Addressing Global Regulatory & Enforcement Actions

The European Securities and Markets Authority (ESMA) on May 10 published final guidelines on outsourcing to cloud service providers (ESMA Guidelines) to help firms and competent authorities identify, address, and monitor the risks and challenges arising from cloud outsourcing arrangements. Subject to a few clarifications, the ESMA Guidelines are broadly consistent with the draft guidelines.

Over the past year and as a result of the COVID-19 pandemic, FDA relied on alternative inspectional tools and approaches, including remote interactive evaluations and record requests, as well as a prioritization scheme, to continue its oversight activities.

The US Internal Revenue Service (IRS) extended its temporary approval of accepting digital signatures on certain IRS forms until December 31, 2021 (see Memorandum NHQ-10-1220-000, the Memorandum). This Memorandum has also extended the policy to include “electronic signatures,” and the list of IRS forms has been expanded to include Code Section 83(b) election statements.

With all of the new regulations on the horizon, we have prepared a suite of checklists to help registered fund managers map out their paths to compliance. In addition to outlines for the Fund of Funds Rule, the Derivatives Rule, the Valuation Rule and ESG Investing, we have also included topical summaries for each item and links to more detailed information prepared by Morgan Lewis about each of these new regulatory requirements.

The EU Commission recently released its proposal to legislate a European Union–wide artificial intelligence (AI) framework. The EU Commission’s intention is that the proposed regulation on AI will provide greater safety and fundamental rights protection, while also supporting innovation and enabling trust without preventing innovation.

In a not-so-unexpected turn of events, the Biden-Harris administration’s Department of Health and Human Services (HHS) and the US Food and Drug Administration (FDA) rescinded a notice issued by the Trump administration’s HHS days before leaving office exempting seven glove types from 510(k) premarket notification and proposing to do the same for 84 other devices ranging from gowns to ventilators.

The Financial Conduct Authority (FCA) has emphasised in recent years that firms should consider nonfinancial misconduct when assessing the fitness and propriety of staff. On 29 March 2021, the FCA published a rare Decision Notice about the proposed ban of a regulated person for nonfinancial misconduct.

The UK Prudential Regulation Authority (PRA) published a policy statement (PS7/21) and a supervisory statement (SS2/21) on clarifying and modernizing regulatory expectations of outsourcing and third-party risk management on March 29. The expectations in PS7/21 and SS2/21 are relevant to banks, PRA-designated investment firms, insurers, and branches of overseas banks and insurers and apply not just to “outsourcing” but also non-outsourcing material or high-risk service arrangements. The expectations apply at a legal entity level rather than at a group level (save for expectations on intragroup arrangements).

The US Supreme Court in Facebook, Inc. v. Duguid unanimously held on April 1 that the Telephone Consumer Protection Act’s definition of an autodialer is limited to systems that have the capacity either to store a telephone number using a random or sequential number generator or to produce a telephone number using a random or sequential number generator, finding in favor of Facebook based on the plain text of the statute.

The education industry, like many others, saw a fundamental shift in 2020 as remote learning challenged some of the long-held traditions of institutions, educators, and related companies. From federal support of reopening in-person classes to changes in college athletics to overall financial challenges, here are some of the trends we could see defining the industry for the rest of 2021.

With the recent passage of the COVID-19 stimulus package, President Joseph R. Biden, his administration, and Congress have turned their attention to long-term economic recovery, deficit reduction, and tax reform. Proposals cover a broad range of tax policy issues, from raising the corporate income tax rate to reforming the current international tax regime. This LawFlash summarizes key elements of some of the tax reform proposals that have recently emerged.

Following Brexit, EU competition law continued to apply in the United Kingdom until 31 December 2020 as part of an agreed Transition Period. In this LawFlash, we summarise how the end of the Transition Period is likely to impact the enforcement of competition law in the United Kingdom going forward, the extent to which UK competition agencies and courts are free to diverge from EU principles and case law, and our initial thoughts on the future landscape of competition law in the United Kingdom.

Partners Carl Valenstein and Celia Soehner authored a Bloomberg Law Insight column about the need for companies to be cautious and exact when they are drafting mandatory or voluntary environmental, social, and governance (ESG) disclosures. In the piece, they outline the US Securities and Exchange Commission’s areas of focus and best practices for developing an ESG program and disclosures.

Morgan Lewis’s 15th annual 2020 Year in Review and a Look Forward provides a comprehensive overview and analysis of key 2020 US Securities and Exchange Commission (SEC) enforcement and examination developments, notable broker-dealer cases, and anticipated enforcement priorities for 2021, including under the potential leadership of SEC chair nominee Gary Gensler.

All dual-regulated and FCA solo-regulated firms are now under the scope of the Senior Managers & Certification Regime (SMCR), with many working hard in recent months to ensure all aspects of the regime are well embedded. As part of these efforts, it is crucial that firms establish an effective framework to prevent but also detect and manage conduct breaches if they do happen, and when it is necessary, report them.

The National Futures Association (NFA) has proposed a new rule that would require registered commodity pool operators (CPOs) that are members of the NFA (CPO Members) to report to the NFA by 5:00 pm Central Time the next business day after the occurrence of a reportable event relating to the inability of a fund operated by the CPO Member to meet a margin call or satisfy redemption requests, or relating to a commodity pool that has halted redemptions or is declared in default by a swap counterparty.

Partner Jon Roellke and associate Frank Ren authored a Practical Guidance article about the proposed Competition and Antitrust Law Enforcement Reform Act (CALERA), which, if passed, will make significant changes to US antitrust laws. The piece details key takeaways from the bill and the obstacles it faces in the Congress.

Laws in the United Kingdom and United States are increasingly taking a more restrictive view on the permitted scope of exclusivity and noncompete clauses.

The development of connected automobiles crystallizes the tensions between intellectual property law and competition law that have existed for years, particularly in the area of standard essential patents (SEPs). These SEPs are essential to standards that set the technical specifications defining requirements for products, production processes, services, or test-methods, and which cannot be designed around. European courts, legislatures, and regulatory bodies have been engaging in an evolving debate, often centered on the issue of what constitutes a “fair, reasonable, and non-discriminatory (FRAND)” license.

As discussed in our earlier LawFlash, the Consolidated Appropriations Act, 2021 (Act) contains certain permissible provisions plan sponsors may adopt to offer employees greater flexibility under a healthcare flexible spending account (HCFSA) and a dependent care flexible spending account (DCFSA). While this flexibility was welcome news for plan sponsors, the Act left some unanswered questions.

The US Department of Justice’s Criminal Division Fraud Section (DOJ) released its annual Year in Review report on February 24, covering 2020. This year’s report highlights DOJ’s sustained aggressive enforcement efforts despite the global pandemic. In 2020 we saw record-setting dollar figures, the ongoing trend of cooperation with foreign authorities, DOJ’s quick ramp-up in prosecuting Paycheck Protection Program fraud, and emphasis on corporate compliance programs—or the lack thereof—as a key factor driving some of the largest resolutions in Fraud Section history.

Virginia has become the second state in the United States to pass a comprehensive data privacy law after the Virginia Consumer Data Protection Act (CDPA) passed both houses of Virginia’s state legislature in February with overwhelming bipartisan support and was promptly signed into law by Virginia Governor Ralph Northam. The CDPA has a number of key similarities to the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), which comes into effect in 2023, and the European Union’s General Data Protection Regulation (GDPR), and it follows a similar framework with proposed data privacy bills pending in other statehouses.

The UK Supreme Court in the Financial Conduct Authority’s business interruption test case has overturned a decade-long standing judgment relating to causation and how the “trends” clauses should be interpreted. The decision overturning Orient-Express constitutes a massive pendulum swing from an insurer-friendly interpretation to a policyholder-favoured approach, which will have far-reaching consequences on the insurance sector generally.

The Biden administration has vowed to invoke the Defense Production Act (DPA) to increase domestic production of essential supplies needed to respond to the COVID-19 pandemic. In this Insight, we address key features of the DPA, guidance for companies that may receive a rated order, financing incentives offered by the DPA, and how we anticipate the Biden administration will use the DPA over the next year.

In one of the last proposed notices from the US Department of Health and Human Services (HHS) under the Trump administration, HHS removed the 510(k) premarket notification requirement for seven types of gloves and proposed the same for 84 other devices ranging from gowns to ventilators.

January was a busy month for the US Food and Drug Administration’s precision medicine efforts, as the agency produced guidance on ASO drugs for patients with debilitating or life-threatening genetic disorders and guidance on manufacturing considerations for certain cellular and gene therapy products during the COVID-19 pandemic.

The German Act on the Further Development of the Restructuring and Insolvency Law (Sanierungs- und Insolvenzrechtsfortentwicklungsgesetz – SanInsFoG) took effect on January 1, 2021, transforming the European Restructuring Directive of June 20, 2019 ((EU) 2019/1023) and introducing a self-administrated restructuring option outside the standard insolvency proceeding.

President Trump’s Executive Order Addressing the Threat from Securities Investments that Finance Communist Chinese Military Companies (EO 13959) prohibits transactions by or on behalf of US persons in publicly traded securities of Chinese companies identified by the US government as “Communist Chinese military companies.” This update discusses significant developments related to EO 13959 since our November 17 LawFlash, including OFAC actions and interpretations, and implications arising from those developments.

January 28 was designated as “health day” for President Joe Biden’s early push of executive orders, with two new executive actions added to a growing list. The Executive Order on Strengthening Medicaid and the Affordable Care Act and Memorandum on Protecting Women’s Health at Home and Abroad were described by President Biden as “restorative” of policies modified by the prior administration.

The US Department of Commerce’s Bureau of Industry and Security (BIS) published an Interim Final Rule on January 15 to implement changes to, and impose new licensing obligations under, the Export Administration Regulations (EAR) relating to the expansion of specific end-use and end-user controls, as well as controls on specific activities of US persons (the Rule).

President Joe Biden issued on January 25 an Executive Order on Ensuring the Future Is Made in All of America by All of America's Workers (EO). This EO leaves in place key portions of the prior administration’s July 15, 2019 EO 13881 (Maximizing Use of American-Made Goods, Products, and Materials) and related implementing regulations, orders a sweeping review of multiple domestic preference rules, including proposing standards for domestic products, and establishes a central Office of Management and Budget (OMB) authority to approve federal agency waiver requests of Made in America requirements.

Under President Joe Biden, pharmaceutical regulation may see increased FDA guidance, new strategies to speed up innovation and regulatory review, and a renewed focus on diseases with unmet needs, among other expectations.

Considering the tight timeline for preparing responses to FDA compliance actions coupled with the agency’s expectation for timely implementation of corrective and preventive actions, the benefit of obtaining feedback through the Q-submission program (also referred to as a “pre-submission”) may be limited.

The Internal Revenue Service (IRS) issued Revenue Procedure 2021-12 on January 14, extending the safe harbors in Revenue Procedures 2020-26 and 2020-34 to September 30, 2021. This LawFlash discusses the portion of Revenue Procedure 2021-12 relating to Revenue Procedure 2020-26. The safe harbors were previously set to expire and would not apply to forbearances and related modifications entered into after December 31, 2020. As the coronavirus (COVID-19) emergency persists, the extension in Revenue Procedure 2021-12 provides welcome relief to the securitization industry, which faced uncertainties over the tax consequences that such an expiration could have on securitization vehicles such as real estate mortgage investment conduits (REMICs) and investment trusts.

The California Department of Financial Protection and Innovation (DFPI) announced in its January 2021 monthly bulletin that it will begin exercising its enhanced powers under the California Consumer Financial Protection Law (CCFPL) that came into effect January 1.

Recently proposed regulations could present significant compliance burdens for the banks and money service businesses that engage in cryptocurrency transactions with unhosted wallets or wallets held in jurisdictions specified by FinCEN. In this LawFlash, we summarize the proposed rule and provide some key takeaways and observations on what appears to be a continuation of the trend of subjecting such transactions to the equivalent requirements found in the traditional banking system.

The European Data Protection Board (EDPB) has finally released its much anticipated guidance following the Schrems II decision in July 2020, which invalidated the "Privacy Shield" system that allowed the transfer of personal data to the United States. EDPB also released draft new Standard Contractual Clauses (SCCs) that allow for data transfers from processors who are exporters as well as new SCCs for controllers who are exporters.

Partner Sandra Moser was quoted in an Anti-Corruption Report article about the most notable trends in anticorruption enforcement from 2020.

Coinciding with the end of the UK-EU Brexit transition period, the United Kingdom has dramatically reduced the scope of DAC 6 reporting obligations in the United Kingdom.

The Criminal Antitrust Anti-Retaliation Act establishes new federal protections for whistleblowers who report violations of antitrust laws. This may impact enforcement efforts and litigation on labor mobility issues, including no-poaching and wage-fixing agreements. Companies can prepare for the new legal standards by updating or enhancing their whistleblower programs and taking a holistic view of their compliance programs to meet new US Department of Justice Antitrust Division standards.

The California attorney general released a fourth set of proposed modifications to the California Consumer Privacy Act regulations; notable regulatory changes include a new opt-out button for websites and an offline notice of the right to opt out.

Partner Matt Miner and BDO partner Paul Peterson sat down with Risk & Compliance to discuss the Foreign Corrupt Practices Act (FCPA), including recent enforcement activity and key trends on how companies should respond if they are subject to an FCPA-related investigation.

President-elect Joseph Biden announced on December 15 that he intends to nominate former Michigan Governor Jennifer Granholm to serve as secretary of energy in his new administration. Ms. Granholm previous served as the attorney general of Michigan and as Michigan’s governor from 2003 to 2011.

From 1 January 2021 the United Kingdom will cease to follow EU rules, bringing significant changes to trademark law in the United Kingdom and European Union that are relevant to all owners of UK and EU trademarks.

Morgan Lewis partner Sandra Moser spoke with the Anti-Corruption Report about Foreign Corrupt Practices Act (FCPA) enforcement efforts in 2020 and the impact of the coronavirus (COVID-19) pandemic. In the article, she discussed two of the largest settlements of the year and what they mean for an ongoing trend.

The US Congress passed S.2258, the Criminal Antitrust Anti-Retaliation Act of 2019, on December 8 and presented the bill to the president on December 11 – almost a year-and-a-half after Senator Chuck Grassley (R-IA) introduced the bill in the Senate.

A federal grand jury in Texas indicted the owner of a therapist staffing company on wage-fixing charges on December 9. Although this is the US Department of Justice’s first criminal wage-fixing prosecution, the indictment underscores that enforcement agencies remain focused on policing these types of anticompetitive agreements that restrict competition in labor markets.

The US Department of Health and Human Services’ Office of Inspector General updated the warranty safe harbor to account for bundled product and service warranties to reflect realities of healthcare product sales, but rejects industry calls for broader protections.

With coronavirus (COVID-19) vaccines on the horizon amid the surging pandemic, critical extensions expand the scope of liability immunity under the PREP Act.

We invite you to join us for a webinar series where we discuss our views on the enforcement priorities expected from the incoming Biden-Harris administration.

Associate Jacob Harper spoke with Modern Healthcare about the need for congressional action as the coronavirus (COVID-19) pandemic continues to increase the use of telehealth services.

The NRC held a public meeting with industry on November 2 to discuss approaches for performing supplier oversight during the coronavirus (COVID-19) pandemic.

The NRC held a public meeting on November 17 to review regulatory relief currently available to medical and other materials licensees, and to identify potential additional relief that the Staff is currently considering.

Powerfully illustrating the efforts of the US Department of Health and Human Services (HHS) to transform the US healthcare system to a value-based model, the Office of the Inspector General (OIG) and the Centers for Medicare & Medicaid Services (CMS) have finalized rules that will alter critical healthcare fraud and abuse regulations to remove or diminish obstacles to value-based enterprises that meaningfully embrace patient care coordination.

Here’s what we know: After the November 3 US election, the Biden-Harris ticket has 290 electoral votes, 20 more than what is needed to win (with one state, Georgia, undecided). Senate Republicans hold a two-seat advantage (50-48) with the two Georgia seats undecided, and House Democrats maintain control with a current advantage of 221-205 (218 is needed to retain the majority) and 9 races undecided.

There was a perception in 2017 when then President-elect Trump took office that white collar enforcement actions under the US Department of Justice (DOJ) might drop dramatically. Many expected the Republican administration to effect policy changes or resourcing decisions that would keep corporations out of the spotlight when it came to major investigations and massive penalties.

The new Executive Order (EO or the Order) bans transactions by US persons in publicly traded securities of companies identified as “Chinese military companies,” and includes a ban on trading in derivatives of those securities and any securities designed to “provide investment exposure” to such securities, thereby capturing Exchange Traded Funds and arguably extending to funds that rely on those companies’ securities in any manner. The EO provides an 11-month wind down for divestiture of covered securities and positions.

MedTech Dive featured comments from Morgan Lewis partner Dennis Gucciardo in an article about the US Department of Health and Human Services directive to the US Food and Drug Administration to review requests for emergency use authorization for COVID-19 laboratory developed tests "in a timely manner.”

Morgan Lewis partner Susan Feigin Harris spoke with Fierce Healthcare about California v. Texas, a recent US Supreme Court case regarding the Affordable Care Act’s (ACA’s) individual mandate and overall constitutionality. In the article, she discussed the oral argument presented by the House.

Morgan Lewis partner Susan Feigin Harris discussed the oral arguments in California v. Texas, which was heard by the US Supreme Court Wednesday, regarding the Affordable Care Act’s (ACA’s) individual mandate and overall constitutionality, with Fierce Healthcare.

A majority of California voters approved the California Privacy Rights Act of 2020 (CPRA) on November 3. The CPRA expands provisions of the California Consumer Privacy Act (CCPA), creates new consumer privacy rights, establishes the California Privacy Protection Agency as California’s privacy regulator, and removes the ability of businesses to fix violations before being penalized for violations. The CPRA becomes effective on January 1, 2023, with enforcement commencing on July 1, 2023. This article summarizes a few notable aspects of the CPRA and highlights practical steps that businesses should take to ensure compliance.

As the dust settles on the 2020 presidential election, autonomous and self-driving vehicles could receive a long-awaited federal regulatory framework under President-elect Joe Biden and Vice President–elect Kamala Harris’s administration.

Under the Federal Insecticide, Fungicide, and Rodenticide Act (FIFRA), all pesticide products (including surface sanitizing products) must be registered with the Environmental Protection Agency (EPA) prior to sale, distribution, or use in the United States.

While an SEC proposal to exempt “finders” from broker-dealer registration requirements is promising, potential hazards remain and interpretive questions may persist.

An August 31 memorandum issued by the Office of Information and Regulatory Affairs (OIRA), an arm of the Office of Management and Budget (OMB) within the Executive Branch, could dramatically change the way agencies handle civil and administrative enforcement proceedings. The memorandum directs covered agencies to provide greater due process to individuals and companies under investigation and reemphasizes the principle that the burden of proof of a violation rests solely with the government. The memorandum was issued to implement the directives contained in Section 6 of Executive Order 13924, Executive Order on Regulatory Relief to Support Economic Recovery (issued May 19, 2020). In relevant part, the executive order directed agency heads to revise agency procedures and practices in light of “the principles of fairness in administrative enforcement and adjudication.”

This White Paper presents a high-level overview of the current cybersecurity legislation in force or proposed at the European Union (EU) level as well as in a selection of EU member states.

Morgan Lewis partner Eleanor Pelta was quoted in a Bloomberg Law article about the visa application backlog caused by the COVID-19 pandemic. In the piece, she discussed the economic ramifications.

Partner Dennis Gucciardo was quoted in a MedTech Dive article about the outlook for the US Food and Drug Administration (FDA) under the Biden administration. Dennis noted that companies can expect an increase in “for cause” FDA inspections. "Under the Trump administration, we didn't really see that kind of activity unless there was a public health threat," he said.

Morgan Lewis partner Christine Lombardo was quoted by Hedge Fund Law Report in an article about the US Securities and Exchange Commission’s (SEC’s) modernized marketing rule. The new single “Marketing Rule” replaces the current Cash Solicitation Rule and Advertising Rule.

Morgan Lewis partner Matt Miner commented on the findings of the US Justice Department’s (DOJ) Criminal Fraud Section’s Year in Review in a Law360 article breaking down the DOJ analysis.

Morgan Lewis partner Giovanna Cinelli noted in a Global Investigations Review article that the flexibility demonstrated by the Justice Department’s National Security Division, the Commerce Departments’ Bureau of Industry and Security, and the State Department’s Directorate of Defense Controls amid the COVID-19 pandemic has allowed companies under investigation more time to respond to demands for information.

Morgan Lewis partner Michele Buenafe spoke with MedCity News about proposed exemptions issued by the US Department of Health and Human Services in the final days of the Trump administration regarding machine-learning-based software.

Partners David Monteiro, Robin Nunn, and Rebecca Hillyer were quoted in a Compliance Week article about consumer protection initiatives, which are expected to be a major area of focus under the incoming Biden administration.

Morgan Lewis senior attorney Brooke McGlinn and associates Pejman Moshfegh and Arjun Ramadevanahalli authored a Pratt’s Energy Law Report article on the growth of microgrid installation in the energy sector.

Morgan Lewis partner Melissa Hill spoke with Law360 for an article about the outlook for Employee Retirement Income Security Act (ERISA) disputes in 2021.

Morgan Lewis partners Daniel Tehrani and Robin Nunn and associate Bryan Woll authored a Law360 Expert Analysis about the potential implications of the Corporate Transparency Act (CTA), found within the National Defense Authorization Act for fiscal year 2021.

Morgan Lewis partners and co-heads of the firm’s privacy and cybersecurity practice Mark Krotoski and Reece Hirsch spoke with Law360 about the major privacy and cybersecurity developments that occurred in 2020. In the article, Reece discussed the California Consumer Privacy Act and Mark outlined the oral arguments in US Supreme Court cases that addressed robocalls.

A LawFlash authored by Morgan Lewis partner Duke McCall and associates Douglas Hastings and Meredith Compton was cited in an AgriPulse article about the US Environmental Protection Agency’s draft guidance regarding implementation of a US Supreme Court decision regulating pollutions in US waterways. The Lawflash details the implications of the guidance.

In this NSI Live podcast addressing the findings and recommendations of the US Congress’s US-China Economic and Security Review Commission Annual Report, partner Giovanna Cinelli, leader of Morgan Lewis’s international trade and national security practice and National Security Institute (NSI) fellow, discussed how the US-China relationship may evolve or stay the same under President-elect Joseph Biden’s administration.

Morgan Lewis partner Mark Krotoski spoke with Law360 about a cybersecurity and privacy case before the US Supreme Court that seeks to resolve a longstanding circuit split about the circumstances under which companies, organizations, and government agencies can enforce access restrictions on information and data under the Computer Fraud and Abuse Act.

Partner Jonathan Snare and associate Alana Genderson spoke with HR Magazine for an article about what employers may expect regarding enforcement by the Occupational Safety and Health Administration (OSHA) under a Biden administration.

Morgan Lewis partners Sandra Moser and Kenneth Polite authored a Law360 article about what a Biden administration will likely mean for white collar enforcement actions under the US Department of Justice (DOJ).

Morgan Lewis partner Sandra Moser spoke with Law360 about a recent Organization for Economic Cooperation and Development (OECD) report on US enforcement of the Foreign Corrupt Practices Act (FCPA).

Partner John McGahren spoke with Law360 for an article about what a Biden administration may mean for environmental policy.

Morgan Lewis partner Reece Hirsch spoke with Bloomberg Law about California Proposition 24, which has been approved by voters in the state.

Partner Reece Hirsch spoke with Law360 about California’s Proposition 24, a ballot measure that, if adopted, would build on the California Consumer Privacy Act (CCPA).