The U.S. Justice Department’s Latest Compliance Program Warning

U.S Deputy Attorney General Rod Rosenstein recently announced the Department of Justice’s revised corporate enforcement policy for the Foreign Corrupt Practices Act. The revised policy is based on an FCPA pilot program (in place since April 2016), which provided mitigation credit for voluntary reporting of wrongdoing and specified levels of cooperation and remediation in connection with the resulting investigation.

Much has been made about the new policy provisions that create a presumption of DOJ declination and specify percentage reductions from the U.S. sentencing guidelines in the event that a company self-discloses, cooperates and/or remediates in accordance with specified policy requirements. Certainly, these provisions significantly further the shift toward encouraging company cooperation, as well as continue the focus on holding individuals accountable, and deserve careful attention. Continue Reading

The 12 Days of Compliance

Like a gift that keeps on giving, compliance efforts now can provide long-lasting benefits into the new year.

I have written before about the guidance document from the U.S. Department of Justice that was issued in February of this year regarding compliance programs. More recently, in October, Deputy Attorney General Rod Rosenstein left no doubt in widely reported remarks that “deterrence requires enforcement through penalties decision-makers are unwilling to pay.” Continue Reading

Evolution of the General Counsel: A TerraLex Report

TerraLex recently published The General Counsel Excellence Report 2017, which tracks the continuing evolution of the role of corporate general counsel to encompass important nontraditional areas of focus and responsibilities. TerraLex, a referral network of more than 150 law firms (including Parker Poe) in more than 100 countries, sponsored similar surveys in 2013 and 2015.

The 31-page report makes for interesting reading. For example, it notes that even the GC’s title is changing, with 45 percent of respondents describing their role as “General Counsel” (slightly down from 2015) while more than 20 percent use titles like “Head of Legal,” “Group Head of Legal,” “Head of Legal & Regulatory Affairs” or even “General Counsel, Director of M&A, Strategy and Risk.” The report states that “[i]t is clear … that the exact role of the general counsel is becoming an increasingly difficult one to define.” Continue Reading

Google and Charlottesville Events Raise Questions for Companies Regarding Employee Political Views

Two recent major news stories again involve the intersection of politics with employment law. In the first matter, Google fired a programmer after he posted an internal document criticizing the company’s diversity initiatives. The document explained the employee’s view that biological reasons account in part for the low percentage of female tech workers at Google and comparable companies, and he alleged that the diversity initiatives harmed Google’s business interests.

In the second story, following alt-right protests over removal of a Confederate statue in Charlottesville, a number of online groups began identifying protesters from video and photographs taken at the demonstrations and contacting their employers, demanding that the employees be terminated for white supremacist activities. As of today, news reports indicate that several employers complied with these requests, terminating the employees in question. Continue Reading

Regulatory Considerations as Cryptocurrencies Enter the Mainstream

A faceless currency involved in dealing illegal drugs, selling stolen identity data, offshore gambling, human trafficking, material support to terrorist activity – even before Ross Ulbricht’s 2015 conviction for brokering more than $1 billion in illegal transactions through an online darknet market called Silk Road, the anonymity of using cryptocurrencies has long been the alleged allure for users of the “Dark Web.” Detractors, such as Michael Lewis, author of The Big Short, Moneyball and Liar’s Poker, note the lack of regulation, calling bitcoin “at its heart . . . a libertarian enterprise – anti-government, anti-central authority; for money to really work it needs a central authority behind it.”   In 2015, Washington Post columnist Matt O’Brien called bitcoin a millennial “Ponzi scheme.”

But, like mocha chai lattes, gangsta rap, craft beers and sleeve tattoos, cryptocurrencies are moving from being on the societal fringes to part of the mainstream. Hundreds of vendors accept bitcoin, including, Subway, Microsoft, Reddit, OkCupid, the United States Libertarian Party, CheapAir, Expedia, Wikipedia, certain vendors on, WordPress Whole Foods,, MLS soccer’s San Jose Earthquakes, Dish Network, Intuit and, just to name a few. Many users are embracing the technology – the number of bitcoin holders reached more than 10 million by the end of 2016. Continue Reading

Latest Revised I-9 Form Released

For the second time in less than a year, U.S. Citizenship and Immigration Services (USCIS) has revised the Form I-9. The latest version of the form was released on July 17 and has a footer reading “07/17/17 N.” Its use will become mandatory as of September 18, 2017. Between now and then, employers may continue to use the old “11/14/16 N” version or switch over to the new version at their convenience. Continue Reading

SEC Emphasizes Need for Cyber Protections

The Securities and Exchange Commission continues to encourage entities within its purview to institute cyber protections, especially in the wake of the rash of recent ransomware attacks. Numerous companies, including broker-dealers and investment management firms, have fallen victim to ransomware, which infiltrates the victim’s computer systems and blocks access to files with the threat of publication or deletion unless a ransom is paid. As a warning to public companies, the SEC recently issued a statement regarding the importance of the following precautionary measures:

  • Regular assessments to identify cybersecurity threats and risks
  • Penetration tests on critical systems to determine their vulnerability
  • Consistent system maintenance that includes constant monitoring for software patches to address vulnerabilities

It is clear that while the SEC recognizes the inherent risk that cyber threats pose to all companies, no matter how protected, the SEC also expects companies to continue making efforts towards disaster preparedness and other cybersecurity issues. The full text of the SEC’s “Cybersecurity: Ransomware Alert” can be found here.

Uber’s Troubles: A Compliance Wake-Up Call No Matter How Regulated You Are

I can’t help myself; when I read some of the troubling reports about Uber’s workplace culture, which has contributed to executive ousters and the need to hire one of the highest-profile lawyers in the country, I think, “If only they had a culture of compliance.”

I wrote last month about “the way of compliance” positively impacting a company’s culture. With Uber, we see the drastic flip side. Yet, I know that many corporate C-suite and boardroom folks continue to think that compliance is not for them because they are not “regulated.” The logic can be hard to argue with – lawyers and compliance professionals hear from the business folks things like: “We are not a highly regulated company” or “We do not have a lot of compliance worries, therefore we are not going to spend money on a healthy compliance program, training or other ‘distractions’ from what is our high-tech, high sales, high innovation, high [fill in the blank] world we must live in to drive value for our owners.” And that works … until it doesn’t. As one of my favorite colleagues used to say, “That dog don’t hunt no more.” Continue Reading

Sustainability Reporting After the Paris Climate Accord

It’s fair to say that President Trump’s June 1 announcement that the U.S. will withdraw from the Paris climate accord has been widely reported. It’s also fair to say that the announcement triggered a host of passionate reactions, positive and negative, around the world. Within corporate America, a number of high-profile corporations (for example, Apple, Disney, Facebook, General Electric, Google, Salesforce, Tesla and Twitter) pledged to continue their efforts to cut greenhouse gas emissions and adhere to the spirit of the accord.

This leads one to wonder whether withdrawal from the Paris climate accord might, per the law of unintended consequences, actually increase investor emphasis on corporate social responsibility (CSR) and the number of companies that voluntarily report their sustainability initiatives. It’s an intriguing possibility. Continue Reading

Updated U.S. Civil Penalties Raise the Cost of Noncompliance

In 2016, we let you know about the redundantly titled “Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015,” which required that heads of government agencies adjust civil penalties yearly to account for inflation. Announcements must take place by July 1 of each year. As a result, most federal agencies have announced their 2017 penalty increases. Because the 2016 increase took into account multiple years of inflation, most penalties doubled in 2016. This year’s increase only accounts for one year of inflation, so penalty increases are much smaller. For example, the Department of Justice (“DOJ”) announced in February that the per-claim penalty for violations of the False Claims Act, which doubled last year, will only increase from the 2016 range of $10,781 to $21,563 per violation to a new 2017 range of $10,957 to $21,916 per violation. Typically, companies who violate the False Claims Act incur multiple penalties for multiple offenses though, so this can add up quickly. The price of noncompliance is high. We have reproduced selected federal penalty increases below. Other civil penalty increases can be found by searching the Federal Register or individual agency websites. Continue Reading