United States

• Investigations trends/developments 
• Significant law reforms impacting corporate criminal liability
• Internal investigations – key considerations
• Sectors targeted by law reform or enforcement
• Cross‑border coordinated investigation or enforcement activity
• Predictions for 2023

Investigations trends/developments

Crypto

Enforcement agencies remain focused on crypto‑assets. For example, the SEC is adding 20 positions to its Crypto Assets and Cyber Unit. More generally, with the collapse of FTX Trading Ltd., companies should anticipate an increased level of regulatory and enforcement activity around both the FTX case and digital assets as a whole.

Significant enforcement actions in 2022 showed:

• crypto markets must comply with the securities laws, with the SEC charging BlockFi Lending LLC for failing to register the offers and sales of its retail cryptolending product. This was a first-of-its-kind action against crypto-lending platforms, for violating the registration requirements of the Investment Company Act of 1940;
• regulators’ willingness to hold decentralized autonomous organization (DAO) participants liable for the actions of DAOs, as seen by the CFTC bringing charges against two individuals and a DAO, in a first-of-its-kind action, for violating the Commodity Exchange Act (CEA) by: (i) acting as a futures commission merchant without registration; (ii) failing to implement required know-your-customer and anti-money-laundering procedures; and (iii) unlawfully trading off-exchange leveraged and margined retail commodities; and
• regulators are making a push for more aggressive enforcement against the digital assets market, as seen with the CFTC bringing charges against Tether Holdings Limited, and others, for making untrue or misleading statements and omissions of material fact in connection with the U.S. dollar tether token (USDT) stablecoin. The CFTC brought this case, but it included allegations that resemble a traditional SEC enforcement action involving the marketing of a regulated issuance. In addition, there was the first criminal insider trading case involving digital assets being brought in S. v Chastain and a criminal case being brought in U.S. v Wahi, which charged the defendants with wire fraud conspiracy and wire fraud in connection with an insider trading scheme at a global cryptocurrency exchange platform.

Insider Trading

This year has seen many parallel investigations involving insider trading, with charges filed by the SEC and criminal law enforcement. In July 2022, the SEC charged nine individuals in connection with three separate insider trading schemes and all involved parallel criminal charges filed by the U.S. Attorney’s Office. This included charges against Ishan Wahi for obtaining material non-public information in his former role as a product manager at a cryptocurrency exchange platform and tipping off his associates ahead of multiple announcements regarding crypto‑asset securities. Meanwhile, the CFTC continues to pursue its own insider trading cases under the misappropriation theory, using the anti-manipulation authority under the CEA.

Sanctions

The U.S. has prioritized enforcement actions to ensure companies comply with sanctions and export controls, particularly those against Russia. During a May 2022 conference, Brian Nelson, the Under Secretary for Terrorism and Financial Intelligence at the U.S. Department of the Treasury stated, “[e]nforcement is one of the tools we use to promote compliance, and this is particularly important in the context of our Russia sanctions program…”

Recordkeeping violations

U.S. regulators, particularly the SEC and CFTC, have placed a stronger focus on ensuring that companies are properly monitoring and retaining employee communications. The SEC voted in October to adopt amendments to the electronic recordkeeping, prompt production of records, and third party recordkeeping service requirements applicable to broker-dealers, and security-based swap dealers (SBSDs). The goal of these amendments is to modernize recordkeeping requirements and to ensure the recordkeeping rules are adaptable to new technologies.

One of the key changes was to the requirements for electronic records preservation. The amendments change the former requirement to preserve electronic records exclusively in a non-rewriteable, non-erasable format, by now allowing preservation through an audit-trail method whereby the electronic records are preserved in a manner that permits the re-creation of an original record. Electronic records must be produced to securities regulators in a reasonably usable electronic format.

Corresponding with these changes in recordkeeping policy, the SEC, along with the CFTC, charged 16 Wall Street firms with widespread recordkeeping failures in 2022 with nearly USD 2 billion paid in combined penalties. Acting in coordination with the SEC, the CFTC brought charges against a dozen regulated financial entities for widespread recordkeeping and supervision violations, including the use of unapproved messaging platforms such as WhatsApp and Signal by traders and their supervisors.

Significant law reforms impacting corporate criminal liability

Compliance programs firmly under DOJ spotlight

The DOJ has implemented policies throughout 2022 indicating the reaffirmation and strengthening of certain aspects of the Obama-era policies noted in the Yates memo. The Biden administration has focused on improving corporate compliance programs, as evidenced in the DOJ’s September 2022 policy announcement, which we covered here. This announcement:

• makes clear that DOJ will now scrutinize executive compensation schemes to determine whether the schemes incentivize compliance
• shows a renewed focus on employees’ use of instant messaging for work purposes and the use of personal devices
• lays out ten criteria the DOJ should consider when deciding whether to impose a monitor.

Additionally, compliance specialists now hold key positions within the DOJ’s Criminal Division, with both the Assistant Attorney General of the Criminal Division and the Chief of the Fraud Section being former chief compliance offers. This signals that companies must ensure their compliance programs are up-to-date and most importantly that the corporate culture supports an effective compliance program.

Anti-money laundering: new rules on corporate disclosure

The DOJ and other federal regulators, as well as certain state regulators such as the New York Department of Financial Services, continue their trend of increased AML-related enforcement. Two specific areas of focus are foreign banks with touch points in the U.S., and money service businesses, in particular those transacting in digital assets.

The U.S. is on the cusp of implementing corporate beneficial ownership requirements, as outlined in the Corporate Transparency Act (Act). In September, FinCEN released the first of three rules implementing the Act, which requires entities to file reports on beneficial owners of the entity, or individuals who applied to create the entity, or register it to do business in the U.S. This rule comes into effect on January 1, 2024, and gives companies up to a year to file their reports. The second rule, relating to who may access beneficial ownership information, for what reasons and what safeguards will be required, and the third rule, relating to revisions to FinCEN’s customers due diligence rule, will be forthcoming.

Environmental, Social and Governance (ESG)

The SEC has made significant efforts on enforcement and rulemaking related to ESG. In March 2022, the SEC proposed rules that would require the disclosure of: (i) the registrant’s governance of climate-related risks and relevant risk management processes; (ii) the material impact a climate-related risk identified by the registrant may have on its business and consolidated financial statements; (iii) the effect any climate-related risk has on, or which may affect, the registrant’s strategy, business model, and outlook; and (iv) the impact climate-related events and transition activities may have on the line items of a registrant’s consolidated financial statements. Registrants would also have to disclose information related to their greenhouse gas emissions. On enforcement, the SEC settled charges with a large asset management firm for policies and procedures failures involving funds marketed as ESG investments.

While it is not clear whether these rules will be adopted in their current form, it is clear that the SEC has shown an increased focus on ESG disclosure. Therefore, whether these rules are adopted, companies should ensure compliance programs relating to ESG are up-to-date and are consistent with the company’s representations.

Whistleblowers

The CFTC’s whistleblower program continues to yield substantial payments to individuals who provide the agency with new information about potential violations of the CEA or the CFTC’s regulations. Last year, the CFTC awarded nearly USD 200 million to a single whistleblower, the largest whistleblower award ever granted by either the CFTC or SEC.

Internal investigations – key considerations

With regulators increasing efforts related to criminal corporate enforcement, it is important that companies continue to pay close attention to the actions of their employees. Therefore, the company’s ethics and compliance programs must be designed and implemented in a way that is unique to the business they were created for. Based on regulators’ current focus, companies should expect to:

• have a procedure in place to actively and effectively manage whistleblower concerns and know when an internal investigation into reported suspected misconduct is required
• ensure privilege over the internal investigation is maintained, including being mindful of informing interviewees of their rights under Upjohn, particularly when dealing with cross-border investigations
• be mindful of data privacy and bank secrecy issues when conducting an internal investigation. If regulators become involved, a way to avoid data privacy or bank secrecy issues is to obtain the data through a Mutual Legal Assistance Treaty (MLAT).

Sectors targeted by law reform or enforcement

At the 21st Annual International Competition Network Conference, the DOJ’s Antitrust Division signalled an increased focus on risks in algorithmic pricing and AI coordination. Assistant Attorney General, Jonathan Kanter, suggested that companies should be cognizant of the risk of collusion in price-fixing through technological means and noted that the DOJ was increasing its capacity to pursue investigations and enforcement actions in this area.

Additionally, the DOJ’s Antitrust Division has taken a more active approach towards criminal monopolization and has secured a guilty plea in the first criminal monopolization case since 1978. In this case, an individual was charged with, and pled guilty to, one count of attempted criminal monopolization, in violation of Section 2 of the Sherman Act.^[1]

Cross‑border coordinated investigation or enforcement activity

Corruption considered a U.S. national security threat

Corruption enforcement, particularly related to corporate crime, is regarded as a core aspect of U.S. national security. The White House’s December 6, 2021, Strategy on Countering Corruption calls for increased intelligence-sharing between the U.S. and foreign partners, and deepening cooperation through partnering with countries in joint investigations and prosecutions. Companies should expect to see an expansion of laws across all regulatory agencies where gatekeepers of the financial systems, such as lawyers and accountants, are held accountable for potentially complicit misconduct.

Digital Assets: involvement outside the United States

The CFTC continues to pursue activities involving digital asset markets both within and outside of the United States. Last year, the CFTC brought 18 actions involving conduct related to digital assets. This represents more than 20% of all actions filed during the year. Many of these were cross-border actions involving companies and individuals located outside of the United States who were engaged in activities that have a connection to U.S. markets.

Predictions for 2023

Looking forward, companies should expect to see a continued prioritization of increased enforcement over corporate behavior, and companies should expect to face greater scrutiny from regulators. As such, companies should continue to advance and monitor their compliance programs to ensure for adequate monitoring, prevention and remediation of corporate misconduct. Future areas of focus include: 

Cybersecurity

Proposed cybersecurity amendments will likely see an increased focus on cybersecurity responses. With the increased use of digital technologies, crypto‑assets and the permanent shift to a hybrid work environment, the SEC proposed amendments in March to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting.

The proposed rules would require:

• disclosure of material cybersecurity incidents in the Form 8-K reporting within four days of an incident
• updates to any previously reported incidents
• disclosure of cybersecurity risk management and strategy
• disclosure of cybersecurity governance, including the board’s oversight of cybersecurity risk
• disclosure regarding the board’s cybersecurity expertise.

The amendments also propose to amend the foreign disclosures to align more with the domestic disclosures.

While these proposed amendments have not been finalized, we predict that they indicate an increased focus and importance put on cybersecurity.

Crypto

Market participants should expect to face greater scrutiny from regulators in the crypto space. This year, regulatory agencies have brought many enforcement actions against cryptocurrency and asset companies for the unregistered sale or offering of securities. One such case, Ripple Labs, is still being litigated. According to Ripple CEO Brad Garlinghouse, if Ripple loses, most tokens trading on platforms in the U.S. would be deemed securities, meaning those platforms would have to register with the SEC as broker dealers. Therefore, looking towards the future, market participants should understand how securities laws may apply to digital asset borrowing and lending activities, even in cases where the digital assets themselves may not be securities.

Compliance

Companies should expect to see more onus put on their CCOs to ensure effective compliance, with Kenneth Polite, Assistant Attorney General, DOJ’s Criminal Division, considering whether ‘requiring both the CEO and the CCO to certify at the end of the term of the agreement that the company’s compliance program is reasonably designed and implemented to detect and prevent violations of the law, and is functioning effectively…’  

Life Sciences

Pharmaceutical companies should expect focus to remain on drug pricing and access to generics. The Food and Drug Administration is expected to continue its scrutiny of vaping products, particularly with more states implementing legislation for the sale of recreational cannabis and the growing popularity of cannabis-derived products, such as CBD.

_{^{[1] United States v. Zito, Crim. No. 1:22-cr-00113, at 4 (D. Mont. Sept. 19, 2022).}}

This article is part of the Allen & Overy Cross-border White collar Crime and Investigations Review. Please visit the review homepage for our overviews and insights in other jurisdictions.