Last month, the UK’s Office of Financial Sanctions Implementation’s (“OFSI”) published a Threat Assessment analyzing sanctions compliance involving UK financial services firms since February 2022, when Russia invaded Ukraine. In the first of our two-part article (available here), we summarized the six key areas of risk that OFSI identified in its Threat Assessment. In this … Continue Reading
In February 2025, the UK’s Office of Financial Sanctions Implementation (“OFSI”) issued a report outlining its assessment of the sanctions-related threats posed to the UK by firms operating in the UK’s financial services sector. As to be expected, the report focuses on the risks associated with transactions since February 24, 2022, when Russia invaded Ukraine … Continue Reading
The start of a new year presents an opportune time to reflect on the past. We have been tracking and reporting on the U.S. Department of Justice (“DOJ”)’s Civil Cyber-Fraud Initiative (“CCF Initiative”), which former U.S. Deputy Attorney General Lisa O. Monaco announced in October 2021. The CCF Initiative employs the powerful False Claims Act (“FCA”) in … Continue Reading
The decision-making process involved in disclosing a cyber incident is a nuanced and delicate dance. Companies need to consider a myriad of factors, including when to disclose and how much detail to disclose to employees, customers, or regulators, such as the Securities and Exchange Commission (“SEC”). A New York bank was recently forced to pay … Continue Reading
In 2024, the National Crime Agency (the “NCA”), which is the UK’s lead agency against organized crime; human, weapon and drug trafficking; cybercrime; and economic crime, announced its “groundbreaking” data sharing partnership with seven UK banks, namely Barclays, Lloyds, Metro Bank, NatWest, Santander, Starling Bank, and TSB.[1] This new public-private partnership (“PPP”) was the largest … Continue Reading
In a post published earlier this year, we highlighted the importance of proactively managing artificial intelligence (“AI”) risks as part of an effective compliance program. Specifically, we explored the key considerations for organizations to effectively navigate AI-related risks and enhance their compliance efforts. We also referenced Deputy Attorney General Lisa O. Monaco’s announcement incorporating an … Continue Reading
With its second of two landmark decisions impacting the future of federal agency enforcement, SCOTUS struck down the Chevron decision last week. In a 6-3 decision in Loper Bright Enterprises v. Raimondo, the Court shifted enforcement power away from agencies and to the federal courts. The implications of the Chevron decision are both significant and … Continue Reading
In December 2023, the U.S. Securities and Exchange Commission’s (“SEC”) new rule requiring disclosure of material cybersecurity incidents became effective. SPB previously analyzed how the new rule applies to incidents affecting third-party vendors and what companies can do to manage reporting risks created by third-party cybersecurity incidents. In the first half of 2024, more than … Continue Reading
In today’s rapidly evolving technological landscape, the integration of artificial intelligence (“AI”) into business operations presents unparalleled opportunities for efficiency and innovation. Alongside these advancements, however, come new challenges and risks that must be addressed to ensure regulatory compliance and ethical responsibility. Recently, the Department of Justice (“DOJ”) has underscored the importance of proactively managing … Continue Reading
The rules on reporting cybersecurity risks and incidents pose many challenges for companies. Those challenges can be even more difficult when the cybersecurity incident affects third-party systems. With no exceptions for third-party cybersecurity incidents under the new cybersecurity reporting regulations, companies should take proactive steps to assess and respond appropriately to third-party cybersecurity incidents. The … Continue Reading
Between October 25 and October 27, 2023, the Financial Action Task Force (“FATF”), an international policy-making and standard-setting body dedicated to combating money laundering and terrorist financing, held its third plenary meeting of the year (the “October Plenary”), at which it made important updates to its list of jurisdictions under increased monitoring, often externally referred … Continue Reading
We have been tracking and reporting on the U.S. Department of Justice’s Civil Cyber-Fraud Initiative (“CCF Initiative”), which U.S. Deputy Attorney General Lisa O. Monaco announced in October 2021. The CCF Initiative employs the powerful False Claims Act (“FCA”) in an effort to “hold accountable entities or individuals that put U.S. information or systems at … Continue Reading
Join subject matter experts across policy, litigation, and regulation for an engaging discussion around privacy, cybersecurity, and AI. This live event will be in our Washington DC office and will include perspectives from in-house leaders, a former FBI agent, an incident response forensic expert, world-class public policy experts, and our privacy and cybersecurity professionals. The … Continue Reading
Earlier this month, the Supreme Court of the United States decided Dubin v. United States, No. 22-10, 2023 WL 3872518, at *1 (U.S. June 8, 2023), in favor of the defendant. Justice Sonia Sotomayor wrote the opinion for the Court, which held that 18 U.S.C. § 1028A(a)(1), aggravated identity theft, is violated only when the … Continue Reading
With the cold and flu season underway and COVID-19 still ever-present, it is a good time to take stock of the potential risks that come with working remotely. Following the lifting of pandemic restrictions allowing offices to open back up, many companies continued to offer work from home or hybrid arrangements. It is important for … Continue Reading
In an onstage interview at the American Conference Institute’s 39th International Conference on the Foreign Corrupt Practices Act David Last, Chief of the FCPA Unit of Department of Justice, Criminal Division, Fraud Section, and David Fuhr, the Unit’s Assistant Chief, reflected on the year’s most pressing enforcement issues. Acknowledging that 2022 had been difficult for DOJ’s … Continue Reading
The authors would like to thank Nicole Brenner for her contribution to this post. Trade secrets offer companies an invaluable advantage over competitors, but only if the company maintains secrecy and responds promptly to threats. If a company’s success depends on its trade secrets, the protections in place to maintain those secrets will be scrutinized … Continue Reading
The authors would like to thank Thomas Fogarty and Anya Bharat Ram for their contributions to this post. Section 1832 of the Economic Espionage Act of 1996 (the “Act”) criminalizes the theft of trade secrets “intended for use in interstate or foreign commerce, to the economic benefit of anyone other than the owner.” 18 U.S.C. § 1832(a). … Continue Reading
Industrial espionage refers to various activities performed to gain an unfair competitive advantage, rather than for national security purposes. As we discussed in a previous article, the ways in which industrial espionage can affect a company are numerous and include theft of trade secrets and disruption to operation. Section 1832 of the Economic Espionage Act … Continue Reading
We recently shared a timely post on Consumer Privacy World that, given the focus of, we wanted to call to your attention. “President Biden has recently delivered on a long stated priority of his presidency: requiring the disclosure of cyber security incidents for companies that operate critical infrastructure. After announcing an executive order in May … Continue Reading
In this article for the Consumer Privacy World Blog, John Burlingame and Kristin Bryan discuss a recent federal district court decision which calls into question the application of attorney work-product privilege to work-product prepared by consultants in anticipation of litigation.… Continue Reading
In light of two new US Treasury Department advisories signaling increased oversight of ransomware payments, victim companies and their third-party response teams considering making payments should follow certain due diligence and compliance best practices, write Colin Jennings, Ericka Johnson, Dylan Yépez and Elizabeth Weil Shaw in an article for Law360.… Continue Reading
With cybercrime on the rise, two U.S. Treasury Department components, the Office of Foreign Assets Control (“OFAC”) and the Financial Crimes Enforcement Network (“FinCEN”), issued advisories on one of the most insidious forms of cyberattack – ransomware.… Continue Reading
In remarks to the Association of Certified Anti-Money Laundering Specialists (“ACAMS”), Kenneth A. Blanco, the Director of the U.S. Treasury’s Financial Crimes Enforcement Network (“FinCEN”), covered a number of high-priority topics, including FinCEN’s response to the pandemic, the latest COVID-19 related fraud schemes, emerging cyber threats, virtual currency issues, and important regulatory updates. A theme … Continue Reading
