Deputy Attorney General Rod Rosenstein recently announced significant changes to the Department of Justice’s corporate enforcement policy regarding individual accountability, previously announced in the 2015 Yates Memo. The revised policy no longer requires companies who are the target of DOJ investigations to identify all parties involved in potential misconduct before they can be eligible to receive any cooperation credit. This alert examines the updated policy, which should provide companies with greater flexibility in conducting investigations and negotiating dispositions with DOJ in both criminal and civil cases.
The Securities and Exchange Commission (SEC) recently released a report detailing whether or not certain companies that had fallen victim to cyber-related frauds had violated the Securities Exchange Act of 1934 by failing to have proper internal accounting controls. The nine companies investigated by the SEC fell prey to fraudulent “business email compromise” schemes, which are responsible for the highest estimated out-of-pocket losses of any cyber-related crimes in the last five years. The primary question for the SEC was whether or not the companies had failed to enact compliant internal accounting controls that may have prevented such fraud.
This alert details the SEC’s finding and advice for companies in an environment where cybersecurity is increasingly complicated and essential.
The Department of Justice has established a new policy that requires its attorneys to coordinate with one another and with other enforcement authorities when imposing multiple penalties for the same conduct. This policy is likely to protect companies from unfair outcomes resulting from a lack of coordination among the DOJ and other authorities.
I authored an alert that provides an overview of the new policy and discusses the potential impact on companies affected.