Jun. 7, 2023

Messaging Apps Come Under Increasing Regulatory Scrutiny

As enforcement actions increase, the intensifying spotlight on WhatsApp and other mobile texting software is prompting many companies to actively seek legal guidance and make compliance and technology changes, while some in the lesser regulated space may be taking more of a “wait and see” approach. Already this year, the SEC, FINRA and the Commodity Futures Trading Commission have lodged enforcement actions against companies over improper use of off-channel messaging apps, and the DOJ issued updated guidance in March on its expectations for compliance programs, including a warning that all companies facing investigations are expected to have stated policies and procedures around usage. This article offers a glimpse into current corporate concerns about messaging apps and how attorneys at Ballard Spahr and Paul Hastings are helping clients address them. See “Electronic Communications: Useful Training Techniques and Policies and Procedures to Adopt” (Oct. 13, 2021).

Compliance Lessons From SEC’s $62.2‑Million Settlement With Recidivist Philips for FCPA Violations

Philips, a Dutch medical-device company, recently reached a $62.2‑million settlement with the SEC for books-and-records and internal accounting control violations of the FCPA resulting from the sale of medical equipment in China. The case marks the second time in a decade the SEC has charged Philips with FCPA violations. Philips was ordered to pay approximately $41.1 million in disgorgement and $6 million in prejudgment interest, as well as a $15‑million civil penalty. This article considers how companies may seek to review their internal accounting controls in light of the case, in the views of King & Spalding partner Alexander Koch and Vinson & Elkins partner Fry Wernick. See “Civil FCPA Settlement by Dutch Electronics Giant Philips Continues Trend of “No-Charged Bribery Disgorgement” Cases” (Apr. 17, 2013).

Frank’s International Settles FCPA Allegations for $8 Million

On April 26, 2023, Netherlands-based oil and gas services provider Frank’s International N.V. (now part of Houston-based Expro Group Holdings NV) agreed to an $8‑million settlement with the SEC to resolve FCPA violations for bribing Angolan officials through a sales agent in violation of the FCPA’s anti-bribery, books-and-records and internal accounting controls provisions. According to the SEC order, funds were diverted to an official at Angola’s state-owned oil-and-gas company, Sociedade Nacional de Combustíveis de Angola EP, also known as Sonangol, to influence the awarding of oil-and-natural-gas services contracts. This article examines what the resolution means for compliance practitioners, in the view of Hui Chen, senior advisor at Ropes and Gray, and Matteson Ellis, a partner at Miller and Chevalier. See “Glencore Pleads Guilty and Agrees to Pay $1.1 Billion to Multiple Authorities, But Can It Change?” (Jun. 22, 2022).

SICPA Accepts Conviction of Corporate Criminal Liability in Connection With Acts of Corruption

On April 27, 2023, SICPA, a Swiss company providing secured identification, traceability and authentication services, acknowledged, with strong caveats, the Swiss government’s position that it failed to take all necessary and reasonable organizational measures between 2008 and 2015 to prevent bribes to foreign public officials. The Office of the Attorney General of Switzerland identified organizational deficiencies that “made it possible for employees of SICPA to bribe public officials in the conduct of business in Brazil, Colombia, and Venezuela.” SICPA said that while it acknowledged the conviction, it disagreed with the grounds, and acquiesced to the conviction because of uncertainty caused by the proceedings. This article explores what compliance practitioners can learn from this case, according to Juerg Bloch and Simon Bühler, attorneys at the Swiss law firm Niederer Kraft Frey, and Anne Valérie Julen Berthod and Joël Pahud, attorneys at the Swiss law firm Oberson Abels. See “No Longer a Slap on the Wrist: SEC Penalties and Sentences on the Rise” (Jan. 18, 2023).​​​​​

Ransomware Incident Response Checklist

Ransomware is a multi‑billion‑dollar global criminal industry. Although no two incidents are the same, this checklist, derived from our in-depth content and takeaways from a recent Incident Response Forum panel, offers some streamlined best response practices in the moments, hours and days that follow a ransomware attack. See our two-part series on lessons from the multinational takedown of Hive ransomware: A Broad Impact (Mar. 15, 2023), and Coordination and Defensive Priorities (Mar. 29, 2023).