees to compensate any victims of wrongdoing, and pays a penalty of up to zł3 million (approximately $801,258), authorities have the discretion to suspend the prosecution.[159]       Singapore On March 19, 2018, the Singapore Parliament passed the Criminal Justice Reform Act, which, among other things, introduces a DPA regime to the jurisdiction for the first time.[160]  As with DPAs in the United States (as well as other jurisdictions), the newly introduced DPA framework gives prosecutors in Singapore the ability to choose not to pursue charges on the condition that the suspected party agrees to certain measures, such as the payment of financial penalties, the implementation of appropriate compliance regimes, and continued cooperation in investigations.[161]  In addition, as in the United States, the Singaporean DPAs are designed to act as an inducement for corporations to voluntarily disclose any issues that they discover, and to cooperate fully with investigative authorities, in return for the opportunity to avoid a criminal conviction. Beyond the general framework, however, there are a number of differences between the DPA regimes in Singapore and the United States.  To begin with, DPAs in Singapore will only be available for specific offenses, including corruption, money laundering, and receipt of stolen property offenses, but not the primary fraud offense of “cheating” (similar to common law fraud).[162]  Moreover, as with DPAs in the United Kingdom, Singapore’s DPAs only apply to corporate bodies,[163] as opposed to individuals, and the terms the DPA must be approved by the Singaporean High Court with a judge satisfied that the DPA is “in the interests of justice,” and that the terms are “fair, reasonable and proportionate.”[164]  The court’s approval of a DPA is a matter of public record, as are the terms of the agreement and the facts of the underlying conduct. Singapore’s introduction of DPAs comes in response to Singapore’s first major corruption case, which involved Keppel and its U.S. subsidiary.  In December 2017, Keppel agreed to pay a total penalty of more than $422 million to resolve corruption charges relating to bribes allegedly paid in Brazil.[165]  The terms of the penalty were set out in a DPA with DOJ, which required Keppel to pay $211 million in criminal penalties in Brazil, and $105 million each to the United States and Singapore.[166]  At the time, Indranee Raja, a member of the Singaporean Parliament, noted that the global resolution coordinated among the United States, Brazil, and Singapore allowed for a greater penalty to be levied against Keppel than would have been possible if Singapore had prosecuted the case itself, because the maximum penalty under Singapore’s Prevention of Corruption Act was only $75,000.  She also noted that the U.S. DPA required Keppel to introduce an enhanced compliance program.[167]  Singapore’s new DPA framework does not include a statutory limit on financial penalties.          Switzerland In March 2018, the Swiss Office of the Attorney General (“OAG”) presented a proposal to develop a framework for DPAs in Switzerland.[168] After a public consultation period, the proposal was presented to the Swiss parliament, where it is currently pending review.[169] The OAG’s proposal largely mimics the U.S. model.  It provides that after the completion of an investigation, if the conditions for an indictment are fulfilled, the prosecutor can enter into an agreement to defer prosecution, provided that the company fully cooperated throughout the investigation and has cooperated in the identification of the relevant individual(s) responsible for the offense.[170]  The DPA should include the following types of information: (1) a statement of the underlying facts which must be acknowledged by the company; (2) the amount of the fine(s) to be paid or assets to be released or confiscated; (3) a summary of the company’s efforts and internal controls to prevent future offenses; (4) the appointment of an independent auditor at the company’s expense to monitor implementation of internal control measures; (5) provision for periodic reports by the independent auditor to the prosecutor; (6) determination of a “probation period” of two to five years; and (7) specified consequences for violation of terms of the agreement.[171]  The proposed agreement template provides that if a company violates the agreement during the probation period and does not take timely remedial measures, the prosecutor will indict the company in the competent court.  However, if the company fulfills the agreement during the probation period, the prosecutor will terminate the proceedings. Swiss Federal Prosecutor Michael Lauber has spoken out in favor of the proposals, noting a need for “new instruments in large-scale proceedings” because current proceedings “take far too long and are very difficult to manage.”[172]  The Federal Prosecutor’s Office generally supports the proposed DPAs, but only in situations where the investigation has concluded and the company cooperates, recognizes the allegations, pays fines and compensatory costs, and commits to improving internal controls with help from external oversight.[173]  Critics of the proposal fear unequal treatment if some companies are allowed to enter DPAs while others are denied that option and must proceed to resolution through the courts.  An additional criticism is that the availability of DPAs could incentivize companies to turn certain individuals into scapegoats while avoiding conviction themselves.[174]  Critics are also concerned about companies escaping liability by “buy[ing] their way out” of a public trial.[175] ________________________________ APPENDIX:  2018 YTD Non-Prosecution and Deferred Prosecution Agreements The chart below summarizes the agreements concluded by DOJ to date in 2018.  As noted above, as in 2017, the SEC has not entered into any NPAs or DPAs in 2018.  The complete text of each publicly available agreement is hyperlinked in the chart. The figures for “Monetary Recoveries” may include amounts not strictly limited to an NPA or a DPA, such as fines, penalties, forfeitures, and restitution requirements imposed by other regulators and enforcement agencies, as well as amounts from related settlement agreements, all of which may be part of a global resolution in connection with the NPA or DPA, paid by the named entity and/or subsidiaries.  The term “Monitoring & Reporting” includes traditional compliance monitors, self-reporting arrangements, and other monitorship arrangements found in settlement agreements. U.S. Deferred and Non-Prosecution Agreements in 2018 YTD Company Agency Alleged Violation Type Penalty/Fine Monitoring & Reporting Term of DPA/ NPA (months) Credit Suisse (Hong Kong) Limited DOJ Fraud; E.D.N.Y. FCPA NPA $47,029,916 Yes 36 Cultural Resource Analysts, Inc. M.D. Tenn. Archaeological Resources Protection Act DPA $15,024 No Indefinite HSBC Holdings plc DOJ Fraud Fraud (Wire Fraud) DPA $109,579,000 Yes 36 Imagina Media Audiovisual SL E.D.N.Y. FCPA NPA $12,883,320 Yes 36 Legg Mason, Inc. E.D.N.Y. FCPA NPA $64,242,000 Yes 36 Panasonic Avionics Corporation DOJ Fraud FCPA DPA $280,602,831 Yes 36 Red Cedar Services, Inc. S.D.N.Y. RICO Act; Fraud (Wire Fraud); AML NPA $2,000,000 No 12 Rite Aid Corporation S.D. W. Va. Controlled Substances Act NPA $4,000,000 No 24 Santee Financial Services, Inc. S.D.N.Y. RICO Act; Fraud (Wire Fraud); AML NPA $1,000,000 No 12 Société Générale S.A. DOJ Fraud; E.D.N.Y. FCPA; Transmitting false commodities reports DPA $1,335,552,888 Yes 36 Transport Logistics International, Inc. DOJ Fraud; D. Md. FCPA DPA $2,000,000 Yes 36 U.S. Bancorp S.D.N.Y. BSA DPA $613,000,000 Yes 24   [1] NPAs and DPAs are two kinds of voluntary, pre-trial agreements between a corporation and the government, most commonly DOJ.  They are standard methods to resolve investigations into corporate criminal misconduct and are designed to avoid the severe consequences, both direct and collateral, that conviction would have on a company, its shareholders, and its employees.  Though NPAs and DPAs differ procedurally—a DPA, unlike an NPA, is formally filed with a court along with charging documents—both usually require an admission of wrongdoing, payment of fines and penalties, cooperation with the government during the pendency of the agreement, and remedial efforts, such as enhancing a compliance program and—on occasion—cooperating with a monitor who reports to the government.  Although NPAs and DPAs are used by multiple agencies, since Gibson Dunn began tracking corporate NPAs and DPAs in 2000, we have identified approximately 485 agreements initiated by the DOJ, and 10 initiated by the SEC. [2] Press Release, U.S. Sec. & Exch. Comm’n, SEC Proposes Whistleblower Rule Amendments (Jun. 28, 2018), https://www.sec.gov/news/press-release/2018-120.  The current rules are silent on whether NPA and DPA recoveries may form the basis of a whistleblower award; the proposed rule would modify the definition of “action” under Regulation 21F-4(d) to include NPAs and DPAs, and “monetary sanction” under Regulation 21F-4(e) to include money paid pursuant to such agreements. [3] U.S. Dep’t of Justice, Remarks of Deputy Attorney General Rod Rosenstein, “Deputy Attorney General Rod Rosenstein Delivers Remarks to the New York City Bar White Collar Crime Institute” (May 9, 2018), https://www.justice.gov/opa/speech/deputy-attorney-general-rod-rosenstein-delivers-remarks-new-york-city-bar-white-collar [hereinafter Rosenstein Speech]. [4] See Deputy Attorney General of the United States, Memorandum re Policy on Coordination of Corporate Resolution Penalties (May 9, 2018), https://www.justice.gov/opa/speech/file/1061186/download [hereinafter Rosenstein Memorandum]. [5] Rosenstein Speech, supra note 3. [6] Id. [7] Rosenstein Memorandum, supra note 4. [8] Rosenstein Speech, supra note 3. [9] Id. [10] Id. [11] Id. [12] Id. [13] Id. [14] Deferred Prosecution Agreement, United States v. HSBC Holdings PLC, No. 1:18-cr-00030 (E.D.N.Y. Jan. 18, 2018) [hereinafter HSBC DPA]; see also Press Release, U.S. Dep’t of Justice, HSBC Holdings Agrees to Pay More than $100 Million to Resolve Fraud Charges (Jan. 18, 2018), https://www.justice.gov/opa/pr/hsbc-holdings-plc-agrees-pay-more-100-million-resolve-fraud-charges. [15] HSBC DPA, supra note 14, at 1. [16] Id. at 3–4. [17] Id. at 3. [18] Id. at 8–9. [19] Id. at 9. [20] Id. [21] Deferred Prosecution Agreement, United States v. U.S. Bancorp, No. 18-cr-150 (S.D.N.Y. Feb. 12, 2018), [hereinafter U.S. Bancorp DPA]; see also Press Release, U.S. Dep’t of Justice, Manhattan U.S. Attorney Announces Criminal Charges Against U.S. Bancorp for Violations of the Bank Secrecy Act (Feb. 15, 2017), https://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-announces-criminal-charges-against-us-bancorp-violations-bank. [22] U.S. Bancorp DPA, supra note 21, at 1. [23] Id. at 2, 13; In re U.S. Bank Nat’l Assn., Cincinnati, OH, AA-EC-2018-84, Art. II (Feb. 13, 2018). [24] Deferred Prosecution Agreement, United States v. Société Générale S.A., No. 18-CR-253, (E.D.N.Y. June 5, 2018) [hereinafter SocGen DPA]. [25] Press Release, U.S. Dep’t of Justice, Société Générale S.A. Agrees to Pay $860 Million in Criminal Penalties for Bribing Gaddafi-Era Libyan Officials and Manipulating LIBOR Rate (June 4, 2018), https://www.justice.gov/opa/pr/soci-t-g-n-rale-sa-agrees-pay-860-million-criminal-penalties-bribing-gaddafi-era-libyan. [26] Id. [27] Michael Griffiths, Global Investigations Review Just Anti-Corruption, French compliance monitorships a “work in progress” (Jul. 9, 2018), https://globalinvestigationsreview.com/article/1171535/french-compliance-monitorships-a-work-in-progress. [28] See United States v. HSBC Bank USA, N.A. et al., 12-CR-763, 2016 WL 34670 (E.D.N.Y. Jan. 28, 2016), rev’d 863 F.3d 125 (2d Cir. 2017); United States v. Fokker Servs. B.V., 79 F. Supp. 3d 160 (D.D.C. 2015), rev’d 818 F.3d 733 (D.C. Cir. 2016). [29] Arraignment at 8–9, United States v. U.S. Bancorp, No. 18-cr-150 (S.D.N.Y. Feb. 22, 2018), ECF No. 9. [30] Id. [31] Id. at 10. [32] Transcript of Proceedings – Motions Hearing at 16–17, United States v. Transp. Logistics Int’l, Inc., No. 8:18-cr-00011-TDC (D. Md. Mar. 12, 2018), ECF No. 9. [33] Order at 2, United States v. Transp. Logistics Int’l, Inc., No. 8:18-cr-00011-TDC (D. Md. Apr. 2, 2018), ECF No. 10. [34] Id. at 2–3 (quoting United States v. Fokker Servs. B.V., 818 F.3d 733, 744 (D.C. Cir. 2016)). [35] See Warin, Diamant, and Farrar, All in the Nuance, Corporate NPA and DPA (March 2018) at 2 (noting that, according to the U.S. Attorneys’ Manual, prosecutors should consider “the adequacy of prosecution of individuals responsible for corporate malfeasance” in making charging decisions). [36] See id. at 3 (noting that the U.S. Attorneys’ Manual acknowledges the potential importance of a corporation’s cooperation in “identifying potentially relevant actors and locating relevant evidence . . . and in doing so expeditiously”). [37] Elizabeth Warren Unveils Legislation to Hold Wall Street Executives Criminally Accountable, Corporate Crime Reporter (Mar. 14, 2018), https://www.corporatecrimereporter.com/news/200/elizabeth-warren-unveils-legislation-hold-wall-street-executives-criminally-accountable/. [38] Press Release, Elizabeth Warren, On Tenth Anniversary of Financial Crisis, Warren Unveils Comprehensive Legislation to Hold Wall Street Executives Criminally Accountable (Mar. 14, 2018), https://www.warren.senate.gov/newsroom/press-releases/on-tenth-anniversary-of-financial-crisis-warren-unveils-comprehensive-legislation-to-hold-wall-street-executives-criminally-accountable. [39] Ending Too Big to Jail Act, S. 2544, 115th Cong. § 4 (2018), https://www.govtrack.us/congress/bills/115/s2544. [40] Id. [41] Id. [42] Id. [43] Press Release, Elizabeth Warren, On Tenth Anniversary of Financial Crisis, Warren Unveils Comprehensive Legislation to Hold Wall Street Executives Criminally Accountable (Mar. 14, 2018). [44] Mehrsa Baradaran, Commentary: Why We Need to Stop Fining Big Banks Like Wells Fargo, Fortune (Apr. 23, 2018), http://fortune.com/2018/04/23/wells-fargo-1-billion-fine-financial-regulation/. [45] Peter Henning, Why Elizabeth Warren’s Effort to Hold Bank Executives Accountable May Fall Short, NY Times, https://www.nytimes.com/2018/04/03/business/dealbook/elizabeth-warrens-bank-executives-accountability.html. [46] Deferred Prosecution Agreement, at 2­–3, 12, United States v. Sociedad Química y Minera de Chile, No. 1:17-cr-00013-TSC (D.D.C. Jan. 13, 2017) [hereinafter SQM DPA]. [47] Id. at 4. [48] Deferred Prosecution Agreement at 2­–3, 12, United States v. Panasonic Avionics Corp., No. 1:18-cr-00118-RBW (D.D.C. Apr. 30, 2018) [hereinafter Panasonic DPA]. [49] Id. at 4. [50] Deferred Prosecution Agreement at 4­–5, United States v. Teva Pharm. Indus. Ltd., No. 1:16-cr-20968-FAM (S.D. Fla. Dec. 22, 2016). [51] Id. at 2–3, 12. [52] See also Sue Reisinger, Lessons from Panasonic: To Avoid a Monitor, Just Enhancing Compliance Is Not Enough, Corporate Counsel (May 1, 2018). [53] SBM DPA, supra note 46, at 7. [54] Credit Suisse (Hong Kong) Limited Non-Prosecution Agreement at 1–2 (May 24, 2018). [55] Id. at 2. [56] SocGen DPA, supra note 24, at 4. [57] Id. [58] Id. at 5–6. [59] Id. at 6. [60] Id. at 6–7. [61] Id. at 7. [62] Id. [63] Deferred Prosecution Agreement at 3–4, United States v. Keppel Offshore & Marine Ltd., No. 17‑CR‑697 (KAM) (E.D.N.Y. Dec. 22, 2017) [hereinafter Keppel DPA]. [64] Id. at 4. [65] Id. at 2–3, Attach. D. [66] Deferred Prosecution Agreement at 5, United States v. SBM Offshore N.V., Criminal No. 17-686 (S.D. Tex. Nov. 29, 2017). [67] Id. at 6. [68] Id. [69] Id. [70] Id. at 3,  Attach. D. [71] Letter from U.S. Dep’t of Justice, Criminal Div., and U.S. Attorney’s Office for the Eastern District of New York, to Mark F. Mendelsohn, Esq., Re: JPMorgan Sec. (Asia Pacific) Ltd. Criminal Investigation (Nov. 17, 2016), at 1. [72] Id. at 2. [73] See id. at 3, Attach. C. [74] Memorandum from Craig S. Morford, Acting Deputy Att’y Gen., to Heads of Dep’t Components and U.S. Att’ys 4 (Mar. 7, 2008). [75] Id. [76] Dylan Tokar, Global Investigations Review Just Anti-Corruption, Bias In Monitorship Selection Has Become “Self-Perpetuating Myth” (Jan. 9, 2018), https://globalinvestigationsreview.com/article/jac/1152471/bias-in-monitorship-selections-has-become-%E2%80%98self-perpetuating-myth%E2%80%99. [77] Complaint ¶¶ 13–14, Tokar v. U.S. Dep’t of Justice, at 7, No. 1:16-cv-02410-RC (D.D.C. Dec. 9, 2016), ECF No. 1. [78] Id. at ¶ 16. [79] See generally id. [80] See 5 U.S.C. §§ 552(b)(6), 552(b)(7)(C). [81] Memorandum in Support of Defendant’s Motion for Summary Judgment, Tokar v. United States Dep’t of Justice, at 4, 1:16-cv-02410-RC (D.D.C. July 19, 2017), ECF No. 9. [82] Memorandum of Law in Opposition to Defendant’s Motion for Summary Judgment and in Support of Plaintiff’s Cross-Motion for Summary Judgment, Tokar v. United States Dep’t of Justice, at 3, 1:16-cv-02410-RC (D.D.C. Aug. 23, 2017), ECF No. 10-1. [83] Memorandum Opinion, Tokar v. United States Dep’t of Justice, at 17, No. 1:16-cv-02410-RC, 2018 WL 1542320 (D.D.C. Mar. 29, 2018). [84] Id. at 19. [85] Deferred Prosecution Agreement ¶ 12, United States v. Panasonic Avionics Corporation, No. 18-cv-00118 (D.D.C Apr. 30, 2018), ECF No. 2-1. [86] Clara Hudson, Global Investigations Review Just Anti-Corruption, Lawyers Laud Criminal Division’s Diversity Provision for Monitors (May 3, 2018), https://globalinvestigationsreview.com/article/jac/1168991/lawyers-laud-criminal-divisions-diversity-provision-for-monitors. [87] Id. [88] Deferred Prosecution Agreement, Cultural Res. Analysts (Feb. 5, 2018) [hereinafter CRA DPA]; see also Press Release, U.S. Dep’t of Justice, Cultural Resource Analysts, Inc. Reaches Agreement with United States to Resolve Unauthorized Archaeological Survey (Apr. 18, 2018), https://www.justice.gov/usao-mdtn/pr/cultural-resource-analysts-inc-reaches-agreement-united-states-resolve-unauthorized. [89] CRA DPA, supra note 88, at 1. [90] Id. [91] Id. [92] Id. at 1–2. [93] Id. at 2. [94] Press Release, U.S. Dep’t of Justice, Florida Media Company Pleads Guilty to Bribing Soccer Officials | Spanish Parent Company Enters into Non-Prosecution Agreement (July 10, 2018), https://www.justice.gov/usao-edny/pr/florida-media-company-pleads-guilty-bribing-soccer-officials-spanish-parent-company. [95] Non-Prosecution Agreement with Legg Mason, Inc. (June 4, 2018). [96] Press Release, U.S. Dep’t of Justice, Panasonic Avionics Corporation Agrees to Pay $137 Million to Resolve Foreign Corrupt Practices Act Charges (Apr. 30, 2018), https://www.justice.gov/opa/pr/panasonic-avionics-corporation-agrees-pay-137-million-resolve-foreign-corrupt-practices-act. [97] Id. [98]  Id. [99]  Order Instituting Cease-And-Desist Proceedings ¶ 62, In the Matter of Panasonic Corporation, No. 3-18459 (Apr. 30, 2018). [100]  Press Release, supra note 96. [101] Non-Prosecution Agreement with Red Cedar Services, Inc. (April 25, 2018) [hereinafter Red Cedar NPA]; Non-Prosecution Agreement with Santee Financial Services, Inc. (April 13, 2018) [hereinafter SFS NPA]. [102] Red Cedar NPA, supra note 101, at 1, Exhibit A; SFS NPA, supra note 101, at 1, Exhibit A. [103] Red Cedar NPA, supra note 101, at Exhibit A.; SFS NPA, supra note 101, at Exhibit A. [104] Red Cedar NPA, supra note 101, at Exhibit A; SFS NPA, supra note 101, at Exhibit A. [105] Red Cedar NPA, supra note 101, at 2; SFS NPA, supra note 101, at 2. [106] Press Release, U.S. Dep’t of Justice, U.S. Attorney’s Office Enters Settlement with Ride Aid Based on Improper Sales of Meth Precursor Pseudoephedrine (Jan. 24, 2018), https://www.justice.gov/usao-sdwv/pr/us-attorneys-office-enters-settlement-rite-aid-based-improper-sales-meth-precursor. [107] Non-Prosecution Agreement Between U.S. Attorney’s Office for Southern District of West Virginia and Rite Aid at 1  [hereinafter Rite Aid NPA]. [108] Press Release, supra note 106. [109] Id. [110] Rite Aid NPA, supra note 107, at 2–3. [111] Press Release, U.S. Dep’t of Justice, McKesson Agrees to Pay Record $150 Million Settlement for Failure to Report Suspicious Orders of Pharmaceutical Drugs (Jan. 17, 2017), https://www.justice.gov/opa/pr/mckesson-agrees-pay-record-150-million-settlement-failure-report-suspicious-orders. [112] Camilla de Silva, Speech, ABC Minds Financial Services Conferences (Mar. 16, 2018), https://www.sfo.gov.uk/2018/03/16/camilla-de-silva-at-abc-minds-financial-services/. [113] Serious Fraud Office, News Release, Lisa Osofsky named next Director of the SFO (June 4, 2018), https://www.sfo.gov.uk/2018/06/04/lisa-osofsky-named-next-director-of-the-sfo/. [114] Camilla de Silva, Speech, 12th International Pharmaceutical and Medical Device Compliance Congress (May 16, 2018), https://www.sfo.gov.uk/2018/05/16/camilla-de-silva-at-12th-international-pharmaceutical-and-medical-device-compliance-congress/. [115] Camilla de Silva, Speech, Corporate Criminal Liability, AI and DPAs (June 21, 2018), https://www.sfo.gov.uk/2018/06/21/corporate-criminal-liability-ai-and-dpas/. [116] Id. [117] Camilla de Silva, Speech, ABC Minds Financial Services Conferences, supra note 112. [118] Id. [119] Id. [120] See, e.g., our discussion of the Rolls Royce Deferred Prosecution Agreement in our 2017 Year-End Update. [121] Camilla de Silva, Speech, 12th International Pharmaceutical and Medical Device Compliance Congress (May 16, 2018), https://www.sfo.gov.uk/2018/05/16/camilla-de-silva-at-12th-international-pharmaceutical-and-medical-device-compliance-congress/. [122] Id. [123] See Law on Transparency, Fight against Corruption and Modernization of Economic Life, No. 2016-1691 of 9 December 2016, French Official Gazette, No. 0287 (Dec. 10, 2016) [hereinafter Law on Transparency], https://www.legifrance.gouv.fr/eli/loi/2016/12/9/2016-1691/jo/texte. [124] Frederick T. Davis, A French Court Authorizes the First-Ever “French DPA,”  Program on Corporate Compliance and Enforcement at N.Y.L. Sch., Nov. 24, 2017, https://wp.nyu.edu/compliance_enforcement/2017/11/24/a-french-court-authorizes-the-first-ever-french-dpa/. [125] CJIP agreements are available only to legal entities, and not to individuals. [126] See Convention judiciaire d’intérêt public entre le procureur de la République financier près le tribunal de grande instance de Nanterre et la SAS Set Environnement (signed Feb. 14, 2018); Convention judiciaire d’intérêt public entre le procureur de la République financier près le tribunal de grande instance de Nanterre et la SAS Kaefer Wanner (signed Feb. 14, 2018); Convention judiciaire d’intérêt public entre le procureur de la République financier près le tribunal de grande instance de Nanterre et la SAS Poujaud (signed May 6–7, 2018). [127] Id.  KW paid a fine of €2,710,000 to PNF and €30,000 to EDF for the damages suffered.  Set paid an aggregate fine of €800,000 (including €680,000 for illegal profit and €120,000 as an additional penalty), along with €30,000 to EDF for the damages suffered; and Poujaud paid €420,000 (including €240,000 for illegal profit and €180,000 as an additional penalty) to PNF and €30,000 to EDF for the damages suffered. [128] Michael Griffiths, Global Investigations Review Just Anti-Corruption, French compliance monitorships a “work in progress” (Jul. 9, 2018), https://globalinvestigationsreview.com/article/1171535/french-compliance-monitorships-a-work-in-progress. [129] Id. [130] See Ordonnances de validation de la première vice présidente du tribunal de grande instance de Nanterre (signed Feb. 13, 2018). [131] See Ordonnance de validation de la première vice présidente du tribunal de grande instance de Nanterre (signed May 25, 2018). [132] Convention judiciaire d’intérêt public conclue entre le procureur de la République financier et la société Société Générale SA (signed Oct. 18–30, 2017). [134] News release, Gov’t of Canada, Canada to enhance its toolkit to address corporate wrongdoing (Mar. 27, 2018), https://www.canada.ca/en/public-services-procurement/news/2018/03/canada-to-enhance-its-toolkit-to-address-corporate-wrongdoing.html. [135] See id.; see also Gov’t of Canada, Ineligibility and Suspension Policy, Section 7(d), http://www.tpsgc-pwgsc.gc.ca/ci-if/politique-policy-eng.html (last visited July 9, 2018). [136] Gov’t of Canada, Canada to enhance its toolkit to address corporate wrongdoing, supra note 134. [137] See Parliament of Canada, Senate of Canada, 1st Session, 42nd Parliament, Vol. 150, Issue 225 (June 21, 2018). [138] Gov’t of Canada, Expanding Canada’s toolkit to address corporate wrongdoing: What we heard (Feb. 22, 2018), http://www.tpsgc-pwgsc.gc.ca/ci-if/ar-cw/rapport-report-eng.html#s1 (noting that “[n]early all participants were in agreement that a DPA should not be available to individuals”). [139] See Gov’t of Canada, Remediation Agreements and Orders to Address Corporate Crime (last updated Mar. 28, 2017), https://www.canada.ca/en/department-justice/news/2018/03/remediation-agreements-to-address-corporate-crime.html. [140] Gov’t of Canada, Expanding Canada’s toolkit to address corporate wrongdoing, supra note 134. [141] An Act to implement certain provisions of the budget tabled in Parliament on February 27, 2018, and other measures, Part XXII.1, 715.32(2)(a)-(i).  These factors, particularly factors (a) through (g), notably track closely the Filip factors for corporate prosecution detailed in the U.S. Attorneys’ Manual.   The Filip factors include a few additional considerations—such as the existence of compliance programs, the collateral consequences of prosecution, the adequacy of remedies such as civil or regulatory enforcement actions, and the adequacy of the prosecution of individuals responsible for the corporation’s malfeasance—which are not explicitly found in the Canadian regime, but could fall under the “catch-all” provision in factor (i).  See U.S. Attorneys’ Manual § 9‑28.300. [142] Id. at 715.32(3). [143] Id. at 715.37(1), 715.37(6). [144] Id. at 715.4. [145] Id. [146] Id. at 715.4(2). [147] Id. at 715.42(2). [148] Id. at 715.42(3)(a)-(f). [149] Id. at 715.34(1). [150] Id. at 715.34(1)(d)-(g). [151] Id. at 715.34(3)(c). [152] See An Act to implement certain provisions of the budget tabled in Parliament on February 27, 2018 and other measures, Part XXII.1, 409, http://www.parl.ca/DocumentViewer/en/42-1/bill/C-74/royal-assent#enH23405. [153] Dorata Habrat, Criminal Law Instruments to Counter Corporate Crime in Poland, 9 Int’l J. L. & Pol. Sci. No. 6, at 2158 (2015); Macrin Gmaj, Corporate Liability in Poland, Global Compliance News (2016), https://globalcompliancenews.com/white-collar-crime/corporate-liability-in-poland/. [154] Habrat, supra note 153, at 2158–59. [155] Clifford Chance, New Liability on Corporate Criminal Liability in Poland (June 2018). [156] Id. [157] Waithera Junghae, IBA Krakow:  Poland May Introduce DPAs, (May 18, 2018), https://globalinvestigationsreview.com/article/1169758/iba-krakow-poland-may%C2%A0introduce-dpas. [158] Clifford Chance, supra note 155. [159] Id. [160] Criminal Justice Reform Act 2018, § 35 (amending Chapter 68 of the Criminal Procedure Code). [161] Id. [162] Id. at § 121. [163] Id. at § 35. [164] Id. [165] Press Release, Department of Justice, Keppel Offshore & Marine Ltd. and U.S. Based Subsidiary Agree to Pay $422 Million in Global Penalties to Resolve Foreign Bribery Case (Dec. 22, 2017), https://www.justice.gov/opa/pr/keppel-offshore-marine-ltd-and-us-based-subsidiary-agree-pay-422-million-global-penalties. [166] Keppel DPA, supra note 63. [167] Oral Answer by Senior Minister of State for Law, Ms. Indranee Rajah SC, to Parliamentary Questions on Keppel Offshore & Marine Ltd Case (Jan. 8, 2018), https://www.mlaw.gov.sg/content/minlaw/en/news/parliamentary-speeches-and-responses/oral-answer-by-senior-minister-of-state-for-law–ms-indranee-raj0.html. [168] AAU: Textvorschlag BA, 5. Abschnitt: Aufschub der Anklageerhebung bei Verfahren gegen Unternehmen, Art. 318bis (unofficial translation). [169] Emily Casswell, Switzerland favours US-style DPAs, Global Investigations Review (May 25, 2018). [170] Id. [171] Id. [172] Man redet über die Schweiz – alles gehe hier viel zu langsam, Tages Anzeiger, https://www.tagesanzeiger.ch/sonntagszeitung/man-redet-ueber-die-schweiz-alles-gehe-hier-viel-zu-langsam/story/17489400 (unofficial translation). [173] Daniel Gerny, Bundesanwalt Lauber will Deals zwischen Staatsanwälten und Konzernen, Neue Zürcher Zeitung (April 22, 2018), https://www.nzz.ch/schweiz/bundesanwalt-lauber-will-deals-zwischen-staatsanwaelten-und-konzernen-ld.1379633 (unofficial translation). [174] Emily Casswell, Switzerland favours US-style DPAs, Global Investigations Review (May 25, 2018). [175] Gerny, supra note 173. The following Gibson Dunn lawyers assisted in preparing this client update:  F. Joseph Warin, M. Kendall Day, Michael Diamant, Sacha Harber-Kelly, Courtney Brown, Melissa Farrar, Chelsea Ferguson, Alexander Moss, Alison Friberg, Claire Chapla, Lucie Duvall, Michael Dziuban, Charlotte Lawson, Susanna Schuemann, William Hart, Naomi Takagi, Brittany Garmyn, Benjamin Belair, and Laura Cole. Gibson Dunn’s White Collar Defense and Investigations Practice Group successfully defends corporations and senior corporate executives in a wide range of federal and state investigations and prosecutions, and conducts sensitive internal investigations for leading companies and their boards of directors in almost every business sector.  The Group has members in every domestic office of the Firm and draws on more than 125 attorneys with deep government experience, including more than 50 former federal and state prosecutors and officials, many of whom served at high levels within the Department of Justice and the Securities and Exchange Commission.  Joe Warin, a former federal prosecutor, served as the U.S. counsel for the compliance monitor for Siemens and as the FCPA compliance monitor for Alliance One International.  He previously served as the monitor for Statoil pursuant to a DOJ and SEC enforcement action.  He co-authored the seminal law review article on NPAs and DPAs in 2007.  Debra Wong Yang is the former United States Attorney for the Central District of California, and has served as independent monitor to a leading orthopedic implant manufacturer to oversee its compliance with a DPA.  In the United Kingdom, Sacha Harber-Kelly is a former Prosecutor and Case Controller at the Serious Fraud Office. Washington, D.C. F. Joseph Warin (+1 202-887-3609, fwarin@gibsondunn.com) Richard W. Grime (202-955-8219, rgrime@gibsondunn.com) Scott D. Hammond (+1 202-887-3684, shammond@gibsondunn.com) Stephanie L. Brooker (+1 202-887-3502, sbrooker@gibsondunn.com) David P. Burns (+1 202-887-3786, dburns@gibsondunn.com) M. Kendall Day (+1 202-955-8220, kday@gibsondunn.com) David Debold (+1 202-955-8551, ddebold@gibsondunn.com) Stuart F. Delery (+1 202-887-3650, sdelery@gibsondunn.com) Michael Diamant (+1 202-887-3604, mdiamant@gibsondunn.com) John W.F. Chesley (+1 202-887-3788, jchesley@gibsondunn.com) Daniel P. Chung (+1 202-887-3729, dchung@gibsondunn.com) Patrick F. Stokes (+1 202-955-8504, pstokes@gibsondunn.com) New York Reed Brodsky (+1 212-351-5334, rbrodsky@gibsondunn.com) Joel M. Cohen (+1 212-351-2664, jcohen@gibsondunn.com) Mylan L. Denerstein (+1 212-351-3850, mdenerstein@gibsondunn.com) Lee G. Dunst (+1 212-351-3824, ldunst@gibsondunn.com) Barry R. Goldsmith (+1 212-351-2440, bgoldsmith@gibsondunn.com) Christopher M. Joralemon (+1 212-351-2668, cjoralemon@gibsondunn.com) Mark A. Kirsch (+1 212-351-2662, mkirsch@gibsondunn.com) Randy M. Mastro (+1 212-351-3825, rmastro@gibsondunn.com) Marc K. Schonfeld (+1 212-351-2433, mschonfeld@gibsondunn.com) Orin Snyder (+1 212-351-2400, osnyder@gibsondunn.com) Alexander H. Southwell (+1 212-351-3981, asouthwell@gibsondunn.com) Lawrence J. Zweifach (+1 212-351-2625, lzweifach@gibsondunn.com) Denver Robert C. Blume (+1 303-298-5758, rblume@gibsondunn.com) Ryan T. Bergsieker (+1 303-298-5774, rbergsieker@gibsondunn.com) Los Angeles Debra Wong Yang (+1 213-229-7472, dwongyang@gibsondunn.com) Marcellus McRae (+1 213-229-7675, mmcrae@gibsondunn.com) Michael M. Farhang (+1 213-229-7005, mfarhang@gibsondunn.com) Douglas Fuchs (+1 213-229-7605, dfuchs@gibsondunn.com) Eric D. Vandevelde (+1 213-229-7186, evandevelde@gibsondunn.com) Palo Alto Benjamin B. Wagner (+1 650-849-5395, bwagner@gibsondunn.com) San Francisco Thad A. Davis (+1 415-393-8251, tadavis@gibsondunn.com) Marc J. Fagel (+1 415-393-8332, mfagel@gibsondunn.com) Charles J. Stevens (+1 415-393-8391, cstevens@gibsondunn.com) Michael Li-Ming Wong (+1 415-393-8234, mwong@gibsondunn.com) Winston Y. Chan (+1 415-393-8362, wchan@gibsondunn.com) London Patrick Doris (+44 20 7071 4276, pdoris@gibsondunn.com) Sacha Harber-Kelly (+44 20 7071 4205, sharber-kelly@gibsondunn.com) Munich Benno Schwarz (+49 89 189 33-110, bschwarz@gibsondunn.com) Mark Zimmer (+49 89 189 33-130, mzimmer@gibsondunn.com) Dubai Graham Lovett (+971 (0) 4 318 4620, glovett@gibsondunn.com) Hong Kong Kelly Austin (+852 2214 3788, kaustin@gibsondunn.com) Oliver D. Welch (+852 2214 3716, owelch@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

July 9, 2018 |
2018 Mid-Year FCPA Update

Click for PDF The steady clip of Foreign Corrupt Practices Act (“FCPA”) prosecutions set in 2017 has continued apace into the first half of 2018, largely quieting any questions of enforcement of this important statute under the current Administration.  Although this update captures developments through June 30, the enforcers did not have a reprieve for the July 4th holiday, because they announced two corporate enforcement actions in the first week of the month.  From our perspective, all signs point to business as usual at the U.S. Department of Justice (“DOJ”) and Securities and Exchange Commission (“SEC”), the two regulators charged with enforcing the FCPA. This client update provides an overview of the FCPA as well as domestic and international anti-corruption enforcement, litigation, and policy developments from the first half of 2018. FCPA OVERVIEW The FCPA’s anti-bribery provisions make it illegal to corruptly offer or provide money or anything else of value to officials of foreign governments, foreign political parties, or public international organizations with the intent to obtain or retain business.  These provisions apply to “issuers,” “domestic concerns,” and those acting on behalf of issuers and domestic concerns, as well as to “any person” who acts while in the territory of the United States.  The term “issuer” covers any business entity that is registered under 15 U.S.C. § 78l or that is required to file reports under 15 U.S.C. § 78o(d).  In this context, foreign issuers whose American Depository Receipts (“ADRs”) are listed on a U.S. exchange are “issuers” for purposes of the FCPA.  The term “domestic concern” is even broader and includes any U.S. citizen, national, or resident, as well as any business entity that is organized under the laws of a U.S. state or that has its principal place of business in the United States. In addition to the anti-bribery provisions, the FCPA also has “accounting provisions” that apply to issuers and those acting on their behalf.  First, there is the books-and-records provision, which requires issuers to make and keep accurate books, records, and accounts that, in reasonable detail, accurately and fairly reflect the issuer’s transactions and disposition of assets.  Second, the FCPA’s internal controls provision requires that issuers devise and maintain reasonable internal accounting controls aimed at preventing and detecting FCPA violations.  Prosecutors and regulators frequently invoke these latter two sections when they cannot establish the elements for an anti-bribery prosecution or as a mechanism for compromise in settlement negotiations.  Because there is no requirement that a false record or deficient control be linked to an improper payment, even a payment that does not constitute a violation of the anti-bribery provisions can lead to prosecution under the accounting provisions if inaccurately recorded or attributable to an internal controls deficiency. FCPA ENFORCEMENT STATISTICS The following table and graph detail the number of FCPA enforcement actions initiated by DOJ and the SEC during each of the past 10 years. 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 (as of 7/06) DOJ SEC DOJ SEC DOJ SEC DOJ SEC DOJ SEC DOJ SEC DOJ SEC DOJ SEC DOJ SEC DOJ SEC 26 14 48 26 23 25 11 12 19 8 17 9 10 10 21 32 29 10 11 6 2018 MID-YEAR FCPA ENFORCEMENT ACTIONS The first half of 2018 saw a diverse mix of FCPA enforcement activity, from relatively modest to very large financial penalties, the first-ever coordinated U.S.-French bribery resolution, and numerous criminal prosecutions of individual defendants, particularly for non-FCPA charges arising out of foreign corruption investigations. Corporate FCPA Enforcement Actions There have been 11 corporate FCPA enforcement actions in 2018 to date. Elbit Imaging Ltd. The year’s first corporate FCPA enforcement action involved an aggressive interpretation of the FCPA’s accounting provisions resulting in a relatively modest financial penalty.  On March 9, 2018, Israeli-based holding company and issuer Elbit Imaging settled an SEC-only cease-and-desist proceeding for alleged FCPA books-and-records and internal controls violations.  According to the SEC’s order, between 2007 and 2012 Elbit and an indirect subsidiary paid $27 million to two consultants and one sales agent in connection with real estate projects in Romania and the United States.  Without making direct allegations, the SEC intimated corruption in the Romanian projects by asserting that the two consultants were engaged without any due diligence to facilitate government approvals and were paid significant sums of money without any evidence of work performed.  In connection with the U.S. project, the SEC again asserted that the sales agent was retained without due diligence and paid significant sums of money without evidence of work performed, but in this case concluded that the majority of those funds were embezzled by Elbit’s then-CEO. Without admitting or denying the allegations, Elbit consented to the cease-and-desist proceeding and agreed to pay a $500,000 civil penalty.  The SEC acknowledged Elbit’s self-reporting to U.S. and Romanian authorities, as well as the fact that Elbit is in the process of winding down its operations as factors in setting the modest penalty and lack of any post-resolution monitoring or reporting obligations.  This resolution marks the lowest monetary assessment in a corporate FCPA enforcement action since June 2016 (Nortek, Inc., covered in our 2016 Mid-Year FCPA Update, in which the company paid just more than $320,000 in disgorgement and prejudgment interest). Transport Logistics International, Inc. The first criminal corporate FCPA resolution of 2018 stems from an investigation that we have been following for several years.  On March 12, 2018, Maryland transportation company Transport Logistics International (“TLI”) reached a deferred prosecution agreement with DOJ arising from an alleged scheme to make more than $1.7 million in corrupt payments to an official of JSC Techsnabexport (“TENEX”)—a Russian state-owned supplier of uranium and uranium enrichment services—in return for directing sole-source uranium transportation contracts to the company.  We first reported on this in our 2015 Year-End FCPA Update in connection with guilty pleas by former TLI Co-President Daren Condrey, wife Carol Condrey, TENEX official Vadim Mikerin, and businessman Boris Rubizhevsky.  Rounding out the charges, on January 10, 2018 the other former TLI Co-President Mark Lambert was indicted on 11 counts of FCPA, wire fraud, and money laundering charges. To resolve the charges of conspiracy to violate the FCPA’s anti-bribery provisions, TLI entered into a deferred prosecution agreement and agreed to pay a $2 million criminal penalty, as well as self-report to DOJ on the state of its compliance program over the three-year term of the agreement.  Notably, the $2 million penalty represents a significant departure from the DOJ-calculated fine of $21.4 million, based upon an inability-to-pay analysis by an independent accounting firm hired by DOJ that confirmed TLI’s representation that a penalty greater than $2 million would jeopardize the continued viability of the company.  After a significant colloquy with government and company counsel concerning whether DOJ was being unduly lenient in deferring prosecution, the Honorable Theodore Chuang of the U.S. District Court for the District of Maryland approved of the resolution.  Trial in the case against remaining defendant Lambert is currently set for April 2019. Kinross Gold Corporation On March 26, 2018, the SEC announced a settled cease-and-desist order against Canadian gold mining company Kinross Gold for alleged violations of the FCPA’s accounting provisions.  According to the charging document, in 2010, Kinross acquired two subsidiaries that operated mines in Mauritania and Ghana but, despite due diligence identifying a lack of anti-corruption compliance controls, was slow to implement such controls.  Kinross further allegedly failed to respond to multiple internal audits flagging the inadequate controls, and payments continued to be made to vendors and consultants, often in connection with government interactions, without appropriate efforts to ensure that the funds were not used for improper payments.  Notably, however, the SEC did not allege any specific corrupt payments made by or on behalf of Kinross. Without admitting or denying the allegations, Kinross agreed to pay a $950,000 penalty to resolve the charges.  The SEC’s order does not allege that the company realized profits tied to the misconduct and therefore did not order disgorgement.  The SEC acknowledged Kinross’s remedial efforts, which the company will continue to self-report to the SEC on for one year.  Kinross has stated that DOJ has closed its investigation without taking any enforcement action. The Dun & Bradstreet Corporation On April 23, 2018, the business intelligence company Dun & Bradstreet agreed to settle FCPA accounting charges arising from allegations of improper payments to acquire confidential data in China.  According to the SEC, between 2006 and 2012 two Chinese subsidiaries made payments to Chinese officials and third parties to obtain non-public information that was not subject to lawful disclosure under Chinese law.  One of the subsidiaries and several of its officers were prosecuted and convicted in China for the unlawful procurement of this data. Without admitting or denying the allegations, Dun & Bradstreet consented to the entry of a cease-and-desist order and agreed to disgorge $6.08 million of profits, plus $1.14 million in prejudgment interest, and pay a $2 million civil penalty.  The SEC’s order did not impose ongoing reporting requirements on Dun & Bradstreet and credited the company’s self-disclosure, which occurred after local police conducted a raid at one of the subsidiaries.  Among other remedial actions, Dun & Bradstreet shuttered one of the subsidiaries.  Citing the FCPA Corporate Enforcement Policy, DOJ issued a public letter declining to prosecute Dun & Bradstreet in light of the SEC resolution and other factors. Panasonic Corporation On April 30, 2018, the SEC and DOJ announced the first joint FCPA resolution of 2018, with Japanese electronics company Panasonic and its California-based subsidiary Panasonic Avionics Corporation (“PAC”), respectively.  PAC designs and distributes in-flight entertainment systems and communications services to airlines worldwide.  According to the charging documents, PAC agreed to provide a post-retirement consultancy position to an official at a state-owned airline as PAC was negotiating agreements with the state-owned airline worth more than $700 million.  PAC allegedly paid the official $875,000 for little to no work.  Separately, PAC also allegedly failed to follow its own third-party due diligence protocols in Asia, including by concealing the retention of agents who did not pass screening by employing them as sub-agents to a single qualified agent. To resolve a one-count criminal information charging PAC with causing the falsification of Panasonic’s books and records, PAC entered into a deferred prosecution agreement with DOJ and agreed to pay a $137.4 million criminal fine, a 20% discount from the bottom of the applicable Guidelines range based on the company’s cooperation but failure to voluntarily disclose.  To resolve civil FCPA anti-bribery and accounting violations, as well as allegations that it fraudulently overstated its income in a separate revenue recognition scheme, Panasonic consented to an SEC cease-and-desist order and agreed to pay $143.2 million in disgorgement and prejudgment interest.  Together, the parent and subsidiary agreed to pay combined criminal and regulatory penalties of more than $280 million. In addition to the monetary penalties, PAC agreed to engage an independent compliance monitor for a period of two years to be followed by one year of self-reporting.  In addition to traditional monitor requirements, such as demonstrated FCPA expertise, the deferred prosecution agreement includes an additional proviso to the list of qualifications for monitor selection—diversity—stating that “[m]onitor selections shall be made in keeping with the Department’s commitment to diversity and inclusion.” Société Générale S.A. /Legg Mason, Inc. Closing out the first half of 2018 corporate enforcement in a big way, on June 4, 2018 DOJ announced two separate but related FCPA enforcement actions with French financial services company Société Générale (“SocGen”) and Maryland-based investment management firm Legg Mason, Inc.  Both resolutions stem from SocGen’s payment of more than $90 million to a Libyan intermediary, while allegedly knowing that the intermediary was using a portion of those payments to bribe Libyan government officials in connection with $3.66 billion in investments placed by Libyan state-owned banks with SocGen.  A number of those investments were managed by a subsidiary of Legg Mason. To settle the criminal FCPA bribery and conspiracy charges, SocGen entered into a deferred prosecution agreement and had a subsidiary plead guilty.  SocGen also simultaneously resolved unrelated criminal fraud charges of rigging LIBOR rates.  Further, in the first U.S.-French coordinated resolution in a foreign bribery case, SocGen also reached a parallel resolution with the Parquet National Financier (“PNF”) in Paris.  After netting out offsets between the bribery resolutions, SocGen agreed to pay $292.78 million to DOJ and $292.78 million to French authorities, in addition to $275 million to resolve DOJ’s LIBOR-related allegations.  Adding $475 million paid to the U.S. Commodity Futures Trading Commission in the LIBOR case, the total price tag well exceeds $1.3 billion. Legg Mason had a somewhat lesser role in the alleged corruption scheme, reflected in the fact that it was permitted to enter into a non-prosecution agreement with DOJ with a $64.2 million price tag.  Nearly half of the DOJ resolution amount is subject to a potential credit “against disgorgement paid to other law enforcement authorities within the first year of the [non-prosecution] agreement,” a seeming anticipatory nod to a forthcoming FCPA resolution with the SEC. Both companies will self-report to DOJ over the course of the three-year term of their respective agreements.  Neither was required to retain a compliance monitor, although the principal reasoning for lack of monitor in the SocGen case appears to be that the bank will be subject to ongoing monitoring by France’s L’Agence Française Anticorruption. Beam Suntory Inc. Trailing into the second half of 2018, on July 2, 2018 the SEC announced an FCPA resolution with Chicago-based spirits producer Beam Suntory relating to allegations of improper payments to government officials in India.  According to the SEC, from 2006 through 2012 senior executives at Beam India directed efforts by third parties to make improper payments to increase sales, process license and label registrations, obtain better positioning on store shelves, and facilitate distribution.  The allegations include an interesting cameo by the SEC’s 2011 FCPA resolution with Beam competitor Diageo plc (covered in our 2011 Year-End FCPA Update).  The SEC alleged that after the Diageo enforcement action was announced, Beam sent an in-house lawyer to India to investigate whether similar conduct was occurring at Beam India and to implement additional FCPA training.  This review led to a series of investigations culminating in a voluntary disclosure to the SEC. Without admitting or denying the allegations, Beam consented to the entry of a cease-and-desist order to resolve FCPA accounting provision charges and agreed to disgorge $5.26 million of profits, plus $917,498 in prejudgment interest, and pay a $2 million civil penalty.  The SEC’s order did not impose ongoing reporting requirements on Beam and acknowledged the company’s voluntary self-disclosure, cooperation with the SEC’s investigation, and the remedial actions taken by the company, including ceasing operations at Beam India until Beam was satisfied it could operate in a compliant manner.  Beam has announced that it is continuing to cooperate in a DOJ investigation. Credit Suisse Group AG Further trailing into the second half of 2018, on July 5 DOJ and the SEC announced the second joint FCPA resolution of 2018 with Swiss-based financial services provider and issuer Credit Suisse.  According to the charging documents, between 2007 and 2013 Credit Suisse’s Hong Kong subsidiary hired more than 100 employees at the request of Chinese government officials.  These so-called “relationship hires” were allegedly made to encourage the referring officials to direct business to Credit Suisse and despite the fact that, in many cases, these applicants did not possess the technical skills and qualifications of those not referred by foreign officials. To resolve the criminal investigation, Credit Suisse’s Hong Kong subsidiary entered into a non-prosecution agreement and agreed to pay a criminal penalty of just over $47 million.  Notably, Credit Suisse received only a 15% discount from the bottom of the Guidelines range (rather than the maximum 25% available under the FCPA Corporate Enforcement Policy for non-voluntary disclosures) because its cooperation was, allegedly, “reactive and not proactive” and “because it failed to sufficiently discipline employees who were involved in the misconduct.”  Credit Suisse will self-report on the status of its compliance program over the three-year term of the agreement. To resolve the SEC investigation, the parent company consented to a cease-and-desist proceeding alleging violations of the FCPA’s anti-bribery and internal controls provisions and agreed to pay nearly $25 million in disgorgement plus more than $4.8 million in prejudgment interest.  This brings the total monetary resolution to nearly $77 million. Prior examples of so-called “princeling” FCPA resolutions include JPMorgan Chase & Co. (covered in our 2016 Year-End FCPA Update), Qualcomm, Inc. (covered in our 2016 Mid-Year FCPA Update), and Bank of New York Mellon Corp. (covered in our 2015 Year-End FCPA Update). Individual FCPA and FCPA-Related Enforcement Actions The number of FCPA prosecutions of individual defendants during the first half of 2018 was a relatively modest half dozen, including the indictment of former TLI Co-President Mark Lambert discussed above.  But that number masks the true extent of FCPA-related enforcement as DOJ brought twice that many prosecutions in money laundering and wire fraud actions arising out of FCPA investigations.  In large part, these non-FCPA charges are a result of DOJ pursuing the foreign official recipients of bribe payments, who cannot be charged under the FCPA but can be charged with criminal offenses (including money laundering) associated with the receipt of those bribes. FCPA-Related Charges in Och-Ziff Case In our 2017 Mid-Year FCPA Update, we covered civil FCPA charges filed by the SEC against former Och-Ziff Capital Management Group LLC executive Michael L. Cohen.  On January 3, 2018, a criminal indictment was unsealed charging Cohen with 10 counts of investment adviser fraud, wire fraud, obstruction of justice, false statements, and conspiracy.  According to the indictment, Cohen violated his fiduciary duties to a charitable foundation client by failing to disclose his personal interest in investments he promoted relating to an African mining operation and then engaged in obstructive acts to cover up the transaction after the SEC began investigating. Cohen has pleaded not guilty to all charges.  No trial date has been set. Additional FCPA and FCPA-Related Charges in PDVSA Case We have been reporting on DOJ’s investigation of a corrupt pay-to-play scheme involving Venezuela’s state-owned energy company, Petróleos de Venezuela S.A. (“PDVSA”), since our 2015 Year-End FCPA Update.  On February 12, 2018, DOJ unsealed and announced charges against five new defendants for their alleged participation in the scheme:  Luis Carolos De Leon Perez, Nervis Gerardo Villalobos Cardenas, Cesar David Rincon Godoy, Rafael Ernesto Reiter Munoz, and Alejandro Isturiz Chiesa.  All five defendants are charged with money laundering; De Leon and Villalobos are additionally charged with FCPA conspiracy. According to the indictment, in 2011 PDVSA found itself in significant financial distress relating to the sharp reduction in global oil prices.  Knowing that the agency would be unable to pay all of its vendors, the five defendants (the three non-FCPA defendants with PDVSA and the two FCPA defendants as brokers) concocted a scheme to solicit PDVSA vendors to obtain preferential treatment in payment only if they agreed to kickback 10% of the payments to the defendants. Four of the five defendants were arrested in Spain in October 2017, whereas Isturiz remains at large.  Cesar Rincon was extradited from Spain in early February and, on April 19, 2018, pleaded guilty to one count of money laundering conspiracy and was ordered to forfeit $7 million, pending a summer sentencing date.  De Leon, a U.S. citizen, has been extradited to the United States and has pleaded not guilty, although pre-trial filings suggest that a plea agreement may be in the works.  Villalobos and Reiter remain in Spanish custody pending extradition proceedings. These charges bring to 15 the number of defendants charged (publicly) in the wide-ranging PDVSA corruption investigation.  With Cesar Rincon, 11 of the 15 have now pleaded guilty. Additional FCPA Charges in U.N. Bribery Case We have been reporting on FCPA and non-FCPA charges associated with a scheme to bribe U.N. ambassadors to influence, among other things, the development of a U.N.-sponsored conference center in Macau, since our 2015 Year-End FCPA Update.  On April 4, 2018, Julia Vivi Wang, a former media executive who promoted U.N. development goals, pleaded guilty to three counts of FCPA bribery, conspiracy, and tax evasion in connection with her role in the scheme.  Wang was originally charged in March 2016, but a superseding charging document was filed in 2018.  Wang’s sentencing has been set for September 5, 2018. Additional FCPA and FCPA-Related Charges in Petroecuador Case In our 2017 Year-End FCPA Update, we reported on the money laundering indictment of Marcelo Reyes Lopez, a former executive of Ecuadorian state-owned oil company Petroecuador.  Lopez pleaded guilty on April 11, 2018 to money laundering conspiracy in connection with his alleged receipt of bribes. On March 28, 2018, another former Petroecuador executive, Arturo Escobar Dominguez, likewise pleaded guilty to one count of conspiracy to commit money laundering.  Then, on April 19, 2018, a grand jury in the Southern District of Florida returned an indictment charging two additional defendants:  Frank Roberto Chatburn Ripalda and Jose Larrea.  Chatburn is charged with FCPA bribery, money laundering, and conspiracy in connection with his alleged payment of $3.27 million in bribes to Petroecuador officials to obtain $27.8 million in contracts for his company.  Larrea is charged with conspiracy to commit money laundering in connection with the scheme.  Chatburn has yet to be arraigned, and Larrea has pleaded not guilty with a current trial date of August 2018. New FCPA and FCPA-Related Charges in Setar Case In April 2018, charges against a former Florida telecommunications company executive, Lawrence W. Parker, Jr., and a former official of the Aruban state-owned telecommunications company Servicio di Telecomunicacion di Aruba N.V. (“Setar”), Egbert Yvan Ferdinand Koolman, were unsealed in the U.S. District Court for the Southern District of Florida.  According to the charging documents, Koolman accepted $1.3 million in bribes from Parker and others, for several years, in exchange for providing confidential information concerning Setar business opportunities.  Parker was charged with one count of FCPA conspiracy and Koolman with one count of money laundering conspiracy. Both Parker and Koolman have pleaded guilty and have been sentenced to 35 and 36 months in prison, in addition to $700,000 and $1.3 million in restitution, respectively. New FCPA-Related Charge in HISS Case In our 2015 Mid-Year FCPA Update, we covered DOJ’s civil action to forfeit nine New Orleans properties—worth approximately $1.5 million—filed in the U.S. District Court for the Eastern District of Louisiana.  On April 27, 2018, a grand jury sitting in the same district returned an indictment criminally charging Carlos Alberto Zelaya Rojas, the nominal owner of those properties, with 12 counts of money laundering and other offenses associated with the impediment of the civil forfeiture proceedings.  According to the indictment, Zelaya is the brother of the former Executive Director of the Honduran Institute of Social Security (“HISS”).  The brother, who according to press reports was criminally charged in Honduras, allegedly received millions of dollars in bribes from two Honduran businessmen.  Zelaya then assisted with the laundering of at least $1.3 million of those bribe payments, including through the purchase of the nine properties. On June 27, 2018, Zelaya pleaded guilty to a single count of money laundering conspiracy and has been detained pending an October sentencing date.  As part of this plea, Zelaya consented to the forfeiture of the nine properties. Additional FCPA-Related Charges in Rolls-Royce Case In our 2017 Mid-Year FCPA Update, we covered the multi-jurisdictional resolution of criminal bribery charges against UK engineering company Rolls-Royce.  The corporate charges were then supplemented by FCPA and FCPA-related charges against five individual defendants as reported in our 2017 Year-End FCPA Update.  On May 24, 2018, DOJ announced a superseding indictment that charged two new defendants—Vitaly Leshkov and Azat Martirossian—with money laundering charges associated with the Rolls-Royce bribery scheme. According to the indictment, Leshkov and Martirossian were employees of a technical advisor to a state-owned joint venture between the governments of China and Kazakhstan, formed to transport natural gas between the two nations.  In this capacity, they allegedly “had the ability to exert influence over decisions” by the state-owned joint venture and accordingly qualified as foreign officials even though they had no official government positions.  They then participated in a scheme to solicit bribes on behalf of employees of the state-owned joint venture from employees of Rolls-Royce. Neither Martirossian nor Leshkov have made a physical appearance in U.S. court to answer the charges.  Nevertheless, Martirossian already has moved to dismiss the indictment as described immediately below. 2018 MID-YEAR CHECK-IN ON FCPA ENFORCEMENT LITIGATION Martirossian Motion to Dismiss As just described, Azat Martirossian was indicted on May 24, 2018 on money laundering charges associated with the alleged Rolls-Royce bribery scheme in China and Kazakhstan.  Although Martirossian reportedly remains in China and has yet to make a physical appearance in U.S. court, he very quickly filed a motion to dismiss the indictment on the grounds that it insufficiently alleges a U.S. nexus.  The motion also contests the “aggressive theory” that Martirossian qualifies as a “foreign official” under the FCPA based on his work as a technical advisor to a state-owned entity. DOJ’s initial response briefly contests Martirossian’s arguments on the merits, but focuses more on DOJ’s contention that the motion should be held in abeyance until Martirossian submits himself to the jurisdiction of the Court pursuant to the fugitive disentitlement doctrine.  The motion remains pending before Chief Judge Edmund A. Sargus of the U.S. District Court for the Southern District of Ohio. Ho Motion to Dismiss We reported in our 2017 Year-End FCPA Update on the December 2017 indictment of Chi Ping Patrick Ho, the head of a Chinese non-governmental organization that holds “special consultative status” at the United Nations, on FCPA and money laundering charges associated with his alleged role in corruption schemes involving Chad and Uganda.  After pleading not guilty earlier this year, on April 16 Ho filed a motion to dismiss certain of the counts.  Ho argues, among other things, that the indictment inconsistently charges him with violating both 15 U.S.C. § 78dd-2, which applies to “domestic concerns,” and § 78dd-3, which applies to persons who act within U.S. territory in furtherance of a bribe.  Ho additionally contends that the money laundering charges fail because they cannot be based on wires sent from one foreign jurisdiction to another foreign jurisdiction—here Hong Kong to Dubai and Uganda—with no U.S. nexus other than the fact that they passed through a New York bank account.  DOJ, as one would expect, opposed the motion, which remains pending before the Honorable Loretta A. Preska of the U.S. District Court for the Southern District of New York.  Denial of Ng Seng’s Motion for New Trial / Sentencing We covered in our 2017 Year-End FCPA Update the conviction after trial of Macau billionaire Ng Lap Seng on FCPA, federal programs bribery, and money laundering charges associated with his role in a scheme to pay more than $1 million in bribes to two U.N. officials in connection with, among other things, a plan to build a U.N.-sponsored conference center in Macau.  Seng subsequently filed a Rule 33 motion for a new trial, arguing that DOJ introduced a new theory of liability at trial, constituting an amendment of or prejudicial variance from the indictment, as well as that the Government’s key witness, cooperating defendant Francis Lorenzo, committed perjury at trial, which DOJ failed adequately to investigate and correct. On May 9, 2018, the Honorable Vernon S. Broderick of the U.S. District Court for the Southern District of New York denied the motion.  In a lengthy opinion, steeped in the facts of the four-week trial, the Court found that there was no constructive amendment of or prejudicial variance from the superseding indictment based on the evidence adduced at trial, and further that Seng failed to meet his burden of establishing perjury by Lorenzo, and that even if there had been perjury it was not material to the jury’s verdict. Judge Broderick subsequently sentenced Seng to 48 months in prison and ordered approximately $1.8 million in forfeiture and restitution.  Seng has appealed to the Second Circuit, which in an early ruling denied Seng’s motion for bail pending appeal but ordered his appeal to be expedited. In the same case, on February 28, 2018, Judge Broderick sentenced Seng’s co-defendant and former assistant, Jeff Yin, to 7 months in prison and nearly $62,000 in restitution for his tax evasion conviction. Motion to Intervene in Och-Ziff Sentencing Proceedings As reported in our 2016 Year-End FCPA Update, New York-based hedge fund Och-Ziff Capital Management Group LLC, together with its investment advisor subsidiary, reached a coordinated FCPA resolution with DOJ and the SEC in September 2016, pursuant to which the entities agreed to pay just over $412 million in total.  After several adjournments of the sentencing hearing, on February 20, 2018 a self-styled victim of Och-Ziff’s alleged corruption, Africo Resources Limited, filed a letter with the Court asserting that it is entitled to a share of the proceeds collected by DOJ pursuant to the Mandatory Victim Restitution Act.  Och-Ziff, represented by Gibson Dunn, has filed a submission disputing Africo Resources’ claims.  The Honorable Nicholas G. Garaufis of the U.S. District Court for the Eastern District of New York has yet to rule. SEC Proceedings Against Och-Ziff Defendants Stayed As reported in our 2017 Year-End FCPA Update, former Och-Ziff executive Michael Cohen and analyst Vanja Baros filed motions to dismiss the civil FCPA proceedings brought against them by the SEC.  After those motions were fully briefed and argued, but pending ruling, DOJ unsealed an indictment that charged Cohen criminally as discussed above. On February 9, 2018, DOJ filed a motion to intervene and stay the SEC civil suit on the grounds that the facts of the civil cases overlap substantially with the criminal case, even though the indictment does not allege FCPA violations.  Cohen and Baros did not object to a stay of the SEC case, but requested that the Court rule on their pending motions to dismiss first.  On May 11, 2018, the Honorable Nicholas G. Garaufis granted DOJ’s motion to stay discovery in the SEC’s case, but denied the request to stay ruling on the motions to dismiss.  A decision on those motions remains pending. Khoury’s Motion to Unseal Indictment We reported in our 2017 Year-End FCPA Update on the unorthodox motion filed by Samir Khoury to unseal an indictment against him that may or may not exist.  Khoury, a former consultant named in prior FCPA corporate resolutions as “LNG Consultant,” contends that it is likely that there is an indictment pending against him under seal since approximately 2009, waiting for him to travel to the United States or another country with an extradition treaty.  Khoury asserts that the indictment should be unsealed and then dismissed given the prejudicial effect of the passage of time. Oral argument on the motion was heard before the Honorable Keith P. Ellison of the U.S. District Court for the Southern District of Texas on March 22, 2018.  At the hearing, Khoury’s counsel presented argument that 12 potential defense witnesses have died since 2009, and that Khoury has been unable to open bank accounts in his native Lebanon and has lost business opportunities because of his perceived affiliation with the Bonny Island scheme.  In response, attorneys for DOJ refused to acknowledge whether Khoury had or had not been indicted, but indicated that if an indictment did exist it could hold the indictment under seal indefinitely. On June 11, 2018, Judge Ellison issued a Memorandum Opinion and Order.  He first pushed aside DOJ’s “issue preclusion” arguments that decisions from several years prior resolve this matter, holding that the three years that has passed since that litigation represent a changed circumstance warranting another look.  Similarly, the Court rejected DOJ’s “fugitive disentitlement” argument, holding that Khoury is not a fugitive because he did not abscond from the United States but rather has at all relevant times been living in his native Lebanon.  Judge Ellison gave DOJ 20 days to submit to the Court, in camera, any evidence it “wishes to adduce in opposition to Mr. Khoury’s Motion to Unseal.” DOJ filed a sealed pleading on July 2, 2018.  The next day, Khoury filed a motion to unseal any portion of that pleading that was beyond the contours of what the Court permitted.  This motion, as well as the underlying motion to unseal and dismiss, remain pending. Guilty Plea in Vietnamese Skyscraper Case In our 2017 Mid-Year FCPA Update, we reported on the indictment of New Jersey real estate broker Joo Hyun Bahn in connection with a feigned plot to bribe an official of the sovereign wealth fund of a Middle Eastern country (subsequently identified as Qatar) to induce the official to cause the fund to purchase a skyscraper in Hanoi.  The alleged agent of the sovereign wealth fund subsequently admitted that the bribery plot was a sham and that he pocketed the bribe payment. On January 5, 2018, Bahn pleaded guilty to one count of FCPA conspiracy and one count of violating the FCPA in the U.S. District Court for the Southern District of New York.  His sentencing is scheduled for September 6, 2018 before the Honorable Edgardo Ramos. Guilty Plea in Siemens Case As reported in our 2017 Year-End FCPA Update, former Siemens executive Eberhard Reichert was extradited to the United States, following his arrest in Croatia, to face a December 2011 indictment charging him and seven others in relation to their alleged roles in a scheme to bribe Argentine officials in connection with a $1 billion contract to create national identity cards. On March 15, 2018, Reichert pleaded guilty in the U.S. District Court for the Southern District of New York to one count of conspiring to violate the anti-bribery, internal controls, and books-and-records provisions of the FCPA and to commit wire fraud.  Reichert awaits a sentencing date before the Honorable Denise L. Cote. 2018 MID-YEAR FCPA-RELATED DEVELOPMENTS In addition to the enforcement activity covered above, the first six months of 2018 saw DOJ issue important guidance on how it will administer criminal enforcement, as well as a Supreme Court decision with significant ramifications for FCPA whistleblowers. DOJ Announces “Piling On” Policy On May 9, 2018, Deputy Attorney General Rod J. Rosenstein introduced a new DOJ “Policy on Coordination of Corporate Resolution Penalties.”  Announcing the policy at a New York City Bar event, Rosenstein said that it attempts to discourage “piling on” by different enforcement authorities punishing the same company for the same conduct. Incorporated in Sections 1-12.100 and 9-28.1200 of the U.S. Attorneys’ Manual, the new policy directs federal prosecutors to “consider the totality of fines, penalties, and/or forfeiture imposed by all Department components as well as other law enforcement agencies and regulators in an effort to achieve an equitable result.”  The policy has four key components: First, prosecutors may not use the specter of criminal prosecution as leverage in negotiating a civil settlement; Second, if multiple DOJ components are investigating the same company for the same conduct, they should coordinate to avoid duplicative penalties; Third, DOJ should coordinate with and consider fines, penalties, and/or forfeiture paid to other federal, state, local, or foreign enforcement authorities investigating the same company for the same conduct; and Fourth, the policy sets forth factors DOJ should consider in determining whether multiple penalties are appropriate, including the egregiousness of wrongdoing, statutory requirements, the risk of delay in achieving resolution, and the adequacy and timeliness of a company’s disclosures to and cooperation with DOJ. In our view, the policy largely reflects pre-existing DOJ practice in the FCPA arena, where DOJ routinely coordinates resolutions with the SEC and, increasingly, participates in cross-border resolutions by, among other things, crediting a company’s payments to foreign enforcement authorities in calculating the U.S. criminal fine.  We covered this latter phenomenon in our 2017 Year-End FCPA Update. Supreme Court Decision Resolves Dispute Over Who is a “Whistleblower” On February 21, 2018, the U.S. Supreme Court unanimously held in Digital Realty Trust, Inc. v. Somers that the anti-retaliation provision of the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act covers only those who report an alleged violation of the federal securities laws to the SEC.  The Court’s decision reversed a Ninth Circuit ruling that Dodd-Frank’s anti-retaliation provision also covers employees who report such issues internally without reporting them to the SEC.  Although the statutory definition of a “whistleblower” as “any individual who provides . . . information relating to a violation of the securities laws to the [SEC], in a manner established . . . by the [SEC],” appeared to be clear to all nine justices, this issue had sharply divided the lower courts in recent years. The holding in Digital Realty has been interpreted by some as a harbinger of future potential whistleblowers bypassing internal reporting channels and going directly to the SEC to ensure they are protected.  Although we agree that the Court’s decision could affect the decision-making calculus of a would-be whistleblower, studies routinely show that the vast majority of employees report their concerns internally first, and that they report externally only after they feel their concerns have not been adequately addressed.  We are not certain that this phenomenon will change, at least dramatically, and we thus advise our clients and friends that it is more important now than ever for companies to scrutinize their internal policies and procedures to ensure that they encourage internal reporting, protect those who do, and robustly investigate the concerns expressed.  For more on the Supreme Court’s decision, please see our Client Alert, “Supreme Court Says Whistleblowers Must Report to the SEC Before Suing for Retaliation Under Dodd-Frank.” 2018 MID-YEAR KLEPTOCRACY FORFEITURE ACTIONS We continue to follow DOJ’s Kleptocracy Asset Recovery Initiative, spearheaded by DOJ’s Money Laundering and Asset Recovery Section.  The initiative uses civil forfeiture actions to freeze, recover, and, in some cases, repatriate the proceeds of foreign corruption.  The first half of 2018 saw continued coordination between attorneys from MLARs and DOJ’s FCPA Unit, as they have been frequently appearing in one another’s enforcement actions, working hand-in-glove across section lines.  As stated by then-Acting Deputy Assistant Attorney General (now Gibson Dunn partner) M. Kendall Day in his February 6, 2018 testimony before the Senate Committee on the Judiciary, “One of the most effective ways to deter criminals . . . is to follow the criminals’ money, expose their activity and prevent their networks from benefitting from the enormous power of [the U.S.] economy and financial system.” In our 2016 and 2017 Year-End FCPA Updates, we reported on DOJ’s massive civil forfeiture action seeking to recover more than $1 billion in assets associated with Malaysian sovereign wealth fund 1Malaysia Development Berhad (“1MDB”).  In February 2018, a 300-foot superyacht allegedly bought with money stolen from 1MDB was impounded on behalf of U.S. authorities off the coast of Bali.  DOJ seeks to bring the yacht to the United States where it can be taken into U.S. government custody and sold.  In March, Hollywood production company Red Granite Pictures (the company that produced The Wolf of Wall Street) agreed to pay $60 million to resolve a civil lawsuit stemming from the DOJ’s investigation.  Red Granite was co-founded by the stepson of the Malaysian prime minister, and DOJ alleged that three of Red Granite’s productions were funded with money stolen from 1MDB. 2018 MID-YEAR FCPA-RELATED PRIVATE CIVIL LITIGATION We continue to observe that although the FCPA does not provide for a private right of action, various causes of action are employed by civil litigants in connection with losses allegedly associated with FCPA-related conduct.  A selection of matters with developments in the first half of 2018 follows. Shareholder Lawsuits Centrais Electricas Brasileiras S.A. (“Eletrobras”):  On May 2, 2018, Eletrobras entered into a $14.75 million settlement agreement with shareholders to resolve claims that the government-controlled utility made misrepresentations in its public filings regarding the company’s financials and internal controls in connection with a bid-rigging scheme for service and engineering contracts.  In a press release, Eletrobras stated that it made no admission of wrongdoing or misconduct, but entered into the agreement for the best interests of its shareholders.  A hearing on the proposed settlement is scheduled before the Honorable John G. Koeltl of the U.S. District Court for the Southern District of New York on July 17, 2018. Cobalt International Energy, Inc.:  On April 5, 2018, the U.S. Bankruptcy Court for the Southern District of Texas approved a Chapter 11 plan by Cobalt on the heels of a consolidated class action against the exploration and production company for material misrepresentations regarding an alleged bribery scheme involving Angolan officials and the true potential of the company’s Angolan wells.  In June 2017, the Honorable Nancy F. Atlas certified a class of investors who purchased the company’s securities between March 2011 and November 2014.  In February 2018, the plaintiffs voluntarily dismissed the class action without prejudice because of the bankruptcy proceedings. Embraer S.A.:  On March 30, 2018, the U.S. District Court for the Southern District of New York dismissed a class action lawsuit against Brazilian-based aircraft manufacturer Embraer, which had contended that Embraer made false statements in its securities filings pertinent to its 2016 FCPA resolution.  In dismissing the suit, the Honorable Richard M. Berman explained that a company’s filings need not constitute a wholesale “confession” and that companies “do not have a duty to disclose uncharged, unadjudicated wrongdoing.”  The Court found that Embraer properly disclosed that it might have to pay fines or incur sanctions as a result of the investigation, that the company’s financial statements were accurate, and that because Embraer’s code of ethics was “inherently aspirational,” an undisclosed breach of the code was not actionable under the securities laws. Petróleo Brasileiro S.A. – Petrobras:  On June 4, 2018, the U.S. District Court for the Southern District of New York held a final settlement hearing for a securities class action brought against Brazil’s state oil company Petrobras.  As previously reported in our 2017 Mid-Year FCPA Update, the class action plaintiffs—purchasers of Petrobras securities in the United States—alleged that Petrobras made materially false and misleading statements about its earnings and assets as part of a far-reaching money laundering and bribery scheme in Brazil.  The settlement, which does not involve any admission of wrongdoing or misconduct by Petrobras and, in fact, includes an express denial of liability, resolves these claims for a total of $2.95 billion paid by Petrobras plus an additional $50 million paid by its external auditor, PricewaterhouseCoopers Auditores Independentes (“PwC Brazil”).  In a series of opinions and orders from June 25 to July 2, 2018, the Honorable Jed S. Rakoff approved of the settlement, but reduced counsel fees for the plaintiffs by nearly $100 million, to just over $200 million total. Civil Fraud / RICO Actions Bermuda As reported in our 2017 Mid-Year FCPA Update, the Government of Bermuda filed a Racketeer Influenced and Corrupt Organizations Act (“RICO”) lawsuit in U.S. District Court for the District of Massachusetts against Lahey Clinic, Inc., alleging that, for nearly two decades, the defendants conspired with Dr. Ewart Brown—the former Premier of Bermuda, a member of Bermuda’s Parliament, and the owner of two private health clinics in Bermuda—to receive preferential treatment.  On March 8, 2018, the Honorable Indira Talwani granted Lahey’s motion to dismiss, finding the Government of Bermuda had failed to demonstrate that it had suffered an injury to its U.S.-held business or property as a result of the alleged schemes. EIG Global Energy Partners Litigation In our 2017 Mid-Year FCPA Update we covered the civil fraud lawsuit against Petrobras filed by various investment funds, including EIG Global Energy Partners, alleging the funds lost their investment in an offshore drilling project known as “Sete” as a result of the Operation Car Wash scandal.  On March 30, 2017, the U.S. District Court for the District of Columbia largely denied Petrobras’s motion to dismiss, finding in relevant part that Petrobras was not immune from civil lawsuit under the Foreign Sovereign Immunities Act (“FSIA”) because the suit concerned Petrobras’s commercial activities having a “direct effect” in the United States.  Petrobras took an interlocutory appeal of the FSIA ruling. On July 3, 2018, the U.S. Court of Appeals for the District of Columbia Circuit affirmed the judgment of the district court in a 2-1 decision authored by the Honorable Karen L. Henderson.  “Although a foreign state is presumptively immune from the jurisdiction of United States courts,” the Court held that the “direct-effect” exception to the FSIA applied on the facts as alleged by EIG in its complaint, while at the same time acknowledging that other “third-party lenders might have also injured EIG” and that the “locus” of the tort was foreign.  The Honorable David B. Sentelle filed a dissenting opinion in which he concluded that the requisite “direct effect” on U.S. commerce had not been established sufficiently to divest Petrobras of its presumptive right to immunity from suit in the U.S. courts. This is not the only RICO litigation initiated by EIG arising out of its failed Brazilian investment.  As summarized in our 2017 Year-End FCPA Update, in December 2017 Keppel Offshore & Marine Ltd. paid more than $422 million in penalties for its alleged bribery scheme with Brazilian government officials, including officials at Petrobras.  On February 6, 2018, EIG funds that had invested with Keppel filed suit in the U.S. District Court for the Southern District of New York seeking more than $660 million in damages for alleged RICO violations.  Plaintiffs allege that Keppel did not disclose its scheme to bribe Brazilian officials to secure contracts for the Sete project, and, after being discovered, the bribery scheme effectively wiped out EIG’s $221 million investment.  EIG has since amended its complaint to add additional predicate acts, and a briefing schedule for the motion to dismiss has been issued by the Honorable Paul G. Gardephe. Harvest Natural Resources On February 16, 2018, a recently-defunct Texas-based energy company, Harvest Natural Resources, Inc., filed suit in the U.S. District Court for the Southern District of Texas against various individuals and entities affiliated with the Venezuelan government and Venezuela’s state oil company, PDVSA.  The complaint alleges that, because Harvest refused to pay four separate bribes to Venezuelan officials in the pay-to-play scheme resulting in criminal prosecutions as described above, the Venezuelan government wrongfully refused to approve the sale of Harvest’s energy assets, forcing Harvest to sell the assets to a different buyer at a loss of approximately $470 million.  The complaint further alleges that by requiring bribes to approve sales, Venezuela tainted the market and made it impossible for law-abiding companies to conduct business within the country.  The complaint claims that the defendants violated both the RICO and antitrust laws. On April 30, 2018, the defendants moved to dismiss the suit for failure to state a claim.  On May 11, 2018 Chief Judge Lee H. Rosenthal granted Harvest’s motion for jurisdictional discovery to test defendants’ jurisdictional ties and contacts. Setar On March 3, 2017, Setar, N.V., filed a civil suit in the U.S. District Court for the Southern District of Florida against several individuals and entities, including Lawrence W. Parker, Jr. and former Setar official Egbert Yvan Ferdinand Koolman, who as discussed above pleaded guilty to one count of FCPA conspiracy and one count of money laundering conspiracy, respectively.  In relevant part, an amended complaint filed in February 2018 alleges that Koolman orchestrated a years-long scheme to steal more than $15 million from Setar through kickbacks and other improper means.  According to Setar’s amended complaint, when the Panama Papers (covered in our 2016 Mid-Year FCPA Update) became public and linked Koolman to a British Virgin Islands company, this led to an internal investigation that resulted in Koolman’s termination and the identification of the scheme.  Various motions to dismiss have been filed, and the proceedings are ongoing. FCPA-Related FOIA Litigation 100Reporters LLC We have been covering for several years the Freedom of Information Act (“FOIA”) lawsuit filed by media organization 100Reporters against DOJ in the U.S. District Court for the District of Columbia.  100Reporters sought records relating to DOJ’s 2008 FCPA resolution with Siemens AG and the monitorship reports prepared by Dr. Theo Waigel and his U.S. counsel, F. Joseph Warin of Gibson Dunn. As discussed in our 2017 Mid-Year FCPA Update, on March 31, 2017, the Honorable Rudolph Contreras granted defendants’ motions for summary judgment, in part, and denied in its entirety 100Reporters’ cross-motion for summary judgment.  The Court accepted Gibson Dunn’s position on behalf of Dr. Waigel that the “consultant corollary” to the deliberative process privilege may extend to communications between a government agency and an independent monitor and thereby shield information from disclosure under FOIA Exemption 5—the first time a court has applied the consultant corollary to a compliance monitor.  Judge Contreras denied summary judgment on these grounds because DOJ did not specifically identify the deliberative process at issue with respect to each type of documents withheld by DOJ, and left the door open for defendants to submit further affidavits to support this argument.  The Court also ordered DOJ to submit a copy of one monitorship work plan and one monitorship report for in camera review to assess whether any of the withheld materials could be segregated from non-exempt material. In response to the Court’s order, DOJ submitted two new declarations from DOJ personnel involved in the monitorship, an amended chronology of events supporting the deliberative process privilege, and the materials required for in camera review.  DOJ and 100Reporters filed renewed cross-motions for summary judgment. On June 18, 2018, the Court granted in part and denied in part both sets of cross-motions for summary judgment.  Judge Contreras scrutinized the materials submitted by DOJ and held that DOJ’s Exemption 4 withholdings were overbroad and although DOJ had justified withholding certain information under Exemption 5, those withholdings also were overbroad.  Ultimately, the Court determined that certain materials should be produced to 100Reporters; however, the Court determined that DOJ properly withheld the monitorship reports themselves (aside from a single, brief “best practices” subsection of each report), as well as draft work plans, presentations by the Monitor to DOJ, and correspondence among the Monitor, monitorship team, and DOJ.  Thus, the core monitorship materials, including the monitorship reports, will be withheld.  Judge Contreras ordered DOJ to reexamine its withholdings and redactions in light of the Court’s guidance and disclose the newly identified non-exempt information to 100Reporters. Monitor Candidates As covered in our 2016 Year-End and 2017 Mid-Year FCPA Updates, GIR Just Anti-Corruption journalist Dylan Tokar filed a December 2016 FOIA lawsuit in the U.S. District Court for the District of Columbia seeking disclosure of the names of corporate compliance monitor candidates submitted by 15 companies that settled FCPA charges through agreements that contained a monitorship requirement, as well as information regarding the DOJ committee tasked with evaluating and selecting such candidates.  In 2017, DOJ provided the identity of some of the firms associated with the monitorship candidates and certain information about the DOJ committee—but withheld the names of the candidates who were not selected, citing privacy concerns reflected in FOIA Exemptions 6 and 7(C).  When DOJ refused to answer a second request for the candidate names, the parties cross-moved for summary judgment. On March 29, 2018, the Honorable Rudolph Contreras granted GIR Just Anti-Corruption‘s motion for summary judgment.  The Court rejected DOJ’s contention that the FOIA request would not lead to enhanced public understanding of the monitor selection process, instead concluding that GIR Just Anti-Corruption “sufficiently demonstrated that the public interest will be significantly served by the release of these names.”  The Court also rejected DOJ’s argument that its refusal to disclose the names of monitorship candidates fell under FOIA exemption 7(C), which traditionally shields individuals from the stigma of being associated with an ongoing investigation.  The Court denied the majority of DOJ’s cross-motion for summary judgment with the exception of granting DOJ’s argument regarding redaction of information relating to efforts by one of the companies to enhance its compliance program on trade secrets grounds.  DOJ released the names to GIR Just Anti-Corruption in June 2018. 2018 MID-YEAR INTERNATIONAL ANTI-CORRUPTION DEVELOPMENTS World Bank Integrity Vice Presidency Expands Consideration of Monitor Candidates In March 2018, the World Bank—through Integrity Vice Presidency (“INT”) head Pascale Hélène Dubois—changed course regarding those it will allow to serve as a compliance monitor for companies sanctioned by the World Bank.  Ms. Dubois explained in a written response to GIR Just Anti-Corruption that the World Bank now will consider representatives of law firms with concurrent cases before INT, so long as the individuals proposed as monitors are not currently advising on those cases.  By revising the prior approach of informally disqualifying candidates from firms that had faced INT as adversaries in sanctions proceedings, the World Bank has broadened the pool of potential candidates. Also in March, the World Bank Office of Suspension and Debarment (“OSD”) released a 10-year update of metrics regarding OSD’s role in World Bank enforcement.  The report illustrates the depth and breadth of efforts by the World Bank to ensure that those who participate in projects financed with World Bank funds play by World Bank rules, but also shows the difficulty of successfully challenging INT allegations of misconduct:  historically, OSD has agreed with the preliminary determinations of INT—agreeing in 96% of cases that INT had presented sufficient evidence for at least one claim set forth, and in 62% of cases that INT had presented sufficient evidence for all claims set forth. Europe United Kingdom As we reported in our 2017 Year-End United Kingdom White Collar Crime Update, last year six individuals were charged by the UK Serious Fraud Office (“SFO”) in connection with investigations of Unaoil.  The first half of 2018 brought additional developments in this investigation.  On May 22, 2018, the SFO announced charges against Basil Al Jarah (Unaoil’s Iraq partner) and Ziad Akle (Unaoil’s territory manager for Iraq) for conspiracy to pay alleged bribes to secure a $733 million contract to build two oil pipelines in Iraq.  And on June 26, 2018, the SFO announced charges against Unaoil Monaco SAM and Unaoil Ltd.  Unaoil Ltd was charged in connection with the same oil pipeline project, while Unaoil Monaco SAM was charged with conspiracy to make corrupt payments to secure the award of contracts for SBM Offshore.  Unaoil has been summoned to appear at the Westminster magistrates court in London on July 18, 2018. In other enforcement developments, following a three-day trial in the High Court in London, in March 2018 the SFO secured recovery of £4.4 million from two senior Chad diplomats to the United States who received bribes from Canadian oil and gas company Griffiths Energy International in exchange for securing oil development rights.  This is the first time that money was returned overseas in a civil recovery case.  As reported in our 2013 Year-End FCPA Update, on January 22, 2013 Griffiths entered a guilty plea in Canada and paid a CAD $10.35 million fine in connection with the alleged bribery. Look for much more on UK white collar developments in our forthcoming 2018 Mid-Year United Kingdom White Collar Crime Update, to be released on July 16, 2018. France As discussed above, in June 2018 SocGen entered into a deferred prosecution agreement with DOJ and reached a parallel settlement with the French PNF in the first coordinated enforcement action by DOJ and French authorities in an overseas anti-corruption case.  SocGen will also be subject to ongoing monitoring by the L’Agence Française Anticorruption. In two decisions this year, France’s Supreme Court—the Cour de Cassation—limited the use of “international double jeopardy” as a viable defense to criminal prosecution.  French law provides that a criminal conviction in another country will preclude prosecution in France if no act related to the conduct took place in France.  But in March 2018, the French Court ruled that the Swiss company Vitol could be prosecuted for charges related to its involvement in the U.N. Oil-for-Food Program, despite having entered a guilty plea for grand larceny in New York based on the same facts.  The case spent more than five years in French courts before the Supreme Court ruled that the International Covenant on Civil and Political Rights, to which France is a signatory, prevents double jeopardy on similar charges for “unique facts” and applies “only in cases where both proceedings were initiated in the territory of the same State.”  The decision thus appears to end the protection against prosecution in France for the same conduct that had given rise to proceedings in the United States. The 2018 Vitol decision resembled another recent ruling in which the French Supreme Court overturned a lower court’s refusal to hear the case against British-Israeli lawyer Jeffrey Tesler, who pleaded guilty in the United States to charges of bribing Nigerian officials.  As we reported in our 2017 Mid-Year FCPA Update, the Paris Court of Appeals had previously held that the prosecution of Tesler was precluded by his 2011 plea agreement entered in U.S. court, suggesting that the U.S. plea was essentially involuntary and precluded him from fairly defending himself in France.  On January 17, 2018, the French Supreme Court reversed that ruling, noting that Tesler had not been deprived of his right to a fair trial because his appearance in French courts was not dictated by the terms of the U.S. plea agreement.  Furthermore, because some of the corrupt acts had been committed in France, the U.S. plea deal did not preclude French prosecution. Germany In February 2018, the German unit of French aerospace multinational Airbus SE agreed to pay $99 million to resolve a six-year bribery investigation by German prosecutors into a 2003 deal to sell fighter jets to Austria.  Although prosecutors conceded that they had identified no evidence that bribes were used to secure the 2003 contract, they accused Airbus management of supervisory negligence in allowing employees to make large payments linked to the deal for “unclear purposes.”  Airbus continues to face ongoing litigation in Austria, where the Austrian government is seeking more than $1 billion in damages from Airbus in connection with the 2003 deal. Russia One of Russia’s semiautonomous republics, Dagestan, has become embroiled in a major corruption scandal, with the arrest of numerous high-ranking local government officials, including the acting prime minister, his two deputies, and the mayor of Makhachkala (Dagestan’s capital).  In Moscow, Alexander Drymanov, a high-level official within Russia’s Investigative Committee (“IC”) known to be very close to Alexander Bastrykin, the head of the IC, resigned from his position in early June.  His resignation has been widely linked to allegations that Drymanov and other IC officers accepted bribes from the ringleader of a prominent criminal syndicate to ensure the release of a member of this syndicate.  Additionally, in March 2018, Drymanov’s former deputy told federal investigators of payments he had made in exchange for favorable treatment from Drymanov.  Drymanov has characterized his departure as retirement; however, news reports suggest his removal is part of a coordinated attack against Bastrykin by other law enforcement agencies, such as the General Prosecutor’s Office and the FSB (the KGB’s successor). Ukraine Ukraine’s parliament passed a bill to establish an anti-corruption court on June 7, 2018, which President Petro Poroshenko signed into law four days later.  This court will become the fourth anti-corruption institution launched in Ukraine since 2014, following the establishment of the National Anti-Corruption Bureau of Ukraine (“NABU”), the Specialized Anti-Corruption Prosecutor’s Office (“SAPO”), and the National Agency on Corruption Prevention (“NAZK”).  There is hope that the new court will address one of the NABU’s key complaints:  that, despite investigations into and arrests of corrupt officials, these efforts are being wasted due to corrupt judges who help the officials escape justice.  The newly passed law creates certain mechanisms intended to ensure that the anti-corruption court’s judges remain impartial and do not become beholden to political or financial influence.  Most notably, candidates for appointment to this court are subject to vetting by and interviews with a panel of six international experts.  If three of the six raise concerns about a nominee’s integrity or background, they may vote to block the candidacy, which result can be reversed only following further deliberations and a repeat vote. Despite the generally positive reaction to this piece of legislation, commentators have voiced concerns over one provision added to the bill at the last moment, whereby regular courts will retain jurisdiction over ongoing corruption cases, and any resulting appeals also will be heard in courts of general jurisdiction, rather than the appellate branch of the anti-corruption court.  Anti-corruption activists have expressed outrage at the furtive way in which this provision became part of the law—it was absent from the version of the law read to members of parliament prior to their vote—and have suggested its purpose is to enable the acquittal of certain indicted individuals, already on (or awaiting) trial, by courts of general jurisdiction. The Americas Argentina A federal magistrate in Argentina has charged former President Cristina Fernández de Kirchner and her children with money laundering and ordered millions in assets seized.  In another enforcement proceeding, the Anticorruption Office is seeking a prison sentence of five-and-a-half years, along with permanent disqualification from public office, against ex-Vice President and former Minister of Finance Amado Boudou after his conviction for “passive bribery” and “transactions incompatible with the exercise of public functions.”  The sentencing follows a trial concerning Boudou’s purchase of 70% of a then-bankrupt government contractor and his subsequent actions to have the bankruptcy lifted so that the contractor could again participate in federal government contracts. As covered in our Key 2017 Developments in Latin American Anti-Corruption Enforcement client alert, Argentina has passed sweeping new anti-corruption legislation under which legal entities are strictly liable for crimes such as bribery, extortion, or illicit enrichment of public officials that are committed, directly or indirectly, in their name, interest, or benefit.  Punishment for violating the law may result in one or a combination of criminal fines, suspension of state benefits, debarment, and dissolution.  To be exempt from penalties and administrative responsibility under the new law, legal entities must be able to demonstrate that they reported the wrongdoing as a result of a proper internal investigation; implemented a compliance program prior to commission of the act in question; and returned the benefit that was wrongfully obtained.  Companies facing possible sanctions may mitigate their punishment by cooperating in an active investigation.  Such cooperation includes disclosing accurate, actionable information that sheds further light on potential wrongdoing, recovery of assets, or identification of individual offenders. Articles 22 and 23 of the new law outline requirements for compliance or “integrity” programs.  The programs should be designed to prevent, detect, and correct irregularities and illicit acts taken by the corporation, its representatives, or third parties that confer a benefit to the company.  To receive exemption from any penalties under the law, companies must create internal compliance reporting methods and develop procedures to investigate reports.  The law requires that the compliance or integrity program contain at least (1) a code of conduct; (2) rules and procedures to prevent illicit acts in the course of bidding for administrative contracts, or in any other interaction with the public sector; and (3) periodic training programs for directors, administrators, and staff. Brazil Despite facing economic and political uncertainty, Brazil remains a driving force in global anti-corruption efforts.  Brazilian law enforcement entities across the country increasingly are cooperating with each other, as well as with dozens of foreign enforcement authorities.  Operation Lava Jato (Car Wash), now in its fifth year, continues to accumulate convictions related to a vast corruption scheme that exploited contracts with Brazil’s state-owned oil company, Petrobras.  So far, prosecutors have charged approximately 400 individuals and obtained more than 200 convictions on charges including corruption, money laundering, and abuse of the international financial system.  Building on its previous efforts, the Car Wash Task Force has initiated four new phases of Car Wash in 2018, many of which dig deeper into allegations that came to light in previous phases. We discussed in our 2017 Year-End FCPA Update the conviction of President Luiz Inácio Lula da Silva on corruption and money laundering charges.  Despite his conviction, Lula remained the front-runner for Brazil’s October 2018 presidential election.  In April 2018, however, Lula was ordered to turn himself in and begin serving his 12-year prison sentence.  Now in prison and with little hope of successfully appealing his conviction, it is unlikely Lula will be eligible to run for the presidency. Brazilian authorities also have expanded Operation Carne Fraca (“Weak Flesh”), which covers allegations of bribery in the Brazilian meatpacking industry to evade food safety inspections.  After launching the investigation in 2017, authorities carried out a third investigative phase in March 2018.  The new phase focused on Brazilian food processing giant BRF, with police arresting former BRF CEO Pedro de Andrade Faria, former BRF Vice President of Global Operations Helio dos Santos, and other executives.  Meanwhile, authorities have continued to investigate Brazilian meatpacking company JBS and its parent company, J & F Investimentos.  Its former executives and part owners Joesley and Wesley Batista—who were targets of earlier phases of Weak Flesh, as reported in our 2017 Year-End FCPA Update, and had been in prison since 2017—were released from prison after their prison sentences were commuted to house arrest in February 2018.  In May 2018, Brazilian authorities again arrested Joesley Batista, charging him with corruption, money laundering, and obstruction of justice.  Additional charges are expected, particularly as additional Brazilian law enforcement entities join the investigations. Canada In February 2018, Public Services and Procurement Canada (“PSPC”), the division of the Canadian government responsible for internal administration, announced that it would introduce legislation to adopt the use of deferred prosecution agreements as a new tool to penalize corporate wrongdoing.  The proposed program, known as the Remediation Agreement Regime, is intended to encourage companies to voluntarily disclose potential misconduct by offering a potential alternative to criminal conviction and debarment.  Legislation to adopt the Regime was introduced in March 2018.  Under the proposed bill, “remediation agreements” would be subject to prosecutorial discretion and, as in the United Kingdom, would require judicial approval and oversight.  Notably, only certain economic crimes—bribery, fraud, insider trading, and books-and-records violations, among others—would be eligible for deferred prosecution under the current draft of the bill. In addition to proposing the adoption of deferred prosecution agreements, PSPC in March further announced it would work to enhance the government-wide “Integrity Regime” debarment program.  Under the current program, companies convicted of certain white collar offenses are banned from bidding on government contracts for a period of 10 years, which can be reduced to a five-year ban in certain circumstances.  According to a March 2018 press release, enhancements to the program will include increasing the number of triggers that can lead to debarment, as well as introducing greater flexibility in debarment decisions.  A detailed description of the Integrity Regime’s new provisions will be included in a revised Ineligibility and Suspension Policy to be published on November 15, 2018.  The enhanced program will come into effect on January 1, 2019. Colombia As reported in our 2017 Mid-Year FCPA Update, former National Director of Anti-Corruption for Colombia’s Office of the Attorney General Luis Gustavo Moreno Rivera was charged in U.S. federal court with conspiracy to commit money laundering and related charges in June 2017.  On May 18, 2018, Moreno was extradited from Bogotá to Miami on charges stemming from an alleged bribery scheme.  Moreno and his purported middleman, Colombian attorney Leonardo Luis Pinilla Gomez, are accused of receiving a $10,000 bribe in a Miami mall bathroom in exchange for confidential information, including witness statements, from Moreno’s corruption investigation of former Córdoba governor Alejandro Lyons Muskus.  The exchange allegedly was a down payment for a $132,000 deal, in which Moreno agreed to discredit a witness in a case against Lyons before the IRS.  Recorded conversations purportedly capture Moreno and Pinilla discussing Moreno’s ability to control and obstruct the investigation.  Moreno and Pinilla were arraigned in Miami in late May and face wire fraud and money laundering-related charges. In August 2018, Colombia will hold a public referendum allowing citizens to vote on seven proposals aimed at combating graft and corruption.  The referendum will include provisions amending prison sentences and imposing lifelong bans on government employment for individuals found guilty of corruption, lower salaries for legislators and senior government officials, terms limits for holding office in public companies, and greater transparency in the bidding processes for government contracts. Guatemala Corruption investigations in Guatemala continued to face obstacles in early 2018.  As noted in our 2017 Year-End FCPA Update, President Jimmy Morales attempted to expel from Guatemala Iván Velásquez, a Colombian prosecutor and head of the International Commission Against Impunity (known by its Spanish acronym “CICIG”), on August 27, 2017.  CICIG is a U.N. commission created in 2006 to investigate corruption in the Guatemalan government.  The attempted expulsion came after Velásquez and Guatemalan Attorney General Thelma Aldana announced an investigation into Morales for illegal campaign financing.  Though the Guatemalan Supreme Court blocked the expulsion and other attempts to prevent investigations into Morales, CICIG remains embattled. In March 2018, the Guatemalan government removed 11 national police investigators from CICIG, disrupting the investigation into Morales and other high-ranking government officials.  Additionally, U.S. Senator Marco Rubio has placed $6 million in U.S. aid to CICIG, which represents a third of its annual budget, on hold, citing suspected manipulation of CICIG by Russian bank VTB to politically persecute a Russian family.  Rubio’s concerns stem from CICIG’s involvement in the criminal conviction of the Bitkov family, Russian nationals found guilty of purchasing false Guatemalan passports and entering Guatemala illegally after the state-owned Russian bank targeted their paper business. Despite these challenges, CICIG has moved forward with other investigations.  In February, former President Álvaro Colom and nine members of his cabinet were arrested.  Among them is Juan Alberto Fuentes Knight, a former finance minister and current chairman of Oxfam International.  The investigation concerns a $35 million deal for a public bus system in Guatemala City.  Prosecutors allege that nearly a third of the funding was spent on equipment that went unused. Honduras The Organization of American States Mission to Support the Fight Against Corruption and Impunity in Honduras (known by its Spanish-language acronym, “MACCIH”) has faced a number of setbacks over the past six months.  In December 2017, MACCIH and the Public Ministry (national prosecutors) indicted five outgoing members of the Honduran Congress for misappropriating public funds in a case known as Red de Diputados.  Around the time of the announcement, then-Spokesman and Head of MACCIH Juan Jiménez Mayor said that between 60 and 140 additional legislators were under investigation as part of the corruption probe.  Shortly thereafter, Congress passed a law blocking MACCIH from assisting the Public Ministry, and ordering the Tribunal Superior de Cuentas (“TSC”)—a government body dominated by ruling party stalwarts—to engage in an audit of the funds that Congress members have received since 2006.  The new measure shields members of Congress from legal action until the TSC concludes its investigation, which may take several years.  Citing the new law, the judge overseeing the Red de Diputados case released the five indicted congresspersons and postponed their trial.  On February 15, 2018, MACCIH’s director, Jiménez Mayor, announced in an open letter that he was resigning from the organization as a result of the challenges of working with the Honduran government and a lack of support from OAS Secretary General Luis Almagro Lemes. In late May 2018, the Honduran Supreme Court partially invalidated an agreement that created the Fiscal Unit Against Impunity and Corruption (“UFECIC”), the entity within the Public Ministry that worked with MACCIH.  The controversial ruling came in response to a legal challenge to MACCIH brought by three individuals accused by prosecutors and MACCIH of embezzling money in connection with the Red de Diputados case.  The plaintiffs argued that MACCIH should be declared unconstitutional because it violated Honduras’ sovereignty and the independence of its governmental organizations.  Though the court rejected that argument, it determined that the UFECIC, by serving as MACCIH’s investigative arm, impermissibly delegated constitutional functions to MACCIH and thus should be invalidated.  The Supreme Court’s decision followed lobbying by members of Honduras’s Congress—many of whom were being investigated by MACCIH—to invalidate the entire anti-corruption mission.  The opinion has been criticized by anti-corruption advocates. Mexico On May 18, 2018, the Mexican government published new requirements for companies wishing to contract with Petróleos Mexicanos (“PEMEX”), the Mexican state-owned oil company and a subject of numerous FCPA enforcement actions.  The new rules require parties contracting with PEMEX to have compliance programs designed to prevent and detect any instances of corruption.  The compliance program must remain in force for the duration of the contract with PEMEX and PEMEX has the power to verify the program.  The newly published regulations do not specify requirements for the compliance program, though one guidepost may be the Mexican Ministry of Public Administration’s Model Program for Company Integrity in the recently passed General Law of Administrative Responsibility (“GLAR”).  As discussed in our Key 2017 Developments in Latin American Corruption Enforcement client alert, the Model Program calls for clearly written anti-corruption policies and procedures, training, and avenues for reporting potential misconduct. In October 2017, Santiago Nieto was fired from his post as Special Prosecutor for Electoral Crimes.  Nieto claimed that his firing was politically motivated to halt his investigation into whether funds solicited by Emilio Lozoya Austin—CEO of PEMEX—were used to finance President Enrique Peña Nieto’s 2012 campaign.  This May, the Mexican government initiated an investigation against Lozoya, which remains ongoing.  Lozoya is alleged to have requested and received millions of dollars of improper payments from the Brazilian construction firm Odebrecht.  Nevertheless, the Mexican government has thus far not pursued further investigations into whether government officials accepted bribes from Odebrecht.  In April, Mexico issued administrative sanctions against Odebrecht, barring the company from doing business in the country for at least two years and three months.  The Mexican government also has fined Odebrecht $30 million. Peru Peruvian President Pedro Pablo Kuczynski resigned on March 21, 2018, the day before a scheduled congressional impeachment vote.  As reported in our 2017 Year-End FCPA Update, Kuczynski has been the subject of an investigation involving former Odebrecht CEO Marcelo Odebrecht‘s alleged payment of $29 million in bribes to Peruvian officials, including Kuczynski and former presidents Ollanta Humala and Alejandro Toledo.  Kuczsynski’s resignation followed quickly after surreptitiously recorded videos purported to show his colleagues, including Peruvian congressman Kenji Fujimori, bribing opponents with public contracts in exchange for voting against his impeachment in the 2018 vote.  Martín Vizcarra, the Vice-President, assumed the Peruvian presidency in Kuczynski’s place and will serve out his term through 2021. On June 10, 2018, Peruvian prosecutors formally opened an investigation into Kuczynski, Toledo, and former president Alan García for allegedly accepting bribes from Odebrecht.  The three former Peruvian Presidents are suspected of promising construction contracts in exchange for undeclared campaign contributions.  Humala already was under investigation for similar allegations; he and his wife were arrested in July 2017 but were released in May 2018 because no formal charges had yet been filed against them.  Toledo, who has been living in the United States, continues to fight extradition to Peru. Asia Bangladesh Bangladesh’s former two-term Prime Minister, Khaleda Zia, was sentenced to a five-year prison term in February 2018.  Zia had been convicted of embezzling donations meant for an orphanage trust established during her term as Prime Minister.  In March 2018, a Bangladeshi court granted bail to Zia, prompting hopes that she could participate in a December general election.  Despite a decision by the  Bangladeshi Supreme Court upholding a lower court’s decision to grant Zia bail, Zia remains imprisoned as her bail related to other charges has been denied.  Zia faces more than 30 separate inquiries into allegations of violence and corruption. China China’s anti-corruption campaign continues to be a priority as Xi Jinping moves into his second term.  Following the nationwide pilot scheme of the National Supervisory System rolled out in November 2017, in March 2018 the National People’s Congress (“NPC”) passed the Supervision Law of the People’s Republic of China (“PRC Supervision Law”) and at the same time amended the Chinese Constitution.  This provided legal and constitutional foundation for the National Supervisory System.  Supervisory Commissions at national and local levels are a new organ of the state and have jurisdiction to investigate corruption by all public servants in China, including those who are not party members.  Supervisory commissions have broad investigative powers to conduct interviews and interrogations, carry out inquiries and searches, freeze assets, obtain, seal/block and seize properties, records and evidence, conduct inquests, inspections and forensic examinations, and to detain individuals under a new mechanism known as “Liu Zhi.”  The 2018 NPC also approved a wide ranging reorganization of the Ministries under the State Council.  This means that enforcement of commercial bribery offenses under the Anti-Unfair Competition Law will now be carried out by the new State Administration for Market Regulation and its local counterparts. The first half of 2018 has also seen prosecution and sentencing of a number of high-profile individuals for corruption offenses.  Most notably in May 2018, Sun Zhengcai, a former member of the Politburo, was sentenced to life for bribery.  Sun had served as party chief of Chongqing, succeeding Bo Xilai who was sentenced to life imprisonment for corruption offenses in 2013.  He is the first serving member of the Politburo to be targeted by the campaign.  Xiang Junbo, the former Chairman of China’s now-defunct insurance regulator and the highest-ranking finance official snared in China’s anti-corruption campaign, has pleaded guilty to taking bribes and is awaiting sentencing. India In February 2018, the Central Bureau of Investigation (“CBI”) registered a case against executives of the Indian subsidiary of U.S.-based engineering and construction firm CDM Smith, as well as officials of the National Highways Authority of India (“NHAI”).  According to the CBI, CDM Smith paid bribes through its Indian subsidiary to various officials of the NHAI to secure infrastructure contracts between 2011 and 2016. The CDM Smith executives that stand accused allegedly disguised their bribes as “allowable business expenses” on their income tax returns.  The CBI enforcement action follows the 2016 Pilot Program declination with CDM Smith (covered in our 2017 Mid-Year FCPA Update) in which CDM Smith agreed to disgorge just over $4 million in profits in connection with the alleged improper payments to the NHAI. On April 4, 2018, the Indian government sought to pass the Prevention of Corruption (Amendment) Bill, 2013 (discussed in our 2016 Year-End FCPA Update) at a parliamentary session held at the Rajya Sabha (otherwise known as the Council of States, the upper house of the Indian Parliament).  The proposed law would introduce specific offenses and fines for commercial organizations engaging in bribery in India, create a specific offense for offering a bribe, and provide for criminal liability for company management of companies engaging in corrupt practices.  However, the Bill failed to be passed.  The Bill’s prospects of passage remain unclear. Korea The first half of 2018 saw a number of high-profile charges and convictions for corruption-related offenses.  As reported in our 2017 Year-End FCPA Update, then-President Park Geun-Hye was impeached in December 2016 amid allegations of influence peddling and corruption.  In April 2018, Park was convicted of 16 corruption-related offenses, including abuse of power, bribery, and coercion.  She was sentenced to 24 years’ imprisonment and a fine of KRW 18 billion (approximately $16 million).  Park decided not to appeal her sentence and is currently serving her jail term.  Choi Soon-Sil, Park’s friend and advisor who was accused of coercing Korean conglomerates into donating millions of dollars to charitable organizations connected to the former President, was sentenced in February 2018 to 20 years’ imprisonment for influence peddling, abuse of power, and corruption. In March 2018, another former Korean President, Lee Myung-Bak, was arrested on multiple charges of corruption, including bribery, embezzlement, tax evasion, and abuse of power.  Lee allegedly received more than KRW 11 billion (approximately $10 million) in bribes before and during his presidency.  Lee’s trial began at the end of May 2018 and is ongoing. As reported in our 2017 Year-End FCPA Update, Samsung Electronics Vice Chairman Lee Jae Yong was convicted of bribery and related charges and sentenced to five years’ imprisonment in August 2017.  In an unexpected turn of events, Lee was released from prison in February 2018, after the Seoul High Court halved his jail term to 2.5 years and suspended his sentence on appeal.  In contrast, Lotte Group’s Chairman Shin Dong Bin was convicted of bribery and sentenced to 30 months’ imprisonment and a fine of KRW 7 billion (approximately $6.5 million) in February 2018.  The court found that he paid KRW 7 billion (approximately $6.5 million) to Choi Soon-Sil’s K Sports Foundation in return for Park’s support of reissuing Lotte’s business permit to operate its duty-free stores.  Shin remains imprisoned while his appeal of the sentence continues. Middle East and Africa Israel In January 2018, the Office of Israel’s Tax and Economic Prosecutor announced that it reached a Conditional Agreement with Teva Pharmaceuticals Industries Ltd, the world’s largest manufacturer of generic pharmaceutical products.  The agreement arose from alleged corrupt payments made between 2002 and 2012 to high-ranking ministry of health officials in Russia and Ukraine to influence the approval of drug registrations, as well as to state-employed physicians in Mexico to influence the prescription of products.  As part of the agreement with Israeli authorities, Teva agreed to pay a fine of approximately $22 million, on top of the $519 million it paid to resolve FCPA charges arising from the same conduct, as covered in our 2016 Year-End FCPA Update.  This was the second enforcement action brought under Israel’s foreign bribery statute and the first involving a Conditional Agreement.  Israeli prosecutors stated that the decision to enter into a Conditional Agreement with Teva was based on various factors, including the large penalty already paid to U.S. authorities, Teva’s cooperation and remediation, and recent financial hardships incurred by Teva. Saudi Arabia Earlier this year, Saudi officials began taking steps to conclude a large anti-corruption probe initiated in November 2017 by Saudi Arabian Crown Prince Mohammed bin Salman that involved the detainment and questioning of hundreds of influential Saudis (covered in our 2017 Year-End FCPA Update).  According to one prosecutor, the government reached settlements worth $106 billion as a result of the probe.  Although most detainees have been released, some remain in custody pending trial.  Some analysts have viewed the corruption campaign as a power grab by Prince Mohammed, but the Saudi government insists its focus is combating endemic corruption.  In March 2018, Saudi officials announced that new anti-corruption departments were added to the Attorney General’s office in furtherance of King Salman and Crown Prince Mohammed’s goal to eradicate corruption. South Africa In April 2018, South African officials announced the reopening of a corruption investigation involving alleged abuse of public funds for a dairy farm in Vrede.  The investigation initially focused on Ace Magashule, secretary general of the African National Congress, and Mosebenzi Joseph Zwane, the former minister of mineral resources.  According to prosecutors, the dairy farm project was intended to help black farmers but instead funneled $21 million to business allies of the African National Congress.  As part of the investigation, prosecutors seized $21 million from three brothers known to be family friends and political allies of South Africa’s former President Jacob Zuma, who was ousted in February 2018 in connection with corruption allegations. CONCLUSION As is our semiannual tradition, over the following weeks Gibson Dunn will be publishing a series of enforcement updates for the benefit of our clients and friends as follows: Tuesday, July 10 – 2018 Mid-Year Update on Corporate NPAs and DPAs; Wednesday, July 11 – 2018 Mid-Year False Claims Act Update; Thursday, July 12 – Developments in the Defense of Financial Institutions; Friday, July 13 – 2018 Mid-Year Class Actions Update; Monday, July 16 – 2018 Mid-Year UK White Collar Crime Update; Tuesday, July 17 – 2018 Mid-Year Media and Entertainment Update; Wednesday, July 18 – 2018 Mid-Year Securities Litigation Update; Thursday, July 19 – 2018 Mid-Year Government Contracts Litigation Update; Monday, July 23 – 2018 Mid-Year UK Labor & Employment Update; Tuesday, July 24 – 2018 Mid-Year Shareholder Activism Update; Thursday, July 26 – 2018 Mid-Year Healthcare Compliance and Enforcement Update – Providers; Friday, July 27 – 2018 Mid-Year Securities Enforcement Update; and Wednesday, August 1 – 2018 Mid-Year FDA and Health Care Compliance and Enforcement Update – Drugs and Devices. The following Gibson Dunn lawyers assisted in preparing this client update: F. Joseph Warin, John Chesley, Richard Grime, Christopher Sullivan, Jacob Arber, Elissa Baur, Josh Burk, Ella Alves Capone, Claire Chapla, Grace Chow, Stephanie Connor, Daniel Harris, William Hart, Patricia Herold, Korina Holmes, Derek Kraft, Miranda Lievsay, Zachariah Lloyd, Lora MacDonald, Andrei Malikov, Michael Marron, Jesse Melman, Steve Melrose, Jaclyn Neely, Jonathan Newmark, Nick Parker, Jeffrey Rosenberg, Rebecca Sambrook, Emily Seo, Jason Smith, Pedro Soto, Laura Sturges, Karthik Ashwin Thiagarajan, Caitlin Walgamuth, Alina Wattenberg, Oliver Welch, Oleh Vretsona, and Carissa Yuk. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues.  We have more than 110 attorneys with FCPA experience, including a number of former federal prosecutors and SEC officials, spread throughout the firm’s domestic and international offices.  Please contact the Gibson Dunn attorney with whom you work, or any of the following leaders and members of the FCPA group: Washington, D.C. F. Joseph Warin – Co-Chair (+1 202-887-3609, fwarin@gibsondunn.com) Richard W. Grime (+1 202-955-8219, rgrime@gibsondunn.com) Patrick F. Stokes (+1 202-955-8504, pstokes@gibsondunn.com) Judith A. Lee (+1 202-887-3591, jalee@gibsondunn.com) David P. Burns (+1 202-887-3786, dburns@gibsondunn.com) David Debold (+1 202-955-8551, ddebold@gibsondunn.com) Michael S. Diamant (+1 202-887-3604, mdiamant@gibsondunn.com) John W.F. Chesley (+1 202-887-3788, jchesley@gibsondunn.com) Daniel P. Chung (+1 202-887-3729, dchung@gibsondunn.com) Stephanie Brooker (+1 202-887-3502, sbrooker@gibsondunn.com) M. Kendall Day (+1 202-955-8220, kday@gibsondunn.com) Stuart F. Delery (+1 202-887-3650, sdelery@gibsondunn.com) Adam M. Smith (+1 202-887-3547, asmith@gibsondunn.com) Oleh Vretsona (+1 202-887-3779, ovretsona@gibsondunn.com) Christopher W.H. Sullivan (+1 202-887-3625, csullivan@gibsondunn.com) Courtney M. Brown (+1 202-955-8685, cmbrown@gibsondunn.com) Jason H. Smith (+1 202-887-3576, jsmith@gibsondunn.com) Ella Alves Capone (+1 202-887-3511, ecapone@gibsondunn.com) Pedro G. Soto (+1 202-955-8661, psoto@gibsondunn.com) New York Reed Brodsky (+1 212-351-5334, rbrodsky@gibsondunn.com) Joel M. Cohen (+1 212-351-2664, jcohen@gibsondunn.com) Lee G. Dunst (+1 212-351-3824, ldunst@gibsondunn.com) Mark A. Kirsch (+1 212-351-2662, mkirsch@gibsondunn.com) Alexander H. Southwell (+1 212-351-3981, asouthwell@gibsondunn.com) Lawrence J. Zweifach (+1 212-351-2625, lzweifach@gibsondunn.com) Daniel P. Harris (+1 212-351-2632, dpharris@gibsondunn.com) Denver Robert C. Blume (+1 303-298-5758, rblume@gibsondunn.com) John D.W. Partridge (+1 303-298-5931, jpartridge@gibsondunn.com) Ryan T. Bergsieker (+1 303-298-5774, rbergsieker@gibsondunn.com) Laura M. Sturges (+1 303-298-5929, lsturges@gibsondunn.com) Los Angeles Debra Wong Yang – Co-Chair (+1 213-229-7472, dwongyang@gibsondunn.com) Marcellus McRae (+1 213-229-7675, mmcrae@gibsondunn.com) Michael M. Farhang (+1 213-229-7005, mfarhang@gibsondunn.com) Douglas Fuchs (+1 213-229-7605, dfuchs@gibsondunn.com) San Francisco Winston Y. Chan (+1 415-393-8362, wchan@gibsondunn.com) Thad A. Davis (+1 415-393-8251, tadavis@gibsondunn.com) Marc J. Fagel (+1 415-393-8332, mfagel@gibsondunn.com) Charles J. Stevens – Co-Chair (+1 415-393-8391, cstevens@gibsondunn.com) Michael Li-Ming Wong (+1 415-393-8333, mwong@gibsondunn.com) Palo Alto Benjamin Wagner (+1 650-849-5395, bwagner@gibsondunn.com) London Patrick Doris (+44 20 7071 4276, pdoris@gibsondunn.com) Charlie Falconer (+44 20 7071 4270, cfalconer@gibsondunn.com) Sacha Harber-Kelly (+44 20 7071 4205, sharber-kelly@gibsondunn.com) Philip Rocher (+44 20 7071 4202, procher@gibsondunn.com) Steve Melrose (+44 (0)20 7071 4219, smelrose@gibsondunn.com) Paris Benoît Fleury (+33 1 56 43 13 00, bfleury@gibsondunn.com) Bernard Grinspan (+33 1 56 43 13 00, bgrinspan@gibsondunn.com) Jean-Philippe Robé (+33 1 56 43 13 00, jrobe@gibsondunn.com) Audrey Obadia-Zerbib (+33 1 56 43 13 00, aobadia-zerbib@gibsondunn.com) Munich Benno Schwarz (+49 89 189 33-110, bschwarz@gibsondunn.com) Michael Walther (+49 89 189 33-180, mwalther@gibsondunn.com) Mark Zimmer (+49 89 189 33-130, mzimmer@gibsondunn.com) Hong Kong Kelly Austin (+852 2214 3788, kaustin@gibsondunn.com) Oliver D. Welch (+852 2214 3716, owelch@gibsondunn.com) São Paulo Lisa A. Alfaro – Co-Chair (+55 (11) 3521-7160, lalfaro@gibsondunn.com) Fernando Almeida (+55 (11) 3521-7095, falmeida@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP, 333 South Grand Avenue, Los Angeles, CA 90071 Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

July 9, 2018 |
H.R. 4010: The Congressional Subpoena Compliance and Enforcement Act of 2017

Click for PDF Late last year, the U.S. House of Representatives passed H.R. 4010, the Congressional Subpoena Compliance and Enforcement Act of 2017 (the “Bill”).[1]  The Bill seeks to strengthen Congressional subpoena enforcement power by:  (1) codifying the subpoena enforcement power and process in statute; (2) expediting litigation arising from non-compliance with the subpoena; (3) codifying a court’s power to levy financial penalties against the head of a U.S. government agency who willfully fails to comply with a subpoena; and (4) requiring the production of a privilege log in cases where a subpoena recipient refuses to comply on the basis of privilege. The Bill was introduced by Rep. Darrell Issa (R-CA) and ordered reported out of the Committee on the Judiciary by a unanimous vote.  It passed in the House by voice vote.  The Bill was received in the Senate and referred to the Committee on the Judiciary, where it is currently pending. The Bill has support from both sides of the aisle, which is not surprising given that, historically, both parties, when in control of Congress, have experienced delays and difficulties when attempting to enforce subpoenas against the Executive Branch, as well as private parties.  As discussed below, courts have resolved recent cases favorably to Congress, but only after significant delays that likely impacted the usefulness of the eventually-disclosed information to congressional oversight. I.          Background and Purpose The stated purpose of the Bill is to enhance compliance with requests for information pursuant to legislative power under Article I of the Constitution.  While the Bill was pending in the House, Members expressed concern over significant delays in the enforcement of congressional subpoenas, particularly with regard to subpoenas served on the Executive Branch.[2]  House Judiciary Committee Chairman Bob Goodlatte (R-VA) commented in his opening statement during markup that “the existing framework to enforce congressional subpoenas has proved to be an inadequate means of protecting congressional prerogatives.”[3]  Rep. Issa, the Bill’s sponsor and former Chairman of the Oversight and Government Reform Committee, said he saw subpoenaed parties, in particular the Executive Branch, go to great lengths to avoid turning over documents or materials to congressional committees for review.[4]  He noted that such “delays were unfair to the body and unfair to the American people because it denied them in any reasonable period of time the effect of factfinding.”[5]  He also commented that both parties have tried to take advantage of partisan rivalries while in control of the Executive Branch.[6]  Statements by then-Ranking Member John Conyers (D-MI) echoed concerns about the failure to comply with subpoenas and the hope that putting requirements in writing would ensure that subpoena recipients understand their full legal force.[7]               A.        Congressional Subpoena Enforcement Congress may combat non-compliance with a subpoena in three ways:  1) through its inherent contempt power; 2) through the criminal contempt statute; or 3) through civil contempt proceedings, which differ between the House and Senate.[8]  The first, which has not been used since 1935, allows Congress to bring an individual before the full House or Senate for trial, and may result in imprisonment for a specified time or until compliance.[9]  Under the criminal contempt statute, a contempt citation must be approved by the full committee, then the full House or Senate, and eventually is presented to the U.S. Attorney, who has a “duty” to bring the matter before a grand jury.[10]  In practice, the Department of Justice has taken the position that it may direct the U.S. Attorney to refuse to proceed on the contempt citation.[11]  This position is based on a constitutional separation-of-powers argument that posits the Executive Branch’s prosecutorial discretion authority cannot be interfered with by the Legislature or Judiciary. The DOJ’s position rests on the theory that any legislative or judicial interference with prosecutorial discretion would unconstitutionally interfere with the Executive Branch’s essential functions.[12]  Prosecutorial discretion allows the Executive Branch to balance “various legal, practical, and political considerations” when deciding which legal violations to pursue.[13] According to the Justice Department, this discretion is constitutionally absolute; the Executive must always have full and independent authority to dictate whether a criminal case will move forward. Therefore, the argument goes, any attempt by Congress to force the Attorney General to take executive action on a contempt citation violates separation-of-powers principles by unconstitutionally interfering with his or her discretionary authority.[14]  This position essentially takes criminal contempt off the table of options available to Congress as a means of enforcing a subpoena against an Executive Branch employee, thus effectively leaving Congress with the third procedure, civil contempt. Under the third and most common procedure, a single house or committee of Congress may file suit in Federal district court seeking a declaration that the individual or entity in question is legally obligated to comply with the congressional subpoena.  The Senate has existing statutory authority to pursue enforcement through civil contempt.[15]  Notably, however, the statute is inapplicable by its terms in the case of a subpoena issued to an officer or employee of the Federal government acting in his or her official capacity.[16]  The House has no such existing statutory authority, but as past precedent—including the decisions in Committee on the Judiciary v. Miers, 558 F. Supp. 2d 53 (D.D.C. 2008), and Committee on Oversight & Government Reform v. Lynch, 156 F. Supp. 3d 101 (D.D.C. 2016)—shows, the House may authorize a committee to seek a civil enforcement action to force compliance with a subpoena, even without specific statutory authorization.[17] Nevertheless, reliance on a declaratory civil action to enforce a subpoena against an executive official has proven inadequate due to the time required to achieve a final, enforceable ruling in the case.  In Miers, the district court rendered a decision favorable to Congress but the ruling was appealed and the D.C. Circuit did not reach a decision on the merits by the end of the 110th Congress.  Ultimately, the appeal was dismissed at the request of the parties.  Similarly, in HOGR v. Lynch, the Department of Justice eventually was forced to disclose documents, but the production was made nearly five years after the documents were first requested. Members are concerned that such delays undermine a committee’s ability to conduct effective oversight.  Accordingly, the Bill seeks to amend and codify the civil contempt enforcement process in two primary ways.  First, it directs a district court to “expedite to the greatest possible extent the disposition of any such action and appeal” and allows the plaintiff to request the action be heard by a three-judge panel, with direct appeal to the Supreme Court.[18]  Second, the Bill states that the court may impose financial penalties directly against the head of a government agency who willfully fails to comply with the congressional subpoena.[19]  It stipulates that no taxpayer funds may be used to pay this penalty. Rep. Issa made clear that expediting the judicial review process was the primary goal of the Bill.  During markup, he stated that “speed matters when discovery is underway.”[20]  The intent of the Bill, he stated, is “not to change the outcome of any effort under a subpoena” but to get before a Federal judge “in a timely fashion.”[21] Members were eager to note Section 4 of the Bill, which states “[n]othing in this Act shall be interpreted to diminish Congress’ inherent authority or previously established methods and practices for enforcing compliance with congressional subpoenas…”[22]  Ranking Member Conyers stressed at markup that “Congress does not require a statute in order to enforce its subpoenas in Federal court.”[23]  Rep. Issa stated that the Bill does not seek new power, but only “an expeditious review by a Federal judge of a claim” for the production of documents or the appearance of a person.[24]  Rep. Jerrold Nadler (D-NY) also commented that the statute to enforce subpoenas is not required but is “useful as a means to codify certain practices and to expedite enforcement of subpoenas.”[25]               B.        Privilege The House and Senate take the position that they need not honor claims of attorney-client privilege or testimonial privilege for confidential communications (e.g., those between a doctor and a patient).[26]  This position is based on Congress’ inherent constitutional prerogative to investigate, in contrast to the Judicial Branch, where privileges are judge-made exceptions to full disclosure, or based in statute or common law.[27]  Generally, the decision whether to recognize a privilege has been informed by weighing considerations of legislative need, public policy, and the statutory duty of congressional committees to engage in continuous oversight against any possible injury to the witness.[28] Section 3 of the Bill codifies the requirement that a subpoena recipient provide a privilege log for any records being withheld, in whole or in part.[29]  Note that many congressional committees currently request a privilege log in instructions that accompany document request letters or subpoenas.  Under the Bill, the privilege log must include the legal basis asserted for withholding the record.  Recipients also are required to identify and explain any missing records.  The Bill further provides that claims of privilege are waived if a privilege log is not produced.[30]  This provision may have been motivated in part by the Senate Permanent Subcommittee on Investigations’ inquiry into Backpage.com, whose CEO refused to turn over documents on the basis of privilege but failed to produce a privilege log.  On March 17, 2016, the Senate passed a resolution[31] authorizing civil enforcement of a subpoena against the CEO seeking the production of documents concerning the company’s advertisements for commercial sex services, and a civil contempt proceeding was subsequently initiated in the U.S. District Court for the District of Columbia.[32]  The court eventually held that any privilege had been waived by the failure of Backpage.com’s CEO to timely file a log.[33] Notably, Section 4 of the Bill states that nothing in the Bill shall “be interpreted to establish Congress’ acceptance of any asserted privilege or other legal basis for noncompliance with a congressional subpoena.”[34]  Essentially, this Section of the Bill clarifies for parties responding to a congressional subpoena that the production of a privilege log does not mean that Congress will recognize any privilege, but a privilege log does preserve the privilege argument. II.        Observations If the Bill becomes law, it would have practical implications for not only the Executive Branch, but for private parties subpoenaed by Congress.  Upon receiving a subpoena from a congressional committee, private parties should be prepared to timely produce a log of any documents for which it believes a privilege may be asserted.  While this may not ensure that claims of privilege will be recognized, it will prevent an automatic waiver of the privilege. While it is not clear this Bill will become a law, it is not expected to fail for partisan reasons.  Thus far, there is no apparent opposition to the Bill.  Despite bipartisan support, however, it is not clear whether the Senate will take up the bill or might develop a bill of its own to accomplish similar objectives.  As discussed above, some of the Senate’s enforcement powers are already codified in statute, so the same urgency may not exist in the Senate as in the House.  It is important to note, however, that, Senator Charles Grassley (R-IA), who serves as Chairman of the Senate Committee on the Judiciary, the committee to which the Bill has been referred, initiated his own inquiry into Operation Fast and Furious (the situation at issue in Lynch) while serving as Ranking Member of the committee, and has expressed similar frustrations about delays in the enforcement of subpoenas.[35]  President Trump has not indicated whether he would support the measure. It is impossible to know whether the Bill, if enacted, would actually expedite the judicial review process and lead to more efficient and effective congressional oversight.  On the one hand, the bill could speed up judicial review of attempts by Congress to vindicate its subpoena authority and make Executive Branch officials think twice before ignoring a committee subpoena.  On the other, it seems unlikely that statutory changes alone will solve Congress’ issues with subpoena compliance, particularly when it comes to the Executive Branch.  Perhaps what is needed is a combination of internal rules changes and statutory assistance, where Congress uses some of its inherent authorities to satisfy its oversight and investigative needs.  After all, it seems unlikely that relying on a separate branch of government to vindicate a legislative prerogative alone is the answer.    [1]   H.R. 4010, 115th Cong. (2017).    [2]   An illustrative example of the perception that Congress’ subpoena power may not have sufficient weight was noted by Rep. Eric Swalwell (D-CA) during markup and later discussed by Rep. Jerrold Nadler (D-NY) during floor debate.  After an interview with the Intelligence Committee relating to alleged Russian interference in the 2016 election, a witness gave a public statement saying he had not disclosed certain information and documents during the interview because he was not under subpoena and had certain privileges to assert (despite the fact that he did not actually assert them). See 163 Cong. Rec. H8061 (daily ed. Oct. 23, 2017) (statement of Rep. Jerrold Nadler).    [3]   Markup of H.R. 4010; H.R. 2228; and H.R. 3996  before the H. Comm. on the Judiciary (2017) (statement of Rep. Bob Goodlatte, Chairman, H. Comm. on the Judiciary), available at https://judiciary.house.gov/wp-content/uploads/2017/10/10.12.17-Markup-Transcript.pdf.    [4]   Rep. Darrell  Issa Press Release, “Rep. Issa Bill To Require Compliance with Congressional Subpoenas Passes Judiciary Committee,” October 12, 2017, available at https://issa.house.gov/news-room/press-releases/rep-issa-bill-require-compliance-congressional-subpoenas-passes-judiciary.    [5]   163 Cong. Rec. H8061 (daily ed. Oct. 23, 2017) (statement of Rep. Darrell Issa).    [6]   Id.    [7]   Markup of H.R. 4010; H.R. 2228; and H.R. 3996  before the H. Comm. on the Judiciary (2017) (statement of Rep. John Conyers, Ranking Member, H. Comm. on the Judiciary), available at https://judiciary.house.gov/wp-content/uploads/2017/10/10.12.17-Markup-Transcript.pdf.    [8]   See CRS Report, “Congress’s Contempt Power and the Enforcement of Congressional Subpoenas: Law, History, Practice, and Procedure,” May 12, 2017, available at http://www.crs.gov/Reports/RL34097?source=search&guid=423009d34fd84a7b98a6fabe7ef0db57&index=0.    [9]   See, e.g., Jurney v. MacCracken, 294 U.S. 125 (1935); McGrain v. Daughtery, 273 U.S. 135 (1927); Anderson v. Dunn, 19 U.S. 204 (1821). [10]   2 U.S.C. §§ 192, 194. [11]   See Prosecution for Contempt of Congress of an Executive Branch Official Who Has Asserted a Claim of Executive Privilege, 8 Op. O.L.C. 101, 122 (1984) [hereinafter 8 Op. O.L.C.]. [12]   8 Op. O.L.C. at 115 (“The Executive’s exclusive authority to prosecute violations of the law gives rise to the corollary that neither the Judicial nor Legislative Branches may directly interfere with the prosecutorial discretion of the Executive by directing the Executive Branch to prosecute particular individuals.”). [13]   Morrison v. Olson, 487 U.S. 654, 708 (1988) (Scalia, J., dissenting) (“to take [prosecutorial discretion] away is to remove the core of the prosecutorial function.”); see also 8 Op. O.L.C. at 113–15 (quoting Smith v. United States, 375 F.2d 243 (5th Cir.), cert. denied, 389 U.S. 841 (1967)) (“The discretion of the Attorney General in choosing whether to prosecute or not to prosecute . . . is absolute [and . . .] required in all cases). [14]   8 Op. O.L.C. at 125 (“A number of courts have expressly relied upon the constitutional separation of powers in refusing to force a United States Attorney to proceed with a prosecution.”) (citing cases). [15]   2 U.S.C. §§ 288b(b), 288d, 1365. [16]   28 U.S.C. §1365(a) (2012). [17]   See CRS Report at 30.  In Miers, the court held that the subpoena power “derives implicitly from Article I of the Constitution” thus concluding that the case “arises under the Constitution” and therefore qualifies for federal question jurisdiction.  Miers, 558 F. Supp. 2d at 64.  In Lynch, the House pursued a civil action in Federal court to enforce a subpoena against Attorney General Eric Holder for his failure to comply with subpoenas issued pursuant to the investigation of Operation Fast and Furious.  In its opinion rejecting the Department of Justice’s motion to dismiss based on jurisdictional and justiciability arguments, the court largely adopted the reasoning in Miers.  Following Miers and Lynch, it appears all that is legally required for House committees to seek civil enforcement of subpoenas is that authorization be granted by resolution of the full House. [18]   H.R. 4010, 115th Cong. §2 (2017). [19]   Id. [20]   Markup of H.R. 4010; H.R. 2228; and H.R. 3996  before the H. Comm. on the Judiciary (2017) (statement of Rep. Darrell Issa), available at https://judiciary.house.gov/wp-content/uploads/2017/10/10.12.17-Markup-Transcript.pdf. [21]   Id. [22]   H.R. 4010, 115th Cong. §4 (2017). [23]   Markup of H.R. 4010; H.R. 2228; and H.R. 3996  before the H. Comm. on the Judiciary (2017) (statement of Rep. John Conyers, Ranking Member, H. Comm. on the Judiciary), available at https://judiciary.house.gov/wp-content/uploads/2017/10/10.12.17-Markup-Transcript.pdf. [24]   163 Cong. Rec. H8060 (daily ed. Oct. 23, 2017) (statement of Rep. Darrell Issa). [25]   Id. [26]   CRS Report at 61. [27]   Id. [28]   Id. at 60. [29]   H.R. 4010, 115th Cong. §3 (2017). [30]   H.R. 4010, 115th Cong. §2(a) (2017). [31]   S. Res. 377, 114th Cong. (2016). [32]   Senate Permanent Subcomm. v. Ferrer, 199 F. Supp. 3d 125 (D.D.C. 2016). [33]   Id. [34]   H.R. 4010, 115th Cong. §4 (2017). [35]   See, e.g., Operation Fast and Furious: Obstruction of Congress by the Department of Justice: Hearing Before the H. Comm. on Oversight and Gov’t Reform, 115th Cong. (2017) (statement of Sen. Charles Grassley, Chairman, S. Comm. on the Judiciary) (“This case has broad implications for the ability of the elected representatives of the American people to do our constitutional duty to act as a check on the executive branch.  Clearly, Congress needs to do something.  It cannot take years for this body to get answers from a co-equal branch of government about information that has no legal basis to stay hidden from Congress.”) Gibson Dunn’s lawyers  are available to assist in addressing any questions you may have regarding these developments.  Please contact the Gibson Dunn lawyer with whom you usually work or the following lawyers: Michael D. Bopp – Chair, Congressional Investigations Subgroup (+1 202-955-8256, mbopp@gibsondunn.com) Emily Yezerski – Washington, D.C. (+1 202-887-3549, eyezerski@gibsondunn.com)

June 1, 2018 |
Stephanie Brooker Named Among GIR’s Top Women in Investigations 2018

Global Investigations Review has named Washington, D.C. partner Stephanie Brooker to its list of Women in Investigations 2018 [PDF], which “showcase(s) the breadth and depth of talent among the women in the international investigations space.”  The special report was published in June 2018.

June 27, 2018 |
Webcast: Defending Medical Necessity Enforcement Actions

Gibson Dunn and BDO provides an overview of significant trends and key issues in government enforcement actions and litigation involving allegations that services or items billed to government health programs were not medically necessary. Topics Discussed: Enforcement trends and updates, including: False Claims Act case law update, including the latest in the AseraCare line of cases Application of DOJ’s Brand Memo to medical necessity theories Expansion of medical necessity theories to actions involving pharmaceutical and medical device manufacturers An expert’s perspective: Practical lessons from expert chart reviews in medical necessity cases The role and evolution of payor reimbursement policies View Slides [PDF] PANELISTS: Dr. Karen Meador is Managing Director and Senior Physician Executive of BDO. She is a board-certified pediatrician with 25 years of healthcare experience, and has served in numerous clinical and administrative leadership roles within healthcare systems and primary care organizations. Karen has extensive experience in leading collaborative multidisciplinary teams in creating and expanding innovative high-quality programs and services that transform and integrate clinical care, research and education and that engage physicians and patients in hospital and community settings. Sam Nazzaro is Global Forensics Managing Director of BDO. As top-level compliance counsel, former federal prosecutor and forensic advisor, Sam has more than 20 years of experience in regulatory and legal compliance, domestic and international advocacy, complex forensic investigations, and litigation. He assists global companies, healthcare providers and others in investigating fraud and corruption and managing/mitigating risk. He has successfully investigated, managed and led healthcare fraud/false claims matters, complex AML investigations and sensitive high-profile international governance projects. Stephen Payne is a partner in the Washington, D.C. office of Gibson Dunn. He is Chair of the firm’s FDA and Health Care practice group, and is a member of the Life Sciences practice group. His practice focuses on FDA and health care compliance, enforcement, and False Claims Act litigation for pharmaceutical and medical device clients. He has significant experience in the areas of fraud and abuse, product diversion and counterfeiting, good manufacturing practice regulations, product recalls and product promotion. Jonathan Phillips is a partner in the Washington, D.C. office of Gibson Dunn, and is a member of the firm’s Litigation Department. His practice focuses on FDA and health care compliance, enforcement, and litigation, as well as other white collar enforcement matters and related litigation. He has substantial experience representing pharmaceutical, medical device, and health care provider clients in investigations by the DOJ, FDA, and Department of Health and Human Services Office of Inspector General. MCLE CREDIT INFORMATION: This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.50 credit hours, of which 1.50 credit hours may be applied toward the areas of professional practice requirement. This course is approved for transitional/non-transitional credit. Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact Jeanine McKeown (National Training Administrator), at 213-229-7140 or jmckeown@gibsondunn.com to request the MCLE form. Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.50 hours. California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

June 22, 2018 |
Supreme Court Holds That Individuals Have Fourth Amendment Privacy Rights In Cell Phone Location Records

Click for PDF Carpenter v. United States, No. 16-402  Decided June 22, 2018 The Supreme Court held 5-4 that law enforcement officials must generally obtain a warrant when seeking historical cell phone location records from a telecommunications provider. Background: Wireless carriers regularly collect and store information reflecting the location of cell phones when those phones connect to cell sites to transmit and receive information.  Prosecutors collected a suspect’s cell-site location data from wireless carriers following the procedure in the Stored Communications Act, 18 U.S.C. §§ 2701-12, but without obtaining a warrant.  The suspect argued that the Government’s acquisition of this data without a warrant was an unconstitutional search that violated the Fourth Amendment.  This argument set up a conflict between two lines of Supreme Court precedent: the longstanding third-party doctrine, which holds that information a person voluntarily reveals to others is not protected by the Fourth Amendment; and several recent cases holding that cell phones implicate significant privacy concerns because so many people store large amounts of information on them. Issue: Whether an individual has a protected privacy interest under the Fourth Amendment in historical cell phone location records. Court’s Holding: Yes.  The Fourth Amendment protects cell phone location records because of their comprehensive and private nature, even though they are collected and held by the phone company.  The Government must ordinarily obtain a warrant before acquiring the records. “In light of the deeply revealing nature of [cell site location data], its depth, breadth, and comprehensive reach, and the inescapable and automatic nature of its collection, the fact that such information is gathered by a third party does not make it any less deserving of Fourth Amendment protection.” Chief Justice Roberts, writing for the 5-4 majority What It Means: The decision continues a trend of recent Supreme Court decisions limiting Government access to personal information stored electronically.  In United States v. Jones (2012), the Court unanimously rejected the Government’s argument that it could place a GPS tracker on a suspect’s car without a warrant, although it divided as to the reason.  Likewise, in Riley v. California (2014), the Court unanimously declined to allow police officers to routinely search cell phones incident to arrest, based in part on the volume and importance of personal information stored on them. The Court emphasized that its decision was limited to the collection of historical cell phone location records covering an extended period of time.  The Court declined to consider whether the Fourth Amendment protected real-time cell phone location information or historical location data covering a shorter period of time than the Government collected here (seven days).  The Court also emphasized that it was not calling into question conventional surveillance tools such as security cameras, or collection techniques involving foreign affairs or national security. The Court expressly declined to overrule the third-party doctrine.  Instead, it stated that the doctrine should not be extended to historical cell site location data because the breadth and depth of the information available made that data “qualitatively different” from other information that the Court had previously allowed the Government to obtain from third parties without a warrant. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Supreme Court.  Please feel free to contact the following practice leaders: Appellate and Constitutional Law Practice Caitlin J. Halligan +1 212.351.3909 challigan@gibsondunn.com Mark A. Perry +1 202.887.3667 mperry@gibsondunn.com Nicole A. Saharsky +1 202.887.3669 nsaharsky@gibsondunn.com   Related Practice: Privacy, Cybersecurity and Consumer Protection Ahmed Baladi +33 (0) 1 56 43 13 00 abaladi@gibsondunn.com Alexander H. Southwell +1 212.351.3981 asouthwell@gibsondunn.com   Related Practice: White Collar Defense and Investigations Joel M. Cohen +1 212.351.2664 jcohen@gibsondunn.com Charles J. Stevens +1 415.393.8391 cstevens@gibsondunn.com F. Joseph Warin +1 202.887.3609 fwarin@gibsondunn.com   © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

June 20, 2018 |
Acting Associate AG Panuccio Highlights DOJ’s False Claims Act Enforcement Reform Efforts

Click for PDF On June 14, 2018, Acting Associate Attorney General Jesse Panuccio gave remarks highlighting recent enforcement activity and policy initiatives by the Department of Justice (“DOJ”).  The remarks, delivered at the American Bar Association’s 12th National Institute on the Civil False Claims Act and Qui Tam Enforcement, included extensive commentary about DOJ’s ongoing efforts to introduce reforms to promote a more fair and consistent application of the False Claims Act (“FCA”).  While the impact of these policy initiatives remains to be seen, DOJ’s continued focus on these efforts, led by officials at the highest levels within DOJ, suggests that FCA enforcement reform is a priority for the Department. After giving an overview of several FCA settlements from the last eighteen months—apparently designed to demonstrate that this DOJ recognizes the importance of the FCA in a breadth of traditional enforcement areas—Mr. Panuccio discussed two particular priorities: the opioid epidemic and the nation’s elderly population.  He emphasized that DOJ would “actively employ” the FCA against any entity in the opioid distribution chain that engages in fraudulent conduct.  He then highlighted the crucial role of the FCA in protecting the nation’s elderly from fraud and abuse, citing examples of enforcement against a nursing home management company, hospices, and skilled rehabilitation facilities. The majority of Mr. Panuccio’s remarks focused, however, on policy initiatives DOJ is undertaking to ensure that enforcement “is fair and consistent with the rule of law.”  Mr. Panuccio alluded to general reform initiatives by the department, such as the ban on certain third-party payments in settlement agreements, before expanding on reforms specific to the FCA.  Mr. Panuccio highlighted that the recent FCA reform efforts have been spearheaded by Deputy Associate Attorney General Stephen Cox; Mr. Cox had delivered remarks at the Federal Bar Association Qui Tam Conference in February of this year that had provided insight into the positions articulated in the Brand and Granston memoranda.  In his speech, Mr. Panuccio described five policy initiatives being undertaken by DOJ to reform FCA enforcement: (i) qui tam dismissal criteria; (ii) the use of guidance in FCA cases; (iii) cooperation credit; (iv) compliance program credit; and (v) preventing “piling on.” Qui tam dismissals Mr. Panuccio acknowledged the tremendous increase in the number qui tam cases that are filed each year, which includes cases that are not in the public interest.  Recognizing that DOJ expends significant resources to monitor cases even when it declines to intervene, Mr. Panuccio noted that DOJ attorneys have been instructed to consider whether moving to dismiss the action would be an appropriate use of prosecutorial discretion under the FCA.  While DOJ previously exercised this authority only rarely, consistent with the Granston memo, Mr. Panuccio suggested that, going forward, DOJ may use that authority more frequently in order to free up DOJ’s resources for matters in the public interest. Although defendants generally may not yet be experiencing significant differences regarding the possibility of dismissal at the DOJ line level, the continued public discussion of the potential use of DOJ’s dismissal authority by high-level officials suggests that DOJ appreciates the problems caused by frivolous qui tams and may ultimately be more receptive to dismissal of actions lacking merit. Guidance As stated in the Brand Memorandum, DOJ will no longer use noncompliance with agency guidance that expands upon statutory or regulatory requirements as the basis for an FCA violation.  Mr. Panuccio explained that, in an FCA case, evidence that a party received a guidance document would be relevant in proving that the party had knowledge of the law explained in that guidance.  However, DOJ attorneys have been instructed “not to use [DOJ’s] enforcement authority to convert sub-regulatory guidance into rules that have the force or effect of law.” Cooperation With respect to cooperation credit, Mr. Panuccio indicated that DOJ is working on formalizing its practices and that modifications to prior practices should be expected.  That notwithstanding, Mr. Panuccio provided assurances that DOJ will continue to “expect and recognize genuine cooperation” in both civil and criminal matters.  He also noted that the extent of the discount provided when negotiating a settlement would depend on the nature of the cooperation, how helpful it was, and whether it helped identify individual wrongdoers. Though DOJ’s new policies on cooperation credit are still forthcoming, Mr. Panuccio’s remarks suggest that formal cooperation credit might be expanded to cover situations outside of those in which the defendant makes a self-disclosure. Compliance In recognition of the challenges of running large organizations, DOJ will “reward companies that invest in strong compliance measures.”  How this may differ, if at all, from current ad hoc considerations remains to be seen. Piling On Mr. Panuccio acknowledged that, when multiple regulatory bodies pursue a defendant for the same or substantially the same conduct, “unwarranted and disproportionate penalties” can result. In order to avoid this “piling on,” DOJ attorneys will promote coordination within the agency and other regulatory bodies to ensure that defendants are subject to fair punishment and receive the benefit of finality that should accompany a settlement.  Moreover, Mr. Panuccio remarked that DOJ attorneys should not “invoke the threat of criminal prosecution solely to persuade a company to pay a larger settlement in a civil case,” which really is simply a restatement of every attorney’s existing ethical duty.  Whether DOJ leadership’s interest here will result in significant practical developments is uncertain.  Such developments, though perhaps unlikely, could include eliminating the cross-designation of Assistant U.S. Attorneys as both Civil and Criminal; limiting the ability of Civil Division attorneys to invite Criminal Division lawyers to participate in meetings without the request or consent of defendants; or perhaps even somehow inhibiting the Civil Division from using the FCA, with its mandatory treble damages and per-claim penalties, following criminal fines and restitution. We will continue to monitor and report on these important developments. The following Gibson Dunn lawyers assisted in preparing this client update: Stephen Payne, Jonathan Phillips and Claudia Kraft. Gibson Dunn’s lawyers have handled hundreds of FCA investigations and have a long track record of litigation success.  Among other significant victories, Gibson Dunn successfully argued the landmark Allison Engine case in the Supreme Court, a unanimous decision that prompted Congressional action.  See Allison Engine Co. v. United States ex rel. Sanders, 128 S. Ct. 2123 (2008).  Our win rate and immersion in FCA issues gives us the ability to frame strategies to quickly dispose of FCA cases.  The firm has more than 30 attorneys with substantive FCA expertise and more than 30 former Assistant U.S. Attorneys and DOJ attorneys.  For more information, please feel free to contact the Gibson Dunn attorney with whom you work or the following attorneys. Washington, D.C. F. Joseph Warin (+1 202-887-3609, fwarin@gibsondunn.com) Stuart F. Delery (+1 202-887-3650, sdelery@gibsondunn.com) Joseph D. West (+1 202-955-8658, jwest@gibsondunn.com) Andrew S. Tulumello (+1 202-955-8657, atulumello@gibsondunn.com) Karen L. Manos (+1 202-955-8536, kmanos@gibsondunn.com) Stephen C. Payne (+1 202-887-3693, spayne@gibsondunn.com) Jonathan M. Phillips (+1 202-887-3546, jphillips@gibsondunn.com) New York Reed Brodsky (+1 212-351-5334, rbrodsky@gibsondunn.com) Alexander H. Southwell (+1 212-351-3981, asouthwell@gibsondunn.com) Denver Robert C. Blume (+1 303-298-5758, rblume@gibsondunn.com) Monica K. Loseman (+1 303-298-5784, mloseman@gibsondunn.com) John D.W. Partridge (+1 303-298-5931, jpartridge@gibsondunn.com) Ryan T. Bergsieker (+1 303-298-5774, rbergsieker@gibsondunn.com) Dallas Robert C. Walters (+1 214-698-3114, rwalters@gibsondunn.com) Los Angeles Timothy J. Hatch (+1 213-229-7368, thatch@gibsondunn.com) James L. Zelenay Jr. (+1 213-229-7449, jzelenay@gibsondunn.com) Palo Alto Benjamin Wagner (+1 650-849-5395, bwagner@gibsondunn.com) San Francisco Charles J. Stevens (+1 415-393-8391, cstevens@gibsondunn.com)Winston Y. Chan (+1 415-393-8362, wchan@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

June 14, 2018 |
Revisions to the FFIEC BSA/AML Manual to Include the New CDD Regulation

Click for PDF On May 11, 2018, the federal bank regulators and the Financial Crimes Enforcement Network (“FinCEN”) published two new chapters of the Federal Financial Institution Examination Council Bank Secrecy Act/Anti-Money Laundering Examination Manual (“BSA/AML Manual”) to reflect changes made by FinCEN to the CDD regulation.[1]  One of the chapters replaces the current chapter “Customer Due Diligence – Overview and Examination Procedures” (“CDD Chapter”), and the other chapter is entirely new and contains an overview of and examination procedures for “Beneficial Ownership for Legal Entity Customers” to reflect the beneficial ownership requirements of the CDD regulation (“Beneficial Ownership Chapter”).[2] The new CDD Chapter builds upon the previous chapter, adds the requirements of the CDD regulation, and otherwise updates the chapter, which had not been revised since 2007.  The Beneficial Ownership Chapter largely repeats what is in the CDD Rule.  Both new chapters reference the regulatory guidance and clarifications from the Frequently Asked Questions issued by FinCEN on April 3, 2018 (the “FAQs”).[3]   Other Refinements to the CDD Regulation May Impact the BSA/AML Manual Implementation of the CDD regulation is a dynamic process and may require further refinement of these chapters as FinCEN issues further guidance.  For instance, in response to concerns of the banking industry, on May 16, 2018, FinCEN issued an administrative ruling imposing a 90-day moratorium on the requirement to recertify CDD information when certificates of deposit (“CDs”) are rolled over or loans renewed (if the CDs or loans were opened before May 11, 2018).  FinCEN will have further discussions with the banking industry and will make a decision whether to make this temporary exception permanent within this 90-day period (before August 9, 2018).[4] In his May 16, 2018, testimony at a House Financial Services Committee hearing on “Implementation of FinCEN’s Customer Due Diligence Rule,” FinCEN Director Kenneth Blanco suggested that FinCEN may be receptive to refinements as compliance experience is gained with the regulation.  Director Blanco also indicated that there will be a period of adjustment for compliance with the regulation and that FinCEN and the regulators will not engage in “gotcha” enforcement, but are seeking “good faith compliance.” Highlights from the New Chapters Periodic Reviews:  The BSA/AML Manual no longer expressly requires periodic CDD reviews, but suggests that regulators may still expect periodic reviews for higher risk customers.  The language in the previous CDD Chapter requiring periodic CDD refresh reviews has been eliminated.[5]Consistent with FAQ 14, the new CDD Chapter states that updating CDD information will be event driven and provides a list of possible event triggers, such as red flags identified through suspicious activity monitoring or receipt of a criminal subpoena.  Nevertheless, the CDD Chapter does not completely eliminate the expectation of periodic reviews for higher risk clients, stating:  “Information provided by higher profile customers and their transactions should be reviewed . . . more frequently throughout the term of the relationship with the bank.”Although this appears to be a relaxation of the expectation to conduct periodic reviews, we expect many banks will not change their current practices.  For a number of years, in addition to event driven reviews, many banks have conducted periodic CDD reviews at risk based intervals because they have understood periodic reviews to be a regulatory expectation. Lower Beneficial Ownership Thresholds:  Somewhat surprisingly, there is no expression in the new chapters that consideration should be given to obtaining beneficial ownership at a lower threshold than 25% for certain high risk business lines or customer types.  The new Beneficial Ownership Chapter simply repeats the regulatory requirement stating that:  “The beneficial ownership rule requires banks to collect beneficial ownership information at the 25 percent ownership threshold regardless of the customer’s risk profile.”  The FAQs (FAQ 6 and 7) refer to the fact that a financial institution may “choose” to apply a lower threshold and “there may be circumstances where a financial institution may determine a lower threshold may be warranted.”  We understand that specifying an expectation that there should be lower beneficial thresholds for certain higher risk customers was an issue that was debated among FinCEN and the bank regulators.For a number of years, many banks have obtained beneficial ownership at lower than 25% thresholds for high risk business lines and customers (e.g., private banking for non-resident aliens).  Banks that have previously applied a lower threshold, however, should carefully evaluate any decision to raise thresholds to the 25% level in the regulation.  If a bank currently applies a lower threshold, raising the threshold may attract regulatory scrutiny about whether the move was justified from a risk standpoint.  Moreover, a risk-based program should address not only regulatory risk, but also money laundering risk.  Therefore, banks should consider reviewing beneficial ownership at lower thresholds for certain customers and business lines and when a legal entity customer has an unusually complex or opaque ownership structure for the type of customer regardless of the business line or risk rating of the customer. New Accounts:  The new chapters do not discuss one of the most controversial and challenging requirements of the CDD rule, the requirement to verify CDD information when a customer previously subject to CDD opens a new account, including when CDs are rolled over or loans renewed.  This most likely may be because application of the requirement to CD rollovers and loan renewals is still under consideration by FinCEN, as discussed above. Enhanced Due Diligence:  The requirement to maintain enhanced due diligence (“EDD”) policies, procedures, and processes for higher risk customers remains with no new suggested categories of customers that should be subject to EDD. Risk Rating:  The new CDD Chapter seems to articulate an expectation to risk rate customers:  “The bank should have an understanding of the money laundering and terrorist financing risk of its customers, referred to in the rule as the customer risk profile.  This concept is also commonly referred to as the customer risk rating.”  The CDD Chapter, therefore, could be read as expressing for banks an expectation that goes beyond FinCEN’s expectation for all covered financial institutions in FAQ 35, which states that a customer profile “may, but need not, include a system of risk ratings or categories of customers.”  It appears that banks that do not currently risk rate customers should consider doing so.  Since the CDD section was first drafted in 2006 and amended in 2007, customer risk rating based on an established method with weighted risk factors has become a best and almost universal practice for banks to facilitate the AML risk assessment, CDD/EDD, and the identification of suspicious activity. Enterprise-Wide CDD:  The new CDD Chapter recognizes the CDD approach of many complex organizations that have CDD requirements and functions that cross financial institution legal entities and the general enterprise-wide approach to BSA/AML long referenced in the BSA/AML Manual.  See BSA/AML Manual, BSA/AML Compliance Program Structures Overview, at p. 155.  The CDD Chapter states that a bank “may choose to implement CDD policies, procedures and processes on an enterprise-wide basis to the extent permitted by law sharing across business lines, legal entities, and with affiliate support units.” Conclusion Despite the CDD regulation, at its core CDD compliance is still risk based and regulatory risk remains a concern.  Every bank must carefully and continually review its CDD program against the regulatory requirements and expectations articulated in the BSA/AML Manual, as well as recent regulatory enforcement actions, the institution’s past examination and independent and compliance testing issues, and best practices of peer institutions.  This review will help anticipate whether there are aspects of its CDD/EDD program that could be subject to criticism in the examination process.  As the U.S. Court of Appeals for the Ninth Circuit recently recognized, detailed manuals issued by agencies with enforcement authority like the BSA/AML Manual “can put regulated banks on notice of expected conduct.”  California Pacific Bank v. Federal Deposit Insurance Corporation, 885 F.3d 560, 572 (9th Cir. 2018).  The BSA/AML Manual is an important and welcome roadmap although not always as up to date, clear or detailed as banks would like it to be. These were the first revisions to the BSA/AML Manual since 2014.  We understand that additional revisions to other chapters are under consideration.    [1]   May 11, 2018 also was the compliance date for the CDD regulations.  The Notice of Final Rulemaking for the CDD regulation, which was published on May 11, 2016, provided a two-year implementation period.  81 Fed. Reg. 29,398 (May 11, 2016).  https://www.gpo.gov/fdsys/pkg/FR-2016-05-11/pdf/2016-10567.pdf. For banks, the new regulation is set forth in the BSA regulations at 31 C.F.R. § 1010.230 (beneficial ownership requirements) and 31 C.F.R. § 1020.210(a)(5).    [2]   The new chapters can be found at: https://www.ffiec.gov/press/pdf/Customer%20Due%20Diligence%20-%20Overview%20and%20Exam%20Procedures-FINAL.pdfw  (CDD Chapter) and https://www.ffiec.gov/press/pdf/Beneficial%20Ownership%20Requirements%20for %20Legal%20Entity%20CustomersOverview-FINAL.pdf (Beneficial Ownership Chapter).    [3]   Frequently Asked Questions Regarding Customer Due Diligence Requirements for Financial Institutions, FIN-2018-G001.  https://www.fincen.gov/resources/statutes-regulations/guidance/frequently-asked-questions-regarding-customer-due-0.  On April 23, 2018, Gibson Dunn published a client alert on these FAQs.  FinCEN Issues FAQs on Customer Due Diligence Regulation.  https://www.gibsondunn.com/fincen-issues-faqs-on-customer-due-diligence-regulation/. FinCEN also issued FAQs on the regulation on September 29, 2017. https://www.fincen.gov/sites/default/files/2016-09/FAQs_for_CDD_Final_Rule_%287_15_16%29.pdf.    [4]   Beneficial Ownership Requirements for Legal Entity Customers of Certain Financial Products and Services with Automatic Rollovers or Renewals, FIN-2018-R002.  https://www.fincen.gov/sites/default/files/2018-05/FinCEN%20Ruling%20CD%20and%20Loan%20Rollover%20Relief_FINAL%20508-revised.pdf    [5]   The BSA/AML Manual previously stated at p. 57:  “CDD processes should include periodic risk-based monitoring of the customer relationship to determine if there are substantive changes to the original CDD information. . . .” Gibson Dunn’s lawyers  are available to assist in addressing any questions you may have regarding these developments.  Please contact any member of the Gibson Dunn team, the Gibson Dunn lawyer with whom you usually work in the firm’s Financial Institutions practice group, or the authors: Stephanie L. Brooker – Washington, D.C. (+1 202-887-3502, sbrooker@gibsondunn.com) M. Kendall Day – Washington, D.C. (+1 202-955-8220, kday@gibsondunn.com) Arthur S. Long – New York (+1 212-351-2426, along@gibsondunn.com) Linda Noonan – Washington, D.C. (+1 202-887-3595, lnoonan@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

May 30, 2018 |
Recent Developments Related to Regulation and Litigation Involving the Education Sector (May 2018)

Click for PDF This is the latest update of significant developments relating to regulatory, administrative, and legal actions involving schools.  This quarter saw the reinstatement of the Accrediting Council for Independent Colleges and Schools (ACICS), as well as three for-profit law schools turning the tables on their schools’ accreditor, the American Bar Association.  There were also significant developments on the political and regulatory fronts, not to mention a shifting landscape in federal enforcement.  Let’s jump into it. A.   ACICS Ruling and Reinstatement On March 23, 2018, a federal district court ordered the Department of Education (ED) to reconsider its decision terminating recognition of ACICS.  ACICS had submitted a petition for continued recognition to ED in January 2016.  In December 2016, President Obama’s ED Secretary terminated ACICS’s recognition, and ACICS challenged the decision in court.  In an April 29, 2017 filing, the Trump Administration supported the previous Administration’s termination decision. However, on March 23, the United States District Court for the District of Columbia found that ED failed to consider supplemental responses and additional evidence ACICS provided to ED in May 2016 at ED’s request.  The court held that in doing so, ED violated the Higher Education Act and its implementing regulations’ requirement that the ED Secretary consider all available relevant information, as well as the Administrative Procedure Act’s requirement that an agency must examine all relevant data.  ACICS v. DeVos, No. 16-2448 (RBW), 2018 WL 1461958, at *13, 17 (D.D.C. Mar. 23, 2018).  The court concluded that ED acted arbitrarily and capriciously by failing to consider this information.  Id. at *17. On remand, ED must reconsider the recognition petition ACICS submitted in January 2016 and must consider in the first instance the supplemental materials ACICS submitted in May 2016.  In the interim, Secretary DeVos restored ACICS’s status as a federally recognized accrediting agency effective December 12, 2016.  ACICS may file a written submission explaining the relevance of the May 2016 materials and include additional relevant evidence.  Secretary DeVos ordered that any written submission and exhibits should be filed with ED no later than May 30, 2018.  Because the court did not reach the merits of ACICS’s case, it is hard to know how ACICS will fare under this new review.  But it is fair to say that just the opportunity for a new review shows a seismic shift in the landscape from one Administration to the next. B.    Change in Enforcement Focus, Per the New York Times Two recent New York Times articles further highlight the differences in approach between the current and previous Administrations when it comes to enforcement relating to the sector.  In an article dated May 9, 2018, the Times reports that Mick Mulvaney, the interim director of the Consumer Financial Protection Bureau (CFPB), will move the agency’s student loan division into its consumer information unit.  A CFPB spokesman described the change as a “very modest organizational chart change,” but some officials believe it may dampen the agency’s zeal for an enforcement case it has been pursuing against the nation’s largest student loan collector, Navient.  Further signaling its desire to move away from examining student-lending issues, the CFPB also removed the topic “student loan servicing” from its bi-annual long-term regulatory agenda. In the second article dated May 13, 2018, the Times reports that a unit within ED that was tasked with investigating for-profit colleges, which previously included a dozen or so lawyers and investigators at the end of the Obama Administration, is now made up of three employees.  Its mandate has also shrunk.  Whereas the unit used to investigate such issues as advertising, recruitment practices, and job placement claims, the three-person team now focuses on processing student loan forgiveness applications and smaller compliance cases. C.    Litigation Outside of the political arena, there was activity this past quarter in both federal and state courts. 1.    InfiLaw Scores a Win in Florida and Sets Its Sights on the ABA InfiLaw was involved in a variety of litigation this past quarter, fighting back a False Claims Act case and filing multiple suits against the American Bar Association. First, on April 23, 2018, the United States District Court for the Middle District of Florida dismissed for a second time a False Claims Act lawsuit filed against InfiLaw Corp. and its now-closed law school, Charlotte School of Law.  U.S. ex rel. Bernier v. Infilaw Corp., No. 6:16-cv-970-Orl-37TBS, 2018 WL 1905342, at *8 (M.D. Fla. Apr. 23, 2018).  A former law professor turned qui tam relator, Barbara Bernier, “adopted the kitchen-sink approach” to pleading after the United States declined to intervene, according to the court.  She alleged the school had made improper “incentive payments to recruitment staff,” “admitted academically unqualified students,” “altered students grades,” “juked its employment stats” and “failed to implement a written plan to combat misuse of copyrighted works,” among other allegations.  Id. at *6, *8. The court held that the majority of these claims had been “publicly disclosed” online and elsewhere and therefore the relator could not proceed because she was not an “original source” of the allegations—i.e., she didn’t voluntary disclose this information to the Government before the public disclosures or demonstrate knowledge that materially adds to the public disclosures.  Id. at *7-8.  On the remaining claims, the court held that the relator had not provided sufficient specificity; she provided “just vague allegations that these incidents occurred and Defendants were responsible.”  Id. at *8. However, the court did give the relator leave to amend, and she filed an amended complaint on May 7, 2018.  We would not be surprised to see InfiLaw move to dismiss the complaint again. Second, Charlotte School of Law and its two sister schools, Florida Coastal School of Law and Arizona Summit Law School, turned to offense and filed three separate suits against their accreditor, the American Bar Association, alleging that the ABA’s findings of noncompliance with its accreditation standards “were arbitrary, capricious, unreasonable, [and] an abuse of discretion.”  In the accompanying press release for the Florida Coastal lawsuit, the school highlighted its diverse student body, and the president of Florida Coastal lamented that “[t]he ABA’s decisions in regard to accreditation seem to be calculated efforts to win political points, without regard for due process, or how students will be adversely affected.”  The ABA is yet to respond to these complaints. 2.    Two Lawsuits Relating to For-Profit Schools Two additional lawsuits were unsealed or filed this past quarter relating to for-profit schools.  First, in the United States District Court for the District of Utah, an ex-employee of lead generator EduTrek filed a lawsuit under the False Claims Act against his former employer and a host of schools.  At its core, the lawsuit alleges that EduTrek and its clients violated ED’s incentive compensation ban.  The United States declined to intervene on February 16, 2018. Second, two former students filed a purported class action lawsuit against Capella University in the United States District Court for the District of Minnesota, alleging the school “misled prospective and current students … about the time to completion and cost of their mostly student-loan financed doctoral degrees.”  Compl. ¶ 2, Wright v. Capella Education Co., No. 18-cv-1062 (D. Min. April 20, 2018).  The school has until July 9, 2018 to respond to the allegations. 3.    Don’t Forget About the Non-Profit Schools As has been the case for a while, and particularly this past quarter, there were a number of prominent investigations opened and lawsuits filed against traditional non-profit schools.  The Department of Justice (DOJ) garnered national news coverage of its decision to investigate at least seven elite colleges—Amherst College, Grinnell College, Middlebury College, Pomona College, Wellesley College, Wesleyan University, and Williams College—for possible antitrust issues.  The investigation reportedly seems to center on whether the schools improperly shared information among them to enforce the terms of their early-admissions programs. There was also a notable False Claims Act settlement with the University of North Texas.  According to DOJ’s press release, the school “agreed to pay the United States $13,073,000.00 to settle claims that it inaccurately measured, tracked and paid researchers for effort spent on certain NIH-sponsored research grants.” On top of those announcements, DOJ also announced on March 2, 2018 that it had indicted six former employees of the Chicago campus of the Center for Employment Training, a non-profit school, for an alleged “scheme[] to enroll fake students in classes as part of a conspiracy to swindle federal financial aid programs out of millions of dollars.” Twelve graduates of the landscape architecture program at Colorado State University have also sued their alma mater, alleging that the university should refund their tuition because the school failed to secure proper accreditation for the master’s degree program. Finally, Howard University confirmed on March 29, 2018 that the school had conducted an internal investigation and discovered that several employees of the university’s financial aid department awarded themselves grants, even though they had tuition remission, and thus received more money than “the total cost of attendance.” As we have been saying for some time, traditional schools are just as susceptible to the claims that have been made, particularly by the prior Administration, against the for-profit education sector.  We are continuing to see that proven true. 4.    Federal Actions Against Individuals The past quarter also saw two notable developments in cases brought by the federal government against individuals involved in the sector.  First, on April 16, 2018, DOJ announced that the owner of “a privately owned, non-accredited school” called Atius Technology Institute, which specialized “in information technology courses, pleaded guilty … to bribing a public official at the U.S. Department of Veterans Affairs (VA) in exchange for the public official’s facilitation of over $2 million in payments that were supposed to be dedicated to providing vocational training for military veterans with service-connected disabilities.” Second, the case brought by the Securities and Exchange Commission against two executives of ITT Educational Services, Inc., appears headed to trial.  On March 23, 2018, the United States District Court for the Southern District of Indiana largely denied the dueling summary judgment motions filed by the executives and the SEC.  The court set trial for July 9, 2018. 5.    State Level Litigation and Disputes On the state level, there continue to be battles about the proper scope of state authority.  On March 12, 2018, Secretary DeVos set forth the Trump Administration’s stance in an interpretive guidance, stating that the federal government has the exclusive power to regulate and oversee federal student loan servicers, and therefore any state regulations on the topic are preempted. Meanwhile, in Massachusetts, a superior court judge rejected a motion to dismiss filed by the Pennsylvania Higher Education Assistance Agency (PHEAA), one of the nation’s largest student loan servicers, in a case brought by the Massachusetts Attorney General, on the grounds that PHEAA is not protected by sovereign immunity, even though formed under the Commonwealth of Pennsylvania.  In that same case, DOJ had filed a statement of interest arguing that the Massachusetts Attorney General is precluded from suing PHEAA on preemption grounds.  Although this argument was not addressed in the court’s decision, the court stated during oral argument on the motion:  “[T]he preemption issue is not going to make the whole case go away.”  This stands seemingly in contrast to the guidance from Secretary DeVos. In California, Corinthian College students have seemingly taken the baton previously held by state attorneys general and filed a class action lawsuit for declaratory and injunctive relief against Secretary DeVos and ED.  The students filed suit in the Northern District of California in December 2017 and filed a first amended complaint on March 17, 2018.  The students allege that after Corinthian closed, ED promised the students complete loan forgiveness but then in December 2017 announced a plan to award only partial relief of student loan debt to borrowers using a formula based on students’ earnings.  The students argue that ED’s use of an earnings formula is “arbitrary and capricious” rulemaking that violates the Administrative Procedure Act.  On May 25, 2018, a magistrate judge issued a preliminary injunction, blocking enforcement of ED’s partial loan relief program, finding that by using records from the Social Security Administration to obtain students’ earnings, ED violated the federal Privacy Act.  A hearing to consider next steps, including the process for loan forgiveness, is scheduled for June 4. Finally, Ashford University and its holding company, Bridgepoint Education, scored a victory in Iowa.  The state’s approval agency had attempted to strike Ashford’s eligibility to receive post-9/11 GI Bill benefits after Ashford closed its physical location in Iowa.  Ashford sued to block the loss of eligibility, and the state court dismissed Ashford’s suit.  However, on April 26, 2018, the Iowa Supreme Court vacated the lower court’s decision, holding that the lower court judge should have disclosed that she has family ties to the state office of the attorney general.  Ashford can now resume its legal challenge to Iowa’s attempt to withdraw Ashford’s GI Bill eligibility. D.    Regulatory Activity There has been a lot of activity on the regulatory front.  On May 9, 2018, ED published its Spring 2018 Agency Rule List, including the following in its list of topics in the “Prerule” and “Proposed Rule” stages:  state authorization of distance education providers, accreditation, borrower defense, gainful employment, and eligibility of faith-based entities and activities. Rules related to state authorization that had been published in December 2016 were scheduled to go into effect on July 1, 2018, but ED has published a notice of proposed rulemaking that proposes a two-year delay in the effective date.  The public has 15 days to comment on the proposed delay.  The regulations would have required institutions that offer distance education to students in states where the institution is not physically located to either meet those states’ requirements for offering postsecondary education or to participate in a state authorization reciprocity agreement, and then document that there is a state process for review and action on student complaints. ED previously sent two other Obama-era consumer protection regulations to negotiated rulemaking sessions.  After three months of negotiations, the sessions regarding borrower defense to repayment concluded in February without consensus.  Sticking points included which evidentiary standard should be used and whether to include or how long a statute of limitations should be.  The sessions regarding gainful employment similarly ended without consensus in April after four days of negotiations.  Since no consensus was reached in either session, ED can draft its own language, presumably keeping in mind the information gathered during the negotiated rulemaking sessions.  ED will need to publish a Notice of Proposed Rulemaking for each rule, which will be followed by a period of public comment.  Final regulations will be published by November 1, 2018, to take effect on July 1, 2019. E.    Corporate Activity Finally, there were some notable developments in the trend of schools seeking nonprofit status, as well as a noteworthy sale.  First, the Higher Learning Commission approved Purdue University’s acquisition of Kaplan University.  This was the final hurdle for the deal.  Second, Grand Canyon University also received good news from the Higher Learning Commission.  The accreditor approved its request to revert back to nonprofit status.  Third, Ashford University announced it is joining the trend, too, and is seeking to become a nonprofit.  It is expected to seek approval from its accreditor, the WASC Senior College and University Commission.  Finally, Laureate Education Inc. announced a deal to sell the University of St. Augustine for Health Sciences to a private equity firm, Altas Partners, for $400 million. *    *    * As always, we will continue to monitor all of these developments, and you can look forward to updates in our next report.     Gibson, Dunn & Crutcher lawyers are available to assist in addressing any questions you may have regarding the issues discussed above.  Please contact the Gibson Dunn lawyer with whom you usually work, or any of the following: Los Angeles Timothy Hatch (+1 213-229-7368, thatch@gibsondunn.com) Marcellus McRae (+1 213-229-7675, mmcrae@gibsondunn.com) Julian W. Poon (+1 213-229-7758, jpoon@gibsondunn.com) Eric D. Vandevelde (+1 213-229-7186, evandevelde@gibsondunn.com) James Zelenay (+1 213-229-7449, jzelenay@gibsondunn.com) Jeremy S. Smith (+1 213-229-7973, jssmith@gibsondunn.com) Denver Jeremy S. Ochsenbein (+1 303-298-5773, jochsenbein@gibsondunn.com) San Francisco Charles J. Stevens (+1 415-393-8391, cstevens@gibsondunn.com) Washington, D.C. Douglas Cox (+1 202-887-3531, dcox@gibsondunn.com) Michael Bopp (+1 202-955-8256, mbopp@gibsondunn.com) Jason J. Mendro (+1 202-887-3726, jmendro@gibsondunn.com) Amir C. Tayrani (+1 202-887-3692, atayrani@gibsondunn.com) Lucas C. Townsend (+1 202-887-3731, ltownsend@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

May 25, 2018 |
Gibson Dunn Receives Chambers USA Excellence Award

At its annual USA Excellence Awards, Chambers and Partners named Gibson Dunn the winner in the Corporate Crime & Government Investigations category. The awards “reflect notable achievements over the past 12 months, including outstanding work, impressive strategic growth and excellence in client service.” This year the firm was also shortlisted in nine other categories: Antitrust, Energy/Projects: Oil & Gas, Energy/Projects: Power (including Renewables), Intellectual Property (including Patent, Copyright & Trademark), Labor & Employment, Real Estate, Securities and Financial Services Regulation and Tax team categories. Debra Wong Yang was also shortlisted in the individual category of Litigation: White Collar Crime & Government Investigations. The awards were presented on May 24, 2018.  

May 3, 2018 |
Webcast: Anti-Money Laundering and Sanctions Enforcement and Compliance in 2018 and Beyond

Gibson Dunn partners provide an overview of significant trends and key issues in Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) and sanctions enforcement and compliance. Topics covered: BSA/AML Overview Recent trends in BSA/AML enforcement Recent trends in BSA/AML compliance BSA/AML Reform Efforts Sanctions Overview Key OFAC sanctions program developments Recent trends in sanctions enforcement The future of sanctions under the Trump Administration (and beyond) View Slides [PDF] PANELISTS M. Kendall Day was a white collar prosecutor for 15 years, serving most recently as an Acting Deputy Assistant Attorney General with the U.S. Department of Justice’s Criminal Division, where he supervised Bank Secrecy Act investigations, enforcement of anti-money laundering and sanctions laws, deferred prosecution agreements and non-prosecution agreements involving all types of financial institutions. He previously served in a variety of leadership and line attorney roles, including as Chief of the DOJ Money Laundering and Asset Recovery Section. Mr. Day will join Gibson Dunn’s Washington, D.C. office as a partner effective May 1, 2018. Stephanie L. Brooker is co-chair of Gibson Dunn’s Financial Institutions Practice Group. She is former Director of the Enforcement Division at the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN), and previously served as the Chief of the Asset Forfeiture and Money Laundering Section in the U.S. Attorney’s Office for the District of Columbia and as a trial attorney for several years. Stephanie represents financial institutions, multi-national companies, and individuals in connection with criminal, regulatory, and civil enforcement actions involving BSA/AML, sanctions, anti-corruption, securities, tax, wire fraud, and sensitive employee matters. Her practice also includes BSA/AML compliance counseling and due diligence and significant criminal and civil asset forfeiture matters. Adam M. Smith is an experienced international trade lawyer who previously served in the Obama Administration as the Senior Advisor to the Director of OFAC and as the Director for Multilateral Affairs on the National Security Council. Adam focuses on international trade compliance and white collar investigations, including with respect to federal and state economic sanctions enforcement, the FCPA, embargoes, and export controls. F. Joseph Warin is co-chair of Gibson Dunn’s White Collar Defense and Investigations Practice Group, and chair of the Washington, D.C. office’s Litigation Department.  He is a former Assistant United States Attorney in Washington, D.C., one of only ten lawyers in the United States with Chambers rankings in five categories, was named by Best Lawyers® as 2016 Lawyer of the Year for White Collar Criminal Defense in the District of Columbia, and recognized by Benchmark Litigation as a U.S. White Collar Crime Litigator Star for seven consecutive years (2011–2017). In 2017, Chambers honored Mr. Warin with the Outstanding Contribution to the Legal Profession Award. MCLE CREDIT INFORMATION: This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.50 credit hours, of which 1.50 credit hours may be applied toward the areas of professional practice requirement.  This course is approved for transitional/non-transitional credit. Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast.  Please contact Jeanine McKeown (National Training Administrator), at 213-229-7140 or jmckeown@gibsondunn.com to request the MCLE form. Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.50 hours. California attorneys may claim “self-study” credit for viewing the archived version of this webcast.  No certificate of attendance is required for California “self-study” credit.

May 1, 2018 |
Stephanie Brooker Named a White Collar Trailblazer

The National Law Journal named Washington, D.C. partner Stephanie Brooker a 2018 White Collar Trailblazer.  Brooker is recognized for her career in government service as former Director of the Enforcement Division at the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) and former Chief of the Asset Forfeiture and Money Laundering Section and trial attorney at the U.S. Attorney’s Office for the District of Columbia.  Brooker represents financial institutions, multi-national companies, and individuals in connection with criminal, regulatory, and civil enforcement actions involving anti-money laundering (AML)/Bank Secrecy Act (BSA), sanctions, anti-corruption, securities, tax, wire fraud, and sensitive employee matters.  Brooker’s practice also includes BSA/AML compliance counseling and due diligence and significant criminal and civil asset forfeiture matters.  The list ran on May 1, 2018.

April 23, 2018 |
FinCEN Issues FAQs on Customer Due Diligence Regulation

Click for PDF On April 3, 2018, FinCEN issued its long-awaited Frequently Asked Questions Regarding Customer Due Diligence Requirements for Financial Institutions, FIN-2018-G001. https://www.fincen.gov/resources/statutes-regulations/guidance/frequently-asked-questions-regarding-customer-due-0.[1]  The timing of this guidance is very controversial, issued five weeks before the new Customer Due Diligence (“CDD”) regulation goes into effect on May 11, 2018.[2]  Most covered financial institutions (banks, broker-dealers, mutual funds, and futures commission merchants and introducing brokers in commodities) already have drafted policies, procedures, and internal controls and made IT systems changes to comply with the new regulation.  Covered financial institutions will need to review these FAQs carefully to ensure that their proposed CDD rule compliance measures are consistent with FinCEN’s guidance. The guidance is set forth in 37 questions.  As discussed below, some of the information is helpful, allaying financial institutions’ most significant concerns.  Other FAQs confirm what FinCEN has said in recent months informally to industry groups and at conferences.  A few FAQs raise additional questions, and others, particularly the FAQ on rollovers of certifications of deposit and loan renewals, are not responsive to industry concerns and may raise significant compliance burdens for covered financial institutions.  The guidance reflects FinCEN’s regulatory interpretations based on discussions within the government and with financial institutions and their trade associations.  The need for such extensive guidance on so many issues in the regulation illustrates the complexity of compliance and suggests that FinCEN should consider whether clarifications and technical corrections to the regulation should be made.  We provide below discussion of highlights from the FAQs, including areas of continued ambiguity and uncertainty in the regulation and FAQs. Highlights from the FAQs FAQ 1 and 2 discuss the threshold for obtaining and verifying beneficial ownership.  FinCEN states that financial institutions can “choose” to collect beneficial ownership information at a lower threshold than required under the regulation (25%), but does not acknowledge that financial institution regulators may expect a lower threshold for certain business lines or customer types or that there may be regulatory concerns if financial institutions adjust thresholds upward to meet the BSA regulatory threshold.  A covered financial institution may be in compliance with the regulatory threshold, but fall short of regulatory expectations. FAQ 7 states that a financial institution need not re-verify the identity of a beneficial owner of a legal entity customer if that beneficial owner is an existing customer of the financial institution on whom CIP has been conducted previously provided that the existing information is “up-to-date, accurate, and the legal entity’s customer’s representative certifies or confirms (verbally or in writing) the accuracy of the pre-existing CIP information.”  The example given suggests that no steps are expected to verify that the information is up-to-date and accurate beyond the representative’s confirmation or certification.  The beneficial ownership records must cross reference the individual’s CIP record. FAQs 9-12 address one of the most controversial aspects of the regulation, about which there has been much confusion: the requirement that, when an existing customer opens a new account, a financial institution must identify and verify beneficial ownership information.  FinCEN provides further clarity on what must be updated and how:Under FAQ 10, if a legal entity customer, for which the required beneficial ownership information has been obtained for an existing account, opens a new account, the financial institution can rely on the information obtained and verified previously “provided the customer certifies or confirms (verbally or in writing) that such information is up-to-date and accurate at the time each subsequent new account is opened,” and the financial institution has no knowledge that would “reasonably call into question” the reliability of the information.  The financial institution also would need to maintain a record of the certification or confirmation by the customer.There is no grace period.  If an account is opened on Tuesday, and a new account is opened on Thursday, the certification or confirmation is still required.  In advance planning for compliance, many financial institutions had included a grace period in their procedures. FAQ 11 provides that, when the financial institution opens a new account or subaccount for an existing legal entity customer whose beneficial ownership has been verified for the institution’s own recordkeeping and operational purposes and not at the customer’s request, there is no requirement to update the beneficial ownership information for the new account.  This is because the account would be considered opened by the financial institution and the requirement to update only applies to each new account opened by a customer.  This is consistent with what FinCEN representatives have said at recent conferences.The FAQ specifies that this would not apply to (1) accounts or subaccounts set up to accommodate a trading strategy of a different legal entity, e.g., a subsidiary of the customer, or (2) accounts of a customer of the existing legal entity customer, “i.e., accounts (or subaccounts) through which a customer of a financial institution’s existing legal entity carries out trading activity through the financial institution without intermediation from the existing legal entity customer.”  We believe the FAQ may fall far short of addressing all the concerns expressed to FinCEN on this issue by the securities industry. FAQ 12 addresses an issue which has been a major concern to the banking industry:  whether beneficial ownership information must be updated when a certificate of deposit (“CD”) is rolled over or a loan is renewed.  These actions are generally not considered opening of new accounts by banks.FinCEN continues to maintain that CD rollovers or loan renewals are openings of new accounts for purposes of the CDD regulation.  Therefore, the first time a CD or loan renewal for a legal entity customer occurs after May 11, 2018, the effective date of the CDD regulation, beneficial ownership information must be obtained and verified, and at each subsequent rollover or renewal, there must be confirmation that the information is current and accurate (consistent with FAQ 10) as for any other new account for an existing customer.  There is an exception or alternative approach authorized in FAQ 12 “because the risk of money laundering is very low”:  If, at the time of the rollover or renewal, the customer certifies its beneficial ownership information, and also agrees to notify the financial institution of any change in information in the future, no action will be required at subsequent renewals or rollovers.The response in FAQ 12 is not responsive to the concerns that have been expressed by the banking industry and will be burdensome for banks to administer.  Obtaining a certification in time, without disrupting the rollover or renewal, will be challenging, and it appears that if it the certification or promise to update is not obtained in time, the account may have to be closed. FAQs 13 through 17 address another aspect of the regulation that has generated extensive discussion: When (1) must beneficial ownership be obtained for an account opened before the effective date of the regulation, or (2) beneficial ownership information updated on existing accounts whose beneficial ownership has been obtained and verified.Following closely what was said in the preamble to the final rule, FAQ 13 states that the obligation is triggered when a financial institution “becomes aware of information about the customer during the course of normal monitoring relevant to assessing or reassessing the risk posed by the customer, and such information indicates a possible change in beneficial ownership.”FAQ 14 clarifies somewhat what is considered normal monitoring but is not perfectly clear what triggers obtaining and verifying beneficial ownership.  It is clear that there is no obligation to obtain or update beneficial ownership information in routine periodic CDD reviews (CDD refresh reviews) “absent specific risk-based concerns.” We would assume that means, following FAQ 13, concerns about the ownership of the customer.  Beyond that FAQ 14  is less clear.  It states that the obligation is triggered “when, in the course of normal monitoring a financial institution becomes aware of information about a customer or an account, including a possible change of beneficial ownership information, relevant to assessing or reassessing the customer’s overall risk profile.  Absent such a risk-related trigger or event, collecting or updating of beneficial ownership information is at the discretion of the covered financial institution.”The trigger or event may mean in the course of SAR monitoring or when conducting event-driven CDD reviews, e.g., when a subpoena is received or material negative news is identified – something that may change a risk profile.  Does the obligation then arise only if the risk profile change includes a concern about whether the financial institution has accurate ownership information?  That may be the intent, but is not clearly stated.  If the account is being considered for closure because of the change in risk profile, would the financial institution be released from the obligation to obtain beneficial ownership?   That would make sense, but is not stated.  This FAQ is in need of clarification and examples would be helpful.On another note, the language in FAQ 14 also is of interest because it may suggest, in FinCEN’s view, that periodic CDD reviews should be conducted on a risk basis, and CDD refresh reviews may not be expected for lower risk customers, as is the practice for some banks. FAQ 18 seems to address at least partially a technical issue with the regulation that arises because SEC-registered investment advisers are excluded from the definition of legal entity customer in the regulation, but U.S. pooled investment vehicles advised by them are not excluded.[3]  FAQ 18 states that, if the operator or adviser of a pooled investment vehicle is not excluded from the definition of legal entity customer, under the regulation, e.g., like a foreign bank, no beneficial ownership information is required to be obtained on the pooled investment vehicle under the ownership prong, but there must be compliance with beneficial ownership control party prong, i.e., verification of identity of a control party.  A control party could be a “portfolio manager” in these situations.FinCEN describes why no ownership information is required as follows:  “Because of the way the ownership of a pooled investment vehicle fluctuates, it would be impractical for covered financial institutions to collect and verify ownership identity for this type of entity.”  Thus, in the case where the operator or adviser of the pooled investment vehicle is excluded from the definition of legal entity, like an SEC-registered investment adviser, it would seem not to be an expectation to obtain beneficial ownership information under the ownership prong.  Nevertheless, the question of whether you need to obtain and verify the identity of a control party for a pooled investment vehicle advised by a SEC registered investment adviser is not squarely answered in the FAQ.  A technical correction to the regulation is still needed, but it is unlikely there would be regulatory or audit criticism for following the FAQ guidance at least with respect to the ownership prong. FAQ 19 clarifies that, when a beneficial owner is a trust (where the legal entity customer is owned more than 25% by a trust), the financial institution is only required to verify the identity of one trustee if there are multiple trustees. FAQ 20 deals with what to do if a trust holds more than a 25% beneficial interest in a legal entity customers and the trustee is not an individual, but a legal entity, like a bank or law firm.  Under the regulation, if a trust holds more than 25% beneficial ownership of a legal entity customer, the financial institution must verify the identity of the trustee to satisfy the ownership prong of the beneficial ownership requirement.  The ownership prong references identification of “individuals.”  Consequently, the language of the regulation does not seem to contemplate the situation where the trustee was a legal entity.FAQ 20 seems to suggest that, despite this issue with the regulation, CIP should be conducted on the legal entity trustee, but apparently, on a risk basis, not in every case:  “In circumstances where a natural person does not exist for purposes of the ownership/equity prong, a natural person would not be identified.  However, a covered financial institution should collect identification information on the legal entity trustee as part of its CIP, consistent with the covered institution’s risk assessment and customer risk profile.”  (Emphasis added.)More clarification is needed on this issue, and perhaps an amendment to the regulation to address this specific situation.  Pending additional guidance, the safest course appears to be to verify the identity of legal entity trustee consistent with CIP requirements, which may pose practical difficulties, e.g., will a law firm trustee easily provide its TIN?  Presumably, CIP would not be required on any legal entity trustee that is excepted from the definition of legal entity under 31 C.F.R. § 1010.230(e)(2). FAQ 21 addresses the question of how does a financial institution verify that a legal entity comes within one of the regulatory exceptions to the definition of legal entity customer in 31 C.F.R. § 1010.230(e)(2).  The answer is that the financial institution generally can rely on information provided by the customer if it has no knowledge of facts that would reasonably call into question the reliability of the information.  Nevertheless, that is not the end of the story.  The FAQ provides that the financial institution also must have risk-based policies and procedures that specify the type of information they will obtain and reasonably rely on to determine eligibility for exclusions. FAQ 24 may resolve another technical issue in the regulation.  The exceptions to the definition of legal entity in the regulation refer back to the BSA CIP exemption provisions, which in turn, cross reference the Currency Transaction Reporting (CTR) exemption for banks when granting so-called Tier One exemptions.  One category for the CTR exemption is “listed” entities, which includes NASDAQ listed entities, but excludes NASDAQ Capital Markets Companies, i.e., this category of NASDAQ listed entity is not subject to CIP or CTR Tier One exemptions.  31 C.F.R. § 1020.315(b)(4).  This carve out was not discussed in the preamble to the CDD final regulation or in FAQ 24.The FAQ simply states:  “[A]ny company (other than a bank) whose common stock or analogous equity interests are listed on the New York Stock Exchange, the American Stock Exchange (currently known as the NYSE American), or NASDAQ stock exchange” is excepted from the definition of legal entity.  In any event, as with the FAQ 18 issue, it would appear that a technical correction is needed on this point, but, given the FAQ, it is unlikely that a financial institution would be criticized if it treated NASDAQ Capital Markets Companies as excepted legal entities. FAQs 32 and 33 end the speculation that the CDD regulation impacts CTR compliance.  Consistent with FinCEN CTR guidance, under FAQ 32, the rule remains that, for purposes of CTR aggregation, the fact that two businesses share a common owner does not mean that a financial institution must aggregate the currency transactions of the two businesses for CTR reporting, except in the narrow situation where there is a reason to believe businesses are not being operated separately. Conclusion Financial institutions and their industry groups will likely continue to seek further guidance on the most problematic issues in the CDD regulation.  It is our understanding that FinCEN and the bank regulators also will address compliance with the CDD regulation in the upcoming update to the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual. Covered financial institutions already have spent, and will continue to spend, significant time and resources to meet the complex regulatory requirements and anticipated regulatory expectations.  In this flurry of activity to address regulatory risk, it is essential for financial institutions to continue to consider any money laundering risk of legal entity clients and that CDD not become simply mechanical.  It is not only a matter of documenting and updating all of the right information about beneficial ownership and control, but financial institutions should continue to assess whether the ownership structure makes sense for the business or whether it is overly complex for the business type and purposely opaque.  Also, it is important to consider whether it makes sense for a particular legal entity to be seeking a relationship with your financial institution and whether the legal entity is changing financial institutions voluntarily.  CDD measures to address regulatory risk and money laundering risk overlap but are not equivalent.    [1]   FinCEN also issued FAQs on the regulation on July 19, 2016. https://www.fincen.gov/sites/default/files/2016-09/FAQs_for_CDD_Final_Rule_%287_15_16%29.pdf.   FINRA issued guidance on the CDD regulation in FINRA Notice to Members 17-40 (Nov. 21, 2017). http://www.finra.org/sites/default/files/notice_doc_file_ref/Regulatory-Notice-17-40.pdf.    [2]   The Notice of Final Rulemaking was published on May 11, 2016 and provided a two-year implementation period.  81 Fed. Reg. 29,398 (May 11, 2016). https://www.gpo.gov/fdsys/pkg/FR-2016-05-11/pdf/2016-10567.pdf.  FinCEN made some slight amendments to the rule on September 29, 2017.  https://www.fincen.gov/sites/default/files/federal_register_notices/2017-09-29/CDD_Technical_Amendement_17-20777.pdf The new regulations are set forth in the BSA regulations at 31 C.F.R. § 1010.230 (beneficial ownership requirements); 31 C.F.R. § 1020.210(a)(5) (banks); 31 C.F.R. § 1023.210(b)(5) (broker-dealers); 31 C.F.R. § 1024.210(b)(4) (mutual funds); and 31 C.F.R. § 1026.210(b)(5) (future commission merchants and introducing brokers in commodities).    [3]   The regulation does not clearly address the beneficial ownership requirements for a U.S. pooled investment vehicle operated or controlled by a registered SEC investment adviser.  Pooled investment vehicles operated or advised by a “financial institution” regulated by a Federal functional regulator are not considered legal entities under the regulation.  31 C.F.R. § 1010.230(e)(2)(xi).  An SEC registered investment adviser, however, is not yet a financial institution under the BSA.  Under 31 C.F.R. § 1010.230(e)(3), a pooled investment vehicle that is operated or advised by a “financial institution” not excluded from the definition of legal entity is subject to the beneficial ownership control party prong. Gibson Dunn’s lawyers  are available to assist in addressing any questions you may have regarding these developments.  Please contact any member of the Gibson Dunn team, the Gibson Dunn lawyer with whom you usually work in the firm’s Financial Institutions practice group, or the authors: Stephanie L. Brooker – Washington, D.C. (+1 202-887-3502, sbrooker@gibsondunn.com) Arthur S. Long – New York (+1 212-351-2426, along@gibsondunn.com) Linda Noonan – Washington, D.C. (+1 202-887-3595, lnoonan@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

April 17, 2018 |
Supreme Court Holds That Recent Legislation Moots Dispute Over Emails Stored Overseas

Click for PDF United States v. Microsoft Corp., No. 17-2 Decided April 17, 2018 Today, the Supreme Court held that Microsoft’s dispute with the federal government over the government’s attempts to access email stored oversees is moot. Background: The Stored Communications Act, 18 U.S.C. § 2701 et seq., authorizes the government to require an email provider to disclose the contents of emails (and certain other electronic data) within its control if the government obtains a warrant based on probable cause. In this case, the federal government obtained a warrant to obtain emails from an email account used in drug trafficking. The drug trafficking allegedly occurred in the United States, but the emails were stored on a data server in Ireland. Microsoft refused to provide the emails on the ground that the Stored Communications Act does not apply to emails stored overseas. Issue: Whether the Stored Communications Act requires an email provider to disclose to the government emails stored abroad. Court’s Holding: The case is moot. On March 23, 2018, the President signed the Clarifying Lawful Overseas Use of Data Act (CLOUD Act), which amended the Stored Communications Act so that it now applies to emails stored abroad. The parties’ dispute under the old version of the law therefore was moot. “No live dispute remains between the parties over the issue with respect to which certiorari was granted.” Per Curiam What It Means: Given passage of the CLOUD Act, there was no longer any need for the Supreme Court to interpret the prior version of the Stored Communications Act. The CLOUD Act requires an email provider to disclose emails, so long as the statute’s procedures have been followed, regardless of whether those emails are “located within or outside of the United States.” CLOUD Act § 103(a)(1) (to be codified at 18 U.S.C. § 2713). But the CLOUD Act permits courts to exempt providers from disclosing emails of customers who are not U.S. Citizens or residents, if disclosure would risk violating the laws of certain foreign governments. CLOUD Act § 103(b) (to be codified at 18 U.S.C. § 2703(h)).   Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Supreme Court.  Please feel free to contact the following practice leaders: Appellate and Constitutional Law Practice Caitlin J. Halligan +1 212.351.3909 challigan@gibsondunn.com Mark A. Perry +1 202.887.3667 mperry@gibsondunn.com Nicole A. Saharsky +1 202.887.3669 nsaharsky@gibsondunn.com Related Practice: White Collar Defense and Investigations Joel M. Cohen +1 212.351.2664 jcohen@gibsondunn.com Charles J. Stevens +1 415.393.8391 cstevens@gibsondunn.com F. Joseph Warin +1 202.887.3609 fwarin@gibsondunn.com Related Practice: Privacy, Cybersecurity and Consumer Protection Alexander H. Southwell +1 212.351.3981 asouthwell@gibsondunn.com   © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

March 15, 2018 |
Key 2017 Developments in Latin American Anti-Corruption Enforcement

Click for PDF In 2017, several Latin American countries stepped up enforcement and legislative efforts to address corruption in the region.  Enforcement activity regarding alleged bribery schemes involving construction conglomerate Odebrecht rippled across Latin America’s business and political environments during the year, with allegations stemming from Brazil’s ongoing Operation Car Wash investigation leading to prosecutions in neighboring countries.  Simultaneously, governments in Latin America have made efforts to strengthen legislative regimes to combat corruption, including expanding liability provisions targeting foreign companies and private individuals.  This update focuses on five Latin American countries (Mexico, Brazil, Argentina, Colombia, and Peru) that have ramped up anti-corruption enforcement or passed legislation expanding anti-corruption legal regimes.[1]  New laws in the region, coupled with potentially renewed prosecutorial vigor to enforce them, make it imperative for companies operating in Latin America to have robust compliance programs, as well as vigilance regarding enforcement trends impacting their industries. 1.    Mexico Notable Enforcement Actions and Investigations In 2017, Petróleos Mexicanos (“Pemex”) disclosed that Mexico’s Ministry of the Public Function (SFP) initiated eight administrative sanctions proceedings in connection with contract irregularities involving Odebrecht affiliates.[2]  The inquiries stem from a 2016 Odebrecht deferred prosecution agreement (“DPA”) with the U.S. Department of Justice (“DOJ”).[3]  According to the DPA, Odebrecht made corrupt payments totaling $10.5 million USD to Mexican government officials between 2010 and 2014 to secure public contracts.[4]  In September 2017, Mexico’s SFP released a statement noting the agency had identified $119 million pesos (approx. $6.7 million USD) in administrative irregularities involving a Pemex public servant and a contract with an Odebrecht subsidiary.[5] In December 2017, Mexican law enforcement authorities arrested a former high-level official in the political party of Mexican President Enrique Peña Nieto.[6]  The former official, Alejandro Gutiérrez, allegedly participated in a broad scheme to funnel public funds to political parties.[7]  While the inquiry has not yet enveloped the private sector like Brazil’s Operation Car Wash investigation, the prosecution could signal a new willingness from Mexican authorities to take on large-scale corruption cases.  The allegations are also notable due to their similarity to the allegations in Brazil’s Car Wash investigation.  In both inquiries, funds were allegedly embezzled from state coffers for the benefit of political party campaigns. Legislative Update Mexico’s General Law of Administrative Responsibility (“GLAR”)—an anti-corruption law that provides for administrative liability for corporate misconduct—took effect on July 19, 2017.  The GLAR establishes administrative penalties for improper payments to government officials, bid rigging in public procurement processes, the use of undue influence, and other corrupt acts.[8]  The law reinforces a series of Mexican legal reforms from 2016 that expanded the scope of the country’s existing anti-corruption laws and created a new anti-corruption enforcement regime encompassing federal, state, and municipal levels of government.  Among the GLAR’s most significant changes are provisions that target corrupt activities by corporate entities and create incentives for companies to implement compliance programs to avoid or minimize corporate liability. The GLAR applies to all Mexican public officials who commit what the law calls “non-serious” and “serious” administrative offenses.[9]  Non-serious administrative offenses include the failure to uphold certain responsibilities of public officials, as defined by the GLAR (e.g., cooperating with judicial and administrative proceedings, reporting misconduct, etc.).[10]  Serious administrative offenses include accepting (or demanding) bribes, embezzling public funds, and committing other corrupt acts, as defined by the GLAR.[11]  The GLAR also applies to private persons (companies and individuals) who commit acts considered to be “linked to serious administrative offenses.”[12]  These offenses include the following: Bribery of a public official (directly or through third parties)[13]; Participation in any federal, state, or municipal administrative proceedings from which the person has been banned for past misconduct[14]; The use of economic or political power (be it actual or apparent) over any public servant to obtain a benefit or advantage, or to cause injury to any other person or public official[15]; The use of false information to obtain an approval, benefit, or advantage, or to cause damage to another person or public servant[16]; Misuse and misappropriation of public resources, including material, human, and financial resources[17]; The hiring of former public officials who were in office the prior year, acquired confidential information through their prior employment, and give the contractor a benefit in the market and an advantage against competitors[18]; and Collusion with one or more private parties in connection with obtaining improper benefits or advantages in federal, state, or municipal public contracting processes.[19]  Notably, the collusion provisions apply extraterritorially and ban coordination in “international commercial transactions” involving federal, state, or municipal public contracting processes abroad.[20] The GLAR provides administrative penalties for violations committed by both physical persons and legal entities.  Physical persons who violate the GLAR can be subjected to: (1) economic sanctions (up to two times the benefit obtained, or up to approximately $597,000 USD)[21]; (2) preclusion from participating in public procurements and projects (for a maximum of eight years)[22]; and/or (3) liability for any damages incurred by any affected public entities or governments.[23] Legal entities, on the other hand, can be fined up to twice the benefit obtained, or up to approximately $5,970,000 USD, precluded from participating in public procurements for up to ten years, and held liable for damages.[24]  The GLAR also creates two additional penalties for legal entities:  suspension of activities within the country for up to three years, and dissolution.[25]  Article 81 limits the ability to enforce these two stiffer penalties to situations where (1) there was an economic benefit and the administration, compliance department, or partners were involved, or (2) the company committed the prohibited conduct in a systemic fashion.[26]  The GLAR’s penalties for physical and legal persons are administrative, rather than criminal. Under Article 25 of the GLAR, Mexican authorities can take into account a company’s robust compliance “Integrity Program” in determining and potentially mitigating corporate liability under the GLAR.[27]  The law requires the Integrity Program to have several elements, including clearly written policies and adequate review, training, and reporting systems.[28] The GLAR contains a self-reporting incentive that provides for up to a seventy percent reduction of penalties for those who report past or ongoing misconduct to an investigative authority.[29]  As previously noted, the GLAR’s non-monetary sanctions include preclusion from participating in public procurements and projects for up to eight years (for physical persons) or ten years (for companies).[30]  If a person subject to a preclusion sanction self-reports GLAR violations, the preclusion sanction can be reduced or completely lifted by the Mexican authorities.[31]  Requirements for obtaining a reduction of penalties through self-reporting include: (1) involvement in an alleged GLAR infraction and being the first to contribute information that proves the existence of misconduct and who committed the violations; (2) refraining from notifying other suspects that an administrative responsibility action has been initiated; (3) full and ongoing cooperation with the investigative authorities; and (4) suspension of any further participation in the alleged infraction.[32] Notably, other participants in the alleged misconduct who might be the second (or later) to disclose information could receive up to a fifty percent penalty reduction, provided that they also comply with the above requirements.[33]  If a party confesses information to the investigative authorities after an administrative action has already begun, that party could potentially receive a thirty percent reduction of penalties.[34] For a full analysis of the GLAR, see http://www.gibsondunn.com/publications/Pages/Mexico-General-Law-of-Administrative-Responsibility-Targets-Corrupt-Activities-by-Corporate-Entities.aspx. 2.    Brazil Following the success of the massive Operation Car Wash investigation into corruption involving the country’s energy sector, Brazilian regulators launched or advanced inquiries in 2017 impacting companies in the healthcare, meatpacking, and financial industries, among others.  Brazilian authorities have also continued to garner international accolades for their anti-corruption work, with Brazil’s federal prosecution service (“Ministério Público Federal” or “MPF”) winning Global Investigation Review’s “Enforcement Agency or Prosecutor of the Year” award for its 2017 Operation Car Wash efforts.[35]  This award follows a 2016 recognition of the Car Wash Taskforce by Transparency International.[36]  The robust enforcement environment in Brazil is also reflected in this year’s public company disclosures.  In 2017, thirty-four companies disclosed information regarding new or ongoing inquiries involving Brazil, while disclosures regarding other Latin American nations numbered in the single digits.[37] Notable Enforcement Actions and Investigations A.    Operation Car Wash (Operação Lava Jato) Operation Car Wash, the multi-year investigation into allegations of corruption related to contracts with state-owned oil company Petrobras, has remained a focus area for the Brazilian authorities.  The investigation opened four new phases in 2017.  Notably, in October 2017, Judge Sergio Moro—the lead jurist for the investigation—stated at a public event that the Car Wash inquiry was “moving toward the final phase.”[38]  Judge Moro did not, however, provide a potential date for closing the investigation, stating, “a good part of the work is done, but this does not mean that work does not remain.”[39]  To date, Brazilian authorities investigating the Car Wash allegations have obtained 177 convictions, with sentences totaling more than 1,750 years in prison.[40] B.    Operation Zealots (Operação Zelotes) In 2017, Brazilian authorities launched new phases of Operation Zealots, a multi-year investigation into alleged payments to members of Brazil’s Administrative Board of Tax Appeals.[41]  The investigation began as an inquiry into one of the largest alleged tax evasion schemes in the country’s history.  Large companies and banks, including Bradesco, Santander, and Safra, allegedly paid bribes to members of the appeals board in exchange for a reduction or waiver of taxes owed.[42]  Operation Zealots was launched in 2015 and initially implicated companies in the financial sector.  The scope of the investigation has expanded in the last two years to also reach companies in the automobile sector and a Brazilian steel distributor.[43]  Notably, in 2017, a criminal complaint was filed against former Brazilian President Luiz Inácio Lula da Silva alleging that he received payments in exchange for securing tax benefits for automobile companies.[44]  The total amount of evaded taxes through various alleged Operation Zealots schemes is estimated to reach nearly $19 billion BRL (approx. $5.8 billion USD).[45] C.    Operation Weak Flesh (Operação Carne Fraca) In early 2017, the Brazilian Federal Police launched an investigation into the alleged bribery of government food sanitation inspectors called Operation Weak Flesh.[46]  The operation was reported to be one of the largest in the history of the Federal Police, with Brazilian authorities executing 194 search-and-seizure warrants.[47]  Dozens of inspectors are accused of taking bribes in exchange for allowing the sale of rancid products, falsifying export documents, overlooking illicit additives, and failing to inspect meatpacking plants.[48]  Authorities are investigating more than thirty meatprocessing companies, including giants such as JBS S.A. and BRF S.A. D.    Operation Bullish (Operação Bullish) On May 12, 2017, the Federal Police launched Operation Bullish, an investigation into fraud and irregularities in the manner by which Brazil’s National Bank for Economic and Social Development approved investments of over $8 billion BRL (approx. $2.4 billion USD) for the expansion of the Brazilian meatpacking company JBS.[49]  While JBS claims that it did not receive any favors from the bank’s investment arm (“BNDESPar”), Brazil’s Federal Court of Accounts (“TCU”) claims that the bank approved “risky” investments for JBS with inadequate time for analysis.[50]  The Federal Police further claim that although BNDESPar approved funds for a JBS acquisition of a foreign company, the acquisition never occurred and the investment funds were never returned.[51] E.    Operation Mister Hyde (Operação Mister Hyde) Brazilian authorities also continued inquiries in the healthcare space as part of a multi-year investigation into an alleged “Prosthetics Mafia” of doctors and medical instrument suppliers that rigged the bidding process for surgical supplies.  Investigators alleged that in exchange for payments, doctors would identify patients for unnecessary surgeries and ensure that the surgical instruments used in the operations came from a specified provider.[52]  The inquiry stems from a 2015 congressional investigation.  In February 2017, it was reported that three employees from one of the companies under investigation, TM Medical, agreed to plea bargains with the federal authorities.[53] Settlements and Leniency Agreements UTC Engenharia.  In July 2017, UTC Engenharia signed a leniency agreement with the Brazilian government and agreed to pay $574 million BRL (approx. $175 million USD), including a fine, damages, and unjust enrichment.[54]  UTC signed the agreement with Brazil’s Comptroller General of the Union (“CGU”) and Brazil’s Federal Attorney General’s Office.[55]  Under the agreement, UTC must adopt an integrity program and pay its fine within twenty-two years.[56] According to the Brazilian government, the agreement reflects “the basic pillars enumerated by the two federal agencies in the negotiations, that is, speed in obtaining evidence, identification of others involved in the crimes, cooperation with investigations, and commitment to the implementation of effective integrity mechanisms.”[57]  Notably, according to the press release, the implementation of UTC’s integrity program “will be monitored by the CGU, which can perform inspections at the company and request access to any documents and information necessary.”[58] Rolls-Royce plc.  In January 2017, Rolls-Royce settled allegations that the company offered, paid, or failed to prevent bribes involving the sale of engines, energy systems, and related services in Brazil and five other foreign jurisdictions.[59]  According to charging documents, between 2003 and 2013, Rolls-Royce allegedly made commission payments to an intermediary while knowing that portions of the payments would be paid to officials at Brazil’s state-owned oil company Petrobras.[60]  Rolls-Royce’s intermediary allegedly made more than $1.6 million BRL (approx. $485,700 USD) in corrupt payments to obtain contracts for supplying equipment and long-term service agreements.[61]  As a part of a global settlement with DOJ, Britain’s Serious Fraud Office, and Brazil’s Ministério Público Federal, Rolls-Royce agreed to pay $800 million USD total, with $25.5 million USD of that settlement being paid to the Brazilian authorities.[62] SBM Offshore N.V.  In November 2017, SBM settled allegations with DOJ that the company made payments to foreign officials in Brazil, Angola, Equatorial Guinea, Kazakhstan, and Iraq.[63]  According to the DPA, SBM used a sales agent to provide payments and hospitalities to Petrobras executives to secure an improper advantage in business with the state-owned company.[64]  SBM agreed to pay a $238 million USD criminal fine.[65]  DOJ took into account overlapping conduct prosecuted by other jurisdictions when calculating SBM’s fine, including the company’s ongoing negotiations with the MPF and a $240 million USD settlement with the Dutch authorities.[66]  The government’s press release also stated that DOJ was “grateful to Brazil’s MPF” and authorities in the Netherlands and Switzerland “for providing substantial assistance in gathering evidence during [the] investigation.”[67] Braskem/Odebrecht.  In December 2016, Brazilian construction conglomerate Odebrecht and its petrochemical production subsidiary, Braskem, resolved bribery charges with authorities in Brazil, Switzerland, and the United States.[68]  At the time of the 2016 settlement, the DOJ/SEC segment of the multibillion-dollar resolution was $419 million USD.  The settlement agreement did note, however, that Odebrecht represented it could pay no more than $2.6 billion USD in penalties.[69]  The agreement further noted that the Brazilian and U.S. authorities would conduct an independent analysis of Odebrecht’s representation.[70]  According to an April 2017 sentencing memorandum filed with the court, the U.S. and Brazilian authorities analyzed Odebrecht’s ability to pay the proposed penalty and determined that Odebrecht was indeed unable to pay a total criminal penalty in excess of $2.6 billion USD.[71]  The sentencing memorandum noted the parties agreed that Odebrecht would therefore pay a reduced fine of $93 million USD to the U.S. government.[72] Legislative Updates and Agency Guidance State-Level Anti-Corruption Law.  In late 2017, the state of Rio de Janeiro passed an anti-corruption law requiring companies contracting with the state to have compliance programs.[73]  The law applies to companies and individuals, including foreign companies with “headquarters, subsidiaries, or representation in Brazil.”[74]  While the Clean Company Act takes a company’s compliance program into consideration in the application of sanctions, Rio de Janeiro’s law goes one step further and requires companies to have programs in place before contracting with the state.[75] Ten Measures Against Corruption.  An initiative from Brazil’s Ministério Público Federal to strengthen anti-corruption laws has yet to pass both houses of Brazil’s legislative branch.  The initiative—called the “Ten Measures Against Corruption”—was first announced by the MPF in 2015.[76]  The proposal was introduced to Congress as a public initiative in 2016 after it received more than 1.7 million signatures of support from the public.[77]  The measures propose changes in corruption laws and criminal proceedings that would make the judiciary and prosecutor’s office more transparent, criminalize unjust enrichment of civil servants, hold political parties liable for accepting undeclared donations, and increase penalties for corrupt acts.[78]  Consideration of the proposal was halted in the Senate in 2017 after public outrage in response to the lower Congress’s addition of a provision that would impose harsh penalties on the judiciary and federal prosecutors for “abuse of authority.”[79]  Operation Car Wash prosecutor Deltan Dallagnol claimed that the House’s amendments “favored” white collar crimes and undermined the proposal’s purpose.[80] Ministério Público Federal Leniency Agreement Guidance.  In August 2017, the Ministério Público Federal issued guidance for prosecutors negotiating leniency agreements.[81]  The guidance provides insights into the process Brazil’s prosecutors use for negotiating such agreements and the expectations for collaborators.  One section of the guidance, for example, states that negotiations should be conducted by “more than one member of the MPF” and preferably by a criminal and administrative prosecutor for the agency.[82]  The guidance also notes the possibility that the negotiations could take place together with other Brazilian authorities, including the CGU [the chief regulator of the Clean Company Act], the Federal Attorney General’s Office (“AGU”), the chief anti-trust regulator, and the TCU.[83]  The guidance also notably details obligations of collaborators in leniency agreements, including: Communicating relevant information and proof (time frames, locations, etc.); Ceasing illicit conduct; Implementing a compliance program and submitting to external audit, at the company’s expense; Collaborating fully with the investigations during the life of the agreement and always acting with honesty, loyalty, and good faith, without reservation; Paying applicable fines and damages; and Declaring that all information supplied is correct and accurate, under the penalty of rescission of the leniency agreement.[84] 3.    Argentina Notable Enforcement Actions and Investigations A.    Investigation into President Mauricio Macri Beginning in 2016 and continuing throughout 2017, federal prosecutors in Argentina launched investigations concerning current President Mauricio Macri.[85]  While Macri was elected on promises to combat corruption in Argentina,[86] his family’s extensive business holdings have been scrutinized by Argentine authorities in connection with various influence trafficking and money laundering probes.[87]  An investigation opened in April 2017, for example, focuses on the grant of airline routes to a company connected to Macri’s father.[88]  Argentine prosecutors are also probing allegations that a government official received payments from construction conglomerate Odebrecht in connection with renewing a public contract.[89]  At the time of the alleged payments, Odebrecht was a participant in a consortium with a company connected to Macri’s cousin.[90] B.    Investigation into Former President Cristina Fernández de Kirchner In April 2017, former President Cristina Fernández de Kirchner was indicted in connection with allegations that she led a scheme to launder funds misappropriated from public coffers through a family-owned business.[91]  The charges represent the second indictment filed against Kirchner since she left office more than two years ago.[92]  In December 2016, charges were brought against Kirchner alleging that she led a criminal organization that attempted to illegally benefit its members by awarding public contracts to construction company Austral Construcciones.[93]  In a separate investigation, a judge ordered Kirchner’s arrest in connection with allegations that she covered up possible Iranian involvement in the 1994 bombing of a Jewish community center in Buenos Aires in exchange for a potentially lucrative trade deal.[94]  Other former high-level employees in Kirchner’s government have been arrested for unjust enrichment, including Vice President Amado Boudou and former planning minister Julio de Vido.[95] Legislative Update In November 2017, Argentina’s Congress passed new legislation imposing criminal liability on corporations for bribery (national and transnational), influence peddling, unjust enrichment of public officials, falsifying balance sheets and reports, and other designated offenses.[96]  The bill, called the Law on Corporate Criminal Liability, applies to both Argentine and multinational companies domiciled in the country.[97]  The law went into effect on March 1, 2018.[98] Under the bill, legal entities can be held liable for bribery and other misconduct carried out directly or indirectly, with the company’s intervention, or in the company’s name, interest, or benefit.[99]  Legal entities can also be held liable if the company ratifies the initially unauthorized actions of a third party.[100]  The bill states that legal entities are not held liable, however, if the physical person who committed the misconduct acted “for his exclusive benefit, and without providing any advantage” for the company.[101]  The bill also imposes successor liability on parent companies in mergers, acquisitions, and other corporate restructurings.[102]  The bill applies to transnational bribery for acts committed by Argentine citizens and entities that are domiciled in Argentina.[103] The bill imposes monetary and non-monetary sanctions, including: Monetary fines from two to five times the benefit that was (or could have been) obtained by the company,[104] Complete or partial suspension of activities for up to ten years,[105] Suspension for up to ten years from participating in public bids, contracts, or any other activity linked to the state,[106] and Dissolution and liquidation of the corporate person when the entity was created solely for the purposes of committing misconduct, or when misconduct constituted the principal activities of the entity.[107] Legal entities can be exempted from criminal liability where the company (1) self-reported misconduct detected through its own efforts and internal investigation, (2) implemented an adequate internal control and compliance system before the misconduct occurred, and (3) returned undue benefits obtained through the misconduct.[108]  The bill also contains provisions allowing for Argentina’s public prosecutor’s office, the Ministério Público Fiscal, to enter into collaboration agreements with legal entities.[109]  The agreements require legal entities to provide information regarding the misconduct, pay the equivalent of half the minimum monetary fine imposed under the law, and comply with other conditions of the agreement (including, but not limited to, implementing a compliance program).[110] Minimal requirements for compliance programs consistent with the bill include: A code of ethics or conduct, or the existence of integrity policies and procedures applicable to all directors, administrators, and employees that prevent the commission of the crimes contemplated by the law,[111] Specific rules and procedures to prevent wrongdoing in the context of tenders and bidding processes in the execution of administrative contracts, or in any other interaction with the public sector,[112] and Periodic trainings on the compliance program for directors, administrators, and employees.[113] The law also notes that a compliance program may include additional elements, including, among others: Periodic risk assessments,[114] Visible and unequivocal support of the program from upper management,[115] Misconduct-reporting channels that are open to third parties and adequately defined,[116] Anti-retaliation policies,[117] Internal investigation systems,[118] Due diligence processes for M&A transactions,[119] Monitoring and evaluation of the effectiveness of the compliance program,[120] and Designation of an employee responsible for the coordination and implementation of the program.[121] The compliance program components listed in the law are notably similar to elements of effective compliance programs delineated by DOJ, the SEC, and Mexico’s General Law of Administrative Responsibility.[122] 4.    Colombia Notable Enforcement Actions and Investigations A.    Odebrecht Fallout According to a December 2016 deferred prosecution agreement with DOJ, Odebrecht made more than $11 million USD in corrupt payments to government officials in Colombia to secure public works contracts.[123]  In the wake of this settlement with U.S. authorities and Brazil’s multi-year investigation into Odebrecht’s dealings, Colombian prosecutors have announced inquiries into congressional involvement in the allegations and have arrested former Colombian senator Otto Bula for allegedly taking $4.6 million USD in bribes from the company.[124]  Odebrecht allegedly paid Bula to ensure that a contract for the construction of the Ocaña-Gamarra highway included higher-priced tolls that would benefit the company.[125]  Odebrecht also allegedly made $6.5 million USD in payments to former Vice Minister of Transportation Gabriel García Morales in exchange for a contract to construct a section of the Ruta del Sol highway.[126] B.    Reficar Oil Refinery In 2017, Colombian authorities brought corruption charges against executives from an American engineering firm, Chicago Bridge & Iron Company (“CB&I”), in connection with the Refineria de Cartagena (“Reficar”) oil refinery.[127]  The Reficar oil refinery is a subsidiary of Colombia’s state-owned oil company, Ecopetrol.  Colombian authorities charged CB&I and Reficar executives with various corruption charges, including unjust enrichment, misappropriation of funds, and embezzlement.[128]  According to the Colombian authorities, Reficar executives directed contracts to CB&I without abiding by legal requirements for public bidding.[129]  The Colombian authorities also claimed to have discovered irregularities with payments CB&I received in connection with Reficar contracts, including payments for work that was not performed, reimbursements for extravagant expenses unrelated to the refinery project, and double billing.[130] C.    Conviction of Former Anti-Corruption Chief Luis Gustavo Moreno On June 27, 2017, former anti-corruption chief Luis Gustavo Moreno was arrested in his office by the CTI (the Technical Investigation Team, a division of the Colombian Attorney General).  They charged him with soliciting bribes in return for interfering with anti-corruption investigations into Alejandro Lyons Muskus, ex-governor of Córdoba, with the possibility of ending such investigations.  After his arrest, Moreno turned into a key collaborator with various officials, shedding light on a massive corruption scandal in the judiciary and congressional branch.  According to Moreno, the scandal involved state politicians such as Musa Besaile Fayad and Bernardo “Ñoño” Elías, while also accusing judges such as Gustavo Malo Fernández, Francisco José Ricaurte, and Leónidas Bustos of accepting bribes in order to corrupt judicial proceedings.[131]  President Juan Manuel Santos signed extradition orders for Moreno and extradited him to Florida, where DOJ officials charged him with conspiracy to launder money with the intent to promote foreign bribery.[132] Legislative Update In 2017, Colombian President Juan Manuel Santos announced a series of measures to address corruption issues in the country.[133]  The announcement followed Colombia’s 2016 passage of its first foreign bribery statute, the Transnational Corruption Act (“TCA”).[134]  The TCA notably has extraterritorial effect and holds legal entities administratively liable for improper payments to foreign government officials made by the entity’s employees, officers, directors, subsidiaries, contractors, or associates.[135]  The new anti-corruption measures announced by President Santos, among others, include passing new laws that would provide labor protections and economic incentives for whistleblowers, require that companies disclose information regarding “the persons who in reality profit from a business or company,” and eliminate the use of house arrest for corruption cases.[136]  The President also proposed creating a group of judges who specialize in anti-corruption cases.[137]  Other corruption reforms considered by Colombia’s Congress in 2017 include requiring lobbyists to disclose meetings with public officials and the creation of a registry of beneficiaries of public contracts.[138] Transnational Cooperation In 2017, Colombia’s Superintendence of Corporations and the Peruvian Ministry entered into a Memorandum of Understanding (“MOU”) to prosecute international corruption.[139]  The goal of the MOU is to help investigate corruption in Peru and Colombia by focusing on a bilateral exchange of evidence between the two countries.[140]  Colombia signed a similar agreement with Spain in 2017.[141]  These new efforts are meant to assist partnering states in overcoming the difficulties of cross-border investigations, including the need to acquire evidence in foreign territories. 5.    Peru Notable Enforcement Actions and Investigations The Odebrecht scandal has significantly impacted the political and anti-corruption landscape in Peru.  In its settlement with Odebrecht, DOJ disclosed that Odebrecht executives admitted to funneling around $29 million USD in bribes to Peruvian government officials between 2004 and 2015.[142]  Government officials announced that Odebrecht and other companies involved in corruption would no longer be able to bid on public work contracts.[143]  This marked the end of Odebrecht’s four-decade run as a successful bidder on public work projects in Peru.[144]  The government will now decide on a case-by-case basis what to do with the remaining contracts awarded to Odebrecht.[145] Three of Peru’s recent former presidents have been arrested and/or accused of crimes related to corruption, all with some alleged connection to Odebrecht.[146]  In July 2017, a Peruvian judge ordered the arrest of former President Ollanta Humala and his wife on charges of money laundering and conspiracy related to the alleged receipt of a $3 million USD bribe from Odebrecht.[147]  Humala, who has continued to maintain his innocence, became the first former head of state detained in connection with the Odebrecht scandal.[148]  Prosecutors are also investigating former President Alan Garcia, who allegedly facilitated irregular bidding on the subway in Lima.[149] Another former president, Alejandro Toledo, was ordered arrested by a Peruvian judge in February, pursuant to accusations that he had received $20 million USD in bribes from Odebrecht in connection with bidding on the Interoceanic Highway between Brazil and Peru.  Toledo has remained in the United States and denied any wrongdoing.[150]  A formal extradition request to the United States for Toledo to return to Peru and face charges for the alleged bribe is near approval on the Peruvian side.[151] Even Peru’s current president, Pedro Pablo Kuczynski, has been unable to evade implication in the ever-expanding Odebrecht probe.  Earlier in 2017, he had to testify as a witness in the same investigation implicating former President Toledo in the alleged irregular bidding process to build the Interoceanic Highway.[152]  In November 2017, former Odebrecht CEO Marcelo Odebrecht told Brazilian prosecutors that Odebrecht hired Kuczynski as a consultant after he had opposed highway contracts granted to the company.[153]  Kuczynski denied the allegations, but subsequently documents showed Kuczynski may have received $782,000 in payments from Odebrecht through his investment banking firm, Westfield Capital.[154]  Kuczynski narrowly survived an impeachment vote based on the corruption allegations in late December 2017.[155]  Recent additional testimony from an Odebrecht official purporting to confirm impropriety in Kuczynski’s relationship with Odebrecht has renewed calls for Kuczynski to step down or be impeached.[156] On a regional and local level in Peru, several governors have been under investigation or accused of corruption.[157]  Remarkably, a May 2014 study by Peru’s office of the anti-corruption solicitor reported that a significant majority of mayors in office between 2011 and 2014 in Peru had been investigated for criminal activity.[158] Legislative Update The most significant development in anti-corruption legislation in Peru over the last year was Legislative Decree No. 1352, enacted on January 6, 2017.  This decree modifies Law No. 30424 (Law Regulating Administrative Liability of Legal Entities for the Commission of Active Transnational Bribery),[159] which was enacted in 2016 to declare that legal entities, including corporations, would be autonomously and administratively liable for active transnational bribery when it was committed in their name or for them and on their behalf.[160]  Decree No. 1352 extended the administrative and autonomous liability of legal entities to include those guilty of active bribery of public officials.[161]  The liability provided for in Decree No. 1352 is termed “autonomous” because a natural person does not have to be found liable first; the Decree’s charges now create independent liability, and an independent entity like a corporation can be charged separately.[162]  The law provides for autonomous liability for certain crimes of bribery and money laundering.[163] Parent companies are not liable for penalties under the autonomous liability provisions of Decree No. 1352 unless the employees who engaged in corruption or money laundering did so with specific consent or authorization from the parent company.[164]  Additionally, companies that acquire entities found guilty of corruption under the autonomous liability provision may not be separately penalized if the acquiring company used proper due diligence, defined as taking reasonable actions to verify that no autonomous liability crimes had been committed.[165]  Finally, entities can avoid autonomous liability by implementing a sufficient criminal law compliance program designed to prevent such crimes of corruption from being committed on behalf of the company.[166] Elements of a properly designed program include: an autonomous person in charge of the compliance program, proper implementation of complaint procedures, continuous monitoring of the program, and training for those involved.[167]  The Peruvian securities regulator had promised additional guidance before January 1, 2018—when the Decree took effect—but, as of the date of this publication, no such guidance has been issued.[168] The Peruvian government has also modified the procurement laws via Decree 1341 to ban any company with representatives who have been convicted of corruption from securing government contracts.[169]  The ban applies even if the crimes are admitted as part of a plea bargain agreement for a reduced sentence.[170] Peru has also enacted harsher penalties for public officials found guilty of corruption and prohibitions on such officials from being able to work in the public sector post-conviction.  Legislative Decree No. 1243 (the “civil death” law) was enacted in late 2016 to establish harsher sentences for corruption-related offenses and to increase the “civil disqualification” period to five to twenty years for corruption crimes like extortion, simple and aggravated collusion, embezzlement, and bribery.[171]  That said, this disqualification only applies to crimes committed as part of a “criminal organization,” and because of the practicalities involved in these types of crimes, it is unlikely that many officials will be found to have been part of a “criminal organization” and thus barred from public service.[172] Legislative Decree No. 1295 was also enacted on December 30, 2016 with provisions to improve government integrity.[173]  The decree created the National Registry of Sanctions against Civil Servants (Registro Nacional de Sanciones contra Servidores Civiles).[174] This online registry will be updated monthly by the National Authority of Civil Service (Autoridad Nacional del Servicio Civil) and will consolidate all the information relevant to disciplinary actions and/or sanctions against public officials (including corruption charges).[175]  Anyone listed in the registry is prohibited from government employment for the duration of their registry.[176] [1] This article is intended to review key developments in the five enumerated countries.  Changes to the compliance environment continue throughout Central and South America, though they are not covered in this particular update. [2] Petróleos Mexicanos – Pemex, Report of Foreign Private Issuer (Form 6-K) (Nov. 11, 2017), at 8. [3] Petróleos Mexicanos – Pemex, Report of Foreign Private Issuer (Form 6-K) (Sept. 29, 2017), at 21. [4] See Plea Agreement, Attach. B ¶¶ 59-60, United States v. Odebrecht S.A., Cr. No. 16-643 (RJD) (E.D.N.Y. Dec. 21, 2016). [5] See Secretaría de la Función Pública, Abre SFP nuevos procedimientos administrativos en contra de filial de Odebrecht (Sep. 11, 2017), https://www.gob.mx/sfp/articulos/abre-sfp-nuevos-procedimientos-administrativos-en-contra-de-filial-de-odebrecht-126170?idiom=es. [6] Azam Ahmed and J. Jesus Esquivel, Mexico Graft Inquiry Deepens with Arrest of a Presidential Ally, N.Y. Times, Dec. 20, 2017, https://www.nytimes.com/2017/12/20/world/americas/mexico-corruption-pri.html. [7] Id.; Detienen a extesorero del PRI por presunto desvío de recursos en 2016, El Financiero, Dec. 20, 2017, http://www.elfinanciero.com.mx/nacional/detienen-a-extesorero-del-pri-por-presunto-desvio-de-recursos-en-2016.html. [8] Ley General de Responsabilidades Administrativas, Artículos 2, 52, 66, 70 (July 18, 2016) (Mex.) [hereinafter “GLAR”]. [9] GLAR at Artículos 49, 51. [10] Id. at Artículo 49. [11] Id. at Artículos 51-64. [12] Id. at Artículos 3, 4, 65. [13] Bribery includes promising, offering, or giving any benefit, whether it be through money, valuables, property, services well below market value, donations, or any other benefit, to a public servant or their spouse in return for the public servant performing or refraining from performing any act related to their duties, or using their influence in their position, for the purpose of obtaining or maintaining a benefit or advantage, irrespective of the benefit actually being achieved.  Id. at Artículos 52, 66. [14] Id. at Artículo 67. [15] Id. at Artículo 68. [16] Id. at Artículo 69. [17] Id. at Artículo 71. [18] Id. at Artículo 72. [19] Id. at Artículo 70. [20] Id. [21] Under Article 81 of the GLAR, if no benefit is obtained through the corrupt act, the financial penalty is calculated by multiplying a statutorily defined value by the daily tenor of a Mexican government economic reference rate called the Unidad de Medida y Actualización (“UMA”).  While the UMA is a variable rate that changes over time, the statutory multiple is static and defined by the GLAR.  For physical persons—if no benefit was obtained—the penalty can be up to 150,000 times the UMA (approximately $597,000 USD as of May 2017).  GLAR, Artículo 81. [22] Id. [23] Id. [24] Id. [25] Id. [26] Id. [27] Id. at Artículo 25. [28] The seven required elements of the integrity program are delineated in the statute and discussed more fully in Gibson Dunn’s review of the GLAR, found at http://www.gibsondunn.com/publications/Pages/Mexico-General-Law-of-Administrative-Responsibility-Targets-Corrupt-Activities-by-Corporate-Entities.aspx. [29] GLAR at Artículos 88-89. [30] Id. at Artículo 81. [31] Id. at Artículos 88-89. [32] Id. at Artículo 89. [33]Id. [34]Id. [35] Ministério Público Federal, MPF recebe prêmio internacional por trabalho no combate à corrupção (Nov. 6, 2017), http://www.mpf.mp.br/rj/sala-de-imprensa/noticias-rj/mpf-recebe-premio-internacional-pelo-combate-a-corrupcao. [36] Press Release, Transparency Int’l Secretariat, Brazil’s Carwash Task Force Wins Transparency Int’l Anti-Corruption Award (Dec. 6, 2016). [37] See generally FCPA Tracker, https://fcpatracker.com/. [38] See Felipe Gutierrez, Moro se diz ‘cansado’ e que trabalho da Lav Jato em Curitiba esta no fim, Folha de Sao Paulo, Aug. 15, 2017, http://www1.folha.uol.com.br/poder/2017/10/1923633-moro-diz-que-trabalho-da-lava-jato-em-curitiba-esta-acabando.shtml. [39] Id. [40] See Ministério Público Federal, A Lava Jato em numeros – STF (Jan. 12, 2018), http://www.mpf.mp.br/para-o-cidadao/caso-lava-jato/atuacao-no-stj-e-no-stf/resultados-stf/a-lava-jato-em-numeros-stf. [41] Entenda a Operação Zelotes da Polícia Federal, Folha de São Paulo, Apr. 1, 2015, http://www1.folha.uol.com.br/mercado/2015/04/1611246-entenda-a-operacao-zelotes-da-policia-federal.shtml. [42] Id. [43] Mateus Rodrigues, MPF denuncia executivos da Gerdau na Zelotes por corrupcão e lavagem de dinheiro, Oglobo, Aug. 24, 2017, https://g1.globo.com/distrito-federal/noticia/mpf-denuncia-executivos-da-gerdau-na-zelotes-por-corrupcao-e-lavagem-de-dinheiro.ghtml; MPF denuncia Lula e Gilberto Carvalho por corrupcao passive na Operacoes Zelotes, Oglobo, Sept. 11, 2017, https://g1.globo.com/politica/noticia/mpf-denuncia-lula-por-corrupcao-passiva-na-operacao-zelotes.ghtml. [44] MPF denuncia Lula e Gilberto Carvalho por corrupcao passive na Operacoes Zelotes, supra note 43. [45] Entenda a Operação Zelotes da Polícia Federal, supra note 41. [46] Estelita H. Carazzai, Bela Megale, & Camila Mattoso, Operação contra frigoríficos prende 37 e descobre até carne podre à venda, Folha de S. Paulo, Mar. 17, 2017, http://www1.folha.uol.com.br/mercado/2017/03/1867309-pf-faz-operacao-contra-frigorificos-e-cumpre-quase-40-prisoes.shtml. [47] Id. [48] Id. [49] Operação Bullish investiga fraudes em empréstimos no BNDES, Agência de Notícias de Polícia Federal, May 12, 2017, http://www.pf.gov.br/agencia/noticias/2017/05/operacao-bullish-investiga-fraudes-em-emprestimos-no-bndes; Bela Megale, Camila Mattoso, & Raquel Landim, Operação policial põe sob suspeita apoio do BNDES à expansão da JBS, Folha de S. Paulo, May 12, 2017, http://www1.folha.uol.com.br/mercado/2017/05/1883367-pf-deflagra-operacao-que-investiga-fraudes-em-emprestimos-no-bndes.shtml. [50] Megale et al., supra note 49. [51] Id. [52] Graziele Frederico and Gabriela Lapa, Grupo de acusados na ‘máfia de próteses’ do DF fecha acordo de delação premiada, Oglobo, Feb. 9, 2017, http://g1.globo.com/distrito-federal/noticia/grupo-de-acusados-na-mafia-das-proteses-do-df-fecha-acordo-de-delacao-premiada.ghtml. [53] Id. [54] Ministério da Transparência e Controladoria-Geral da União, CGU e AGU assinam acordo de leniência com UTC Engenharia, July 10, 2017, http://www.cgu.gov.br/noticias/2017/07/cgu-e-agu-assinam-acordo-de-leniencia-com-o-utc-engenharia. [55] Id. [56] Id. [57] Id. [58] Id. [59] Press Release, U.S. Dep’t of Justice, Rolls-Royce plc Agrees to Pay $170 Million Criminal Penalty to Resolve Foreign Corrupt Practices Act Case (Jan. 17, 2017), https://www.justice.gov/opa/pr/rolls-royce-plc-agrees-pay-170-million-criminal-penalty-resolve-foreign-corrupt-practices-act. [60] Deferred Prosecution Agreement, Attach. A ¶ 20, United States v. Rolls-Royce plc, No. 2:16-CR-00247-EAS (S.D. Ohio. Dec. 20, 2016). [61] Id. [62] Press Release, U.S. Dep’t of Justice, supra note 59. [63] Press Release, U.S. Dep’t of Justice, SBM Offshore N.V. and United States-Based Subsidiary Resolve Foreign Corrupt Practices Act Case Involving Bribes in Five Countries (Nov. 29, 2017), https://www.justice.gov/opa/pr/sbm-offshore-nv-and-united-states-based-subsidiary-resolve-foreign-corrupt-practices-act-case. [64] Deferred Prosecution Agreement, Attach. A ¶¶ 27, 35, United States v. SBM Offshore N.V., No. 17-686 (S.D. Tex. Nov. 29, 2017). [65] Press Release, U.S. Dep’t of Justice, supra note 63. [66] Id. [67] Id. [68] Press Release, U.S. Dep’t of Justice, Odebrecht and Braskem Plead Guilty and Agree to Pay at Least $3.5 Billion in Global Penalties to Resolve Largest Foreign Bribery Case in History (Dec. 21, 2016), https://www.justice.gov/opa/pr/odebrecht-and-braskem-plead-guilty-and-agree-pay-least-35-billion-global-penalties-resolve. [69] Plea Agreement ¶ 21(b), United States v. Odebrecht, No. 16-643 (RJD) (Dec. 21, 2016). [70] Id. at ¶ 21(c). [71] Sentencing Memorandum at 4, United States v. Odebrecht S.A., No. 13-643 (RJD) (Apr. 11, 2017). [72] Id. [73] Lei No. 7753 de 17 de outubro de 2017, do Rio de Janeiro. [74] Id. at Artigo 1. [75] Id.; Lei No. 12.846 de 2013, at Artigo 7. [76] Fausto Macedo, Quais são e o Que propõem as ’10 Medidas contra a corrupção’ do Ministério Público, Estadão, Sept. 16, 2015, http://politica.estadao.com.br/blogs/fausto-macedo/quais-sao-e-o-que-propoem-as-10-medidas-contra-a-corrupcao-do-ministerio-publico/. [77] Marcello Larcher, CCJ valida assinaturas do projeto das dez medidas contra a corrupção, Agência Câmara Notícias, Mar. 28, 2017, http://www2.camara.leg.br/camaranoticias/noticias/POLITICA/527029-CCJ-VALIDA-ASSINATURAS-DO-PROJETO-DAS-DEZ-MEDIDAS-CONTRA-A-CORRUPCAO.html. [78] Renan Ramalho, MP apresenta dez propostas para reforçar combate à corrupção no país, Oglobo, Mar. 20, 2015, http://g1.globo.com/politica/noticia/2015/03/mp-apresenta-dez-propostas-para-reforcar-combate-corrupcao-no-pais.html. [79] Felipe Gelani, Lei de abuso de autoridade divide opinões entre juristas, Jornal do Brasil, Dec. 4, 2016, http://m.jb.com.br/pais/noticias/2016/12/04/lei-de-abuso-de-autoridade-divide-opinioes-entre-juristas/; Projeto com medidas contra a corrupção aguarda relator na CCJ, Senado Notícias (Apr. 17, 2017), https://www12.senado.leg.br/noticias/materias/2017/04/17/projeto-com-medidas-contra-a-corrupcao-aguarda-relator-na-ccj. [80] Ricardo Brandt, ‘Congresso destruiu’ as 10 Medidas contra Corrupção, diz procurador da Lava Jato, Estadão, Dec. 3, 2016, http://politica.estadao.com.br/blogs/fausto-macedo/congresso-destruiu-as-10-medidas-contra-corrupcao-diz-procurador-da-lava-jato/. [81] Ministério Público Federal, Orientation No. 07/2017 – Leniency Agreements (Aug. 24, 2017), http://www.mpf.mp.br/pgr/documentos/ORIENTAO7_2017.pdf. [82] Id. [83] Id. [84] Id. [85] Almudena Calatrava, Argentine Clean-up President Macri Finds Scandals of His Own, U.S. News, Mar. 3, 2017 https://www.usnews.com/news/world/articles/2017-03-03/argentine-clean-up-president-macri-finds-scandals-of-his-own; Abren investigación contra presidente de Argentina por presunta asociación ilícita y tráfico de influencias, CNN Español, Mar. 1, 2017, http://cnnespanol.cnn.com/2017/03/01/abren-investigacion-al-presidente-de-argentina-mauricio-macri-por-entrega-de-rutas-aereas-a-avianca/. [86] Lucia de Dominicis, 10 promesas incumplidas de Macri en sus 2 años de gobierno, La Primera Piedra, Dec. 10, 2017, http://www.laprimerapiedra.com.ar/2017/12/10-promesas-incumplidas-de-macri/. [87] Calatrava, supra note 85; Fiscal argentino abre investigación a Mauricio Macri por firmas ‘offshore,’ La Prensa, Apr. 7, 2016, https://www.prensa.com/mundo/Fiscal-argentino-investigacion-Mauricio-Macri_0_4455304547.html. [88] Abren investigación contra presidente de Argentina por presunta asociación ilícita y tráfico de influencias, supra note 85. [89] Hugo Alconada Mon, Un Operador de Odebrecht le giro US$ 600.00 al jefe de inteligencia argentine, La Nacion, Jan. 11, 2017, http://www.lanacion.com.ar/1974791-un-operador-de-odebrecht-le-giro-us-600000-al-jefe-de-inteligencia-argentino; AFP, Argentina: fiscal abre causa contra jefe de espias por giro de Odebrecht, La Prensa, Jan. 24, 2017, https://www.prensa.com/mundo/Argentina-fiscal-causa-espias-Odebrecht_0_4674282545.html. [90] Mon, supra note 89. [91] Frederico Rivas Molina, Cristina Fernández de Kirchner suma otro procesamiento por corrupción, El Pais, Apr. 4, 2017, https://elpais.com/internacional/2017/04/04/argentina/1491322535_840466.html. [92] Id. [93] Id. [94] Max Radwin and Anthony Faiola, Argentine Ex-president Cristina Fernández de Kirchner Charged with Treason, Wash. Post, Dec. 7, 2017, https://www.washingtonpost.com/world/the_americas/argentine-ex-president-cristina-fernandez-charged-with-treason/2017/12/07/e3e326e0-db80-11e7-a241-0848315642d0_story.html?utm_term=.37df90a6bf06. [95] Argentina Former Vice-President Amado Boudou Arrested, BBC News, Nov. 3, 2017, http://www.bbc.com/news/world-latin-america-41867239. [96] Argentina Congress Passes Law to Fight Corporate Corruption, Reuters, Nov. 8 2017, https://www.reuters.com/article/us-argentina-corruption/argentina-congress-passes-law-to-fight-corporate-corruption-idUSKBN1D83AX; La Ley de Responsabilidad Penal de las Personas Jurídicas, Law No. 27401 (Nov. 8, 2017), Artículo 1 (Arg.) [hereinafter Ley de Responsabilidad Penal]. [97] La Ley de Responsabilidad Penal de las Personas Jurídicas, at Artículo 1, supra note 96. [98] Paula Urien, Cómo reaccionan las compañías ante la ley penal empresaria, La Nacion, March 4, 2018, https://www.lanacion.com.ar/2113848-como-reaccionan-las-companias-ante-la-ley-penal-empresaria. [99]  Ley de Responsibilidad Penal, at Artículo 2, supra note 97. [100] Id. at Artículo 1. [101] Id. at Artículo 2. [102] Id. at Artículo 3. [103] Id. at Artículo 29. [104] Id. at Artículo 7. [105] Id. [106] Id. [107] Id. [108] Id. at Artículo 9. [109] Id. at Artículo 16. [110] Id. at Artículos 16, 18. [111] Id. at Artículo 23. [112] Id. [113] Id. [114] Id. [115] Id. [116] Id. [117] Id. [118] Id. [119] Id. [120] Id. [121] Id. [122] DOJ and SEC, A Resource Guide to the U.S. Foreign Corrupt Practices Act, at 57 (Nov. 14, 2012); GLAR at  Artículo 25. [123] See Plea Agreement, Attach. B ¶ 51, United States v. Odebrecht S.A., Cr. No. 13-643 (RJD) (E.D.N.Y. Dec. 21, 2016). [124] ¿Pueden las leyes acabar con la corrupción?, Política, July 29, 2017, http://www.semana.com/nacion/articulo/corrupcion-10-proyectos-de-ley-se-tramitan-en-el-congreso-sirven/534225; Julia Symmes Cobb & Guillermo Parra-Bernal, Colombia Arrests Ex-Senator Linked to Odebrecht Graft Scandal, Reuters, Jan. 15, 2017, https://www.reuters.com/article/brazil-corruption-odebrecht-colombia/colombia-arrests-ex-senator-linked-to-odebrecht-graft-scandal-idUSL1N1F5073. [125] Cobb & Parra-Bernal, supra note 124. [126] Jose Maria Irujo & Joaquin Girl, La policía investiga la conexión Colombia-Miami en los pagos al Exviceministro García Morales, El Pais, Nov. 9, 2017, https://elpais.com/internacional/2017/11/06/actualidad/1509965659_671036.html. [127] Fiscalía General de la Nación, Imputados empresarios extranjeros y colombianos por corrupción en la construcción de Reficar (July 26, 2017), https://www.fiscalia.gov.co/colombia/bolsillos-de-cristal/imputados-empresarios-extranjeros-y-colombianos-por-corrupcion-en-la-construccion-de-reficar/. [128] Id. [129] Id. [130] Fiscalía General de la Nación, Refineria de Cartagena (2017), https://www.fiscalia.gov.co/colombia/wp-content/uploads/Presentacion-REFICAR270417.pdf. Santos ratificó extradición del exfiscal Luis Gustavo Moreno, RCN Radio, Mar. 12, 2018, https://www.rcnradio.com/judicial/santos-ratifico-extradicion-del-exfiscal-luis-gustavo-moreno. [132] Id. [133] Presidencia de la República, Gobierno presenta paquete de iniciativas para combatir la corrupción (Aug. 18, 2017), http://es.presidencia.gov.co/noticia/170818-Gobierno-presenta-paquete-de-iniciativas-para-combatir-la-corrupcion. [134] Ley. 1778 de 2016 (Feb. 2, 2016) Diario Oficial 49.774 (Colo). [135] Id. at Artículo 2. [136] Presidente anuncia nuevas medidas para seguir enfrentando el desafío de la corrupción y a los corruptos, El Observatario, Apr. 19, 2017, http://www.anticorrupcion.gov.co/Paginas/Presidente-anuncia-nuevas-medidas-para-seguir-enfrentando-el-desafio-de-la-corrupcion-y-a-los-corruptos.aspx. [137] Colombia tendrá jueces especializados en casos de corrupción, El Observatario, Dec. 7, 2017,     http://www.anticorrupcion.gov.co/Paginas/Colombia-tendra-jueces-especializados-en-casos-de-corrupcion.aspx. [138] Leyes en Contra de la Corrupción, la Apuesta del Gobierno Nacional, Actualicese, July 13, 2017, http://actualicese.com/actualidad/2017/07/13/leyes-en-contra-de-la-corrupcion-la-apuesta-del-gobierno-nacional/. [139] Colombia y Peru contra soborno transnacional, El Nuevo Siglo, Sep. 23, 2017, http://www.elnuevosiglo.com.co/articulos/09-2017-colombia-y-peru-combatiran-soborno-transnacional. [140] Id. [141] See Juan Cruz Peña, Colombia investiga a tres empresas españolas por sobornos e irregularidades, El Confidencial, May 17, 2017, https://www.elconfidencial.com/empresas/2017-05-17/colombia-investiga-empresas-espanolas-sobornos-desfalco_1379311/. [142] United States v. Odebrecht S.A., Docket No. 16-CR-643 (RJD) (E.D.N.Y. 2016). [143] Odebrecht Banned from Signing Contracts with Peru State, Andina, Jan. 9, 2017, http://www.andina.com.pe/Ingles/noticia-odebrecht-banned-from-signing-contracts-with-peru-state-648542.aspx. [144] Mitra Taj, Peru to Bar Odebrecht from Public Bids with New Anti-graft Rules, Reuters, Dec. 28, 2016,  http://www.reuters.com/article/peru-corruption-odebrecht-idUSL1N1EO00K. [145] Id. [146] Lucas Perelló, Pablo Kuczynski Loses Another Battle to the Fujimorista Opposition, Global Americans, Sept. 28, 2017, https://theglobalamericans.org/2017/09/perus-pedro-pablo-kuczynski-loses-another-battle-fujimorista-opposition/. [147] Simeon Tegel, Latin America’s Mega-Corruption Scandal Just Claimed its Two Biggest Names, Wash. Post, July 15, 2017, https://www.washingtonpost.com/news/worldviews/wp/2017/07/15/latin-americas-mega-corruption-scandal-just-claimed-its-two-biggest-names/?utm_term=.6c05e8a6bb8c; Jimena De La Quintana, Ordenan prisión preventive para Ollanta Humala y Nadine Heredia, CNN en Espanol, July 13, 2017, http://cnnespanol.cnn.com/2017/07/13/ordenan-prision-para-ollanta-humala-y-nadine-heredia/. [148] Id. [149] ¿Cuál es la relación de Alan García con el caso Odebrecht y Lava Jato?, Radio Programas del Perú, Aug. 7, 2017, http://rpp.pe/politica/judiciales/la-relacion-de-alan-garcia-con-los-casos-odebrecht-y-lava-jato-noticia-1049631. [150] Ryan Dube, Judge Orders Arrest of Former Peruvian President Alejandro Toledo in Odebrecht Bribery Case, Wall Street J., Feb. 9, 2017, https://www.wsj.com/articles/judge-orders-arrest-of-former-peruvian-president-alejandro-toledo-in-odebrecht-bribery-case-1486698137; U.S. State Department Office of Investment Affairs, Peru Country Commercial Guide – Investment Climate Statement (Sept. 20, 2017), https://www.export.gov/article?id=Peru-Corruption. [151] Peru court approves Toledo extradition request, Yahoo News, Mar. 13, 2018, https://au.news.yahoo.com/world/a/39499741/peru-court-approves-toledo-extradition-request/. [152] Lucas Perelló, Pablo Kuczynski Loses Another Battle to the Fujimorista Opposition, Global Americans, Sept. 28, 2017, https://theglobalamericans.org/2017/09/perus-pedro-pablo-kuczynski-loses-another-battle-fujimorista-opposition/; PPK declarará el Viernes por Caso Odebrecht ante fiscalía, El Comercio, Mar. 29, 2017, https://elcomercio.pe/politica/justicia/ppk-declarara-viernes-caso-odebrecht-fiscalia-420928. [153] Ex-Odebrecht CEO Says Hired Peru President as Consultant – Reports, Reuters, Nov. 14, 2017, https://www.reuters.com/article/peru-politics/ex-odebrecht-ceo-says-hired-peru-president-as-consultant-reports-idUSL1N1NK1H4. [154] Peru: President Kuczynski Denies Odebrecht Bribe Allegations, BBC News, Nov. 16, 2017, http://www.bbc.com/news/world-latin-america-42006558; Andrea Zarate & Nicholas Casey, Peru Leader Could Be Biggest to Fall in Latin America Graft Scandal, N.Y. Times, Dec. 19, 2017, https://www.nytimes.com/2017/12/19/world/americas/peru-kuczynski-impeachment.html. [155] Simeon Tegel, Peru’s President Survives Impeachment Vote Over Corruption Charges, Wash. Post, Dec. 22, 2017, https://www.washingtonpost.com/world/the_americas/perus-president-faces-impeachment-over-corruption-allegations/2017/12/20/61b2b624-e4d9-11e7-927a-e72eac1e73b6_story.html?utm_term=.e542fa1216da. Sonia Goldenberg, ‘Game of Thrones’, Inca Style, N.Y. Times, Dec. 28, 2017,  https://www.nytimes.com/2017/12/28/opinion/peru-kuczynski-fujimori-pardon-odebrecht.html. [156] Jacqueline Fowks, El fantasma de Odebrecht arrecia en Perú, El País, Mar. 8, 2018, https://elpais.com/internacional/2018/03/08/america/1520467389_977266.html. [157] U.S. State Department Office of Investment Affairs, supra note 150. [158] Id. [159] Decreto Legislativo No. 1352, Artículo 1 (Jan. 2017) (Peru). [160] Id. at Artículo 3. [161] Id. at Artículo 1. [162] Id. at Artículo 4. [163] Id. at Artículos 3-4; New Criminal Liability System for Corporate involved in Corrupt Practices and/or Money Laundering, http://www.estudiorodrigo.com/en/new-criminal-liability-system-for-corporate-involved-in-corrupt-practices-andor-money-laundering/. [164] Decreto Legislativo No. 1352, Artículo 3. [165] Id. at Artículo 17. [166] Id. [167] Id. [168] Omar Manrique, Todas las empresas deberán tomar medidas para prevenir corrupción, Gestión, Dec. 27, 2017, https://gestion.pe/economia/empresas-deberan-medidas-prevenir-corrupcion-223626. [169] Decreto Legislativo No. 1341, Artículo 11 (Jan. 2017) (Peru); José Antonio Payet & Payet Rey Cauvi Pérez, PERUVIAN UPDATE – The Impact of “Lava Jato” on M&A in Peru, International Institute for the Study of Cross-Border Investment and M&A, May 30, 2017, http://xbma.org/forum/peruvian-update-the-impact-of-lava-jato-on-ma-in-peru/. [170] Decreto Legislativo No. 1341, supra note 169. [171] Ejecutivo oficializó ley de muerte civil para corruptos, El Comercio, Oct. 22, 2016, http://elcomercio.pe/politica/gobierno/ejecutivo-oficializo-ley-muerte-civil-corruptos-273517; Decreto Legislativo No. 1243, Artículo 38 (Oct. 2016) (Peru). [172] Comentarios a la “Muerte Civil,” Decreto Legislativo 1243, Parthenon, Nov. 1, 2016, http://www.parthenon.pe/editorial/comentarios-a-la-muerte-civil-decreto-legislativo-1243/. [173] Decreto Legislativo No. 1295 (Dec. 2016) (Peru). [174] Id. at Artículo 1. [175] Id. at Artículo 4. [176] Id. The following Gibson Dunn lawyers assisted in preparing this client update: F. Joseph Warin, Michael Farhang, Lisa Alfaro, Tafari Lumumba, Michael Galas, Abiel Garcia, Renee Lizarraga, John Sandoval and Sydney Sherman. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues.  We have more than 110 attorneys with FCPA experience, including a number of former prosecutors and SEC officials, spread throughout the firm’s domestic and international offices.  Please contact the Gibson Dunn attorney with whom you usually work in the firm’s FCPA group, or the authors: F. Joseph Warin – Washington, D.C. (+1 202-887-3609, fwarin@gibsondunn.com) Michael M. Farhang – Los Angeles (+1 213-229-7005, mfarhang@gibsondunn.com) Please also feel free to contact the following Latin America practice group leaders: Lisa A. Alfaro – São Paulo (+55 (11) 3521-7160, lalfaro@gibsondunn.com) Kevin W. Kelley – New York (+1 212-351-4022, kkelley@gibsondunn.com) Tomer Pinkusiewicz – New York (+1 212-351-2630, tpinkusiewicz@gibsondunn.com) Jose W. Fernandez – New York (+1 212-351-2376, jfernandez@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

March 1, 2018 |
Corporate NPA and DPA: All in the Nuance

Washington, D.C. partners F. Joseph Warin and Michael Diamant and Washington, D.C. associate Melissa Farrar are the authors of “Corporate NPA and DPA: All in the Nuance,” [PDF] published in International Financial Law Review in March 2018.