Good evening from D.C., and welcome to Compliance Hot Spots, our weekly roundup and analysis of regulatory and enforcement trends. Tips, feedback and general thoughts on your practices are always appreciated. I'm your host, C. Ryan Barber. Reach me at [email protected] and 202-828-0315, and follow me on Twitter @cryanbarber.

DOJ's Guidance on the 'Cloud' (Act)

In 2016, the U.S. Justice Department saw its authority to obtain electronic evidence significantly curtailed when a federal appeals court ruled that Microsoft could not be forced to turn over emails stored on a server overseas.

The ruling prompted other companies to refuse similar demands for data kept abroad. And it gave rise to a major privacy case that reached the Supreme Court. But the dispute would eventually be resolved in perhaps an unlikely place: across the street in the U.S. Congress.

The Justice Department had also asked Congress to clarify its authority to demand data stored overseas. In March 2018, within a month of the Supreme Court arguments in the Microsoft case, Congress passed the Cloud Act, making clear that companies subject to U.S. jurisdiction must comply with demands for data regardless of where it is stored. The new law effectively rendered the Microsoft case moot.

A year later, just past the first anniversary of the law's passage, the Justice Department now says there is more clarifying to do. The department released a white paper this month detailing its views of the Cloud Act—and addressed what one top official described as the “misconceptions” that the law amounts to an American data grab. Indeed, the Justice Department is trying to counter that notion—and to foster agreements with foreign partners to facilitate access to electronic evidence.

Speaking recently in London, Deputy Assistant Attorney General Richard Downing (at right) sought to dispel criticism that the Cloud Act expanded the government's reach. In addition to creating a framework for international cooperation to obtain data, the Cloud Act “made explicit in U.S. law the long-held legal principle that a company operating within a country's territory can be compelled to produce stored data within its 'possession, custody, or control,' regardless of where it stores that data.

“Let me pause for a moment on the idea that this is a 'long-held legal principle,'” Downing said. He continued:

“Some critics of the Cloud Act have charged that the statute's clarification of the obligations of providers is somehow novel, or, more ominously, a new incursion on data that would otherwise lie beyond the government's reach. That gets things backwards. Far from introducing a new surveillance power, the Cloud Act codified what had been the longstanding practice in the United States until a single 2016 decision by a court of appeals in a case involving Microsoft.”

In the white paper, released days after Downing's speech, the Justice Department said the Cloud Act “did not expand U.S. investigative authority.” Rather, the Justice Department said the law “merely confirms” what it had previously seen as the requirements of companies subject to U.S. jurisdiction. And nor has the Cloud Act expanded U.S. jurisdiction, the Justice Department said.

William Ridgway, a partner at Skadden, Arps, Slate, Meagher & Flom, said the Justice Department guidance helped address the question of what it takes for a company to be subject to U.S. jurisdiction. Ridgway, a former federal prosecutor in Chicago, pointed to language in the white paper spelling out how an overseas-based company providing services in the United States could be deemed subject to U.S. jurisdiction.

“One question that was not addressed in the CLOUD Act is: What does it take for a company to be subject to the CLOUD Act here in the United States? The Department of Justice confirmed the position we expected it would take—that all companies subject to U.S. jurisdiction, including overseas providers with websites that happen to serve U.S. customers, may find themselves subject to legal process under the CLOUD Act.”

Who Got the Work

>> Three European banks that are part of Italy's UniCredit group have agreed to pay $1.3 billion to resolve charges that they had routed hundreds of millions of dollars involving sanctioned entities in Iran and elsewhere, my colleague Jack Newsham reports. UniCredit SpA, the parent company, was represented by Shearman & Sterling. The German unit UCB AG was represented by Clifford Chance. The Austrian unit is represented by Skadden, Arps, Slate, Meagher & Flom. Clifford Chance's David DiBari, managing partner in Washington, leads the firm's U.S. litigation practice. Assistant U.S. attorneys Gregg Maisel and Michelle Zamarin, along with Margaret Moeser, a senior trial attorney at Main Justice's money laundering and asset recovery section, were assigned the case. Read the criminal information here.

>> Wilmer Cutler Pickering Hale and Dorr had been hired by four banks—Citigroup, Bank of America, Bank of New York Mellon and State Street—to help their CEOs in advance of last week's House Financial Services Committee hearing. Davis Polk & Wardwell worked with Goldman Sachs and Morgan Stanley. [Bloomberg]

>> “The campaign spending reports of U.S. Rep. Mark Walker, R-6th, show a $50,000 payment to a Washington, D.C., law firm that specializes in white-collar defense and congressional investigations.” WilmerHale got that payment. [Winston Salem Journal]

>> “In an exceptionally rare clawback case, The Hertz Corp. has sued its former general counsel, Jeffrey Zimmerman, and two other top executives to recover over $70 million the company says it paid them in incentive pay and a 'golden parachute' severance package, plus over $200 million in legal fees and other costs related to misstating company income,” my colleague Sue Reisinger reports. [Law.com] Here's a link to Hertz's complaint in New Jersey federal district court. Attorneys Herbert Beigel of Tucson and Robert Viducich were on the complaint with Douglas Motzenbecker of Gordon & Rees LLP.

Compliance Headlines: What We're Reading

>> DOJ Lawyer Issued Waiver to Oversee Goldman-1MDB Probe. “Brian Benczkowski, head of the Department of Justice's criminal division, has been issued an ethics waiver that allows him to oversee the US investigation into Goldman Sachs over its role in the 1MDB corruption scandal.” Benczkowski (above) is a former Kirkland & Ellis white-collar partner in Washington. [Financial Times]

>> At 'Megabank' Hearing, Freshman Rep. Katie Porter Takes on Jamie Dimon—And His $31M Salary. Freshman U.S. Rep. Katie Porter, the California Democrat, brought a whiteboard and did some math, as she grilled the JPMorgan chief executive over whether an employee can live on the company's minimum wage. [NLJ]

>> White House Seeks to Blunt Use of Informal Agency Actions. “At issue is the manner in which federal agencies craft restrictions for the industries they oversee, particularly in financial services. Many agency actions are in the form of rules that are subject to public notice and comment before being completed. But some are issued in the form of guidance—a shortcut of sorts that is a generally less-formal way of regulating banks, brokers and asset managers.” [WSJ] Politico has more here.

>> Intel Global Privacy Head Wants More Enforcement Power for FTC. Intel associate general counsel and global privacy officer David Hoffman testified before the Federal Trade Commission saying the organization does not have the resources to adequately enforce any forthcoming data privacy laws, my colleague Dan Clark reports. [Corporate Counsel]

>> Why Are International Law Firms Hiring More Regulatory Lawyers in Hong Kong? ”Global law firms have been actively hiring regulatory and investigations lawyers in Hong Kong during the past 12 months, hoping to capture more work in the government enforcement space. They may be disappointed,” my colleague John Kang reports. [Law.com]

>> How the Role of Corporate Compliance Monitors Can Get Murky. Being under a corporate monitor's microscope can be “pretty invasive and disruptive for a company,” said Sarah Foley, a compliance specialist at Orrick, Herrington & Sutcliffe in New York. “But ultimately these monitorships help affect change when a company is not meeting intended compliance results and expectations,” Foley said. “It's important to look at these corporate monitorships as a tool to make sure ethics and compliance practices work day-to-day for a company's business operations and activities and, perhaps more importantly, are sustainable at its most basic operational level.” [Corporate Counsel]

>> Trump's New Regulations Chief to Oversee Major Rule Rollbacks. Former Sidley Austin associate Paul Ray, now the acting head of OIRA, said he's recused from a “few matters,” but would not discuss them. I do think it's very important to be open to hearing from both sides on any regulatory issue,” he said. [Bloomberg Government]

>> Trump's Regulatory 'Whack-a-Mole.' ”The administration has learned to use delaying tactics to undermine and even repeal federal regulations it doesn't like, even when judges rule against it in court. In effect, the administration has adopted a winning deregulatory strategy that can be summed up as: If you can't beat them, stall them.” Politico]

Notable Moves & Announcements

• Stephen Cutler, former JPMorgan Chase & Co. general counsel and vice chairman, has been appointed to head the government and internal investigations practice at Simpson Thacher & Bartlett, my colleague Meghan Tribes reports.
• Covington & Burling special counsel Ann Bobeck is reportedly joining Fox Corp. as vice president of regulatory affairs. Bobeck focuses on communications and media. She formerly served as general counsel to the National Association of Broadcasters.
• Rebecca Rettig has joined FisherBroyles as a partner in the firm's litigation department and FinTech and Blockchain group. She was formerly at Cravath, Swaine & Moore, where she practiced for more than eight years.

• 

• Nazak Nikakhtar is the Trump nominee for Under Secretary of Commerce for Industry & Security. Nikakhtar (at left), formerly a partner at international trade firm Cassidy Levy Kent, is currently serving as Assistant Secretary of Commerce for industry and analysis. Nikakhtar “will be on the front lines of the administration's fight against China and play a key role in developing new regulations to tighten exports of critical and emerging U.S. technology,” Politico reports.
• Maria Vullo, former head of the New York Department of Financial Services, will serve for three months as the “regulator in residence” at the Fintech Innovation Lab New York.