New Jersey Federal Criminal and Regulatory Alert

December 2, 2015

Recent trends in cybercrime, internal investigations and consumer credit discrimination have been the focus of New Jersey prosecutors and federal agencies in New Jersey. In this Alert, we consider prosecutions by the U.S. Attorney’s Office in New Jersey and regulatory actions that are of note to companies that are based in New Jersey or are doing business in the state.

Within this issue of the New Jersey Federal Criminal and Regulatory Alert, we summarize the recent major cybercrime cases being handled by the U.S. Attorney’s Office in New Jersey, which has made prosecuting cybercrime a top priority. We also focus on an important mortgage discrimination action brought by the Consumer Financial Protection Bureau and the Department of Justice’s (“DOJ”) Civil Rights Division against Hudson City Savings Bank, and on the subsequent consent order. Finally, we address the "Yates Memo," which sets forth the DOJ's new national initiative on individual accountability for corporate misconduct and the six key steps that will be used to identify and punish individual wrongdoing within a corporation.

On September 9, 2015, the Department of Justice (“DOJ”) issued a memorandum entitled “Individual Accountability for Corporate Wrongdoing,” otherwise known as the "Yates Memo” because it was authored by Deputy Attorney General Sally Quillan Yates. The Yates Memo outlines the DOJ's objective to hold individuals accountable for corporate misconduct. The memo focuses on six key steps that will be used to identify and punish individual wrongdoing within a corporation: (1) the requirement that corporations must provide to the DOJ all relevant facts relating to the individuals involved in corporate misconduct in order to receive any cooperation credit; (2) DOJ criminal and civil corporate investigations need to focus on individuals from the inception of the investigations; (3) DOJ criminal and civil attorneys handling corporate investigations should frequently communicate; (4) except in extraordinary circumstances, the DOJ will not release individuals from liability when resolving a matter with a corporation; (5) DOJ attorneys should not resolve corporate matters without a plan to resolve related individual cases; and (6) when determining whether or not to bring suit against an individual, DOJ civil attorneys should do so based on factors beyond simply an individual’s ability to pay.

In pursuing this effort, the DOJ will be faced with many challenges due to the complexities of corporate structures. For example, high-level executives are typically not exposed to the day-to-day activities where the misconduct occurs. In addition, it may be difficult to prove that a particular employee possessed the knowledge and criminal intent necessary to establish guilt beyond a reasonable doubt.

This new DOJ initiative poses many challenges for corporations. Although corporations may be eligible for cooperation credit if they provide “all relevant facts about the individuals involved in the corporate misconduct,” the DOJ will not award cooperation credit if it determines that the information provided is not sufficient. If a corporation decides to be completely transparent in an investigation, it could put certain employees at risk of criminal or civil liability, which was not necessarily the case before the Yates Memo was issued. Corporations should be vigilant about protecting themselves by communicating the DOJ’s new policies to senior management, and discussing corporate and individual risks. Corporations should also reevaluate their compliance programs to make sure they are sufficiently robust given the DOJ's new initiatives.

On November 16, 2015, in a speech given at the American Bankers Association and American Bar Association Money Laundering Enforcement Conference in Washington, Deputy Attorney General Yates reiterated the parameters of the DOJ's new corporate policy on individual accountability. Ms. Yates announced that the DOJ is issuing revisions to the United States Attorney’s Manual (“USAM”) to align the manual with the Department’s new policy. As revisions to the USAM do not occur often, this is the DOJ’s way of emphasizing it's new priorities and values. The revisions include updates to the written guidance on corporate criminal cases, and the requirement that if a corporation wants cooperation credit, it must provide all non-privileged information about individual wrongdoing. Although this concept is not necessarily new to the DOJ’s procedures, the consequences of not cooperating are new. Now, full cooperation is required in order for the DOJ to even consider cooperation credit for a company. The DOJ is also confirming that the attorney-client privilege is protected as to legal advice, and corporations will not be obligated to produce protected materials in order to receive cooperation credit. On the other hand, facts are not privileged and will need to be produced, including facts learned through employee interviews during an investigation. Possibly the most notable change to the USAM is a new section on enforcing claims against individuals in corporate matters. Ms. Yates concluded by explaining that it is not the DOJ’s objective to recover the largest amount of money from corporations, but rather, to seek accountability from those individuals within corporations who violate the law.


Cybercrime - U.S. Attorney’s Office Makes Cybercrime a Top Priority
New Jersey U.S. Attorney Paul Fishman has made fighting cybercrime a top priority for his office, by partnering both with federal agencies and with the private sector. According to an August 14, 2015 article in the New Jersey Law Journal (“NJLJ”), starting shortly after Fishman took office in 2009, he began hosting public forums at which members of his office and federal agents spoke openly about cybercrime and began reaching out to the private sector. According to the article, outreach by federal agencies to the private sector “has been crucial because companies have traditionally been skittish about reporting cybersecurity breaches for fear of reputational damage and increased government scrutiny.” Prosecutors from the U.S. Attorney’s Office, including members of the Economic Crimes Unit, have frequently met with and given presentations to corporate executives in an effort to teach them how the government can assist their companies in the event of a data breach. Partnering with other federal law enforcement agencies has enabled the U.S. Attorney’s Office to handle a number of sophisticated, large-scale cybercrime cases.

The Office’s Computer Crimes Unit has substantially increased in size over the past few years, increasing from two prosecutors in 2008 to eight prosecutors by 2013, and they have worked with numerous agents in investigating cybercrimes. The Department of Justice has also encouraged the investigation of cybercrime cases. Put simply, as the NJLJ article notes, federal law enforcement agencies “have all began to realize that cybercrime is a problem that’s not going away.” And as a result of data breaches, the public has been clamoring for more prosecutions.

The U.S. Attorney’s Office in New Jersey is now one of the leaders in the country in cybercrime investigations and prosecutions, as evidenced by the three recent cybercrime prosecutions discussed below. (Subscription Needed to View Full Article)


Cybercrime - Nine Charged in Computer Hacking and Securities Fraud Scheme
On August 11, 2015, nine individuals, many of whom are from the Ukraine, were charged in two indictments, one in Newark and one in Brooklyn, with running an international scheme that involved hacking into the computer systems of three business newswires, and then stealing not yet published press releases containing confidential non-public financial information about companies whose securities were traded on the NASDAQ and NYSE exchanges. The stolen information was then used in trades that allegedly generated about $30 million in illegal profits. The indictments charged that the defendants stole approximately 150,000 confidential press releases, and then traded on the information contained in 800 of those press releases before their public release. The SEC filed a parallel civil complaint.

According to the Department of Justice’s press release concerning the indictments, this is “the largest scheme of its kind ever prosecuted.”

Cybercrime - Two Russian Men Plead Guilty in International Hacking and Data Breach Scheme
On September 16, 2015, two Russian men pled guilty to conspiracy to commit wire fraud in what federal prosecutors are calling one of the largest computer hacking and data breaches ever to have occurred in the United States. The men were arrested in June 2015 while vacationing in the Netherlands, and were then extradited to the U.S. Both men face up to 30 years in prison, and will be sentenced in January 2016. The two men are among a group of five individuals charged with penetrating the computer networks of some of the world’s largest corporations, along with America’s largest electronic stock market, over a seven-year period. During the scheme at least 160 million credit and debit card numbers were stolen and later resold on internet black markets. Three of the 17 companies involved lost in excess of $300 million. The remaining three men charged, two Russians and a Ukrainian, have not yet been apprehended. The case resulted from an investigation of hacker Albert Gonzalez, 34, a college dropout who became a federal informant after being caught in a separate cybercrime case.

Cybercrime - Operator of International Hacking Scheme Extradited from Italy to Face Computer Hacking Charges in New Jersey
Sergey Vovnenko, a Ukrainian citizen, has been accused of participating in an international hacking conspiracy, and has been charged with one count of wire fraud conspiracy, one count of unauthorized computer access, and four counts of aggravated identity theft. Vovnenko and his co-conspirators are alleged to have hacked into the computer networks of both individuals and corporations located in the United States and internationally to steal log-in credentials and credit card data. They then used the information obtained to illegally access and withdraw money from bank accounts and to incur unauthorized charges. Vovnenko pled not guilty at his arraignment in New Jersey federal court on October 19, 2015. A jury trial is scheduled for November 7, 2016. Vovnenko was arrested in Italy in June 2014, contested his extradition, and it took over 15 months before he was finally extradited to the U.S.

Internal Investigations - Attorneys for Bridgegate Defendants Subpoena Gibson Dunn Notes
Attorneys for defendants William E. Baroni, Jr. and Bridget Anne Kelly in the Bridgegate criminal case subpoenaed notes of witness interviews that they claim were taken by attorneys at Gibson Dunn & Crutcher, the law firm hired by Governor Chris Christie’s administration to investigate the scandal. In the motion for a subpoena, Kelly’s attorney alleged that several of the individuals interviewed reported that someone was “feverishly” typing verbatim or near-verbatim notes of everything said during the interview. In a September 21, 2015 brief in opposition to Gibson Dunn’s motion to quash the subpoena for the notes, Baroni and Kelly accused Gibson Dunn of engaging in a “deliberate and systematic” effort to destroy notes of witness interviews taken for the preparation of a report issued by the firm which cleared Governor Christie of any involvement in the 2013 George Washington Bridge lane closures. Baroni and Kelly argued that Gibson Dunn was obligated to attempt to recover any electronic notes from the interviews, even if they had been deleted.

In an October 7, 2015 court filing, Gibson Dunn claimed that it had already complied with the subpoena when it produced its memoranda prepared in connection with 75 witness interviews, and that it has no notes beyond the memoranda.

Baroni and Kelly accused the New Jersey U.S. Attorney’s Office of being “silent” regarding the issuance of the subpoena for the requested materials. The U.S. Attorney’s Office responded to the claims in an October 7, 2015 letter to the court by indicating that it did not object to the subpoena and by denying allegations that it coordinated any investigation with Gibson Dunn. Gibson Dunn’s motion to quash the subpoena is currently pending.

In an October 9, 2015 article in the New Jersey Law Journal, criminal defense attorneys were split on the issue of whether detailed interview notes should be taken and then maintained, even after the final memo of the witness interview has been prepared. (Subscription Needed to View Full Article)

Banking - Mortgage Discrimination
The Consumer Financial Protection Bureau and Department of Justice, Civil Rights Division, jointly filed a complaint in New Jersey federal court on September 24, 2015, against Hudson City Savings Bank, alleging that it violated the Fair Housing Act and the Equal Credit Opportunity Act, which prohibit financial institutions from discriminating on the basis of, among other things, color, race or national origin in their mortgage lending practices. Hudson City is accused of failing to serve the credit needs of majority black and Hispanic neighborhoods throughout its lending area, which includes New Jersey, New York City and surrounding areas, by engaging in a pattern and practice of “redlining”, that is, refusing to issue residential mortgage loans in these areas.

A proposed consent order, subject to court approval, was filed on the same day the complaint was filed. The proposed consent order required payment of $25 million by Hudson City for a loan subsidy program, as well as a requirement that the bank take specific steps to ensure that it improves access to responsible and affordable credit to qualified borrowers in affected neighborhoods. The consent order resolving all of the claims in the complaint was entered on November 4, 2015. U.S. Attorney Fishman stated in a press release that “Hudson City Savings Bank structured its business operations to systematically avoid providing credit services in predominantly minority neighborhoods. There is no room for such behavior in our banking system.”

Securities Fraud - Biotech CEO Charged With Improperly Transferring Company Shares to Family
On February 19, 2015, the SEC filed a complaint in New Jersey federal court against Michael Cohen, CEO and Chairman of the Board of Proteonomix, a biotech company, alleging that he committed multiple violations of the securities laws in a scheme that enabled him to steal more than $600,000 by transferring millions of company shares to corporate entities owned by his family members, and subsequently selling the shares in the open market. A consent judgment was entered on March 6, 2015, against Cohen, barring him from acting as an officer or director of any publicly-traded company, and permanently barring him from participating in any offering of low-priced stocks.

On February, 19, 2015, Cohen pled guilty in New Jersey federal court to related criminal charges for failing to disclose related-party transactions in the company’s SEC filings. Cohen is now seeking to withdraw his guilty plea, claiming that his attorney gave him poor advice, and that prosecutors improperly threatened to pursue his father-in-law if he did not resolve his case.;; (Subscription Needed to View Full Article)

For more information about the issues in this alert, or white collar defense & investigations generally, please contact:

Victor J. Rocco at +1 212 592 1422 or [email protected]