cKinsey and Company Africa, which operates in South Africa as a subsidiary of international consulting firm McKinsey & Co., will pay over $122 million to resolve an investigation by the Justice Department into a scheme to pay bribes to government officials in South Africa between 2012 and 2016. A former McKinsey senior partner who participated in the bribery scheme has also pleaded guilty in the case.

McKinsey Africa also entered into a three-year deferred prosecution agreement (DPA) with the department in connection with criminal information filed in the Southern District of New York charging the company with one count of conspiracy to violate the anti-bribery provisions of the Foreign Corrupt Practices Act (FCPA). Vikas Sagar, a former senior partner of McKinsey who worked in McKinsey Africa’s South Africa office, previously pleaded guilty to one count of conspiracy to violate the FCPA.

According to court documents and admissions, McKinsey Africa, acting through a senior partner, agreed to pay bribes to then-officials at Transnet, South Africa’s state-owned custodian of ports, rails, and pipelines, and at Eskom, South Africa’s state-owned energy company. Between at least 2012 and 2016, McKinsey Africa obtained sensitive confidential and non-public information from Transnet and Eskom regarding the award of lucrative consulting contracts and submitted proposals for multimillion-dollar consulting engagements, while knowing that South African consulting firms with which McKinsey Africa had partnered would pay a portion of their fees as bribes to officials at Transnet and Eskom. As a result of the bribery scheme, McKinsey and McKinsey Africa earned profits of approximately $85,000,000.

“McKinsey Africa bribed South African officials in order to obtain lucrative consulting business that generated tens of millions of dollars in profits,” said Principal Deputy Assistant Attorney General Nicole M. Argentieri, in a statement. “The resolution announced today — the department’s third coordinated resolution with South African authorities in only two years — is evidence that our International Corporate Anti-Bribery (ICAB) initiative, which we announced in November 2023, is bearing fruit.”

“This settlement underscores our unwavering commitment to holding companies accountable that willfully engage in corrupt activities around the world,” said Assistant Director Chad Yarbrough of the FBI Criminal Investigative Division. “This misconduct is a blatant violation of law and a breach of public trust. No matter what country the crime occurs in, the FBI will always work closely with our international partners to root out corruption.”

Details of McKinsey Africa’s Credit for Cooperation

The Justice Department has agreed to credit up to one-half of the criminal penalty against amounts McKinsey pays to authorities in South Africa in related proceedings. In addition, both McKinsey and McKinsey Africa have agreed to, among other things, continue cooperating with the Criminal Division’s Fraud Section and the U.S. Attorney’s Office for the Southern District of New York in any ongoing or future criminal investigation arising during the term of the DPA. McKinsey and McKinsey Africa have also agreed to enhance their compliance program where necessary and appropriate and to report to the government regarding remediation and implementation of their enhanced compliance program.

The Justice Department reached this resolution with McKinsey Africa based on a number of factors, including, among others, the nature and seriousness of the offense. McKinsey Africa received credit for its cooperation with the department’s investigation, which included:

• Immediately and proactively cooperating from the inception of the department’s investigation.
• Making numerous factual presentations to the department over the course of its investigation, derived from information obtained through the company’s internal investigation.
• Collecting, reviewing, and producing voluminous records, including those located abroad, in response to requests from the department.
• Promptly reporting the discovery of document-deletion efforts by the McKinsey partner involved in the conduct found during its internal investigation, taking additional investigative steps to uncover information and evidence regarding those efforts, and producing such information and evidence to the department.
• Reporting, in real time, newly discovered information and documents that allowed the department to preserve and obtain evidence as part of its independent investigation.
• Tracing complex internal accounting money-flows and currency exchange-information in response to requests from the department
• Preserving, collecting, and producing to the department documents located abroad, and engaging a third-party forensics consultant to analyze key electronic devices and providing to the department the results of that analysis.

McKinsey and McKinsey Africa also engaged in timely remedial measures, including:

• Putting the McKinsey partner involved in the criminal scheme on leave when it learned of the partner’s role in the scheme, subsequently separating that partner from McKinsey after discovering his deletion activity, and requiring that partner’s continued cooperation post-separation.
• Conducting additional anti-corruption training for employees in South Africa and elsewhere in Africa, and ceasing work with all state-owned enterprises (SOEs) for a period of time while it conducted its internal investigation.
• Enhancing due diligence processes for third-party partners, including instituting controls to ensure that due diligence is completed before work begins on an engagement and imposing a more rigorous risk-review for public sector clients.
• Carrying out an enhanced review process for all sole-source work that requires advance-approval before the engagement can begin.
• Voluntarily repaying, in 2018 and 2021, all revenues that McKinsey and McKinsey Africa received from potentially tainted contracts to the SOEs in South Africa from which they received contracts as a result of the criminal scheme.

In light of these considerations as well as McKinsey’s prior history, the criminal penalty calculated under the U.S. Sentencing Guidelines reflects a 35 percent reduction off the fifth percentile of the otherwise applicable guidelines fine range.  

The post McKinsey Unit to Pay $122 Million to Settle Bribery Charges appeared first on Compliance Chief 360.

nvesco Advisers is paying the price for misleading clients and investors about how much of its assets were truly aligned with environmental, social, and governance principles. The Atlanta-based investment firm has agreed to pay a $17.5 million civil penalty to settle the Securities and Exchange Commission’s charges that it issued misleading statements on ESG.

According to the SEC’s order, from 2020 to 2022, Invesco told clients and stated in marketing materials that between 70 and 94 percent of its parent company’s assets under management were “ESG integrated.” However, in reality, these percentages included a substantial amount of assets that were held in passive ETFs that did not consider ESG factors in investment decisions. Furthermore, the SEC’s order found that Invesco lacked any written policy defining ESG integration.

“As stated in the order, Invesco saw commercial value in claiming that a high percentage of company-wide assets were ESG integrated. But saying it doesn’t make it so,” said Sanjay Wadhwa, Acting Director of the SEC’s Division of Enforcement, in a statement. “Companies should be straightforward with their clients and investors rather than seeking to capitalize on investing trends and buzzwords.”

The order charges Invesco with willfully violating the Investment Advisers Act of 1940. Without admitting or denying the order’s findings, Invesco agreed to cease and desist from violations of the charged provisions, be censured, and pay the aforementioned $17.5 million civil penalty.  

The post SEC Fines Invesco Advisers $17.5M for Misleading ESG Statements appeared first on Compliance Chief 360.

he Securities and Exchange Commission has charged four public companies with making materially misleading disclosures regarding cybersecurity risks and intrusions. The charges against the four companies—Unisys, Avaya, Check Point Software, and Mimecast—result from an investigation involving public companies impacted by the compromise of SolarWinds’ Orion software.

The SEC also charged Unisys with disclosure controls and procedures violations. The companies agreed to pay the following civil penalties to settle the SEC’s charges:

• Unisys will pay a $4 million civil penalty;
• Avaya. will pay a $1 million civil penalty;
• Check Point will pay a $995,000 civil penalty; and
• Mimecast will pay a $990,000 civil penalty.

“As today’s enforcement actions reflect, while public companies may become targets of cyberattacks, it is incumbent upon them to not further victimize their shareholders or other members of the investing public by providing misleading disclosures about the cybersecurity incidents they have encountered,” said Sanjay Wadhwa, acting director of the SEC’s Division of Enforcement. “Here, the SEC’s orders find that these companies provided misleading disclosures about the incidents at issue, leaving investors in the dark about the true scope of the incidents.”

According to the SEC’s orders, Unisys, Avaya, and Check Point learned in 2020, and Mimecast learned in 2021, that the threat actor likely behind the SolarWinds Orion hack had accessed their systems without authorization, but each negligently minimized its cybersecurity incident in its public disclosures.

The SEC’s order against Unisys finds that the company described its risks from cybersecurity events as hypothetical despite knowing that it had experienced two SolarWinds-related intrusions involving exfiltration of gigabytes of data. The order also finds that these materially misleading disclosures resulted in part from Unisys’ deficient disclosure controls.

The SEC’s order against Avaya finds that it stated that the threat actor had accessed a “limited number of [the] Company’s email messages,” when Avaya knew the threat actor had also accessed at least 145 files in its cloud file sharing environment.

The SEC’s order against Check Point finds that it knew of the intrusion but described cyber intrusions and risks from them in generic terms. The order charging Mimecast finds that the company minimized the attack by failing to disclose the nature of the code the threat actor exfiltrated and the quantity of encrypted credentials the threat actor accessed.

Don’t Downplay the Seriousness of a Breach

“Downplaying the extent of a material cybersecurity breach is a bad strategy,” said Jorge Tenreiro, acting chief of the Crypto Assets and Cyber Unit. “In two of these cases, the relevant cybersecurity risk factors were framed hypothetically or generically when the companies knew the warned of risks had already materialized.  The federal securities laws prohibit half-truths, and there is no exception for statements in risk-factor disclosures.”

The SEC’s orders find that each company violated certain applicable provisions of the Securities Act of 1933, the Securities Exchange Act of 1934, and related rules. Without admitting or denying the SEC’s findings, each company agreed to cease and desist from future violations of the charged provisions and to pay the penalties described above. Each company cooperated during the investigation, including by voluntarily providing analyses or presentations that helped expedite the staff’s investigation and by voluntarily taking steps to enhance its cybersecurity controls.  

The post SEC Charges Four Companies With Misleading Cyber Disclosures appeared first on Compliance Chief 360.

he Securities and Exchange Commission’s Division of Examinations has released its 2025 examination priorities. This year’s examinations will prioritize perennial and emerging risk areas, such as fiduciary duty, standards of conduct, cybersecurity, and artificial intelligence. For fiscal year 2025, in addition to conducting examinations in core areas such as disclosures and governance practices, the Division will also examine for compliance with new rules, the use of emerging technologies, and the soundness of controls intended to protect investor information, records, and assets.

The Division publishes its examination priorities annually to inform investors and registrants of potential risks in the U.S. capital markets and to make them aware of the examination topics that the Division plans to focus on in the new fiscal year.

“The Division of Examinations 2025 priorities enhance trust in our ever-evolving markets,” said SEC Chair Gary Gensler. “In examining for compliance with our time-tested rules, the Division plays a critical role in protecting investors and facilitating capital formation. Working with registrants to understand the rules helps ensure that markets work for investors and issuers alike.”

The Division examines SEC-registered investment advisers, investment companies, broker-dealers, clearing agencies, and self-regulatory organizations, among others, for compliance with federal securities laws. The Division prioritizes examinations of the practices, products, and services that were found, through a risk-based assessment, to present a heightened risk to investors or the integrity of the U.S. capital markets, it said in a statement. The annual publication of the examination priorities furthers the SEC’s mission and aligns with the Division’s four pillars to promote and improve compliance, prevent fraud, monitor risk, and inform policy, the Commission said.

“Our 2025 examination priorities identify the key areas of potentially increased risks and related harm for investors,” said Keith Cassidy, acting director of the division of examinations. “We hope that registrants will evaluate their compliance programs in the areas we identified and make the changes necessary to protect investors and maintain fair and orderly capital markets.”

The 2025 examination priorities cover a broad landscape of potential risks to investors that firms should consider as they review and strengthen their compliance programs. They are not, however, an exhaustive list of all the areas the Division will focus on in the upcoming year, the SEC noted. The scope of any examination includes analysis of other risk factors such as an entity’s history, operations, and products and services.  

The post SEC Issues It’s List of 2025 Examination Priorities appeared first on Compliance Chief 360.

he U.S. Department of Defense issued final rules for its Cybersecurity Maturity Model Certification (CMMC) Program, which is indented to ensure that defense contractors meet standards for safeguarding sensitive information.

The CMMC Program aligns with the DoD’s existing information security requirements for private sector defense contractors. It is designed to enforce the protection of sensitive unclassified information shared by the department with its contractors and subcontractors. The program was developed to provide the DoD with increased assurance that contractors and subcontractors are meeting the cybersecurity requirements for non-federal systems processing controlled unclassified information.

“CMMC provides the tools to hold accountable entities or individuals that put U.S. information or systems at risk by knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches,” the DoD said in a statement. “The CMMC Program implements an annual affirmation requirement that is a key element for monitoring and enforcing accountability of a company’s cybersecurity status.”

Central features of the CMMC Program:

• Tiered Model: CMMC requires companies entrusted with sensitive unclassified DoD information to implement cybersecurity standards at progressively advanced levels, depending on the type and sensitivity of the information. The program also outlines the process for requiring protection of information flowed down to subcontractors.
• Assessment Requirement: CMMC assessments allow the DoD to verify implementation of existing cybersecurity standards by contractors and subcontractors.
• Implementation through Contracts: DoD contractors and subcontractors handling sensitive unclassified DoD information must achieve a specific CMMC level as a condition of contract award.

Businesses in the defense industrial base should take action to gauge their compliance with existing security requirements and preparedness to comply with CMMC assessments.  Members of the defense industrial base may use cloud service offerings to meet the cybersecurity requirements that must be assessed as part of the CMMC requirement.  

The post DoD Finalizes Cybersecurity Certification Program for Contractors appeared first on Compliance Chief 360.

anadian-based TD Bank will pay more than $3 billion in a historic settlement with U.S. authorities who said that the financial institution’s lax practices allowed significant money laundering over multiple years. The bank pleaded guilty to conspiracy to commit money laundering, the largest bank in U.S. history to do so, Attorney General Merrick Garland said.

“TD Bank created an environment that allowed financial crime to flourish,” Garland said. “By making its services convenient for criminals, it became one.”

TD Bank, the 10th largest bank in the United States, agreed to pay over $1.8 billion in penalties to resolve the Justice Department’s investigation into violations of the Bank Secrecy Act (BSA) and money laundering, the Justice Department said in a statement. A TD Bank statement said the full expense would exceed $3 billion for the firm, which must also upgrade its current anti-money laundering operations. It also will face a more stringent approval process for new products, stores, services and markets.

The bank pleaded guilty to conspiring to fail to maintain an anti-money laundering (AML) program that complies with the BSA, fail to file accurate Currency Transaction Reports (CTRs), and launder money.

TD Bank’s guilty pleas are part of a coordinated resolution with the Board of Governors of the Federal Reserve Board (FRB), as well as the Treasury Department’s Office of the Comptroller of the Currency (OCC) and Financial Crimes Enforcement Network (FinCEN).

“By making its services convenient for criminals, TD Bank became one,” . “Today, TD Bank also became the largest bank in U.S. history to plead guilty to Bank Secrecy Act program failures, and the first US bank in history to plead guilty to conspiracy to commit money laundering,” said Garland. “TD Bank chose profits over compliance with the law — a decision that is now costing the bank billions of dollars in penalties. Let me be clear: our investigation continues, and no individual involved in TD Bank’s illegal conduct is off limits.”

“For years, TD Bank starved its compliance program of the resources needed to obey the law. Today’s historic guilty plea, including the largest penalty ever imposed under the Bank Secrecy Act, offers an unmistakable lesson: crime doesn’t pay — and neither does flouting compliance,” said Deputy Attorney General Lisa Monaco. “Every bank compliance official in America should be reviewing today’s charges as a case study of what not to do. And every bank CEO and board member should be doing the same. Because if the business case for compliance wasn’t clear before — it should be now.”

‘Pervasive and Systemic Deficiencies’

According to court documents, between January 2014 and October 2023, TD Bank had long-term, pervasive, and systemic deficiencies in its U.S. AML policies, procedures, and controls but failed to take appropriate remedial action. Instead, senior executives at TD Bank enforced a budget mandate, referred to internally as a “flat cost paradigm,” requiring that TD Bank’s budget not increase year-over-year, despite its profits and risk profile increasing significantly over the same period. Although TD Bank maintained elements of an AML program that appeared adequate on paper, fundamental, widespread flaws in its AML program made TD Bank an “easy target” for perpetrators of financial crime.

Over the last decade, TD Bank’s federal regulators and TD Bank’s own internal audit group repeatedly identified concerns about its transaction monitoring program, a key element of an appropriate AML program necessary to properly detect and report suspicious activities. Nonetheless, from 2014 through 2022, TD Bank’s transaction monitoring program remained effectively static, and did not adapt to address known, glaring deficiencies; emerging money laundering risks; or TD Bank’s new products and services. For years, TD Bank failed to appropriately fund and staff its AML program, opting to postpone and cancel necessary AML projects prioritizing a “flat cost paradigm” and the “customer experience.”

Throughout this time, TD Bank intentionally did not automatically monitor all domestic automated clearinghouse (ACH) transactions, most check activity, and numerous other transaction types, resulting in 92% of total transaction volume going unmonitored from Jan. 1, 2018, to April 12, 2024. This amounted to approximately $18.3 trillion of transaction activity. TD Bank also added no new transaction monitoring scenarios and made no material changes to existing transaction monitoring scenarios from at least 2014 through late 2022; implemented new products and services, like Zelle, without ensuring appropriate transaction monitoring coverage; failed to meaningfully monitor transactions involving high-risk countries; instructed stores to stop filing internal unusual transaction reports on certain suspicious customers; and permitted more than $5 billion in transactional activity to occur in accounts even after the bank decided to close them.

TD Bank’s AML failures made it “convenient” for criminals, in the words of its employees. These failures enabled three money laundering networks to collectively transfer more than $670 million through TD Bank accounts between 2019 and 2023. Between January 2018 and February 2021, one money laundering network processed more than $470 million through the bank through large cash deposits into nominee accounts. The operators of this scheme provided employees gift cards worth more than $57,000 to ensure employees would continue to process their transactions. And even though the operators of this scheme were clearly depositing cash well over $10,000 in suspicious transactions, TD Bank employees did not identify the conductor of the transaction in required reports.

In a second scheme between March 2021 and March 2023, a high-risk jewelry business moved nearly $120 million through shell accounts before TD Bank reported the activity. In a third scheme, money laundering networks deposited funds in the United States and quickly withdrew those funds using ATMs in Colombia. Five TD Bank employees conspired with this network and issued dozens of ATM cards for the money launderers, ultimately conspiring in the laundering of approximately $39 million. The Justice Department has charged over two dozen individuals across these schemes, including two bank insiders. TD Bank’s plea agreement requires continued cooperation in ongoing investigations of individuals.

As part of the plea agreement, TD Bank has agreed to forfeit $452 million and pay a criminal fine of $1.4 billion, for a total financial penalty of $1.8 billion. TD Bank has also agreed to retain an independent compliance monitor for three years and to remediate and enhance its AML compliance program. TD Bank has separately reached agreements with the FRB, OCC, and FinCEN, and the Justice Department will credit $123 million of the forfeiture toward the FRB’s resolution.

Partial Cooperation Credit

The Justice Department reached its resolution with TD Bank based on a number of factors, including the nature, seriousness, and pervasiveness of the offenses, as a result of which TD Bank became the bank of choice for multiple money laundering organizations and criminal actors and processed hundreds of millions of dollars in money laundering transactions. Although TD Bank did not voluntarily disclose its wrongdoing, it received partial credit for its strong cooperation with the Department’s investigation and the ongoing remediation of its AML program. TD Bank did not receive full credit for its cooperation because it failed to timely escalate relevant AML concerns to the Department during the investigation. Accordingly, the total criminal penalty reflects a 20% reduction based on the bank’s partial cooperation and remediation.

IRS Criminal Investigation, the Federal Deposit Insurance Corporation Office of Inspector General, and Drug Enforcement Administration investigated the case. The Morristown Police Department, U.S. Attorney’s Office for the District of Puerto Rico, Homeland Security Investigations, U.S. Customs and Border Protection, and New York City Police Department provided substantial assistance.  

The post TD Bank to Pay $3B in Plea to Settle Money-Laundering Case appeared first on Compliance Chief 360.

he Justice Department filed a civil antitrust lawsuit against Visa accusing the payments processor of monopolization and other unlawful conduct in debit network markets in violation of anti-trust laws.

Filed in the U.S. District Court for the Southern District of New York, the complaint alleges that Visa illegally maintains a monopoly over debit network markets by using its dominance to thwart the growth of its existing competitors and prevent others from developing new and innovative alternatives. “Visa’s exclusionary and anti-competitive conduct undermines choice and innovation in payments and imposes enormous costs on consumers, merchants, and the american economy,” the DoJ said in a statement.

According to the complaint, more than 60 percent of debit transactions in the United States run on Visa’s debit network, allowing it to charge over $7 billion in fees each year for processing those transactions. The complaint further alleges that Visa illegally maintains its monopoly power by insulating itself from competition. For example, the DoJ said, “Visa wields its dominance, enormous scale, and centrality to the debit ecosystem to impose a web of exclusionary agreements on merchants and banks. These agreements penalize Visa’s customers who route transactions to a different debit network or alternative payment system.”

In so doing, the complaint alleges, Visa locks up debit volume, insulates itself from competition, and smothers smaller, lower-priced competitors. Visa also induces would-be competitors to become partners instead of entering the market as competitors by offering generous monetary incentives and threatening punitive additional fees, the DoJ said. As the complaint alleges, Visa coopted the competition because it feared losing share, revenues, or being displaced by another debit network altogether.

Creating an Anti-competitive Market

“We allege that Visa has unlawfully amassed the power to extract fees that far exceed what it could charge in a competitive market,” said Attorney General Merrick Garland. “Merchants and banks pass along those costs to consumers, either by raising prices or reducing quality or service.  As a result, Visa’s unlawful conduct affects not just the price of one thing – but the price of nearly everything.”

Debit transactions are an important and popular part of the U.S. financial system. Millions of Americans prefer or must use debit for online and in-person purchases. According to the DoJ, Visa dominates debit network markets that facilitate these transactions, charging significant fees and stifling competition in the process. “Visa’s systematic efforts to limit competition for debit transactions have resulted in billions of dollars in additional fees imposed on American consumers and businesses and slowed innovation in the debit payments ecosystem,” the department said. Through this lawsuit, the Justice Department seeks to restore competition to this vital market on behalf of the American public.

“Anticompetitive conduct by corporations like Visa leaves the American people and our entire economy worse off,” said Principal Deputy Associate Attorney General Benjamin Mizer. “Today’s action against Visa reminds those who would stifle competition rather than competing on price or investing in innovation that the Justice Department will never hesitate to enforce the law on behalf of the American people.”

Visa maintains enormous scale on both sides of the debit market—with merchants and their banks and with consumers and their banks—and the complaint alleges that Visa’s exclusionary practices extend, deepen, and protect what it refers to as an “enormous moat” around its business. When faced with the possibility that smaller debit networks or new technology entrants would threaten that position, Visa engaged in a deliberate and reinforcing course of conduct to cut off competition and prevent rivals from gaining the scale, share, and data necessary to compete for customers’ business:

• Smaller Debit Networks: Visa uses leverage based on the large number of transactions that must run over Visa’s payment rails to impose expansive volume commitments on merchants and their banks, as well as on financial institutions that issue debit cards. These agreements are priced so that, unless all or nearly all debit volume runs over Visa’s payment rails, large disloyalty penalties can be imposed on all Visa transactions. Merchants cannot afford to use Visa’s smaller competitors for transactions where options do exist, even when those competitors offer lower per-transaction prices.
• Tech Entrants: As Visa’s internal documents make clear, Visa feared that some technology companies and fintech startups with “network ambitions” would cut Visa out as the middleman between merchants, consumers, and their banks by offering a better or cheaper payment product. Visa aimed to stop that development by entering into agreements to pay potential competitors to partner instead of innovating. As Visa’s then-CFO put it: “Everybody is a friend and partner. Nobody is a competitor.”

In 2020, the Justice Department filed a civil antitrust lawsuit to stop Visa from acquiring Plaid, a technology company that powers fintech apps developing disruptive options for online debit payments. The companies abandoned their planned $5.3 billion merger.  

The post Justice Dept. Sues Visa over Accusations of Monopolizing Debt Markets appeared first on Compliance Chief 360.

The agency failed its first test of pushing its ban through the courts when U.S. District Judge Ada Brown ruled to bar the ban from taking effect. Judge Brown concluded that the FTC did not have the authority to impose such a ban. “The Court concludes that the FTC lacks statutory authority to promulgate the Non-Compete Rule, and that the Rule is arbitrary and capricious. Thus, the FTC’s promulgation of the Rule is an unlawful agency action,” Brown wrote in her order. “(The rule) is hereby SET ASIDE and shall not be enforced or otherwise take effect on September 4, 2024, or thereafter.”

Judge Brown adds on that even if the FTC did have the power to impose a ban on all noncompete agreements, it did not specify what exactly the purpose is behind it. In other words, it did not justify what the ban was at all necessary.“The Commission’s lack of evidence as to why they chose to impose such a sweeping prohibition … instead of targeting specific, harmful non-competes, renders the Rule arbitrary and capricious,” Brown wrote.

The FTC was clearly disappointed with Judge Brown’s conclusion and in a statement to ABC news, announced that they are seriously considering a potential appeal of the decision.

“We are disappointed by Judge Brown’s decision and will keep fighting to stop noncompetes that restrict the economic liberty of hardworking Americans, hamper economic growth, limit innovation, and depress wages,” FTC spokesperson Victoria Graham said.

The FTC has long held that noncompetes hurt employees. “The freedom to change jobs is core to economic liberty and to a competitive, thriving economy,” said FTC Chair Lina Khan in a statement when the proposed rule was first introduced. “Noncompetes block workers from freely switching jobs, depriving them of higher wages and better working conditions, and depriving businesses of a talent pool that they need to build and expand.” Now, the FTC is faced with an even larger obstacle than before with Judge Brown’s ultimate ruling.

The Future of the Noncompete Ban is Unclear

So far, there have been three cases that dealt with the FTC’s ban of noncompete agreements including Judge Brown’s case. One of the cases, taking place in a Florida district court sided with Judge Brown’s ruling while the other one, taking place in a Pennsylvania district court supported the FTC rule. Many anticipate that such an inconsistent ruling on the ban will ultimately lead the issue to the Supreme Court to decide.

However, in order to make its way to the Supreme Court, the FTC’s appeal will need to be heard by the Fifth Circuit, a court notorious for its friendliness to businesses. As a result, it seems more than likely that such a Fifth Circuit ruling will not be in favor of the ban. “Most anticipate that the lower court’s ruling will be upheld by the Fifth Circuit but predicting the outcome in the Third and Eleventh circuits, assuming the [Pennsylvania] and [Florida] cases are appealed, is less predictable. This means we still could see the issue presented to the Supreme Court,” said Amanda Sonneborn, a partner in King & Spalding’s global human capital and compliance practice.  

Jacob Horowitz is a contributing editor at Compliance Chief 360°

The post The Battle over the Ban of Noncompetes Continues as FTC Receives Unfavorable Ruling appeared first on Compliance Chief 360.

According to the SEC’s order, in September 2022, an unknown third-party hijacked a pre-existing email chain between what was then American Stock Transfer and a U.S.-based public-issuer client. The hacker, pretending to be an employee at the issuer, then instructed American Stock Transfer to issue millions of new shares of the issuer, liquidate those shares, and send the proceeds to an overseas bank. As a result,  American Stock Transfer followed these instructions and transferred approximately $4.78 million to bank accounts located in Hong Kong, of which American Stock Transfer was able to recover approximately $1 million.

In addition, the SEC found, around April 2023, in an unrelated incident, someone used stolen Social Security numbers of certain American Stock Transfer accountholders to create fake accounts that were automatically linked by American Stock Transfer to real client accounts based solely on the matching Social Security numbers, even though the names and other personal information associated with the fraudulent accounts did not match those of the legitimate accounts. This allowed the thief to liquidate securities held in the legitimate accounts and transfer a total of approximately $1.9 million in proceeds to external bank accounts, of which American Stock Transfer was able to recover approximately $1.6 million.

“American Stock Transfer failed to provide the safeguards necessary to protect its clients’ funds and securities from the types of cyber intrusions that have become a near-constant threat to companies and the markets,” said Monique Winkler, Director of the SEC’s San Francisco Regional Office. “As threat actors become more sophisticated in the cyber space, transfer agents must act to implement and maintain effective safeguards and procedures around client assets.”

In finding that Equiniti failed to assure that: (i) all securities in its custody or possession related to its transfer agent activities were held in safekeeping and were handled in a manner reasonably free from risk of theft, loss or destruction and (ii) all funds in it possession were protected against misuse, the SEC concluded that that the transfer agent violatedSection 17A(d) of the Securities Exchange Act of 1934 and Rule 17Ad-12. In addition to the civil penalty referenced above, Equiniti agreed to a cease-and-desist order and censure.  

The post Equiniti Trust Penalized by SEC for Failing to Protect Client Assets from Cyber Theft appeared first on Compliance Chief 360.

By law, insurance companies must offer plans that cover a minimum required portion of drug costs, with the government and Medicare beneficiaries covering the rest, according to the release. Insurance companies are then required to submit bids in which they report the benefits they propose to cover and confirm the ones that meet Part D’s minimum coverage, the release states.

The lawsuit arose out of allegations made by whistleblower and  former actuary for Humana, Steven Scott. Scott’s complaint claims that the insurance giant inflated its bids to the government on an unsupported basis solely for the purpose of generating profit.

According to Scott, Humana accurately predicted the costs for the Walmart Plan but instead decided to base its bids off of unreasonable assumptions. “Although Humana asserted in court documents that the predictions underlying its bids were merely estimates about future behavior, they worked in Humana’s favor 100% of the time over seven years and for 245 bids,” Edward Arens of Phillips & Cohen, one of Scott’s attorneys, said in a statement. “The odds that a big insurer would ‘miss’ on an important assumption in the same way that many times in a row are too small to measure.”

According to Scott, Humana kept two sets of books for the purpose of valuing its drug plan. One was used to report the actuarial value of the Walmart Plan to CMS and “justify the award of the contract, “while the other was used to set Humana’s own internal operating budget, Scott alleged. Scott’s attorneys stated that Humana’s internal assumptions proved accurate every year while the underlying bids were “wildly off and always in Humana’s favor, benefiting the insurance company by hundreds of millions of dollars.”

Humana’s alleged illegal practice ranged from 2011 to 2017 in which the company reportedly generated $84 million in additional profit. “The Part D program depends on insurance companies paying their minimum share of drug costs. … Humana shirked its responsibility by telling the government that its plan would cover drug costs that Humana did not actually plan to cover. Our complaint detailed how the government and beneficiaries were left with paying tens of millions of dollars more than Congress intended for years, while Humana pocketed the money as ‘savings,’” Claire Sylvia, a whistleblower attorney who filed the case, said in the release.

In a statement, Humana says it “firmly believes that the actuarial assumptions in its prescription drug plan were reasonable and in full compliance with all laws and regulatory requirements, and that the plaintiff’s claims in the case are without merit. After a thorough investigation into the allegations, the US Department of Justice chose not to intervene in the case. While we are confident in our position and expected to prevail at trial, we have decided to enter into a settlement agreement without admitting any wrongdoing to avoid the uncertainty, distraction, inconvenience, and expense of a lengthy jury trial.”  

Jacob Horowitz is a contributing editor at Compliance Chief 360°

The post Humana Settles $90 Million False Claims Act Lawsuit Over Medicare Drug Plan appeared first on Compliance Chief 360.