The Securities and Exchange Commission (“SEC”) recently penalized a public company for violating U.S. economic sanctions. The violation cited the “books and records” and “internal controls” provisions of Securities Exchange Act of 1934 (the “Exchange Act”). With this unprecedented action, the SEC has put companies on notice that the Department of Justice (the “DOJ”) and the Office of Foreign Assets Control (“OFAC”) are not the only sanctions enforcers in Washington.
Background
It is well known that under Sections 13(b)(2)(A) and 13(b)(2)(B) of the Exchange Act – enacted as part of the Foreign Corrupt Practices Act (“FCPA”) – public companies must keep accurate books and records and maintain internal controls sufficient to ensure that transactions are executed in accordance with management directives and accurately recorded for reporting in the company’s financial statements. The SEC often cites public companies for violations of these provisions in cases involving allegations of foreign bribery. In this context, the SEC often will assert that a public company violated these provisions by disguising the illicit transactions in its books and records and by failing to maintain internal controls capable of detecting and preventing such transactions.
In an earlier post, 
Malicious actors want to take your data. When they have it, they will make you pay to get it back. Learn about ransomware and how to prepare against it with this informative and practical 
Ask the bank that just paid the SEC more than $ 6 million for failing to adequately train its Asia Pacific Region (APAC) personnel on antibribery with respect to hiring practices. The bank had policies against hiring personnel in exchange for business, but, according to the SEC’s order, the company “failed to effectively train APAC employees or monitor their compliance with those policies…. APAC bankers and compliance personnel lacked familiarity with and understanding of [the company’s] anti-bribery and corruption policies, particularly as those policies relate to hiring.” SEC Order in Administrative Proceeding File No. 3-19537. 
In certain circumstances, a company’s statement that one of its employees poses a significant and unacceptable compliance risk is not defamatory. According to a recent federal appellate decision, such a statement (made by a company while complying with a deferred prosecution agreement relating to Foreign Corrupt Practices Act (FCPA) violations) had no “provably false factual connotation,” and was a statement of opinion beyond the reach of defamation law. 
On September 26, 2019, a bipartisan group of eight Senators introduced the Illicit Cash Act
Saying it will accelerate complex investigations, the United States and the United Kingdom proposed an historic data exchange agreement. In future, each government will be able to obtain electronic data directly from technology companies in the other country. The governments also say this first of its kind agreement will protect privacy and enhance civil liberties.
The Financial Action Task Force (FATF), an intergovernmental organization founded 30 years ago to develop and uphold policies to combat money laundering and terrorist financing, is conducting a peer review (or “mutual evaluation”) of the United Arab Emirates (UAE) this year.