Government uses data mining to select targets for enforcement actions. Your company can use data mining for compliance. Hear tips and insights in an eleven minute podcast in “Compliance Perspectives,” from the Society of Corporate Compliance and Ethics (SCCE). SCCE is a member-based association providing education and news updates for ethics and compliance professionals. To listen to the podcast, click here.
Buried on page 2,201 of the 2,232-page 2018 Omnibus Spending Bill, the CLOUD Act was signed into law on March 23, 2018. The bill allows U.S. law enforcement to obtain U.S. citizens’ private data from servers anywhere in the world, provided that an agreement exists with that country on data sharing. However, the CLOUD Act has already received tough criticism that raises 4th Amendment concerns.
In part two of our series on Mexico’s anticorruption legislation, we take a closer look at both the 2016 amendments to the Federal Criminal Code and the compliance provisions of the General Law of Administrative Responsibility as these laws apply to legal entities.
Although these amendments are generally discussed separately, we believe that these laws, as amended, complement each other and the provision of one can help understand the other. This bifurcated enforcement is in some ways similar to how the FCPA is enforced by the DOJ and the SEC in the U.S. (i.e. through separate but complementary criminal and civil/administrative actions).
We turn our attention to how these laws impact legal entities in a post found here on our Latin America Legal blog.
Read the first post in our series here.
Part I: Background
During the era when the Sony Walkman birthed the personal audio revolution, Nintendo Entertainment Systems appeared on American shores, and Gordon Gekko made wireless phone calls on his chunky mobile phone, the 99th United States Congress passed the Stored Communications Act (SCA). Enacted in 1986, the SCA governs U.S. authority to compel disclosure of electronic communications or data stored with a service provider.
Fast forward two decades, the gap between advancements in technology and legislation became readily apparent when a federal appeals court, the United States Second Circuit, decided on July 14, 2016, that U.S. law enforcement could not compel a U.S. Cloud Service Provider (CSP) to disclose Content Information (e.g., emails) stored abroad with a U.S. search warrant.
As a tsunami of corruption scandals devastates Latin America’s political landscape, it can be easy to dismiss the slow and uncertain steps many countries are taking in the fight against corruption as political jujitsu, enough to appease but not to change. We do not, and we remain optimistic as Mexico, Peru, Colombia, Argentina and – of course – Brazil enact stronger anticorruption legislation. We believe we are seeing the water recede, changing the way many in these countries are doing business. Mexico’s anticorruption legislation goes further than most. It applies to public officials and everyone – individuals and companies – doing business with the government and requires companies to implement internal changes and controls.
In the first of a three-part series, we recently discussed Mexico’s anticorruption legislation and its impact in a post on our Latin America Legal blog. You can read it here.
On February 27, 2018, the Supreme Court heard oral arguments in a case that will affect the security of data stored in the cloud. At issue in United States v. Microsoft is whether a U.S. based digital communications provider must comply with a warrant for user data stored on servers located outside of the U.S. This case is being heard against the backdrop of Congressional debates regarding proposed amendments to Section 2703 of the Stored Communications Act – some of which are tailored to address this very issue.
In a unanimous decision authored by Justice Ruth Bader Ginsburg, the United States Supreme Court ruled on February 21, 2018 that the anti-retaliation provisions of the Dodd–Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank” or the “Act”) only cover whistleblowers who report potential violations of the securities laws to the Securities and Exchange Commission (the “SEC” or the “Commission”) and not those who only report internally. The decision reversed an earlier ruling by the Ninth Circuit Court of Appeals and resolved a circuit split on the issue. As a result, employees who only report potential violations internally must pursue anti-retaliation claims under the less generous provisions of the Sarbanes Oxley Act of 2002 (“SOX”).
On February 13, 2018, the U.S. Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) issued a finding and notice of proposed rulemaking (“NPRM”), pursuant to the USA Patriot Act, seeking to prohibit the opening or maintaining of a correspondent account in the United States for, or on behalf of, ABLV Bank, AS (“ABLV”).
Details of Allegations
ABLV is Latvia’s third biggest bank with assets of around 3.6 billion euros in September 2017. It has subsidiaries in Luxembourg and the United States, and offices in Russia, Ukraine, and Hong Kong.
Annually, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) publishes its examination priorities for the new year. Recently, OCIE announced five priorities that will inform its examinations moving in to 2018.
OCIE is committed to “promoting compliance, preventing fraud, identifying and monitoring risk, and informing policy.” In support of these “pillars,” OCIE intends to focus on:
- Issues of importance to retail investors, such as fee disclosures, mutual funds, and exchange-traded funds;
- Entities that are critical to the proper functioning of capital markets, such as clearing agencies and national securities exchanges;
- Oversight of the Financial Industry Regulatory Authority (FINRA) and the Municipal Securities Rulemaking Board (MSRB);
- Cybersecurity; and
- Anti-money laundering programs.
The 2017 Year in Review of the Department of Justice reveals a Data Analytics Team (the “Team”) for tracking healthcare fraud. The Healthcare Fraud Unit launched the Team in order to provide data mining expertise that efficiently detects healthcare fraud. This development demonstrates that data analytics is the future of enforcement. A fuller description of the Team and data mining is found on the Triage blog here.