Posted

By

On January 8, 2025, the U.S. Department of Justice (DOJ) issued its final rule (28 C.F.R. Part 202) implementing former President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” The guide outlines the requirements of a newly implemented Data Security Program (DSP) designed to prevent China, Russia and other foreign adversaries designated by the DOJ from accessing American’s sensitive personal data and U.S. government-related data.

In “DOJ Releases Its Data Security Program Compliance Guide,” colleagues Jeewon K. SerratoTony PhillipsShruti Bhutani AroraSahar J. HafeezChristine MastromonacoLeighton Watson and Sheetal Misra discuss the key components of the DSP and offer thoughts about compliance.

Posted

By

On April 7, 2025, Deputy Attorney General Todd Blanche issued a Memorandum titled, “Ending Regulation by Prosecution,” which outlines changes to the approach of the U.S. Department of Justice (DOJ) to digital assets and criminal enforcement. The stated goal of the Memorandum, which implements Executive Order 14178 (Strengthening American Leadership in Digital Financial Technology), is to effectuate President Trump’s directive that DOJ “end the regulatory weaponization against digital assets.”

In U.S. Department of Justice Curtails “Regulation by Prosecution” in Digital Asset Enforcement, colleagues Jeffrey J. IzantDavid Oliwenstein and Alexis N. Wansac put the new policy in context and explain why, while the new policy represents a shift in the agency’s tone, the practical effect on digital asset prosecutions may be limited.

Posted

By , , , , and

President Trump campaigned on the promise to make the United States the “crypto capital” of the world. In his first days in office, he took steps to advance that goal, including by signing an executive order designed to support the U.S. crypto industry and appointing senior officials who support crypto. President Trump has also begun to roll back certain aspects of the Biden administration’s crypto regulatory and enforcement policies and indicated that his administration will attempt to implement a clear regulatory framework for the crypto industry.

Continue reading →

Posted

By

As the 119th Congress begins, with Republicans taking control of both the House and Senate for the first time in five years, companies and nonprofit organizations should anticipate a surge in congressional investigations. Unified control of Congress, coupled with President-elect Trump in the White House, positions Republicans to pursue a sweeping oversight agenda. The question isn’t if there will be investigations—it’s who will be targeted and how to prepare. In New Congress, More Scrutiny? Preparing for Congressional Oversight and Investigations, colleagues Craig J. SapersteinAimee P. GhoshRichard P. DonoghueWilliam M. Sullivan, Jr.Johnna Purcell and Jaria Martin break down what this means for companies and how they should prepare.

Posted

By , and

Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing practices. On October, 10, 2024, CNIL fined two companies offering remote clairvoyance services a total of €400,000—€250,000 for Cosmospace and €150,000 for Telemaque—for breaches including excessive data retention, failure to obtain explicit consent for sensitive data processing, and non-compliance with marketing consent rules. These decisions serve as a reminder for businesses to evaluate their data protection policies to avoid costly penalties and maintain consumer trust.

Continue reading →

Posted

By and

On September 23, 2024, the U.S. Department of Justice (DOJ) Criminal Division released an updated version of its Evaluation of Corporate Compliance Programs (ECCP) guidance. DOJ first published the ECCP in 2017 to provide clear guidance on which factors federal prosecutors will consider when evaluating the strength of a corporation’s compliance programs in the context of an investigation or enforcement action. The ECCP instructs prosecutors on how to evaluate a company’s risk assessment mechanisms, to ensure that the company’s policies and procedures are responsive to the risks that it has identified and communicate those risks, and the established risk mitigations, to the corporation’s stakeholders, such as employees and vendors. The ECCP is a critical resource that companies should consider when developing compliance programs to avoid penalties associated with DOJ enforcement action.

Continue reading →

Posted

By

Featured in Legal500’s latest white collar crime guide, colleagues Audrey Koh and Elinor Lee recently co-authored a Q&A that provides an overview of white collar crime laws and regulations specifically applicable in the United Kingdom.

The Q&A also highlights a broad range of key takeaways including recent trends in the industry, the process of investigations and suggested mechanisms, in addition to the relevant laws and regulations.

Posted

By , , and

The Department of Justice (DOJ), through the U.S. Attorney’s Office (USAO) for the Southern District of California, recently announced a non-prosecution agreement with a Las Vegas casino, which forfeited over $130 million under the agreement. The agreement settled criminal allegations that the casino conspired with unlicensed money transmitting businesses (MTBs) worldwide to transfer funds for its financial benefit. This announcement is the latest example of the DOJ’s expanding focus on alleged money-laundering activities involving MTBs and international transfers of funds, particularly transfers connected with mainland China and mainland Chinese-related criminal activity.

Continue reading →

Posted

By

Over the last several years, enforcement authorities including the U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have aggressively pursued corporate misconduct, particularly in the areas of cybersecurity, artificial intelligence, financial fraud, corruption and sanctions. As a result, public and private companies, as well as their boards, have faced—and continue to face—increasingly complex compliance obligations. In a recent article for Governance Intelligence, colleagues David OliwensteinTony Phillips and Adam Goldberg provide insights on notable DOJ and SEC enforcement trends, what boards need to know, and recommendations on how to mitigate the risk of government investigations.