Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On December 16, the European Union’s (EU) data protection regulator, the Article 29 Working Party (WP29), released its first official guidance on the General Data Protection Regulation (GDPR), EU’s new privacy regime. Composed of three sets of guidelines and FAQs, the guidance covers a range of issues, including the qualification, appointment, and personal liability of data protection officers (DPOs). Links to the six guidance documents follow:
- (i) Guidelines & FAQs on the right to data portability;
- (ii) Guidelines & FAQs on DPOs; and
- (iii) Guidelines & FAQs on identifying the “lead supervisory authority” for cross-border activity.
The WP29 also announced that it is accepting additional comments on this guidance through the end of January 2017, and that it will release guidelines on Data Protection Impact Assessments and Certifications in 2017. The GDPR is set to take effect in May 2018.
On December 20, Treasury’s Office of Foreign Asset Control (OFAC) announced its decision to sanction seven individuals and eight entities in connection with Russia’s occupation of Crimea and the conflict in Ukraine. OFAC also identified 26 subsidiaries of Russian banks as subject to sanctions already in place on their parent companies. Among other things, the sanctions prohibit U.S. residents, citizens, and financial institutions from participating in various financial dealings with the companies. As explained by John E. Smith, acting director of Treasury’s sanctions enforcement office, the sanctions were introduced “in response to Russia's unlawful occupation of Crimea and continued aggression in Ukraine” in order to “maintain pressure on Russia by sustaining the costs of its occupation of Crimea and disrupting the activities of those who support the violence and instability in Ukraine.” Concurrent with today’s announcement, OFAC also issued a Russia/Ukraine-related General License 11, which authorizes certain transactions “necessary to requesting, contracting for, paying for, receiving, or utilizing a project design review or permit from FAU Glavgosekspertiza Rossii’s office(s) in the Russian Federation.”
Israeli Multinational Pharmaceutical Company Settles FCPA Violations with SEC and DOJ for $519 Million
On December 22, an Israeli multinational pharmaceutical company announced an agreement with the SEC and DOJ to resolve FCPA violations stemming from conduct in Ukraine, Mexico, and Russia, with a $519 million settlement and a deferred prosecution agreement. The company will pay more than $236 million in disgorgement and interest to the SEC, the second largest FCPA-related corporate disgorgement to date. As part of its agreement with the DOJ, the company will pay a $283 million criminal fine and enter into a three-year deferred prosecution agreement under the supervision of an independent compliance monitor.
Prior Scorecard coverage of the company's investigation can be found here.
On December 21, a Brazilian construction company and its petrochemical affiliate, reached a $3.5 billion combined global settlement with U.S., Brazilian, and Swiss authorities to resolve FCPA allegations, in which both companies agreed to plead guilty in the U.S. to conspiracy to violate the FCPA. The DOJ alleged that the companies operated an extremely broad and profitable global bribery scheme, including creating an internal bribery department to systematically pay hundreds of millions of dollars to corrupt government officials around the world from 2001 to 2016. The companies attempted to conceal the bribes by disguising the source and disbursement of bribe payments by passing funds through a series of shell companies and by using off-shore bank accounts. While the scheme in large part involved bribes paid to a Brazilian multinational company and Brazilian officials, it also included government officials in numerous other South and Central American countries, and in Africa.
The construction company agreed to an overall criminal fine of $4.5 billion, but based on its representation of its ability to pay, may end up paying only $2.6 billion. Ten percent of the criminal fine was earmarked for the U.S., with the remainder to Brazil (80%) and Switzerland (10%). The DOJ faulted the construction company for failing to voluntarily disclose the conduct, but granted full cooperation credit based on Odebrecht’s actions once it started to deal with the government. As part of its own related resolution, the petrochemical company agreed to pay over $632 million in criminal fines, with the vast majority ($443 million) going to Brazil, and 15%, or $94.8 million, to each of the DOJ and Switzerland. The petrochemical company also agreed to disgorge $325 million, with $65 million going to the SEC and the rest to Brazil. The DOJ noted the petrochemical company’s failure to voluntarily disclose the conduct, and granted only partial cooperation credit due to the petrochemical company’s failure to turn over any evidence from its internal investigation until seven months after it first talked to the DOJ. Both the construction company and the petrochemical company agreed to engage independent compliance monitors for at least three years
The resolution is, by far, the largest FCPA resolution ever, with the bulk of the money going to Brazil in apparent recognition of the heavy lifting done by Brazilian prosecutors.
Prior Scorecard coverage of the ongoing Brazilian multinational company investigations can be found here.
FinCEN Penalizes New York Credit Union for Failure to Manage High-Risk International Financial Activity
On December 14, the Financial Crimes Enforcement Network (FinCEN) announced that it had assessed a $500,000 civil money penalty against a federally-chartered, low-income designated, community development credit union, for “significant violations” of anti-money laundering regulations. According to FinCEN, the credit union had historically maintained an AML program designed to address risks stemming from its designated field of membership in New York, NY. However, in 2011, the credit union began providing banking services to many wholesale, commercial money services business, some of which were located in high risk jurisdictions or engaged in high risk activities, without taking steps to update its AML program. As a result, the credit union was unable to detect and report suspicious activity and was left particularly vulnerable to money laundering.
OFAC Clarifies Iran Sanctions Snapback, Also Amends General License Regarding Foreign Flights to Iran
On December 15, OFAC updated the Frequently Asked Questions Relating to the Lifting of Certain U.S. Sanctions Under the Joint Comprehensive Plan of Action, clarifying two FAQs regarding the re-imposition of sanctions in the event of a “sanctions snapback.” Among other things, the revised guidance clarified that the U.S. will not retroactively impose sanctions for activity considered legitimate during the time of the transaction, but that activity would have to immediately halt because the agreement does not grandfather existing contracts. In addition, OFAC explained that the U.S. would provide non-Iranian foreigners a 180-day period to wind down operations that were authorized prior to a snapback. The FAQ-guidance also explained that if a snapback of sanctions were to result in the revocation of licenses, the U.S. government would provide a 180-day wind-down period for those deals, and non-Iranian foreigners could receive repayment from Iranians for goods and services provided prior to a snapback under the terms of an existing contract.
Separately, OFAC issued amended license General License J-1, regarding foreign flights to Iran, to also authorize flights that involve code-sharing agreements. A code-share is a marketing arrangement in which an airline places its designator code on a flight operated by another airline, and sells tickets for that flight. GL J-1 is effective as of December 15 and replaces and supersedes General License J in its entirety.
On December 13, New Zealand’s Ministry of Justice announced the release of an Exposure Draft of an Anti-Money Laundering and Countering Funding of Terrorism (AML/CFT) Amendment Bill, which will implement certain across-the-board changes to New Zealand’s AML/CFT regulatory scheme. The draft legislation, as categorized by the Ministry of Justice, will extend the AML/CFT laws to cover lawyers, conveyancers, real estate agents, accountants, additional gambling operators, and certain businesses that trade in high-value goods such as cars, boats, jewelry, bullion, art, and antiquities, based on risks on these entities being targeted for money laundering. The proposed changes aim to, among other things, harmonize New Zealand’s AML regime with international standards set by the Financial Action Task Force. The Ministry is accepting comments on the proposed legislation through January 27, 2017.
Gabonese National Pleads Guilty to Bribing Government Officials in Africa in Connection with Global Management Firm Mining Operations
On December 9, 2016, the son of a former Prime Minister of Gabon pleaded guilty to conspiring to make corrupt payments to government officials in Africa in violation of the FCPA. The Gabonese national worked as a consultant for a joint venture between the company and an entity incorporated in the Turks and Caicos. The DOJ charged him with conspiring to pay approximately $3 million in bribes to high-level government officials in Niger, as well as providing them with luxury cars, in order to obtain uranium mining concessions. Similarly, the DOJ also charged him with bribing a high-ranking government official in Chad with luxury foreign travel for the official and his wife in order to obtain a uranium mining concession there. In addition, the DOJ charged him with bribing government officials in Guinea with cash, the use of private jets, and a luxury car in order to obtain confidential government information.
The guilty plea comes on the heels of the company’s $412 million settlement with the DOJ and SEC to resolve related criminal and civil charges of violating the FCPA in connection with the bribery of high-level government officials across Africa. The settlement represented the fourth largest FCPA financial penalty at the time. The company’s CEO and former CFO have also previously settled related civil allegations. Prior Scorecard coverage of the company’s settlement with the DOJ and SEC may be found here.
On December 8, Congress passed the Global Magnitsky Human Rights Accountability Act as part of the National Defense Authorization Act for 2017, which now awaits President Obama's signature. Championed by U.S. Senators Ben Cardin (D-Md.), Ranking Member of the Foreign Relations Committee, and John McCain (R-Ariz.), Chairman of the Armed Services Committee, the bill gives the President of the United States the authority to deny human rights abusers and corrupt officials entry into the United States or access to our financial institutions. The bipartisan legislation builds on the Russia-specific Sergei Magnitsky Rule of Law Accountability Act of 2013 to apply sanctions globally, and makes significant acts of corruption sanctionable offenses.
Implementation of New EU Regulation Establishes Uniform Legal Framework for e-Signatures Across All EU Member States
Recently, the EU adopted a new EU Electronic Signature Regulation 910/2014/EU, which established a new, comprehensive, legal framework for e-signatures, as well as e-identification, e-seals, e-timestamp, e-documents, e-delivery services, and website authentication. The new regulation applies to transactions dating back to July 1, replacing the prior Directive on Electronic Signatures (1999/93/EC). Among other things, the new regulation defines three levels of e-Signatures: (i) e-Signature, (ii) advanced e-Signature, and (iii) qualified e-Signature. “E-Signature” is defined as data in electronic form which are attached to, or logically associated with, other electronic data, which are used by the signatory to sign. “Advanced electronic signature” is defined as uniquely linked to the signatory, capable of identifying the signatory, and created using e-signature creation data that the signatory can, with a high level of confidence, use under his sole control. And finally, a “qualified electronic signature” is defined as an advanced electronic signature created by a qualified electronic signature creation device.
Notably, and in contrast to previous EU directives on e-signatures, the new regulation is directly applicable in all 28 EU Member States without any requirement that it be formally adopted into national law. Specifically, Article 25 of the New Regulation provides that an electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures. Rather, a qualified electronic signature in one EU Member State shall now be recognized as a qualified electronic signature in all other Member States.
- Jonice Gray Tucker to discuss “How the new administration sets the tone for 2021” at the American Conference Institute Legal, Regulatory and Compliance Forum on Fintech & Emerging Payment Systems
- Sherry-Maria Safchuk to discuss UDAAP in consumer finance at an American Bar Association webinar
- Jeffrey P. Naimon to discuss "What to expect: The new administration and regulatory changes" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Jonice Gray Tucker to discuss “The future of fair lending” at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Steven R. vonBerg to discuss "LO comp challenges" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss "Major litigation" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss “The False Claims Act today” at the Federal Bar Association Qui Tam Section Roundtable