Thieves Breach Twitter Security to Commandeer Famous Accounts

The Twitter accounts of major companies and individuals were briefly taken over as part of a bitcoin scam. Former and current heads of states, global corporations, and presidential candidates had their twitter accounts compromised. The tweet from many of the twitter account said similar things, for example Kanye West’s feed stated that he is “giving back to my fans”; the message from Bezos’, Barack Obama, and Joe Biden’s account said that they had “decided to give back to my community”; while Elon Musk’s account said “feeling greatful” and provided a link to a Bitcoin wallet to send money to. The tweets would indicate that they would send double the money back to a limited number of contributors.

Twitter, through its Twitter Support account notified users that an internal investigation was conducted into the matter. The investigation revealed that several employees who had access to internal systems had their accounts compromised in a “coordinated social engineering attack.” Twitter’s internal system was then exploited to tweet from high-profile accounts. The attack was at least moderately successful considering the Bitcoin wallets promoted in the tweets received over 300 transactions and Bitcoin worth over $100,000.

These tweets began at about 4 P.M. (Eastern Standard Time) on Wednesday, July 16. The first wave of attacks hit the Twitter accounts of prominent cryptocurrency leaders and companies, but expanded quickly after that. Along with Vice President Biden, President Obama, Kanye West, Bill Gates, Michael Bloomberg, and Elon Musk, large company accounts were also targeted including Uber and Apple. Twitter’s initial response was to take down the offending tweets, but those were quickly replaced by new ones – – an indication that the hackers maintained access to the individual accounts.

The persistence of the attacks led to Twitter disabling some the platform services including the ability of blue-checked (verified) twitter users to tweet. The services were restored around four and a half hours after the suspicious tweets began. However, that shutdown period was not insignificant. Several National Weather Service Twitter accounts were shut down as a line of severe weather and possible tornadoes moved across the Midwest. The National Weather Service felt severely hampered in its ability to communicate with people about the impending storm.

In a tweet, Twitter’s CEO Jack Dorsey said that the company feels  “terrible this happened” and that they are “diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.” The nature of this attack is yet to be determined. The legal implications will hinge on the findings of the investigation, including whether there were sensitive direct messages accessed by the attackers. Considering the compromised accounts includes current and former heads of state (Prime Minister Benjamin Netanyahu, President Obama, and Vice President Biden), there are also questions of national security involved.

The United States does not have a comprehensive federal data breach notification scheme. These obligations are provided by the fifty states and sector-specific laws. More than 40 of the state breach notification laws contain a harm threshold pursuant to which notification is not required unless harm to affected individuals has occurred or is reasonably likely to occur. The EU’s GDPR also includes a similar assessment. As more information is disclosed, we will get a better understanding of Twitter and the attacked users’ incident response processes.


Copyright © 2020 Womble Bond Dickinson (US) LLP All Rights Reserved.

COVID-19 Update: Don’t Be a Target: What Business Should Know about State Attorney General Reactions to COVID-19

In any time of crisis, there is heightened risk for fraud and scams. While United States Attorney General Barr has warned of scams and other illegal acts on the federal level,1 it is with the state Attorneys General (“AGs”) where the rubber hits the road in enforcing social distancing orders, investigating companies for alleged price gouging, continuing ongoing investigations, and overseeing lending relief efforts. As the economy begins to reopen on a state-by-state and sector-by-sector basis, companies must be vigilant in protecting themselves from the next wave of scrutiny by state AGs.

During normal times, state AGs rely upon their state’s Consumer Protection Act and Unfair or Deceptive Acts or Practices (UDAP) statutes to fight against perceived fraud. During the COVID-19 crisis, state AGs have taken the additional step of issuing Civil Investigative Demands, mostly focused on the issue of price gouging, or an instance in which a company allegedly inflates prices above a perceived acceptable level based not solely on supply and demand, but also on leveraging, in this case, the COVID-19 pandemic to the detriment of the consumer. Allegations of price gouging often appear during or immediately following natural disasters, an example of which would be heightened prices for essential products such as generators and flashlights in historically hard-hit areas such as Florida or New Orleans during the Atlantic hurricane season. In the current environment, state AGs across the country are each receiving literally hundreds of consumer complaints alleging that companies are similarly raising prices on necessities.2 Online platforms for third-party sellers are particularly vulnerable to state AGs in this environment, with most people sheltering in place and fulfilling the majority of their purchasing needs through online retail. In fact, 33 state AGs sent a letter to Amazon.com, Inc., Facebook, Inc., Craigslist, Inc. and eBay Inc. to request enhanced procedures to protect against price gouging on their respective platforms.3 Ironically, companies such as Facebook, Google, Navient, and others that have been targeted by state AGs, often on extremely flimsy legal grounds, are now being asked by those same regulators to continue their efforts to step up to assist in this pandemic. And those companies, and so many others, are doing just that.

However, there are indeed some bad actors. In one well-publicized example, two Tennessee men hoarded over 17,000 bottles of hand sanitizer with the intent to sell them for up to $70 per bottle and was immediately met by an expedited investigation by Tennessee AG Herbert Slatery.4 Other examples have abounded: Massachusetts AG Maura Healey unilaterally expanded her state’s price gouging regulations, which had previously been limited to gasoline and petroleum products, to include “all goods or services necessary for the health, safety or welfare of the public”;5 New York AG Letitia James sent cease and desist letters to merchants that were allegedly engaging in price gouging related to the sale of hand sanitizer and disinfectant;6 New Jersey AG Gurbir Grewal has sent over 80 cease and desist letters after receiving more than 600 complaints of COVID-19-related price gouging and other related consumer protection violations;7 Florida AG Ashley Moody activated a “Price gouging Hotline” and opened an investigation into third-party sellers accused of price gouging on essential goods through accounts on Amazon;8 and finally, 20 state AGs have implored 3M Company to create a database and accounting of the distribution and pricing of 3M’s N95 respirator masks, including urging 3M to publish its policies prohibiting price gouging.

Businesses that remain open should be mindful of the additional steps taken to ensure compliance with social distancing regulations. For example, Vermont AG T.J. Donovan issued a directive for law enforcement outlining guidance for the enforcement of the state’s COVID-19 Executive Order that, among other things, extended authority to the state Department of Public Safety to inspect the premises and records of any employer to ensure compliance with the Executive Order.9 Other state AGs are enforcing their states’ Executive Orders with similar diligence: New York AG James ordered over 70 medical transportation companies to stop providing group rides;10 Michigan AG Dana Nessel sent a letter to home improvement store Menards in the wake of reports that the retailer had engaged in business practices that would endanger consumers and employees contrary to the Executive Order issued by Michigan Governor Gretchen Whitmer;11 and Delaware law enforcement officials even issued cease and desist orders to a barber shop and a tobacco shop.12

As the economy begins to incrementally ‘reopen’ in the weeks and months to come, companies should document every step taken to protect their customers and employees as well as the rationale underlying those measures. The far-reaching effects of the COVID-19 pandemic are unlikely to subside until a vaccine becomes publicly available. Thus, state AGs are likely to continue to probe companies aggressively about safety measures taken to protect their customers and employees; adherence to government policies and interpretative guidance; their definition of essential employees; and whether the company contributed to the spread of the virus.

State AGs are the top law enforcement officers in their states and will continue to act to protect their citizens during, and long after, the COVID-19 crisis is over. Industry should be on the lookout for measures taken by state AGs to identify and prosecute fraud and perceived price gouging during the COVID-19 pandemic, and should comply with laws and Executive Orders as diligently as possible. What constitutes the requisite compliance with social distancing – both now and as the economy begins to reopen – and what constitutes an essential service are often somewhat subjective and may require the consult of counsel. Cadwalader’s state AG practice is regularly in close communication with state AG offices and is well-positioned to provide guidance to clients that may be in receipt of an inquiry from a state AG, and we stand ready to continue to assist clients as they navigate the implications of the COVID-19 pandemic.

1   https://www.justice.gov/opa/pr/attorney-general-william-p-barr-urges-american-public-report-covid-19-fraud

https://www.cadwalader.com/state-attorney-general-insider/index.php?nid=6&eid=34

3  https://www.attorneygeneral.gov/wp-content/uploads/2020/03/03_25_2020_Multistate-letter.pdf

4   On April 21, 2020, Tennessee AG Slatery announced that a settlement had been reached with the two men to resolve allegations of price gouging; all supplies were surrendered to a nonprofit organization in Tennessee and a portion of the supplies were distributed to officials in Kentucky, and the two men were prohibited from selling emergency or medical supplies grossly in excess of the price generally charged during any declared state of abnormal economic disruption related to the COVID-19 pandemic.

5  https://www.mass.gov/news/ag-healey-issues-emergency-regulation-prohibiting-price gouging-of-critical-goods-and-services

6  https://ag.ny.gov/press-release/2020/ag-james-price gouging-will-not-be-tolerated

7  https://www.njconsumeraffairs.gov/News/Pages/03172020.aspx

8   http://www.myfloridalegal.com/newsrel.nsf/newsreleases/A32615BF3942B33E8525854300514289?Open&

9  https://www.attorneygeneral.gov/wp-content/uploads/2020/03/03_25_2020_Multistate-letter.pdf

10  https://ag.ny.gov/press-release/2020/attorney-general-james-orders-78-transport-providers-immediately-stop-endangering

11  https://www.michigan.gov/coronavirus/0,9753,7-406-98158-523976–,00.html

12 https://www.delawarepublic.org/post/delaware-flagging-non-essential-businesses-open-during-shutdown


© Copyright 2020 Cadwalader, Wickersham & Taft LLP

For more on AG’s Enforcement Activities around COVID-19 Fraud see the National Law Review Coronavirus News section.

Interpol Issues Alert on Increased Risk of Ransomware Attacks Against COVID-19 Medical Organizations

Interpol has issued an alert to global law enforcement agencies about the increased risk of ransomware attacks on hospitals, health care providers and other organizations on the front line of response to the COVID-19 pandemic.

The Purple Notice, issued to all 194 member countries, notified them that Interpol’s Cybercrime Threat Response team has detected a “significant increase” in ransomware attempts against hospitals and medical organizations.

According to a spokesman from Interpol, “[A]s hospitals and medical organizations around the world are working non-stop to preserve the well-being of individuals stricken with the coronavirus, they have become targets for ruthless cyber-criminals who are looking to make a profit at the expense of sick patients. Locking hospitals out of their critical systems will not only delay the swift medical response required during these unprecedented times, it could directly lead to deaths. INTERPOL continues to stand by its member countries and provide assistance necessary to ensure our vital healthcare systems remain untouched and the criminals targeting them held accountable.”

The primary vector for the ransomware attacks continues to be phishing attempts. Unfortunately, due to the emergency nature of COVID-19, healthcare workers are working long, stressful hours, and may not be as vigilant as usual in spotting phishing emails. The criminals are luring tired workers into clicking on links and attachments with subject lines that appear to be COVID-19- related or are from the Centers for Disease Control or other governmental bodies trying to keep healthcare workers informed about the rapidly spreading virus.

Hospitals and other healthcare entities should be aware of these warnings from INTERPOL and Microsoft [view related post] and notify their employees to be extra vigilant when opening emails, links and attachments.


Copyright © 2020 Robinson & Cole LLP. All rights reserved.

For more industries affected by COVID-19, see the National Law Review Coronavirus News section.

Regulators Provide No Meaningful Relief or Guidance to Financial Institutions Struggling with Bank Secrecy Act and Compliance Due to COVID-19

While many disclosure and reporting requirements imposed on regulated entities are being relaxed in response to the COVID-19 pandemic, the Financial Crimes Enforcement Network (FinCEN) has taken a different approach with respect to financial institutions’ duties to comply with the Bank Secrecy Act (“BSA”). In an April 3, 2020, release – one of just two issued by the agency in response to COVID-19 – FinCEN recognized that “financial institutions face challenges related to the COVID-19 pandemic,” but confirmed that it “expects financial institutions to continue following a risk-based approach” to combat money laundering and related crimes and “to diligently adhere to their BSA obligations.” 1

Thus, even as financial institutions reduce personnel to attempt to weather the economic downturn caused by the COVID-19 and limit in-office personnel to comply with state quarantine orders, financial institutions must maintain adequate staff and resources to ensure BSA compliance. In the world of broker-dealers in securities, these BSA obligations generally revolve around complying with anti-money laundering (AML) compliance program requirements, analyzing transactions for potentially suspicious activity and preparing and timely filing suspicious activity reports (SARs).

As detailed below, with very limited exceptions, regulators have offered broker-dealers no relief from these obligations as a result of business disruptions caused by COVID-19.  Indeed, these already onerous burdens may be heightened by the increased risks of fraud, insider trading and other unusual financial activity by customers in these times of financial uncertainty. This “business as usual” attitude denies the reality that companies are coping with stay-at-home orders in the best-case scenarios and employees at home infected and unable to work in the worse-case scenarios.

FinCEN Requires Broker-Dealers to Implement Anti-Money Laundering (AML) Programs and SAR Reporting

In the PATRIOT Act of 2001, Congress required that all broker-dealers establish and implement AML programs designed to achieve compliance with the Bank Security Act (BSA) and the regulations promulgated thereunder, including the requirement that broker-dealers file Suspicious Activity Reports (SARs) with FinCEN.2

Under FinCEN’s regulation, a broker-dealer “shall be deemed” to satisfy the requirements of Section 5318(h) if it, inter alia, “implements and maintains a written anti-money laundering program approved by senior management” that complies with any applicable regulations and requirements of the U.S. Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA) for anti-money laundering programs.3 Required program requirements include the implementation of “policies, procedures and internal controls reasonably designed to achieve compliance with the BSA,” independent testing, ongoing training, and risk-based procedures for conducting ongoing customer due diligence.4  FinCEN also required broker-dealers to establish and maintain a “customer identification program” (CIP) designed to help broker-dealers avoid illicit transactions through “know your customer” directives.5  FINRA largely duplicated these requirements in FINRA Rule 3310.

FinCEN also promulgated broker-dealer SAR filing requirements that largely mirror those applicable to banks. In short, a broker dealer is required to file a SAR on any transaction “conducted or attempted by, at or through a broker-dealer,” involving an aggregate of at least $5,000, where the broker-dealer “knows, suspects or has reason to suspect that the transaction” or “a pattern of transactions” involves money laundering, structuring, unusual and unexplained customer activity or the use of the broker-dealer to “facilitate criminal activity.”6  Broker-dealers must file SARs within “30 calendar days after the date of the initial detection” by the broker-dealer “of facts that may constitute a basis for filing a SAR.”7

These requirements are strictly enforced and sanctions for noncompliance can be extreme for both broker-dealers and their responsible officers and employees. Enforcement actions for “willful” noncompliance frequently result in civil money penalties against firms exceeding $10 million. In December of 2018, the U.S. Attorney’s Office for the Southern District of New York brought the first ever criminal action against a U.S. broker-dealer for a willful failure to file a SAR to report the illicit activities of one of its customers.8 In addition, because the primary purpose of an AML program is to detect and report suspicious activity, a failure to file SARs frequently gives rise to separate claims for violations of both the SAR filing and AML compliance program requirements.

Regulators Offer No Meaningful Relief from BSA Obligations Regardless of the Logistical issues Resulting from the COVID-19 Crisis

Despite recognizing the challenges broker-dealers and other financial institutions face in responding to the COVID-19 pandemic, to date regulators have offered no meaningful relief from the regulatory burdens imposed by the SAR and AML program requirements of the BSA. These steps are currently limited to:

  • FinCEN has created an “online contact mechanism” for “financial institutions to communicate to FinCEN COVID-19 related concerns while adhering to their BSA obligations,” but indicated that volume constraints may limit it to responding “via an automated message confirming receipt to communications regarding delays in filing of BSA reports due to COVID-19.”9

  • FinCEN also opaquely encouraged “financial institutions to consider, evaluate and, where appropriate, responsibly implement innovative approaches to meet their BSA/anti-money laundering compliance obligations.”10

  • FINRA “reminded” broker-dealer members that they have until December 31, 2020 to perform the annual independent testing of the member’s AML compliance program.11

The creation of a hotline and a directionless suggestion to “innovat[e],” at the risk that doing so incorrectly may expose a firm to criminal charges or regulatory enforcement actions, are of little practical use or comfort to firms. In short, it is business as usual for broker-dealers and other financial institutions with respect to their AML and SAR obligations under the BSA, even as they grapple with heightened compliance challenges because of COVID-19.

Heightened BSA Compliance Challenges Surrounding COVID-19

The AML program and SAR reporting requirements under the BSA create substantial compliance burdens even in the best of times. These obligations are resource-heavy, requiring yearly testing, ongoing monitoring of customers and transactions at the broker-dealer for potentially suspicious activity and dedicated personnel and systems to review transactional and customer information and to prepare SARs.

In addition, determining when a SAR filing is required is no easy task. The SAR regulation, as detailed above, is both expansive and vague, equally applying to transactions that may be criminal in any respect, may involve funds from other illegal activity or that may simply be unusual for a customer. Most broker-dealer compliance personnel are not trained in law enforcement, and yet are expected to analyze a host of characteristics about a particular customer and a particular trade to determine whether the transaction crosses an ill-defined threshold of suspiciousness, and to do so within 30 days. Law enforcement and regulators, such as the SEC, by contrast, frequently take years to investigate potentially illicit activity. While guidance issued by regulators has identified a number of “red flags” designed to help compliance personnel identify suspicious transactions, any of these red flags may seem innocuous or explainable in a given transaction, particularly in the limited time provided for review, leaving firms and compliance personnel open to regulatory second-guessing, with the benefit of hindsight, and at the risk of significant sanctions for interpreting the situation incorrectly.

A recent GAO report from August 2019, evaluating the effectiveness of BSA reporting, indicated that affected industry participants have raised questions about “the lack of a feedback loop or clear communication from FinCEN, law enforcement and supervisory agencies on how to most effectively comply with BSA/AML requirements, especially BSA reporting requirements.”12  Representatives from the securities industry in particular raised concerns that “compliance expectations are communicated through enforcement actions rather than through rulemaking or guidance.13

Of course, these are not the best of times. On March 16, 2020, FinCEN warned financial institutions to “remain alert about malicious or fraudulent transactions similar to those that occur in the wake of natural disasters.”14 As relevant to broker-dealers, FinCEN warned about an increase in insider trading, imposter scams, and COVID-19 related “investment scams,” such as promotions that falsely claim the products or services of publicly traded companies can prevent, detect or cure coronavirus.15

While this conduct, if occurring, is undoubtedly criminal, it is often unclear what steps a broker-dealer must take and what indicia of suspicion it must find before it is required to identify a trade as sufficiently suspicious for SAR reporting.  For example, with respect to the COVID-19 related “investment scams,” at what point does the broker-dealer, in the exercise of due diligence, unearth enough indicia that this issuer may be misrepresenting the efficacy of its product or services in preventing or treating COVID-19 to create at least a “reasonable suspicion” of fraud?  The signs may be very subtle and overlooked by compliance personnel at the time, but characterized as glaring red flags by regulators after the fact.

Similarly, a sudden spike in trading volume and price could be indicative of a pump-and-dump scheme, particularly where media coverage and a microcap stock are involved. However, with the current volatility of this market, large volume and price swings are increasingly common. And, the media is adding to the frenzy, and following the lead of the administration, by rushing to report any and all potential COVID-19 treatments.  Such developments can make it difficult for firms to separate suspicious trading activity from innocuous activity, causing them to either fail to file a SAR where they should or filing a SAR where they should not.

Compounding the difficulty of the analysis, the broker-dealer’s customer – and the putative subject of the SAR – will not be the issuer, but generally someone who is trading in the stock.  Accordingly, even if the there is a reason to suspect that the issuer or persons associated with the issuer are involved in an “investment scam,” this does not necessarily mean that the transaction at issue is suspicious within the meaning of the SAR regulation. The trading customer may simply be reacting to the news in buying or selling the securities at issue, as either an opportunistic trader or a victim of a potential issuer fraud, neither of which would appear to raise any indicia of suspicion for SAR reporting.

An examination of the totality of the circumstances of a transaction can help firms make the crucial distinctions between transactions that warrant a SAR and those that do not.  For example, determining the source of the publicity –is it a CNN article or a paid newsletter – or whether the customer is affiliated in some way with the issuer or the promotion are questions, among many others, that must be investigated.

It is unfortunate that FinCEN has failed to provide any meaningful or practical guidance for financial institutions dealing with these heightened risks of fraud during a period when they may have difficulty in even staffing their offices. Performing this work remotely creates its own challenges, given high level of confidentiality of SAR filings under Section 5318(g)(2), and the consequences – including criminal liability – for violating these confidentiality provisions.

Nonetheless, that is the situation broker-dealers are in, and this is likely the point:  FinCEN, law enforcement and regulatory agencies do not want to relax these requirements because of the heightened risks of financial crime during the pandemic and the government has become accustomed to this front-line reporting from private businesses. Even in these unprecedented times of economic disruption, broker-dealers must protect themselves from regulatory criticism and enforcement actions by continuing to follow their AML compliance programs and conducting the necessary due diligence on each transaction they process.


1  https://www.fincen.gov/news/news-releases/financial-crimes-enforcement-network-provides-further-information-financial

2  31 U.S.C. §5318(h), (g)

3  31 C.F.R. § 1023.210

4  Id.

5  31 C.F.R. § 1023.220

6  31 C.F.R. § 1023.320(a)(2)

7 31 C.F.R. § 1023.320(b)(3)

https://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-announces-bank-secrecy-act-charges-against-kansas-broker-dealer.

https://www.fincen.gov/news/news-releases/financial-crimes-enforcement-network-provides-further-information-financial

10  Id.

11  https://www.finra.org/rules-guidance/key-topics/covid-19/faq#aml

12   See GAO-19-583, Agencies and Financial Institutions Share Information but Metrics and Feedback Not Regularly Provided (August 2019), at pp. 3-4.

13   Id. at 24

14  https://www.fincen.gov/news/news-releases/financial-crimes-enforcement-network-fincen-encourages-financial-institutions.

 15  Id.


Copyright © 2020 by Parsons Behle & Latimer. All rights reserved.

For more on COVID-19’s financial implications, see the National Law Review Coronavirus News section.

Tennessee-Based Health Services Company Settles FCA Case Alleging Medicaid Fraud For $9.5 Million

The Department of Justice (“DOJ”) announced another False Claims Act (“FCA”) settlement centered around a health services company’s practice of providing unnecessary therapy services to patients in order to receive the maximum amount of reimbursement under Medicare.  The $9.5 million settlement is with Diversicare Health Services Inc, a Tennessee-based company that provides nursing and rehabilitation services at 74 locations throughout the country.  Diversicare’s alleged violations are similar to those in a medicaid fraud case settled by the DOJ for $15.4 million two weeks earlier concerning fraudulent Medicare reimbursements for unnecessary rehabilitation services.

The settlement resolves two separate qui tam FCA lawsuits filed by whistleblowers Mary Haggard and Bryant Fitzmorris, both former Diversicare employees.  Ms. Haggard will receive a whistleblower award of roughly $1.4 million, and Mr. Fitzmorris will receive $145,350.  The FCA allows private citizens who possess inside information of fraudulently billing against the United States Government to initiate a lawsuit on the Government’s behalf to recover those funds.  The citizens, known as qui tam relators, are then entitled to receive a share of any damages that the Government ultimately recovers from the litigation.

The settlement concerned Diversicare corporate policies, in use from the beginning of 2010 through the end of 2015, that specifically instructed its employees to provide patients rehabilitation treatments to receive the highest level of Medicare reimbursement, regardless of the need for, the efficacy of, or risks associated with such treatment.  Specific allegations include “instances of improper co-treatment in order to achieve minute thresholds, repetitive and unskilled exercises that did not match plan of care goals to obtain additional minutes, engaging patients in activities contraindicated by underlying medical conditions, [and] extending patient lengths of stay beyond what was medically indicated.”  In addition to the allegations of improper therapy, it was alleged that Diversicare billed Medicare for therapy services that were never in fact provided.

Additional allegations highlight the fraudulent attempts to maximize Medicare revenue, claiming that Diversicare threatened to undertake, and in some instances took, adverse employment actions against employees who failed to meet set budgetary goals and quotas. Finally, the settlement also resolves allegations of FCA violations regarding Diversicare’s Medicaid billing practices, including its submission of “forged, photocopied, or pre-signed physician signatures” on certifications necessary for Medicaid reimbursement.

Federal regulations governing the disbursement of taxpayer dollars for Medicare and Medicaid exist to both protect the patients receiving treatment, as well as the taxpayers whose dollars fund the programs.  When companies intentionally circumnavigate these regulations in search of higher revenue, they not only rip off the taxpayers but also put vulnerable populations of patients at risk with unnecessary and often dangerous treatments.  In the fiscal year 2019, the United States Government reported that using the FCA, it recovered $2.6 billion of taxpayer dollars fraudulently paid out under health care programs, including for violations such as those alleged against Diversicare.  FCA relators and the Government should continue to utilize this powerful tool to protect Medicare and Medicaid patients, as well as every United States taxpayer.


Copyright Kohn, Kohn & Colapinto, LLP 2020. All Rights Reserved.

For more Medicaid False Claims Act settlements, see the National Law Review Health Law & Managed Care section.

Boy Scouts File for Bankruptcy Amidst Wave of Sexual Abuse Charges

In the face of approximately 300 sexual abuse lawsuits from former Boy Scouts, the Boy Scouts of America has filed for bankruptcy protection under Chapter 11 of the Bankruptcy Code. The Boy Scouts of America is the nation’s largest scouting organization and one of the largest youth organizations. Because Chapter 11 allows an organization to continue operations, scouting programs are expected to proceed at this time.

Officials with the organization said in a statement on Tuesday, February 19, “Our plan is to use this Chapter 11 process to create a Trust that would provide equitable compensation to these individuals.”

The national landscape has shifted significantly in recent years as large, influential organizations like the Catholic Church and USA Gymnastics have become the subject of sexual abuse scandals. One of the most important ways laws have changed has been the extension of the statute of limitations. Many states, including New Jersey and Pennsylvania, have chosen to grant sexual abuse victims longer timeframes to seek damages in sexual abuse and assault cases.


COPYRIGHT © 2020, STARK & STARK

See the National Law Review Bankruptcy & Restructuring Law section for more information.

Airbus to Pay Unprecedented $3.9 Billion for Multinational Bribery, FCPA Violations

Last week, the Department of Justice (DOJ) announced the largest deferred prosecution agreement for violations of the Arms Export Control Act (AECA), International Traffic in Arms Regulations (ITAR), and Foreign Corrupt Practices Act (FCPA) in history. Airbus SE, a French aircraft company, agreed to pay over a combined $3.9 billion to the DOJ as well as authorities in France and the UK for foreign corruption and bribery charges. The penalty is the largest of its sort and is the result of anti-fraud efforts across the three countries.

Airbus engaged in corruption for several years, offering bribes to foreign officials and misreporting to authorities to conceal the bribes. These violations of the Arms Export Control, International Traffic in Arms, and FCPA encompass activities in the United States, UK, France, and China. The crimes also include corruption in defense contracts.

According to a DOJ Press Release, Airbus will pay $527 million to the United States for the company’s violations of the International Traffic in Arms and Foreign Corrupt Practices Acts. In this case, Airbus self-reported and voluntarily cooperated with law enforcement after uncovering violations in an internal audit. It is possible an internal report initiated the audit. Cooperation and remedial measures by Airbus were taken into consideration in the settlement terms of the deferred prosecution agreement and benefitted Airbus.

International whistleblowers are crucial to the detection of large-scale corruption and fraud around the world. The SEC and DOJ rely on individuals who decide to anonymously and confidentially blow the whistle on violations of the FCPA. The FCPA allows for foreign nationals to file whistleblower claims in the US and receive an award between 10 and 30 percent of the total amount recovered by the government if a successful enforcement action follows their disclosures.


Copyright Kohn, Kohn & Colapinto, LLP 2020. All Rights Reserved.
For more bribery cases, see the National Law Review Criminal Law & Business Crimes section.

SEC Investigating Cyberattacks Used to Find Secret Company Mergers

SEC Investigating Cyberattacks and Insider Trading

According to Reuters, the Securities and Exchange Commission (SEC) is investigating hacks of email accounts of associates and executives that reveal information on potential mergers. The hackers use a technique known as phishing where they craft emails that trick recipients into logging into malicious websites to steal their email logins. These hacks pose a threat because fraudsters can easily use the information to engage in insider trading.

The group, known as FIN4, allegedly targeted a list of 60 companies in biotechnology, medical instruments, hospital equipment, and drugs. Fireeye reported these cyberattacks in February 2014 and found that they were performed to “obtain an edge on the stock trading.” This will continue to be a problem as more businesses move over to cloud computing, which could lead to a significant increase in data breaches.

The SEC’s Office of Compliance Inspections and Examinations released a report on observations relating to cybersecurity and best practices by financial market participants. The observations are offered as guidelines for firms considering how to improve their cybersecurity preparedness and response procedures. The intent is to highlight specific examples of cybersecurity and operational resiliency practices and controls that firms are taking to safeguard against threats, and how they respond in the event of a breach. The SEC “encourages organizations to review their practices, policies, and procedures with respect to cybersecurity and operational resiliency.” Cybersecurity and Resiliency Observations report.

New Technology & Whistleblower Tips Root Out Insider Trading

The SEC relies on technological developments to accomplish its enforcement goals, including identifying and pursuing insider trading cases. In FY 2018, the SEC implemented a Consolidated Audit Trail, intended to enhance, centralize, and update the regulatory data infrastructure available to market regulators. Once fully implemented, the Consolidated Audit Trail will give regulators quicker access to all trade and order data, facilitating the detection of illegal trading practices, such as insider trading.

In addition to technology, the SEC has increasingly relied on whistleblower tips to identify and halt insider trading. Whistleblowers have been instrumental to expose fraud and expose insider trading secrets.

SEC Rewards Whistleblowers for Exposing Insider Trading 

Under the SEC Whistleblower Program, whistleblower are eligible to receive a reward if their original information about insider trading leads to a successful enforcement action with total monetary sanctions of more than $1 million. A whistleblower may receive an award of between 10 to 30 percent of the total monetary sanctions collected. If represented by counsel, a whistleblower may submit a tip anonymously to the SEC.


© 2020 Zuckerman Law

For more on SEC Insider Trading enforcement, see the National Law Review Criminal Law and Business Crimes section.

Are Culpable Whistleblowers Eligible to Receive SEC Whistleblower Awards?

Yes. In many circumstances, culpable whistleblowers are eligible to receive SEC whistleblowers awards (see limitations below). The final rules of the SEC Whistleblower Program recognize that culpable whistleblowers enhance the SEC’s ability to detect violations of the federal securities laws, increase the effectiveness and efficiency of the SEC’s investigations, and provide critical evidence for the SEC’s enforcement actions. In fact, a speech by the former Director of the SEC’s Division of Enforcement highlighted the importance of culpable whistleblowers to the agency’s enforcement efforts:

Finally, I want to say a word about participants in wrongdoing and their ability to be whistleblowers. It is important for participants in misconduct to understand that, in many circumstances, they are eligible for awards and we would like to hear from them. Obviously, culpable insiders with first-hand knowledge of misconduct can provide valuable information and assistance in identifying participants in, transactions relating to, and proceeds of, fraudulent schemes. And, while there are safeguards built into the program to ensure that whistleblowers do not profit from their own misconduct…culpable whistleblowers can still get paid for eligible information they report that falls outside of these limitations.

SEC Whistleblower Awards to Culpable Whistleblowers

The SEC Whistleblower Program’s decision to work with, and award, culpable whistleblowers has proven to be effective in enabling the SEC to discover fraud and protect investors. To date, the SEC has issued several awards to whistleblowers who had some culpability in the violations, including:

  • On August 30, 2016, the SEC announced a $22 million award to a whistleblower who helped the agency “halt a well-hidden fraud” at the company where the whistleblower worked. The accompanying order states that the Commission considered several factors mitigating the whistleblower’s culpability in determining the appropriate percentage, but the whistleblower did not financially benefit from the misconduct.
  • On July 27, 2017, the SEC announced a $1.7 million award to a whistleblower who helped the Commission stop a “serious, multi-year fraud that would have otherwise been difficult to detect.” There were a few mitigating factors in the Commission’s determination of the whistleblower’s final award, including the fact that the whistleblower did not comply with one of the SEC’s rules, an omission which normally requires an award denial. The order stated that “certain unusual circumstances” governed this case, thus the Commission decided to waive that requirement. In determining the award amount, the Commission considered, too, the fact that the whistleblower unreasonably delayed in reporting and ultimately bore “some, albeit limited, culpability” in the fraud.
  • On September 14, 2018, the SEC announced it had reduced a whistleblower’s award to $1.5 million because the Commission found that the whistleblower unreasonably delayed in reporting the fraud, the whistleblower “received a significant and direct financial benefit,” and was culpable in the scheme. The order further details these determining factors, and explains that the whistleblower waited more than a year after learning of the facts to report the fraud and reported to the Commission only after learning of the ongoing investigation.

See additional SEC whistleblower cases that have resulted in multi-million dollar awards.

Limitations on SEC Whistleblower Awards to Culpable Whistleblowers

While the SEC has been clear that it welcomes information from culpable whistleblowers, the SEC Whistleblower Program has specific rules that could disqualify certain whistleblowers from receiving SEC whistleblower awards. In addition, the program has rules that could limit the size of a culpable whistleblower’s future SEC whistleblower award. Importantly, whistleblowers who are concerned about potential liability should consult with experienced SEC whistleblower attorneys before reporting information to the SEC Office of the Whistleblower. Once information is submitted to the SEC, it cannot be withdrawn.

Whistleblowers Cannot Be Convicted of a Criminal Violation

The SEC Office of the Whistleblower will not issue awards to whistleblowers who are convicted of a criminal violation in relation to an action for which they would otherwise be eligible for an award. Moreover, the SEC Whistleblower Program does not provide amnesty to whistleblowers who provide information to the SEC. The fact that a whistleblower reports information to the SEC and assists in an SEC investigation and enforcement action does not preclude the SEC from bringing an action against the whistleblower based upon their own conduct in connection with violations of the federal securities laws. If such an action is determined to be appropriate, however, the SEC will take the whistleblower’s cooperation into consideration. As noted in the speech of the former Director of the SEC’s Division of Enforcement: “There are also other potential benefits for culpable whistleblowers — in appropriate circumstances, we will take their cooperation under the whistleblower program and in our investigation into consideration in deciding what remedies, if any, are appropriate in any action we determine should be brought against the whistleblowers for their role in the scheme.”

Culpable Whistleblowers Cannot Benefit from Their Own Misconduct

Under the SEC Whistleblower Program, the SEC will issue awards to whistleblowers who provide original information that leads to enforcement actions with total monetary sanctions in excess of $1 million. A whistleblower may receive an award of between 10-30 percent of the monetary sanctions collected. Since 2011, the SEC Whistleblower Office has issued nearly $400 million in awards to whistleblowers. The largest SEC whistleblower awards to date are a $50 million award, a $39 million award, and a $37 million award.

While the SEC is permitted to issue awards to culpable whistleblowers, the rules of the SEC Whistleblower Program do not allow whistleblowers to benefit from their own misconduct. Specifically, for purposes of determining whether the $1 million threshold has been satisfied or calculating the amount of an award, the SEC will not count any monetary sanctions that the whistleblower is ordered to pay or that are ordered to be paid against any entity whose liability is based substantially on conduct that the whistleblower directed, planned, or initiated.

Culpability May Decrease the Size of an Award

In determining the percentage of monetary sanctions to award a whistleblower, the SEC considers various factors that may increase or decrease the size of a whistleblower’s award. One of the factors that may decrease the size of an award is the whistleblower’s culpability in the securities law violation. When making this determination, the SEC may consider the following factors:

  • the whistleblower’s position or responsibility at the time the violations occurred;
  • if the whistleblower acted with scienter, both generally and in relation to others who participated in the violations;
  • if the whistleblower is a recidivist;
  • the egregiousness of the fraud committed by the whistleblower;
  • whether the whistleblower financially benefitted from the scheme; and
  • whether the whistleblower knowingly interfered with the SEC’s investigation.

Notably, while culpability may reduce a whistleblower’s award percentage, any whistleblower who qualifies for an award under the SEC Whistleblower Program – including culpable whistleblowers – will receive at least 10% of the monetary sanctions collected in the enforcement action.


© 2020 Zuckerman Law

For more on whistleblower rules, see the National Law Review Securities & SEC laws section.

Pharmaceutical Company Agrees To $54 Million To Settle False Claims Kickback Allegations

Teva Pharmaceuticals has agreed to pay $54 Million to settle false claims kickback allegations brought by two whistleblowers, Charles Arnstein and Hossam Senousy. In their 2013 complaint, the whistleblowers asserted that Teva Pharmaceuticals (“Teva”) violated the False Claims Act when the company knowingly induced physicians to prescribe two of the company’s drugs in exchange for “speaker fees.”

Physicians hosted Teva’s speaker events, which were attended by the speakers, their families, Teva employees, and various repeat attendees. In her memorandum decision and order denying Teva’s motion for summary judgment, Chief Judge Colleen McMahon pointed to the suspect audience in attendance as well as the event locations, and the amount of alcohol served as further evidence of the questionable nature of the events.

Physician speakers earned speaker fees for their event appearances. These same physicians subsequently prescribed the drugs Copaxone and Azilect, both manufactured by Teva. The physicians in question also encouraged other doctors to prescribe the medications that treated multiple sclerosis and Parkinson’s disease, respectively. Pharmacies across the United States filled the prescriptions and submitted reimbursement claims to government-funded healthcare programs. Reimbursement funds to the pharmacies are taxpayers’ dollars.

The whistleblowers allege that the reimbursement payments from the various Federal health care programs were a result of fraud, namely the questionable “speaker fees” paid to the physicians in exchange for their prescribing Copaxone and Azilect. Furthermore, the Anti-Kickback Statute of the False Claims Act makes it illegal to knowingly pay or offer to pay kickbacks, bribes, or rebates to encourage someone to recommend the purchase of a pharmaceutical covered by a Federal health care program.

The False Claims Act has been a vital tool in the fight against government programs fraud since its inception; however, the success of the act depends on private citizens like Charles Arnstein and Hossam Senousy who are willing and able to speak out against the wrong that they encounter and work closely with the help of an experienced False Claims Act attorney to get results for everyone. The settlement of this case is not only beneficial to the government from a monetary perspective, but it is also a win for the taxpayers – those who ultimately pay when companies like Teva Pharmaceuticals choose to defraud the government.


© 2020 by Tycko & Zavareei LLP

For more false claims act settlements, see the National Law Review Litigation & Trial Practice section.