As global regulations proliferate and stakeholder expectations increase, organizations are exposed to a greater degree of compliance risk than ever, according to an article posted in The Wall Street Journal’s CFO Journal.

Compliance risk is the threat posed to a company’s financial, organizational, or reputational standing resulting from violations of laws, regulations, codes of conduct, or organizational standards of practice, the report explains.

The article includes a list of best practices to use in compliance risk assessment, including: Gather input from a cross-functional team, establish clear risk ownership of specific risks and drive toward better transparency, and solicit external input when appropriate.

Read the article.

At least six banks targeted in Switzerland’s investigation into Libor-rigging are in settlement talks with the country’s competition regulator, according to two people familiar with the negotiations, as the four-year probe moves closer to wrapping up, reports Bloomberg Business.

“Comco, as the Swiss Competition Commission is known locally, is trying to reach a so-called ‘accord amiable’ with the banks as it aims to complete the probe by July, one of the people said. They asked not to be identified because the negotiations are continuing.” the report says.

If a settlement in Switzerland goes through, it could result in the conclusion of nearly all the global investigations into this rate-rigging case.

Read the article.

A trial that was supposed to help settle hundreds of lawsuits stemming from General Motors’ faulty ignition switches abruptly ended Friday, a day after the judge raised questions about the plaintiff’s truthfulness, reports the Associated Press.

The case involved a claim by Robert Scheuer of Oklahoma, who complained that a faulty ignition switch prevented his air bags from inflating during a 2014 car crash.

On Thursday, U.S. District Judge Jesse Furman agreed that evidence submitted by GM revealed that a document supporting Scheuer’s claims appeared to have been doctored and it seems he was more physically functional after his accident than he claimed. By the next morning, General Motors Co. and Scheuer’s lawyers said they wanted to call the trial off, the AP reports.

Read the article.

Houston-based Ahmad, Zavitsanos, Anaipakos, Alavi & Mensing has added nine attorneys.

The nine hires include Masood Anjom, associate; Jack Burleigh, of counsel; Cameron Byrd, associate; Nathan Campbell, associate; Scott W. Clark, of counsel; Hilary S. Greene, associate; Foster C. Johnson, associate; and Doug Salisbury, associate.

AZA is a trial firm working with high-stakes litigation for multinational companies, also representing individuals and mid-sized businesses with serious legal issues. The firm also manages company investigations, helping company boards, in-house counsel, and audit committees identify problems and ensure compliance before litigation ensues.

Read more about the new hires.

A couple of words here or there in a contract can make a huge difference, particularly when those words relate to what happens if there is a breach or some other dispute between the parties, writes Shep Davidson in Burns & Levinson’s blog, The In-House Advisor.

He discusses the case of Family Endowment Partners, L.P. v. Sutow.

That case involved a lawsuit that resulted in a $48 million award to the plaintiffs in a ruling issued by an arbitrator. Part of the award included triple damages. Davidson explains how some simple changes in the contract could have avoided much of the defendant’s loss.

Read the article.

As a part of its complimentary HIPAA education series, Compliancy Group will present a webinar on best practices for preparing for upcoming 2016 HIPAA audits, with lessons and examples from past breaches and fines.

The webinar will be Thursday, Jan. 28, beginning at 2 p.m. Eastern time.

“With 2016 audits looming in the headlines there is no doubt you should be prepared for the long overdue, stricter audits.” the company says on its website. “Past violations will be analyzed: causes of the incidents, gaps, and remediation. Learn from experts about how to stay out of the headlines, avoid penalties and protect your reputation.”

Register for the webinar.

Hogan Lovells announces that Regina (Gina) Rodriguez has joined the Litigation and Arbitration Practice Group as a partner in the firm’s Denver office.

Rodriguez is a trial lawyer with experience across a range of industries as lead trial counsel in complex litigation and tort cases. Rodriguez has extensive experience representing drug and device manufacturers in complex litigation, including product liability, false claims act and commercial matters.

Before moving to private practice, Rodriguez was Chief of the Civil Division of the United States Attorney’s Office for the District of Colorado, and before that served in the Assistant Attorney General’s Office in the United States Department of Justice.

In 2015, Rodriguez was named to the Colorado Diversity Council’s “Most Powerful and Influential Women” list and as a “Top Litigator” by Law Week Colorado. She was named the “Latina Lawyer of the Year” by the Hispanic National Bar Association and was given the Distinguished Alumni Award for Achievement in Private Practice by the University of Colorado School of Law.

“Gina is well known and highly regarded for her skills as a lawyer and as a leader. We are thrilled that she is joining us,” said Cole Finegan, Regional Managing Partner for the Americas and Denver office Managing Partner. “With a proven ability to handle complex and leverage-heavy matters, Gina is an ideal match to bolster our litigation offerings in Denver.”

In addition to her legal practice, Rodriguez is active in the community. She has been involved with the Girl Scouts of Colorado, the Colorado Law Alumni Board, the Denver Ballet Guild, and Latinas First Foundation. Rodriguez also gives her time to a myriad of legal associations, including the International Association of Defense Counsel and the American Board of Trial Advocates, as well as national and local bar associations such as the Colorado Hispanic Bar Association, Hispanic National Bar Association, and Colorado Women’s Bar Association.

“Gina has an impeccable reputation as a trial lawyer and is well-known by the bench and bar in Colorado,” said Dennis Tracey, Head of Litigation for the Americas. “Her practice and experience in the pharmaceutical and medical device industries nicely complement the firm’s core strengths.”

“I am very excited to join the team at Hogan Lovells,” said Rodriguez. “It has a true global scale with deep practices, and it will provide a unique package that I can offer my clients.”

She earned her J.D. from the University of Colorado Law School and her B.S. from the University of Iowa.

By Rob Scott
Scott & Scott

I am a technology attorney representing financial institutions in transactions with service providers. The Gramm-Leach-Bliley (GLB) Act is a federal law that requires financial institutions take steps to ensure the security and confidentiality of customer data. As part of its implementation of the GLB Act, the Federal Trade Commission (FTC) requires financial institutions under its jurisdiction to safeguard customer records and information. This requirement is known as the Safeguards Rule.

The Safeguards Rule applies to organizations that are significantly engaged in providing financial products or services to consumers, including check-cashing businesses, data processors, mortgage brokers, nonbank lenders, personal property or real estate appraisers, and retailers that issue credit cards to consumers.

According to the Safeguards Rule, financial institutions must develop a written information security plan that describes their program to protect customer information. All programs must be appropriate to the financial institution’s size and complexity, the nature and scope of its activities, and the sensitivity of the customer information at issue. Covered financial institutions must among other things, select appropriate service providers and require them (by contract) to implement the safeguards.

From a transactional perspective, the Safeguards rule requires due diligence to insure that all service providers are “appropriate.” Once a service provider has been selected, appropriate contract language must be added in order to be in compliance with the Act.

Pursuant to Section 501(b) of GLBA, financial regulators have published the Interagency Guidelines for Establishing Information Security Standards and have established audit protocols to gauge compliance during routine audits.

Service Provider Definition

Under the regulations, a service provider is any party that is permitted access to a financial institution’s customer information through the provision of services directly to the institution. Examples of service providers include a person or corporation that tests computer systems or processes customers’ transactions on the institution’s behalf, document-shredding firms, transactional Internet banking service providers, and computer network management firms.

Overseeing Service Providers

The Security Guidelines establish specific requirements that apply to a financial institution’s contracts with service providers. An institution must:

• Exercise appropriate due diligence in selecting its service providers;
• Require its service providers by contract to implement appropriate measures designed to meet the objectives of the Security Guidelines; and
• Where indicated by its risk assessment, monitor its service providers to confirm that they have satisfied their obligations under the contract described above.

Sample Language for Monitoring and Oversight

Here is the language I like to use to make sure that the financial institution is in compliance with the requirement to oversee the service provider.

Use of Subcontractors. Vendor may use subcontractors in connection with this agreement provided that Vendor’s use of subcontractors is in compliance with the requirements set forth in 501(b) of GLBA. Upon request Vendor must certify that its vendors and subcontractors are in compliance with GLBA.

Oversight. Upon request, Vendor shall provide BANK with copies of audits, summaries of test results, or equivalent evaluations to confirm that Vendor is in compliance with its obligations under GLBA.

Requiring Service Providers to Implement Appropriate Security Measures

The contract provisions in the Security Guidelines apply to all of a financial institution’s service providers. After exercising due diligence in selecting a company, the institution must enter into and enforce a contract with the company that requires it to implement appropriate measures designed to implement the objectives of the Security Guidelines.

In particular, financial institutions must require their service providers by contract to:

• Implement appropriate measures designed to protect against unauthorized access to or use of customer information maintained by the service provider that could result in substantial harm or inconvenience to any customer; and
• Properly dispose of customer information.

Sample Language for Safeguards Rule

I use this language to make sure that that the service provider is contractually bound to implement appropriate measures.

Compliance With Laws. Vendor represents and warrants that the Services will be performed consistent with all applicable laws, rules and regulations, and that it will promptly re-perform at its expense any Services that fail to meet that standard. Vendor acknowledges that BANK is subject to the GLB Act, Title V, (“GLBA”) and that Vendor is considered a service provider under GLBA. During the term of this agreement, Vendor shall have, adequate administrative, technical, and physical safeguards designed to protect against unauthorized access to or use of customer information maintained by it or its subcontractors or vendors that could result in substantial harm or inconvenience to BANK or any customer, as set forth in GLBA to (i) ensure the security and confidentiality of such BANK Data; (ii) help protect against any anticipated or reasonably likely threats or hazards to the security or integrity of such BANK Data; (iii) help protect against unauthorized access to or use of such BANK Data; and (iv) ensure the proper disposal of BANK Data.

Incident Response Rule

In addition, the Incident Response Guidance requires a service provider to take appropriate actions to address incidents of unauthorized access to the financial institution’s customer information, including notification to the institution as soon as possible following any such incident.

Sample Language for Incident Response

Here is the sample language I like to use to use for the incident response rule.

Incident Response. Vendor will take appropriate actions to address incidents of unauthorized access to BANK’s customer information, including notifying BANK as soon as possible following any such incident.

When representing financial institutions in transactions with service providers, it is critically important to understand the regulatory framework and how it impacts the transaction. I rarely see vendor contracts that comply with these regulations. Failure to comply with the GLBA safeguards rules and contracting requirements with services providers can result in adverse audit findings by regulators and potentially increase liability for privacy and security claims for damages.

The national trial and business law firm Rose•Walker LLP has added attorney Faith Eaton in the firm’s Dallas office.

Eaton’s practice will involve all aspects of commercial litigation, including business litigation, aviation and health care.

“We’re very happy that Faith is joining us,” says firm founder Martin Rose. “She’s the type of person who fits well with our notion of not just representing a client, but helping them solve their problems. And like the rest of us, she’s ready to go to court if that’s what it takes to get the job done.”

A graduate of St. Mary’s University School of Law, Eaton also holds an undergraduate degree in Criminal Justice from the University of Central Oklahoma.

Previously, Eaton worked as a probation officer for the Oklahoma County Juvenile Bureau, where she was responsible for managing a high case load, maintaining regular contact with wards of the juvenile division and their families, and providing progress reports to courts when needed.

During law school, she worked as a legal clerk for a San Antonio law firm and the San Antonio Criminal Defense Lawyers Association.

“This is an exciting opportunity to work with excellent lawyers on behalf of substantial and important clients,” Eaton says.

Rose•Walker LLP is a national trial and business law firm focusing on complex civil litigation and corporate legal matters. The firm has offices in Texas and Colorado.

Board members are now facing lawsuits after large-scale cybersecurity breaches because the security breakdowns are considered a failure to uphold fiduciary duties, reports CIO.com.

Department of Justice guidelines for cybersecurity awareness provide some idea of what should be shared with board members. “The CIO now has a responsibility to communicate the cybersecurity strategy to board members and make them aware of critical risks to help avoid personal liability,” CIO.com says.

“Details of day-to-day activities like software monitoring and firewall setup are important for the IT team and CIO to understand, but that level of granularity is not necessary for the Board. However, at a minimum, the Board should understand how cybersecurity failures can impact the business.”

Read the article.

Former New York City mayor Rudy Giuliani is leaving Houston-based Bracewell Giuliani to join New York-based Greenberg Traurig as global chair of their cybersecurity and crisis management practice.

Bracewell & Giuliani LLP will be known as just Bracewell after Giuliani’s departure, reports the Houston Business Journal.

In a statement, the firm said Giuliani is leaving by amicable agreement, effective Jan. 19. In a separate statement, Greenberg Traurig LLP announced Giuliani has joined its New York office as global chair of the firm’s cybersecurity and crisis management practice and senior adviser.

Read the article.

The U.S. Supreme Court dealt a rare setback Wednesday to companies trying to avoid potentially expensive class-action lawsuits when justices ruled that offers of full compensation to the lead plaintiff in such a case do not automatically end the legal challenge, reports USA Today. The 6-3 decision was written by Justice Ruth Bader Ginsburg.

“An unaccepted settlement offer, like other unaccepted contract offers, creates no lasting right or obligation,” wrote Justice Ruth Bader Ginsburg in the 6-3 opinion. “Once unaccepted, the offer is off the table.”

“The case was among several on the court’s docket this term that could lead to more or fewer class-action lawsuits,” the report says.

Read the article.

Schiff Hardin LLP announces that Domenick Pugliese has joined the firm’s New York office as a partner in the Financial Markets and Products Group. With more than 25 years of experience, Pugliese focuses on the investment management business. He advises investment companies, investment advisers, and independent directors of investment companies. He joins the firm from Paul Hastings LLP, where he was a partner.

A former deputy general counsel for the Alliance Mutual Funds and in-house counsel to the Prudential Mutual Funds, Pugliese has broad experience regarding all aspects of Investment Company Act and Investment Advisers Act regulation. Dom focuses his practice on representing mutual funds and independent trustees and directors of mutual funds, as well as variable annuity trusts. He works with funds and fund boards of all types of investment companies, including mutual funds, closed-end funds, exchange-traded funds, and business development companies.

“With his experience both in-house and in private practice, Dom is a great addition to our firm as we grow our financial markets offerings,” said Marci A. Eisenstein, Schiff Hardin’s Managing Partner. “Clients participating in the U.S. securities and futures markets will value Dom’s insight as they maneuver increasingly complex legal and regulatory challenges.”

Paul E. Dengel, leader of the firm’s Financial Markets and Products Group, said, “Beyond investment management, Dom has invaluable experience in mergers and acquisitions of investment companies, and in fund structuring and creation. His versatile background is a strong addition to our group.”

In addition to his practice, Pugliese is a frequent speaker at industry conferences, particularly those relating to the roles and responsibilities of independent trustees. He also serves on the advisory board of the Investment Company Institute’s Independent Director Counsel Roundtable.

“As the SEC continues to impose new duties and responsibilities on mutual fund independent directors, clients need adept counsel more than ever,” said Pugliese. “My practice is dedicated to advising these clients. By joining Schiff Hardin, I am joining colleagues whose experience both complements and expands my practice.”

He graduated from the George Washington University Law School, earning his J.D. with honors and serving as a member of the George Washington University Law Review. He earned his B.S. from the State University of New York Binghamton.

Legal technology company Everlaw Inc. has closed an $8.1M Series A funding round, led by top venture capital firm Andreessen Horowitz.

This funding comes five years after Everlaw’s launch and will enable the company to accelerate its mission to bring cutting-edge computer science and modern design principles to the legal field, the company said in a release. Everlaw’s eponymous ediscovery software is used by international law firms, corporations, and government agencies to prepare for litigation. The investment underscores the potential both of the company and of the legal technology field.

Legal software has lagged behind other industries. Lawyers have struggled with difficult-to-use tools and relied on antiquated manual approaches. Everlaw’s software changes that: it provides user-friendly, tech-advanced tools to help lawyers work more effectively. This allows legal teams to find evidence and construct the narrative needed to win in court.

2015 was a year of growth for the company:
● Named a “Vendor to Watch” in ediscovery by Gartner
● Powered major General Motors Ignition Switch litigation
● Released 24 new features and feature improvements
● Named a “101 Best Company to Work For” in the San Francisco Bay Area
● Grew team by 33 percent

Andreessen Horowitz, a leading Silicon Valley venture capital firm, has also invested in such companies as Facebook, Twitter, Airbnb, Box, Slack, Optimizely, and Zenefits. Andreessen Horowitz Partner Steven Sinofsky will be joining the Everlaw Board of Directors.

“This investment fuels our vision of a unified litigation platform with advanced artificial intelligence and data visualization, a beautiful user experience, and rich collaboration from discovery to the courtroom,” said Everlaw CEO AJ Shankar.

“At Andreessen Horowitz, we are always incredibly excited to see technology founders taking on the hard work of re-imagining an industry. It is super clear that mobile, machine learning, and cloud delivered via SaaS will revolutionize every vertical, including legal. We love the work that the Everlaw team has done to bring such high-powered efforts to an incredibly important part of the economy,” said Andreessen Horowitz Partner Steven Sinofsky.

The announcement by the Department of Justice Fraud Section that it hired Hui Chen, a lawyer with previous experience as a federal prosecutor and international corporate compliance, as a full-time Foreign Corrupt Practices Act compliance expert shows that compliance should be high on corporate agendas for 2016., writes Sarah C. Baskin in the Corporate Compliance and White Collar Advisor, published by Jackson Lewis.

“The DOJ’s move will likely lead to even greater and closer scrutiny of compliance programs. The first step employers should take in responding to this change is to conduct a prompt and thorough review of their compliance programs, starting with their Code of Conduct, their internal controls, monitoring, hotline, management of investigations and reporting protocols to law enforcement,” Baskin writes.

The article lists the key elements of a good compliance program.

Read the article.

A fired contingent fee attorney can’t enforce a provision in his fee agreement requiring a client to pay the lawyer 20 percent of his eventual recovery if the client changes counsel, a divided Pennsylvania Superior Court declared Jan. 5, reports Bloomberg BNA.

“Enforcing the termination provision would penalize the client for exercising his absolute right to end the attorney-client relationship, Judge Kate Ford Elliott said in the majority opinion. In this situation, Elliott said, lawyers are limited to recapturing the reasonable value of their services, but that award can reflect the extent of the lawyer’s contribution to obtaining the client’s recovery,” the report explains.

“Just as a lawyer may not charge an exorbitant fee or place a ‘no termination’ clause in the contract or assert a vested interest in a client’s claim, a lawyer may not penalize a client for discharging him or her,” Elliott wrote.

Read the article.

Rigzone.com reports that oil and gas chief information officers (CIO) faced with budget cuts in 2016 will implement plans for preserving innovation while making low-cost investments to minimize business operational costs, according to a recent forecast by IDC Energy Insights.

“When oil traded at $100/barrel, oil companies were more focused on expanding their geographic footprint, but the decline in oil prices now has companies focusing instead on reducing costs, either through layoffs or spending cuts. Reducing costs is the top priority behind IT spending, followed by improving efficiency and productivity of processes and boost revenues, Chris Niven, research director for IDC Energy Insights, told Rigzone.”

“Niven said IDC estimates that 25 percent of all oil and gas companies will be using cognitive plus advanced analytics in the oilfield by 2019 to improve performance and production by 10 percent,” wrote Karen Borman.

Read the article.

There are few reasons a court will treat a contract it as if it never existed at all, and those limited reasons center almost exclusively on a widely pervasive misdeed that is difficult to detect, such as resume fraud, writes Jennifer B. Rubin of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo.

“Resume fraud is not, of course, limited to educational credentials,” she adds. “Title and salary inflation abound as well as falsified job experience.  Setting aside the moral discussion, the question is whether fraudulent credentials provide a basis for annulling an employment contract.”

She explains that the key to having a court grant an annulment and permitting the employer to avoid any contractual promises made to the employee based on the fabricated credentials is that the criteria at issue be material to the employer.

Read the article.

Akerman LLP has announced the expansion of the firm’s Consumer Financial Services Practice Group  with two senior lawyers joining from the Consumer Financial Protection Bureau, partners Thomas Kearney and Mary (Molly) Calkins. They join the firm’s Washington, D.C., office, working in federal and state compliance as well as operational support capabilities.

“Tom and Molly bring a tremendous combination of experience in financial rulemaking and enforcement, with a thorough understanding of the compliance challenges resulting from CFPB actions,” said William Heller, chair of Akerman’s Consumer Financial Services Practice Group. “They build upon our team’s extensive experience in the home loan space, adding a deep understanding of evolving federal and state laws governing bank and non-bank consumer debt originators and servicers.”

Kearney joins Akerman from the CFPB’s Office of Regulations where he played a key role in the development and drafting of multiple mortgage originations related rulemakings. He most recently led the team responsible for the final Home Mortgage Disclosure Act rule. Kearney also drafted substantial portions of the CFPB’s Truth in Lending Act — Real Estate Settlement Procedures Act Integrated Disclosure or Know Before You Owe rule and the Ability-to-Repay and Qualified Mortgage rules. He handled outreach, guidance and training on various CFPB efforts under Dodd-Frank, in addition to providing guidance to Congress, federal agencies, and other CFPB offices on legal and regulatory issues arising under HMDA, RESPA and TILA. Prior to the CFPB, Kearney worked for several years as in-house counsel for a provider of mortgage compliance services to national banks, securitizers, non-depository mortgage lenders and other financial services companies.

Calkins joins Akerman from the CFPB’s Division of Supervision, Enforcement & Fair Lending, where she led investigations into a broad array of potential consumer protection violations. Her enforcement matters involved fair lending, auto finance, mortgage lending and servicing, credit cards and bank deposit products, credit reporting, student loans, and debt collection. As a founding member of the Bureau, Calkins also coordinated the CFPB investigations with state attorney generals and other federal regulators such as the Federal Deposit Insurance Corporation, Federal Trade Commission, and Office of the Comptroller of the Currency.

Prior to her work at the CFPB, Calkins was counsel at the FDIC’s Professional Liability & Financial Crimes Section, where she investigated and litigated claims arising from bank failures, reviewed mortgage loan files, analyzed claims for loan putbacks, and ascertained potential liability of bankers as well as third party vendors and service providers. Calkins is an experienced financial services litigator, covering the Equal Credit Opportunity Act, Fair Credit Reporting Act, Fair Debt Collection Practices Act, Real Estate Settlement Procedures Act, Truth in Lending Act, Truth in Savings Act, Unfair, Deceptive or Abusive Acts or Practices and Dodd Frank Act issues.

ContractRoom has published a discussion of the use of predictive agreement in the purchasing or procurement process.

“Past data is used to help improve the procurement and contracting processes so agreement can be reached more quickly and predictably,” the article says.

The process not only ensures less time will be spent in the procurement process and negotiation, but also that a fairer price (and conditions) will be agreed upon, it continues.

Read the article.