Cybersecurity Compliance on U.S. Government Contracts and Subcontracts

The U.S. Department of Justice announced late last year that it would utilize the False Claims Act, the U.S. government’s primary civil tool to redress false claims for federal funds and property, to bring actions against U.S. government contractors and subcontractors who do not meet the cybersecurity requirements of a particular contract or grant. The U.S. Department of Justice (the “DoJ”) certainly was not bluffing. In the past few months, DoJ has announced the settlement of two False Claims Act cases related to cybersecurity deficiencies or misrepresentations, and more are expected. 

As such, it is now imperative that companies executing U.S. government contracts and subcontracts proactively assess their compliance with federal cybersecurity requirements.

Continue Reading

The UAE Continues to Combat Bribery and Corruption

The United Arab Emirates (the “UAE”) continues to lead the Arab world in terms of its anti-bribery and corruption (“ABC”) endeavors. The UAE offers a business-friendly environment with an effective and efficient public administration; it criminalizes active and passive bribery, embezzlement, abuse of functions, and facilitation payments, it enforces its domestic ABC legislation and it continues to work with international partners to combat bribery and corruption.

Continue Reading

Series: How to Respond to the Threat of Trade Secret Loss

The authors would like to thank Nicole Brenner for her contribution to this post.

Trade secrets offer companies an invaluable advantage over competitors, but only if the company maintains secrecy and responds promptly to threats. If a company’s success depends on its trade secrets, the protections in place to maintain those secrets will be scrutinized in the event of any breach. A previous article in this series discussed the legal and practical ways companies can protect themselves from industrial espionage, including the “reasonable measures” companies must take to protect trade secret information. 18 U.S.C. § 1836. But if there is already a perceived loss of trade secrets, then the company must be prepared to defend the systems in place to monitor any traces of unusual or dangerous behavior. Even if a company takes all reasonable measures to keep proprietary information secret, it is difficult to avoid all potential threats. Yet threats to company trade secrets are increasing, especially technology thefts. Frequently, such thefts are perpetuated by a company’s own employees.

Responding to a Potential Threat

Continue Reading

Wolfsberg Group Releases Guidance on Negative News Screening

bank building

The Wolfsberg Group, an association of thirteen global banks which develops frameworks and guidance for the management of financial crime risks, particularly with respect to KYC, AML, and CFT policies, recently released a set of frequently asked questions on negative news screening and other forms of adverse information searches.

Negative news screening can assist financial institutions in performing customer due diligence, as well as evaluating transactions or activities that are unusual or potentially suspicious.   The Financial Action Task Force (FATF), an inter-governmental money laundering and terrorist financing watchdog, recommends that banks, as part of a risk-based approach, include verifiable adverse media searches as part of enhanced due diligence measures.[1]  Similarly, while the Bank Secrecy Act does not require negative news screening, U.S. regulators have encouraged banks, as appropriate, to consider negative news.[2]  The FFIEC BSA/AML Manual, for example, notes that banks should “establish policies and procedures for determining whether and/or when, on the basis of risk, obtaining and reviewing additional customer information, for example through negative media search programs, would be appropriate.”  The Manual continues that the results of negative news screening can help a bank determine when it is appropriate to review a customer relationship.

Recognizing that there is no single, universally agreed approach to negative news screening, the Wolfsberg Group developed its recent guidance to help financial institutions manage their financial crime risks.  The guidance is separate from politically exposed persons or sanctions screening, both of which are traditionally list-based.  For the purposes of the guidance, the Wolfsberg Group defined “negative news” as “‘information available in the public domain which FIs [financial institutions] would consider relevant to the management of Financial Crime risk.”

Continue Reading

Series: Remedies available to companies harmed by industrial espionage

The authors would like to thank Thomas Fogarty and Anya Bharat Ram for their contributions to this post.

Section 1832 of the Economic Espionage Act of 1996 (the “Act”) criminalizes the theft of trade secrets “intended for use in interstate or foreign commerce, to the economic benefit of anyone other than the owner.” 18 U.S.C. § 1832(a). The Defend Trade Secrets Act of 2016 (the “DTSA”) amends the Act to include a civil cause of action for the misappropriation of trade secrets. 18 U.S.C. § 1836(b)(1). Thus, victimized individuals or corporations whose trade secrets were stolen may seek an injunction, monetary damages, or attorneys’ fees. In extreme cases, parties may seek an ex parte seizure to prevent the misuse of stolen trade secrets.

Industrial espionage refers to various activities performed to gain an unfair competitive advantage, including the theft of trade secrets. In previous articles (here and here), we discussed how companies can legally and practically protect themselves from industrial espionage. However, where these protections fail, remedies are available.

Injunction

A court may grant an injunction “to prevent any actual or threatened misappropriation [of a trade secret] . . . on such terms as the court deems reasonable.” § 1836(b)(3)(A)(i). Such an injunction requires the defendant to take affirmative action to protect the secret. § 1836(b)(3)(A)(ii). Yet the court may deny the injunction, but allow the defendant to use the trade secret if they pay a “reasonable royalty” for a specified period of time. § 1836(b)(3)(A)(iii). Any injunction may not prevent the defendant from “entering into an employment relationship with another,” nor may it contradict any state laws “prohibiting restraints on the practice of a lawful profession, trade, or business.” §§ 1836(b)(3)(A)(i)(I)­­–(II).

Continue Reading

FinCEN Requests Public Comments on Potential No-Action Letter Process

US Treasury

Thanks to our Summer Associate, Apollo Yong, for his work on this timely blog.

On June 6, 2022, the Financial Crimes Enforcement Network (“FinCEN”), a bureau of the U.S. Department of the Treasury, issued an Advanced Notice of Proposed Rulemaking (“ANPRM”), requesting public comment on questions related to FinCEN’s implementation of a no-action letter process.[1]  The ANPRM seeks to determine whether the public supports the no-action letter process and how the public expects the process to differ from other forms of relief that FinCEN already offers.

FinCEN’s Report to Congress

FinCEN began considering a no-action letter process after the passage of the Anti-Money Laundering Act of 2020 (the “AML Act”).  Section 6305(a) of the AML Act required FinCEN to assess whether it should establish a process for issuing no-action letters in response to inquiries from persons concerning the application of anti-money laundering or countering the financing of terrorism laws (such as the Bank Secrecy Act, the USA PATRIOT Act, and section 8(s) of the Federal Deposit Insurance Act) and regulations to a regulated entity’s specific conduct.[2]  Section 6305(b) of the AML Act required FinCEN to submit a report (the “Report”) to Congress, which contains all findings and determinations made in carrying out the no-action letter assessment as well as proposed rulemakings, if appropriate, to implement the findings and determinations the agency made throughout the no-action letter assessment process.

Continue Reading

Webinar: US Uyghur Forced Labor Prevention Act: Is Your Organization Prepared?

This image has an empty alt attribute; its file name is US-Customs-and-Border-Protection_GettyImages-483740270.jpg

President Biden signed the Uyghur Forced Labor Prevention Act (UFLPA) into law in December 2021. Beginning on June 21, US Customs and Border Protection (CBP) will apply a “rebuttable presumption” that all goods originating from China’s Xinjiang Uyghur Autonomous Region violate an existing ban on the importation of goods made with forced labor into the US.

Our team of seasoned specialists will discuss UFLPA’s implementation – including the latest guidance – and best practices for compliance.  Please join us on June 23 at 11am EDT for this timely webinar.

For additional detail and registration information, click here.

Law Commission Proposes Reforms to Corporate Criminal Liability in the UK

The proposal outlines 10 possible ways to bolster UK corporate criminal liability.

The UK Law Commission, has published their proposals (the Options Paper) to overhaul criminal law as it applies to companies in the UK. The Law Commission is an independent commission created by Parliament to keep UK law under review and to recommend reforms. The Options Paper outlines 10 possible ways to strengthen corporate liability by both criminal and civil law reforms.

Background

To establish corporate criminal liability, long-standing English law requires that prosecutors prove that a “directing mind or will” (i.e., directors or other senior management) was culpable (the Identification Doctrine). This requirement has made the prosecution of large organisations very challenging for law enforcement agencies, with the Serious Fraud Office (SFO) being the most vocal critics of the Identification Doctrine, given the most senior employees are seldom privy to decisions made at the operational level of the business. By contrast, under US criminal law, organizations generally are vicariously liable for offenses committed by their agents.

Continue Reading

The UK’s OFSI provides guidance on strict liability sanctions breach penalties

The Office of Financial Sanctions Implementation (OFSI), part of HM Treasury, which is the authority for implementing financial sanctions in the UK, have published guidance to clarify how they will use their new powers to impose civil monetary penalties for sanctions breaches on a strict liability basis from Monday 15 June 2022.  The full message from Director Giles Thomson is available here.  

The Economic Crime (Transparency and Enforcement) Act 2022, which we recently blogged on,  removed the requirement that a person must have known, suspected or believed that they were acting in breach of sanctions before significant civil penalties could be imposed. This legislative change undoubtedly makes it easier for OFSI to hand out significant fines. However, this guidance recognises that all a responsible business can do in the moment when making decisions about sanction compliance in the course of business is to base these decisions upon their knowledge or suspicion having taken reasonable steps of enquiry.

OFSI’s guidance confirms that, when deciding whether to impose a civil penalty, OFSI will take into account whether the person committing the breach knew or suspected that their conduct amounted to a breach of financial sanctions as well as the efforts they took to prevent breaches.

Series: Overview of Ways to Legally and Practically Protect Your Company from Industrial Espionage

As we discussed in a previous article, companies can be at risk from internal and external sources of industrial espionage, in an attempt to gain an unfair competitive advantage or disrupt operations.

Legal Protections

Owners of a trade secret have a federal cause of action against an individual or company that misappropriates their trade secret “if the trade secret is related to a product or service used in, or intended for use in, interstate or foreign commerce.” 18 U.S.C. § 1836(b)(1). The Defend Trade Secrets Act of 2016 (“DTSA”), which amends the Economic Espionage Act of 1996, defines a “trade secret” to include “all forms and types of financial, business, scientific, technical, economic, or engineering information.” However, the DTSA requires that: (1) the owner takes “reasonable measures to keep such information secret;” and (2) “the information derives independent economic value, actual or potential, from” its secrecy. Id. at § 1839(3).

There is no specific guidance on what constitutes “reasonable measures” that an owner must take to keep their trade secrets safe. As a result, whether measures are “reasonable” significantly depends on the nature of the trade secret at issue. In Dairy, LLC v. Milk Movement Inc., the plaintiff, Dairy, LLC (“Dairy”), sought a preliminary injunction to prevent the defendant, Milk Movement Inc., from using secret methods used in Dairy’s payroll software. The methods in Dairy’s payroll software enabled its clients to maximize benefits related to milk prices paid to dairy producers by milk handlers. No. 21-cv-02233, 2022 U.S. Dist. LEXIS 34072 (E.D. Cal. Feb. 25, 2022). The trial court held that Dairy had not shown any reasonable measures were in place to protect its trade secret. The trial court noted that Dairy posted screen shots of its software on its own website that included placeholders for data input, such that the software could be reverse engineered. See Dairy, 2022 U.S. Dist. LEXIS 34072at *4. Accordingly, the trial court denied the injunction.

Continue Reading

LexBlog