We previously offered insight into two False Claims Act (“FCA”) enforcement actions brought by the U.S. Department of Justice (“DOJ”) as part of its “Civil Cyber-Fraud Initiative” (“CCF Initiative”). Deputy Attorney General Lisa O. Monaco announced the CCF Initiative in October 2021, stating that “[t]he initiative will hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.” We noted that DOJ “was not bluffing,” and that in addition to the two highlighted cases, “more are expected.” The prediction has come true.
There has been no shortage of news this month, so it is understandable that a major presidential proposal garnered relatively little attention at the time. On March 2, the President proposed a sweeping pandemic anti-fraud initiative that is designed to give key oversight bodies additional tools to investigate and prosecute those who defraud the pandemic relief programs that collectively injected trillions into the then-teetering economy to support struggling families, workers, and businesses.
When these relief programs were initiated three major oversight bodies were created to combat pandemic relief-related fraud, a House Select Subcommittee on the Coronavirus Pandemic; a new Office of Inspector General, the Special Inspector General for Pandemic Recovery (or “SIGPR”); and the Pandemic Response Accountability Committee (or “PRAC”), a consortium of existing Offices of Inspectors General whose agencies took part in pandemic relief programs. To complement the work of these bodies, the Department of Justice created COVID-19 Fraud Strike Force Teams, a COVID-19 Fraud Enforcement Task Force, and a “Chief Pandemic Prosecutor” was named.
Our colleagues at Capital Thinking have been monitoring this week’s veto by President Biden of a Republican-led effort to overturn a Department of Labor rule on environmental, social, and governance (ESG) guidelines for retirement accounts. Given the topic, and how it may potentially lead to House and Senate investigations on ESG initiatives or other corporate initiatives, we wanted to talk a moment to share the post with you.
On Friday, March 3, 2023, the DOJ released its updated Evaluation of Corporate Compliance Programs, which included new guidance on ephemeral messaging platforms and other issues. This new guidance was released contemporaneously with Assistant Attorney General Kenneth A. Polite, Jr.’s (‘Polite”) speech at the American Bar Association’s (“ABA”) 38th Annual National Institute on White Collar Crime.[1] DOJ acknowledged the value of ephemeral messaging platforms to businesses, consistent with their evolution on these and other matters involving technology and technological advances in the workplace. Going forward, Companies will be expected to tailor policies to their risk profiles and specific business needs. They are also expected to ensure that, as appropriate and to the greatest extent possible, business-related electronic data and communications are accessible and amenable to preservation, even as it relates to communications made by third party vendors and other agents of the company.
At last week’s American Bar Association’s 38th Annual National Institute on White Collar Crime, both Deputy Attorney General Lisa O. Monaco and Assistant Attorney General Kenneth A. Polite, Jr. provided additional insight into the DOJ’s continued focus on corporate criminal enforcement. Our previous blog post details the expansion of DOJ’s National Security Division and the increased emphasis on investigating and enforcing sanctions violations. Deputy Attorney General Monaco stressed the benefits of having a strong and established corporate compliance program: “Our goal is to empower companies to do the right thing, by investing in compliance, in culture and in good corporate citizenship—while at the same time empowering our prosecutors to hold accountable those who don’t follow the law.”
On March 2, 2023, the Department of Justice announced several new initiatives that prioritize the investigation and enforcement of economic sanctions evasion, export control violations, and similar economic crimes. Deputy Attorney General Lisa Monaco announced a “surge of resources to address a troubling trend: the intersection of corporate crime and national security.” In particular, DOJ’s National Security Division “will be elevating its attention to corporate crime through an infusion of personnel and expertise.” Additionally, Deputy Attorney General Monaco revealed a joint national security compliance advisory with the Commerce and Treasury Departments.
Corporate Crime and National Security
Deputy Attorney General Monaco described companies as “the front lines of today’s geopolitical and national security challenges,” and noted that “increasingly, corporate criminal investigations carry profound national security implications.” According to Deputy Attorney General Monaco, recent geopolitical events have “elevated the importance of sanctions and export control enforcement.” Deputy Attorney General Monaco reiterated two themes she has emphasized over the past year when discussing sanctions enforcement: first, she again described sanctions as the “new FCPA.”[1] That is, DOJ is putting companies on notice that it will prioritize sanctions enforcement similar to how it has prioritized enforcement of Foreign Corrupt Practices Act violations as part of DOJ’s corporate enforcement efforts. Second, she repeated that sanctions issues impact a variety of industries.[2] Sanctions are no longer a “technical area of concern for select businesses” but should “now be at the top of every company’s risk compliance chart.” Deputy Attorney General Monaco noted that DOJ is currently handling corporate investigations involving sanctions investigations across “industries as varied as transportation, fin tech, banking, defense and agriculture.”
On February 22, 2023, the Department of Justice (“DOJ”) announced the new United States Attorneys’ Offices Voluntary Self-Disclosure Policy (“VSD Policy”). Following on the heels of the Criminal Division’s revised Corporate Enforcement Policy, the VSD Policy was also developed in response to the “Monaco Memo,” which directed each component of the DOJ that prosecutes corporate crime to formalize and publish a policy to incentivize corporate voluntary self-disclosure. (See our previous blog posts here and here.) Unlike the revised Corporate Enforcement Policy, which applies to the DOJ’s Criminal Division, the VSD Policy is a new policy developed by the Attorney General’s Advisory Committee and applies to all of the U.S. Attorney’s Offices. The VSD Policy, which is effective immediately, sets nationwide criteria for U.S. Attorney’s Offices for determining the standards of what constitutes a voluntary self-disclosure as well as the appropriate resolution and tangible benefits for an organization that voluntarily self-discloses misconduct.
Last week, the U.S. Department of Justice (DOJ) and U.S. Department of Commerce (Commerce) announced the creation of a “Disruptive Technology Strike Force.” The strike force will be co-led by DOJ’s National Security Division and Commerce’s Bureau of Industry and Security, with support from 14 U.S. Attorneys’ Offices in 12 major metropolitan areas across the country, and it will coordinate with officials from the FBI and the Department of Homeland Security’s Homeland Security Investigations component. The strike force’s goal is to “…protect U.S. national security by preventing …sensitive technologies from being used for malign purposes” by “nation-state adversaries” such as China, Iran, Russia, and North Korea. The “sensitive technologies” at issue include supercomputing and “exascale” computing, quantum computing, biosciences, and, of course, artificial intelligence.
On January 24, 2023, the Federal Reserve Board (“FRB”) assessed a second-tier[1] civil penalty of $2.3 million against New York-based Popular Bank (or the “Bank”) for unsafe and unsound practices related to six Paycheck Protection Program (“PPP”) loans. According to the FRB, the Bank processed and funded these loans despite detecting significant indicia of fraud in the loan applications. In doing so, the Bank did not adhere to internal anti-money laundering (“AML”) policies and procedures, in violation of the Bank Secrecy Act (“BSA”). Although the Bank ultimately self-reported, it failed to do so in a timely manner. As a result of these failures, the Bank incurred a cumulative loss of approximately $1.1 million related to the six fraudulent PPP loans. The FRB opted not to impose corrective measures, acknowledging in the consent order that substantial remediation efforts by the Bank were already underway.[2]
Congress introduced the PPP in March 2020, with the enactment of the Coronavirus Aid, Relief, and Economic Security (CARES) Act, intending to provide economic relief payments to small businesses financially impacted by the COVID-19 pandemic and granting the Small Business Administration (“SBA”) principal administrative authority. At the time, the emergency situation placed pressure on SBA-approved lenders to process PPP loan applications and disbursements as quickly as possible. This, combined with the PPP’s accelerated rollout and the minimal documentation, processing, and other requirements promulgated by the SBA, led to vulnerabilities and oversights that enticed and enabled fraudulent access to PPP funds. Consequently, federal authorities commenced a crackdown on PPP-related fraud, launching investigations and filing charges primarily against loan borrowers within a year of the PPP’s inception.
Our colleagues at Privacy World blog have been monitoring negative option marketing (or dark patterns) for some time. Last week, the FTC delivered its 2022 Criminal Liaison Report where it detailed its success referring FTC consumer fraud cases to prosecutors for criminal prosecution. Again, our Privacy World colleagues are there to discuss what this Report means for companies, especially as it relates to compliant negative option marketing programs. Our partner Kathleen McGovern’s former role as senior deputy chief of the DOJ’s Fraud Section enables even greater insight to what this FTC signaling means for companies. Check out the full post HERE.
