InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
UK Financial Regulator Issues Report on Bribery and Anti-Corruption Controls, Proposes New Guidance
On March 29, the United Kingdoms Financial Services Authority (FSA) published the findings of its thematic review into anti-bribery and corruption systems and controls in U.K.-based investment banks. The FSA review also looked at related topics including (i) gift-giving practices and controls, (ii) staff recruitment and vetting, (iii) training, and (iv) incident reporting. The FSA report concludes that the U.K. investment banking sector has been too slow and reactive in managing bribery and corruption risk, and that substantial work remains. In response, the FSA published proposed revisions to its regulatory guide, Financial crime: a guide for firms. The FSA proposes to update Chapters 2 and 6 of Part 1 of the guide, with new guidance and examples of good and poor practice drawn from the report findings. The FSA also proposes to include a new Chapter 13 in Part 2 of the guide, which will consolidate all examples of good and poor practice highlighted in the thematic review. Stakeholders can submit comments on the proposed revisions through April 29, 2012.
Senate Confirms Multiple Nominees
On March 29, the U.S. Senate confirmed President Obama’s three nominees for the FDIC Board of Directors: Martin Gruenberg, Thomas Hoenig, and Jeremiah Norton. However, the Senate did not confirm Mr. Gruenberg as Chair of the FDIC or Mr. Hoenig as the Vice Chair. Instead, Mr. Gruenberg will continue to serve as Vice Chair and will lead the board in an acting capacity. Thomas Curry was confirmed to serve as Comptroller of the Currency. As such, he will also sit on the FDIC Board, as he has in an independent position since 2004. The Senate also confirmed (i) Maurice Jones to be the Deputy Secretary of the Department of Housing and Urban Development, (ii) Christy Romero as Special Inspector General for the Troubled Asset Relief Program, (iii) Mary John Miller to serve as the Under Secretary for Domestic Finance at the U.S. Treasury Department, and (iv) Jon Leibowitz to another seven year term as Federal Trade Commission Chairman. Two nominees to the Federal Reserve Board, Jerome Powell and Jeremy Stein, remain pending in the Senate.
DOJ Reaches FCPA Settlement With Medical Device Company
On March 26, the U.S. Department of Justice (DOJ) announced it had reached a settlement with a medical device company to resolve allegations that the company and its subsidiaries made improper payments in violation of the Foreign Corrupt Practices Act (FCPA). DOJ alleges that Biomet, its subsidiaries, employees, and agents made illegal payments to publicly-employed health care providers in Argentina, Brazil, and China in exchange for business with certain hospitals in those countries and then falsely recorded the payments on its books to conceal the true nature of the payments. The deferred prosecution agreement requires Biomet (i) to pay a $17.28 million criminal penalty, (ii) to implement a robust compliance program and internal controls, and (iii) to retain an outside compliance monitor for 18 months. Separately, Biomet agreed to disgorge $5.4 million of profits and interest to resolve parallel civil charges brought by the SEC.
FTC Finalizes Consumer Privacy Recommendations, Notes Mobile Issues
On March 26, the FTC released an anticipated report on consumer privacy, calling on all companies to adopt certain practices to protect consumers’ private information. The final report outlines three basic principles: (i) “privacy by design”, (ii) simplified choice, and (iii) increased transparency. Though the report and recommended practices do not carry the force of law, the FTC encourages adoption of the recommendations to support innovation and commerce while improving consumer protection. The report also serves as a blueprint for what the FTC is seeking in federal privacy legislation. Pending congressional action, the FTC will continue to employ its existing enforcement authority to address unfair or deceptive practices, including practices that violate self-regulatory programs. Further, the FTC intends to support implementation of the framework by focusing on several substantive topics and stakeholder groups, including (i) do not track, (ii) mobile services, (iii) data brokers, (iv) large platform providers, and (v) industry codes of conduct. For example, the FTC will focus on mobile services by updating guidance about online advertising disclosures, including holding a workshop on model mobile disclosures on May 30, 2012. It also calls on mobile service providers to establish industry standards that address data collection, transfer, use, and disposal, particularly for location data.
CFPB Proposes Rule Governing the Confidentiality of Privileged Information Provided to the Bureau
On March 12, the CFPB released a proposed rule to govern the confidential treatment of privileged information submitted to the Bureau by the financial institutions it regulates. The proposed rule, which would amend 12 C.F.R. part 1070, subpart D, would add a new section providing that a person’s submission of any information to the CFPB in the course of the CFPB’s supervisory or regulatory processes would not waive or otherwise affect any privilege that such person might claim under federal or state law with respect to the submitted information. In the preamble to the proposed rule, the CFPB notes that although the Dodd-Frank Act did not explicitly address whether the submission of confidential information to the CFPB affects any privilege a supervised entity might claim, the Dodd-Frank Act did grant the CFPB all the powers and duties of the prudential regulators regarding their transferred consumer financial protection functions. The CFPB concludes that this grant of powers and duties includes the ability to receive privileged information from supervised entities without resulting in a waiver of any privileges. The CFPB added that its proposed rule is promulgated pursuant to Congress’s delegation of authority to the CFPB to prescribe rules governing the confidential treatment of information obtained from persons during its exercise of its authority. In addition to providing for the non-waiver of privilege when submitting information to the CFPB, the proposed rule provides that the CFPB’s provision of privileged information to another federal or state agency would not waive any applicable privilege, whether the privilege belongs to the CFPB or any other person. Comments on the proposed rule must be submitted on or before April 16, 2012.
European Banking Authority Expresses Concerns Regarding New Financial Sector Domain Names
On February 23, the European Banking Authority (EBA) released a letter it sent to the ICANN Board of Directors expressing concerns about ICANN’s June 2011 approval of a new program to allow additional generic top level domains, including “.bank” and “.fin”. The new domain names are expected to be available for use later this year. As the European umbrella organization comprised of the heads of each member state’s consumer credit regulator, the EBA is broadly tasked with European consumer financial protection. From that standpoint, the letter and an attached comment document ask ICANN to halt the use of the new domain names because they have the potential to increase consumer fraud and decrease data security. Further, the new names may require financial institutions to implement costly and complex legal and commercial initiatives to protect their trademarks from fraud. The EBA does not believe that ICANN’s proposals to mitigate these concerns, including a proposed new registration system for the domain names, are insufficient.
EU Commission Officially Releases Proposed Replacement for Data Protection Directive
On January 25, the European Union Commission officially released a proposed Regulation designed to update and replace the 1995 Data Protection Directive and national laws issued under that directive. This proposal is designed as a regulation rather than a directive, allowing it to take effect without national implementing legislation. Instead, the proposal will be submitted to the European Parliament and member states for adoption and would become effective two years after adoption. Notably, the proposed Regulation contains a "right to be forgotten" provision, which provides individuals the right, under certain circumstances, to seek the erasure of personal data and a halt to further dissemination of such data. Other provisions of the Regulation would (i) require explicit data subject consent for processing, where previously consent could be inferred in some cases; (ii) require data breaches to be reported to the national supervisory authority and, in certain cases, to the data subject; and (iii) provide data subjects the right to file complaints with national data protection authorities and seek judicial remedies, including damages, for violations of the Regulation. An earlier unofficial draft of this regulation was reported in InfoBytes, December 23, 2011. The two proposals are substantially similar, though the officially released version does lower the limits for penalties under the Regulation.