"...providing significant leadership to the industry and their clients."

Chambers USA

News and Resources


  • Congress Could Be Coming for Dietary Supplements
    May 20, 2015
    Douglas Gansler, Brian Kelly & Leslie Meredith

    The next chapter in the saga of New York State Attorney General Eric T. Schneiderman's investigation of the dietary supplements industry may take place on Capitol Hill. On April 2, Schneiderman and the state attorneys general of Connecticut, the District of Columbia, Hawaii, Idaho, Indiana, Iowa, Kentucky, Massachusetts, Mississippi, New Hampshire, the Northern Mariana Islands, Pennsylvania and Rhode Island sent a letter to Congress requesting it launch an investigation into the dietary supplements industry and to look into strengthening oversight from the U.S. Food and Drug Administration.

    Seeking “a broad-based solution,” the letter — addressed to the chairman of the Senate Committee on Commerce, Science and Transportation, which is responsible for product safety and other consumer protection issues, the chairman of the Senate Subcommittee on Health and other ranking committee members — suggested Congress and the FDA “act in concert” to conduct a sweeping investigation of the industry and consider new legislation.

    If Congress chooses to pursue the investigation proposed by the state attorneys general it will do so with a broad mandate. The state attorneys general suggested Congress investigate everything from product labels and marketing, to the effectiveness of existing quality assurance measures, to the quality of ingredients, fillers and finished products. As pledged in the April 2 letter, Congress would also enjoy the full assistance of the state attorneys general.

    Originally published by Law360; reprinted with permission. 

  • What FCC's Transparency Rule Means for Internet Privacy
    April 21, 2015
    Stephen M. Ruckman & Anoush Garakani

    There has been extensive coverage of the Federal Communication Commission’s new Open Internet Order, including questions about its ultimate fate, given pending court challenges. One element of the order that has not gotten attention, though, is the only element to have withstood the prior order’s court challenge: the “transparency rule.”

    The transparency rule is intended to ensure that broadband Internet service providers provide consumers access to the information they need to make informed choices about the broadband Internet services they purchase. The newly adopted Open Internet Order has not only retained but enhanced the transparency rule, suggesting that it will be a key FCC tool for protecting consumers in their use of the Internet, and recent FCC enforcement activity suggests one significant use of this tool will be to protect consumers’ privacy.

    Originally published in Law360; reprinted with permission. 

  • Treading Beyond the Iota of Fear: eDiscovery of the Internet of Things
    April 15, 2015
    Elizabeth McGinn & Ty Yankov

    The first difficulty to preservation concerns the primary question of control of the cloud data, which is not unique to IoT. Businesses are investing billions into IoT not only because of their profit expectations from the one-time sale of an IoT device, but also from having unfettered access to the valuable data produced by the devices. Google did not purchase Nest for $3.2 billion only because it is cool to control thermostats from a phone. Google already knows a lot about its users from scanning Gmail accounts to present users with pertinent ads, and now it will know when individuals are statistically likely to leave their house.

    Similarly, the technology giant probably did not buy Boston Dynamics because its robotic cheetahs are fun. While the company has been mum about its intentions, by connecting multiple communicating devices into a single automated ecosystem, one can create not only a very accurate data map about a person’s past and present activity, but also dispense a sensory device—robotic or otherwise—to cater to the person’s anticipatory needs. But will you have control over your personal data map?

    Originally published in BloombergBNA; reprinted with permission. 

  • Letting the CAT Out of the Bag
    April 10, 2015
    Tom Sporkin & Tim Coley

    Tom Sporkin and Tim Coley authored, "Letting the CAT Out of the Bag," which was published in WatersTechnology on Friday, April 10, 2015. 

    In her February keynote address at the annual Securities and Exchange Commission (SEC) Speaks conference in Washington, DC, SEC Chair Mary Jo White called the soon-to-be-developed Consolidated Audit Trail (CAT) "a game changer for monitoring and overseeing the market." 

    But five years after the Flash Crash, and several market dislocations later, efforts to implement the CAT ─ originally greenlighted by then-Chair Mary Schapiro in 2009 ─ have hit more delays than expected, threatening to impede its implementation for several years.

    Today, due in no small part to media-fueled anxiety over the purported evils of high-frequency trading and dark pools, the investing public is still largely uncertain of the SEC's ability to monitor and actively regulate the US markets. And investor confidence is not the only threat to the health of the US markets ─ capital flight is also a growing risk, as reflected by Siemens' decision to delist its NYSE-listed ADRs in favor of Germany-based exchanges. That decision came on the heels of aggressive SEC enforcement actions against the company and its officials.

    Click here to read the full article at www.waterstechnology.com

Knowledge + Insights

  • Spotlight on Vendor Management: "Brother's Keeper" Enforcement Pattern Becoming the Norm
    May 5, 2015
    Elizabeth McGinn & Moorari Shah

    Two regulatory enforcement matters announced in April offer a view into the current mindset of regulators in the ever-evolving world of vendor management. First, the Federal Communications Commission (FCC) announced a $25 million settlement with a telecommunications carrier related to the unauthorized release of personal information of more than a quarter-million customers. The identified cause of the data breach were employees of the carrier’s service providers based in Mexico, Columbia, and the Philippines, who confessed to selling customer information to unauthorized third parties. In holding the carrier responsible, the FCC issued its largest data security enforcement action to date. Although severe in its punishment, the FCC action did not break new ground, as regulators have shown an increasing willingness in recent years to assess monetary penalties against supervised institutions for legal violations committed by vendors.

    “This approach is entirely consistent with the FCC’s past enforcement actions related to data security breaches, as well as those of other regulatory bodies where consumer harm has resulted,” advises Elizabeth McGinn, Partner in the D.C. office of BuckleySandler. “In the current environment, virtually every regulator has made accountability a fundamental axiom of its vendor management guidance.”

    In the second action, the Consumer Financial Protection Bureau (CFPB) announced that it had filed a lawsuit in the United States District Court for the Northern District of Georgia in connection with an allegedly illegal debt collection operation whereby a group of individuals and companies based in New York and Georgia attempted to collect debts that consumers did not owe or that collectors were not authorized to collect. Specifically, the collectors allegedly placed “robo-calls” to millions of consumers stating that the consumers had engaged in check fraud and threatening them with legal action if they did not provide payment information. The CFPB asserts that, as a result, the debt collectors received millions of dollars in profits from the targeted consumers.

    In addition, several service providers were named as defendants in the case because, according to the CFPB, the illegal scheme depended upon the participation of the service providers. Specifically, the CFPB charged payment processors and a telephone broadcast provider hired by the debt collectors, because these service providers, in pertinent part, (i) “failed to conduct reasonable due diligence to detect unlawful conduct,” which helped to facilitate millions of dollars in ill-gotten profits, and (ii) transmitted robo-call messages created by the debt collectors that the service providers “knew or should have known … contributed to unlawful debt collection.”

    “The CFPB is holding the vendors accountable in this case on the theory that the vendors had a duty to vet the business practices used by the debt collectors to determine if they were unfair or deceptive or violate the debt collections laws,” according to Moorari Shah, Counsel in BuckleySandler’s Los Angeles office. “Having to take responsibility for another entity’s wrongdoing is likely a wake-up call for many vendors, but the CFPB has now shown on several occasions that it intends to cast a wide net when it comes to protecting consumers from unwarranted harm, including over entities that may not have known they were subject to this type of supervision.”

    The bottom line: Compliance continues to be a significant outsourcing challenge for regulated institutions and their service providers. Thorough due diligence and ongoing oversight are becoming an imperative to avoid guilt-by-association predicaments such as was the case in the recent FCC and CFPB actions.

    McGinn and Shah suggest the following steps supervised institutions and service providers can take to adapt and comply with a rapidly changing regulatory and enforcement environment:

    • Commit to developing or enhancing compliance management systems to:
      • Establish compliance responsibilities;
      • Communicate those responsibilities to employees;
      • Ensure that responsibilities for meeting legal requirements and internal policies are incorporated into business processes;
      • Review operations to ensure responsibilities are carried out and legal requirements are met; and
      • Take corrective action and update tools, systems, and materials;
    • Review written policies and procedures including responsibilities for documenting compliance-related activities and regular reporting to senior management and the board of directors;
    • Monitor training for service provider employees to ensure that contractual responsibilities align with operational realities, including procedures to identify legal and regulatory issues for escalation and resolution;
    • Conduct regular on-site compliance audits of service provider operations, and proactively address issues discovered when reviewing service provider controls, performance, and information systems; and
    • Dedicate sufficient resources and personnel to vendor management and compliance activities especially with respect to pre-contract due diligence and ongoing monitoring during the term of the contract.

    As data security, privacy, and vendor management issues continue to intersect, there are a number of new focal points that will be particularly relevant to service providers. In that vein, BuckleySandler associates Stephen M. Ruckman and Anoush Garakani explore the impact of the new Open Internet Order on internet service providers in their article, What FCC’s Transparency Rule Means For Internet Privacy. Ruckman, who recently left his post as Senior Policy Advisor in the FCC’s Enforcement Bureau, has extensive experience related to enforcement issues in the areas of consumer protection, privacy, and Internet policy, and has provided guidance on the privacy and data security components of the Commission’s new Open Internet Order. Garakani, whose practice focuses on regulatory compliance issues for consumer finance companies, previously clerked at the Federal Trade Commission Division of Financial Practices.

  • Spotlight on Electronic Discovery: Challenges Presented by the Internet of Things
    May 4, 2015
    Elizabeth McGinn & Ty Yankov

    E-discovery is poised to enter a new revolution as the Internet of Things (“IoT”) continues its seemingly exponential growth. IoT is the ecosystem of interconnected sensory devices that perform coordinated, pre-programmed – and even learned – tasks without the need for continuous human input. Consider your fitness tracker that logs your sleep and physical activity, or sensors in your vehicle that track your driving habits on behalf of your auto insurance provider– all of these objects log and upload data about your body and habits into the cloud for analysis and use in automated tasks. All this data, projected to impact nearly every facet of industrialized society, has presented numerous preservation, collections, and analytical challenges for litigators navigating e-discovery in the world of the IoT. But despite these challenges, litigators can use technological and legal tools to effectively manage IoT discovery.

    1. It is true that IoT was not designed with e-discovery in mind, but neither was email or social media.

    IoT data is generated by machines and usually transferred to the cloud rather than being stored on devices. This data storage process, which is largely automated, presents numerous preservation conundrums for litigators.

    “Although innovation in e-discovery necessarily lags behind the innovation of the underlying technology, technology has always solved the problem that it had created. There’s no reason to believe the IoT experience will be materially different. But until that day arrives, courts should avail litigants of protections against disproportionate e-discovery efforts,” said Elizabeth McGinn, Partner in the DC office of BuckleySandler LLP.

    2. The responding litigant may not have the requisite control over IoT data to preserve it.

    “The challenge of who controls cloud data is not unique to the IoT,” said Ty Yankov, Associate in the DC office of BuckleySandler LLP.

    Technology companies have invested billions to maintain access to the data created from IoT devices, which calls into question who can control data created by such devices – the company who created the device or the person who’s data the device has collected?

    3. Preservation of IoT may be limited by the proposed revisions to the Federal Rules of Civil Procedure.

    “Perhaps the most potent limitation to a party’s preservation and collection obligation of IoT data may rest in the timely proposed revisions to the Federal Rules of Civil Procedure, which are widely expected to take effect by the end of 2015,” said McGinn. Mindful of litigants’ inclination to over-preserve evidence, the Rules Committee seeks to clarify and limit litigants’ discovery obligations in four important ways:

    • Proposed Rule 26(b) limits discoverability to issues within the parties’ claims or defenses, eliminating broad subject matter discovery.
    • Proposed Rule 26(b)(2)(i) redefines the scope of discovery to include a proportionality principle.
    • Proposed Rule 37(e) extends the proportionality principle to the duty to preserve evidence.
    • Proposed Rule 26(b)(2)(B) reaffirms the allocation of expenses as a potential protective order remedy.

    “IoT’s impact to data preservation and collection in e-discovery will be more muted that many fear,” said Yankov. “This is in large part due to the anticipated adoption of the proposed revisions to the Federal Rules as applied to the unique challenges of its preservation and accessibility.”

    In their recently published article, Treading Beyond the Iota of Fear: eDiscovery of the Internet of Things, McGinn and Yankov provide further discussion on the changes and challenges IoT brings to e-discovery.

  • Spotlight on Vendor Management: Interpreting CFPB Guidance and Enforcement Actions
    April 7, 2015
    Elizabeth McGinn & Moorari Shah

    In April 2012, the Consumer Protection Financial Bureau issued Bulletin 2012-03, a guidance document setting forth the CFPB’s high-level expectations related to the engagement of third party service providers by supervised financial institutions. Since then, the Bureau has often referenced the Service Provider Bulletin in subsequent guidance and enforcement actions, but has not provided much in the way of detailed requirements for managing service providers. Despite the absence of strong guideposts, the CFPB has nonetheless sent unmistakable signals to highlight conduct which fails to meet the Bureau’s expectations on a variety of vendor relationship issues.

    “The CFPB has voiced its dissatisfaction on a number of occasions with supervised entities that fail to perform adequate vendor oversight,” according to Elizabeth McGinn, Partner in the D.C. office of BuckleySandler. “In particular, nonbanks and service providers that are still coming up-to-speed on federal agency supervision and enforcement have to be alert and aware of important trends in recent enforcement actions that challenge outdated notions of vendor management.”

    McGinn notes that a pattern appears to be emerging regarding the Bureau’s preference for the inclusion of certain contractual language in vendor agreements. Confidentiality obligations, audit rights, training responsibilities, and remedies for contractual breaches are among the thornier terms and conditions that may need to be enhanced in light of these developing trends.

    One of the ways to minimize the vendor management risks is to be proactive when performing due diligence of potential service providers. Thorough examination of a vendor’s policies, procedures, and practices as they relate to compliance with federal consumer financial law is often the most important preventative step that a regulated entity can take to ensure that outsourcing relationships do not expose the financial institution and its customers to costly regulatory risks and unwarranted harm. In addition, consistent, risk-based procedures for monitoring existing service provider relationships are critical to meeting the CFPB’s expectations.

    “The notion that a CFPB-supervised entity can avoid liability by asserting that a service provider is responsible for legal violations that caused harm to customers has long been dispelled,” says Moorari Shah, Counsel in BuckleySandler’s Los Angeles office. “In fact, in many enforcement actions, the CFPB has gone so far as to prohibit the supervised entity from invoking indemnification rights or insurance coverage to satisfy civil money penalties assessed by the Bureau, even if the supervised entity has negotiated the right to do so in its contract with the service provider.”

    In their recently published article, Regulatory Blue Pencil: CFPB Guidance, Enforcement Actions Signal Expanding Focus on Vendor Management, McGinn and Shah provide additional vendor management insight in light of the CFPB’s increased regulatory scrutiny in this area.

  • Special Alert: CFPB Releases Outline of Proposed Rule for Payday, Vehicle Title, and Similar Loans
    March 27, 2015

    On March 26, the CFPB announced that it is considering proposing a rule to “end payday debt traps” and released several related documents, including a fact sheet and an outline of the proposal that will be presented to a panel of small businesses pursuant to the Small Business Regulatory Enforcement Fairness Act (SBREFA).  The proposal sets forth ability to repay requirements for “short-term” and “longer-term” loans, and then provides alternative options for lenders to provide both types of loans in lieu of complying with the general ability to repay requirements.

    Under the SBREFA process, the CFPB first seeks input from a panel of small businesses that likely will be subject to the forthcoming rule.  A report regarding the input of those reviewers is then created and considered by the CFPB before issuing its proposed rule.

    Click here to view the full Special Alert.

    * * * 

    Questions regarding the matters discussed in this Alert may be directed to the lawyers listed below, or to any other BuckleySandler attorney with whom you have consulted in the past.

  • Special Alert: USDA-RHS Proposes Its Own QM Rule
    March 16, 2015

    On March 5, 2015, the USDA-RHS released a proposed rule to amend the regulations for the Single Family Housing Guaranteed Loan Program (SFHGLP) to provide that a loan guaranteed by USDA-RHS is a QM if it meets certain requirements set forth by the CFPB. In addition, USDA-RHS proposed to add the definition of “Qualified Mortgage” to its regulations. The proposal follows the adoption of separate QM definitions for FHA and VA loans last year. 
    The proposed rule also seeks to: (i) expand USDA-RHS’ lender indemnification authority for loss claims in certain instances, such as fraud , misrepresentation, and noncompliance with loan origination requirements, (ii) add a new special loan servicing option, (iii) revise the interest rate reduction requirement for refinances, and (iv) add a streamlined-assist refinance option. Comments to the proposed rule must be received on or before May 4, 2015.
    Questions regarding the proposed rule may be directed to any of our lawyers listed below, or to any other BuckleySandler attorney with whom you have consulted in the past.