Category: Corporate Security

What’s New Out There? A Trade and Business Regulatory Update

Sheppard Mullin 2012Proposed DoD Rule: Detection and Avoidance of Counterfeit Electronic Parts (DFARS Case 2012-D-005)

On May 16, 2013, the Department of Defense (“DoD”) issued a proposed rule that would amend the Defense Federal Acquisition Regulation Supplement (“DFARS”) relating to the detection and avoidance of counterfeit parts, in partial implementation of the National Defense Authorization Act (“NDAA”) for Fiscal Year (“FY”) 2012 (Pub. L. 112-81) and the NDAA for FY 2013 (Pub. L. 112-239). 78 Fed. Reg. 28780 (May 16, 2013). The proposed rule would impose new obligations for detecting and protecting against the inclusion of counterfeit parts in their products. Public comments in response to the proposed amendment are due by July 15, 2013.

The proposed rule, titled Detection and Avoidance of Counterfeit Electronic Parts (DFARS Case 2012-D-005), partially implements Section 818 of the NDAA for FY 2012 requiring the issuance of regulations addressing the responsibility of contractors (a) to detect and avoid the use or inclusion of counterfeit – or suspect counterfeit – electronic parts, (b) to use trusted suppliers, and (c) to report counterfeit and suspect counterfeit electronic parts. Pub. L. 112-81,§ 818(c). Section 818(c) also requires DoD to revise the DFARS to make unallowable the costs of re-work or other actions necessary to deal with the use or suspected use of counterfeit electronic parts. Id. The new rule also proposes the following in order to implement the requirements defined in Section 818.

  • Definitions: Adds definitions to DFARS 202.101 for the terms “counterfeit part,” “electronic part,” “legally authorized source,” and “suspect counterfeit part.”
  • Cost Principles and Procedures: Adds DFARS section 231.205-71, which would apply to contractors covered by the Cost Accounting Standards (“CAS”) who supply electronic parts, and would make unallowable the costs of counterfeit or suspect counterfeit electronic parts and the costs of rework or corrective action that may be required to remedy the use or inclusion of such parts. This section provides a narrow exception where (1) the contractor has an operational system to detect and avoid counterfeit parts that has been reviewed and approved by DoD pursuant to DFARS 244.303; (2) the counterfeit or suspect counterfeit electronic parts are government furnished property defined in FAR 45.101; and (3) the covered contractor provides timely notice to the Government.
  • Avoidance and Detection System: Requires contractors to establish and maintain an acceptable counterfeit avoidance detection system that addresses, at a minimum, the following areas: training personnel; inspection and testing; processes to abolish counterfeit parts proliferation; traceability of parts to suppliers; use and qualification of trusted suppliers; reporting and quarantining counterfeit and suspect counterfeit parts; systems to detect and avoid counterfeit electronic parts; and the flow down of avoidance and detection requirements to subcontractors.

Potential Impacts on Contractors and Subcontractors

Although the rule is designed constructively to combat the problem of counterfeit parts in the military supply chain, it imposes additional obligations and related liabilities on contractors and subcontractors alike.

  • The proposed rule shifts the burden of protecting against counterfeit electronic parts to contractors, thus increasing contractor costs and potential contractor liability in this area.
  • Under the proposed rule, contractors would need to take steps to establish avoidance and detection systems in order to monitor for and protect against potential counterfeit electronic parts, also increasing the financial and temporal impact on contractors.
  • Avoidance and detection system requirements will need to be flowed down to subcontractors, increasing subcontractors’ responsibility – and thus liability – for counterfeit parts.
  • The proposed rule would also make unallowable the costs incurred to remove and replace counterfeit parts, which could have a significant financial impact on contractors – even under cost type contracts.
  • As it currently stands, the narrow exception regarding the allowability of such costs applies only where the contractor meets all three requirements of the exception, which likely would be a rare occurrence.

Interim SBA Rule: Expansion of WOSB Program, RIN 3245-AG55

On May 7, 2013, the Small Business Administration (“SBA”) issued an interim final rule implementing Section 1697 of the NDAA for FY 2013, removing the statutory dollar amount for contracts set aside for Women-Owned Small Business (“WOSB”) under the Women-Owned Small Business Program. 78 Fed. Reg. 26504 (May 7, 2013). Comments are due by June 6, 2013.

The new rule would amend SBA 127.503 to permit Contracting Officers (“COs”) to set aside contracts for WOSBs and Economically Disadvantaged WOSBs (“EDWOSBs”) at any dollar amount if there is a reasonable expectation of competition among WOSBs as follows: (1) in industries where WOSBs are underrepresented, the CO may set aside the procurement where two or more EDWOSBs will submit offers for the contract and the CO finds that the contract will be awarded at a fair and reasonable price; or (2) in industries where WOSBs are substantially underrepresented, the CO may set aside the procurement if two or more WOSBs will submit offers for the contract, and the CO finds that the contract will be awarded at a fair and reasonable price.

The new rule would amend SBA 127.503 to permit Contracting Officers (“COs”) to set aside contracts for WOSBs and Economically Disadvantaged WOSBs (“EDWOSBs”) at any dollar amount if there is a reasonable expectation of competition among WOSBs as follows: (1) in industries where WOSBs are underrepresented, the CO may set aside the procurement where two or more EDWOSBs will submit offers for the contract and the CO finds that the contract will be awarded at a fair and reasonable price; or (2) in industries where WOSBs are substantially underrepresented, the CO may set aside the procurement if two or more WOSBs will submit offers for the contract, and the CO finds that the contract will be awarded at a fair and reasonable price.

Article By:

 of

Weighing Going Private or Sale to Carl Icahn, Dell Cuts off Info

McBrayer NEW logo 1-10-13

As Dell Inc. considers its future after a massive loss in value over the past decade, the question may fundamentally be this: are the company’s problems are the result of poor leadership or a relatively straightforward matter of shedding its stock obligations?

Two proposals are on the table. First, founder Michael Dell has proposed taking the company private by buying out the company’s stock for $24.4 billion through a private equity firm called Silver Lake. Second, business magnate Carl Icahn’s Southeastern Asset Management has offered to buy Dell for $12 in cash per share. Unfortunately, it’s not clear how the buyout negotiations are going.

An unquestioned leader in the personal computer industry in the 90s, Dell had lost some $68 billion in stock market value by 2010, reportedly due to a change in its customer base and inability to respond to Apple’s iPhone and iPad products. Sales at Dell continue to shrink, reportedly showing a 79 percent drop in a quarterly profit report filed last week.

As part of the buyout negotiations, Icahn sent a letter on seeking more detailed information from Dell, including data room access for a certain potential lender This week, however, a special committee of Dell’s board of directors sent Icahn a letter refusing access to that information until it can determine whether his offer is “superior” to Michael Dell’s.

Meanwhile, Dell insisted upon more information from Icahn — such as whether his offer is even serious. In its response, the committee specifically asked Icahn to make “an actual acquisition proposal that the Board could evaluate” as opposed to merely offering the board a backup plan in case Michael Dell’s proposal fails to move forward.

“Please understand that unless we receive information that is responsive to our May 13 letter, we are not in a position to evaluate whether your proposal meets that standard,” the special committee reportedly wrote in response to Icahn’s request.

The question on Wall Street is the same as Dell’s: Is the Southeastern Asset Management offer serious? Icahn reportedly already owns 4.5 percent of Dell’s stock, while Southwest, already Dell’s largest outside shareholder, owns 8 percent.

 of

“Actually, Someone Knows You are a Dog”– the Chinese Regulation Efforts on Private Data Protection

Sheppard Mullin 2012

Do you have privacy in the era of information?

“On the Internet, nobody knows you’re a dog.” First published in The New Yorker on July 5, 1993, this widely known and recognized saying has been quoted many times to describe the anonymous feature of Internet. However, now this description has been drifting from the truth.

The truth is that, some people using the Internet may know you better than yourself. When you log on Amazon, not only will the site greet you by name, the homepage will also suggest certain purchases. Surprisingly, you will be interested in at least one third of them. Your addresses have been recorded and Amazon will automatically calculate the delivery period. Besides those online shopping sites, getting visitors’ information is the common practice of online service and/or information providers. Youku and Netflix suggest videos to watch. Weibo and Facebook suggest friends to follow. Douban and IMDB suggest movie tickets to buy and parties to attend.

On one hand, these recommendations might give you convenience in your life and entertainment; while on the other hand, this can be really intruding and make you anxious by knowing you so much. For example, you just bought an apartment and even did not get the keys. However, decoration companies and contractors give you calls telling you the decoration designs for the new apartment have been done. You just submitted some resumes for a job. Even before the interview, insurance companies and training companies give you calls and emails to make sales. Have you wondered how strangers know your private, personal information?

Every time you log on a website, make a call or buy a ticket by showing ID card, computer systems will track you down, and record everything you have clicked and purchased. Data analyzing systems will collect, characterize, store your information, and take further actions based on the information. Some entities even purchase and resell personal data for profit. The reason why personal data become commodities is because direct marketing based on private data is profitable. Marketing communications are only classified as “direct marketing” where they are addressed to a specific person by name or where a phone call is made to a specific person, and the use of private data is the foundation of direct marketing. The newly issued Hong Kong Personal Data (Privacy) Amendment Ordinance contains a number of new provisions regulating the use of personal data in connection with direct marketing activities in Hong Kong, which has come into force since April 1, 2013. Apart from Hong Kong, there are over fifty countries and regions which have laws and regulations protecting personal data.

What is the new trend in China to protect personal data?

In order to safeguard the legitimate rights and interests of Chinese citizens concerning private data protection, the Ministry of Industry and Information Technology of China (“MIIT”) announced the Provisions on the Protection of Personal Information of Telecommunication and Internet Users (Draft for Comments) (“PPI Rules”) and the Provisions on the Registration of True Identity Information of Telephone Users (Draft for Comments) (“RTII Rules”) and sought for public comments. The deadline for submitting comments is May 15, 2013.

The PPI Rules and RTII Rules are a breakthrough with respect to legislation of personal information protection. Although these two rules are not officially a personal information protection law, they are a good beginning and call for a complete set of rules.

The PPI Rules and RTII Rules are designed to protect personal information from two perspectives. While the PPI Rules regulates the collection and utilization of users’ private information, the RTII Rules requests “real-name registration” of telephone users for the prohibition of direct or indirect marketing using no-name telephone numbers. Specifically, the PPI Rules requires that telecommunication service providers and Internet information service providers (“Service Providers”) shall not collect or use the users’ personal information without their consent. Service Providers shall also clearly notify the users of the purpose, method and scope of collection and utilization of the users’ personal information, retention period of such information, ways to access and modify such information, and consequences of refusal to provide such information.

Meanwhile, the “real-name registration” required by RTII Rules is a double-edged sword. Not only are telephone users required to supply their true identity information, some Internet services, for example, the Chinese Twitter Weibo, also require users’ true identity information. On one hand, it will reduce the risk of private information abuse by no-name telephones and Weibo bloggers. One the other hand, the “real-name registration” regime means it is legitimate for telephone and some Internet service providers to collect their users’ information. Although RTII Rules prohibits the sales and illegal provision of users’ information, it doesn’t mean those providers will not utilize the users’ information to make profits and provide such information to government or other compulsive entities. This “real-name registration” may limit the health development of Internet and even harm users’ right to free speech. Is “real-name registration” the only way to protect personal information? This is a controversial topic.

What can enterprises do to avoid violations of personal data protection rules in China?

Putting the controversial topic aside, let’s talk about what the enterprises doing business in China can do regarding new rules to protect personal information. Those enterprises may not be limited to Internet/telecommunication service providers, because the regime may expand in the future to regulate more entities that may get access to citizens’ personal data.

First, the concerned enterprises can log on MITT official websites and submit comments if any. They can make their voice heard since the rules are in the “draft for comments” period.

Second, thorough study of the new rules and other anticipated rules in this area is needed. The concerned enterprises need to provide proper training to their employees regarding the users’ information protection, since this is not only required by the new rules, but the enterprises might also have joint and several obligations with the employees who abuse the users’ information.

Third, proper drafts of disclaimer/declaration/agreement are needed when the enterprises want to collect and utilize the users’ private information. The enterprises need to make sure that they have obtained the users’ consents concerning the information collection and utilization. Proper preparations are needed to avoid future risks.

 of

Second Circuit Bars Criminal Defendant from Accessing Assets Frozen by Regulators

Katten Muchin

The US Court of Appeals for the Second Circuit recently upheld a district court’s refusal to release nearly $4 million in assets frozen by the Securities and Exchange Commission and the Commodity Futures Trading Commission to help a defendant fund his criminal defense.

Stephen Walsh, a defendant in a criminal fraud case, had requested the release of $3.7 million in assets stemming from the sale of a house that had been seized by regulators in a parallel civil enforcement action. In denying Walsh’s motion to access the frozen funds, the US District Court for the Southern District of New York found that the government had shown probable cause that the proceeds had been tainted by defendant’s fraud, and were therefore subject to forfeiture. Though Walsh and his wife had purchased the home in question using funds unrelated to the fraud, Walsh ultimately acquired title to the home pursuant to a divorce settlement in exchange for a $12.5 million distributive award paid to his wife, at least $6 million of which, according to the court, was traceable to the fraud.

Agreeing with the District Court, the Second Circuit found that although the house itself was not a fungible asset, it was “an asset purchased with” the tainted funds from the marital estate by operation of the divorce agreement and affirmed the denial of defendant’s request. Further, since Walsh’s assets did not exceed $6 million at the time of his arrest, under the Second Circuit’s “drugs-in, first-out” approach, all of his assets became traceable to the fraud.

U.S. v. Stephen Walsh, No. 12-2383-cr (2d Cir. Apr. 2, 2013).

 of

Trade Secret Misappropriation: When An Insider Takes Your Trade Secrets With Them

Raymond Law Group LLC‘s Stephen G. Troiano recently had an article, Trade Secret Misappropriation: When An Insider Takes Your Trade Secrets With Them, featured in The National Law Review:

RaymondBannerMED

While companies are often focused on outsider risks such as breach of their systems through a stolen laptop or hacking, often the biggest risk is from insiders themselves. Such problems of access management with existing employees, independent contractors and other persons are as much a threat to proprietary information as threats from outside sources.

In any industry dominated by two main players there will be intense competition for an advantage. Advanced Micro Devices and Nvida dominate the graphics card market. They put out competing models of graphics cards at similar price points. When played by the rules, such competition is beneficial for both the industry and consumers.

AMD has sued four former employees for allegedly taking “sensitive” documents when they left to work for Nvidia. In its complaint, filed in the 1st Circuit District Court of Massachusetts, AMD claims this is “an extraordinary case of trade secret transfer/misappropriation and strategic employee solicitation.” Allegedly, forensically recovered data show that when the AMD employees left in July of 2012 they transferred thousands of files to external hard drives that they then took with them. Advanced Micro Devices, Inc. v. Feldstein et al, No. 4:2013cv40007 (1st Cir. 2013).

On January 14, 2013 the District Court of Massachusetts granted AMD’s ex-parte temporary restraining order finding AMD would suffer immediate and irreparable injury if the Court did not issue the TRO. The TRO required the AMD employees to immediately provide their computers and storage devices for forensic evaluation and to refrain from using or disclosing any AMD confidential information.

The employees did not have a non-compete contract. Instead the complaint is centered on an allegation of misappropriation of trade secrets. While both AMD and Nvidia are extremely competitive in the consumer discrete gpu market involving PC gaming enthusiasts, there are rumors that AMD managed to secure their hardware to be placed in both forthcoming next-generation consoles, Sony PlayStation 4 and Microsoft Xbox 720. AMD’s TRO and ultimate goal of the suit may therefore be to preclude any of their proprietary technology from being used by its former employees to assist Nvidia in the future.

The law does protect companies and individuals such as AMD from having their trade secrets misappropriated. The AMD case has only recently been filed and therefore it is unclear what the response from the employees will be. What is clear is how fast AMD was able to move to deal with such a potential insider threat. Companies need to be aware of who has access to what data and for how long. Therefore, in the event of a breach, whether internal or external, companies can move quickly to isolate and identify the breach and take steps such as litigation to ensure their proprietary information is protected.

© 2013 by Raymond Law Group LLC

Brace for Impact – Final HITECH Rules Will Require Substantially More Breach Reporting

The National Law Review recently published an article, Brace for Impact – Final HITECH Rules Will Require Substantially More Breach Reporting, written by Elizabeth H. Johnson with Poyner Spruill LLP:

Poyner Spruill

 

The U.S. Department of Health and Human Services (HHS) has finally issued its omnibus HITECH Rules.  Our firm will issue a comprehensive summary of the rules shortly (sign up here), but of immediate import is the change to the breach reporting harm threshold.  The modification will make it much more difficult for covered entities and business associates to justify a decision not to notify when an incident occurs.

Under the interim rule, which remains in effect until September 23, 2013, a breach must be reported if it “poses a significant risk of financial, reputational, or other harm to the individual.” The final rule, released yesterday, eliminates that threshold and instead states:

“[A]n acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E [the Privacy Rule] is presumed to be a breach unless the covered entity or business associate, as applicable, demonstrates that there is a low probability that the protected health information has been compromised based on a risk assessment of at least the following factors:

(i) The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification;

(ii) The unauthorized person who used the protected health information or to whom the disclosure was made;

(iii) Whether the protected health information was actually acquired or viewed; and

(iv) The extent to which the risk to the protected health information has been mitigated.”
(Emphasis added).

In other words, if a use or disclosure of information is not permitted by the Privacy Rule (and is not subject to one of only three very narrow exceptions), that use or disclosure will be presumed to be a breach.  Breaches must be reported to affected individuals, HHS and, in some cases, the media.  To rebut the presumption that the incident constitutes a reportable breach, covered entities and business associates must conduct the above-described risk analysis and demonstrate that there is only a low probability the data will be compromised.  If the probability is higher, breach notification is required regardless of whether harm to the individuals affected is likely.  (Interestingly, this analysis means that if there is a low probability of compromise notice may not be required even if the potential harm is very high.)

What is the effect of this change?  First, there will be many more breaches reported resulting in even greater costs and churn than the already staggering figures published by Ponemon which reports that 96% of health care entities have experienced a breach with average annual costs of $6.5 billion since 2010.

Second, enforcement will increase.  Under the new rules, the agency is required (no discretion) to conduct compliance reviews when “a preliminary review of the facts” suggests a violation due to willful neglect.  Any reported breach that suggests willful neglect would then appear to require agency follow-up.  And it is of course free to investigate any breach reported to them.  HHS reports that it already receives an average of 19,000 notifications per year under the current, more favorable breach reporting requirements, so where will it find the time and money to engage in all these reviews?  Well, the agency’s increased fining authority, up to an annual maximum of $1.5 million per type of violation, ought to be some help.

Third, covered entities and business associates can expect to spend a lot of time performing risk analyses.  Every single incident that violates the Privacy Rule and does not fit into one of three narrow exceptions must be the subject of a risk analysis in order to defeat the presumption that it is a reportable breach.  The agency requires that those risk analyses be documented, and they must include at least the factors listed above.

So why did the agency change the reporting standard?  As it says in the rule issuance, “We recognize that some persons may have interpreted the risk of harm standard in the interim final rule as setting a much higher threshold for breach notification than we intended to set. As a result, we have clarified our position that breach notification is necessary in all situations except those in which the covered entity or business associate, as applicable, demonstrates that there is a low probability that the protected health information has been compromised. . . .”

The agency may also have changed the standard because it was criticized for having initially included a harm threshold in the rule, with critics claiming that the HITECH Act did not provide the authority to insert such a standard.  Although the new standard does, in essence, permit covered entities and business associates to engage in a risk-based analysis to determine whether notice is required, the agency takes the position that the new standard is not a “harm threshold.”  As they put it, “[W]e have removed the harm standard and modified the risk assessment to focus more objectively on the risk that the protected health information has been compromised.”  So, the agency got their way in that they will not have to receive notice of every single event that violates the Privacy Rule and they have made a passable argument to satisfy critics that the “harm threshold” was removed.

The new rules are effective March 26, 2013 with a compliance deadline of September 23, 2013.  Until then, the current breach notification rule with its “significant risk of harm” threshold is in effect.  To prepare for compliance with this new rule, covered entities and business associates need to do the following:

  • Create a risk analysis procedure to facilitate the types of analyses HHS now requires and prepare to apply it in virtually every situation where a use or disclosure of PHI violates the Privacy Rule.
  • Revisit security incident response and breach notification procedures and modify them to adjust notification standards and the need to conduct the risk analysis.
  • Revisit contracts with business associates and subcontractors to ensure that they are reporting appropriate incidents (the definition of a “breach” has now changed and may no longer be correct in your contracts, among other things).
  • If you have not already, consider strong breach mitigation, cost coverage, and indemnification provisions in those contracts.
  • Revisit your data security and breach insurance policies to evaluate coverage, or lack thereof, if applicable.
  • Consider strengthening and reissuing training.  With every Privacy Rule violation now a potentially reportable breach, it’s more important than ever to avoid mistakes by your workforce.  And if they happen anyway, during a subsequent compliance review, it will be important to be able to show that your staff was appropriately trained.
  • Update your policies to address in full these new HIPAA rules.  The rules require it, and it will improve your compliance posture if HHS does conduct a review following a reported breach.

As noted above, our firm will issue a more comprehensive summary of these new HIPAA rules in coming days.

© 2013 Poyner Spruill LLP

Cyber Attacks Hit Major Banks. Is Your Business Next?

Roy E. Hadley, Jr. and Joan L. Long of Barnes & Thornburg LLP recently had an article regarding Cyber Attacks published in The National Law Review:

Over the past week, several websites belonging to some of the largest banks in the country have been hacked in what experts are calling one of the “biggest cyber attacks they’ve ever seen.” As this CNN Money article points out, the websites “have all suffered day-long slowdowns and been sporadically unreachable for many customers.”

According to security experts, the “denial of service” attacks, which began on Sept. 19, are the largest ever recorded.

For all businesses, denial of service attacks are a growing and more menacing threat.  Your customers can’t access your website and can’t buy your goods and services. This can be catastrophic to your company. So the question remains: What have you done to protect your business?

The CNN Money article can be read in its entirety clicking on the link below.

CNN Money – “Major banks hit with biggest cyberattacks in history

© 2012 BARNES & THORNBURG LLP

New York Enhances Employee and Consumer Privacy Rights Under its Social Security Number Protection Law

Four years ago, New York enacted a Social Security Number Protection Law, N.Y. Gen. Bus. Law, §399-dd, aimed at combating identity theft by requiring employers to better safeguard employee social security numbers in their possession.  (Click here for our summary of the law).  Now, New York is going one step further with its passage of two new Social Security Number Protection laws.

First a note: as of November 12, 2012, §399-dd – the original Social Security Protection Law – will be re-codified as new §399-ddd, and it will also add the statutory language of the first of these two new laws, which prohibits employers from hiring inmates for any job that would provide them with access to social security numbers of other individuals.

The second law, which is codified as a separate new §399-ddd, enhances the requirements for safeguarding employee social security number while also adding similar protections for consumers.  This law prohibits companies from requiring employees and consumers to disclose their social security numbers or to refuse any service, privilege or right to the employee or customer for refusing to make that disclosure, unless (i) required by law, (ii) subject to one of its many exceptions, or (iii) encrypted by the employer.  This law also applies to any numbers derived from the individual’s social security number, which means that it extends, for example, to situations where the company asks the individual for the last four digits of their number.  It is unclear whether this law will prove effective in accomplishing its objectives.

First, it contains an exception with the potential to swallow the rule – where the individual consents to the use of the social security number, which many individuals may freely provide absent knowledge of this law’s protections.  Even with an employee’s consent, however, employers must still be mindful that other provisions of the original Social Security Number Protection Law requires them to institute certain safeguards to protect against the number’s disclosure.  And further, even if the employer obtains the employee’s consent, the original law still prohibits employers from utilizing an employee’s social security account number on any card or tag required for the individual to access products, services or benefits provided by the employer.

Second, the penalties for violations are minimal – up to $500 for the first violation and $1,000 for each violation thereafter, and can be avoided where the employer shows the violation was unintentional and occurred notwithstanding the existence of procedures designed to avoid such violations.  Further, there is no private right of action, and only the Attorney General can enforce the law.

Governor Cuomo signed the acts into law on August 14, 2012.  The inmate law will take effect on November 12, 2012 and the disclosure law will take effect thirty days later on December 12, 2012.  Now if he would only sign the recently passed wage deduction law.

©1994-2012 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.

NY City Bar White Collar Crime Institute

The National Law Review is pleased to bring you information about the inaugural White Collar Crime Institute, on Monday, May 14, 2012 from 9 a.m. to 5 p.m. in New York City, NY.

This excellent review of developments in criminal and regulatory enforcement has been organized by our White Collar Criminal Law Committee, chaired John F. Savarese of Wachtell Lipton Rosen & Katz. Our program will feature keynote addresses by Preet Bharara, United States Attorney for the Southern District of New York, and Eric Schneiderman, Attorney General of the State of New York. The panels on key legal and strategic issues will include senior government officials, federal judges, academics, general counsel of leading New York based corporations and financial institutions, and top practitioners in the field. We have crafted the program to maximize their value for white collar practitioners and corporate counsel.

Plenary sessions will focus on:
  • Providing perspectives of top general counsel concerning the challenges they confront in this new era of expanded corporate prosecutions
  • Discussions of the increasing importance of media coverage in these cases and its impact on prosecutorial decision-making.

Break-out sessions will address:

  • Techniques for winning trials
  • Ethical issues presented by white-collar corporate investigations
  • Trends in white-collar sentencing, and
  • The special challenges of handling cross-border investigations.

NY City Bar White Collar Crime Institute

The National Law Review is pleased to bring you information about the inaugural White Collar Crime Institute, on Monday, May 14, 2012 from 9 a.m. to 5 p.m. in New York City, NY.

This excellent review of developments in criminal and regulatory enforcement has been organized by our White Collar Criminal Law Committee, chaired John F. Savarese of Wachtell Lipton Rosen & Katz. Our program will feature keynote addresses by Preet Bharara, United States Attorney for the Southern District of New York, and Eric Schneiderman, Attorney General of the State of New York. The panels on key legal and strategic issues will include senior government officials, federal judges, academics, general counsel of leading New York based corporations and financial institutions, and top practitioners in the field. We have crafted the program to maximize their value for white collar practitioners and corporate counsel.

Plenary sessions will focus on:
  • Providing perspectives of top general counsel concerning the challenges they confront in this new era of expanded corporate prosecutions
  • Discussions of the increasing importance of media coverage in these cases and its impact on prosecutorial decision-making.

Break-out sessions will address:

  • Techniques for winning trials
  • Ethical issues presented by white-collar corporate investigations
  • Trends in white-collar sentencing, and
  • The special challenges of handling cross-border investigations.