We recently gathered regulatory attorneys from across Reed Smith's global team to provide a high-level rundown of the key regulatory trends and risks to look out for as we move into the final quarter of 2023. If you missed the webinar, you can access the recording on demand.
Please see a short summary of our top takeaways below.
Telehealth fraud and the False Claims Act: Enforcement, legal developments, and compliance
- We expect more DOJ and whistleblower False Claims Act actions with respect to telehealth.
- Congress may amend the False Claims Act to make it easier for plaintiffs to prove their cases.
- Companies can guard against these risks by strengthening telehealth compliance, especially with respect to patient privacy, licensing, and compensation arrangements.
Off-channel messaging risks: Recent SEC, CFTC, and DOJ enforcement actions
- Regulators appear to be continuing their "sweep" of various industries subject to recordkeeping requirements.
- SEC and CFTC language points toward additional investigations; DOJ may adopt similar requirements in practice.
- Ensure that there are robust policies and procedures in place tailored to your business to preserve business-related data.
Cybersecurity risks: NYDFS escalates enforcement actions
- NYDFS Superintendent Adrienne Harris has, for the most part, shifted the New York financial regulator's agenda away from enforcement since she took office two years ago, and has instead focused on streamlining NYDFS' operations, refocusing its priorities, and expanding its licensing and supervisory capabilities. A notable exception, however, has been cybersecurity – an area in which NYDFS has recently escalated its enforcement activity and compliance expectations.
- Recent NYDFS Consent Orders have levied civil monetary penalties on New York licensees for failures to (1) adopt cybersecurity policies and procedures specifically tailored to the entity's operational risks; (2) adequately supervise third-party service providers and independent contractors; (3) fully implement multi-factor authentication; and (4) notify NYDFS about a cybersecurity event in a timely manner (where other government agencies were appropriately notified).
- In fleshing out NYDFS' expectations for cybersecurity compliance, these actions serve to expand both Part 500's consumer protection controls and the New York regulator's ability to interpret them through enforcement.
CBP enforcement of UFLPA reveals extent of supply chain tracing requirements
- By industry, CBP's focus has largely been on electronics; industrial and manufacturing materials; and apparel, footwear, and textiles, which account for almost 80% of all detentions. By country of origin, goods from Vietnam, Malaysia, Thailand, and Mexico are being detained and denied entry, in addition to Chinese-origin goods.
- Showing goods are outside the UFLPA's scope or overcoming the rebuttable presumption requires a significant amount of documentation, including manufacturing affidavits, from each step of the supply chain process. These requirements create an increased burden for foreign suppliers who may be unwilling to provide this information to U.S. importers.
- Importers need to carefully consider the legal and operational risks that come from a potential UFLPA detention. Importers should also assess their supply chain tracing efforts and determine whether they have sufficient documentation to respond to a detention notice from CBP.
New UK offenses: Corporate criminal liability for actions of employees and senior managers
- The introduction of a new "failure to prevent fraud" offense is expected, widening the scope of corporate criminal liability.
- A shift in focus to "senior managers" will broaden the scope of corporate liability from the identification principle to a focus on the role played by an individual.
- The increased scope for liability will require organizations to review their policies and procedures in detail to cover increased risk.
DOJ enforcement of discrimination claims in export control policies illustrates need for reassessment of hiring practices
- On April 19, 2023, the Civil Rights Division of the Department of Justice (DOJ) issued guidance clarifying that when a position requires access to export-controlled information or items, that requirement is not a basis for making an employment decision based on citizenship, immigration status, or national origin. The guidance coincided with a $365,000 settlement with a private employer to resolve claims that it violated the antidiscrimination provisions of the Immigration and Nationality Act (INA) while attempting to comply with U.S. export controls. It was followed by the announcement of a lawsuit against a space company.
- While these legal requirements are not new, the DOJ guidance on enforcement action serves as a reminder that U.S. export controls under the Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR) do not contain employment or hiring requirements and that using those requirements as a basis for making hiring, firing, or recruiting decisions based on workers' citizenship, immigration status, or national origin is illegal.
- Companies should reassess their hiring practices and export compliance programs to ensure they are in compliance with legal requirements.
Brazil's New Public Procurement Law requires implementation of compliance programs
- Companies with a robust compliance program will have a competitive advantage (tiebreakers).
- A robust compliance program is required for participants in large projects (over $40 million).
- Existence of a compliance program can mitigate sanctions.
Understanding your new CBAM investigations and enforcement risks in Europe
- The EU's carbon border adjustment mechanism (CBAM) enters into force on October 1, 2023.
- During the first two years, all importers of steel products, aluminum products, cements, hydrogen, fertilizers, and electricity are required to submit quarterly reports providing detailed information about the greenhouse gases emitted to manufacture the imported products.
- Complying matters: Failure to provide this information will lead to the imposition of fines ranging between €10 and €50 per tonne of emitted carbon, based on punitive default emission values.
Enforcement risks and obligations for the receipt of federal funding
- The Bipartisan Infrastructure Deal provides for once-in-a-generation incentives with $1.3 trillion in federal investments, primarily through federal grants and cooperative agreements.
- Accepting federal assistance funding creates often complex and unfamiliar compliance obligations.
- There is increased scrutiny and enforcement risk for companies opting to take advantage of these lucrative opportunities to do business with the federal government.
Client Alert 2023-208
This article is presented for informational purposes only and is not intended to constitute legal advice.